HP High-End Firewalls Network Management Command Reference Part number: 5998-2657 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
Legal and notice information © Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Interface management commands ······························································································································ 1 General Ethernet interface and subinterface configuration commands ······································································ 1 combo enable ··························································································································································· 1 default ·························
mtu ·········································································································································································· 52 name ······································································································································································· 53 port ·························································································································································
stp tc-protection ···················································································································································· 103 stp tc-protection threshold ··································································································································· 104 stp timer forward-delay ······································································································································· 104 stp timer hel
dhcp server detect ··············································································································································· 141 dhcp server forbidden-ip ···································································································································· 142 dhcp server ip-pool ············································································································································· 143 dhcp server ping
display dhcp relay··············································································································································· 182 display dhcp relay information ·························································································································· 183 display dhcp relay security································································································································· 185 display dhcp relay security
display proxy-arp ················································································································································ 222 local-proxy-arp enable ········································································································································ 223 proxy-arp enable ················································································································································· 224 QoS policy co
rip input ································································································································································ 270 rip metricin ··························································································································································· 271 rip metricout ······················································································································································
opaque-capability enable ··································································································································· 323 ospf ······································································································································································· 324 ospf authentication-mode···································································································································· 325 ospf bfd enab
display bgp routing-table community-list ··········································································································· 369 display bgp routing-table dampened ················································································································ 370 display bgp routing-table dampening parameter ···························································································· 370 display bgp routing-table different-origin-as ··················
reflector cluster-id (BGP view/BGP-VPN instance view) ·················································································· 414 refresh bgp ··························································································································································· 415 reset bgp ······························································································································································ 416 reset bgp dampening ······
is-name map ························································································································································· 467 is-snmp-traps enable ············································································································································ 467 log-peer-change (IS-IS view) ······························································································································· 468 lsp-fragments-e
multicast boundary ·············································································································································· 519 multicast forwarding-table downstream-limit ···································································································· 520 multicast forwarding-table route-limit ················································································································· 520 multicast load-splitting ···············
PIM configuration commands ································································································································· 559 auto-rp enable ······················································································································································ 559 bsm-fragment enable (PIM view)························································································································ 559 bsr-policy (PIM view) ····
register-suppression-timeout (PIM view) ············································································································· 602 register-whole-checksum (PIM view) ·················································································································· 602 reset pim control-message counters ··················································································································· 603 source-lifetime (PIM view) ······················
ipv6 address auto················································································································································ 652 ipv6 address auto link-local ······························································································································· 653 ipv6 address eui-64 ············································································································································ 653 ipv6 address link-lo
sip-server······························································································································································· 688 static-bind prefix ·················································································································································· 688 DHCPv6 relay agent configuration commands ········································································································ 689 display ipv6 dhcp
display ospfv3 interface ····································································································································· 730 display ospfv3 lsdb ············································································································································· 731 display ospfv3 lsdb statistic ································································································································ 734 display ospfv3 next-
display bgp ipv6 routing-table ··························································································································· 783 display bgp ipv6 routing-table as-path-acl ······································································································· 785 display bgp ipv6 routing-table community ······································································································· 786 display bgp ipv6 routing-table community-list ·······
preference ···························································································································································· 826 reflect between-clients ········································································································································· 827 reflector cluster-id················································································································································· 828 refr
display multicast ipv6 rpf-info ···························································································································· 873 multicast ipv6 boundary ····································································································································· 874 multicast ipv6 forwarding-table downstream-limit ···························································································· 876 multicast ipv6 forwarding-table route-limit
pim ipv6 sm ························································································································································· 918 pim ipv6 state-refresh-capable ··························································································································· 919 pim ipv6 timer graft-retry ···································································································································· 919 pim ipv6 timer hell
mld version ··························································································································································· 957 require-router-alert (MLD view) ··························································································································· 958 reset mld group ···················································································································································· 959 reset mld s
client-verify enable ·············································································································································· 993 client-verify weaken ············································································································································· 994 close-mode wait ··················································································································································· 995 display s
Interface management commands General Ethernet interface and subinterface configuration commands combo enable Syntax combo enable { copper | fiber } View Ethernet interface view (combo interface) Default level 2: System level Parameters copper: Activates the copper combo port. fiber: Activates the fiber combo port. Description Use combo enable to activate the copper or fiber combo port. By default, the copper combo port is activated. Combo interfaces are logical interfaces.
View Ethernet interface view, Ethernet subinterface view Default level 2: System level Parameters None Description Use default to restore the default settings for an Ethernet interface or subinterface. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
NOTE: • Each Unicode character takes the space of two regular characters. • To use Unicode characters or symbols in an interface description, install the specific input method editor and log in to the device through remote login software that supports the character type. • When the length of a description string reaches or exceeds the maximum line width on the terminal software, the software starts a new line, possibly breaking a Unicode character into two.
down: Displays information about interfaces in the down state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
display interface gigabitethernet 0/1 | include current state:|bytes GigabitEthernet0/1 current state: DOWN ( Administratively ) Line protocol current state: DOWN Last 300 seconds input rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec Last 300 seconds output rate 0.00 bytes/sec, 0 bits/sec, 0.
Field Description Input Input packets. Output Output packets. # Display operating status information and related statistics of Layer 3 Ethernet subinterface GigabitEthernet 0/1.1. display interface gigabitethernet 0/1.1 GigabitEthernet0/1.1 current state: UP Line protocol current state: UP Description: GigabitEthernet0/1.
Field Description Output queue : (Urgent queue : Size/Length/Discards) Packet statistics for the following output queues: • Urgent queues • Protocol queues • FIFO queues Output queue : (Protocol queue : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Time when the reset counts interface command was last used to clear statistics on the subinterface. Last clearing of counters If the command was never used since the device was started, this field displays Never.
0 CRC, 0 frame, 0 overruns, 0 aborts 0 ignored, - parity errors Output (total): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output (normal): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, 0 underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, 0 no carrier Table 3 Command output Field Description GigabitEthernet0/1 current state Physical state of the Ethernet interface.
Field Last 300 seconds input: 0 packets/sec 0 bytes/sec -% Last 300 seconds output: 0 packets/sec 0 bytes/sec -% Input (total): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Input (normal): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, - pauses Description Average rate of input and output traffic in the last 300 seconds, in pps and Bps. Inbound traffic statistics (in packets and bytes) for the interface.
Field Description Total number of illegal inbound packets: • Fragment frames—CRC error frames shorter than 64 bytes. The length can be an integral or non-integral value. • Jabber frames—CRC error frames greater than the maximum frame aborts length supported on the Ethernet interface (with an integral or non-integral length). For an Ethernet interface that does not permit jumbo frames, jabber frames refer to CRC error frames greater than 1518 bytes (without VLAN tags) or 1522 bytes (with VLAN tags).
NOTE: If an output field is not available, a hyphen (-) is displayed. Table 4 Command output Field Description UP The interface is physically up. DOWN The interface is physically down because no physical connection exists (possibly reason: the network cable is disconnected or faulty). DOWN ( Administratively ) The interface is physically down because it was shut down with the shutdown command. To restore its physical state, use the undo shutdown command.
Table 5 Command output Field Description State of the Ethernet subinterface: GigabitEthernet0/1.1 current state • DOWN—The Ethernet subinterface is physically down (possibly because no physical link is present or the link has failed). • UP—The Ethernet subinterface is physically up. IP Packet Frame Type Frame type of the Ethernet subinterface. Broadcast MAX-ratio Broadcast storm suppression ratio. Unicast MAX-ratio Unknown unicast storm suppression ratio.
GE0/8 DOWN auto A A 6 GE0/9 DOWN auto A A 6 GE0/10 DOWN auto A A 7 GE0/11 DOWN auto A A 7 # Filter the brief interface information to display the line starting with the (s) string and all subsequent lines.
GE0/4 DOWN Not connected GE0/5 DOWN Not connected GE0/6 DOWN Not connected GE0/7 DOWN Not connected GE0/8 DOWN Not connected GE0/9 DOWN Not connected GE0/10 DOWN Not connected GE0/11 DOWN Not connected Table 6 Command output Field Description The brief information of interface(s) under route mode: The command displays brief information about Layer 3 interfaces. Link: ADM administratively down; Stby - standby ADM—The interface has been shut down by the network administrator.
Field Description Duplex mode of the interface: Duplex • • • • • A—Auto-negotiation F—Full duplex F(a)—Auto-negotiated full duplex H—Half duplex H(a)—Auto-negotiated half duplex Link type of the interface: Type • A—Access • H—Hybrid • T—Trunk PVID Port VLAN ID. Cause Causes for the physical state of an interface to be DOWN. For more information, see Table 7.
Parameters auto: Sets the interface to operate in auto-negotiation mode. full: Sets the interface to operate in full duplex mode. half: Sets the interface to operate in half-duplex mode. This keyword is not available for fiber combo ports. Description Use duplex to set the duplex mode for an Ethernet interface. Use undo duplex to restore the default duplex mode of the Ethernet interface. By default, Ethernet interfaces operate in auto-negotiation mode. Related commands: speed.
Examples # Enable TxRx mode generic flow control on the interface GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] flow-control interface Syntax interface interface-type { interface-number | interface-number.subnumber } View System view Default level 2: System level Parameters interface-type: Specifies an interface type. interface-number: Specifies an interface number. interface-number.
loopback Syntax loopback { external | internal } undo loopback View Ethernet interface view Default level 2: System level Parameters external: Enables external loopback testing to test all on-chip functions related to Ethernet interfaces. internal: Enables internal loopback testing to test the hardware of Ethernet interfaces. Description Use loopback to enable loopback testing on an Ethernet interface. Use undo loopback to disable loopback testing on an Ethernet interface.
Parameters bridge: Specifies the Layer 2 mode. route: Specifies the Layer 3 mode. Description Use port link-mode to change the link mode of an Ethernet interface. Use undo port link-mode to restore the default.
Default level 2: System level Parameters bridge: Specifies the Layer 2 mode. route: Specifies the Layer 3 mode. interface-list: Specifies an Ethernet interface list, in the format of interface-type interface-number [ to interface-type interface-number ] &<1-10>, where &<1-10> indicates that you can specify up to 10 interfaces or interface ranges. Description Use port link-mode interface-list to change the link mode of Ethernet interfaces.
interface-number: Specifies an interface number. interface-number.subnumber: Specifies a subinterface number, where interface-number is an interface number; subnumber is the number of a subinterface created under the interface. The subnumber argument ranges from 1 to 4094. Description Use reset counters interface to clear the Ethernet interface or subinterface statistics. Before collecting traffic statistics for a specific period of time on an interface, clear the old statistics first.
# Shut down and then bring up GigabitEthernet 0/1.1. system-view [Sysname] interface gigabitethernet 0/1.1 [Sysname-GigabitEthernet0/1.1] shutdown [Sysname-GigabitEthernet0/1.1] undo shutdown speed Syntax speed { 10 | 100 | 1000 | auto } undo speed View Ethernet interface view Default level 2: System level Parameters 10: Sets the interface speed to 10 Mbps. 100: Sets the interface speed to 100 Mbps. 1000: Sets the interface speed to 1,000 Mbps.
View Ethernet interface view Default level 2: System level Parameters None Description Use sub-interface rate-statistic to enable rate statistics collection for the subinterfaces of an Ethernet interface. Use undo sub-interface rate-statistic to disable rate statistics collection for the subinterfaces of an Ethernet interface. By default, the system does not collect rate statistics for Ethernet subinterfaces.
Parameters ratio: Sets the broadcast suppression threshold as a percentage of the transmission capability of an Ethernet interface, ranging from 1 to 100. The smaller the percentage, the less broadcast traffic is allowed to pass through. Description Use broadcast-suppression to set the broadcast suppression threshold on an Ethernet interface or subinterface. Use undo broadcast-suppression to restore the default. By default, Ethernet interfaces do not suppress broadcast traffic.
Configuration of this command in Ethernet interface view applies only to the Ethernet interface. The following matrix shows the command and firewall compatibility: Command F1000-A-EI/S-EI F1000-E F5000 Firewall module jumboframe enable No Yes No Yes Examples # Enable jumbo frames to pass through GigabitEthernet 0/1.
multicast-suppression Syntax multicast-suppression ratio undo multicast-suppression View Layer 2 Ethernet interface view, Layer 2 Ethernet subinterface view Default level 2: System level Parameters ratio: Sets the multicast suppression threshold as a percentage of the transmission capability of an Ethernet interface, ranging from 1 to 100. The smaller the percentage, the less multicast traffic is allowed to pass through.
Parameters ratio: Sets the unknown unicast suppression threshold as a percentage of the transmission capability of the Ethernet interface, ranging from 1 to 100. The smaller the percentage, the less unknown unicast traffic is allowed through. Description Use unicast-suppression to set the unknown unicast suppression threshold on an Ethernet interface or subinterface. Use undo unicast-suppression to restore the default. By default, Ethernet interfaces do not suppress unknown unicast traffic.
• the MTU of an Ethernet interface or subinterface is 1500 bytes. • The MTU value of the 10GE interface on the interface module of the box type firewall is in the range of 46 to 1560 bytes. • The 10 GE interface on the inline card of the firewall module supports jumbo frame, and the MTU value of the interface is in the range of 46 to 9216 bytes. NOTE: As the size of MTU decreases, the number of fragments grows.
Loopback and null interface configuration commands default Syntax default View Loopback interface view, null interface view Default level 2: System level Parameters None Description Use default to restore the default settings for the loopback or null interface. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
Parameters text: Description of the interface, a string of 1 to 80 characters, which supports spaces, characters and symbols found in standard English (such as numbers and case-sensitive letters), special English, and other characters or symbols that conform to the Unicode standard. NOTE: • An interface description can be a mixture of English characters and other Unicode characters. The mixed description cannot exceed the specified length.
down: Displays information about interfaces in the DOWN state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Table 8 Command output Field Description current state Physical state (up or administratively down) of the interface Line protocol current state State of the data link layer protocol: up (spoofing). Spoofing refers to the spoofing attribute of the interface. When the network layer protocol state of the interface is displayed as up, the corresponding link may not exist, or the corresponding link is non-permanent and established on demand.
Field Description Physical link state of the interface: Link • UP—The link is up. • ADM—The link has been administratively shut down. To recover its physical state, perform the undo shutdown command. Protocol Protocol connection state of the interface, which can be UP, DOWN, or UP(s). Main IP Main IP address of the interface Description Description of the interface Cause Cause of a DOWN physical link. If the port has been shut down with the shutdown command, this field displays Administratively.
• If you do not specify the null keyword, this command displays information about all interfaces on the firewall. • If you specify the null keyword, this command displays information about interface Null 0 with or without the 0 keyword, because the firewall supports only one interface Null 0. Related commands: interface null. Examples # Display detailed information about null interface Null 0.
Examples # Create interface loopback 5. system-view [Sysname] interface loopback 5 [Sysname-LoopBack5] interface null Syntax interface null 0 View System view Default level 2: System level Parameters 0: Specifies interface Null 0. The null interface number is fixed to 0. Description Use interface null to enter null interface view. The firewall has only one null interface, interface Null 0. Interface Null 0 is always up. You cannot remove or shut it down.
Before collecting traffic statistics within a specific period of time on a loopback interface, clear the existing statistics. • If you do not specify the loopback keyword, this command clears the statistics on all interfaces in the system. • If you specify the loopback keyword without the interface-number argument, this command clears the statistics on all loopback interfaces. Examples # Clear statistics on loopback interface Loopback 5.
Parameters None Description Use shutdown to shut down the current loopback interface. Use undo shutdown to bring up the current loopback interface. By default, a loopback interface is up. Examples # Shut down loopback interface loopback 1.
IPv4 addressing configuration commands display ip interface Syntax display ip interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 9 Command output Field Description Current physical state of the interface • Administrative DOWN—The interface is shut down with the shutdown current state command.
Field Description TTL invalid packet number Number of TTL-invalid packets received on the interface (the statistics start at the device startup) ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Total number of ICMP packets received on the interface (the statistics start at the
Description Use display ip interface brief to display brief IP configuration information for a specific Layer 3 interface or all Layer 3 interfaces. Without the interface type and interface number specified, the brief IP configuration information for all Layer 3 interfaces is displayed. With only the interface type specified, the brief IP configuration information for all Layer 3 interfaces of the specified type is displayed.
undo ip address [ ip-address { mask-length | mask } [ sub ] ] View Interface view Default level 2: System level Parameters ip-address: IP address of interface, in dotted decimal notation. mask-length: Subnet mask length, the number of consecutive ones in the mask. mask: Subnet mask in dotted decimal notation. sub: Secondary IP address for the interface. Description Use ip address to assign an IP address and mask to the interface. Use undo ip address to remove all IP addresses from the interface.
Default level 2: System level Parameters interface interface-type interface-number: Specifies an interface from which the current interface can borrow an IP address. Description Use ip address unnumbered to configure the current interface as IP unnumbered to borrow an IP address from another interface. Use undo ip address unnumbered to disable IP unnumbered on the interface. By default, the interface does not borrow IP addresses from other interfaces.
VLAN configuration commands default Syntax default View VLAN interface view Default level 2: System level Parameters None Description Use default to restore the default settings for a VLAN interface. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
Parameters text: Specifies a description for a VLAN or VLAN interface.
View Any view Default level 1: Monitor level Parameters vlan-interface-id: Specifies a VLAN interface number. brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information. down: Displays information about interfaces in the DOWN state and the causes. If you do not specify this keyword, this command displays information about interfaces in all states. |: Filters command output by specifying a regular expression.
Interface Link Protocol Main IP Vlan2 DOWN DOWN Description -- # Display brief information for VLAN interfaces in DOWN state.
Field Description 0 packets input, 0 bytes, 0 drops Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets. 0 packets output, 0 bytes, 0 drops Total number and size (in bytes) of the sent packets of the interface and the number of the dropped packets. The brief information of interface(s) under route mode Brief information about Layer 3 interfaces.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display port to display information about the hybrid or trunk ports on the device, including the port names, PVIDs, and allowed VLAN IDs. Examples # Display information about the hybrid ports in the system.
dynamic: Displays the number of dynamic VLANs and the ID for each dynamic VLAN. The dynamic VLANs are generated through GVRP or those distributed by a RADIUS server. reserved: Displays information about the reserved VLANs. Protocol modules determine which VLANs are reserved VLANs according to function implementation, and reserved VLANs serve protocol modules. You cannot do any configuration on reserved VLANs. static: Displays the number of static VLANs and the ID for each static VLAN.
Field Description Description Description of the VLAN. Name Name configured for the VLAN. IP Address Primary IP address of the VLAN interface (available only when an IP address is configured for the VLAN interface). To display secondary IP addresses, use the display interface vlan-interface command in any view or the display this command in VLAN interface view. Subnet Mask Subnet mask of the primary IP address (available only when an IP address is configured for the VLAN interface).
ip address Syntax ip address ip-address { mask | mask-length } [ sub ] undo ip address [ ip-address { mask | mask-length } [ sub ] ] View VLAN interface view Default level 2: System level Parameters ip-address: Specifies an IP address in dotted decimal notation. mask: Specifies a subnet mask in dotted decimal notation. mask-length: Sets the number of consecutive 1s in the subnet mask, ranging from 0 to 32. sub: Indicates the address is a secondary IP address.
View VLAN interface view Default level 2: System level Parameters size: Sets the maximum transmission unit (MTU), ranging from 46 to 1500 bytes. Description Use mtu to set the MTU for a VLAN interface. Use undo mtu to restore the default. By default, the MTU of a VLAN interface is 1500 bytes. Related commands: display interface vlan-interface. Examples # Set the MTU to 1492 bytes for VLAN-interface 1.
names of the issued VLANs to the switch. You can use VLAN names, rather than VLAN IDs, to distinguish a large number of VLANs. Examples # Configure the name of VLAN 2 as Test VLAN.
undo port access vlan View Ethernet interface view, Ethernet subinterface view, Layer 2 aggregate interface view Default level 2: System level Parameters vlan-id: Specifies a VLAN ID, ranging from 1 to 4094. Make sure that the VLAN specified by the VLAN ID already exists. Description Use port access vlan to assign the access ports to the specified VLAN. Use undo port access vlan to restore the default. By default, all access ports belong to VLAN 1.
Default level 2: System level Parameters vlan-id: Specifies a VLAN ID, ranging from 1 to 4094. Description Use port hybrid pvid to configure the PVID of the hybrid port. Use undo port hybrid pvid to restore the default. By default, the PVID of a hybrid port is VLAN 1. You can use a nonexistent VLAN as the PVID for a hybrid port. If you remove the PVID of a hybrid port with the undo vlan command, it does not affect the setting of the PVID on the port.
View Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters vlan-id-list: Specifies a list of VLANs that the hybrid ports will be assigned to, in the format of [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where vlan-id ranges from 1 to 4094 and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges. Make sure that the specified VLANs already exist. tagged: Configures the ports to send the packets of the specified VLANs without removing VLAN tags.
The output shows that GigabitEthernet 0/1, GigabitEthernet 0/2, and GigabitEthernet 0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1. port link-type Syntax port link-type { access | hybrid | trunk } undo port link-type View Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters access: Configures the link type of a port as access. hybrid: Configures the link type of a port as hybrid.
port trunk permit vlan Syntax port trunk permit vlan { vlan-id-list | all } undo port trunk permit vlan { vlan-id-list | all } View Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters vlan-id-list: Specifies a list of VLANs that the trunk ports will be assigned to, in the format of [vlan-id1 [ to vlan-id2 ] ]&<1-10>, where vlan-id ranges from 1 to 4094 and &<1-10> indicates that you can specify up to 10 VLAN IDs or VLAN ID ranges.
[Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port link-type trunk [Sysname-Bridge-Aggregation1] port trunk permit vlan 2 Please wait... Done. Configuring GigabitEthernet0/1... Done. Configuring GigabitEthernet0/2... Done. Configuring GigabitEthernet0/3... Done. The output shows that GigabitEthernet 0/1, GigabitEthernet 0/2, and GigabitEthernet 0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] port link-type trunk [Sysname-GigabitEthernet0/1] port trunk pvid vlan 100 # Configure VLAN 100 as the PVID of the trunk Layer 2 aggregate interface Bridge-Aggregation 1.
Parameters None Description Use shutdown to shut down a VLAN interface. Use undo shutdown to bring up a VLAN interface. By default, a VLAN interface is up unless all ports in the VLAN are down. You can use the undo shutdown command to bring up a VLAN interface after you have configured related parameters and protocols for the VLAN interface. You can shut down a failed interface with the shutdown command and then bring it up with the undo shutdown command to see if it recovers.
system-view [Sysname] vlan 2 [Sysname-vlan2] # Create VLAN 4 through VLAN 100. system-view [Sysname] vlan 4 to 100 Please wait............. Done.
MAC address table configuration commands NOTE: • The MAC address table can contain only Layer 2 Ethernet ports and Layer 2 aggregate interfaces. • This document covers only the configuration of unicast MAC address table entries, including static, dynamic, and blackhole MAC address table entries. For more information about configuring static multicast MAC address table entries, see Network Management Configuration Guide.
Description Use display mac-address to display information about the MAC address table. If you execute this command without specifying any parameters, it displays information about all MAC address entries on the device, including unicast MAC address entries and static multicast MAC address entries. If you execute this command using only the vlan keyword or the count keyword, or only these two keywords, it displays information about unicast MAC address entries and static multicast MAC address entries.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Related commands: display mac-address. Examples # Add a static entry for MAC address 000f-e201-0101 on port GigabitEthernet 0/1 that belongs to VLAN 2. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mac-address static 000f-e201-0101 vlan 2 # Add a static entry for MAC address 000f-e201-0102 on port Bridge-Aggregation 1 that belongs to VLAN 1.
Description Use mac-address to add or modify a MAC address entry. Use undo mac-address to remove one or all MAC address entries. A static or blackhole MAC address entry will not be overwritten by a dynamic MAC address entry. A dynamic MAC address entry can be overwritten by a static or blackhole MAC address entry. If you execute the undo mac-address command without specifying any parameters, this command deletes all unicast MAC address entries and static multicast MAC address entries.
Examples # Set the aging timer for dynamic MAC address entries to 500 seconds.
MSTP configuration commands active region-configuration Syntax active region-configuration View MST region view Default level 2: System level Parameters None Description Use active region-configuration to activate your MST region configuration. When you configure MST region–related parameters, MSTP launches a new spanning tree calculation process that may cause network topology instability. This is most likely to occur when you configure the VLAN-to-instance mapping table.
Parameters None Description Use check region-configuration to display MST region pre-configuration information, including the region name, revision level, and VLAN-to-instance mapping settings. Two or more spanning tree devices belong to the same MST region only if they are configured with the same format selector (0 by default, not configurable), MST region name, MST region revision level, and the same VLAN-to-instance mapping entries in the MST region, and if they are connected via a physical link.
Default level 1: Monitor level Parameters instance instance-id: Displays the status and statistics of a specific MSTI. The value of instance-id ranges from 0 to 15, where 0 represents the common internal spanning tree (CIST).
• • • { Max age { Forward delay { Maximum hops { Common root bridge of the CIST { External path cost from the device to the CIST common root { Regional root { Internal path cost from the device to the regional root { CIST root port of the device { Status of the BPDU guard function (enabled or disabled) CIST port parameters: { Port status { Role { Priority { Path cost { Designated bridge { Designated port { Edge port/non-edge port { Connecting to a point-to-point link or n
{ Designated bridge { Designated port { Remaining hops { Status of rapid state transition (enabled or disabled) for designated ports The statistics in STP/RSTP/MSTP mode include the following items: • The number of TCN BPDUs, configuration BPDUs, RST BPDUs, and MST BPDUs sent from each port • The number of TCN BPDUs, configuration BPDUs, RST BPDUs, MST BPDUs, and wrong BPDUs received on each port • The number of BPDUs discarded on each port Related commands: reset stp.
display stp -------[CIST Global Info][Mode MSTP]------CIST Bridge :32768.000f-e200-2200 Bridge Times :Hello 2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root/ERPC :0.00e0-fc0e-6554 / 200200 CIST RegRoot/IRPC :32768.000f-e200-2200 / 0 CIST RootPortId :128.
MAC address :000f-e200-8048 Max age(s) :20 Forward delay(s) :15 Hello time(s) :2 Max hops :20 Table 17 display stp command output description Field Description CIST Bridge CIST bridge ID, which comprises the device's priority in the CIST and its MAC address. For example, in output "32768.000f-e200-2200", the value preceding the dot is the device's priority in the CIST, and the value following the dot is the device's MAC address.
Field Description The port is connected to a point-to-point link or not. Point-to-point • Config—Configured value. • Active—Actual value. Transmit Limit The maximum number of packets sent within each hello time. Protection type on the port: Protection Type • • • • Root—Root guard. Loop—Loop guard. BPDU—BPDU guard. None—No protection. Format of the MST BPDUs that the port can send, which can be legacy or 802.1s. MST BPDU Format Port ConfigDigest-Snooping • Config—Configured value.
display stp abnormal-port Syntax display stp abnormal-port [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
View Any view Default level 1: Monitor level Parameters interface interface-type interface-number: Displays the BPDU statistics on a specified port, where interface-type interface-number indicates the port type and number. instance instance-id: Displays the BPDU statistics of a specified MSTI on a specified port. The value of instance-id ranges from 0 to 15, where 0 represents the CIST. |: Filters command output by specifying a regular expression.
TCA sent 0 TCA received 2 Config sent 0 Config received 0 RST sent 0 RST received 0 MST sent 4 10:33:11 01/13/2010 MST received 151 10:37:43 01/13/2010 Count Last Updated 10:33:12 01/13/2010 Instance 0: Type --------------------------- ---------- ----------------Timeout BPDUs 0 MAX-hoped BPDUs 0 TC detected 1 10:32:40 01/13/2010 TC sent 3 10:33:11 01/13/2010 TC received 0 Instance 1: Type Count Last Updated --------------------------- ---------- ----------------Timeout
Field Description TCN Sent TCN BPDUs sent. TCN Received TCN BPDUs received. TCA Sent TCA BPDUs sent. TCA Received TCA BPDUs received. Config Sent Configuration BPDUs sent. Config Received Configuration BPDUs received. RST Sent RSTP BPDUs sent. RST Received RSTP BPDUs received. MST Sent MSTP BPDUs sent. MST Received MSTP BPDUs received. Instance Statistical information for a particular MSTI. Timeout BPDUs Expired BPDUs. Max-Hoped BPDUs BPDUs whose maximum hops were exceeded.
display stp down-port Down Port Reason GigabitEthernet0/1 BPDU-Protected GigabitEthernet0/3 Formatfrequency-Protected Table 20 Command output Field Description Down Port Name of a port shut down by the spanning tree protection functions. Reason that the port was shut down: Reason • BPDU-Protected—BPDU guard function. • Formatfrequency-Protected—MSTP BPDU format frequent change protection function.
display stp instance 2 history ------------------- Instance 2 --------------------- Port GigabitEthernet0/1 Role change : ROOT->DESI (Aged) Time : 2009/02/08 00:22:56 Port priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1 Port GigabitEthernet0/2 Role change : ALTER->ROOT Time : 2009/02/08 00:22:56 Port priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.2 Table 21 Command output Field Description Port Port name. Role change Role change of the port.
Examples # In MSTP mode, display effective MST region configuration information. display stp region-configuration Oper Configuration Format selector :0 Region name :hello Revision level :0 Configuration digest :0x5f762d9a46311effb7a488a3267fca9f Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20 Table 22 Command output Field Description Format selector Format selector defined by the spanning tree protocol. The default value is 0 and the selector cannot be configured.
Examples # In MSTP mode, display the root bridge information of all spanning trees. display stp root MSTID 0 Root Bridge ID ExtPathCost IntPathCost Root Port 0.00e0-fc0e-6554 200200 0 GigabitEthernet0/1 Table 23 Command output Field Description ExtPathCost External path cost. The device automatically calculates the default path cost of a port, or alternatively, you can use the stp cost command to configure the path cost of a port. IntPathCost Internal path cost.
Examples # In MSTP mode, display the statistics of TC/TCN BPDUs received and sent by all ports on the card on slot 1 in MSTI 0. display stp instance 0 tc slot 1 -------------- STP slot 1 TC or TCN count ------------MSTID Port Receive Send 0 GigabitEthernet0/1 6 4 0 GigabitEthernet0/2 0 2 Table 24 Command output Field Description Port Port name. Receive Number of TC/TCN BPDUs received on each port. Send Number of TC/TCN BPDUs sent by each port.
Examples # Map VLAN 2 to MSTI 1. system-view [Sysname] stp region-configuration [Sysname-mst-region] instance 1 vlan 2 region-name Syntax region-name name undo region-name View MST region view Default level 2: System level Parameters name: Specifies the MST region name, a string of 1 to 32 characters. Description Use region-name to configure the MST region name. Use undo region-name to restore the default MST region name. By default, the MST region name of a device is its MAC address.
Parameters interface interface-list: Clears the MSTP statistics of the ports specified in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10> indicates that you can specify up to 10 ports or port ranges. Description Use reset stp to clear the MSTP statistics. The MSTP statistics includes the numbers of TCN BPDUs, configuration BPDUs, RST BPDUs and MST BPDUs sent/received through the specified ports.
[Sysname] stp region-configuration [Sysname-mst-region] revision-level 5 stp bpdu-protection Syntax stp bpdu-protection undo stp bpdu-protection View System view Default level 2: System level Parameters None Description Use stp bpdu-protection to enable the BPDU guard function. Use undo stp bpdu-protection to disable the BPDU guard function. By default, the BPDU guard function is disabled. Examples # Enable the BPDU guard function.
An appropriate setting of hello time, forward delay, and max age can speed up network convergence. The values of these timers are related to the network size and you can set the timers by setting the network diameter. With the network diameter set to 7 (the default), the three timers will be set to their defaults. To set the network diameter of an STP/RSTP/MSTP switched network, use this command without specifying any VLAN.
[Sysname-GigabitEthernet0/1] stp compliance dot1s stp config-digest-snooping Syntax stp config-digest-snooping undo stp config-digest-snooping View System view, Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters None Description Use stp config-digest-snooping to enable Digest Snooping. Use undo stp config-digest-snooping to disable Digest Snooping. The feature is disabled by default. Configured in system view, the setting takes effect globally.
Default level 2: System level Parameters instance instance-id: Sets the path cost of the ports in a particular MSTI. The value of instance-id ranges from 0 to 15, where 0 represents the CIST. cost: Specifies the path cost of the port, with an effective range that depends on the path cost calculation standard adopted. • With the IEEE 802.1d-1998 standard selected for path cost calculation, the cost argument ranges from 1 to 65535. • With the IEEE 802.
View Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters enable: Configures the ports as edge ports. disable: Configures the ports as non-edge ports. Description Use stp edged-port enable to configure the ports as edge ports. Use stp edged-port disable to configure the ports as non-edge ports. Use undo stp edged-port to restore the default. By default, all ports are non-edge ports.
Default level 2: System level Parameters None Description Use stp enable to enable the spanning tree feature globally. Use undo stp enable to disable the spanning tree feature. By default, the spanning tree feature is enabled globally and on all ports. Configured in system view, the setting takes effect globally. Configured in Ethernet interface view, the setting takes effect on the interface only. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface.
Description Use stp loop-protection to enable the loop guard function on the ports. Use undo stp loop-protection to restore the default. By default, the loop guard function is disabled. Configured in Ethernet interface view, the setting takes effect on the interface only. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface. Configured on a member port in an aggregation group, the setting takes effect only after the port leaves the aggregation group.
stp mcheck Syntax stp mcheck View System view, Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters None Description Use stp mcheck to perform the mCheck operation globally or on a port. If a port on a device running MSTP or RSTP mode connects to an STP device, this port will automatically transition to the STP-compatible mode. However, it cannot automatically transition back to the original mode when: • The STP device is shut down or removed.
Default level 2: System level Parameters stp: Configures the spanning tree device to work in STP-compatible mode. rstp: Configures the spanning tree device to work in RSTP mode. mstp: Configures the spanning tree device to work in MSTP mode. Description Use stp mode to configure the spanning tree work mode. Use undo stp mode to restore the default. By default, a spanning tree device works in MSTP mode. Related commands: stp mcheck and stp enable.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] stp no-agreement-check stp pathcost-standard Syntax stp pathcost-standard { dot1d-1998 | dot1t | legacy } undo stp pathcost-standard View System view Default level 2: System level Parameters dot1d-1998: Configures the firewall to calculate the default path cost for ports based on IEEE 802.1d-1998. dot1t: Configures the firewall to calculate the default path cost for ports based on IEEE 802.1t.
Parameters auto: Specifies automatic detection of the link type. force-false: Specifies the non-point-to-point link type. force-true: Specifies the point-to-point link type. Description Use stp point-to-point to configure the link type of the ports. Use undo stp point-to-point to restore the default. The default setting is auto and the spanning tree device automatically detects whether a port connects to a point-to-point link.
priority: Specifies a port priority, ranging from 0 to 240 in steps of 16 (as in 0, 16, 32). Description Use stp port priority to set the priority of the ports. Use undo stp port priority to restore the default. By default, the port priority is 128. Configured in Ethernet interface view, the setting takes effect on the interface only. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface.
To set the priority of an MSTP device in a specific MSTI, use this command with the MSTI specified. To set the priority of an MSTP device in the CIST or an STP/RSTP device, use this command without specifying any MSTI. Examples # In MSTP mode, set the device priority to 4096 in MSTI 1.
Default level 2: System level Parameters instance instance-id: Configures the device as the root bridge in a particular MSTI. The value of instance-id ranges from 0 to 15, where 0 represents the CIST. Description Use stp root primary to configure the device as the root bridge. Use undo stp root to restore the default. By default, a device is not a root bridge. To set an MSTP device as the root bridge in a specific MSTI, use this command with the MSTI specified.
Examples # In MSTP mode, specify the firewall as a secondary root bridge in MSTI 1. system-view [Sysname] stp instance 1 root secondary stp root-protection Syntax stp root-protection undo stp root-protection View Ethernet interface view, Layer 2 aggregate interface view Default level 2: System level Parameters None Description Use stp root-protection to enable the root guard function on the ports. Use undo stp root-protection to restore the default.
Default level 2: System level Parameters None Description Use stp tc-protection enable to enable the TC-BPDU attack guard function for the device. Use stp tc-protection disable to disable the TC-BPDU attack guard function for the device. By default, the TC-BPDU attack guard function is enabled. Examples # Disable the TC-BPDU attack guard function for the device.
View System view Default level 2: System level Parameters time: Sets the forward delay in centiseconds, ranging from 400 to 3000 in steps of 100 (as in 400, 500, 600). Description Use stp timer forward-delay to set the forward delay timer of the device. Use undo stp timer forward-delay to restore the default. By default, the forward delay timer is 1500 centiseconds. The forward delay timer determines the time interval of state transition.
By default, the hello time is 200 centiseconds. Hello time is the time interval at which spanning tree devices send configuration BPDUs to maintain spanning tree. If a device fails to receive configuration BPDUs within the set period of time, a new spanning tree calculation process will be triggered due to timeout. HP does not recommend you to set the hello time with this command.
stp timer-factor Syntax stp timer-factor factor undo stp timer-factor View System view Default level 2: System level Parameters factor: Sets the timeout factor, ranging from 1 to 20. Description Use stp timer-factor to set the timeout factor, which decides the timeout time. Timeout time = timeout factor × 3 × hello time. Use undo stp timer-factor to restore the default. By default, the timeout factor is 3.
Parameters limit: Sets the maximum number of BPDUs the ports can send within each hello time, ranging from 1 to 255. Description Use stp transmit-limit to set the maximum transmission rate of the ports, which specifies the maximum number of BPDUs the ports can send within each hello time. Use undo stp transmit-limit to restore the default. By default, the maximum transmission rate of all ports is 10. Each port can send up to 10 BPDUs within each hello time.
VLAN 1 will be mapped to MSTI 1, VLAN 2 to MSTI 2, VLAN 15 to MSTI 15, VLAN 16 to MSTI 1, and so on. Related commands: region-name, revision-level, region-configuration, and active region-configuration. Examples # Map VLANs to MSTIs as per modulo 8.
PPP configuration commands NOTE: The firewall module does not support dialer interfaces. Basic PPP configuration commands ip address ppp-negotiate Syntax ip address ppp-negotiate undo ip address ppp-negotiate View Virtual template (VT) Interface view Default level 2: System level Parameters None Description Use ip address ppp-negotiate to enable IP address negotiation on the local interface, so that the local interface can accept the IP address allocated by the peer end.
Default level 2: System level Parameters pool-number: Number of the address pool, in the range of 0 to 99. low-ip-address: Start address of the address pool. high-ip-address: End IP address of the address pool. An address pool can contain up to 1024 IP addresses. If the end IP address is not specified, the address pool has only one IP address, which is the start IP address. Description Use ip pool to configure an address pool for assigning IP addresses to PPP users.
Examples # Enable PPP encapsulation on Dialer 1. system-view [Sysname] interface Dialer 1 [Sysname-Dialer 1] link-protocol ppp ppp account-statistics enable Syntax ppp account-statistics enable [ acl { acl-number | name acl-name } ] undo ppp account-statistics enable View VT interface view Default level 2: System level Parameters acl: Generates PPP accounting statistics for traffic that matches the configured ACL.
Default level 2: System level Parameters chap: Uses challenge-handshake authentication protocol (CHAP) authentication. ms-chap: Uses Microsoft CHAP (MS-CHAP) authentication. ms-chap-v2: Uses Microsoft CHAP Version 2 (MS-CHAP-V2) authentication. pap: Uses password authentication protocol (PAP) authentication. call-in: Authenticates the call-in users only. domain isp-name: Specifies the domain name for authentication, a string of 1 to 24 characters.
Examples # Configure interface Virtual-Template 10 to authenticate the peer device by using PAP. system-view [Sysname] interface Virtual-Template 10 [Sysname-Virtual-Template10] ppp authentication-mode pap domain system # Configure interface Virtual-Template 10 to authenticate the peer device by using PAP, CHAP, and MS-CHAP.
undo ppp chap user View VT interface view Default level 2: System level Parameters username: Username for CHAP authentication, a case-sensitive string of 1 to 80 characters. The username is sent to the peer device for the local device to be authenticated. Description Use ppp chap user to set the username for CHAP authentication. Use undo ppp chap user to cancel the configuration. By default, the username for CHAP authentication is null.
Examples # Configure VT interface Virtual-Template 10 to ignore next-hop address matching. system-view [Sysname] interface virtual-template 10 [Sysname-Virtual-Template10] ppp ignore match-next-hop ppp ipcp dns Syntax ppp ipcp dns primary-dns-address [ secondary-dns-address ] undo ppp ipcp dns primary-dns-address [ secondary-dns-address ] View VT interface view Default level 2: System level Parameters primary-dns-address: Primary DNS server IP address to be set.
View VT interface view Default level 2: System level Parameters None Description Use ppp ipcp dns admit-any to configure the firewall to accept the DNS server IP addresses assigned by the peer even though it does not request the peer for the DNS server IP addresses. Use undo ppp ipcp dns admit-any to configure the firewall to deny the DNS server IP addresses assigned by the peer if it does not request the peer for the DNS server IP addresses.
You can configure a device to request its peer (especially in cases where a device is connected to the operator's access server through a dial-up link) for the DNS server address during PPP negotiation to enable domain names to be resolved for the device. NOTE: You can check the DNS server IP addresses of a port by displaying the information about the port. Examples # Enable the firewall to request its peer for the DNS server IP address actively through interface Virtual-Template 10.
[Sysname] interface Virtual-Template 10 [Sysname-Virtual-Template10] remote address 10.0.0.1 [Sysname-Virtual-Template10] ppp ipcp remote-address forced ppp pap local-user Syntax ppp pap local-user username password { cipher | simple } password undo ppp pap local-user View VT interface view Default level 2: System level Parameters username: Username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters. cipher: Displays the password in cipher text.
undo ppp timer negotiate View VT interface view Default level 2: System level Parameters seconds: Negotiation timeout time to be set, in the range of 1 to 10 (in seconds). In PPP negotiation, if the local device receives no response from the peer during this period after it sends a packet, the local device sends the last packet again. Description Use ppp timer negotiate to set the PPP negotiation timeout time. Use undo ppp timer negotiate to restore the default.
device, you must configure the ip address ppp-negotiate command on the peer device in addition to configuring the remote address command on the local device. CAUTION: • The IP address assigned to the peer device by the local device is not mandatory on the peer device, or the peer device can still use a locally configured IP address even if the local device assigned one to it. To make the IP address assigned by the local device mandatory, you must configure the ppp ipcp remote-address forced command.
keepalive periods and shuts down the link. To prevent the situation, set the interval for sending keepalive packets relatively longer. Examples # Set the interval for sending keepalive packets to 20 seconds on interface Virtual-Template 10.
description Syntax description text undo description View VT interface view Default level 2: System level Parameters text: Interface description, a case-sensitive string of 1 to 80 characters. Description Use description to set the description for the VT interface. Use undo description to restore the default. By default, a VT interface is described in the form of interface name Interface, for example, Virtual-Template1 Interface.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display interface virtual-template to display information about a VT interface.
Table 25 Command output Field Description Physical state of the interface: • DOWN (Administratively)—The interface was shut down with the current state shutdown command, that is, is administratively down. • DOWN—The interface is administratively up but physically down. • UP—The interface is both administratively and physically up. Line protocol current state Data link layer state (UP or DOWN). Description Description string of the interface. The Maximum Transmit Unit MTU of the interface.
Parameters va-number: VA interface number, ranging from 0 to 65535. dialer dialer-number: Specifies a dialer interface number, which ranges from 0 to 1023. peer peer-address: Specifies the peer IP address of a VA interface, in dotted decimal notation. user user-name: Specifies the username of a user logging in through a VA interface. This argument is a string of 1 to 80 characters. vt vt-number: Specifies a VT number, in the range 0 to 1023. |: Filters command output by specifying a regular expression.
For the output description, see Table 25. interface virtual-template Syntax interface virtual-template number undo interface virtual-template number View System view Default level 2: System level Parameters number: VT interface number, in the range 0 to 1023. Description Use interface virtual-template to create a VT interface and enter its view. If the VT interface already exists, you enter its view directly. Use undo interface virtual-template to remove a VT interface.
Examples # Set the MTU of interface Virtual-Template 10 to 1200 bytes. system-view [Sysname] interface virtual-template 10 [Sysname-Virtual-Template10] mtu 1200 reset counters interface virtual-template Syntax reset counters interface [ virtual-template [ interface-number ] ] View User view Default level 2: System level Parameters interface-number: VT interface number. Description Use reset counters interface virtual-template to clear statistics on VT interfaces.
PPPoE configuration commands NOTE: The firewall module does not support dialer interfaces. PPPoE configuration commands are available on the F1000-A-EI/S-EI, F1000-E firewalls. display pppoe-client session Syntax display pppoe-client session { packet | summary } [ dial-bundle-number number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters packet: Displays the packet statistics on PPPoE sessions. summary: Displays PPPoE session summary.
Table 26 Command output Field Description ID PPPoE session ID Bundle Dialer bundle a PPPoE session belongs to Dialer Dialer interface corresponding to a PPPoE session Intf Ethernet interface where the PPPoE session is present RemMAC Remote MAC address LocMAC Local MAC address State PPPoE session state (PPPoE session state is the PPP protocol state. PPPUP indicates that PPP negotiation is successful.) # Display the packet statistics on PPPoE sessions.
View Ethernet interface view, virtual Ethernet interface view Default level 2: System level Parameters dial-bundle-number number: Specifies the dialer bundle number corresponding to a PPPoE session, in the range of 1 to 255. A dialer bundle number uniquely identifies a PPPoE session, it can also be used as a PPPoE session ID. no-hostuniq: Specifies the client not to carry the Host-Uniq field. By default, the Host-Uniq field is carried. idle-timeout seconds: Specifies the PPPoE session idle time.
NOTE: • The difference between the reset pppoe-client command and the undo pppoe-client command lies in that the former only temporarily terminates a PPPoE session, but the latter permanently removes a PPPoE session. • After you execute the undo pppoe-client command, the PPPoE session identified by the number argument is removed permanently, regardless of the working mode of the PPPoE session. To use the PPPoE session again, you must establish it from scratch.
Layer 2 forwarding configuration commands General Layer 2 forwarding configuration commands display mac-forwarding statistics Syntax display mac-forwarding statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface interface-type interface-number: Displays the statistics about an interface specified by its type and number. |: Filters command output by specifying a regular expression.
Total sent: 666 Filtered:0 STP discarded:0 # Display forwarding statistics about GigabitEthernet 0/10. display mac-forwarding statistics interface GigabitEthernet 0/10 GigabitEthernet 0/10: Input frames:100 Input bytes:23 Output frames:100 Output bytes:23 Filtered:0 Invalid Tag:0 Table 28 Command output Field Description Total received Total number of received Ethernet frames. Filtered Number of frames filtered out by 802.1Q Tagged VLAN inbound filtering rules.
Default level 2: System level Parameters None Description Use reset mac-forwarding statistics to clear all Layer 2 forwarding statistics. Examples # Clear all Layer 2 forwarding statistics. reset mac-forwarding statistics Inline forwarding configuration commands display inline-interfaces Syntax display inline-interfaces [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Table 29 Command output Field Description Total inline-interfaces Total number of inline forwarding entries Inline-interfaces ID Inline forwarding entry ID Type Inline forwarding type, which can be forward, blackhole, and reflect Interface An interface pair or an interface in an inline forwarding entry inline-interfaces Syntax inline-interfaces id [ blackhole | reflect ] undo inline-interfaces id View System view Default level 2: System level Parameters id: ID for an inline forwarding entry, in
Default level 2: System level Parameters id: ID of an existing inline forwarding entry. Description Use port inline-interfaces to assign the interface to the specified inline forwarding entry. Use undo port inline-interfaces to remove the interface from the inline forwarding entry. A forward-type inline forwarding entry must contain two interfaces; otherwise, it does not take effect. If only one interface is assigned, the interface performs general Layer 2 forwarding.
DHCP server configuration commands bims-server Syntax bims-server ip ip-address [ port port-number ] sharekey key undo bims-server View DHCP address pool view Default level 2: System level Parameters ip ip-address: Specifies an IP address for the BIMS server. port port-number: Specifies a port number for the BIMS server in the range of 1 to 65534. sharekey key: Specifies a shared key for the BIMS server, a string of 1 to 16 characters.
Default level 2: System level Parameters bootfile-name: Boot file name, a string of 1 to 63 characters. Description Use bootfile-name to specify a bootfile name in the DHCP address pool for the client. Use undo bootfile-name to remove the specified bootfile name. By default, no bootfile name is specified. If you execute the bootfile-name command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree.
dhcp server apply ip-pool Syntax dhcp server apply ip-pool pool-name undo dhcp server apply ip-pool [ pool-name ] View Interface view Default level 2: System level Parameters pool-name: DHCP address pool name, a case-insensitive string in the range of 1 to 35 characters. Description Use dhcp server apply ip-pool to apply an extended address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration.
same subnet as the primary IP address of the server interface (connecting to the client). If the address pool contains no assignable IP address, the server assigns an IP address from an address pool that resides on the same subnet as the secondary IP addresses of the server interface. If the interface has multiple secondary IP addresses, each address pool is tried in turn for address allocation.
Examples # Enable unauthorized DHCP server detection. system-view [Sysname] dhcp server detect dhcp server forbidden-ip Syntax dhcp server forbidden-ip low-ip-address [ high-ip-address ] undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] View System view Default level 2: System level Parameters low-ip-address: Start IP address of the IP address range to be excluded from dynamic allocation.
dhcp server ip-pool Syntax dhcp server ip-pool pool-name [ extended ] undo dhcp server ip-pool pool-name View System view Default level 2: System level Parameters pool-name: Global address pool name, which is a unique pool identifier, a string of 1 to 35 characters. extended: Specifies the address pool as an extended address pool. If this keyword is not specified, the address pool is a common address pool. Description Use dhcp server ip-pool to create a DHCP address pool and enter its view.
The number defaults to 1. To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client. The DHCP server pings the IP address to be assigned by using ICMP. If the server gets a response within the specified period, the server selects and pings another IP address. If not, the server pings the IP address again until the specified number of ping attempts is reached.
dhcp server relay information enable Syntax dhcp server relay information enable undo dhcp server relay information enable View System view Default level 2: System level Parameters None Description Use dhcp server relay information enable to enable the DHCP server to handle Option 82. Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82. By default, the DHCP server handles Option 82. Examples # Configure the DHCP server to ignore Option 82.
threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. Description Use dhcp server threshold to enable the DHCP server to send trap messages to the network management server when the specified threshold is reached. Use undo dhcp server threshold to restore the default. By default, the DHCP server does not send trap messages to the network management server.
Examples # Display information about all IP address conflicts. display dhcp server conflict all Address Discover time 4.4.4.1 Apr 25 2007 16:57:20 4.4.4.
IP address Client-identifier/ Lease expiration Type Hardware address 4.4.4.6 3030-3066-2e65-3230- Apr 25 2007 17:10:47 Release 302e-3130-3234-2d457468-6572-6e65-74302f31 --- total 1 entry --- Table 31 Command output Field Description IP address Expired IP addresses Client-identifier/Hardware address IDs or MACs of clients whose IP addresses were expired Lease expiration The lease expiration time Type Types of lease expirations. This field is set to Release.
display dhcp server forbidden-ip Syntax display dhcp server forbidden-ip [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Default level 1: Monitor level Parameters all: Displays the binding information of all DHCP address pools. ip ip-address: Displays the binding information of a specified IP address. pool [ pool-name ]: Displays the binding information of a specified address pool. The pool name is a string of 1 to 35 characters. If no pool name is specified, the binding information of all address pools is displayed. |: Filters command output by specifying a regular expression.
Table 33 Command output Field Description Utilization rate of IP addresses in a DHCP address pool, which is the ratio of assigned IP addresses to assignable IP addresses in the DHCP address pool. • When the binding information of all DHCP address pools is displayed, this field displays the total utilization rate of IP addresses in all DHCP address pools.
Description Use display dhcp server statistics to display the statistics of the DHCP server. Related commands: reset dhcp server statistics. Examples # Display the statistics on the DHCP server.
Field Description The number of DHCP replies sent from the DHCP server to DHCP clients. The replies include: BOOTP Reply Bad Messages • • • • DHCPOFFER DHCPACK DHCPNAK BOOTPREPLY The number of Erroneous messages display dhcp server tree Syntax display dhcp server tree { all | pool [ pool-name ] } [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters all: Displays information of all DHCP address pools.
static-bind ip-address 10.10.1.2 mask 255.0.0.0 static-bind mac-address 00e0-00fc-0001 PrevSibling node:0 expired unlimited Extended pool: Pool name: 2 network ip range 1.1.1.0 1.1.1.255 network mask 255.255.255.0 expired 0 0 2 0 Table 35 Command output Field Description Global pool Information of a common address pool Pool name Address pool name network Subnet for address allocation static-bind ip-address 10.10.1.2 mask 255.0.0.
Default level 2: System level Parameters ip-address&<1-8>: DNS server IP address. &<1-8> means you can specify up to eight DNS server addresses separated by spaces. all: Specifies all DNS server addresses to be removed. Description Use dns-list to specify DNS server addresses in a DHCP address pool. Use undo dns-list to remove DNS server addresses from a DHCP address pool. By default, no DNS server address is specified.
expired Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired View DHCP address pool view Default level 2: System level Parameters day day: Specifies the number of days, in the range of 0 to 365. hour hour: Specifies the number of hours, in the range of 0 to 23. minute minute: Specifies the number of minutes, in the range of 0 to 59. second second: Specifies the number of seconds, in the range of 0 to 59.
Default level 2: System level Parameters ip-address&<1-8>: IP addresses to be excluded from dynamic allocation. &<1-8> indicates that you can specify up to eight IP addresses, separated with spaces. all: Excludes all IP addresses from dynamic allocation. Description Use forbidden-ip to exclude IP addresses from dynamic allocation in an extended address pool. Use undo forbidden-ip to cancel specified or all excluded IP addresses.
Use undo gateway-list to remove specified gateway addresses specified for the DHCP client from a DHCP address pool. By default, no gateway address is specified. If you use the gateway-list command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. Examples # Specify the gateway address 10.110.1.99 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] gateway-list 10.110.1.
undo netbios-type View DHCP address pool view Default level 2: System level Parameters b-node: Broadcast node. A b-node client sends the destination name in a broadcast message. The destination returns the name-to-IP mapping to the client after receiving the message. p-node: Peer-to-peer node. A p-node client sends the destination name in a unicast message to the WINS server, and the WINS server returns the mapping to the client. m-node: Mixed node, a combination of a b-node first and p-node second.
mask mask: Specifies the IP address network mask, in dotted decimal format. Description Use network to specify the subnet for dynamic allocation in a DHCP address pool. Use undo network to remove the specified subnet. No subnet is specified by default. You can specify only one subnet for each common address pool. If you use the network command repeatedly, the latest configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. Examples # Specify 192.168.8.
Examples # Specify addresses 10.1.1.1 through 10.1.1.150 on subnet 10.1.1.0/24 for dynamic address allocation in common address pool 1. system-view [Sysname] dhcp server ip-pool 1 [Sysname-dhcp-pool-1] network 10.1.1.0 24 [Sysname-dhcp-pool-1] network ip range 10.1.1.1 10.1.1.150 # Specify addresses 192.168.8.1 through 192.168.8.150 for dynamic address allocation in extended address pool 0. system-view [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] network ip range 192.
option Syntax option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } undo option code View DHCP address pool view Default level 2: System level Parameters code: Self-defined option number, in the range of 2 to 254, excluding 12, 50 to 55, 57 to 61, and 82. ascii ascii-string: Specifies an ASCII string with 1 to 255 characters. hex hex-string&<1-16>: Specifies hex digit strings. &<1-16> indicates that you can specify up to 16 hex digit strings, separated by spaces.
ip ip-address: Clears the conflict statistics of a specified IP address. Description Use reset dhcp server conflict to clear statistics of IP address conflict(s). Related commands: display dhcp server conflict. Examples # Clears the statistics of all IP address conflicts.
Description Use reset dhcp server statistics to clear the statistics of the DHCP server. Related commands: display dhcp server statistics. Examples # Clear the statistics of the DHCP server.
static-bind ip-address Syntax static-bind ip-address ip-address [ mask-length | mask mask ] undo static-bind ip-address View DHCP address pool view Default level 2: System level Parameters ip-address: IP address of a static binding. If no mask and mask length is specified, the natural mask is used. mask-length: Mask length of the IP address, which is the number of 1s in the mask, in the range of 1 to 30. mask mask: Specifies the IP address mask, in dotted decimal format.
View DHCP address pool view Default level 2: System level Parameters mac-address: The MAC address of a static binding, in the format of H-H-H. Description Use static-bind mac-address to statically bind a MAC address to an IP address in a DHCP address pool. Use undo static-bind mac-address to remove the statically bound MAC address. By default, no MAC address is statically bound.
If you perform the tftp-server domain-name command repeatedly, the last configuration overwrites the previous one. Related commands: dhcp server ip-pool and display dhcp server tree. Examples # Specify the TFTP server name as aaa in DHCP address pool 0.
Default level 2: System level Parameters hex-string&<1-255>: A character string, which is used to match against Option 60 (vendor class identifier option). hex-string is a hexadecimal number ranging from 0 to FF. &<1-255> indicates that you can type up to 255 hexadecimal numbers, which are separated by spaces. ip range min-address max-address: Specifies the IP address range for dynamic allocation. min-address is the lowest IP address and max-address is the highest IP address for dynamic allocation.
fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string is a string of 1 to 39 characters, which can be 0 to 9, and asterisk (*). ncp-ip ip-address: Specifies the IP address for the primary network calling processor. voice-vlan vlan-id: Specifies the voice VLAN ID, in the range of 2 to 4094. • disable: Disables the specified voice VLAN ID, meaning DHCP clients do not take this ID as their voice VLAN.
DHCP relay agent configuration commands NOTE: The DHCP relay agent configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces) and Layer 3 aggregate interfaces. dhcp relay address-check enable Syntax dhcp relay address-check enable undo dhcp relay address-check enable View Interface view Default level 2: System level Parameters None Description Use dhcp relay address-check enable to enable address check on the relay agent.
dhcp relay check mac-address Syntax dhcp relay check mac-address undo dhcp relay check mac-address View Interface view Default level 2: System level Parameters None Description Use dhcp relay check mac-address to enable MAC address check on the DHCP relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the DHCP relay agent. By default, this function is disabled.
Use undo dhcp relay client-detect enable to disable offline detection on the DHCP relay agent. By default, this function is disabled. With this function enabled on an interface, the DHCP relay agent removes a client's IP-to-MAC binding entry when it is aged out, and sends a DHCP-RELEASE request to the DHCP server to release the IP address of the client. Examples # Enable offline detection on the DHCP relay agent.
dhcp relay information circuit-id string Syntax dhcp relay information circuit-id string circuit-id undo dhcp relay information circuit-id string View Interface view Default level 2: System level Parameters circuit-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. Description Use dhcp relay information circuit-id string to configure the padding content for the user-defined circuit ID sub-option.
Use undo dhcp relay information enable to disable Option 82 support. By default, Option 82 support is disabled on DHCP relay agent. Related commands: display dhcp relay information. Examples # Enable Option 82 support on the relay agent.
Examples # Specify the verbose padding format for Option 82.
View Interface view Default level 2: System level Parameters remote-id: Padding content for the user-defined remote ID sub-option, a case-sensitive string of 1 to 63 characters. sysname: Specifies the device name as the padding content for the remote ID sub-option. Description Use dhcp relay information remote-id string to configure the padding content for the user-defined remote ID sub-option. Use undo dhcp relay information remote-id string to restore the default.
replace: Specifies to forward messages containing Option 82 after replacing the original Option 82 with the Option 82 padded in the specified padding format. Description Use dhcp relay information strategy to configure DHCP relay agent handling strategy for messages containing Option 82. Use undo dhcp relay information strategy to restore the default handling strategy. The handling strategy for messages containing Option 82 defaults to replace. Related commands: display dhcp relay information.
Default level 2: System level Parameters ip-address: Client IP address for creating a static binding. mac-address: Client MAC address for creating a static binding, in the format H-H-H. interface interface-type interface-number: Specifies a Layer 3 interface connecting to the DHCP client. interface-type interface-number specifies the interface type and interface number. all: Specifies all client entries to be removed. dynamic: Specifies dynamic client entries to be removed.
Description Use dhcp relay security refresh enable to enable the DHCP relay agent to periodically refresh dynamic client entries. Use undo dhcp relay security refresh enable to disable periodic refresh of dynamic client entries. By default, the DHCP relay agent is enabled to periodically refresh dynamic client entries. If you disable the DHCP relay agent from periodically refreshing dynamic client entries, such entries do not age automatically.
dhcp relay server-detect Syntax dhcp relay server-detect undo dhcp relay server-detect View System view Default level 2: System level Parameters None Description Use dhcp relay server-detect to enable unauthorized DHCP server detection. Use undo dhcp relay server-detect to disable unauthorized DHCP server detection. By default, unauthorized DHCP server detection is disabled.
Use undo dhcp relay server-group to remove a DHCP server from a DHCP server group, if no ip ip-address is specified, all servers in the DHCP server group and the server group itself is removed. By default, no DHCP server is specified for a DHCP server group. The IP address of a DHCP server and the IP address of the DHCP relay agent's interface that connects the DHCP client cannot be in the same network segment. Otherwise, the client may fail to obtain an IP address.
dhcp select relay Syntax dhcp select relay undo dhcp select relay View Interface view Default level 2: System level Parameters None Description Use dhcp select relay to enable the relay agent on the current interface. Upon receiving requests from an enabled interface, the relay agent will forward these requests to outside DHCP servers for IP address allocation. Use undo dhcp select relay to restore the default. After DHCP is enabled, the DHCP server is enabled on an interface by default.
interface interface-type interface-number: Displays information of the DHCP server group that a specified interface corresponds to. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Description Use display dhcp relay information to display Option 82 configuration information on the DHCP relay agent. Examples # Display the Option 82 configuration information of all interfaces.
display dhcp relay security Syntax display dhcp relay security [ ip-address | dynamic | static ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters ip-address: Displays the binding information of an IP address. dynamic: Displays information about dynamic bindings. static: Displays information about static bindings. |: Filters command output by specifying a regular expression.
display dhcp relay security statistics Syntax display dhcp relay security statistics [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Description Use display dhcp relay server-group to display the configuration information of a specified or all DHCP server groups. Examples # Display IP addresses of DHCP servers in DHCP server group 1. display dhcp relay server-group 1 No. Group IP 1 1.1.1.1 2 1.1.1.2 Table 40 Command output Field Description No.
Examples # Display all DHCP packet statistics on the relay agent.
DHCPRELEASE 0 DHCPDECLINE 0 BOOTPREQUEST 0 Server -> Client: DHCPOFFER 0 DHCPACK 0 DHCPNAK 0 BOOTPREPLY 0 reset dhcp relay statistics Syntax reset dhcp relay statistics [ server-group group-id ] View User view Default level 1: Monitor level Parameters server-group group-id: Specifies a server group ID (in the range of 0 to 19) about which to remove statistics from the relay agent. Description Use reset dhcp relay statistics to remove statistics from the relay agent.
DHCP client configuration commands NOTE: • The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), VLAN interfaces, and Layer 3 aggregate interfaces. • You cannot configure an interface of an aggregation group as a DHCP client.
display dhcp client verbose Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from 2005.08.13 15:37:59 to 2005.08.16 15:37:59 DHCP server: 40.1.1.2 Transaction ID: 0x1c09322d Default router: 40.1.1.2 Classless static route: Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.
Field Description Default router The gateway address assigned to the client Classless static route Classless static routes assigned to the client Static route Classful static routes assigned to the client DNS server The DNS server address assigned to the client Domain name The domain name suffix assigned to the client Boot server PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43.
[Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] ip address dhcp-alloc 194
BOOTP client configuration commands display bootp client Syntax display bootp client [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface interface-type interface-number: Displays the BOOTP client information of the interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Transaction ID Value of the XID field in a BOOTP message, which is a random number chosen when the BOOTP client sends a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server. If the values of the XID field are different in the BOOTP response and request, the BOOTP client drops the BOOTP response.
IPv4 DNS configuration commands display dns domain Syntax display dns domain [ dynamic ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display dns host Syntax display dns host [ ip | ipv6 | naptr | srv ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters ip: Displays the dynamic cache information of type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Displays the dynamic cache information of type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. For more information, see Network Management Configuration Guide.
Field Description Host Domain name for query TTL Time that a mapping can be stored in the cache (in seconds) Type Query type, including IP, IPv6, NAPTR, and SRV Reply data concerning the query type: • For an IP query, the reply data is an IPv4 address. • For an IPv6 query, the reply data is an IPv6 address. • For a NAPTR query, the reply data comprises order, preference, flags, Reply Data services, regular expression, and replacement.
Table 45 Command output Field Description DNS Server Sequence number of the DNS server, configured automatically by the firewall, starting from 1.
Field Flags Address Description Indicates the mapping type. Static represents static IPv4 domain name resolution. Host IPv4 address dns domain Syntax dns domain domain-name undo dns domain [ domain-name ] View System view Default level 2: System level Parameters domain-name: Domain name suffix, consisting of character strings separated by a dot (for example, aabbcc.com). Each separated string contains no more than 63 characters.
undo dns proxy enable View System view Default level 2: System level Parameters None Description Use dns proxy enable to enable DNS proxy. Use undo dns proxy enable to disable DNS proxy. By default, DNS proxy is disabled. Examples # Enable DNS proxy. system-view [Sysname] dns proxy enable dns resolve Syntax dns resolve undo dns resolve View System view Default level 2: System level Parameters None Description Use dns resolve to enable dynamic domain name resolution.
dns server Syntax In system view: dns server ip-address undo dns server [ ip-address ] In interface view: dns server ip-address undo dns server ip-address View System view, interface view Default level 2: System level Parameters ip-address: IPv4 address of the DNS server. Description Use dns server to specify a DNS server. Use undo dns server to remove DNS server(s). No DNS server is specified by default.
Default level 2: System level Parameters ip-address: IP address used to spoof name query requests. Description Use dns spoofing to enable DNS spoofing. Use undo dns spoofing to disable DNS spoofing. By default, DNS spoofing is disabled. With DNS proxy enabled but no DNS server specified or no DNS server reachable, the firewall cannot forward a DNS request, or answer the request. In this case, you can enable DNS spoofing on the firewall to spoof a reply with the configured IP address.
Examples # Map the IP address 10.110.0.1 to the host name aaa. system-view [Sysname] ip host aaa 10.110.0.1 reset dns host Syntax reset dns host [ ip | ipv6 | naptr | srv ] View User view Default level 2: System level Parameters ip: Clears the dynamic cache information of type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Clears the dynamic cache information of type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
DDNS configuration commands ddns apply policy Syntax ddns apply policy policy-name [ fqdn domain-name ] undo ddns apply policy policy-name View Interface view Default level 2: System level Parameters policy-name: DDNS policy name, a case-insensitive string of 1 to 32 characters. fqdn domain-name: Specifies the FQDN for update. The domain-name argument is a case-insensitive string of 1 to 127 characters, and is used to replace in the URL for DDNS update.
Default level 2: System level Parameters policy-name: DDNS policy name, a case-insensitive string of 1 to 32 characters. Description Use ddns policy to create a DDNS policy and enter its view. Use undo ddns policy to delete the DDNS policy. By default, no DDNS policy is created. Related commands: display ddns policy. Examples # Create a DDNS policy named steven_policy and enter its view.
system=dyndns&hostname=&myip= SSL client policy: Interval : 1 days 0 hours 1 minutes Table 47 Command output Field Description DDNS policy DDNS policy name URL URL address for the DDNS service. This field is empty if no URL address is configured SSL client policy Name of the associated SSL client policy.
system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] interval 1 0 1 ssl client policy Syntax ssl client policy policy-name undo ssl client policy View DDNS policy view Default level 2: System level Parameters policy-name: SSL client policy name, a case-insensitive string of 1 to 16 characters. Description Use ssl client policy to associate a specific SSL client policy with a DDNS policy. Use undo ssl client policy to cancel the association.
Parameters request-url: URL address for DDNS update requests, a case-sensitive string of 1 to 240 characters containing the login ID, password, and other information. Description Use url to specify the URL address for DDNS update requests. Use undo url to delete the URL address. By default, no URL address is specified for DDNS update requests. The format of the URL address to be specified for DDNS update requests depends on the DDNS server.
ARP configuration commands arp check enable Syntax arp check enable undo arp check enable View System view Default level 2: System level Parameters None Description Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. By default, dynamic ARP entry check is enabled. Examples # Enable dynamic ARP entry check.
Argument number Remarks F1000-A-EI/S-EI F1000-E F5000 Firewall module Value range 0 to 4096 0 to 4096 0 to 2048 0 to 4096 Default settings for Layer 3 interfaces 4096 4096 1024 4096 Description Use arp max-learning-num to configure the maximum number of dynamic ARP entries that an interface can learn. Use undo arp max-learning-num to restore the default. By default, a Layer 2 interface does not limit the number of dynamic ARP entries.
mac-address: MAC address in an ARP entry, in the format H-H-H. vlan-id: ID of a VLAN to which a static ARP entry belongs to, in the range of 1 to 4094. interface-type interface-number: Interface type and interface number. vpn-instance vpn-instance-name: Specifies the VPN for a static ARP entry. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Without this option, the static ARP entry belongs to the public network.
Related commands: display arp timer aging. Examples # Set aging time for dynamic ARP entries to 10 minutes. system-view [Sysname] arp timer aging 10 display arp Syntax display arp [ [ all | dynamic | static ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries.
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S 00e0-fe50-6503 100 GE0/1 14 D 000d-88f7-9f7d 1 GE0/2 18 D 0012-a990-2241 1 GE0/3 20 D 00e0-fc01-0000 N/A N/A N/A M test 193.1.1.70 [No Vrf] 192.168.0.115 [No Vrf] 192.168.0.39 [No Vrf] 192.168.1.1 [No Vrf] Table 48 Command output Field Description IP Address IP address in an ARP entry. MAC Address MAC address in an ARP entry. VLAN ID ID of the VLAN that the ARP entry belongs to. Interface Outbound interface in an ARP entry.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display arp ip-address to display the ARP entry for a specified IP address. Related commands: arp static and reset arp. Examples # Display the corresponding ARP entry for the IP address 20.1.1.1. display arp 20.1.1.
View Any view Default level 1: Monitor level Parameters vpn-instance-name: Specifies the name of a VPN, a case-sensitive string of 1 to 31 characters. count: Displays the number of ARP entries. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Examples # Enable the support for ARP requests from a natural network. system-view [Sysname] naturemask-arp enable reset arp Syntax reset arp { all | dynamic | static | interface interface-type interface-number } View User view Default level 2: System level Parameters all: Clears all ARP entries except authorized ARP entries. dynamic: Clears all dynamic ARP entries. static: Clears all static ARP entries.
Gratuitous ARP configuration commands arp send-gratuitous-arp Syntax arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp View Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view Default level 2: System level Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000.
gratuitous-arp-sending enable Syntax gratuitous-arp-sending enable undo gratuitous-arp-sending enable View System view Default level 2: System level Parameters None Description Use gratuitous-arp-sending enable to enable the firewall to send gratuitous ARP packets when receiving ARP requests from another network segment. Use undo gratuitous-arp-sending enable to restore the default. By default, the firewall cannot send gratuitous ARP packets when receiving ARP requests from another network segment.
source IP address of the ARP packet exists. If a matching ARP entry is found in the cache, the firewall updates the ARP entry regardless of whether this function is enabled. Examples # Enable the gratuitous ARP packet learning function.
Proxy ARP configuration commands display local-proxy-arp Syntax display local-proxy-arp [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 2: System level Parameters interface interface-type interface-number: Displays the local proxy ARP status of the interface specified by the argument interface-type interface-number. |: Filters command output by specifying a regular expression.
Default level 2: System level Parameters interface interface-type interface-number: Displays the proxy ARP status of the interface specified by the argument interface-type interface-number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Related commands: display local-proxy-arp. Examples # Enable local proxy ARP on GigabitEthernet 0/1. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] local-proxy-arp enable # Enable local proxy ARP on GigabitEthernet 0/1 for a specific IP address range. system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.
QoS policy configuration commands Class configuration commands display traffic classifier Syntax display traffic classifier user-defined [ tcl-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters system-defined: Displays system-defined classes. user-defined: Displays user-defined classes. tcl-name: Class name, a string of 1 to 31 characters. |: Filters command output by specifying a regular expression.
Table 49 Command output Field Description Classifier Class name and its match criteria Operator Match operator you set for the class. If the operator is AND, the class matches the packets that match all its match criteria. If the operator is OR, the class matches the packets that match any of its match criteria.
Option Description Matches the 802.1p priority of the customer network. customer-dot1p 8021p-list The 8021p-list argument is a list of up to eight 802.1p priority values. An 802.1p priority ranges from 0 to 7. Matches IP precedence. ip-precedence ip-precedence-list The ip-precedence-list argument is a list of up to eight IP precedence values. An IP precedence ranges from 0 to 7. qos-local-id local-id-value Matches a local QoS ID, which ranges from 1 to 4095.
Defining a criterion to match 802.1p priority values of the customer network • You can configure multiple 802.1p priority match criteria for a class. All the defined 802.1p values are automatically arranged in ascending order. • You can configure up to eight 802.1p priority values in one command line. If the same 802.1p priority value is specified multiple times, the system considers them as one. If a packet matches one of the defined 802.1p priority values, it matches the if-match clause.
[Sysname-classifier-class1] if-match acl ipv6 3101 # Define a match criterion for class class1 to match the IPv6 ACL named flow. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl ipv6 name flow # Define a match criterion for class class1 to match all packets. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match any # Define a match criterion for class class1 to match the packets with IP precedence 5.
Description Use traffic classifier to create a class and enter class view. Use undo traffic classifier to delete a class. If no match operator is specified, the default AND operator applies. The tcl-name argument cannot be the name of a system-defined traffic class. The system-defined traffic classes include default-class, ef, af1, af2, af3, af4, ip-prec0, ip-prec1, ip-prec2, ip-prec3, ip-prec4, ip-prec5, ip-prec6, and ip-prec7. Related commands: qos policy, qos apply policy, and classifier behavior.
• remark-mpls-exp-pass new-exp—Sets the EXP field value of the MPLS packet to new-exp and permits the packet to pass through. The new-exp argument ranges from 0 to 7. • remark-prec-pass new-precedence—Sets the IP precedence of the packet to new-precedence and permits the packet to pass through. The new-precedence argument ranges from 0 to 7. Description Use car to configure a CAR action in the traffic behavior. Use undo car to delete a CAR action from the traffic behavior.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Parameters behavior-name: Sets a behavior name, a string of 1 to 31 characters. Description Use traffic behavior to create a traffic behavior and enter traffic behavior view. Use undo traffic behavior to delete a traffic behavior. A traffic behavior is a set of actions, such as priority marking, dropping, rate limiting, and accounting. You provide QoS for a class of traffic by associating a traffic behavior with the class of traffic. Related commands: qos policy, qos apply policy, and classifier behavior.
Examples # Associate traffic class database with traffic behavior test in QoS policy user1. system-view [Sysname] qos policy user1 [Sysname-qospolicy-user1] classifier database behavior test [Sysname-qospolicy-user1] display qos policy Syntax display qos policy { system-defined | user-defined } [ policy-name [ classifier tcl-name ] ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters user-defined: Displays system-defined QoS policies.
Behavior: behavior1 Committed Access Rate: CIR 200 (kbps), CBS 50000 (byte), EBS 0 (byte) Green Action: pass Red Action: remark ip-precedence 0 and pass Table 52 Command output Field Description Policy Policy name Class name Classifier Behavior A policy can contain multiple classes, and each class is associated with a traffic behavior. A class can be configured with multiple match criteria. For more information, see the traffic classifier command in "Class configuration commands.
Examples # Display information about the QoS policy or policies applied to GigabitEthernet 0/1.
qos apply policy Syntax qos apply policy policy-name { inbound | outbound } undo qos apply policy [ policy-name ] { inbound | outbound } View Interface view Default level 2: System level Parameters inbound: Inbound direction. outbound: Outbound direction. policy-name: Specifies a policy name, a string of 1 to 31 characters. Description Use qos apply policy to apply a QoS policy. Use undo qos apply policy to remove the QoS policy.
Examples # Define QoS policy user1.
Traffic policing configuration commands display qos car interface Syntax display qos car interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Red Action : discard Green: 0/0 (Packets/Bytes) Red : 0/0 (Packets/Bytes) Table 54 Command output Field Description Interface Interface name, including interface type and interface number Direction Direction in which traffic policing is applied Rule(s) Match criteria CIR Committed information rate (CIR) in kbps CBS Committed burst size (CBS) in bytes, which specifies the depth of the token bucket for holding bursty traffic EBS Excessive burst size (EBS) in bytes, which specifies the traffic ex
Examples # Display the rule indexed 1 in the CARL. display qos carl 1 Current CARL Configuration: List Params -----------------------------------------------------1 source-ip-address subnet 1.1.1.
• discard: Drops the packet. • pass: Permits the packet to pass through. • remark-dscp-continue new-dscp: Remarks the packet with a new DSCP value and hands it over to the next CAR policy. The value range is 0 to 63. Alternatively, you can specify the new-dscp argument with af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef.
Parameters carl-index: CAR list number, which ranges from 1 to 199. destination-ip-address: Configures a destination IP address-based CAR list. source-ip-address: Configures a source IP address-based CAR list. subnet ip-address mask-length: Specifies a subnet by the IP subnet address and IP subnet address mask length. The value range for mask-length is 22 to 31. range start-ip-address end-ip-address: Specifies an IP address range by the start address and end address.
system-view [Sysname] qos carl 2 source-ip-address range 1.1.2.100 to 1.1.2.
Basic IP routing commands ip load-sharing mode Syntax ip load-sharing mode per-flow [ dest-ip | src-ip ] undo ip load-sharing mode View System view Default level 2: System level Parameters per-flow: Implements flow-based load sharing. dest-ip: Implements flow-based load sharing based on the destination IP address of packets. src-ip: Implements flow-based load sharing based on the source IP address of packets. Description Use ip load-sharing mode to configure the load sharing mode.
Static routing configuration commands NOTE: The term router in this chapter refers to both routers and Layer 3 firewalls. delete static-routes all Syntax delete [ vpn-instance vpn-instance-name ] static-routes all View System view Default level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, all static routes on the public network are deleted.
undo ip route-static dest-address { mask | mask-length } [ next-hop-address | interface-type interface-number [ next-hop-address ] | vpn-instance d-vpn-instance-name next-hop-address ] [ preference preference-value ] ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { next-hop-address [ public ] [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-addr
control-packet: Implements BFD in the control packet mode. bfd-source ip-address: Specifies the source address of BFD packets. HP recommends that you configure loopback interface address. echo-packet: Implements BFD in the echo packet mode. track track-entry-number: Associates the static route with a track entry. Use the track-entry-number argument to specify a track entry number, in the range of 1 to 1024. Description Use ip route-static to configure a unicast static route.
If the track module uses NQA to detect the reachability of the private network static route's next hop, the VPN instance number of the static route's next hop must be identical to that configured in the NQA test group. If a static route needs route recursion, the associated track entry must monitor the next hop of the recursive route instead of that of the static route. Otherwise, a valid route may be mistakenly considered invalid.
ip route-static default-preference Syntax ip route-static default-preference default-preference-value undo ip route-static default-preference View System view Default level 2: System level Parameters default-preference-value: Default preference for static routes, which is in the range of 1 to 255. Description Use ip route-static default-preference to configure the default preference for static routes. Use undo ip route-static default-preference to restore the default.
RIP configuration commands NOTE: The term "router" in this chapter refers to both routers and Layer 3 firewalls checkzero Syntax checkzero undo checkzero View RIP view Default level 2: System level Parameters None Description Use checkzero to enable zero field check on RIPv1 messages. Use undo checkzero to disable zero field check. The zero field check function is enabled by default. After the zero field check is enabled, the router discards RIPv1 messages in which zero fields are non-zero.
Parameters value: Default metric of redistributed routes, in the range of 0 to 16. Description Use default cost to configure the default metric for redistributed routes. Use undo default cost to restore the default. By default, the default metric of redistributed routes is 0. When you use the import-route command to redistribute routes from other protocols without specifying a metric, the metric specified by the default cost command applies. Related command: import-route.
[Sysname] rip 100 [Sysname-rip-100] default-route only cost 2 display rip Syntax display rip [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. If no process ID is specified, information about all configured RIP processes is displayed. vpn-instance vpn-instance-name: Specifies a VPN.
Silent interfaces : None Default routes : Only Default route cost : 3 Verify-source : Enabled Networks : 192.168.1.
Field Description Verify-source Indicates whether the source IP address is checked on the received RIP routing updates Networks Networks enabled with RIP Configured peers Configured neighbors Triggered updates sent Number of sent triggered updates Number of routes changes Number of changed routes in the database Number of replies to queries Number of RIP responses display rip database Syntax display rip process-id database [ | { begin | exclude | include } regular-expression ] View Any view
Field Description cost Cost of the route classful-summ Indicates the route is a RIP summary route.
Table 58 Command output Field Description Interface-name Name of an interface running RIP. Address/Mask IP address and mask of the interface. Version RIP version running on the interface. MetricIn Additional routing metric added to the incoming routes. MetricIn route policy Name of the routing policy used to add the additional routing metric for the incoming routes. If no routing policy is referenced, the field displays Not designated.
peer ip-address: Displays all routing information learned from a specified neighbor. statistics: Displays the route statistics, including total number of routes and number of routes of each neighbor. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Table 60 Command output Field Description Peer IP address of a neighbor Aging Total number of aging routes learned from the specified neighbor Permanent Total number of permanent routes learned from the specified neighbor Garbage Total number of routes in Garbage-collection state learned from the specified neighbor Total Total number of routes learned from all RIP neighbors filter-policy export (RIP view) Syntax filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol [ process-
If a protocol is specified, RIP filters only the routes redistributed from the specified routing protocol. Otherwise, RIP filters all routes to be advertised. If interface-type interface-number is specified, RIP filters only the routes advertised by the specified interface. Otherwise, RIP filters routes advertised by all RIP interfaces.
ip-prefix ip-prefix-name: References an IP prefix list to filter incoming routes. The ip-prefix-name is a string of 1 to 19 characters. gateway ip-prefix-name: References an IP prefix list to filter routes from the gateway. ip-prefix-name is a string of 1 to 19 characters. interface-type interface-number: Specifies an interface by its type and number. Description Use filter-policy import to configure RIP to filter the incoming routes. Use undo filter-policy import to restore the default.
View RIP view Default level 2: System level Parameters None Description Use host-route to enable host route reception. Use the undo host-route command to disable host route reception. By default, receiving host routes is enabled. In some cases, a router may receive many host routes from the same network segment. These routes are not helpful for routing and occupy a large amount of network resources. Use undo host-route to disable receiving of host routes.
tag: Tag marking redistributed routes, in the range of 0 to 65,535. The default is 0. route-policy route-policy-name: Specifies a routing policy with 1 to 63 case-sensitive characters. Description Use import-route to enable route redistribution from another routing protocol. Use undo import-route to disable route redistribution. By default, RIP does not redistribute routes from other routing protocols.
Use undo maximum load-balancing to restore the default. All firewalls support the number argument, and the argument has different value ranges and default values: Item F1000-A-EI/S-EI F1000-E F5000 Firewall module Value range 1 to 8 1 to 8 1 to 16 1 to 8 Default value 8 8 16 8 Examples # Specify the maximum number of equal-cost routes as 2.
output-delay Syntax output-delay time count count undo output-delay View RIP view Default level 2: System level Parameters time: RIP packet sending interval, in milliseconds. It is in the range of 10 to 100. count: Maximum number of RIP packets sent at each interval. It is in the range of 1 to 20. Description Use output-delay to configure the maximum RIP packets that can be sent at the specified interval for all interfaces under the RIP process. Use undo output-delay to restore the default.
You need not use the peer ip-address command when the neighbor is directly connected; otherwise the neighbor may receive both the unicast and multicast (or broadcast) of the same routing information. Examples # Specify to send unicast updates to peer 202.38.165.1. system-view [Sysname] rip 1 [Sysname-rip-1] peer 202.38.165.
View User view Default level 1: Monitor level Parameters process-id: RIP process ID, in the range of 1 to 65535. Description Use reset rip process to reset the specified RIP process. After executing the command, you are prompted whether you want to reset the RIP process. Examples # Reset RIP process 100.
Parameters process-id: RIP process ID, in the range of 1 to 65535. The default is 1. vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the RIP process will run under the public network. Description Use rip to create a RIP process and enter RIP view. Use undo rip to disable a RIP process. By default, no RIP process runs. You must create a VPN instance before you apply a RIP process to it.
Use undo rip authentication-mode to cancel authentication. The key string you configured can overwrite the old one, if any. This feature does not apply to RIPv1 because RIPv1 does not support authentication. Although you can specify an authentication mode for RIPv1 in interface view, the configuration does not take effect. Related commands: rip version. Examples # Configure MD5 authentication on GigabitEthernet 0/1 with the key string being rose in the format defined in RFC 2453.
system-view [Sysname] interface gigabitethernet0/1 [Sysname-GigabitEthernet0/1] rip bfd enable rip default-route Syntax rip default-route { { only | originate } [ cost cost ] | no-originate } undo rip default-route View Interface view Default level 2: System level Parameters only: Advertises only a default route. originate: Advertises a default route and other routes. cost: Cost of the default route, in the range of 1 to 15. The default is 1.
Default level 2: System level Parameters None Description Use rip input to enable the interface to receive RIP messages. Use undo rip input to disable the interface from receiving RIP messages. By default, an interface is enabled to receive RIP messages. Examples # Enable GigabitEthernet 0/1 to receive RIP messages.
• If the apply cost command is not configured in the policy, all the advertised routes is added with the metric specified in the rip metricout command. Examples # Configure GigabitEthernet 0/1 to add a metric of 6 for the incoming route 1.0.0.0/8 and to add a metric of 2 for other incoming routes. system-view [Sysname] ip ip-prefix 123 permit 1.0.0.
[Sysname] ip ip-prefix 123 permit 1.0.0.0 8 [Sysname] route-policy abc permit node 0 [Sysname-route-policy] if-match ip-prefix 123 [Sysname-route-policy] apply cost 6 [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] rip metricout route-policy abc 2 rip mib-binding Syntax rip mib-binding process-id undo rip mib-binding View System view Default level 2: System level Parameters process-id: RIP process ID, in the range of 1 to 65535.
Parameters None Description Use rip output to enable the interface to send RIP messages. Use undo rip output to disable the interface from sending RIP messages. Sending RIP messages is enabled on an interface by default. Examples # Enable GigabitEthernet 0/1 to receive RIP messages.
Default level 2: System level Parameters None Description Use rip split-horizon to enable the split horizon function. Use undo rip split-horizon to disable the split horizon function. The split horizon function is enabled by default. The split horizon function is necessary for preventing routing loops. To disable it in special cases, make sure it is necessary. Only the poison reverse function takes effect if both the split horizon and poison reverse functions are enabled.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rip summary-address 10.0.0.0 255.255.255.0 rip version Syntax rip version { 1 | 2 [ broadcast | multicast ] } undo rip version View Interface view Default level 2: System level Parameters 1: RIP version 1. 2: RIP version 2. broadcast: Sends RIPv2 messages in broadcast mode. multicast: Sends RIPv2 messages in multicast mode. Description Use rip version to specify a RIP version for the interface.
• Receives RIPv2 unicast messages Examples # Configure GigabitEthernet 0/1 to broadcast RIPv2 messages.
Parameters None Description Use summary to enable automatic RIPv2 summarization. Natural masks are used to advertise summary routes so as to reduce the size of routing tables. Use undo summary to disable automatic RIPv2 summarization so that all subnet routes can be broadcast. By default, automatic RIPv2 summarization is enabled. Enabling automatic RIPv2 summarization can reduce the size of the routing table to enhance the scalability and efficiency of large networks. Related commands: rip version.
• Suppress timer—Defines how long a RIP route stays in suppressed state. When the metric of a route is 16, the route enters the suppressed state. In suppressed state, only routes which come from the same neighbor and whose metric is less than 16 will be received by the router to replace unreachable routes. • Garbage-collect timer—Defines the interval from when the metric of a route becomes 16 to when it is deleted from the routing table.
version Syntax version { 1 | 2 } undo version View RIP view Default level 2: System level Parameters 1: Specifies the RIP version as RIPv1. 2: Specifies the RIP version as RIPv2. RIPv2 messages are multicast. Description Use version to specify a global RIP version. Use undo version to remove the configured global RIP version.
OSPF configuration commands NOTE: The term "router" in this chapter refers to both routers and layer 3 firewalls. abr-summary (OSPF area view) Syntax abr-summary ip-address { mask | mask-length } [ advertise | not-advertise ] [ cost cost ] undo abr-summary ip-address { mask | mask-length } View OSPF area view Default level 2: System level Parameters ip-address: Destination IP address of the summary route, in dotted decimal format. mask: Mask of the IP address in dotted decimal format.
area (OSPF view) Syntax area area-id undo area area-id View OSPF view Default level 2: System level Parameters area-id: ID of an area, which is an IP address, or a decimal integer in the range of 0 to 4294967295 that is translated into the IP address format by the system. Description Use area to create an area and enter area view. Use undo area to remove an area. No OSPF area is created by default.
not-advertise: Disables advertising the summary route. If the keyword is not specified, the route is advertised. tag tag: Specifies a tag value for the summary route, used by a routing policy to control summary route advertisement, in the range of 0 to 4294967295. The default is 1. Description Use asbr-summary to configure a summary route. Use undo asbr-summary to remove a summary route. No ASBR route summarization is configured by default.
By default, no authentication mode is configured for an OSPF area. Routers that reside in the same area must have the same authentication mode: non-authentication, simple, or MD5. Related commands: ospf authentication-mode. Examples # Configure OSPF area 0 to use the MD5 ciphertext authentication mode. system-view [Sysname] ospf 100 [Sysname-ospf-100] area 0 [Sysname-ospf-100-area-0.0.0.
View OSPF view Default level 2: System level Parameters cost: Specifies the default cost for redistributed routes, in the range of 0 to 16777214. limit: Specifies the default upper limit of routes redistributed per time, in the range of 1 to 2147483647. tag: Specifies the default tag for redistributed routes, in the range of 0 to 4294967295. type: Specifies the default type for redistributed routes: 1 or 2. Description Use default to configure default parameters for redistributed routes.
Examples # Configure Area 1 as a stub area, and specify the cost of the default route advertised to the stub area as 20. system-view [Sysname] ospf 100 [Sysname-ospf-100] area 1 [Sysname-ospf-100-area-0.0.0.1] stub [Sysname-ospf-100-area-0.0.0.
The default-route-advertise summary cost command is applicable only to VPNs, and the default route is redistributed in a Type-3 LSA. The PE router advertises the redistributed default route to the CE router. Using the import-route command cannot redistribute a default route. To redistribute a default route, use the default-route-advertise command.
[Sysname-ospf-100] area 0 [Sysname-ospf-100-area-0.0.0.0] description bone area display ospf abr-asbr Syntax display ospf [ process-id ] abr-asbr [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range of 1 to 65535. Use this argument to display information about the routes to the ABR/ASBR under the specified OSPF process. |: Filters command output by specifying a regular expression.
Field Description Cost Cost from the router to the ABR/ASBR Nexthop Next hop address RtType Router type: ABR, ASBR display ospf asbr-summary Syntax display ospf [ process-id ] asbr-summary [ ip-address { mask | mask-length } ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range of 1 to 65535. ip-address: IP address, in dotted decimal format. mask: IP address mask, in dotted decimal format.
Total Summary Address Count: 1 Summary Address Net : 30.1.0.0 Mask : 255.255.0.0 Tag : 20 Status : Advertise Cost : 10 (Configured) The Count of Route is : 2 Destination Net Mask Proto Process Type Metric 30.1.2.0 255.255.255.0 OSPF 2 2 1 30.1.1.0 255.255.255.
Parameters process-id: OSPF process ID, in the range of 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Priority: 1 Designated Router: 192.168.1.2 Backup Designated Router: 192.168.1.1 Timers: Hello 10 , Dead 40 , Poll 40 , Retransmit 5 , Transmit Delay 1 Table 63 Command output Field Description OSPF Process 1 with Router ID 192.168.1.2 OSPF process ID and OSPF router ID RouterID Router ID Router type: Router Type • • • • ABR ASBR NSSA Null Route Tag The tag of redistributed routes Multi-VPN-Instance is not enabled The OSPF process does not support multi-VPN-instance.
Field Description Authentication type of the area: Authtype • None—No authentication. • Simple—simple authentication. • MD5—MD5 authentication. Area flag The type of the area. SPF scheduled Count SPF calculation count in the OSPF area. Interface Interface in the area. Cost Interface cost. State Interface state. Type Interface network type. MTU Interface MTU. Priority Router priority. Designated Router The Designated Router. Backup Designated Router The Backup Designated Router.
Examples # Display OSPF statistics. display ospf cumulative OSPF Process 1 with Router ID 2.2.2.
Field Description Sum-Net Number of Type-3 LSAs originated Sum-Asbr Number of Type-4 LSAs originated External Number of Type-5 LSAs originated NSSA Number of Type-7 LSAs originated Opq-Link Number of Type-9 LSAs originated Opq-Area Number of Type-10 LSAs originated Opq-As Number of Type-11 LSAs originated LSA originated Number of LSAs originated LSA Received Number of LSAs received Routing Table Routing table information Intra Area Intra-area route number Inter Area Inter-area route
OSPF Process 1 with Router ID 192.168.80.
Field Description DD: Extern option mismatch DD packets with mismatched option field LS ACK: Bad ack Bad LSAck packets for LSU packets LS ACK: Unknown LSA type LSAck packets with unknown LSA type LS REQ: Empty request LSR packets with no request information LS REQ: Bad request Bad LSR packets LS UPD: LSA checksum bad LSU packets with wrong LSA checksum LS UPD: Received less recent LSA LSU packets without latest LSA LS UPD: Unknown LSA type LSU packets with unknown LSA type display ospf int
Area: 0.0.0.0 IP Address Type State Cost Pri DR BDR 192.168.1.1 PTP P-2-P 1562 1 0.0.0.0 0.0.0.0 IP Address Type State Cost Pri DR BDR 172.16.0.1 Broadcast DR 1 1 172.16.0.1 0.0.0.0 Area: 0.0.0.
brief: Displays brief LSDB information. asbr: Displays Type-4 LSA (ASBR Summary LSA) information in the LSDB. ase: Displays Type-5 LSA (AS External LSA) information in the LSDB. network: Displays Type-2 LSA (Network LSA) information in the LSDB. nssa: Displays Type-7 LSA (NSSA External LSA) information in the LSDB. opaque-area: Displays Type-10 LSA (Opaque-area LSA) information in the LSDB. opaque-as: Displays Type-11 LSA (Opaque-AS LSA) information in the LSDB.
Table 67 Command output Field Description Area LSDB information of the area Type LSA type LinkState ID Linkstate ID AdvRouter Advertising router Age Age of the LSA Len Length of the LSA Sequence Sequence number of the LSA Metric Cost of the LSA # Display Type2 LSA (Network LSA) information in the LSDB. display ospf 1 lsdb network OSPF Process 1 with Router ID 192.168.1.1 Area: 0.0.0.0 Link State Database Type : Network LS ID : 192.168.0.2 Adv Rtr : 192.168.2.
Table 68 Command output Field Description Type LSA type LS ID DR IP address Adv Rtr Router that advertised the LSA LS Age LSA age time Len LSA length LSA options: Options • • • • • • O—Opaque LSA advertisement capability E—AS External LSA reception capability EA—External extended LSA reception capability DC—On-demand link support N—NSSA external LSA support P—Capability of an NSSA ABR to translate Type-7 LSAs into Type-5 LSAs.
Examples # Display OSPF next hop information. display ospf nexthop OSPF Process 1 with Router ID 192.168.0.1 Routing Nexthop Information Next Hops: Address Refcount IntfAddr Intf Name ---------------------------------------------------------------192.168.0.1 1 192.168.0.1 GigabitEthernet0/1 192.168.0.2 1 192.168.0.1 GigabitEthernet0/1 192.168.1.1 1 192.168.1.
Description Use display ospf peer to display information about OSPF neighbors. If no OSPF process is specified, OSPF neighbor information of all OSPF processes is displayed. If an interface is specified, the neighbor on the interface is displayed. If a neighbor ID is specified, detailed information about the neighbor is displayed, If neither interface nor neighbor ID is specified, brief information about neighbors of the specified OSPF process or all OSPF processes is displayed.
Field Description Neighbor state: • Down—This is the initial state of a neighbor conversation. • Init—In this state, the router has seen a Hello packet from the neighbor. However, the router has not established bidirectional communication with the neighbor (the router itself did not appear in the neighbor's hello packet).
Field Description Address Neighbor interface address Pri Neighboring router priority Dead-Time Dead interval remained Interface Interface connected to the neighbor State Neighbor state: Down, Init, Attempt, 2-Way, Exstart, Exchange, Loading or Full display ospf peer statistics Syntax display ospf [ process-id ] peer statistics [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range of 1 to 65535.
Table 72 Command output Field Description Area ID Area ID. The state statistics information of all the routers in the area to which the router belongs is displayed.
Examples # Display OSPF request queue information. display ospf request-queue The Router's Neighbor is Router ID 2.2.2.2 Interface 10.1.1.1 Address 10.1.1.2 Area 0.0.0.0 Request list: Type LinkState ID AdvRouter Sequence Age Router 2.2.2.2 1.1.1.1 80000004 1 Network 192.168.0.1 1.1.1.1 Sum-Net 192.168.1.0 1.1.1.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ospf retrans-queue to display retransmission queue information. If no OSPF process is specified, the retransmission queue information of all OSPF processes is displayed. Examples # Display OSPF retransmission queue information.
Parameters process-id: OSPF process ID, in the range of 1 to 65535. interface interface-type interface-number: Displays OSPF routing information advertised via the specified interface. nexthop nexthop-address: Displays OSPF routing information with the specified next hop. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description NSSA Total NSSA routes display ospf vlink Syntax display ospf [ process-id ] vlink [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: OSPF process ID, in the range of 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description State Interface state Type Type: virtual link Transit Area Transit area ID Timers Values of timers: hello, dead, retransmit, and interface transmission delay display router id Syntax display router id [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
error: Enables error logging. state: Enables state logging. Description Use enable log to enable specified OSPF logging. Use undo enable log to disable specified OSPF logging. OSPF logging is disabled by default. If no keyword is specified, all logging is enabled. Examples # Enable OSPF logging.
[Sysname] ospf 100 [Sysname-ospf-100] area 1 [Sysname-ospf-100-area-0.0.0.1] filter ip-prefix my-prefix-list import [Sysname-ospf-100-area-0.0.0.1] filter 2000 export filter-policy export (OSPF view) Syntax filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol [ process-id ] ] undo filter-policy export [ protocol [ process-id ] ] View OSPF view Default level 2: System level Parameters acl-number: Number of an ACL used to filter redistributed routes, in the range of 2000 to 3999.
system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule deny source 192.168.10.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] ospf 100 [Sysname-ospf-100] filter-policy 2000 export # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter redistributed routes. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
sour-wildcard command to deny/permit a route with the specified destination, or with the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command to deny/permit a route with the specified destination and mask. The source keyword specifies the destination address of a route and the destination keyword specifies the subnet mask of the route (the subnet mask must be valid; otherwise, the configuration is ineffective).
[Sysname-ospf-100] area 0 [Sysname-ospf-100-area-0.0.0.0] host-advertise 1.1.1.1 100 import-route (OSPF view) Syntax import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost | type type | tag tag | route-policy route-policy-name ] * undo import-route protocol [ process-id | all-processes ] View OSPF view Default level 2: System level Parameters protocol: Redistributes routes from the specified protocol, which can be bgp, direct, isis, ospf, rip, or static.
An intra-area route is a route in an OSPF area. An inter-area route is between any two OSPF areas. Both of them are internal routes. An external route is a route to a destination outside the OSPF AS. A Type-1 external route has high reliability. Its cost is comparable with the cost of OSPF internal routes. The cost from an OSPF router to a Type-1 external route's destination equals the cost from the router to the ASBR plus the cost from the ASBR to the external route's destination.
Examples # Enable OSPF ISPF. system-view [Sysname] ospf 100 [Sysname-ospf-100] ispf enable log-peer-change Syntax log-peer-change undo log-peer-change View OSPF view Default level 2: System level Parameters None Description Use log-peer-change to enable the logging of OSPF neighbor state changes. Use undo log-peer-change to disable the logging. The logging is enabled by default.
Description Use lsa-arrival-interval to specify the LSA arrival interval. Use undo lsa-arrival-interval to restore the default. The interval defaults to 1000 milliseconds. If an LSA that has the same LSA type, LS ID, originating router ID with the previous LSA is received within the interval, the LSA will be discarded. This feature helps protect routers and bandwidth from being over-consumed due to frequent network changes.
Examples # Configure the maximum LSA generation interval as 2 seconds, minimum interval as 100 milliseconds and incremental interval as 100 milliseconds. system-view [Sysname] ospf 100 [Sysname-ospf-100] lsa-generation-interval 2 100 100 lsdb-overflow-limit Syntax lsdb-overflow-limit number undo lsdb-overflow-limit View OSPF view Default level 2: System level Parameters number: Specifies the upper limit of external LSAs in the LSDB, in the range of 1 to 1000000.
Description Use maximum load-balancing to specify the maximum number of equal cost routes. Use undo maximum load-balancing to restore the default. All firewalls support the maximum argument, and the argument has different value ranges and default values: Item F1000-A-EI/S-EI F1000-E F5000 Firewall module Value range 1 to 8 1 to 8 1 to 16 1 to 8 Default value 8 8 16 8 Examples # Specify the maximum number of equal cost routes as 2.
Examples # Specify the maximum number of intra-area routes as 500. system-view [Sysname] ospf 100 [Sysname-ospf-100] maximum-routes intra 500 network (OSPF area view) Syntax network ip-address wildcard-mask undo network ip-address wildcard-mask View OSPF area view Default level 2: System level Parameters ip-address: IP address of a network. wildcard-mask: Wildcard mask of the IP address. For example, the wildcard mask of mask 255.0.0.0 is 0.255.255.255.
View OSPF area view Default level 2: System level Parameters default-route-advertise: Usable on an NSSA ABR or an ASBR only. If it is configured on an NSSA ABR, the ABR generates a default route in a Type-7 LSA into the NSSA area regardless of whether a default route is configured. If it is configured on an ASBR, only a default route is configured on the ASBR can it generates the default route in a Type-7 LSA into the attached area.
Default level 2: System level Parameters None Description Use opaque-capability enable to enable opaque LSA advertisement and reception. With the command configured, the OSPF device can receive and advertise the Type-9, Type-10 and Type-11 opaque LSAs. Use the undo opaque-capability command to restore the default. The feature is disabled by default. Examples # Enable advertising and receiving opaque LSAs.
[Sysname-ospf-100] ospf authentication-mode Syntax For MD5/HMAC-MD5 authentication: ospf authentication-mode { hmac-md5 | md5 } key-id [ cipher | plain ] password undo ospf authentication-mode { hmac-md5 | md5 } key-id For simple authentication: ospf authentication-mode simple [ cipher | plain ] password undo ospf authentication-mode simple View Interface view Default level 2: System level Parameters hmac-md5: HMAC-MD5 authentication. md5: MD5 authentication. simple: Simple authentication.
system-view [Sysname] ospf 100 [Sysname-ospf-100] area 1 [Sysname-ospf-100-area-0.0.0.1] network 131.119.0.0 0.0.255.255 [Sysname-ospf-100-area-0.0.0.1] authentication-mode md5 [Sysname-ospf-100-area-0.0.0.1] quit [Sysname-ospf-100] quit [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospf authentication-mode md5 15 cipher abc # Configure the network 131.119.0.
Examples # Enable OSPF and BFD on GigabitEthernet 0/1. system-view [Sysname] ospf [Sysname-ospf-1] area 0 [Sysname-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.255.255 [Sysname-ospf-1-area-0.0.0.0] interface gigabitethernet 0/1 [Sysname-GigabitEthernet 0/1] ospf bfd enable ospf cost Syntax ospf cost value undo ospf cost View Interface view Default level 2: System level Parameters value: OSPF cost, in the range of 0 to 65535 for a loopback interface and 1 to 65535 for other interfaces.
Default level 2: System level Parameters priority: DR Priority of the interface, in the range of 0 to 255. Description Use ospf dr-priority to set the priority for DR/BDR election on an interface. Use undo ospf dr-priority to restore the default value. By default, the priority is 1. The bigger the value, the higher the priority. If a device has a priority of 0, it will not be elected as a DR or BDR. Examples # Set the DR priority on the current interface to 8.
ospf mtu-enable Syntax ospf mtu-enable undo ospf mtu-enable View Interface view Default level 2: System level Parameters None Description Use ospf mtu-enable to enable an interface to add the real MTU into DD packets. Use undo ospf mtu-enable to restore the default. By default, an interface adds a MTU of 0 into DD packets, which means no real MTU is added.
unicast: Specifies the P2MP interface to unicast OSPF packets. By default, a P2MP interface multicasts OSPF packets. p2p: Specifies the network type as P2P. Description Use ospf network-type to set the network type for an interface. Use undo ospf network-type to restore the default network type for an interface. By default, the network type of an interface depends on its link layer protocol. • For Ethernet, and FDDI, the default network type is broadcast. • For ATM, FR, and X.
Description Use ospf packet-process prioritized-treatment to enable OSPF to give priority to receiving and processing Hello packets. Use undo ospf packet-process prioritized-treatment to restore the default. By default, this function is not enabled. Examples # Enable OSPF to give priority to receiving and processing Hello packets.
View Interface view Default level 2: System level Parameters seconds: Hello interval in seconds, in the range of 1 to 65535. Description Use ospf timer hello to set the hello interval on an interface. Use undo ospf timer hello to restore the default hello interval on an interface. The hello interval defaults to 10s for P2P and Broadcast interfaces, and defaults to 30s for P2MP and NBMA interfaces. The shorter the hello interval is, the faster the topology converges and the more resources are consumed.
Related commands: ospf timer hello. Examples # Set the poll timer interval on the current interface to 130 seconds. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospf timer poll 130 ospf timer retransmit Syntax ospf timer retransmit interval undo ospf timer retransmit View Interface view Default level 2: System level Parameters interval: LSA retransmission interval in seconds, in the range of 1 to 3600.
Parameters seconds: LSA transmission delay in seconds, in the range of 1 to 3600. Description Use ospf trans-delay to set the LSA transmission delay on an interface. Use undo ospf trans-delay to restore the default. The LSA transmission delay defaults to 1 second. Each LSA in the LSDB has an age that is incremented by 1 every second, but the age does not change during transmission. It is necessary to add a transmission delay into its age time, which is important for low speed networks.
A router uses the priority set with the peer command to determine whether to send a hello packet to the neighbor rather than for DR election. The DR priority set with the ospf dr-priority command is used for DR election. Related commands: ospf dr-priority. Examples # Specify the neighbor 1.1.1.1. system-view [Sysname] ospf 100 [Sysname-ospf-100] peer 1.1.1.
reset ospf counters Syntax reset ospf [ process-id ] counters [ neighbor [ interface-type interface-number ] [ router-id ] ] View User view Default level 1: Monitor level Parameters process-id: Clears the statistics information of the specified OSPF process, which is in the range of 1 to 65535. neighbor: Clears neighbor statistics. interface-type interface-number: Clears the statistics information of the neighbor connected to the specified interface.
Examples # Reset all OSPF processes. reset ospf process Warning : Reset OSPF process? [Y/N]:Y reset ospf redistribution Syntax reset ospf [ process-id ] redistribution View User view Default level 2: System level Parameters process-id: OSPF process ID, in the range of 1 to 65535. Description Use reset ospf redistribution to restart route redistribution. If no process ID is specified, using the command restarts route redistribution for all OSPF processes.
Examples # Disable making RFC 1583 routing rules compatible. system-view [Sysname] ospf 100 [Sysname-ospf-100] undo rfc1583 compatible router id Syntax router id router-id undo router id View System view Default level 2: System level Parameters router-id: Router ID, in the form of a dotted decimal IPv4 address. Description Use router id to configure a global router ID. Use undo router id to remove the global router ID. By default, no global router ID is configured.
undo silent-interface { interface-type interface-number | all } View OSPF view Default level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. all: Specifies all interfaces. Description Use silent-interface to disable an interface or all interfaces from receiving and sending OSPF packets. Use undo silent-interface to restore the default. By default, an interface can receive send OSPF packets.
iftxretransmit: Packet receiving and forwarding information. lsdbapproachoverflow: Information about cases approaching LSDB overflow. lsdboverflow: LSDB overflow information. maxagelsa: LSA max age information. nbrstatechange: Neighbor state change information. originatelsa: Information about LSAs originated locally. vifauthfail: Virtual interface authentication failure information. vifcfgerror: Virtual interface configuration error information.
incremental-interval: Incremental value in milliseconds, in the range of 10 to 60000, which defaults to 5000. Description Use spf-schedule-interval to set the OSPF SPF calculation interval. Use undo spf-schedule-interval to restore the default. The interval defaults to 5 seconds. Based on its LSDB, an OSPF router calculates the shortest path tree with itself being the root, and uses it to determine the next hop to a destination.
To configure an area as a stub area, all routers attached to it must be configured with this command. Related commands: default-cost. Examples # Configure Area1 as a stub area. system-view [Sysname] ospf 100 [Sysname-ospf-100] area 1 [Sysname-ospf-100-area-0.0.0.1] stub stub-router Syntax stub-router undo stub-router View OSPF view Default level 2: System level Parameters None Description Use stub-router to configure the router as a stub router. Use undo stub-router to restore the default.
View OSPF view Default level 2: System level Parameters interval: Interval at which an interface sends LSU packets, in milliseconds. Its value is in the range of 10 to 1000. If the router has a number of OSPF interfaces, HP recommends increasing this interval to reduce the total numbers of LSU packets sent by the router every second. count: Maximum number of LSU packets sent by an interface at each interval. It is in the range of 1 to 200.
hmac-md5: HMAC-MD5 authentication. simple: Simple authentication. key-id: Key ID for MD5 or HMAC-MD5 authentication, in the range of 1 to 255. plain | cipher: Plain or cipher type. If plain is specified, only a plain password can be input, and the password is displayed in plain text upon displaying the configuration file. If cipher is specified, either a plain or a cipher password can be input, and the password is displayed in cipher text upon displaying the configuration file.
BGP configuration commands NOTE: • The term router in this chapter refers to both routers and layer 3 firewalls. • For related routing policy commands about BGP, see " Routing policy configuration commands.
Keywords Function suppress-policy Used to create a summary route and suppress the advertisement of some summarized routes. If you want to suppress some routes selectively and leave other routes still advertised, use the if-match clause of the route-policy command. origin-policy Selects only routes satisfying the routing policy for route summarization. attribute-policy Sets attributes except the AS-PATH attribute for the summary route. The same work can be done by using the peer route-policy command.
Use undo balance to disable load balancing. By default, no load balancing is configured. Unlike IGP, BGP has no explicit metric for making load balancing decision. Instead, it implements load balancing using route selection rules. Related commands: display bgp routing-table. Examples # In BGP view, set the number of routes participating in BGP load balancing to 2.
[Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] bestroute as-path-neglect bestroute compare-med (BGP/BGP-VPN instance view) Syntax bestroute compare-med undo bestroute compare-med View BGP view, BGP-VPN instance view Default level 2: System level Parameters None Description Use bestroute compare-med to enable the comparison of the MED for paths from each AS. Use undo bestroute compare-med to disable this comparison. This comparison is not enabled by default.
Description Use bestroute med-confederation to enable the comparison of the MED for paths from confederation peers during best route selection. Use undo bestroute med-confederation to disable the comparison. The comparison is not enabled by default. The system only compares MED values for paths from peers within the confederation. Paths from external ASs are advertised throughout the confederation without MED comparison.
compare-different-as-med (BGP/BGP-VPN instance view) Syntax compare-different-as-med undo compare-different-as-med View BGP view, BGP-VPN instance view Default level 2: System level Parameters None Description Use compare-different-as-med to enable the comparison of the MED for paths from peers in different ASs. Use undo compare-different-as-med to disable the comparison. The comparison is disabled by default. If several paths to one destination are available, the path with the smallest MED is selected.
Parameters as-number: Number of the AS that contains multiple sub-ASs, in the range of 1 to 4294967295. Description Use confederation id to configure a confederation ID. Use undo confederation id to remove a specified confederation. By default, no confederation ID is configured. Configuring a confederation can reduce iBGP connections in a large AS. You can split the AS into several sub-ASs, and each sub-AS remains fully meshed. These sub-ASs form a confederation.
By default, all routers in the confederation comply with RFC3065. All devices should be configured with this command to interact with those nonstandard devices in the confederation. Related commands: confederation id and confederation peer-as. Examples # AS 100 contains routers not compliant with RFC 3065 and comprises two sub-ASs, 64000 and 65000.
dampening (BGP/BGP-VPN instance view) Syntax dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] * undo dampening View BGP view, BGP-VPN instance view Default level 2: System level Parameters half-life-reachable: Specifies a half-life for active routes from 1 to 45 minutes. By default, the value is 15 minutes. half-life-unreachable: Specifies a half-life for suppressed routes from 1 to 45 minutes. By default, the value is 15 minutes.
default ipv4-unicast Syntax default ipv4-unicast undo default ipv4-unicast View BGP view Default level 2: System level Parameters None Description Use default ipv4-unicast to enable the default use of IPv4 unicast address family for the peers that are established using the peer as-number command. Use undo default ipv4-unicast to disable the default use of IPv4 unicast address family for the peers that are established using the peer as-number command.
Parameters value: Default local preference, in the range of 0 to 4294967295. The larger the value is, the higher the preference is. Description Use default local-preference to configure the default local preference. Use undo default local-preference to restore the default value. By default, the default local preference is 100. Using this command can affect BGP route selection. Examples # In BGP view, set the default local preference to 180.
Examples # In BGP view, configure the default MED as 25. system-view [Sysname] bgp 100 [Sysname-bgp] default med 25 # In BGP-VPN instance view, configure the default MED as 25 (the VPN has been created).
display bgp group Syntax display bgp group [ group-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters group-name: Peer group name, a string of 1 to 47 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Maximum allowed prefix number Maximum prefixes allowed to receive from the peer group Threshold Percentage of received prefixes from the peer group to maximum prefixes allowed to receive from the peer group; If the percentage is reached, the system generates alarm messages.
Description Use display bgp network to display routing information advertised with the network command. Examples # Display routing information advertised with the network command. display bgp network BGP Local Router ID is 10.1.4.2. Local AS Number is 400. Network Mask 100.1.2.0 255.255.255.0 100.1.1.0 255.255.255.
Examples # Display information about BGP AS paths with AS number starting from 200.
Description Use display bgp peer to display peer/peer group information. Examples # Display the detailed information of the peer 10.110.25.20. display bgp peer 10.110.25.20 verbose Peer: 10.110.25.20 Local: 2.2.2.2 Type: EBGP link BGP version 4, remote router ID 1.1.1.
Field Description BGP current event Current event of the peer BGP last state Previous state of the peer Port TCP port numbers of the local router and its peer Configured: Active Hold Time Local holdtime interval Keepalive Time Local keepalive interval Received: Active Hold Time Remote holdtime interval Negotiated: Active Hold Time Negotiated holdtime interval Peer optional capabilities Optional capabilities supported by the peer, including BGP multiprotocol extensions and route refresh Add
Error/SubError 10-Jul-2008 15:46:17 Down Send Notification with Error 1/1 Message Header Error/Connection Not Synchronized 10-Jul-2008 09:23:00 Up 10-Jul-2008 07:46:17 Down Receive Notification with Error 3/2 UPDATE Message Error/Unsupported optional Parameter 10-Jul-2008 06:23:00 Up 10-Jul-2008 05:46:17 Down Send Notification with Error 6/4 Cease/Administrative Reset Table 82 Command output Field Description Peer IP address of the peer Date Date on which the Notification was sent or received T
Description Use display bgp peer received ip-prefix to display the prefix information in the ORF packet from the specified BGP peer. Examples # Display the prefix information in the ORF packet from the BGP peer 10.110.25.20. display bgp peer 10.110.25.20 received ip-prefix ORF ip-prefix entries: 2 ge: greater-equal le: less-equal index rule ge le 10 permit 111.111.111.0/24 prefix 26 32 20 deny 26 32 2.1.1.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description MED MULTI_EXIT_DISC attribute LocPrf Local preference value PrefVal Preferred value of the route Path AS_PATH attribute, recording the ASs the packet has passed to avoid routing loops PrefVal Preferred value Origin attribute of the route, which can be one of the following values: Ogn • i—Indicates that the route is interior to the AS. • Summary routes and the routes injected with the network command are considered IGP routes.
Origin : i - IGP, e - EGP, ? – incomplete *> Network NextHop MED 40.40.40.0/24 30.30.30.1 0 LocPrf PrefVal Path/Ogn 0 300i For description of the fields, see Table 84. display bgp routing-table cidr Syntax display bgp routing-table cidr [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display bgp routing-table community Syntax display bgp routing-table community [ aa:nn&<1-13> ] [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters aa:nn: Community number. Both aa and nn are in the range of 0 to 65535. &<1-13>: Argument before it can be entered up to 13 times. no-advertise: Displays BGP routes that cannot be advertised to any peer.
For description of the fields, see Table 84. display bgp routing-table community-list Syntax display bgp routing-table community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters basic-community-list-number: Specifies a basic community-list number from 1 to 99.
display bgp routing-table dampened Syntax display bgp routing-table dampened [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
mask-length: Mask length, in the range of 0 to 32. longer-match: Matches the longest prefix. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
mask-length: Mask length, in the range of 0 to 32. statistic: Displays route statistics. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Examples # Display BGP routing information with AS number ended with 300. display bgp routing-table regular-expression 300$ BGP Local router ID is 20.20.20.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? – incomplete *> Network NextHop MED 40.40.40.0/24 30.30.30.1 0 LocPrf PrefVal Path/Ogn 0 300i For description of the fields, see Table 84.
display router id Syntax display router id [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Examples # In BGP view, enable the clearing of eBGP session on any interface that becomes down. system-view [Sysname] bgp 100 [Sysname-bgp] ebgp-interface-sensitive # In BGP-VPN instance view, enable the clearing of eBGP session on any interface that becomes down (the VPN has been created).
Argument isis process-id F1000-A-EI/S-EI F1000-E F5000 Firewall module Yes. Yes. Yes. Yes. Excludes isis. Excludes isis. Includes isis. Excludes isis.
Parameters acl-number: Number of an ACL used to filter incoming routing information, ranging from 2000 to 3999. ip-prefix-name: Name of an IP prefix list used to filter incoming routing information, a string of 1 to 19 characters. Description Use filter-policy import to configure the filtering of incoming routing information. Use undo filter-policy import to disable the filtering. By default, incoming routing information is not filtered.
View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. external: Creates an eBGP peer group, which can be the group of another sub AS in a confederation. internal: Creates an iBGP peer group. Description Use group to create a peer group. Use undo group to delete a peer group. An iBGP peer group is created if neither internal nor external is specified.
Description Use ignore-first-as to configure BGP to ignore the first AS number of eBGP route updates. Use undo ignore-first-as to configure BGP to check the first AS number of eBGP route updates. By default, BGP checks the first AS number of a received eBGP route update. If the first AS number is not that of the BGP peer, the BGP router discards the route update. Examples # Configure BGP to ignore the first AS number of eBGP route updates.
By default, BGP does not redistribute routes from other protocols. Only active routes can be redistributed. You can use the display ip routing-table protocol command to display route state information. The ORIGIN attribute of routes redistributed with the import-route command is incomplete. The following matrix shows the argument and firewall compatibility: Argument protocol F1000-A-EI/S-EI F1000-E F5000 Firewall module Yes. Yes. Yes. Yes. Excludes isis. Excludes isis. Includes isis.
network (BGP/BGP-VPN instance view) Syntax network ip-address [ mask | mask-length ] route-policy route-policy-name undo network ip-address [ mask | mask-length ] View BGP view, BGP-VPN instance view Default level 2: System level Parameters ip-address: Destination IP address. mask: Mask of the network address, in dotted decimal notation. mask-length: Mask length, in the range of 0 to 32. route-policy-name: Routing policy applied to the route. The name is a case-sensitive string of 1 to 63 characters.
Default level 2: System level Parameters ip-address: Destination IP address. mask: Mask of the network address, in dotted decimal notation. mask-length: Mask length, in the range of 0 to 32. Description Use network short-cut to configure an eBGP route as a shortcut route. Use undo network short-cut to restore the default. By default, a received eBGP route has a priority of 255.
By default, no community attribute is advertised to any peer group/peer. Related commands: ip community-list, if-match community, and apply community. Examples # In BGP view, advertise the community attribute to peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] peer test advertise-community # In BGP-VPN instance view, advertise the community attribute to peer group test (the VPN has been created).
[Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer test advertise-ext-community peer allow-as-loop (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } allow-as-loop [ number ] undo peer { group-name | ip-address } allow-as-loop View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer.
View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. as-number: AS number of the peer or peer group, in the range of 1 to 4294967295. Description Use the peer { group-name | ip-address } as-number as-number command to specify a peer/peer group with an AS number. Use the undo peer group-name as-number command to delete a peer group.
Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. as-path-acl-number: AS path ACL number, in the range of 1 to 256. export: Filters outgoing routes. import: Filters incoming routes. Description Use peer as-path-acl to configure the filtering of routes incoming from or outgoing to a peer/peer group based on a specified AS path ACL. Use undo peer as-path-acl to remove the configuration.
By default, BFD is disabled. The following matrix shows the command and firewall compatibility: Command F1000-A-EI/S-EI F1000-E F5000 Firewall module peer bfd No No Yes No Examples # Enable BFD for BGP peer 1.1.1.1. system-view [Sysname] bgp 100 [Sysname-bgp] peer 1.1.1.
View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. both: Supports sending and receiving route-refresh messages carrying the ORF information. receive: Supports receiving route-refresh messages carrying the ORF information. send: Supports sending route-refresh messages carrying the ORF information.
[Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer 18.10.0.9 as-number 200 [Sysname-bgp-vpn1] peer 18.10.0.9 capability-advertise orf ip-prefix both The related configuration needs to be made on the peer.
[Sysname-bgp-vpn1] peer 18.10.0.9 capability-advertise orf ip-prefix both peer capability-advertise route-refresh Syntax peer { group-name | ip-address } capability-advertise route-refresh undo peer { group-name | ip-address } capability-advertise route-refresh View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer.
Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. Description Use peer capability-advertise suppress-4-byte-as to enable 4-byte AS number suppression. Use undo peer capability-advertise suppress-4-byte-as to disable the function. By default, the 4-byte AS number suppression function is disabled. The device supports 4-byte AS numbers and uses 4-byte AS numbers by default.
Description Use peer connect-interface to specify the source interface for establishing TCP connections to a peer/peer group. Use undo peer connect-interface to restore the default. By default, BGP uses the outgoing interface of the best route to the BGP peer/peer group as the source interface for establishing a TCP connection to the peer/peer group. Suppose interface A on the local device is connected to interface B on the peer device. When you use the peer x.x.x.
By default, no default route is advertised to a peer/peer group. With this command used, the router unconditionally sends a default route with the next hop being itself to the peer/peer group regardless of whether the default route is available in the routing table. Examples # In BGP view, advertise a default route to peer group test.
[Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer test description ISP1 peer ebgp-max-hop (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } ebgp-max-hop [ hop-count ] undo peer { group-name | ip-address } ebgp-max-hop View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. hop-count: Maximum hop count, in the range of 1 to 255.
View BGP view, BGP VPN instance view Default level 2: System level Parameters ip-address: IP address of a peer. Description Use peer enable to enable the specified peer. Use undo peer enable to disable the specified peer. By default, the BGP peer is enabled. If a peer is disabled, the router will not exchange routing information with the peer. Examples # Disable peer 18.10.0.9. system-view [Sysname] bgp 100 [Sysname-bgp] peer 18.10.0.9 group group1 [Sysname-bgp] undo peer 18.10.0.
Examples # In BGP view, configure a fake AS number of 200 for the peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] peer test fake-as 200 # In BGP-VPN instance view, configure a fake AS number of 200 for the peer group test (the VPN has been created).
[Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer test filter-policy 2000 export peer group (BGP/BGP-VPN instance view) Syntax peer ip-address group group-name [ as-number as-number ] undo peer ip-address group group-name View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. as-number: AS number of the peer, in the range of 1 to 4294967295.
peer ignore (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } ignore undo peer { group-name | ip-address } ignore View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. Description Use peer ignore to disable session establishment with a peer or peer group. Use undo peer ignore to remove the configuration.
Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. ip-prefix-name: IP prefix list name, a string of 1 to 19 characters. export: Applies the filter to routes advertised to the specified peer/peer group. import: Applies the filter to routes received from the specified peer/peer group. Description Use peer ip-prefix to reference an IP prefix list to filter routes received from or advertised to a peer or peer group.
Examples # In BGP view, save routing information from peer 131.100.1.1. system-view [Sysname] bgp 100 [Sysname-bgp] peer 131.100.1.1 as-number 200 [Sysname-bgp] peer 131.100.1.1 keep-all-routes # In BGP-VPN instance view, save routing information from peer 131.100.1.1(The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-vpn1] peer 131.100.1.1 as-number 200 [Sysname-bgp-vpn1] peer 131.100.1.
peer next-hop-local (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } next-hop-local undo peer { group-name | ip-address } next-hop-local View BGP view /BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. Description Use peer next-hop-local to specify the router as the next hop for routes sent to a peer/peer group. Use undo peer next-hop-local to remove the configuration.
ip-address: IP address of a peer. cipher: Displays the configured password in cipher text format. simple: Displays the configured password in plain text format. password: Password, a string of 1 to 80 characters when the simple keyword is used, or when the cipher keyword and plain text password are used; a string of 24 or 108 characters when the cipher text password and the cipher keyword are used.
Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. value: Preferred value, in the range of 0 to 65535. Description Use peer preferred-value to assign a preferred value to routes received from a peer or peer group. Use undo peer preferred-value to restore the default value. The default preferred value is 0. Routes learned from a peer have an initial preferred value.
Default level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. Description Use peer public-as-only to not keep private AS numbers in BGP updates sent to a peer/peer group. Use undo peer public-as-only to keep private AS numbers in BGP updates sent to a peer/peer group. By default, BGP updates carry private AS numbers. The command does not take effect if the BGP update has both public and private AS numbers.
The peer reflect-client command can be configured in both BGP view and BGP-VPNv4 subaddress family view. In BGP view, the command enables the router to reflect routes of the public network; in BGP-VPNv4 subaddress family view, the command enables the router to reflect routes of the private network. Related commands: reflect between-clients and reflect cluster-id. Examples # In BGP view, configure the local device as a route reflector and specify the iBGP peer group test as a client.
Use undo peer route-limit to restore the default. The number is not limited by default. Examples # In BGP view, set the number of route prefixes that can be received from peer 129.140.6.6 to 10000. system-view [Sysname] bgp 109 [Sysname-bgp] peer 129.140.6.6 as-number 110 [Sysname-bgp] peer 129.140.6.6 route-limit 10000 # In BGP-VPN instance view, set the number of route prefixes that can be received from peer 129.140.6.6 to 10000 (The VPN has been created.
[Sysname] bgp 100 [Sysname-bgp] peer test route-policy test-policy export # In BGP-VPN instance view, apply the routing policy test-policy to routes outgoing to the peer group test (The VPN has been created.
peer substitute-as (BGP/BGP-VPN instance view) Syntax peer { group-name | ip-address } substitute-as undo peer { group-name | ip-address } substitute-as View BGP view, BGP-VPN instance view Default level 2: System level Parameters group-name: Name of a peer group, a sting of 1 to 47 characters. ip-address: IP address of a peer. Description Use peer substitute-as to replace the AS number of a peer/peer group in the AS_PATH attribute with the local AS number.
ip-address: IP address of a peer. keepalive: Keepalive interval in seconds, ranging from 0 to 21845. holdtime: Holdtime interval in seconds, whose value is 0 or in the range of 3 to 65535. Description Use peer timer to configure the keepalive interval and holdtime interval for a peer or peer group. Use undo peer timer to restore the default. By default, the keepalive and holdtime are 60s and 180s respectively.
preference (BGP/BGP-VPN instance view) Syntax preference { external-preference internal-preference local-preference | route-policy route-policy-name } undo preference View BGP view, BGP-VPN instance view Default level 2: System level Parameters external-preference: Preference of eBGP routes, in the range of 1 to 255. internal-preference: Preference of iBGP routes, in the range of 1 to 255. local-preference: Preference of local routes, in the range of 1 to 255.
Default level 2: System level Parameters None Description Use reflect between-clients to enable route reflection between clients. Use undo reflect between-clients to disable this function. By default, route reflection between clients is enabled. After a route reflector is configured, it reflects the routes of a client to other clients. If the clients of a route reflector are fully meshed, you need disable route reflection between clients to reduce routing costs.
Typcially, a cluster has only one route reflector. The router ID of the route reflector is the ID of the cluster. You can configure multiple route reflectors to improve network stability. Using this command can configure the identical cluster ID for all the route reflectors to avoid routing loops. Related commands: reflect between-clients and peer reflect-client. Examples # Set the cluster ID to 80.
reset bgp Syntax reset bgp { as-number | ip-address [ flap-info ] | all | external | group group-name | internal } View User view Default level 1: Monitor level Parameters as-number: Resets BGP connections to peers in the AS. ip-address: Specifies the IP address of a peer with which to reset the connection. flap-info: Clears route flap information. all: Resets all BGP connections. external: Resets all the eBGP connections. group group-name: Resets connections with the specified BGP peer group.
Examples # Clear damping information of route 20.1.0.0/16 and release the suppressed route. reset bgp dampening 20.1.0.0 255.255.0.0 reset bgp flap-info Syntax reset bgp flap-info [ ip-address [ mask-length | mask ] | as-path-acl as-path-acl-number | regexp as-path-regular-expression ] View User view Default level 1: Monitor level Parameters ip-address: Clears the flap statistics of a route. mask-length: Mask length, in the range of 0 to 32. mask: Network mask, in dotted decimal notation.
Examples # Reset all the BGP connections of IPv4 unicast address family. reset bgp ipv4 all router id Syntax router id router-id undo router id View System view Default level 2: System level Parameters router-id: Router ID, in the form of a dotted decimal IPv4 address. Description Use router id to configure a global router ID. Use undo router id to remove the global router ID. By default, no global router ID is configured. Some routing protocols use a router ID to identify a device.
View BGP view Default level 2: System level Parameters router-id: Router ID in IP address format. Description Use router-id to specify a router ID. Use undo router-id to remove the router ID. To run BGP protocol, a router must have a router ID, which is an unsigned 32-bit integer, the unique ID of the router in the AS. You can specify a router ID manually. Otherwise, the system selects the highest IP address among loopback interface addresses as the router ID.
The summary automatic command helps BGP limit the number of routes redistributed from IGP to reduce the size of the routing table. Examples # In BGP view, enable automatic route summarization. system-view [Sysname] bgp 100 [Sysname-bgp] summary automatic # In BGP-VPN instance view, enable automatic summarization (The VPN has been created.
timer (BGP/BGP-VPN instance view) Syntax timer keepalive keepalive hold holdtime undo timer View BGP view, BGP-VPN instance view Default level 2: System level Parameters keepalive: Keepalive interval in seconds, ranging from 0 to 21845. holdtime: Holdtime interval in seconds, whose value is 0 or in the range of 3 to 65535. Description Use timer to configure the BGP keepalive interval and holdtime interval. Use undo timer to restore the default.
system-view [Sysname] bgp 100 [Sysname-bgp] timer keepalive 0 hold 0 # In BGP-VPN instance view, configure both the keepalive interval and holdtime interval for vpn1 as 0 seconds, indicating no peer connection will time out. (vpn1 must have been created.
IS-IS configuration commands NOTE: The term "router" in this chapter refers to both routers and Layer 3 firewalls. The following matrix shows the feature and firewall compatibility: Feature F1000-A-EI/S-EI F1000-E F5000 Firewall module IS-IS No No Yes No area-authentication-mode Syntax area-authentication-mode { md5 | simple } password [ ip | osi ] undo area-authentication-mode View IS-IS view Default level 2: System level Parameters md5: Specifies the MD5 authentication mode.
With area authentication configured, IS-IS discards incoming routes from untrusted routers. Routers in a common area must have the same authentication mode and password. If neither ip nor osi is specified, OSI related fields are checked. Related commands: reset isis all, domain-authentication-mode, isis authentication-mode Examples # Configure the area authentication password as ivg, and the authentication mode as simple.
bandwidth-reference (IS-IS view) Syntax bandwidth-reference value undo bandwidth-reference View IS-IS view Default level 2: System level Parameters value: Bandwidth reference value in Mbps, ranging from 1 to 2147483648. Description Use bandwidth-reference to set the bandwidth reference value for automatic link cost calculation. Use undo bandwidth-reference to restore the default. By default, the bandwidth reference value is 100 Mbps. Related commands: auto-cost enable.
Use undo circuit-cost to restore the default. By default, no global link cost is configured. If no level is specified, the specified cost applies to both Level-1 and Level-2. Related commands: isis cost and cost-style. Examples # Set the global Level-1 link cost of IS-IS process 1 to 11.
[Sysname-isis-1] cost-style narrow-compatible default-route-advertise (IS-IS view) Syntax default-route-advertise [ route-policy route-policy-name | [ level-1 | level-1-2 | level-2 ] ] * undo default-route-advertise [ route-policy route-policy-name ] View IS-IS view Default level 2: System level Parameters route-policy-name: Specifies the name of a routing policy, a case-sensitive string of 1 to 63 characters. level-1: Advertises a Level-1 default route.
View Any view Default level 1: Monitor level Parameters process-id: Displays IS-IS brief configuration information for the IS-IS process. The process ID is in the range 1 to 65535. vpn-instance vpn-instance-name: Displays IS-IS brief configuration information for the MPLS L3VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the IS-IS brief configuration information of the public network is displayed.
Table 90 Command output Field Description network-entity Network entity name. is-level IS-IS Routing level. cost-style Cost style. preference Preference. Lsp-length receive Maximum LSP that can be received. Lsp-length originate Maximum LSP that can be generated. maximum imported routes number Maximum number of redistributed Level-1/Level-2 IPv4 routes. Timers • lsp-max-age—Maximum life period of LSP. • lsp-refresh—Refresh interval of LSP.
Description Use display isis debug-switches to display IS-IS debugging switch state. Examples # Display the debugging switch state of IS-IS process 1. display isis debug-switches 1 IS-IS - Debug settings.
001 Up Down 1497 L1/L2 No/No # Display detailed IS-IS interface information. display isis interface verbose Interface information for ISIS(1) --------------------------------Interface: Id GigabitEthernet4/2 IPv4.State 001 IPv6.
Table 91 Command output Field Description Interface Interface type and number. Id Circuit ID. IPV4.State IPv4 state. IPV6.State IPv6 state. MTU Interface MTU. Type Interface link adjacency type. DIS Whether the interface is elected as the DIS or not. SNPA Address Subnet access point address. IP Address Primary IP address. Secondary IP Address(es) Secondary IP addresses. IPV6 Link Local Address IPv6 link local address. IPV6 Global Address(es) IPv6 global address.
Field Description IPv6 DOWN Number of IS-ISv6 interfaces in down state. If IPv6 is not enabled, this field displays a hyphen (-). display isis lsdb Syntax display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ lsp-id lspid | lsp-name lspname ] | local | verbose ] * [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters l1, level-1: Displays the level-1 LSDB. l2, level-2: Displays the level-2 LSDB.
1000.0000.0001.00-00* 0x00000016 0x314e 557 112 0/0/0 1000.0000.0001.00-01* 0x0000000b 0xbd7 0 (616) 27 0/0/0 1000.0000.0001.00-02* 0x0000000f 0x68aa 557 67 0/0/0 1000.0000.0002.00-00 0x00000009 0x20ba 945 110 0/0/0 1000.0000.0002.00-01 0x00000006 0x9f1c 945 67 0/0/0 1000.0000.0002.01-00 0x00000004 0x1b9c 945 55 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display detailed Level-1 LSDB information.
display isis mesh-group Syntax display isis mesh-group [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: Displays IS-IS mesh-group configuration information for the IS-IS process. The ID is in the range of 1 to 65535. vpn-instance vpn-instance-name: Displays IS-IS mesh-group configuration information for the VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.
Field Description Status Mesh-group the interface belongs to display isis name-table Syntax display isis name-table [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: Displays the host name-to-system ID mapping table for the IS-IS process. The ID is in the range of 1 to 65535. vpn-instance vpn-instance-name: Displays the host name-to-system ID mapping table for the VPN.
Table 95 Command output Field Description System ID System ID Hostname Hostname name Type Mapping type (static or dynamic) display isis peer Syntax display isis peer [ statistics | verbose ] [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters statistics: Displays IS-IS neighbor statistics information. verbose: Displays detailed IS-IS neighbor information.
Interface: GigabitEthernet4/2 Circuit Id: 1111.1111.1112.01 State: Up Type: L1(L1L2) HoldTime: 23s PRI: 64 System Id: 1111.1111.1111 Interface: GigabitEthernet4/2 Circuit Id: 1111.1111.1112.01 State: Up Type: L2(L1L2) HoldTime: 23s PRI: 64 # Display detailed IS-IS neighbor information. display isis peer verbose Peer information for ISIS(1) ---------------------------- System Id: 1111.1111.1111 Interface: GigabitEthernet4/3 Circuit Id: 1111.1111.1112.
Field Description Circuit type: • L1—Means the circuit type is Level-1 and the neighbor is a Level-1 router. • L2—Means the circuit type is Level-2 and the neighbor is a Level-2 router. • L1(L1L2)—Means the circuit type is Level-1 and the neighbor is a Level-1-2 Type router. • L2(L1L2)—Means the circuit type is Level-2 and the neighbor is a Level-1-2 router. PRI DIS priority of the neighbor. Area Address(es) The neighbor's area address. Peer IP Address(es) IP address of the neighbor.
View Any view Default level 1: Monitor level Parameters ipv4: Displays IS-IS IPv4 routing information (the default). verbose: Displays detailed IS-IS IPv4 routing information. process-id: Displays the IS-IS IPv4 routing information of the IS-IS process. The ID is in the range of 1 to 65535. vpn-instance vpn-instance-name: Displays the IS-IS IPv4 routing information of the VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.
ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------1.1.0.0/16 20 NULL 1.2.0.0/16 10 NULL GE4/2 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set Table 98 Command output Field Description Route information for ISIS(1) Route information for IS-IS process 1. IPv4 Destination IPv4 destination address.
ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------IPV4 Dest : 1.1.0.0/16 Int. Cost : 20 Ext. Cost : NULL Admin Tag : - Src Count : 2 Flag IPV4 Dest : 1.2.0.0/16 Int. Cost : 10 Ext.
vpn-instance vpn-instance-name: Displays IS-IS SPF log information for the VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the IS-IS SPF log information for the public network is displayed. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Duration SPF calculation duration StartTime SPF calculation start time display isis statistics Syntax display isis statistics [ level-1 | level-1-2 | level-2 ] [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters level-1: Displays IS-IS Level-1 statistics. level-1-2: Displays IS-IS Level-1-2 statistics. level-2: Displays IS-IS Level-2 statistics.
Learnt routes information: Total IPv4 Learnt Routes in IPv4 Routing Table: 0 Total IPv6 Learnt Routes in IPv6 Routing Table: 0 Imported routes information: IPv4 Imported Routes: Static: 0 Direct: 0 ISIS: 0 BGP: 0 RIP: 0 OSPF: 0 Total Number: 0 IPv6 Imported Routes: Static: 0 Direct: 0 ISISv6: 0 BGP4+: RIPng: OSPFv3: 0 0 Total Number: 0 0 Lsp information: LSP Source ID: No. of used LSPs 1010.1020.1030 001 2222.2222.
View IS-IS view Default level 2: System level Parameters md5: Specifies the MD5 authentication mode. simple: Specifies the simple authentication mode. password: Specifies a password. For simple authentication mode, the password must be plain text. For md5 authentication mode, the password can be either plain text or cipher text. A plain text password can be a string of up to 16 characters, such as user918. A cipher password must be a string of 24 characters, such as _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Default level 2: System level Parameters acl-number: Specifies the number of an ACL that is used to filter redistributed routes, ranging from 2000 to 3999. For ACL configuration information, see Access Control Command Reference. ip-prefix ip-prefix-name: Specifies the name of an IP prefix list that is used to filter redistributed routes, a case-sensitive string of 1 to 19 characters. For IP prefix list configuration information, see “Routing policy configuration commands.
[Sysname-acl-adv-3000] rule 100 deny ip [Sysname-acl-adv-3000] quit [Sysname] isis 1 [Sysname-isis 1] filter-policy 3000 export filter-policy import (IS-IS view) Syntax filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name } import undo filter-policy import View IS-IS view Default level 2: System level Parameters acl-number: Specifies the number of an ACL that is used to filter routes calculated from received LSPs, ranging from 2000 to 3999.
[Sysname-acl-basic-2000] rule deny source 192.168.10.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] isis 1 [Sysname-isis-1] filter-policy 2000 import # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter routes calculated from received LSPs. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
import-route (IS-IS view) Syntax import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost | cost-type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name | tag tag ] * undo import-route protocol [ process-id | all-processes ] View IS-IS view Default level 2: System level Parameters protocol: Redistributes routes from a routing protocol, which can be BGP, direct, IS-IS, OSPF, RIP or static. process-id: Process ID, in the range of 1 to 65535.
If no topology is specified, the command redistributes routes from the specified routing protocol or IS-IS process in the base topology. Related commands: import-route isis level-2 into level-1. CAUTION: • Using the import-route bgp command redistributes only EBGP routes. Using the import-route bgp allow-ibgp command redistributes both EBGP and IBGP routes, but this may cause routing loops; be cautious with this command. • Only active routes can be redistributed.
You can specify a routing policy in the import-route isis level-2 into level-1 command to filter routes from Level-2 to Level-1. Other routing policies specified for route reception and redistribution does not affect the route leaking. If a filter policy is configured, only routes passing it can be advertised into the Level-1 area. If no topology is specified, the Level-2 routes of the base topology will be advertised to Level-1. Related commands: import-route.
Default level 2: System level Parameters process-id: Process ID, ranging from 1 to 65535. The default is 1. vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the IS-IS process belongs to the public network. Description Use isis to enable an IS-IS process and specify an associated VPN instance, enter IS-IS view, or both. Use undo isis to disable an IS-IS process. Related commands: isis enable, network-entity.
NOTE: • This command is not available in loopback interface view. • Whether a password should use ip or osi is not affected by the actual network environment. Description Use isis authentication-mode to set the IS-IS authentication mode and password for an interface. Use undo isis authentication-mode to restore the default. No neighbor relationship authentication is configured by default.
Description Use isis circuit-level to set the circuit level for the interface. Use undo isis circuit-level to restore the default. An interface can establish either the Level-1 or Level-2 adjacency by default. For a Level-1 (Level-2) router, the circuit level can only be Level-1 (Level-2). For a Level-1-2 router, you need to specify a circuit level for a specific interface to form only the specified level neighbor relationship. Related commands: is-level.
Examples # Configure the network type of the GigabitEthernet 4/2 interface as P2P. system-view [Sysname] interface GigabitEthernet 4/2 [Sysname-GigabitEthernet4/2] isis enable [Sysname-GigabitEthernet4/2] isis circuit-type p2p isis cost Syntax isis ipv6-unicast ] cost value [ level-1 | level-2 ] undo isis ipv6-unicast ] cost [ value ] [ level-1 | level-2 ] View Interface view Default level 2: System level Parameters ipv6-unicast: Specifies an IPv6 unicast topology.
undo isis dis-name View Interface view Default level 2: System level Parameters symbolic-name: Specifies a DIS name, a string of 1 to 64 characters. Description Use isis dis-name to configure a name for a DIS to represent the pseudo node on a broadcast network. Use undo isis dis-name to remove the configuration. No name is configured for the DIS by default. This command takes effect only on a router that must have dynamic system ID to host name mapping enabled.
If neither level-1 nor level-2 is specified in this command, the DIS priority applies to both Level-1 and Level-2. On an IS-IS broadcast network, a router should be elected as the DIS at each routing level. You can specify a DIS priority at a level for an interface. The greater the interface’s priority is, the more likelihood it becomes the DIS.
isis mesh-group Syntax isis mesh-group { mesh-group-number | mesh-blocked } undo isis mesh-group View Interface view Default level 2: System level Parameters mesh-group-number: Mesh group number, ranging from 1 to 4294967295. mesh-blocked: Blocks the interface, which sends LSPs only after receiving LSP requests. Description Use isis mesh-group to add the interface into a specified mesh group or block the interface. Use undo isis mesh-group to restore the default.
Default level 2: System level Parameters process-id: IS-IS process ID, in the range 1 to 65535. Description Use isis mib-binding to bind MIBs with an IS-IS process. Use undo isis mib-binding to restore the default. By default, MIBs are bound with IS-IS process 1. Examples # Bind MIBs with IS-IS process 100.
isis small-hello Syntax isis small-hello undo isis small-hello View Interface view Default level 2: System level Parameters None Description Use isis small-hello to configure the interface to send small hello packets without CLVs. Use undo isis small-hello to restore the default. An interface sends standard hello packets by default. NOTE: This command is not available in loopback interface view. Examples # Configure the GigabitEthernet 4/2 interface to send small Hello packets.
Description Use isis timer csnp to specify on the DIS of a broadcast network the interval for sending CSNP packets. Use undo isis timer csnp to restore the default. The default CSNP interval is 10 seconds. NOTE: • If no level is specified, the CSNP interval applies to both Level-1 and Level-2. • This command only applies to the DIS of a broadcast network, which sends CSNP packets periodically for LSDB synchronization. • This command is not supported in loopback interface view.
NOTE: • Level-1 and Level-2 hello packets are sent independently on a broadcast network, so you need to specify an interval for the two levels respectively. On a P2P link, Level-1 and Level-2 packets are both sent in P2P hello packets, and you need not specify an interval for two levels respectively. • You can configure keywords level-1 and level-2 only on broadcast interfaces. Before doing that, you need to enable IS-IS on the interface.
packets from this router within the hold time, it declares the adjacency down. You can adjust the adjacency hold time by changing the hello multiplier or the hello interval on an interface. NOTE: • Level-1 and Level-2 hello packets are sent independently on a broadcast network, so you need to specify a hello multiplier for the two levels respectively. • You can configure keywords level-1 and level-2 only on broadcast interfaces. Before doing that, you need to enable IS-IS on the interface.
[Sysname] interface gigabitethernet4/2 [Sysname-GigabitEthernet4/2] isis timer lsp 500 isis timer retransmit Syntax isis timer retransmit seconds undo isis timer retransmit View Interface view Default level 2: System level Parameters seconds: Specifies the interval in seconds for retransmitting LSP packets, ranging from 1 to 300. Description Use isis timer retransmit to configure the interval for retransmitting LSP packets over a point-to-point link.
Default level 2: System level Parameters level-1: Configures the router to work on Level-1, which means it only calculates routes within the area, and maintains the L1 LSDB. level-1-2: Configures the router to work on Level-1-2, which means it calculates routes and maintains the LSDBs for both L1 and L2. level-2: Configures the router to work on Level-2, which means it calculates routes and maintains the LSDB for L2 only. Description Use is-level to specify the IS level.
system-view [Sysname] isis 1 [Sysname-isis-1] is-name RUTA is-name map Syntax is-name map sys-id map-sys-name undo is-name map sys-id View IS-IS view Default level 2: System level Parameters sys-id: System ID or pseudonode ID of a remote IS. map-sys-name: Specifies a host name for the remote IS, a string of 1 to 64 characters. Description Use is-name map to configure a system ID to host name mapping for a remote IS. Use undo is-name map to remove the mapping.
SNMP Trap is enabled by default. Examples # Enable SNMP Trap. system-view [Sysname] isis 1 [Sysname-isis-1] is-snmp-traps enable log-peer-change (IS-IS view) Syntax log-peer-change undo log-peer-change View IS-IS view Default level 2: System level Parameters None Description Use log-peer-change to enable the logging of IS-IS neighbor state changes. Use undo log-peer-change to disable the logging. The logging is enabled by default.
Parameters level-1: Applies the fragment extension mode to Level-1 LSPs. level-1-2: Applies the fragment extension mode to both Level-1 and Level-2 LSPs. level-2: Applies the fragment extension mode to Level-2 LSPs. mode-1: Fragment extension mode 1, used on a network where some devices do not support LSP fragment extension. mode-2: Fragment extension mode 2, used on a network where all devices support LSP fragment extension.
NOTE: If neither Level-1 nor Level-2 is specified in the command, the configured maximum size applies to the current IS-IS level. Examples # Configure the maximum size of the generated Level-2 LSPs as 1024 bytes. system-view [Sysname] isis 1 [Sysname-isis-1] lsp-length originate 1024 level-2 lsp-length receive Syntax lsp-length receive size undo lsp-length receive View IS-IS view Default level 2: System level Parameters size: Maximum size of received LSPs, in the range of 512 to 16384 bytes.
Parameters number: Maximum number of equal-cost routes, in the range 1 to 8. Description Use maximum load-balancing to configure the maximum number of equal-cost routes. Use undo maximum load-balancing to restore the default. The maximum number is 8. If no topology is specified, the command configures the maximum number of equal-cost routes for the base topology. Examples # Configure the maximum number of equal-cost routes as 2.
Related commands: isis, isis enable. Examples # Specify the NET as 10.0001.1010.1020.1030.00, of which 10.0001 is the area ID and 1010.1020.1030 is the system ID. system-view [Sysname] isis 1 [Sysname-isis-1] network-entity 10.0001.1010.1020.1030.00 preference (IS-IS view) Syntax preference { preference | route-policy route-policy-name } * undo preference View IS-IS view Default level 2: System level Parameters preference: Specifies the preference for IS-IS protocol, ranging from 1 to 255.
View IS-IS view Default level 2: System level Parameters ip-prefix ip-prefix-name: Specifies the name of an IP prefix list, a case-sensitive string of 1 to 19 characters. tag tag-value: Specifies a tag value, in the range of 1 to 4294967295. Description Use priority high to assign a high priority to an IS-IS IP prefix to achieve faster network convergence for the specific routes. Use undo priority high to restore the default. By default, no IS-IS IP prefix is assigned a high priority.
Related commands: area-authentication-mode, domain authentication-mode. Examples # Clear all IS-IS data structure information. reset isis all reset isis peer Syntax reset isis peer system-id [ process-id | vpn-instance vpn-instance-name ] View User view Default level 2: System level Parameters system-id: Specifies the system ID of an IS-IS neighbor. process-id: Clears the data structure information of an IS-IS process with an ID from 1 to 65535.
keeps the overload bit set within the timeout1 interval after the neighbor relationship is formed within the nbr-timeout interval. • system-id: Specifies the neighbor. • timeout1: The timeout1 interval is in the range 5 to 86400 seconds and defaults to 600 seconds. • nbr-timeout: The timer has an interval from 5 to 86400 seconds. The default is 1200 seconds. timeout2: Sets the overload bit within the timeout2 interval after system startup.
avoid-feedback: Avoids learning summary routes by route calculation. generate_null0_route: Generate the Null 0 route to avoid routing loops. level-1: Summarize only the routes redistributed to Level-1. level-1-2: Summarizes the routes redistributed to both Level-1 and Level-2. level-2: Summarizes only the routes redistributed to Level-2. tag tag: Specifies a management tag, in the range of 1 to 4294967295. Description Use summary to configure a summary route. Use undo summary to remove a summary route.
level-2: Applies the intervals to Level-2 .If no level is specified, the specified intervals apply to both Level-1 and Level-2. Description Use timer lsp-generation to specify the wait interval before generating IS-IS LSPs. Use undo timer lsp-generation to restore the default. By default, the wait interval before LSP generation is 2 seconds. • If only the maximum interval is specified, IS-IS waits the maximum interval before generating an LSP.
The default LSP maximum age is 1200 seconds. Related commands: timer lsp-refresh. Examples # Set the maximum LSP age to 1500 seconds. system-view [Sysname] isis 1 [Sysname-isis-1] timer lsp-max-age 1500 timer lsp-refresh Syntax timer lsp-refresh seconds undo timer lsp-refresh View IS-IS view Default level 2: System level Parameters seconds: LSP refresh interval in seconds, ranging from 1 to 65534. Description Use timer lsp-refresh to configure the LSP refresh interval.
Default level 2: System level Parameters maximum-interval: Maximum SPF calculation interval in seconds, ranging from 1 to 120. initial-interval: Wait interval before the first SPF calculation, in milliseconds, ranging from 10 to 60000. second-wait-interval: Wait interval before the second SPF calculation, in milliseconds, ranging from 10 to 60000. Description Use timer spf to set the SPF calculation interval. Use undo timer spf to restore the default.
Default level 2: System level Parameters virtual-system-id: Virtual system ID of the IS-IS process. Description Use virtual-system to configure a virtual system ID for the IS-IS process. Use undo virtual-system to remove a virtual system ID. Up to 50 virtual system IDs can be configured for the IS-IS process. Examples # Set a virtual system ID of 2222.2222.2222 for IS-IS process 1. system-view [Sysname] isis 1 [Sysname-isis-1] virtual-system 2222.2222.
IPv4 routing table displaying commands NOTE: The "router" in this chapter refers to both routers and layer 3 firewalls. display ip routing-table Syntax display ip routing-table [ vpn-instance vpn-instance-name ] [ verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies an L3 VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.
Routing Tables: Public Destinations : 7 Destination/Mask Proto 1.1.2.0/24 Routes : 7 Pre Cost NextHop Interface Direct 0 0 1.1.2.1 GE0/1 1.1.2.1/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.0/24 OSPF 2 1.1.2.2 GE0/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 Direct 0 0 192.168.0.1 VT1 192.168.0.1/32 Direct 0 0 127.0.0.
BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 BkInterface: Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active NoAdv Age: 06h46m22s Tag: 0 Destination: 2.2.2.0/24 Protocol: OSPF Preference: 10 IpPrecedence: NextHop: 1.1.2.2 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Process ID: 1 Cost: 2 QosLcId: Interface: GigabitEthernet0/2 BkInterface: Neighbor : 0.0.0.
BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 06h46m35s Tag: 0 Destination: 192.168.0.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 IpPrecedence: QosLcId: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 Interface: InLoopBack0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.
Field Description Route status: • • • • • Active—This is an active unicast route. Adv—This route can be advertised. Delete—This route is deleted. Gateway—This is an indirect route. Holddown—Number of holddown routes. Holddown is a route advertisement policy used in some distance vector (D-V) routing protocols, such as RIP, to avoid the propagation of some incorrect routes. It distributes a Holddown route during a period regardless of whether a new route to the same destination is found.
verbose: Displays detailed routing table information, including inactive routes. With this argument absent, the command displays only brief information about active routes. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
IpPrecedence: NextHop: 10.1.1.2 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 QosLcId: Interface: Vlan-interface1 BkInterface: Neighbor: 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h25m32s Tag: 0 Destination: 10.1.1.2/32 Protocol: Direct Preference: 0 IpPrecedence: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Process ID: 0 Cost: 0 QosLcId: Interface: InLoopBack0 BkInterface: Neighbor: 0.0.0.
IpPrecedence: NextHop: 10.1.3.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 QosLcId: Interface: GigabitEthernet0/1 BkInterface: Neighbor: 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h05m31s Tag: 0 Destination: 10.1.3.1/32 Protocol: Direct Preference: 0 IpPrecedence: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Process ID: 0 Cost: 0 QosLcId: Interface: InLoopBack0 BkInterface: Neighbor: 0.0.0.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ip routing-table ip-address to display information about routes to a specified destination address.
# Display route entries by specifying a destination IP address and the longer-match keyword. display ip routing-table 11.1.1.1 longer-match Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre 11.1.1.0/24 Static 60 Cost NextHop Interface 0 0.0.0.0 NULL0 # Display route entries by specifying a destination IP address and mask. display ip routing-table 11.1.1.1 24 Routing Table : Public Summary Count : 3 Destination/Mask Proto 11.0.0.0/8 11.1.0.0/16 11.1.1.
View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the information of the public network is displayed. ip-prefix-name: IP prefix list name, a string of 1 to 19 characters. verbose: Displays detailed routing table information, including inactive routes. With this argument absent, the command displays only brief information about active routes.
Preference: 0 IpPrecedence: NextHop: 2.2.2.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Cost: 0 QosLcId: Interface: Vlan-interface2 BkInterface: Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h20m52s Tag: 0 Destination: 2.2.2.1/32 Protocol: Direct Preference: 0 IpPrecedence: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Process ID: 0 Cost: 0 QosLcId: Interface: InLoopBack0 BkInterface: Neighbor : 0.0.0.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ip routing-table protocol to display routing information of a specified routing protocol. The following matrix shows the argument and firewall compatibility: Argument protocol F1000-A-EI/S-EI F1000-E F5000 Firewall module Yes. Yes. Yes. Yes. Excludes isis. Excludes isis. Includes isis. Excludes isis.
display ip routing-table statistics Syntax display ip routing-table [ vpn-instance vpn-instance-name ] statistics [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the information of the public network is displayed. |: Filters command output by specifying a regular expression.
Field Description Total Total number reset ip routing-table statistics protocol Syntax reset ip routing-table statistics protocol [ vpn-instance vpn-instance-name ] { protocol | all } View User view Default level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the routing statistics of the public network is cleared.
Policy-based routing configuration commands apply access-vpn vpn-instance Syntax apply access-vpn vpn-instance vpn-instance-name&<1-6> undo apply access-vpn vpn-instance [ vpn-instance-name ]&<1-6> View PBR policy node view Default level 2: System level Parameters vpn-instance-name&<1-6>: Specifies an MPLS L3VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. &<1-6> indicates that you can input up to six VPN instance names.
Default level 2: System level Parameters interface-type interface-number: Specifies an interface. track track-entry-number: Specifies a track entry. The track-entry-number argument is in the range of 1 to 1024. Description Use apply default output-interface to set the default outgoing interface. Use undo apply default output-interface to remove the configuration. Using this command can set two outgoing interfaces at most for load sharing. You need to specify a P2P interface as the outgoing interface.
• At most two default next hops can be specified in one command line. • Using the undo apply ip-address default next-hop command with a next hop specified removes the default next hop. Using this command without any next hop specified removes all default next hops. Examples # Set the default next hop to 1.1.1.1. system-view [Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] apply ip-address default next-hop 1.1.1.
View PBR policy node view Default level 2: System level Parameters value: Sets the precedence for IP packets. Eight precedence values (0 to 7) are available. Each precedence value corresponds to a precedence type, as shown in Table 105. You can set either a precedence value or a precedence type for IP packets.
Parameters interface-type interface-number: Specifies an interface. track track-entry-number: Specifies a track entry. The track-entry-number argument is in the range of 1 to 1024. Description Use apply output-interface to set outgoing interface(s) for packets. Use undo apply output-interface to remove the configuration. Up to two outgoing interfaces can be specified in one command line for the policy node.
display ip policy-based-route Policy Name interface pr02 local pr02 Virtual-Template0 pr01 GigabitEthernet 0/1 Table 106 Command output Field Description Policy Name Policy name PBR type. interface This field displays local for a local PBR or a specific interface (such as GigabitEthernet 1/1) to which the policy has been applied to implement interface PBR.
# Display the PBR routing information on GigabitEthernet 0/1. display ip policy-based-route setup interface GigabitEthernet 0/1 Interface GigabitEthernet0/1 policy based routing configuration information: policy-based-route: pr01 permit node 1 if-match acl 3101 apply output-interface GigabitEthernet0/2 # Display the local PBR routing information.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Parameters policy-name: Displays information about the specified policy. A policy name is a string of 1 to 19 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Use undo if-match acl to remove the ACL match criterion. Examples # Permit the packets matching ACL 2010. system-view [Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] if-match acl 2010 if-match packet-length Syntax if-match packet-length min-len max-len undo if-match packet-length View PBR policy node view Default level 2: System level Parameters min-len: Minimum IP packet length in bytes, in the range of 0 to 65535.
Description Use ip local policy-based-route to configure local PBR based on a specified policy. Use undo ip local policy-based-route to remove the configuration. No policy is referenced for local PBR by default. Only one policy can be referenced for local PBR. Local PBR is used to route packets generated locally. Unless otherwise required, HP does not recommend configuring local PBR. Examples # Configure local PBR based on policy aaa.
View System view Default level 2: System level Parameters policy-name: Policy name, a string of 1 to 19 characters. deny: Specifies the match mode of the policy node as deny. permit: Specifies the match mode of the policy node as permit. node node-number: Number of a policy node, in the range of 0 to 65535. A node with a smaller node-number has a higher match priority than a node with a greater one.
Multicast routing and forwarding configuration commands The term "router" in this document refers to both routers and Layer 3 firewalls. delete ip rpf-route-static Syntax delete ip rpf-route-static View System view Default level 2: System level Parameters None Description Use delete ip rpf-route-static to delete all static multicast routes. Related commands: ip rpf-route-static. Examples # Delete all static multicast routes on the public network.
mask-length: Mask length of the multicast group address, in the range of 4 to 32. The system default is 32. interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
mask-length: Mask length of the multicast group address or multicast source address. For a multicast group address, this argument has an effective value range of 4 to 32. For a multicast source address, this argument has an effective value range of 0 to 32. The system default is 32 in both cases. incoming-interface: Displays multicast forwarding entries of which the incoming interface is the specified one. interface-type interface-number: Specifies the interface by its type and number.
1: GigabitEthernet0/2 Matched 19648 packets(20512512 bytes), Wrong If 0 packets Forwarded 19648 packets(20512512 bytes) Table 111 Command output Field Description Total 1 entry Total number of (S, G) entries in the multicast forwarding table Total 1 entry matched Total number of matched (S, G) entries in the multicast forwarding table 00001 Sequence number of the (S, G) entry. (172.168.0.2,227.0.0.1) (S, G) entry. MID (S, G) entry ID.
Table 113 Major values of the flags field (after the colon) Value Meaning 0 Indicates that the entry does not belong to the main board, or the main board has synchronized the entry to other cards 1 Indicates that the main board will synchronize the incoming interface information of the entry to other cards 2 Indicates that the main board will synchronize the outgoing interface information of the entry to other cards 4 Indicates that the main board will synchronize the RP information of the entry to
exclude: Displays the multicast routing entries of which the outgoing interface list excludes the specified interface. include: Displays the multicast routing entries of which the outgoing interface list includes the specified interface. match: Displays the multicast routing entries of which the outgoing interface list includes only the specified interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display multicast routing-table static Syntax display multicast routing-table static [ source-address { mask-length | mask } ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters source-address: Multicast source address. mask: Mask of the multicast source address. mask-length: Mask length of the multicast source address, in the range of 0 to 32. |: Filters command output by specifying a regular expression.
Field Description Order Sequence number of the route Running Configuration Command line that configures the static multicast route display multicast rpf-info Syntax display multicast rpf-info source-address [ group-address ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters source-address: Multicast source address. group-address: Multicast group address, in the range of 224.0.1.0 to 239.255.255.255.
Field Description Referenced route/mask Referenced route and its mask length Type of the referenced route, which can be any of the following: Referenced route type • • • • • • igp—Unicast route (IGP) egp—Unicast route (EGP) unicast (direct)—Unicast route (directly connected) unicast—Other unicast route (such as unicast static route) mbgp—MBGP route static multicast—Static multicast route Route selection rule Rule for RPF route selection, which can be based on the preference of the routing protocol o
interface-type interface-number: Specifies an RPF neighbor by providing the type and number of the interface connecting the RPF neighbor. preference: Route preference, in the range of 1 to 255 and defaulting to 1. order-number: Match order for routes on the same segment, in the range of 1 to 100. Description Use ip rpf-route-static to configure a static multicast route. Use undo ip rpf-route-static to delete a static multicast route from the static multicast routing table.
last-hop-router-address: Specifies a last-hop router address, which is the IP address of the local router by default. Description Use mtracert to trace the path down which the multicast traffic flows to the last-hop router. If the last-hop-router-address argument is given in the command to trace the path for a specific (S, G) multicast stream, the interface corresponding to the last-hop router address must be the outgoing interface for the (S, G) entry. Otherwise the multicast traceroute will fail.
Field Description Output packet count on outgoing interface Total number of multicast packets transmitted on the outgoing interface Total number of packets for this source-group pair Total number of packets from the specified source forwarded by this router to the specified group Protocol Multicast routing protocol in use Forwarding TTL Minimum TTL that a packet is required to have before it can be forwarded over the outgoing interface multicast boundary Syntax multicast boundary group-address { m
[Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] multicast boundary 239.2.0.0 16 multicast forwarding-table downstream-limit Syntax multicast forwarding-table downstream-limit limit undo multicast forwarding-table downstream-limit View System view Default level 2: System level Parameters limit: Maximum number of downstream nodes (namely, the maximum number of outgoing interfaces) for a single multicast forwarding entry. The value ranges from 0 to the maximum allowable number.
Description Use multicast forwarding-table route-limit to configure the maximum number of entries in the multicast forwarding table. Use undo multicast forwarding-table route-limit to restore the maximum number of entries in the multicast forwarding table to the system default. By default, the maximum number of entries in the multicast forwarding table is the maximum number allowed by the system. Related commands: display multicast forwarding-table.
View System view Default level 2: System level Parameters None Description Use multicast longest-match to configure the device to select the RPF route based on the longest match principle, namely, to select the route with the longest mask as the RPF route. Use undo multicast longest-match to restore the default. By default, the device selects the route with the highest priority as the RPF route.
reset multicast forwarding-table Syntax reset multicast forwarding-table { { source-address [ mask { mask | mask-length } ] | group-address [ mask { mask | mask-length } ] | incoming-interface { interface-type interface-number | register } } * | all } View User view Default level 2: System level Parameters source-address: Multicast source address. group-address: Multicast group address, in the range of 224.0.0.0 to 239.255.255.255.
Default level 2: System level Parameters source-address: Multicast source address. group-address: Multicast group address, in the range of 224.0.0.0 to 239.255.255.255. mask: Mask of the multicast group address or multicast source address, 255.255.255.255 by default. mask-length: Mask length of the multicast group address or multicast source address. For a multicast group address, this argument has an effective value range of 4 to 32.
IGMP configuration commands display igmp group Syntax display igmp group [ group-address | interface interface-type interface-number ] [ static | verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters group-address: Multicast group address, in the range of 224.0.1.0 to 239.255.255.255. If you do not specify this argument, the command displays the IGMP group information of all multicast groups.
display igmp group 225.1.1.1 verbose GigabitEthernet0/1(10.10.1.20): Total 3 IGMP Groups reported Group: 225.1.1.1 Uptime: 00:00:34 Expires: 00:00:40 Last reporter: 10.10.1.10 Last-member-query-counter: 0 Last-member-query-timer-expiry: off Group mode: exclude Version1-host-present-timer-expiry: off Version2-host-present-timer-expiry: off Table 118 Command output Field Description Group Multicast group address. Uptime Length of time since the multicast group was reported.
Parameters interface-type interface-number: Displays information about the hosts tracked by IGMP on the specified interface. group group-address: Displays information about the hosts tracked by IGMP that are in the specified IGMP group. The value of group-address ranges from 224.0.1.0 to 239.255.255.255. source source-address: Displays information about the hosts tracked by IGMP that are in the specified multicast source, where source-address is a valid unicast address or 0.0.0.0. A source IP address of 0.
Default level 1: Monitor level Parameters interface-type interface-number: Specifies an interface to display IGMP information. If no interface is specified, this command displays the related information of all IGMP-enabled interfaces. verbose: Displays the detailed IGMP configuration and operation information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Multicast routing on this interface: enabled Require-router-alert: disabled Version1-querier-present-timer-expiry: off Version2-querier-present-timer-expiry: off Table 120 Command output Field Description GigabitEthernet0/1(10.10.1.
display igmp proxying group Syntax display igmp proxying group [ group-address ] [ verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters group-address: Multicast group address, in the range of 224.0.1.0 to 239.255.255.255. With no multicast group address included, this command displays information about all the IGMP proxying groups. verbose: Displays the detailed IGMP proxying group information.
Field Description Group Address/Group Multicast group address Host member states: Member state Expires • Delay • Idle Remaining time of the multicast group, where "off" means that the multicast group never times out Multicast source filtering modes: Group mode Source list • Include • Exclude A list of sources joining the same multicast group in the IGMP proxying group display igmp routing-table Syntax display igmp routing-table [ source-address [ mask { mask | mask-length } ] | group-address [ mas
Description Use display igmp routing-table to display IGMP routing table information. Examples # Display IGMP routing table information in the public network. display igmp routing-table Total 3 entries 00001. (*, 225.1.1.1) List of 1 downstream interface GigabitEthernet0/1 (20.1.1.1), Protocol: STATIC 00002. (1.1.1.1, 225.1.1.1), Flag: ACT List of 1 downstream interface in include mode GigabitEthernet0/2 (30.1.1.1), Protocol: IGMP 00003. (*, 239.255.255.
View Any view Default level 1: Monitor level Parameters group-address: Specifies a multicast group by its IP address, in the range of 224.0.1.0 to 239.255.255.255. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters group-address: Specifies a multicast group by its IP address, in the range of 224.0.1.0 to 239.255.255.255. If you do not specify any multicast group, the command displays information about all multicast groups created based on the configured IGMP SSM mappings. interface interface-type interface-number: Specifies an interface by its type and number.
Field Description Last reporter Address of the last host that reported its membership for this multicast group. Version1-host-present-timer-expiry Remaining time of the IGMPv1 host present timer, where "off" means that the timer never expires. Source list(Total 1 source) Multicast source list (one multicast source). Source Multicast source address. Last-member-query-counter Number of last-member queries sent.
display igmp ssm-mapping host interface gigabitethernet 0/1 group 224.1.1.1 source 10.1.1.1 GigabitEthernet0/1(192.168.1.1): (10.1.1.1, 224.1.1.1) Host Uptime Expires 1.1.1.1 00:02:20 00:00:40 2.2.2.2 00:02:21 00:00:39 Table 125 Command output Field Description GigabitEthernet0/1(192.168.1.1) Interface and IP address (10.1.1.1, 224.1.1.1) (S, G) entry Host Host IP address Uptime Host running duration Expires Host expiration time, where "timeout" means that the host has expired.
[Sysname-igmp] fast-leave host-tracking (IGMP view) Syntax host-tracking undo host-tracking View Public network IGMP view Default level 2: System level Parameters None Description Use host-tracking to enable the IGMP host tracking function globally. Use undo host-tracking to disable the IGMP host tracking function globally. By default, this function is disabled. Related command: igmp host-tracking. Examples # Enable the IGMP host tracking function globally in the public network.
Related commands: igmp enable and multicast routing-enable. Examples # Enable IP multicast routing in the public network and enter public network IGMP view. system-view [Sysname] multicast routing-enable [Sysname] igmp [Sysname-igmp] igmp enable Syntax igmp enable undo igmp enable View Interface view Default level 2: System level Parameters None Description Use igmp enable to enable IGMP on the current interface. Use undo igmp enable to disable IGMP on the current interface.
Default level 2: System level Parameters acl-number: Basic ACL number, in the range of 2000 to 2999. If you do not include this option in your command, this command takes effect for all multicast groups. Description Use igmp fast-leave to configure fast-leave processing on the current interface. Use undo igmp fast-leave to disable fast-leave processing on the current interface. By default, fast-leave processing is disabled.
Examples # Allow GigabitEthernet 0/1 to join up to 128 multicast groups. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp group-limit 128 igmp group-policy Syntax igmp group-policy acl-number [ version-number ] undo igmp group-policy View Interface view Default level 2: System level Parameters acl-number: Basic or advanced ACL number, in the range of 2000 to 3999.
View Interface view Default level 2: System level Parameters None Description Use igmp host-tracking to enable the IGMP host tracking function on an interface. Use undo igmp host-tracking to disable the IGMP host tracking function on an interface By default, this function is disabled. Related commands: host-tracking. Examples # Enable the IGMP host tracking function on GigabitEthernet 0/1.
igmp max-response-time Syntax igmp max-response-time interval undo igmp max-response-time View Interface view Default level 2: System level Parameters interval: Maximum response time in seconds for IGMP general queries, with an effective range of 1 to 25. Description Use igmp max-response-time to configure the maximum response time for IGMP general queries on the current interface. Use undo igmp max-response-time to restore the default.
This command takes effect only after IP multicast routing is enabled on the corresponding instance. If IGMP proxying is enabled on a loopback interface, the proxy device maintains only the IGMP routing table without adding the IGMP routes to the multicast routing table and forwarding table. Related commands: multicast routing-enable. Examples # Enable IP multicast routing in the public network and enable IGMP proxying on GigabitEthernet 0/1.
Default level 2: System level Parameters None Description Use igmp require-router-alert to configure the interface to discard IGMP messages that do not carry the Router-Alert option. Use undo igmp require-router-alert to restore the default. By default, the device does not check the Router-Alert option. Namely, it passes all the IGMP messages that it receives to the upper layer protocol for processing. Related commands: igmp send-router-alert and require-router-alert.
• The number of IGMP group-and-source-specific queries that the IGMPv3 querier sends after receiving an IGMP report that tells relation changes between IPv6 multicast groups and IPv6 multicast sources. Related commands: display igmp interface, igmp last-member-query-interval, startup-query-count, igmp timer other-querier-present, igmp timer query, and robust-count. igmp Examples # Set the IGMP querier's robustness variable to 3 on GigabitEthernet 0/1.
View Interface view Default level 2: System level Parameters None Description Use igmp ssm-mapping enable to enable the IGMP SSM mapping feature on the current interface. Use undo igmp ssm-mapping enable to disable the IGMP SSM mapping feature on the current interface. By default, the IGMP SSM mapping feature is disabled on all interfaces. Examples # Enable the IGMP SSM mapping feature on GigabitEthernet 0/1.
igmp startup-query-interval Syntax igmp startup-query-interval interval undo igmp startup-query-interval View Interface view Default level 2: System level Parameters interval: Startup query interval in seconds, namely, the interval between general queries that the IGMP querier sends on startup, with an effective range of 1 to 18000. Description Use igmp startup-query-interval to configure the startup query interval on the current interface. Use undo igmp startup-query-interval to restore the default.
Use undo igmp static-group to restore the default. By default, an interface is not a static member of any multicast group or multicast source and group. If the specified multicast address is in the SSM multicast address range, you must specify a multicast source address at the same time. Otherwise, IGMP routing table entries cannot be established. No such a restriction exists if the specified multicast group address is not in the SSM multicast address range.
igmp timer query Syntax igmp timer query interval undo igmp timer query View Interface view Default level 2: System level Parameters interval: IGMP general query interval in seconds, namely, the interval between IGMP general queries, with an effective range of 1 to 18,000. Description Use igmp timer query to configure the IGMP general query interval on the current interface. Use undo igmp timer query to restore the default. By default, the IGMP general query interval is 60 seconds.
Examples # Set the IGMP version to IGMPv1 on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp version 1 last-member-query-interval (IGMP view) Syntax last-member-query-interval interval undo last-member-query-interval View Public network IGMP view Default level 2: System level Parameters interval: Last-member query interval in seconds, with an effective range of 1 to 5.
Description Use max-response-time to configure the maximum response time for IGMP general queries globally. Use undo max-response-time to restore the default. By default, the maximum response time for IGMP general queries is 10 seconds. Related commands: display igmp interface, igmp max-response-time, and timer other-querier-present. Examples # Set the maximum response time for IGMP general queries to 8 seconds globally in the public network.
View User view Default level 2: System level Parameters all: The first all specifies all interfaces, and the second all specifies all IGMP groups. interface interface-type interface-number: Specifies an interface by its type and number. group-address: Multicast group address, in the range of 224.0.0.0 to 239.255.255.255. source-address: Multicast source address. mask: Subnet mask of the multicast group address or multicast source address, 255.255.255.255 by default.
interface-type interface-number: Specifies an interface by its type and number. group-address: Specifies a multicast group by its IP address, in the range of 224.0.0.0 to 239.255.255.255. source-address: Specifies a multicast source by its IP address. mask: Specifies the mask of the multicast group address or multicast source address, defaulted to 255.255.255.255. mask-length: Specifies the mask length of the multicast group address or multicast source address.
• The number of IGMP group-and-source-specific queries that the IGMPv3 querier sends after receiving an IGMP report that tells relation changes between IPv6 multicast groups and IPv6 multicast sources. Related commands: display igmp interface, igmp robust-count, last-member-query-interval, startup-query-count, timer other-querier-present, and timer query. Examples # Set the IGMP querier's robustness variable to 3 globally in the public network.
View Public network IGMP view Default level 2: System level Parameters group-address: Specifies a multicast group by its IP address, in the range of 224.0.0.0 to 239.255.255.255. mask: Subnet mask of the multicast group address. mask-length: Subnet mask length of the multicast group address, in the range of 4 to 32. source-address: Specifies a multicast source by its IP address. all: Removes all IGMP SSM mappings. Description Use ssm-mapping to configure an IGMP SSM mapping.
Related commands: igmp startup-query-count and robust-count. Examples # Set the startup query count to 3 globally in the public network.
Parameters interval: IGMP other querier present interval, in the range of 60 to 300. Description Use timer other-querier-present to configure the IGMP other querier present interval globally. Use undo timer other-querier-present to restore the default. By default, the IGMP other querier present interval is [ IGMP general query interval ] × [ IGMP querier's robustness variable ] + [ maximum response time for IGMP general queries ] /2.
version (IGMP view) Syntax version version-number undo version View Public network IGMP view Default level 2: System level Parameters version-number: IGMP version, in the range of 1 to 3. Description Use version to configure the IGMP version globally. Use undo version to restore the default. The default IGMP version is version 2. Related commands: igmp version. Examples # Set the global IGMP version to IGMPv1 in the public network.
PIM configuration commands auto-rp enable Syntax auto-rp enable undo auto-rp enable View Public network PIM view Default level 2: System level Parameters None Description Use auto-rp enable to enable auto-RP. Use undo auto-rp enable to disable auto-RP. By default, auto-RP is disabled. Related commands: static-rp. Examples # Enable auto-RP in the public network.
Use undo bsm-fragment enable to disable BSM semantic fragmentation. By default, BSM semantic fragmentation is enabled. Disable the BSM semantic fragmentation function if devices not supporting this function exist in the PIM-SM domain. Related commands: c-bsr admin-scope. Examples # Disable BSM semantic fragmentation in the public network.
undo c-bsr View Public network PIM view Default level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. hash-length: Hash mask length, in the range of 0 to 32. If you do not specify this argument, the corresponding global setting is used. priority: Priority of the C-BSR, in the range of 0 to 255. A larger value of this argument means a higher priority. If you do not specify this argument, the corresponding global setting is used.
Examples # Enable administrative scoping in the public network. system-view [Sysname] pim [Sysname-pim] c-bsr admin-scope c-bsr global Syntax c-bsr global [ hash-length hash-length | priority priority ] * undo c-bsr global View Public network PIM view Default level 2: System level Parameters hash-length: Hash mask length in the global scope zone, in the range of 0 to 32. If you do not specify this argument, the corresponding global setting is used.
Default level 2: System level Parameters group-address: Multicast group address, in the range of 239.0.0.0 to 239.255.255.255. mask: Mask of the multicast group address. mask-length: Mask length of the multicast group address, in the range of 8 to 32. hash-length: Hash mask length in the admin-scope region corresponding to the specified multicast group, in the range of 0 to 32. If you do not specify this argument, the corresponding global setting is used.
Examples # Set the global hash mask length to 16 in the public network. system-view [Sysname] pim [Sysname-pim] c-bsr hash-length 16 c-bsr holdtime (PIM view) Syntax c-bsr holdtime interval undo c-bsr holdtime View Public network PIM view Default level 2: System level Parameters interval: BS timeout in seconds, with an effective range of 1 to 2,147,483,647.
Parameters interval: BS period in seconds, with an effective range of 10 to 2,147,483,647. Description Use c-bsr interval to configure the BS period, namely, the interval at which the BSR sends bootstrap messages. Use undo c-bsr interval to restore the default. By default, the BS period value is determined by this formula: BS period = (BS timeout – 10) ÷ 2. NOTE: The default BS timeout is 130 seconds, so the default BS period = (130 – 10) ÷ 2 = 60 (seconds). Related commands: c-bsr and c-bsr holdtime.
c-rp (PIM view) Syntax c-rp interface-type interface-number [ group-policy acl-number | priority priority | holdtime hold-interval | advertisement-interval adv-interval ] * undo c-rp interface-type interface-number View Public network PIM view Default level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. acl-number: Basic ACL number, in the range of 2000 to 2999.
[Sysname-pim] c-rp GigabitEthernet 0/1 group-policy 2000 priority 10 c-rp advertisement-interval (PIM view) Syntax c-rp advertisement-interval interval undo c-rp advertisement-interval View Public network PIM view Default level 2: System level Parameters interval: C-RP-Adv interval in seconds, with an effective range of 1 to 65,535. Description Use c-rp advertisement-interval to configure the interval at which C-RP-Adv messages are sent. Use undo c-rp advertisement-interval to restore the default.
Because a non-BSR router refreshes its C-RP timeout time through BSR bootstrap messages, to prevent loss of C-RP information in BSR bootstrap messages, make sure that the C-RP timeout time is not smaller than the interval at which the BSR sends bootstrap messages. The recommended C-RP timeout setting is 2.5 times the BS period or longer. Related commands: c-bsr interval and c-rp. Examples # Set the global C-RP timeout time to 200 seconds in the public network.
[Sysname-acl-adv-3000] quit [Sysname] pim [Sysname-pim] crp-policy 3000 display pim bsr-info Syntax display pim bsr-info [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Advertisement Interval: 60 Next advertisement scheduled at: 00:00:48 Candidate RP: 3.3.3.3(Ethernet0/1) Priority: 200 HoldTime: 90 Advertisement Interval: 50 Next advertisement scheduled at: 00:00:28 Candidate RP: 5.5.5.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
display pim control-message counters Syntax display pim control-message counters [ message-type { probe | register | register-stop } | [ interface interface-type interface-number | message-type { assert | bsr | crp | graft | graft-ack | hello | join-prune | state-refresh } ] * ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters probe: Displays the number of null register messages. register: Displays the number of register messages.
Probe 10 5 0 PIM control-message counters for interface: GigabitEthernet0/1 Received Sent Invalid Assert 10 5 0 Graft 20 37 2 Graft-Ack 25 20 1 Hello 1232 453 0 Join/Prune 15 30 21 State-Refresh 8 7 1 BSR 3243 589 1 C-RP 53 32 0 Table 128 Command output Field Description PIM global control-message counters Statistics of PIM global control messages PIM control-message counters for interface Interface for which PIM control messages were counted Received Number of
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display pim interface to display PIM information on the specified interface or all interfaces. Examples # Display PIM information on all interfaces in the public network. display pim interface Interface NbrCnt HelloInt DR-Pri DR-Address GE0/1 1 30 1 10.1.1.2 GE0/2 0 30 1 172.168.0.2 GE0/3 1 30 1 20.1.1.
Table 131 Command output Field Description Interface Interface name and its IP address PIM version Running PIM version PIM mode PIM mode, dense or sparse PIM DR DR IP address PIM DR Priority (configured) Configured priority for DR election PIM neighbor count Total number of PIM neighbors PIM hello interval Hello interval PIM LAN delay (negotiated) Negotiated prune message delay PIM LAN delay (configured) Configured prune message delay PIM override interval (negotiated) Negotiated prune
Default level 1: Monitor level Parameters mode: Displays information about join/prune messages to send in the specified PIM mode. PIM modes include sm and ssm, which represent PIM-SM and PIM-SSM respectively. flags flag-value: Displays routing entries containing the specified flag. Values and meanings of flag-value are as follows: • rpt: Specifies routing entries on the RPT. • spt: Specifies routing entries on the SPT. • wc: Specifies wildcard routing entries.
display pim neighbor Syntax display pim neighbor [ interface interface-type interface-number | neighbor-address | verbose ] * [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Displays the PIM neighbor information on a particular interface. neighbor-address: Displays information about a particular PIM neighbor. verbose: Displays the detailed PIM neighbor information.
Neighbor tracking: Disabled Table 133 Command output Field Description Total Number of Neighbors Total number of PIM neighbors Neighbor IP address of the PIM neighbor Interface Interface connecting the PIM neighbor Uptime Length of time for which the PIM neighbor has been up, in hh:mm:ss Expires/Expiry time Remaining time of the PIM neighbor, in hh:mm:ss; "never" means that the PIM neighbor is always up and reachable.
incoming-interface: Displays PIM routing entries that contain the specified interface as the incoming interface. interface-type interface-number: Specifies an interface by its type and number. register: Specifies the register interface. This keyword is valid only if mode-type is not specified or is sm. outgoing-interface: Displays PIM routing entries of which the outgoing interface is the specified interface.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display pim routing-table to display PIM routing table information. Related commands: display multicast routing-table. Examples # Display PIM routing table information in the public network. display pim routing-table Total 0 (*, G) entry; 1 (S, G) entry (172.168.0.12, 227.0.0.1) RP: 2.2.2.
FSM information for non-downstream interfaces: None Table 134 Command output Field Description Total 0 (*, G) entry; 1 (S, G) entry Number of (S,G) and (*, G) entries in the PIM routing table. (172.168.0.2, 227.0.0.1) (S, G) entry in the PIM routing table. RP IP address of the RP. Protocol PIM mode. Flag of the (S, G) or (*, G) entry in the PIM routing table: • 2MSDP—Indicates that the entry is contained in the next SA message to notify an MSDP peer.
display pim rp-info Syntax display pim rp-info [ group-address ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters group-address: Address of the multicast group of which the RP information will be displayed, in the range of 224.0.1.0 to 239.255.255.255. If you do not provide a group address, this command displays the RP information for all multicast groups. |: Filters command output by specifying a regular expression.
Table 135 Command output Field Description BSR RP Address is IP address of the RP Group/MaskLen Multicast group served by the RP RP IP address of the RP Priority RP priority HoldTime RP timeout time Uptime Length of time for which the RP has been up, in hh:mm:ss Expires Length of time in which the RP will expire, in hh:mm:ss RP mapping for this group IP address of the RP serving the current multicast group hello-option dr-priority (PIM view) Syntax hello-option dr-priority priority undo he
View Public network PIM view Default level 2: System level Parameters interval: PIM neighbor timeout time in seconds, with an effective range of 1 to 65,535. 65,535 makes the PIM neighbor always reachable. Description Use hello-option holdtime to configure the PIM neighbor timeout time. Use undo hello-option holdtime to restore the default. By default, the PIM neighbor timeout time is 105 seconds. Related commands: pim hello-option holdtime.
system-view [Sysname] pim [Sysname-pim] hello-option lan-delay 200 hello-option neighbor-tracking (PIM view) Syntax hello-option neighbor-tracking undo hello-option neighbor-tracking View Public network PIM view Default level 2: System level Parameters None Description Use hello-option neighbor-tracking to disable join suppression globally, namely, enable neighbor tracking. Use undo hello-option neighbor-tracking to enable join suppression. By default, join suppression is enabled.
Description Use hello-option override-interval to configure the global value of the prune override interval. Use undo hello-option override-interval to restore the default. By default, the prune override interval is 2,500 milliseconds. This command is effective for both PIM-DM and PIM-SM. Related commands: hello-option lan-delay, pim hello-option lan-delay, and pim hello-option override-interval. Examples # Set the prune override interval to 2000 milliseconds globally in the public network.
undo holdtime join-prune View Public network PIM view Default level 2: System level Parameters interval: Join/prune timeout time in seconds, with an effective range of 1 to 65,535. Description Use holdtime join-prune to configure the global value of the join/prune timeout time. Use undo holdtime join-prune to restore the default. By default, the join/prune timeout time is 210 seconds. Related commands: holdtime assert, pim holdtime assert, and pim holdtime join-prune.
jp-queue-size (PIM view) Syntax jp-queue-size queue-size undo jp-queue-size View Public network PIM view Default level 2: System level Parameters queue-size: Maximum number of (S, G) entries in a join/prune message, in the range of 1 to 4,096. Description Use jp-queue-size to configure the maximum number of (S, G) entries in a join/prune message. Use undo jp-queue-size to restore the default. By default, a join/prune messages contains a maximum of 1,020 (S, G) entries.
Description Use pim to enter public network PIM view. Use undo pim to remove all configurations in public network PIM view. IP multicast routing must be enabled in the corresponding instance before this command can take effect. Related commands: multicast routing-enable. Examples # Enable IP multicast routing in the public network and enter public network PIM view.
View Interface view Default level 2: System level Parameters None Description Use pim dm to enable PIM-DM. Use undo pim dm to disable PIM-DM. By default, PIM-DM is disabled. This command can take effect only after IP multicast routing is enabled in the corresponding instance. PIM-DM cannot be used for multicast groups in the SSM group range. Related commands: pim sm, ssm-policy, and multicast routing-enable.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim hello-option dr-priority 3 pim hello-option holdtime Syntax pim hello-option holdtime interval undo pim hello-option holdtime View Interface view Default level 2: System level Parameters interval: PIM neighbor timeout time in seconds, with an effective range of 1 to 65,535. 65,535 makes the PIM neighbor always reachable.
Description Use pim hello-option lan-delay to configure the LAN-delay time, namely, the length of time that the device waits before forwarding a received prune message, on the current interface. Use undo pim hello-option lan-delay to restore the default. By default, the LAN-delay time to 500 milliseconds. Related commands: hello-option lan-delay, hello-option override-interval, and pim hello-option override-interval. Examples # Set the LAN-delay time to 200 milliseconds on GigabitEthernet 0/1.
View Interface view Default level 2: System level Parameters interval: Prune override interval in milliseconds, with an effective range of 1 to 65,535. Description Use pim hello-option override-interval to configure the prune override interval on the current interface. Use undo pim hello-option override-interval to restore the default. By default, the prune override interval is 2,500 milliseconds. Related commands: hello-option lan-delay, hello-option override-interval, and pim hello-option lan-delay.
pim holdtime join-prune Syntax pim holdtime join-prune interval undo pim holdtime join-prune View Interface view Default level 2: System level Parameters interval: Join/prune timeout time in seconds, with an effective range of 1 to 65,535. Description Use pim holdtime join-prune to configure the join/prune timeout time on the interface. Use undo pim holdtime join-prune to restore the default. By default, the join/prune timeout time is 210 seconds.
By default, no source address range for hello messages is configured. That is, all the received hello messages are considered legal. Examples # Configure a legal source address range for hello messages on GigabitEthernet 0/1 so that only the devices on the 10.1.1.0/24 subnet can become PIM neighbors of this router. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.1.1.0 0.0.0.
Default level 2: System level Parameters None Description Use pim sm to enable PIM-SM. Use undo pim sm to disable PIM-SM. By default, PIM-SM is disabled. This command can take effect only after IP multicast routing is enabled in the corresponding instance. Related commands: pim dm and multicast routing-enable. Examples # Enable IP multicast routing in the public network, and enable PIM-SM on GigabitEthernet 0/1.
pim timer graft-retry Syntax pim timer graft-retry interval undo pim timer graft-retry View Interface view Default level 2: System level Parameters interval: Graft retry period in seconds, with an effective range of 1 to 65,535. Description Use pim timer graft-retry to configure the graft retry period. Use undo pim timer graft-retry to restore the default. By default, the graft retry period is 3 seconds. Examples # Set the graft retry period to 80 seconds on GigabitEthernet 0/1.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim timer hello 40 pim timer join-prune Syntax pim timer join-prune interval undo pim timer join-prune View Interface view Default level 2: System level Parameters interval: Join/prune interval in seconds, with an effective range of 1 to 2,147,483,647. Description Use pim timer join-prune to configure on the current interface the interval at which join/prune messages are sent.
Use undo pim triggered-hello-delay to restore the default. By default, the maximum delay between hello messages is 5 seconds. Examples # Set the maximum delay between hello messages to 3 seconds on GigabitEthernet 0/1.
Parameters interval: Prune delay time in the range 1 to 128 seconds. Description Use prune delay to configure the prune delay time, namely, the length of time that the device waits between receiving a prune message and taking a prune action. Use undo prune delay to restore the default. By default, the prune delay time is 3 seconds, which equals the prune pending time. Examples # Set the prune delay time to 75 seconds in the public network.
register-suppression-timeout (PIM view) Syntax register-suppression-timeout interval undo register-suppression-timeout View Public network PIM view Default level 2: System level Parameters interval: Register suppression time in seconds, in the range of 1 to 65535. Description Use register-suppression-timeout to configure the register suppression time. Use undo register-suppression-timeout to restore the default. By default, the register suppression time is 60 seconds.
Examples # Configure the router to calculate the checksum based on the entire register message in the public network. system-view [Sysname] pim [Sysname-pim] register-whole-checksum reset pim control-message counters Syntax reset pim control-message counters [ interface interface-type interface-number ] View User view Default level 1: Monitor level Parameters interface interface-type interface-number: Specifies to reset the PIM control message counter on a particular interface.
Examples # Set the multicast source lifetime to 200 seconds in the public network. system-view [Sysname] pim [Sysname-pim] source-lifetime 200 source-policy (PIM view) Syntax source-policy acl-number undo source-policy View Public network PIM view Default level 2: System level Parameters acl-number: Basic or advanced ACL number, in the range of 2000 to 3999. Description Use source-policy to configure a multicast data filter.
View Public network PIM view Default level 2: System level Parameters infinity: Disables SPT switchover. group-policy acl-number: Specifies a basic ACL, in the range of 2000 to 2999. If you do not include this option in your command, the configuration will apply on all multicast groups.
View Public network PIM view Default level 2: System level Parameters acl-number: Basic ACL number, in the range of 2000 to 2999. Description Use ssm-policy to configure the SSM multicast group range. Use undo ssm-policy to restore the default. By default, the SSM group range is 232.0.0.0/8. This command allows you to define an address range of permitted or denied multicast groups. If the match succeeds, the multicast mode will be PIM-SSM. Otherwise the multicast mode will be PIM-SM.
system-view [Sysname] pim [Sysname-pim] state-refresh-interval 70 state-refresh-rate-limit (PIM view) Syntax state-refresh-rate-limit interval undo state-refresh-rate-limit View Public network PIM view Default level 2: System level Parameters interval: Time to wait before receiving a new refresh message, in seconds and with an effective range of 1 to 65535. Description Use state-refresh-rate-limit to configure the time the router must wait before receiving a new state refresh message.
Description Use state-refresh-ttl to configure the TTL value of state refresh messages. Use undo state-refresh-ttl to restore the default. By default, the TTL value of state refresh messages is 255. Related commands: pim state-refresh-capable, state-refresh-interval, and state-refresh-rate-limit. Examples # In the public network, configure the device to send PIM state refresh messages with a TTL of 45.
Related commands: auto-rp enable and display pim rp-info. Examples # In the public network, configure the interface with the IP address 11.110.0.6 to be a static RP that serves the multicast groups in the address range of 225.1.1.0/24 defined in ACL 2001, and give priority to this static RP in the case of static/dynamic RP conflict. system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 225.1.1.0 0.0.0.
Default level 2: System level Parameters interval: Join/prune interval in seconds, with an effective range of 1 to 2,147,483,647. Description Use timer join-prune to configure the join/prune interval globally. Use undo timer join-prune to restore the default. By default, the join/prune interval is 60 seconds. Related commands: pim timer join-prune. Examples # Set the global join/prune interval to 80 seconds in the public network.
MSDP configuration commands cache-sa-enable Syntax cache-sa-enable undo cache-sa-enable View Public network MSDP view Default level 2: System level Parameters None Description Use cache-sa-enable to enable the SA cache mechanism to cache the (S, G) entries contained in SA messages. Use undo cache-sa-enable to disable the SA cache mechanism. By default, the SA cache mechanism is enabled. That is, the device caches the (S, G) entries contained in SA messages received.
down: Displays information about MSDP peers in the down state. listen: Displays information about MSDP peers in the listening state. shutdown: Displays information about MSDP peers in the terminated state. up: Displays information about MSDP peers in the in-session state. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description SA Count Number of (S, G) entries. Reset Count MSDP peer connection reset times. display msdp peer-status Syntax display msdp peer-status [ peer-address ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters peer-address: Specifies an MSDP peer by its address. If you do not provide this argument, this command displays the detailed status information of all MSDP peers.
Export policy: none Information about SA-Requests: Policy to accept SA-Request messages: none Sending SA-Requests status: disable Minimum TTL to forward SA with encapsulated data: 0 SAs learned from this peer: 0, SA-cache maximum for the peer: none Input queue size: 0, Output queue size: 0 Counters for MSDP message: Count of RPF check failure: 0 Incoming/outgoing SA messages: 0/0 Incoming/outgoing SA requests: 0/0 Incoming/outgoing SA responses: 0/0 Incoming/outgoing data packets: 0/0 Table 137 Command out
Field Description Minimum TTL to forward SA with encapsulated data Minimum TTL of multicast packet encapsulated in SA messages. SAs learned from this peer Number of cached (S, G) entries learned from this MSDP peer. SA-cache maximum for the peer Maximum number of (S, G) entries learned from this MSDP peer that the device can cache. Input queue size Data size cached in the input queue. Output queue size Data size cached in the output queue.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display msdp sa-cache to display information about (S, G) entries in the SA cache. This command gives the corresponding output only after the cache-sa-enable command is executed. If you provide neither a group address nor a source address, this command displays information about all cached (S, G) entries. Related commands: cache-sa-enable.
Default level 1: Monitor level Parameters as-number: AS number, in the range of 1 to 4294967295. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
encap-data-enable Syntax encap-data-enable undo encap-data-enable View Public network MSDP view Default level 2: System level Parameters None Description Use encap-data-enable to enable encapsulation of multicast data in SA messages. Use undo encap-data-enable to restore the default. By default, an SA message contains only an (S, G) entry. No multicast data is encapsulated in an SA message. Examples # Enable encapsulation of multicast data in SA messages in the public network.
Use undo import-source to remove any rule of creating (S, G) entries. By default, when an SA message is created, no restrictions are defined for the (S, G) entries to be advertised in it. Namely, all the (S, G) entries within the domain are advertised in the SA message. In addition to controlling SA message creation by using this command, you can also configure a filtering rule for forwarding and receiving SA messages by using the peer sa-policy command. Related commands: peer sa-policy.
[Sysname-msdp] originating-rp Syntax originating-rp interface-type interface-number undo originating-rp View Public network MSDP view Default level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use originating-rp to configure the address of the specified interface as the RP address of SA messages. Use undo originating-rp to restore the default. Be default, the PIM RP address is used as the RP address of SA messages.
No MSDP peer connection is created by default. Be sure to execute this command before you use any other peer command. Otherwise the system will prompt that the peer does not exist. Related commands: static-rpf-peer. Examples # Configure the router with the IP address of 125.10.7.6 in the public network as the MSDP peer of the local router, with interface GigabitEthernet 0/1 as the local connection port. system-view [Sysname] msdp [Sysname-msdp] peer 125.10.7.
View Public network MSDP view Default level 2: System level Parameters peer-address: MSDP peer address. name: Mesh group name, a case-sensitive string of 1 to 32 characters. A mesh group name must not contain any space. Description Use peer mesh-group to configure an MSDP peer as a mesh group member. Use undo peer mesh-group to remove an MSDP peer as a mesh group member. By default, an MSDP peer does not belong to any mesh group.
Examples # In the public network, set the TTL threshold for multicast packets to be encapsulated in SA messages to 10 so that only multicast data packets whose TTL value is larger than or equal to 10 can be encapsulated in SA messages and forwarded to the MSDP peer 110.10.10.1. system-view [Sysname] msdp [Sysname-msdp] peer 110.10.10.
View Public network MSDP view Default level 2: System level Parameters peer-address: MSDP peer address. sa-limit: Maximum number of (S, G) entries that the device can cache, in the range of 1 to 8,192. Description Use peer sa-cache-maximum to configure the maximum number of (S, G) entries learned from the specified MSDP peer that the device can cache. Use undo peer sa-cache-maximum to restore the default. By default, the device can cache a maximum of 8,192 (S, G) entries learned from any MSDP peer.
By default, SA messages received or to be forwarded are not filtered. Namely, all SA messages are accepted or forwarded. In addition to controlling SA message receiving and forwarding by using this command, you can also configure a filtering rule for creating SA messages using the import-source command. Related commands: display msdp peer-status and import-source. Examples # Configure a filtering rule in the public network so that SA messages will be forwarded to MSDP peer 125.10.7.
[Sysname-acl-basic-2001] rule permit source 225.1.1.0 0.0.0.255 [Sysname-acl-basic-2001] quit [Sysname] msdp [Sysname-msdp] peer 175.58.6.5 sa-request-policy acl 2001 reset msdp peer Syntax reset msdp peer [ peer-address ] View User view Default level 2: System level Parameters peer-address: Specifies an MSDP peer by its address. If you do not provide this argument, the TCP connections with all MSDP peers will be reset.
Examples # Clear the (S, G) entries for multicast group 225.5.4.3 from the SA cache in the public network. reset msdp sa-cache 225.5.4.3 reset msdp statistics Syntax reset msdp statistics [ peer-address ] View User view Default level 2: System level Parameters peer-address: Address of the MSDP peer of which the statistics information will be cleared. If you do not provide this argument, the command will clear the statistics information of all MSDP peers.
system-view [Sysname] msdp [Sysname-msdp] shutdown 125.10.7.6 static-rpf-peer Syntax static-rpf-peer peer-address [ rp-policy ip-prefix-name ] undo static-rpf-peer peer-address View Public network MSDP view Default level 2: System level Parameters peer-address: MSDP peer address. rp-policy ip-prefix-name: Specifies a filtering policy based on the RP address in SA messages, where ip-prefix-name is the filtering policy name, a case-sensitive string of 1 to 19 characters.
timer retry Syntax timer retry interval undo timer retry View Public network MSDP view Default level 2: System level Parameters interval: Interval between MSDP peer connection retries, in seconds. The value ranges from 1 to 60. Description Use timer retry to configure the interval between MSDP peer connection retries. Use undo timer retry to restore the default. By default, the interval between MSDP peer connection retries is 30 seconds. Related commands: display msdp peer-status.
IPv6 basics configuration commands display ipv6 fib Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the IPv6 FIB entries of the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
Destination: NextHop Label Interface : : : ::1 PrefixLength : 128 ::1 Flag : HU NULL Token : 0 InLoopBack0 Table 140 Command output Field Description Total number of Routes Total number of routes in the FIB Destination Destination address PrefixLength Prefix length of the destination address NextHop Next hop Route flag: • • • • • • Flag U—Usable route G—Gateway route H—Host route B—Black hole route D—Dynamic route S—Static route Label Label Token LSP index number Interface Outgo
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ipv6 fib ipv6-address to display the IPv6 FIB entry of the specified destination IPv6 address. Without the prefix-length argument specified, this command displays the matching IPv6 FIB entry with the longest prefix.
display ipv6 interface Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface-type: Interface type. interface-number: Interface number. brief: Displays the brief IPv6 information of an interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 0 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 0 OutRequests: 0 OutForwDatagrams: 0 InNoRoutes: 0 InTooB
Field Description Global unicast address(es) Global unicast address(es) configured for the interface valid lifetime Valid lifetime of the global unicast address preferred lifetime Preferred lifetime of the global unicast address Joined group address(es) Address(es) of the multicast group(s) that the interface has joined MTU Maximum transmission unit of the interface Number of DAD attempts, with DAD enabled.
Field Description IPv6 Address IPv6 address of the interface. Only the first of configured IPv6 addresses is displayed. (If no address is configured for the interface, Unassigned is displayed.
Table 144 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link-layer Link layer address (MAC address) of a neighbor. VID VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. State of a neighbor: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable. • STALE—The reachability of the neighbor is unknown.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ipv6 neighbors count to display the total number of neighbor entries satisfying the specified condition.
Table 145 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link-layer Link layer address (MAC address) of a neighbor. VID VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. State of a neighbor: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable. • STALE—The reachability of the neighbor is unknown.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ipv6 pathmtu to display the IPv6 path MTU information. Examples # Display all path MTU information.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ipv6 socket to display socket information. With no parameter specified, this command displays the information about all the sockets; with only the socket type specified, the command displays the information about sockets of the specified type; with the socket type, task ID and socket ID specified, the command displays the information about the specified socket.
Field Description sndbuf Size of the send buffer. rcvbuf Size of the receive buffer. sb_cc Number of bytes sent by the send buffer. rb_cc Number of bytes received by the receive buffer. Socket option set by the application: • SO_ACCEPTCONN—Detects connection request at the server end. • SO_REUSEADDR—Allows for reuse of a local address. • SO_REUSEPORT—Allows for reuse of a local port. socket option socket state State of the socket.
fragments failed: 0 Received packets: Total: 0 local host: 0 format error: hopcount exceeded: 0 protocol error: 0 reassembled: 0 fragments: 0 reassembly timeout: 0 option error: 0 reassembly failed: 0 0 ICMPv6 protocol: Sent packets: Total: 0 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert: 0 redirected: 0 Send failed: r
Field Description Statistics of sent IPv6 packets: • • • • • • • • Sent packets: Total: 0 Local sent out: 0 forwarded: 0 raw packets: 0 discarded: routing failed: 0 fragments: 0 0 fragments failed: 0 Total number of packets sent and forwarded locally Number of packets sent locally Number of forwarded packets Number of packets sent via raw socket Number of discarded packets Number of packets failing to be routed Number of sent fragment packets Number of fragments failing to be sent Statistics of rec
Field Description Statistics of received ICMPv6 packets: Received packets: Total: 0 checksum error: bad code: unreached: 0 too short: 0 0 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 unknown error type: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert 0 redirected: 0 router renumbering 0 unknown info type: 0 Deliver failed: bad length: 0 ratelimited: 0 • • • • • • • • Total number of received pack
You can use the reset tcp ipv6 statistics command to clear statistics of all IPv6 TCP packets. Examples # Display the statistics of IPv6 TCP connections.
Table 149 Command output Field Description Received packets: Statistics of received packets: Total: 0 packets in sequence: 0 (0 bytes) window probe packets: 0 window update packets: 0 checksum error: 0 offset error: 0 short error: 0 duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: packets after close: 0 (0 bytes) 0 • • • • • • • Total number of received packets • • • • Number of duplicate packets N
Field Description dropped Number of dropped connections (after SYN is received from the peer) initiated dropped Number of initiated but dropped connections (before SYN is received from the peer) Packets dropped with MD5 authentication Number of packets that fail the MD5 authentication and are dropped Packets permitted with MD5 authentication Number of packets that pass the MD5 authentication display tcp ipv6 status Syntax display tcp ipv6 status [ | { begin | exclude | include } regular-expression
Field Description Foreign Address Remote IPv6 address. IPv6 TCP connection status: State • • • • • • • • • • • Closed Listening Syn_Sent Syn_Rcvd Established Close_Wait Fin_Wait1 Closing Last_Ack Fin_Wait2 Time_Wait display udp ipv6 statistics Syntax display udp ipv6 statistics [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
broadcast/multicast(no socket on port): 0 not delivered, input socket full: 0 input packets missing pcb cache: 0 Sent packets: Total: 0 Table 151 Command output Field Description Total Total number of received/sent packets checksum error Total number of packets with a checksum error shorter than header Total number of IPv6 UDP packets whose total length is less than that specified by the packet header data length larger than packet Total number of packets whose data length exceeds that specified b
ipv6 address Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] View Interface view Default level 2: System level Parameters ipv6-address: IPv6 address. prefix-length: Prefix length of the IPv6 address, in the range of 1 to 128. Description Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove the IPv6 address from the interface.
Parameters ipv6-address/prefix-length: Specifies an IPv6 anycast address and its prefix length. The prefix length ranges 1 to 128. Description Use ipv6 address anycast to configure an IPv6 anycast address for an interface. Use undo ipv6 address anycast to remove the IPv6 anycast address from the interface. By default, no IPv6 anycast address is configured for an interface. Examples # Set the IPv6 anycast address of GigabitEthernet 0/1 to 2001::1 with prefix length 64.
ipv6 address auto link-local Syntax ipv6 address auto link-local undo ipv6 address auto link-local View Interface view Default level 2: System level Parameters None Description Use ipv6 address auto link-local to automatically generate a link-local address for an interface. Use undo ipv6 address auto link-local to remove the automatically generated link-local address for the interface.
undo ipv6 address ipv6-address/prefix-length eui-64 View Interface view Default level 2: System level Parameters ipv6-address/prefix-length: IPv6 address and IPv6 prefix. The ipv6-address and prefix-length arguments jointly specify the prefix of an EUI-64 IPv6 address. Description Use ipv6 address eui-64 to configure an EUI-64 IPv6 address for an interface. Use undo ipv6 address eui-64 to remove the configured EUI-64 IPv6 address for the interface.
generated link-local address will not take effect and the link-local address of an interface is still the manually assigned one. If you delete the manually assigned address, the automatically generated link-local address is validated. For automatic generation of an IPv6 link-local address, see the ipv6 address auto link-local command. Examples # Configure a link-local address for GigabitEthernet 0/1.
Parameters None Description Use ipv6 hoplimit-expires enable to enable the sending of ICMPv6 Time Exceeded packets. Use undo ipv6 hoplimit-expires to disable the sending of ICMPv6 Time Exceeded packets. By default, the sending of ICMPv6 Time Exceeded packets is enabled. After you disable the sending of ICMPv6 Time Exceeded packets, the firewall will still send Fragment Reassembly Time Exceeded packets. Examples # Disable the sending of ICMPv6 Time Exceeded packets.
undo ipv6 icmpv6 multicast-echo-reply View System view Default level 2: System level Parameters None Description Use ipv6 icmpv6 multicast-echo-reply enable to enable replying to multicast echo requests. Use undo ipv6 icmpv6 multicast-echo-reply to disable replying to multicast echo requests. By default, the firewall is disabled from replying to multicast echo requests. Examples # Enable replying to multicast echo requests.
ipv6 nd autoconfig managed-address-flag Syntax ipv6 nd autoconfig managed-address-flag undo ipv6 nd autoconfig managed-address-flag View Interface view Default level 2: System level Parameters None Description Use ipv6 nd autoconfig managed-address-flag to set the managed address configuration (M) flag to 1 so that the host can acquire an IPv6 address through stateful autoconfiguration (for example, from a DHCP server). Use undo ipv6 nd autoconfig managed-address-flag to restore the default.
By default, the O flag is set to 0 so that the host can acquire other information through stateless autoconfiguration. Examples # Configure the host to acquire information other than IPv6 address through stateless autoconfiguration.
Parameters value: Number of hops, in the range of 0 to 255. When it is set to 0, the Hop Limit field in RA messages sent by the firewall is 0. The number of hops is determined by the requesting device itself. Description Use ipv6 nd hop-limit to configure the hop limit advertised by the firewall. Use undo ipv6 nd hop-limit to restore the default hop limit. By default, the hop limit advertised by the firewall is 64. Examples # Set the hop limit advertised by the firewall to 100.
ipv6 nd nud reachable-time Syntax ipv6 nd nud reachable-time value undo ipv6 nd nud reachable-time View Interface view Default level 2: System level Parameters value: Neighbor reachable time in milliseconds, in the range of 1 to 3,600,000. Description Use ipv6 nd nud reachable-time to configure the neighbor reachable time on an interface.
By default, ND proxy is disabled. Examples # Enable ND proxy on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 nd proxy enable ipv6 nd ra halt Syntax ipv6 nd ra halt undo ipv6 nd ra halt View Interface view Default level 2: System level Parameters None Description Use ipv6 nd ra halt to enable RA message suppression. Use undo ipv6 nd ra halt to disable RA message suppression. By default, RA messages are suppressed.
min-interval-value: Minimum interval for advertising RA messages in seconds, in the range of 3 to 1,350. Description Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages. The firewall advertises RA messages at intervals of a random value between the maximum interval and the minimum interval. Use undo ipv6 nd ra interval to restore the default. By default, the maximum interval between RA messages is 600 seconds, and the minimum interval is 200 seconds.
ipv6 nd ra prefix Syntax ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } View Interface view Default level 2: System level Parameters ipv6-prefix: IPv6 prefix. prefix-length: Prefix length of the IPv6 address. valid-lifetime: Valid lifetime of a prefix in seconds, in the range of 0 to 4,294,967,295.
Default level 2: System level Parameters value: Router lifetime in seconds, in the range of 0 to 9,000. When it is set to 0, the firewall does not serve as the default router. Description Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages. Use undo ipv6 nd ra router-lifetime to restore the default. By default, the router lifetime in RA messages is 1,800 seconds. The router lifetime in RA messages should be greater than or equal to the advertising interval.
Examples # Configure a static neighbor entry for Layer 3 interface GigabitEthernet 0/1. system-view [Sysname] ipv6 neighbor 2000::1 fe-e0-89 interface gigabitethernet 0/1 ipv6 neighbor stale-aging Syntax ipv6 neighbor stale-aging aging-time undo ipv6 neighbor stale-aging View System view Default level 2: System level Parameters aging-time: Age timer for ND entries in stale state, ranging from 1 to 24 hours.
Use undo ipv6 neighbors max-learning-num to restore the default. By default, a Layer 2 interface does not limit the number of neighbors dynamically learned. A Layer 3 interface can learn up to 1024 neighbors dynamically. Examples # Set the maximum number of neighbors that can be dynamically learned on GigabitEthernet 0/1 to 10.
Default level 2: System level Parameters age-time: Aging time for path MTU in minutes, in the range of 10 to 100. Description Use ipv6 pathmtu age to configure the aging time for a dynamic path MTU. Use undo ipv6 pathmtu age to restore the default. By default, the aging time is 10 minutes. The aging time is invalid for a static path MTU. Related commands: display ipv6 pathmtu. Examples # Set the aging time for a dynamic path MTU to 40 minutes.
View User view Default level 2: System level Parameters all: Clears static and dynamic neighbor information on all interfaces. dynamic: Clears dynamic neighbor information on all interfaces. interface interface-type interface-number: Clears dynamic neighbor information on a specified interface. static: Clears static neighbor information on all interfaces. Description Use reset ipv6 neighbors to clear IPv6 neighbor information.
reset ipv6 statistics Syntax reset ipv6 statistics View User view Default level 2: System level Parameters None Description Use reset ipv6 statistics to clear the statistics of IPv6 packets and ICMPv6 packets. You can use the display ipv6 statistics command to display the statistics of IPv6 and ICMPv6 packets. Examples # Clear the statistics of IPv6 packets and ICMPv6 packets.
Default level 2: System level Parameters None Description Use reset udp ipv6 statistics to clear the statistics of all IPv6 UDP packets. You can use the display udp ipv6 statistics command to display the statistics of IPv6 UDP packets. Examples # Clear the statistics of all IPv6 UDP packets.
Default level 2: System level Parameters wait-time: Length of the synwait timer for IPv6 TCP connections in seconds, in the range of 2 to 600. Description Use tcp ipv6 timer syn-timeout to set the synwait timer for IPv6 TCP connections Use undo tcp ipv6 timer syn-timeout to restore the default. By default, the length of the synwait timer of IPv6 TCP connections is 75 seconds. Examples # Set the synwait timer length of IPv6 TCP connections to 100 seconds.
DHCPv6 configuration commands DHCPv6 common configuration commands display ipv6 dhcp duid Syntax display ipv6 dhcp duid [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters pool-number: Displays information about the DHCPv6 address pool specified by the pool number. The value ranges from 1 to 128. If no pool number is specified, all DHCPv6 address pool information is displayed. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Table 153 Command output Field Description DHCPv6 pool DHCPv6 address pool number Static bindings Static IPv6 address or prefix information configured in the address pool. If no static prefix is configured, this field is not displayed. DUID Client DUID IAID Client IAID. If the IAID is not configured, this field displays Not configured. preferred lifetime Preferred lifetime in seconds valid lifetime Valid lifetime in seconds Prefix Pool Prefix pool referenced by the address pool.
Examples # Display brief information about all prefix pools. display ipv6 dhcp prefix-pool Prefix-pool Prefix Available In-use Static 1 64 5::/64 0 0 # Display details about prefix pool 1.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ipv6 dhcp server to display DHCPv6 server information. Examples # Display the DHCPv6 server information of all interfaces.
Default level 1: Monitor level Parameters all: Displays all IPv6 prefix binding information. pool pool-number: Displays the prefix binding information of the DHCPv6 address pool specified by the pool number. The value ranges from 1 to 128. prefix prefix/prefix-len: Displays the binding information of the specified prefix. The prefix/prefix-len indicates the IPv6 prefix and prefix length. The value of the prefix length ranges from 1 to 128.
Prefix pool: 1 Client: FE80::C800:CFF:FE18:0 Type: Auto(O) DUID: 00030001CA000C180000 IAID: 0x00030001 Prefix: 2:1::/24 Preferred lifetime 400, valid lifetime 500 expires at Jul 10 2008 09:45:01 (288 seconds left) Table 156 Command output Field Description Total number Total number of prefix bindings. Prefix Assigned IPv6 prefix. Type of a prefix binding: • Static(F)—Free static binding, indicating the static prefix has not been assigned to the client. • Static(O)—Offered static binding.
display ipv6 dhcp server statistics Syntax display ipv6 dhcp server statistics [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Table 157 Command output Field Description Number of messages received by the DHCPv6 server. The message types include: Packets received Packets dropped • • • • • • • • • SOLICIT REQUEST CONFIRM RENEW REBIND RELEASE DECLINE INFORMATION-REQUEST RELAY-FORWARD Number of packets discarded Number of messages sent out from the DHCPv6 server.
Examples # Specify the DNS server address to be assigned to the client as 2:2::3. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] dns-server 2:2::3 domain-name Syntax domain-name domain-name undo domain-name View DHCPv6 address pool view Default level 2: System level Parameters domain-name: Domain name, a string of 1 to 50 characters. Description Use domain-name to configure the domain name for the client. Use undo domain-name to remove the configuration.
Description Use ds-lite address to specify the address of the AFTR. Use undo ds-lite address to delete the address of the AFTR. The address of the AFTR is not specified by default. When you configure a DS-lite tunnel, the Customer Premises Equipment (CPE) sends a DHCPv6 request to obtain the address of the AFTR. Upon receiving the request, the DHCPv6 server sends the address of the AFTR to the CPE. For more information about the DS-lite tunnel, see VPN Configuration Guide.
View System view Default level 2: System level Parameters prefix-pool-number: Prefix pool number. The value ranges from 1 to 128. prefix prefix/prefix-len: Specifies the prefix contained in the specified prefix pool. The prefix indicates the IPv6 prefix. The prefix-len indicates the prefix length, in the range of 1 to 128. assign-len assign-len: Specifies the length of the prefix assigned. The value ranges from 1 to 128.
rapid-commit: Enables rapid address and prefix assignment. Description Use ipv6 dhcp server apply pool to apply a DHCPv6 address pool to the interface. Use undo ipv6 dhcp server apply pool to remove the configuration. By default, no address pool is applied to an interface. Upon receiving a request from a DHCPv6 client on an interface, the DHCPv6 server selects a prefix from the address pool applied to the interface and assigns it to the client.
Use undo ipv6 dhcp server enable to disable the DHCPv6 server. By default, the DHCPv6 server is disabled. Other DHCPv6 server related configuration is effective only when the DHCPv6 server is enabled. Examples # Enable the DHCPv6 server.
# Apply prefix pool 1 to address pool 1, and set the valid lifetime to three days, the preferred lifetime to one day. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] prefix-pool 1 preferred-lifetime 86400 valid-lifetime 259200 reset ipv6 dhcp server pd-in-use Syntax reset ipv6 dhcp server pd-in-use { all | pool pool-number | prefix prefix/prefix-len } View User view Default level 1: Monitor level Parameters all: Clears all IPv6 prefix binding information.
Description Use reset ipv6 dhcp server statistics to clear packet statistics on the DHCPv6 server. Examples # Clear packet statistics on the DHCPv6 server. reset ipv6 dhcp server statistics sip-server Syntax sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name } View DHCPv6 address pool view Default level 2: System level Parameters address ipv6-address: Specifies the IPv6 address of a SIP server.
undo static-bind prefix prefix/prefix-len View DHCPv6 address pool view Default level 2: System level Parameters prefix/prefix-len: Static prefix and prefix length. duid duid: Specifies a client DUID. The value is an even hexadecimal number, in the range of 2 to 256. iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF. If no IAID is specified, the server does not match against the client IAID for prefix assignment.
Parameters all: Displays all DHCPv6 server address information. interface interface-type interface-number: Displays DHCPv6 server address information of the specified interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Excess of rate limit Number of packets discarded due to excess of rate limit Packets received Number of received packets SOLICIT Number of received solicit packets REQUEST Number of received request packets CONFIRM Number of received confirm packets RENEW Number of received renew packets REBIND Number of received rebind packets RELEASE Number of received release packets DECLINE Number of received decline packets INFORMATION-REQUEST Number of received information reques
Upon receiving a request from a DHCPv6 client, the interface that operates as a DHCPv6 relay agent encapsulates the request into a Relay-forward message and forwards the message to the specified DHCPv6 server, which then assigns an IPv6 address and other configuration parameters to the DHCPv6 client. Executing the ipv6 dhcp relay server-address command repeatedly can specify multiple DHCPv6 servers, and up to eight DHCP servers can be specified for an interface.
DHCPv6 client configuration commands display ipv6 dhcp client Syntax display ipv6 dhcp client [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface interface-type interface-number: Displays the DHCPv6 client information of a specified interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Current state of the DHCPv6 client, which can be: • INIT—After enabled, the DHCPv6 client enters the INIT state. • IDLE—After receiving an RA message with the "M" flag set to 0 and "O" flag State is OPEN set to 1 and enabled with stateless DHCPv6, the DHCPv6 client enters the IDLE state. • INFO-REQUESTING—The DHCPv6 client is requesting configuration information.
display ipv6 dhcp client statistics interface gigabitethernet 0/1 Interface : GigabitEthernet0/1 Packets Received : 1 Reply : 1 Advertise : 0 Reconfigure : 0 Invalid : 0 : 5 Solicit : 0 Request : 0 Confirm : 0 Renew : 0 Rebind : 0 Information-request : 5 Release : 0 Decline : 0 Packets Sent Table 161 Command output Field Description Interface Interface that servers as the DHCPv6 client Packets Received Number of received packets Reply Number of r
Default level 1: Monitor level Parameters interface interface-type interface-number: Clears DHCPv6 client statistics of a specified interface. Description Use reset ipv6 dhcp client statistics to clear DHCPv6 client statistics. With no option specified, DHCPv6 client statistics of all the interfaces is cleared. After this command is executed, the packets statistics is displayed as 0 when you use the display ipv6 dhcp client statistics command. Related commands: display ipv6 dhcp client statistics.
IPv6 DNS configuration commands display dns ipv6 server Syntax display dns ipv6 server [ dynamic ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters dynamic: Displays IPv6 DNS server information acquired dynamically through DHCP or other protocols. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Interface Name Interface name, which is available only for a DNS server with an IPv6 link-local address configured. display ipv6 host Syntax display ipv6 host [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
dns server ipv6 Syntax dns server ipv6 ipv6-address [ interface-type interface-number ] undo dns server ipv6 ipv6-address [ interface-type interface-number ] View System view Default level 2: System level Parameters ipv6-address: IPv6 address of a DNS server. interface-type interface-number: Specifies an interface. When the IPv6 address of the DNS server is a link-local address, the two arguments must be specified. Description Use dns server ipv6 to specify a DNS server.
No mappings are created by default. Each host name can correspond to only one IPv6 address. The IPv6 address you last assign to the host name will overwrite the previous one if there is any. Related commands: display ipv6 host. Examples # Configure the mapping between a host name and an IPv6 address.
IPv6 static routing configuration commands NOTE: The term "router" in this document refers to both routers and layer 3 firewalls. delete ipv6 static-routes all Syntax delete ipv6 [ vpn-instance vpn-instance-name ] static-routes all View System view Default level 2: System level Parameters vpn-instance vpn-instance-name: Specifies an VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, all static routes of the public network are deleted.
undo ipv6 route-static vpn-instance s-vpn-instance-name&<1-6> ipv6-address prefix-length [ interface-type interface-number [ next-hop-address ] | nexthop-address [ public ] | vpn-instance d-vpn-instance-name nexthop-address ] [ preference preference-value ] View System view Default level 2: System level Parameters ipv6-address prefix-length: IPv6 address and prefix length. interface-type interface-number: Interface type and interface number of the outgoing interface.
RIPng configuration commands NOTE: The term "router" in this document refers to both routers and layer 3 firewalls. checkzero Syntax checkzero undo checkzero View RIPng view Default level 2: System level Parameters None Description Use checkzero to enable the zero field check on RIPng packets. Use undo checkzero to disable the zero field check. The zero field check is enabled by default. Some fields in RIPng packet headers must be zero. These fields are called "zero fields".
Parameters cost: Default metric of redistributed routes, in the range of 0 to 16. Description Use default cost to specify the default metric of redistributed routes. Use undo default cost to restore the default. The default metric of redistributed routes is 0. The specified default metric applies to the routes redistributed by the import-route command with no metric specified. Related commands: import-route. Examples # Set the default metric of redistributed routes to 2.
Preference : 100 Checkzero : Enabled Default Cost : 0 Maximum number of balanced paths : 8 Update time : 30 sec(s) Suppress time : 120 sec(s) Timeout time : 180 sec(s) Garbage-Collect time : 120 sec(s) Number of periodic updates sent : 0 Number of trigger updates sent : 0 IPsec policy name: policy001, SPI: 300 Table 164 Command output Field Description RIPng process RIPng process ID Preference RIPng preference Checkzero Indicates whether zero field check for RIPng packet headers is enabled
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ripng database to display all active routes in the advertising database of the specified RIPng process, which are sent in normal RIPng update messages. Examples # Display the active routes in the database of RIPng process 100.
display ripng interface Syntax display ripng process-id interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535. interface-type interface-number: Specifies an interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Indicates whether the poison reverse function is enabled: Poison-reverse • on—Enabled. • off—Disabled. MetricIn/MetricOut Additional metric to incoming and outgoing routes • Only/Originate—Only means that the interface advertises only the default route. Originate means that the default route and other RIPng routes are advertised. Default route • Off—Indicates that no default route is advertised or the garbage-collect time expires after the default route advertisement was disabled.
---------------------------------------------------------------- Peer FE80::200:5EFF:FE04:B602 on GigabitEthernet0/1 Dest 3FFE:C00:C18:1::/64, via FE80::200:5EFF:FE04:B602, cost 2, tag 0, A, 34 Sec Dest 3FFE:C00:C18:2::/64, via FE80::200:5EFF:FE04:B602, cost 2, tag 0, A, 34 Sec Peer FE80::200:5EFF:FE04:B601 on GigabitEthernet0/2 Dest 3FFE:C00:C18:1::/64, via FE80::200:5EFF:FE04:B601, cost 2, tag 0, A, 13 Sec Dest 3FFE:C00:C18:3::/64, via FE80::200:5EFF:FE04:B601, cost Peer FE80::200:5EFF:FE04:3302
View RIPng view Default level 2: System level Parameters policy-name: IPsec policy name, a string of 1 to 15 characters. Description Use enable ipsec-policy to apply an IPsec policy in a RIPng process. Use undo enable ipsec-policy to remove the IPsec policy from the RIPng process. By default, no IPsec policy is configured for the RIPng process. The IPsec policy to be applied must have been configured. Examples # Apply IPsec policy policy001 to RIPng process 1.
The following matrix shows the argument and firewall compatibility: Argument protocol F1000-A-EI/S-EI F1000-E F5000 Firewall module Yes. Yes. Yes. Yes. Excludes isisv6. Excludes isisv6. Includes isisv6. Excludes isisv6. With the protocol argument specified, only routing information redistributed from the specified routing protocol will be filtered. Otherwise, all outgoing routing information will be filtered.
ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list to filter incoming routes, in the range of 1 to 19 characters. Description Use filter-policy import to define an inbound route filtering policy. Only routes which match the filtering policy can be received. Use undo filter-policy import to disable inbound route filtering. By default, RIPng does not filter incoming routing information.
process-id: Process ID, in the range of 1 to 65535. The default is 1.This argument is available only when the protocol is ospfv3 or ripng. cost: Routing metric of redistributed routes, in the range of 0 to 16. If cost value is not specified, the metric is the default metric specified by the default cost command. route-policy route-policy-name: Specifies a routing policy by its name with 1 to 63 case-sensitive characters. allow-ibgp: Optional keyword when the specified protocol is bgp4+.
Use undo maximum load-balancing to restore the default. By default, the maximum number of equal-cost routes is 8. NOTE: Configure the maximum number according to the memory size. Examples # Set the maximum number of equal-cost routes to 2.
reset ripng process Syntax reset ripng process-id process View User view Default level 2: System level Parameters process-id: RIPng process ID, in the range of 1 to 65535. Description Use reset ripng process to reset the specified RIPng process. After executing the command, you are prompted whether you want to reset the RIPng process. Examples # Reset RIPng process 100.
View System view Default level 2: System level Parameters process-id: RIPng process ID, in the range of 1 to 65535. The default value is 1. vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. Description Use ripng to create a RIPng process and enter RIPng view. Use undo ripng to disable a RIPng process. By default, no RIPng process is enabled. • Before configuring global RIPng parameters, you must create a RIPng process.
Description Use ripng default-route to advertise a default route with the specified routing metric to a RIPng neighbor. Use undo ripng default-route to stop advertising or forwarding the default route. By default, a RIP process does not advertise any default route. After you execute this command, the generated RIPng default route is advertised in a route update over the specified interface. This IPv6 default route is advertised without considering whether it already exists in the local IPv6 routing table.
ripng ipsec-policy Syntax ripng ipsec-policy policy-name undo ripng ipsec-policy View Interface view Default level 2: System level Parameters policy-name: IPsec policy name, a string of 1 to 15 characters. Description Use ripng ipsec-policy to apply an IPsec policy on a RIPng interface. Use undo ripng ipsec-policy to remove the IPsec policy from the RIPng interface. By default, no IPsec policy is configured for the RIPng interface. The IPsec policy to be applied must have been configured.
Examples # Specify the additional routing metric as 12 for RIPng routes received by GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ripng metricin 12 ripng metricout Syntax ripng metricout value undo ripng metricout View Interface view Default level 2: System level Parameters value: Additional metric to advertised routes, in the range of 1 to 16.
Description Use ripng poison-reverse to enable the poison reverse function. Use undo ripng poison-reverse to disable the poison reverse function. By default, the poison reverse function is disabled. Examples # Enable the poison reverse function for RIPng update messages on GigabitEthernet 0/1.
undo ripng summary-address ipv6-address prefix-length View Interface view Default level 2: System level Parameters ipv6-address: Destination IPv6 address of the summary route. prefix-length: Prefix length of the destination IPv6 address of the summary route, in the range of 0 to 128. It indicates the number of consecutive 1s of the prefix, which defines the network ID. Description Use ripng summary-address to configure a summary network to be advertised through the interface.
By default, the garbage-collect timer is 120 seconds, the suppress timer 120 seconds, the timeout timer 180 seconds, and the update timer 30 seconds. RIPng is controlled by the four timers. • Update timer—Defines the interval between update messages. • Timeout timer—Defines the route aging time. If no update message related to a route is received within the aging time, the metric of the route is set to 16 in the routing table.
OSPFv3 configuration commands NOTE: The term "router" in this document refers to both routers and layer 3 firewalls. abr-summary (OSPFv3 area view) Syntax abr-summary ipv6-address prefix-length [ not-advertise ] undo abr-summary ipv6-address prefix-length View OSPFv3 area view Default level 2: System level Parameters ipv6-address: Destination IPv6 address of the summary route. prefix-length: Prefix length of the destination IPv6 address, in the range of 0 to 128.
View OSPFv3 view Default level 2: System level Parameters area-id: ID of an area, a decimal integer (in the range of 0 to 4294967295 and changed to IPv4 address format by the system) or an IPv4 address. Description Use area to enter OSPFv3 area view. NOTE: The undo form of the command is not available. An area is removed automatically if no configuration is made and no interface is up in the area. Examples # Enter OSPFv3 Area 0 view.
If no cost value is configured for an interface, OSPFv3 computes the interface cost value automatically: Examples # Specify the reference bandwidth value as 1000 Mbps. system-view [Sysname] ospfv3 1 [Sysname-ospfv3-1] bandwidth-reference 1000 default cost Syntax default cost value undo default cost View OSPFv3 view Default level 2: System level Parameters value: Specifies a default cost for redistributed routes, in the range of 1 to 16777214.
Parameters value: Specifies a cost for the default route advertised to the stub area, in the range of 0 to 65535. The default is 1. Description Use default-cost to specify the cost of the default route to be advertised to the stub area. Use undo default-cost to restore the default value. Use of this command is only available on the ABR that is connected to a stub area. You have two commands to configure a stub area: stub, defaulted-cost.
By default, no default route is redistributed. Using the import-route command cannot redistribute a default route. To do so, you need to use the default-route-advertise command. If no default route exists in the router's routing table, use the default-route-advertise always command to generate a default route in a Type-5 LSA. You can reference a routing policy to set the cost and type of the default route: • The router advertises the default route only when it passes the routing policy.
Description Use display ospfv3 to display the brief information of an OSPFv3 process. If no process ID is specified, OSPFv3 brief information about all processes will be displayed. Examples # Display brief information about all OSPFv3 processes. display ospfv3 Routing Process "OSPFv3 (1)" with ID 1.1.1.1 SPF schedule delay 5 secs, Hold time between SPFs 10 secs Minimum LSA interval 5 secs, Minimum LSA arrival 1 secs Number of external LSA 0.
Field Description SPI SPI defined in the IPsec policy display ospfv3 interface Syntax display ospfv3 interface [ interface-type interface-number | statistic ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Interface type and interface number. statistic: Displays the interface statistics. |: Filters command output by specifying a regular expression.
Table 169 Command output Field Description Interface ID Interface ID. IPv6 Prefixes IPv6 Prefix. OSPFv3 Process OSPFv3 Process. Area Area ID. Instance ID Instance ID. Router ID Router ID. Network Type Network type of the interface. Cost Cost value of the interface. Transmit Delay Transmission delay of the interface. State Interface state. Priority DR priority of the interface. No designated router on this link No designated router on this link.
external: Displays information about AS-external LSAs. inter-prefix: Displays information about Inter-area-prefix LSAs. inter-router: Displays information about Inter-area-router LSAs. intra-prefix: Displays information about Intra-area-prefix LSAs. link: Displays information about Link-LSAs. network: Displays information about Network-LSAs. router: Displays information about Router-LSAs. link-state-id: Link state ID, an IPv4 address. originate-router router-id: ID of the advertising router .
Field Description Age Age of LSAs Seq# LSA sequence number CkSum LSA Checksum Prefix Number of Prefixes Router-LSA Router-LSA Link Number of links Network-LSA Network-LSA Intra-Area-Prefix-LSA Type 9 LSA Reference Type of referenced LSA # Display Link-local LSA information in the LSDB. display ospfv3 lsdb link OSPFv3 Router with ID (2.2.2.2) (Process 1) Link-LSA (Interface GigabitEthernet0/1) LS age: 11 LS Type: Link-LSA Link State ID: 0.0.2.6 Originating Router: 2.2.2.
Field Description Number of Prefixes Number of Prefixes Prefix Address prefix Prefix Options Prefix options # Display LSA statistics in the LSDB.
Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
View Any view Default level 1: Monitor level Parameters process-id: Specifies ID of an OSPFv3 process, ranging from 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. area: Specifies to display neighbor information of the specified area. area-id: The ID of an area, a decimal integer that is translated into IPv4 address format by the system (in the range of 0 to 4294967295) or an IPv4 address. interface-type interface-number: interface type and number. verbose: Display detailed neighbor information. peer-router-id: Router-ID of the specified neighbor.
OSPFv3 Process (1) Neighbor 1.1.1.1 is Full, interface address FE80::20F:E2FF:FE49:8050 In the area 0.0.0.1 via interface GigabitEthernet0/1 DR is 1.1.1.1 BDR is 2.2.2.2 Options is 0x000013 (-|R|-|-|E|V6) Dead timer due in 00:00:39 Neighbor is up for 00:25:31 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Table 176 Command output Field Description Neighbor Neighbor ID interface address Interface address In the area 0.0.0.
Description Use display ospfv3 peer statistic to display information about all OSPFv3 neighbors on the router—numbers of neighbors in different states. Examples # Display information about all OSPFv3 neighbors. display ospfv3 peer statistic OSPFv3 Router with ID (1.1.1.1) (Process 1) Neighbor Statistics ---------------------------------------------------------------------Area ID Down Init 2-way ExStar Exchange Loading Full 0.0.0.
external: Displays the AS-external LSA information of the OSPFv3 link state request list. inter-prefix: Displays the Inter-area-prefix LSA information of the OSPFv3 link state request list. inter-router: Displays the Inter-area-router LSA information of the OSPFv3 link state request list. intra-prefix: Displays the Intra-area-prefix LSA information of the OSPFv3 link state request list. link: Displays the Link LSA information of the OSPFv3 link state request list.
Field Description CkSum Checksum # Display the statistics of OSPFv3 link state request list. display ospfv3 request-list statistics OSPFv3 Router with ID (11.1.1.1) (Process 1) Interface Neighbor LSA-Count GE0/1 10.1.1.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ospfv3 retrans-list to display the OSPFv3 link state retransmission list. If no process is specified, the link state retransmission list information of all OSPFv3 processes is displayed.
display ospfv3 routing Syntax display ospfv3 [ process-id ] routing [ ipv6-address prefix-length | ipv6-address/prefix-length | abr-routes | asbr-routes | all | statistics ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. ipv6-address: IPv6 address prefix. prefix-length: Prefix length, in the range of 0 to 128. abr-routes: Displays routes to ABR.
Table 182 Command output Field Description Destination Destination network segment Type Route type Cost Route cost value Next-hop Next hop address Interface Outgoing interface # Display the statistics of OSPFv3 routing table. display ospfv3 routing statistics OSPFv3 Router with ID (1.1.1.
Examples # Display outbound/inbound OSPFv3 packet statistics on associated interfaces.
area-id: ID of an area, a decimal integer (in the range of 0 to 4294967295) that is translated into IPv4 address format by the system or an IPv4 address. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description SPI SPI defined in the IPsec policy. enable ipsec-policy (OSPFv3 area view) Syntax enable ipsec-policy policy-name undo enable ipsec-policy View OSPFv3 area view Default level 2: System level Parameters policy-name: IPsec policy name, a string of 1 to 15 characters. Description Use enable ipsec-policy to apply an IPsec policy in the OSPFv3 area. Use undo enable ipsec-policy to remove the IPsec policy from the OSPFv3 area. By default, no IPsec policy is applied in an area.
ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list, a string of up to 19 characters. bgp4+: Filters IPv6 BGP routes. direct: Filters direct routes. isisv6 process-id: Specifies to filter the routes of an IPv6 IS-IS process, which is in the range of 1 to 65535. ospfv3 process-id: Specifies to filter the routes of an OSPFv3 process, which is in the range of 1 to 65535. ripng process-id: Specifies to filter the routes of a RIPng process, which in the range of 1 to 65535.
[Sysname-acl6-adv-3000] quit [Sysname] ospfv3 [Sysname-ospfv3-1] filter-policy 3000 export filter-policy import (OSPFv3 view) Syntax filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import undo filter-policy import View OSPFv3 view Default level 2: System level Parameters acl6-number: Specifies an ACL number, ranging from 2000 to 3999. ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list, a string of up to 19 characters.
[Sysname-acl6-adv-3000] rule 100 deny ipv6 [Sysname-acl6-adv-3000] quit [Sysname] ospfv3 [Sysname-ospfv3-1] filter-policy 3000 import import-route (OSPFv3 view) Syntax import-route protocol [ process-id | allow-ibgp ] [ cost value | route-policy route-policy-name | type type ] * undo import-route protocol [ process-id ] View OSPFv3 view Default level 2: System level Parameters protocol: Redistributes routes from a specified routing protocol, which can be bgp4+, direct, isisv6, ospf v3, ripng, or static.
[Sysname] ospfv3 [Sysname-ospfv3-1] import-route ripng 10 type 2 cost 50 # Configure OSPFv3 process 100 to redistribute the routes found by OSPFv3 process 160. system-view [Sysname] ospfv3 100 [Sysname-ospfv3-100] import-route ospfv3 160 log-peer-change Syntax log-peer-change undo log-peer-change View OSPFv3 view Default level 2: System level Parameters None Description Use log-peer-change to enable the logging on neighbor state changes. Use undo log-peer-change to disable the logging.
Description Use maximum load-balancing to configure the maximum number of equal-cost routes. Use undo maximum load-balancing to restore the default. By default, the maximum number of equal-cost routes is 8. Examples # Configure the maximum number of equal-cost routes as 6.
ospfv3 area Syntax ospfv3 process-id area area-id [ instance instance-id ] undo ospfv3 process-id area area-id [ instance instance-id ] View Interface view Default level 2: System level Parameters process-id: OSPFv3 process ID, in the range of 1 to 65535. area-id: Area ID, a decimal integer (in the range of 0 to 4294967295) that is translated into IPv4 address format by the system or an IPv4 address. instance-id: Instance ID of an interface, in the range of 0 to 255. The default is 0.
By default, the OSPFv3 interface is not enabled with BFD. The following matrix shows the command and firewall compatibility: Command F1000-A-EI/S-EI F1000-E F5000 Firewall module ospfv3 bfd enable No No Yes No Examples # Enable BFD on GigabitEthernet 0/1 in instance 1.
ospfv3 dr-priority Syntax ospfv3 dr-priority priority [ instance instance-id ] undo ospfv3 dr-priority [ priority ] [ instance instance-id ] View Interface view Default level 2: System level Parameters priority: DR priority, in the range of 0 to 255. instance-id: ID of the instance an interface belongs to, in the range of 0 to 255, which defaults to 0. Description Use ospfv3 dr-priority to set the DR priority for an interface in an instance. Use undo ospfv3 dr-priority to restore the default value.
By default, no IPsec policy is applied on an OSPFv3 interface. Note: The IPsec policy to be applied must have been configured. Examples # Apply IPsec policy policy001 to OSPFv3 interface GigabitEthernet 0/1.
Parameters broadcast: Specifies the network type as Broadcast. nbma: Specifies the network type as NBMA. p2mp: Specifies the network type as P2MP. p2p: Specifies the network type as P2P. non-broadcast: Specifies the interface to send packets in unicast mode. By default, an OSPFv3 interface whose network type is P2MP sends packets in multicast mode. instance-id: The instance ID of an interface, in the range of 0 to 255, which defaults to 0.
Examples # Specify the neighbor fe80::1111. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospfv3 peer fe80::1111 ospfv3 timer dead Syntax ospfv3 timer dead seconds [ instance instance-id ] undo ospfv3 timer dead [ seconds ] [ instance instance-id ] View Interface view Default level 2: System level Parameters seconds: Dead time in seconds, ranging from 1 to 2147483647. instance-id: Instance ID of an interface, in the range of 0 to 255, which defaults to 0.
View Interface view Default level 2: System level Parameters seconds: Interval between hello packets, ranging from 1 to 65535. instance-id: Instance ID of an interface, in the range of 0 to 255, which defaults to 0. Description Use ospfv3 timer hello to configure the hello interval for an interface that belongs to an instance. Use undo ospfv3 timer hello to restore the default .
Examples # Configure the LSA retransmission interval on an interface in instance 1 as 12 seconds. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospfv3 timer retransmit 12 instance 1 ospfv3 timer poll Syntax ospfv3 timer poll seconds [ instance instance-id ] undo ospfv3 timer poll [ seconds ] [ instance instance-id ] View Interface view Default level 2: System level Parameters seconds: Poll interval in seconds, in the range of 1 to 65535.
Description Use ospfv3 trans-delay to configure the transmission delay for an interface with an instance ID. Use undo ospfv3 trans-delay to restore the default. The transmission delay defaults to 1s. As LSAs are aged in the LSDB (incremented by 1 every second) but not aged on transmission, it is necessary to add a delay time to the age time before sending a LSA. This configuration is important for low-speed networks. Examples # Configure the transmission delay as 3 seconds for an interface in instance 1.
router-id Syntax router-id router-id undo router-id View OSPFv3 view Default level 2: System level Parameters router-id: 32-bit router ID, in IPv4 address format. Description Use router-id to configure the OSPFv3 router ID. Use undo router-id to remove a configured router ID. Router ID is the unique identifier of a device running an OSPFv3 process in the AS. The OSPFv3 process cannot run without a Router ID. Make sure that different processes have different Router IDs. Related commands: ospfv3.
all: Specifies all interfaces. Description Use silent-interface to disable the specified interface from receiving and sending OSPFv3 packets. Use undo silent-interface to restore the default. An interface is able to receive and send OSPFv3 packets by default. Multiple processes can disable the same interface from receiving and sending OSPFv3 packets, but use of the silent-interface command takes effect only on interfaces enabled with the current process.
system-view [Sysname] ospfv3 1 [Sysname-ospfv3-1] spf timers 6 6 stub (OSPFv3 area view) Syntax stub [ no-summary ] undo stub View OSPFv3 area view Default level 2: System level Parameters no-summary: This argument is only applicable to the ABR of a stub area. With it configured, the ABR advertises only a default route in a Summary-LSA to the stub area (such an area is called a totally stub area). Description Use stub to configure an area as a stub area.
Parameters router-id: Router ID for a virtual link neighbor. hello seconds: Specifies the interval in seconds for sending Hello packets, ranging from 1 to 8192, with the default as 10. This value must be equal to the hello seconds configured on the virtual link peer. retransmit seconds: Specifies the interval in seconds for retransmitting LSA packets, ranging from 1 to 3600, with the default as 5.
IPv6 BGP configuration commands NOTE: • The term "router" in this chapter refers to both routers and layer 3 firewalls. • For more information about routing policy commands, see "Routing policy configuration commands.
Keywords Function suppress-policy Used to create a summary route and suppress the advertisement of some summarized routes. If you want to suppress some routes selectively and leave other routes still advertised, use the if-match clause of the route-policy command. origin-policy Selects only routes satisfying the routing policy for route summarization. attribute-policy Sets attributes except the AS-PATH attribute for the summary route. The same work can be done by using the peer route-policy command.
Unlike IGP, BGP has no explicit metric for making load balancing decision. Instead, it implements load balancing by defining its routing rule. Related commands: display bgp ipv6 routing-table. Examples # Set the number of routes participating in IPv6 BGP load balancing to 2.
Default level 2: System level Parameters None Description Use bestroute compare-med to enable the comparison of the MED for paths from each AS. Use undo bestroute compare-med to disable this comparison. This comparison is not enabled by default. NOTE: After the bestroute compare-med command is executed, the balance command does not take effect. Examples # Compare the MED for paths from an AS for selecting the best route.
[Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] bestroute med-confederation compare-different-as-med Syntax compare-different-as-med undo compare-different-as-med View IPv6 address family view Default level 2: System level Parameters None Description Use compare-different-as-med to enable the comparison of the MED for paths from peers in different ASs. Use undo compare-different-as-med to disable the comparison. The comparison is disabled by default.
Parameters half-life-reachable: Half-life for reachable routes, in the range of 1 to 45 minutes. By default, the value is 15 minutes. half-life-unreachable: Half-life for unreachable routes, in the range of 1 to 45 minutes. By default, the value is 15 minutes. reuse: Reuse threshold value for suppressed routes, in the range of 1 to 20000. Penalty value of a suppressed route decreasing under the value is reused. By default, its value is 750.
Description Use default local-preference to configure the default local preference. Use undo default local-preference to restore the default value. By default, the default local preference is 100. Use this command to affect IPv6 BGP route selection. Examples # Two devices A and B in the same AS are connected to another AS. Change the local preference of B from default value 100 to 180, making the route passing B preferred.
default-route imported Syntax default-route imported undo default-route imported View IPv6 address family view, IPv6 BGP-VPN instance view Default level 2: System level Parameters None Description Use default-route imported to enable the redistribution of default route into the IPv6 BGP routing table. Use undo default-route imported to disable the redistribution. By default, the redistribution is not enabled. Examples # Enable the redistribution of default route from OSPFv3 into IPv6 BGP.
Description Use display bgp ipv6 group to display IPv6 peer group information. If no ipv6-group-name is specified, information about all peer groups is displayed. Examples # Display the information of the IPv6 peer group aaa.
Field Description Negotiation result: The local BGP router can send Router-refresh messages carrying the ORF information, and the peer can receive Router-refresh messages carrying the ORF information. Negotiated: send If receive is displayed, the local BGP router can receive Router-refresh messages carrying the ORF information, and the peer can send Router-refresh messages carrying the ORF information. This field is not displayed if neither the send nor the receive capability is supported.
Description Use display bgp ipv6 network to display IPv6 routes advertised with the network command. Examples # Display IPv6 routes advertised with the network command. display bgp ipv6 network BGP Local Router ID is 1.1.1.2. Local AS Number is 200.
If no parameter is specified, all path information will be displayed. Examples # Display IPv6 BGP path information. display bgp ipv6 paths Address Hash Refcount 0x5917098 1 1 MED 0 Path/Origin i 0x59171D0 9 2 0 100i Table 190 Command output Field Description Address Route destination address in local database, in dotted hexadecimal notation. Hash Hash index. Refcount Count of routes that used the path. MED MED of the path.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display bgp ipv6 peer to display peer/peer group information.
BGP current event: KATimerExpired BGP last state: OpenConfirm Port: Local - 1031 Remote - 179 Configured: Active Hold Time: 180 sec Received Keepalive Time: 60 sec : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time:60 sec Peer optional capabilities: Peer support bgp multi-protocol extended Peer support bgp route refresh capability Peer support bgp route AS4 capability Address family IPv6 Unicast: advertised and received Received: Total 4 messages, Update messages 1 Sent
No routing policy is configured Table 192 Command output Field Description Type BGP connection type: EBGP or iBGP Up for Lasting time of a BGP connection Peer optional capabilities: Optional capabilities supported by the BGP peer: Peer support bgp multi-protocol extended • Multi-protocol extension for BGP • Route-refresh feature • 4-byte AS number Peer support bgp route refresh capability Peer support bgp route AS4 capability Address family IPv6 Unicast: advertised and received BGP IPv6 unicast c
10-Jul-2008 09:23:00 Up 10-Jul-2008 07:46:17 Down Receive Notification with Error 3/2 UPDATE Message Error/Unsupported optional Parameter 10-Jul-2008 06:23:00 Up 10-Jul-2008 05:46:17 Down Send Notification with Error 6/4 Administrative Reset Table 193 Command output Field Description Peer IPv6 address of the peer Date Date on which the Notification was sent or received Time Time at which the Notification was sent or received BGP session state, which can be: State • Up—Indicates the BGP session
Examples # Display the prefix information in the ORF packet from the BGP peer 4::4.
Examples # Display the IPv6 BGP routing table. display bgp ipv6 routing-table Total Number of Routes: 2 BGP Local router ID is 30.30.30.
Field Description MED MULTI_EXIT_DISC attribute LocPrf Local preference value Path AS_PATH attribute, recording the ASs the packet has passed to avoid routing loops PrefVal Preferred value Label Label Origin attribute of the route, which can take on one of the following values: • i—Indicates that a route is interior to the AS. Summary routes and the routes configured using the network command are considered IGP routes.
Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network : 30:30:: PrefixLen : 64 NextHop : 30:30::30:1 LocPrf : PrefVal : 0 Label : NULL MED : 0 Path/Ogn: i For description of the fields, see Table 195.
display bgp ipv6 routing-table community no-export BGP Local router ID is 30.30.30.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network : 30:30:: PrefixLen : 64 NextHop : 30:30::30:1 LocPrf : PrefVal : 0 Label : NULL MED : 0 Path/Ogn: i For description of the fields, see Table 195.
Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete *> Network : 30:30:: PrefixLen : 64 NextHop : 30:30::30:1 LocPrf : PrefVal : 0 Label : NULL MED :0 Path/Ogn: i For description of the fields, see Table 195.
Table 196 Command output Field Description From Source IP address of a route Reuse Time for reuse For description of the fields, see Table 195. display bgp ipv6 routing-table dampening parameter Syntax display bgp ipv6 routing-table dampening parameter [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Ceiling Value Upper limit of penalty value Reuse Value Reuse Value Reach HalfLife Time(in second) Half-life time of active routes Unreach HalfLife Time(in second) Half-life time of inactive routes Suppress-Limit Suppress value display bgp ipv6 routing-table different-origin-as Syntax display bgp ipv6 routing-table different-origin-as [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by spe
display bgp ipv6 routing-table flap-info Syntax display bgp ipv6 routing-table flap-info [ regular-expression as-regular-expression | [ as-path-acl as-path-acl-number | ipv6-address prefix-length [ longer-match ] ] [ | { begin | exclude | include } regular-expression ] ] View Any view Default level 1: Monitor level Parameters as-regular-expression: AS path regular expression to be matched, a string of 1 to 80 characters.
Field Description Duration Flap duration Reuse Reuse time of the route For description of the fields, see Table 195. display bgp ipv6 routing-table label Syntax display bgp ipv6 routing-table label [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display bgp ipv6 routing-table peer Syntax display bgp ipv6 routing-table peer ipv6-address { advertised-routes | received-routes } [ network-address prefix-length | statistic ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters ipv6-address: Specifies the IPv6 peer to be displayed. advertised-routes: Routing information advertised to the specified peer. received-routes: Routing information received from the specified peer.
PrefVal : 0 MED Label : NULL : 0 Path/Ogn: 300 i For description of the fields, see Table 195. display bgp ipv6 routing-table regular-expression Syntax display bgp ipv6 routing-table regular-expression as-regular-expression View Any view Default level 1: Monitor level Parameters as-regular-expression: AS regular expression, a string of 1 to 80 characters. Description Use display bgp ipv6 routing-table regular-expression to display the routes permitted by the specified AS regular expression.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Argument protocol F1000-A-EI/S-EI F1000-E F5000 Firewall module Yes. Yes. Yes. Yes. Excludes isisv6. Excludes isisv6. Includes isisv6. Excludes isisv6. If a protocol is specified, only routes redistributed from the specified protocol are filtered. If no protocol is specified, all redistributed routes will be filtered.
ipv6-prefix-name: Name of an IPv6 prefix list used to match against the destination address field of routing information, a string of 1 to 19 characters. Description Use filter-policy import to filter inbound routing information using a specified filter. Use undo filter-policy import to cancel filtering inbound routing information. By default, no inbound routing information is filtered.
Parameters ipv6-group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. internal: Creates an IBGP peer group. external: Creates an EBGP peer group, which can be a group of another sub AS in the confederation. Description Use group to create a peer group. Use undo group to delete a peer group. An IBGP peer group will be created if neither internal nor external is selected. Examples # Create an IBGP peer group named test.
Argument protocol F1000-A-EI/S-EI F1000-E F5000 Firewall module Yes. Yes. Yes. Yes. Excludes isisv6. Excludes isisv6. Includes isisv6. Excludes isisv6. Examples # Redistribute routes from RIPng 1.
network Syntax network ipv6-address prefix-length [ route-policy route-policy-name | short-cut ] undo network ipv6-address prefix-length [ short-cut ] View IPv6 address family view, IPv6 BGP-VPN instance view Default level 2: System level Parameters ipv6-address: IPv6 address. prefix-length: Prefix length of the address, in the range of 0 to 128. route-policy-name: Name of a routing policy, a string of 1 to 63 characters.
Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. Description Use peer advertise-community to advertise the community attribute to a peer/peer group. Use undo peer advertise-community to remove the configuration. By default, no community attribute is advertised to any peer group/peer. Examples # Advertise the community attribute to the peer 1:2::3:4.
undo peer { group-name | ipv6-address } allow-as-loop View IPv6 address family view Default level 2: System level Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. number: Specifies the number of times for which the local AS number can appear in routes from the peer/peer group, in the range of 1 to 10. The default number is 1.
Use undo peer ipv6-group-name as-number to delete an IPv6 peer group. Use undo peer ipv6-address to delete a peer. Examples # Configure peer group test in AS 200.
Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. as-path-acl-number: Number of an AS path ACL, in the range of 1 to 256. import: Filters incoming routes. export: Filters outgoing routes. Description Use peer as-path-acl to specify an AS path ACL to filter routes incoming from or outgoing to a peer/peer group. Use undo peer as-path-acl to remove the configuration. By default, no AS path list is specified for filtering.
Examples # Enable BFD over the link to BGP peer 100::1.
Local parameter Peer parameter Negotiation result receive • send • both The ORF receiving capability is enabled locally and the ORF sending capability is enabled on the peer. both both Both the ORF sending and receiving capabilities are enabled locally and on the peer, respectively. Examples # Enable the ORF capability for the BGP peer 1:2::3:4. Then, after negotiation, the local router can exchange ORF information with the peer 1:2::3:4.
[Sysname-bgp-af-ipv6] peer 1:2::3:4 as-number 100 [Sysname-bgp-af-ipv6] peer 1:2::3:4 capability-advertise orf non-standard [Sysname-bgp-af-ipv6] peer 1:2::3:4 capability-advertise orf ipv6-prefix both peer capability-advertise route-refresh Syntax peer { ipv6-group-name | ipv6-address } capability-advertise route-refresh undo peer { ipv6-group-name | ipv6-address } capability-advertise route-refresh View IPv6 address family view Default level 2: System level Parameters ipv6-group-name: Name of a peer g
ipv6-address: IPv6 address of a peer. Description Use peer capability-advertise suppress-4-byte-as to enable 4-byte AS number suppression. Use undo peer capability-advertise suppress-4-byte-as to disable the function. By default, the 4-byte AS number suppression function is disabled. The device supports 4-byte AS numbers and uses 4-byte AS numbers by default. If the peer devices support only 2-byte AS numbers, you must enable the 4-byte AS number suppression function on the device.
Examples # In IPv6 BGP-VPN instance view, enable 4-byte AS number suppression for peer 2001::1.
peer default-route-advertise Syntax peer { group-name | ipv6-address } default-route-advertise [ route-policy route-policy-name ] undo peer { group-name | ipv6-address } default-route-advertise View IPv6 address family view Default level 2: System level Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. route-policy-name: Name of a routing policy, a string of 1 to 63 characters.
description-text: Description information for the peer/peer group, a string of 1 to 79 characters. Description Use peer description to configure the description information for a peer/peer group. Use undo peer description to remove the description information of a peer/peer group. By default, no description information is configured for a peer (group). You need create a peer/peer group before configuring a description for it. Examples # Configure the description for the peer group test as ISP1.
peer fake-as Syntax peer { ipv6-group-name | ipv6-address } fake-as as-number undo peer { ipv6-group-name | ipv6-address } fake-as View IPv6 address family view Default level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. as-number: Local AS number, in the range of 1 to 4294967295. Description Use peer fake-as to configure a fake local AS number for a peer or peer group.
export: Applies the filter-policy to routes advertised to the peer/peer group. Description Use peer filter-policy to configure an ACL-based filter policy for a peer or peer group. Use undo peer filter-policy to remove the configuration. By default, no ACL-based filter policy is configured for a peer or peer group. Examples # Apply the ACL6 2000 to filter routes advertised to the peer 1:2::3:4.
peer ignore Syntax peer { ipv6-group-name | ipv6-address } ignore undo peer { ipv6-group-name | ipv6-address } ignore View IPv6 address family view Default level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. Description Use peer ignore to terminate the session to a peer or peer group. Use undo peer ignore to remove the configuration. By default, a router can establish sessions with a peer or peer group.
import: Applies the filtering policy to routes received from the specified peer/peer group. export: Applies the filtering policy to routes advertised to the specified peer/peer group. Description Use peer ipv6-prefix to specify an IPv6 prefix list to filter routes incoming from or outgoing to a peer or peer group. Use undo peer ipv6-prefix to remove the configuration. By default, no IPv6 prefix list is specified for filtering.
[Sysname-bgp-af-ipv6] peer 1212::1111 ipsec-policy policy001 peer keep-all-routes Syntax peer { group-name | ipv6-address } keep-all-routes undo peer { group-name | ipv6-address } keep-all-routes View IPv6 address family view Default level 2: System level Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer.
Description Use peer log-change to enable the logging of session state and event information of a specified peer or peer group. Use undo peer log-change to remove the configuration. The logging is enabled by default. Examples # Enable the logging of session state and event information of peer 1:2::3:4.
undo peer { group-name | ipv6-address } password View IPv6 address family view Default level 2: System view Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. cipher: Displays the configured password in cipher text format. simple: Displays the configured password in plain text format.
peer preferred-value (IPv6 address family view) Syntax peer { ipv6-group-name | ipv6-address } preferred-value value undo peer { ipv6-group-name | ipv6-address } preferred-value View IPv6 address family view Default level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. value: Preferred value, in the range of 0 to 65535.
View IPv6 BGP-VPN instance view Default level 2: System level Parameters ipv6-address: IPv6 address of a peer. value: Preferred value, in the range 0 to 65535. Description Use peer preferred-value to assign a preferred value to routes received from a peer or peer group. Use undo peer preferred-value to restore the default. By default, routes received from a peer or peer group have a preferred value of 0. Routes learned from peers each have an initial preferred value.
Description Use peer public-as-only to configure IPv6 BGP updates to a peer/peer group to not carry private AS numbers. Use undo peer public-as-only to allow IPv6 BGP updates to a peer/peer group to carry private AS numbers. By default, BGP updates carry the private AS number. The command does not take effect if the BGP update has both the public AS number and private AS number. The range of private AS number is from 64512 to 65535.
peer route-limit Syntax peer { group-name | ipv6-address } route-limit prefix-number [ { alert-only | reconnect reconnect-time } | percentage ] * undo peer { group-name | ipv6-address } route-limit View IPv6 address family view Default level 2: System level Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. prefix number: Specifies the upper limit of prefixes that can be received from the peer or peer group.
undo peer { group-name | ipv6-address } route-policy route-policy-name { import | export } View IPv6 address family view Default level 2: System level Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. route-policy-name: Name of a routing policy, a string of 1 to 63 characters. import: Applies the routing policy to routes from the peer (group). export: Applies the routing policy to routes sent to the peer (group).
Parameters ipv6-address: IPv6 address of a peer. route-policy-name: Name of a routing policy, a string of 1 to 63 characters. import: Applies the routing policy to routes from the peer (group). export: Applies the routing policy to routes sent to the peer (group). Description Use peer route-policy to apply a routing policy to routes incoming from or outgoing to a peer or peer group. Use undo peer route-policy to remove the configuration. By default, no routing policy is specified for the peer (group).
By default, the interval is 15 seconds for the IBGP peer, and 30 seconds for the EBGP peer. Examples # Specify the interval for sending the same update to the peer 1:2::3:4 as 10 seconds.
Default level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. keepalive: Specifies the keepalive interval in seconds, ranging from 0 to 21845. holdtime: Specifies the holdtime in seconds, whose value is 0 or in the range of 3 to 65535. Description Use peer timer to configure keepalive interval and holdtime interval for a peer or peer group. Use undo peer timer to restore the default.
View IPv6 address family view, IPv6 BGP-VPN instance view Default level 2: System level Parameters external-preference: Preference of EBGP route learned from an EBGP peer, in the range of 1 to 255. internal-preference: Preference of IBGP route learned from an IBGP peer, in the range of 1 to 255. local-preference: Preference of IPv6 BGP local route, in the range of 1 to 255. route-policy-name: Routing policy name, a string of 1 to 63 characters.
Related commands: reflector cluster-id and peer reflect-client. Examples # Enable route reflection between clients.
Default level 1: Monitor level Parameters ipv6-address: Soft-resets the connection with an IPv6 BGP peer. all: Soft-resets all IPv6 BGP connections. external: Soft-resets EBGP connections. group ipv6-group-name: Soft-resets connections with a peer group. The name of the peer group is a string of 1 to 47 characters. internal: Soft-resets IBGP connections. export: Performs soft reset in outbound direction. import: Performs soft reset in inbound direction.
Description Use reset bgp ipv6 to reset specified IPv6 BGP connections. Examples # Reset all the IPv6 BGP connections. reset bgp ipv6 all reset bgp ipv6 dampening Syntax reset bgp ipv6 dampening [ ipv6-address prefix-length ] View User view Default level 1: Monitor level Parameters ipv6-address: IPv6 address prefix-length: Prefix length of the address, in the range of 0 to 128.
Description Use reset bgp ipv6 flap-info to clear IPv6 routing flap statistics. If no parameters are specified, the flap statistics of all the routes will be cleared Examples # Clear the flap statistics of the routes matching AS path ACL 10. system-view [Sysname] ip as-path 10 permit ^100.
undo synchronization View IPv6 address family view Default level 2: System level Parameters None Description Use synchronization to enable the synchronization between IPv6 BGP and IGP. Use undo synchronization to disable the synchronization. The feature is disabled by default.
The timers configured with the peer timer command are preferred to the timers configured with the timer command. If the holdtime interval is configured as 0, no keepalive message will be sent to the peer, and the peer connection will never time out. if the keepalive interval is configured as 0 and the negotiated hold time is not 0, one third of the hold time is taken as the interval for sending keepalive messages.
IPv6 IS-IS configuration commands NOTE: • This chapter describes only IPv6 IS-IS configuration commands, which supports all IPv4 IS-IS features except that it advertises IPv6 routing information instead. For more information about IS-IS, see "IS-IS configuration commands." • The term "router" in this chapter refers to both routers and Layer 3 firewalls.
NOTE: If no level is specified, both Level-1 and Level-2 (Level-1-2) routing information will be displayed. Description Use display isis route ipv6 to display IPv6 IS-IS routing information. Examples # Display IPv6 IS-IS routing information.
Field Description Flag of routing information status: • • • • Flag/Flags D—This is a direct route. R—The route has been added into the routing table. L—The route has been advertised in a LSP. U—Route leaking flag, indicating the Level-1 route is from Level-2. U means the route will not be returned to Level-2. Cost Value of cost. Next Hop Next hop. Interface Outbound interface # Display detailed IPv6 IS-IS routing information of VPN instance 1.
Table 202 Command output Field Description IPV6 Dest IPv6 destination. Cost Value of cost. Flag of routing information status: Flag/Flags • • • • D—This is a direct route. R—The route has been added into the routing table. L—The route has been advertised in a LSP. U—Route leaking flag, indicating the Level-1 route is from Level-2. U means the route will not be returned to Level-2. Admin Tag Administrative tag. Src Count Number of advertisement sources. Next Hop Next hop.
With a routing policy, you can configure IPv6 IS-IS to generate the default route that must match the routing policy. You can use the apply isis level-1 command in routing policy view to generate a default route in L1 LSPs, or use the apply isis level-2 command in routing policy view to generate a default route in L2 LSPs, and use the apply isis level-1-2 in routing policy view to generate a default route in L1 and L2 LSPs respectively. Related commands: apply isis.
View IS-IS view Default level 2: System level Parameters acl6-number: Number of a basic or advanced IPv6 ACL used to filter redistributed routes before advertisement, ranging from 2000 to 3999. For ACL information, see Access Control Configuration Guide. ipv6-prefix-name: Name of an IPv6 prefix list used to filter the redistributed routes before advertisement, a case-sensitive string of 1 to 19 characters. For IPv6 prefix list information, see Network Mangement Configuration Guide.
[Sysname-isis-1] ipv6 filter-policy 2006 export # Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter redistributed routes.
Examples # Reference the IPv6 ACL 2003 to filter the received routes. system-view [Sysname] isis 1 [Sysname-isis-1] ipv6 filter-policy 2003 import # Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter the received routes.
Route redistribution is disabled by default. If no level is specified, the routes are imported to Level-2 routing table by default. IPv6 IS-IS considers redistributed routes as routes to destinations outside the local routing domain. You can specify a cost and a level for redistributed routes. CAUTION: Use the import-route bgp4+ allow-ibgp command with caution because it redistributes both eBGP and iBGP routes, and the redistributed iBGP routes can cause routing loops.
system-view [Sysname] isis 1 [Sysname-isis-1] ipv6 import-route isisv6 level-2 into level-1 ipv6 import-route limit Syntax ipv6 import-route limit number undo ipv6 import-route limit View IS-IS view Default level 2: System level Parameters number: Maximum number of redistributed Level 1/Level 2 IPv6 routes, in the range of 1 to 130000. Description Use ipv6 import-route limit to configure the maximum number of redistributed Level 1/Level 2 IPv6 routes.
By default, the maximum number of equal-cost routes is 8. NOTE: Configure the maximum number of equal-cost routes according to the memory capacity. Examples # Configure the maximum number of equal-cost routes as 2.
View IS-IS view Default level 2: System level Parameters ipv6-prefix: IPv6 prefix of the summary route. prefix-length: Length of the IPv6 prefix, in the range of 0 to 128. avoid-feedback: Specifies to avoid learning summary routes via routing calculation. generate_null0_route: Generates the NULL 0 route to avoid routing loops. level-1: Specifies to summarize only the routes redistributed to Level-1 area. level-1-2: Specifies to summarize all the routes redistributed to Level-1 and Level-2 areas.
Parameters None Description Use isis ipv6 bfd enable to enable BFD on an IPv6 IS-IS interface for link failure detection. Use undo isis ipv6 bfd enable to disable BFD on an IPv6 IS-IS interface. By default, an IPv6 IS-IS interface is not enabled with BFD. Examples # Enable BFD for IPv6 IS-IS on GigabitEthernet 0/1.
multiple-topology ipv6-unicast Syntax multiple-topology ipv6-unicast undo multiple-topology ipv6-unicast View IS-IS view Default level 2: System level Parameters None Description Use multiple-topology ipv6-unicast to enable IPv6 IS-IS MTR. This command enables separate route calculation in IPv4 and IPv6 topologies. Use undo multiple-topology ipv6-unicast to disable IPv6 IS-IS MTR. By default, IPv6 IS-IS MTR is disabled.
IPv6 routing table displaying commands NOTE: The term "router" in this chapter refers to both routers and Layer 3 firewalls. display ipv6 routing-table Syntax display ipv6 routing-table [ vpn-instance vpn-instance-name ] [ verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies an VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.
NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Table 203 Command output Field Description Destination IPv6 address of the destination network/host NextHop Next hop address Preference Route priority Interface Outgoing interface Protocol Routing protocol Cost Route cost # Display detailed routing table information.
Field Description Cost Cost of the route Tunnel ID Tunnel ID Label Label Age Time that has elapsed since the route was generated display ipv6 routing-table acl Syntax display ipv6 routing-table [ vpn-instance vpn-instance-name ] acl acl6-number [ verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies an VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.
NextHop : :: Preference: 60 Interface : NULL0 Cost : 0 For output description, see Table 203.
Only route entries that exactly match the input destination address and prefix length are displayed. • display ipv6 routing-table ipv6-address prefix-length longer-match The system ANDs the input destination IPv6 address with the input prefix length. The system ANDs the destination IPv6 address in each route entry with the input prefix length.
NextHop : :: Preference: 60 Interface : NULL0 Cost Cost : 0 : 0 For output description, see Table 203. display ipv6 routing-table ipv6-prefix Syntax display ipv6 routing-table [ vpn-instance vpn-instance-name ] ipv6-prefix ipv6-prefix-name [ verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.
display ipv6 routing-table protocol Syntax display ipv6 routing-table [ vpn-instance vpn-instance-name ] protocol protocol [ inactive | verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the information of the public network is displayed.
Interface : InLoop0 Cost : 0 Direct Routing Table Status : Summary Count : 0 For output description, see Table 203. display ipv6 routing-table statistics Syntax display ipv6 routing-table [ vpn-instance vpn-instance-name ] statistics [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies an VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.
Field Description route Route number of the protocol active Number of active routes added Routes added after the last startup of the router deleted Deleted routes, which will be released after a specified time freed Released (totally removed from the routing table) route number Total Total number of routes reset ipv6 routing-table statistics Syntax reset ipv6 routing-table statistics protocol [ vpn-instance vpn-instance-name ] { protocol | all } View User view Default level 2: System level
IPv6 policy-based routing configuration commands apply default output-interface Syntax apply default output-interface interface-type interface-number undo apply default output-interface [ interface-type interface-number ] View IPv6 PBR policy node view Default level 2: System level Parameters interface-type interface-number: Specifies an interface. Description Use apply default output-interface to set a default outgoing interface for IPv6 packets.
Parameters ipv6-address: Default next hop. Description Use apply ipv6-address default next-hop to set a default next hop. Use undo apply ipv6-address default next-hop to remove the default next hop. This command only applies to packets not finding a match in the routing table. You can specify up to five default next hops for per-flow load balancing. Using the undo apply ipv6-address default next-hop command with a next hop specified removes the default next hop.
apply ipv6-precedence Syntax apply ipv6-precedence { type | value } undo apply ipv6-precedence View IPv6 PBR policy node view Default level 2: System level Parameters type: Sets a preference type. value: Sets a preference value from 0 to 7 (inclusive). Each value corresponds to a keyword, as shown in Table 206.
View IPv6 PBR policy node view Default level 2: System level Parameters interface-type interface-number: Specifies an interface. Description Use apply output-interface to set an outgoing interface. Use undo apply output-interface to remove the clause. Five outgoing interfaces at most can be specified for per-flow load sharing. For non-P2P interfaces (broadcast and NBMA interfaces) such as Ethernet interfaces, multiple next hops are available, and packets may not be forwarded successfully.
If no policy name is specified, all the IPv6 PBR policy information is displayed. If a policy name is specified, information about the specified policy is displayed. Examples # Display all IPv6 PBR policy information.
Examples # Display the IPv6 PBR routing information of policy test. display ipv6 policy-based-route setup test policy Name interface test local # Display the IPv6 PBR routing information on interface GigabitEthernet 0/1.
Default level 1: Monitor level Parameters interface interface-type interface-number: Displays IPv6 PBR statistics on the specified interface. local: Displays IPv6 local PBR statistics. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
View IPv6 PBR policy node view Default level 2: System level Parameters acl6-number: IPv6 ACL number, in the range of 2000 to 3999. The number of a basic IPv6 ACL ranges from 2000 to 2999 and that of an advanced IPv6 ACL ranges from 3000 to 3999. Description Use if-match acl6 to define an IPv6 ACL match criterion. Use undo if-match acl6 to remove the IPv6 ACL match criterion. Examples # Permit the packets matching ACL 2000.
ipv6 local policy-based-route Syntax ipv6 local policy-based-route policy-name undo ipv6 local policy-based-route [ policy-name ] View System view Default level 2: System level Parameters policy-name: Policy name, a string of 1 to 19 characters. Description Use ipv6 local policy-based-route to configure IPv6 local PBR based on a policy. Use undo ipv6 local policy-based-route to remove the configuration. IPv6 local PBR is not configured by default. Local PBR is used to route packets generated locally.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 policy-based-route AAA ipv6 policy-based-route (system view) Syntax ipv6 policy-based-route policy-name [ deny | permit ] node node-number undo ipv6 policy-based-route policy-name [ deny | node node-number | permit ] View System view Default level 2: System level Parameters policy-name: Policy name, a string of 1 to 19 characters. deny: Specifies the match mode of the policy node as deny.
Description Use reset ipv6 policy-based-route statistics to clear IPv6 PBR statistics. If no policy name is specified, this command clears all IPv6 PBR statistics. Examples # Clear all IPv6 PBR statistics.
IPv6 multicast routing and forwarding configuration commands The term "router" in this document refers to both routers and Layer 3 firewalls.
IPv6 multicast boundary information Boundary Interface FF03::/16 GE0/1 FF09::/16 GE0/2 Table 210 Command output Field Description Boundary IPv6 multicast group corresponding to the IPv6 multicast boundary Interface Boundary interface corresponding to the IPv6 multicast boundary display multicast ipv6 forwarding-table Syntax display multicast ipv6 forwarding-table [ ipv6-source-address [ prefix-length ] | ipv6-group-address [ prefix-length ] | incoming-interface { interface-type interface-number
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display multicast ipv6 forwarding-table to display information about the IPv6 multicast forwarding table.
Field Description Incoming interface Incoming interface of the (S, G) entry. List of 1 outgoing interfaces: Outgoing interface list: 1: GigabitEthernet0/2 Interface number: interface type and number. Matched 146754 packets(10272780 bytes), Wrong If 0 packets (S, G)-matched packets (bytes), packets with incoming interface errors. Forwarded 139571 packets(9769970 bytes) (S, G) forwarded IPv6 multicast packets (bytes).
Value Meaning 40000000 Indicates that the main board will notify other cards to remove the entry.
Related commands: display multicast ipv6 forwarding-table. Examples # Display information about the IPv6 multicast routing table. display multicast ipv6 routing-table IPv6 multicast routing table Total 1 entry 00001. (2001::2, FFE3::101) Uptime: 00:00:14 Upstream Interface: GigabitEthernet0/1 List of 1 downstream interface 1: GigabitEthernet0/2 Table 214 Command output Field Description IPv6 multicast routing table IPv6 multicast routing table.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display multicast ipv6 rpf-info to display RPF information of an IPv6 multicast source. Related commands: display multicast ipv6 forwarding-table and display multicast ipv6 routing-table. Examples # Display all RPF information of the multicast source with an IPv6 address 2001::101.
Default level 2: System level Parameters ipv6-group-address: IPv6 multicast group address, in the range of FFxy::/16, where x and y represent any hexadecimal number from 0 through F. prefix-length: Prefix length of an IPv6 multicast group address, in the range of 8 to 128. scope-id: Specifies the ID of an admin-scope zone in the range 3 to 15, which is identified by the scope field in the IPv6 multicast group address,. admin-local: Specifies the scope zone as admin-local, which has a scope ID of 4.
multicast ipv6 forwarding-table downstream-limit Syntax multicast ipv6 forwarding-table downstream-limit limit undo multicast ipv6 forwarding-table downstream-limit View System view Default level 2: System level Parameters limit: Maximum number of downstream nodes (namely the maximum number of outgoing interfaces) for a single entry in the IPv6 multicast forwarding table. The value ranges from 0 to 128.
Use undo multicast ipv6 forwarding-table route-limit to restore the default. By default, the upper limit is 4096. The allowable maximum number of entries varies with devices. Related commands: display multicast ipv6 forwarding-table. Examples # Set the maximum number of entries in the IPv6 multicast forwarding table to 200.
Parameters None Description Use multicast ipv6 longest-match to configure RPF route selection based on the longest match principle, namely, to select the route with the longest prefix as the RPF route. Use undo multicast ipv6 longest-match to restore the default. By default, the route with the highest priority is selected as the RPF route. Examples # Configure RPF route selection based on the longest match.
View User view Default level 2: System level Parameters ipv6-source-address: IPv6 multicast source address. ipv6-group-address: IPv6 multicast group address, in the range of FFxy::/16, where x and y represent any hexadecimal number from 0 to F. prefix-length: Prefix length of an IPv6 multicast group or an IPv6 multicast source address. For an IPv6 multicast group address, this argument has an effective value range of 8 to 128.
ipv6-group-address: IPv6 multicast group address, in the range of FFxy::/16, where x and y represent any hexadecimal number from 0 to F. prefix-length: Prefix length of an IPv6 multicast group address or an IPv6 multicast source address. For an IPv6 multicast group address, this argument has an effective value range of 8 to 128. For an IPv6 multicast source address, this argument has an effective value range of 0 to 128. The system default is 128 in both cases.
IPv6 PIM configuration commands bsm-fragment enable (IPv6 PIM view) Syntax bsm-fragment enable undo bsm-fragment enable View IPv6 PIM view Default level 2: System level Parameters None Description Use bsm-fragment enable to enable bootstrap message (BSM) semantic fragmentation. Use undo bsm-fragment enable to disable BSM semantic fragmentation. By default, BSM semantic fragmentation is enabled.
Parameters acl6-number: Basic IPv6 ACL number, in the range of 2000 to 2999. When an IPv6 ACL is defined, the source keyword in the rule command specifies a legal BSR source IPv6 address range. Description Use bsr-policy to configure a legal BSR address range to guard against BSR spoofing. Use undo bsr-policy to remove the restriction of the BSR address range. By default, no restrictions are defined for the BSR address range. Namely, the BSR messages from any source are regarded to be eligible.
Examples # Configure the interface with an IPv6 address of 1101::1 as a C-BSR. system-view [Sysname] pim ipv6 [Sysname-pim6] c-bsr 1101::1 c-bsr admin-scope (IPv6 PIM view) Syntax c-bsr admin-scope undo c-bsr admin-scope View IPv6 PIM view Default level 2: System level Parameters None Description Use c-bsr admin-scope to enable IPv6 administrative scoping. Use undo c-bsr admin-scope to disable IPv6 administrative scoping. IPv6 administrative scoping is disabled by default.
Description Use c-bsr hash-length to configure the global Hash mask length. Use undo c-bsr hash-length to restore the default. By default, the Hash mask length is 126. Related commands: c-bsr. Examples # Set the global Hash mask length to 16.
undo c-bsr interval View IPv6 PIM view Default level 2: System level Parameters interval: BS period in seconds, with an effective range of 10 to 2,147,483,647. Description Use c-bsr interval to configure the BS period, namely, the interval at which the BSR sends bootstrap messages. Use undo c-bsr interval to restore the default. By default, the BS period value is determined by this formula: BS period = (BS timeout – 10) / 2.
Examples # Set the global C-BSR priority to 5. system-view [Sysname] pim ipv6 [Sysname-pim6] c-bsr priority 5 c-bsr scope Syntax c-bsr scope { scope-id | admin-local | global | organization-local | site-local } [ hash-length hash-length | priority priority ] * undo c-bsr scope { scope-id | admin-local | global | organization-local | site-local } View IPv6 PIM view Default level 2: System level Parameters scope-id: Specifies the value of the Scope field, in the range of 3 to 15.
c-rp (IPv6 PIM view) Syntax c-rp ipv6-address [ { group-policy acl6-number | scope scope-id } | priority priority | holdtime hold-interval | advertisement-interval adv-interval ] * [ bidir ] undo c-rp ipv6-address View IPv6 PIM view Default level 2: System level Parameters ipv6-address: IPv6 address of the interface that will act as a C-RP. acl6-number: Basic IPv6 ACL number, in the range of 2000 to 2999.
system-view [Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule permit source ff0e:0:1391:: 96 [Sysname-acl6-basic-2000] quit [Sysname] pim ipv6 [Sysname-pim6] c-rp 2001::1 group-policy 2000 priority 10 c-rp advertisement-interval (IPv6 PIM view) Syntax c-rp advertisement-interval interval undo c-rp advertisement-interval View IPv6 PIM view Default level 2: System level Parameters interval: C-RP-Adv interval in seconds, with an effective range of 1 to 65,535.
Description Use c-rp holdtime to configure the global C-RP timeout time, namely, the length of time that the BSR waits for a C-RP-Adv message from C-RPs. Use undo c-rp holdtime to restore the default. By default, the C-RP timeout time is 150 seconds. Because a non-BSR router refreshes its C-RP timeout time through bootstrap messages, to prevent loss of C-RP information in bootstrap messages, make sure that the C-RP timeout time is not smaller than the interval at which the BSR sends bootstrap messages.
Examples # Configure a C-RP policy so that only devices in the IPv6 address range of 2001::2/64 can be C-RPs that serve IPv6 multicast groups in the address range of FF03::101/64.
State: Elected Scope: 14 Candidate RP: 2001::1(LoopBack1) Priority: 192 HoldTime: 130 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:48 Candidate RP: 2002::1(GigabitEthernet0/1) Priority: 200 HoldTime: 90 Advertisement Interval: 50 Next advertisement scheduled at: 00:00:28 Candidate RP: 2003::1(GigabitEthernet0/2) Priority: 192 HoldTime: 80 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:48 Table 216 Command output Field Description Elected BSR Address IPv6 address o
Default level 1: Monitor level Parameters ipv6-source-address: Displays information about the IPv6 unicast route to a particular IPv6 multicast source. If you do not provide this argument, this command will display the information about all IPv6 unicast routes used by IPv6 PIM. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description RPF-route selecting rule Rule of RPF route selection The (S,G) or (*,G) list dependent on this route entry (S, G) or (*, G) entry list dependent on this RPF route display pim ipv6 control-message counters Syntax display pim ipv6 control-message counters [ message-type { probe | register | register-stop } | [ interface interface-type interface-number | message-type { assert | bsr | crp | graft | graft-ack | hello | join-prune | state-refresh } ] * ] [ | { begin | exclude | include } r
Examples # Display the statistics information of all types of IPv6 PIM control messages on all interfaces.
display pim ipv6 grafts Syntax display pim ipv6 grafts [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters interface-type interface-number: Displays the IPv6 PIM information on a particular interface. verbose: Displays the detailed PIM information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description PIM mode IPv6 PIM mode, dense or sparse PIM DR IPv6 address of the DR PIM DR Priority (configured) Priority for DR election PIM neighbor count Total number of IPv6 PIM neighbors PIM hello interval Interval between IPv6 PIM hello messages PIM LAN delay (negotiated) Negotiated prune message delay PIM LAN delay (configured) Configured prune message delay PIM override interval (negotiated) Negotiated prune override interval PIM override interval (configured) Configured prune
Default level 1: Monitor level Parameters mode: Displays information about join/prune messages to send in the specified IPv6 PIM mode. IPv6 PIM modes include sm and ssm, which represent IPv6 PIM-SM and IPv6 PIM-SSM respectively. flags flag-value: Displays IPv6 PIM routing entries containing the specified flag or flags.Values and meanings of flag-value are as follows: • rpt: Specifies routing entries on the RPT. • spt: Specifies routing entries on the SPT. • wc: Specifies wildcard routing entries.
Field Description (S, G) join(s) Number of (S, G) joins to send (S, G, rpt) prune(s) Number of (S, G, rpt) prunes display pim ipv6 neighbor Syntax display pim ipv6 neighbor [ interface interface-type interface-number | ipv6-neighbor-address | verbose ] * [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Displays the IPv6 PIM neighbor information on a particular interface.
Generation ID: 0x2ACEFE15 Holdtime: 105 s LAN delay: 500 ms Override interval: 2500 ms State refresh interval: 60 s Neighbor tracking: Disabled Bidirectional PIM: Enabled Neighbor Secondary Address(es): 1::1 Table 222 Command output Field Description Total Number of Neighbors Total number of IPv6 PIM neighbors. Neighbor Primary IPv6 address of the PIM neighbor (link-local address). Interface Interface connecting the IPv6 PIM neighbor.
Default level 1: Monitor level Parameters ipv6-group-address: Specifies an IPv6 multicast group by its address, in the range of FFxy::/16, where x and y represent any hexadecimal number between 0 and F, inclusive. ipv6-source-address: Specifies an IPv6 multicast source by its IPv6 address. prefix-length: Prefix length of the IPv6 multicast group/source address prefix. For an IPv6 multicast group address, the effective range is 8 to 128 and the default value is 128.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display pim ipv6 routing-table to view IPv6 PIM routing table information. Related commands: display ipv6 multicast routing-table.
DR state: [DR] Join/Prune FSM: [NI] Assert FSM: [NI] FSM information for non-downstream interfaces: None Table 223 Command output Field Description Total 0 (*, G) entry; 1 (S, G) entry Number of (S, G) and (*, G) entries in the IPv6 PIM routing table. (2001::2, FFE3::101) (S, G) entry in the IPv6 PIM routing table. RP IP address of the RP. Protocol IPv6 PIM mode. Flag of the (S, G) or (*, G) entry in the IPv6 PIM routing table: • ACT—Indicates that the entry has been used for routing data.
display pim ipv6 rp-info Syntax display pim ipv6 rp-info [ ipv6-group-address ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters ipv6-group-address: Specifies an IPv6 multicast group by its address, in the range of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16 and FF0y::), where x and y represent any hexadecimal number between 0 and F, inclusive.
Field Description HoldTime Timeout time of the RP. Uptime Length of time since the RP was elected. Expires Remaining time of the RP. embedded-rp Syntax embedded-rp [ acl6-number ] undo embedded-rp [ acl6-number ] View IPv6 PIM view Default level 2: System level Parameters acl6-number: Basic IPv6 ACL number, in the range of 2000 to 2999. Description Use embedded-rp to enable embedded RP. Use undo embedded-rp to disable embedded RP or restore the default.
hello-option dr-priority (IPv6 PIM view) Syntax hello-option dr-priority priority undo hello-option dr-priority View IPv6 PIM view Default level 2: System level Parameters priority: Router priority for DR election, in the range of 0 to 4294967295. A larger value means a higher priority. Description Use hello-option dr-priority to configure the global value of the router priority for DR election. Use undo hello-option dr-priority to restore the default.
Related commands: pim ipv6 hello-option holdtime. Examples # Set the IPv6 PIM neighbor timeout time to 120 seconds globally. system-view [Sysname] pim ipv6 [Sysname-pim6] hello-option holdtime 120 hello-option lan-delay (IPv6 PIM view) Syntax hello-option lan-delay interval undo hello-option lan-delay View IPv6 PIM view Default level 2: System level Parameters interval: LAN-delay time in milliseconds, with an effective range of 1 to 32,767.
Parameters None Description Use hello-option neighbor-tracking to globally disable join suppression, namely, to enable neighbor tracking. Use undo hello-option neighbor-tracking to enable join suppression. By default, join suppression is enabled. Namely, neighbor tracking is disabled. Related commands: pim ipv6 hello-option neighbor-tracking. Examples # Disable join suppression globally.
undo holdtime assert View IPv6 PIM view Default level 2: System level Parameters interval: Assert timeout time in seconds, with an effective range of 7 to 2,147,483,647. Description Use holdtime assert to configure the global value of the assert timeout time. Use undo holdtime assert to restore the default. By default, the assert timeout time is 180 seconds. Related commands: holdtime join-prune, pim ipv6 holdtime assert, and pim ipv6 holdtime join-prune.
jp-pkt-size (IPv6 PIM view) Syntax jp-pkt-size packet-size undo jp-pkt-size View IPv6 PIM view Default level 2: System level Parameters packet-size: Maximum size of join/prune messages in bytes, with an effective range of 100 to 64000. Description Use jp-pkt-size to configure the maximum size of join/prune messages. Use undo jp-pkt-size to restore the default. By default, the maximum size of join/prune messages is 8,100 bytes. Related commands: jp-queue-size.
• The size of the forwarding table. In a network that does not support packet fragmentation, if you configure a large queue-size, a join/prune message might contain a large number of groups, causing the message length to exceed the MTU of the network. As a result, the products that do not support fragmentation will drop the join/prune message. • The (S, G) join/prune state hold time on the upstream device.
View Interface view Default level 2: System level Parameters None Description Use pim ipv6 bsr-boundary to configure an IPv6 PIM domain border, namely, a bootstrap message boundary. Use undo pim ipv6 bsr-boundary to remove the configured IPv6 PIM domain border. By default, no PIM domain border is configured. Related commands: c-bsr and multicast ipv6 boundary. Examples # Configure GigabitEthernet 0/1 as a PIM domain border.
[Sysname] multicast ipv6 routing-enable [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim ipv6 dm pim ipv6 hello-option dr-priority Syntax pim ipv6 hello-option dr-priority priority undo pim ipv6 hello-option dr-priority View Interface view Default level 2: System level Parameters priority: Router priority for DR election, in the range of 0 to 4294967295. A larger value means a higher priority.
Description Use pim ipv6 hello-option holdtime to configure the PIM neighbor timeout time on the current interface. Use undo pim ipv6 hello-option holdtime to restore the default. By default, the IPv6 PIM neighbor timeout time is 105 seconds. Related commands: hello-option holdtime. Examples # Set the IPv6 PIM neighbor timeout time to 120 seconds on GigabitEthernet 0/1.
View Interface view Default level 2: System level Parameters None Description Use pim ipv6 hello-option neighbor-tracking to disable join suppression, namely, to enable neighbor tracking, on the current interface. Use undo pim ipv6 hello-option neighbor-tracking to enable join suppression. By default, join suppression is enabled. Namely, neighbor tracking is disabled. Related commands: hello-option neighbor-tracking. Examples # Disable join suppression on GigabitEthernet 0/1.
[Sysname-GigabitEthernet0/1] pim ipv6 hello-option override-interval 2000 pim ipv6 holdtime assert Syntax pim ipv6 holdtime assert interval undo pim ipv6 holdtime assert View Interface view Default level 2: System level Parameters interval: Assert timeout time in seconds, with an effective range of 7 to 2,147,483,647. Description Use pim ipv6 holdtime assert to configure the assert timeout time on the current interface. Use undo pim ipv6 holdtime assert to restore the default.
Related commands: holdtime assert, holdtime join-prune, and pim ipv6 holdtime assert. Examples # Set the join/prune timeout time to 280 seconds on GigabitEthernet 0/1.
Default level 2: System level Parameters None Description Use pim ipv6 require-genid to enable rejection of hello messages without Generation_ID. Use undo pim ipv6 require-genid to restore the default. By default, hello messages without Generation_ID are accepted. Examples # Configure GigabitEthernet 0/1 to reject hello messages without Generation_ID.
pim ipv6 state-refresh-capable Syntax pim ipv6 state-refresh-capable undo pim ipv6 state-refresh-capable View Interface view Default level 2: System level Parameters None Description Use pim ipv6 state-refresh-capable to enable the state fresh feature on the interface. Use undo pim ipv6 state-refresh-capable to disable the state fresh feature. By default, the state refresh feature is enabled. Related commands: state-refresh-hoplimit, state-refresh-interval, and state-refresh-rate-limit.
system-view [Sysname] interface GigabitEthernet 0/1 [Sysname-GigabitEthernet0/1] pim ipv6 timer graft-retry 80 pim ipv6 timer hello Syntax pim ipv6 timer hello interval undo pim ipv6 timer hello View Interface view Default level 2: System level Parameters interval: Hello interval in seconds, with an effective range of 1 to 2,147,483,647. Description Use pim ipv6 timer hello to configure on the current interface the interval at which hello messages are sent.
Description Use pim ipv6 timer join-prune to configure on the current interface the interval at which join/prune messages are sent. Use undo pim ipv6 timer join-prune to restore the default. By default, the join/prune interval is 60 seconds. Related commands: timer join-prune. Examples # Set the join/prune interval to 80 seconds on GigabitEthernet 0/1.
Default level 2: System level Parameters interval: Register probe time in seconds, with an effective range of 1 to 1799. Description Use probe-interval to configure the register probe time. Use undo probe-interval to restore the default. By default, the register probe time is 5 seconds. Related commands: register-suppression-timeout. Examples # Set the register probe time to 6 seconds.
register-policy (IPv6 PIM view) Syntax register-policy acl6-number undo register-policy View IPv6 PIM view Default level 2: System level Parameters acl6-number: Advanced IPv6 ACL number, in the range of 3000 to 3999. Only register messages that match the permit statement of the IPv6 ACL can be accepted by the RP. Description Use register-policy to configure an IPv6 ACL rule to filter register messages. Use undo register-policy to remove the configured register filtering rule.
Use undo register-suppression-timeout to restore the default. By default, the register suppression time is 60 seconds. Related commands: probe-interval and register-policy. Examples # Set the register suppression time to 70 seconds.
Parameters interface-type interface-number: Specifies to reset the IPv6 PIM control message counter on a particular interface. If no interface is specified, this command will clear the statistics information about IPv6 PIM control messages on all interfaces. Description Use reset pim ipv6 control-message counters to reset IPv6 PIM control message counters. Examples # Reset IPv6 PIM control message counters on all interfaces.
Parameters acl6-number: Basic or advanced IPv6 ACL number, in the range of 2000 to 3999. Description Use source-policy to configure an IPv6 multicast data filter. Use undo source-policy to remove the configured IPv6 multicast data filter. By default, no IPv6 multicast data filter is configured. If you specify a basic ACL, the device filters all the received IPv6 multicast packets based on the source address, and discards packets that fail the source address match.
Description Use spt-switch-threshold to configure the SPT switchover parameters. Use undo spt-switch-threshold to restore the default. By default, the device switches to the SPT immediately after it receives the first IPv6 multicast packet. To adjust the order of an IPv6 ACL that already exists in the group-policy list, you can use the acl6-number argument to specify this IPv6 ACL and set its order-value. This will insert the IPv6 ACL to the position of order-value in the group-policy list.
[Sysname] acl ipv6 number 2000 [Sysname-acl6-basic-2000] rule permit source ff3e:0:8192:: 96 [Sysname-acl6-basic-2000] quit [Sysname] pim ipv6 [Sysname-pim6] ssm-policy 2000 state-refresh-hoplimit Syntax state-refresh-hoplimit hoplimit-value undo state-refresh-hoplimit View IPv6 PIM view Default level 2: System level Parameters hoplimit-value: Hop limit value of state refresh messages, in the range of 1 to 255.
Description Use state-refresh-interval to configure the interval between state refresh messages. Use undo state-refresh-interval to restore the default. By default, the state refresh interval is 60 seconds. Related commands: pim ipv6 state-refresh-capable, state-refresh-hoplimit, and state-refresh-rate-limit. Examples # Set the state refresh interval to 70 seconds.
View IPv6 PIM view Default level 2: System level Parameters ipv6-rp-address: IPv6 address of the static RP to be configured. This address must be a real, valid, globally scoped IPv6 unicast address. For a static RP serving IPv6 BIDIR-PIM, you can specify a virtual IPv6 address. acl6-number: Basic IPv6 ACL number, in the range of 2000 to 2999. If you provide this argument, the configured static RP will serve only those IPv6 multicast groups that pass the filtering.
undo timer hello View IPv6 PIM view Default level 2: System level Parameters interval: Hello interval in seconds, with an effective range of 1 to 2,147,483,647. Description Use timer hello to configure the hello interval globally. Use undo timer hello to restore the default. By default, hello messages are sent at the interval of 30 seconds. Related commands: pim ipv6 timer hello. Examples # Set the global hello interval to 40 seconds.
MLD configuration commands display mld group Syntax display mld group [ ipv6-group-address | interface interface-type interface-number ] [ static | verbose ] [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters ipv6-group-address: MLD group address, in the range of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16, and FF0y::), where x and y represent any hexadecimal number ranging from 0 to F.
Last-listener-query-counter: 0 Last-listener-query-timer-expiry: off Group mode: include Version1-host-present-timer-expiry: off Table 225 Command output Field Description Interface group report information MLD group information on the interface. Total 1 MLD Groups reported One MLD group was reported. Group IPv6 multicast group address. Uptime Length of time since the IPV6 multicast group was joined.
source ipv6-source-address: Displays information about the hosts tracked by MLD that are in the specified IPv6 multicast source. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
verbose: Displays detailed MLD configuration and operation information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Table 227 Command output Field Description GigabitEthernet0/1(FE80::200:AFF:FE01:101) Interface and IPv6 link-local address. Current MLD version MLD version running on the interface. Value of query interval for MLD (in seconds) MLD query interval, in seconds. Value of other querier present interval for MLD (in seconds) MLD other querier present interval, in seconds. Value of maximum query response time for MLD (in seconds) Maximum response delay for general query messages (in seconds).
Default level 1: Monitor level Parameters ipv6-group-address: Displays information about the specified MLD proxying group. The group address is in the form of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16, through FF0y::), where x and y represent any hexadecimal number ranging from 0 to F. If this argument is not specified, this command displays information about all the MLD proxying groups. verbose: Displays the detailed MLD proxying group information.
Field Description Source list A list of sources joining the same multicast group in the MLD proxying group. display mld routing-table Syntax display mld routing-table [ ipv6-source-address [ prefix-length ] | ipv6-group-address [ prefix-length ] | flags { act | suc } ] * [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters ipv6-source-address: Specifies a multicast source by its IPv6 address.
Protocol: MLD 00002. (100::1, FF1E::101), Flag: ACT List of 1 downstream interface in include mode GigabitEthernet0/2 (FE80::100:5E16:FEC0:1010), Protocol: MLD Table 229 Command output Field Description Routing table MLD routing table. 00001 Sequence number of this (*, G) entry. (*, FF1E::101) (*, G) entry in the MLD routing table.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display mld ssm-mapping to view the configured MLD SSM mappings for the specified IPv6 multicast group. Related commands: ssm-mapping. Examples # View the MLD SSM mappings for multicast group FF1E::101.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display mld ssm-mapping group to view the multicast group information created based on the configured MLD SSM mappings.
display mld ssm-mapping host interface Syntax display mld ssm-mapping host interface interface-type interface-number group ipv6-group-address source ipv6-source-address [ | { begin | exclude | include } regular-expression ] View Any view Default level 1: Monitor level Parameters interface-type interface-number: Displays information about the hosts that join based on the MLD SSM mappings on the specified interface.
Field Description Host Host IPv6 address Uptime Host running duration Expires Host expiration time, where timeout means that the host has expired. fast-leave (MLD view) Syntax fast-leave [ group-policy acl6-number ] undo fast-leave View MLD view Default level 2: System level Parameters acl6-number: Number of a basic IPv6 ACL, in the range of 2000 to 2999. If you do not include this option in your command, this command takes effect for all IPv6 multicast groups.
Default level 2: System level Parameters None Description Use host-tracking to enable the MLD host tracking function globally. Use undo host-tracking to disable the MLD host tracking function globally. By default, this function is disabled. Related command: mld host-tracking. Examples # Enable the MLD host tracking function globally.
max-response-time (MLD view) Syntax max-response-time interval undo max-response-time View MLD view Default level 2: System level Parameters interval: Maximum response delay for MLD general query messages in seconds, in the range of 1 to 25. Description Use max-response-time to configure the maximum response delay for MLD general queries globally. Use undo max-response-time to restore the default. By default, the maximum response delay for MLD general queries is 10 seconds.
Examples # Enable IPv6 multicast routing and enter MLD view. system-view [Sysname] multicast ipv6 routing-enable [Sysname] mld [Sysname-mld] mld enable Syntax mld enable undo mld enable View Interface view Default level 2: System level Parameters None Description Use mld enable to enable MLD on the current interface. Use undo mld enable to disable MLD on the current interface. By default, MLD is disabled on the current interface.
Default level 2: System level Parameters acl6-number: Number of a basic IPv6 ACL, in the range of 2000 to 2999. If you do not specify any IPv6 ACL number, this command takes effect for all IPv6 multicast groups. Description Use mld fast-leave to configure MLD fast-leave processing on the current interface. Use undo mld fast-leave to disable MLD fast-leave processing on the current interface. By default, MLD fast-leave processing is disabled.
Related commands: mld static-group and reset mld group. Examples # Allow GigabitEthernet 0/1 to join up to 128 IPv6 multicast groups. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mld group-limit 128 mld group-policy Syntax mld group-policy acl6-number [ version-number ] undo mld group-policy View Interface view Default level 2: System level Parameters acl6-number: Number of a basic or advanced IPv6 ACL, in the range of 2000 to 3999.
mld host-tracking Syntax mld host-tracking undo mld host-tracking View Interface view Default level 2: System level Parameters None Description Use mld host-tracking to enable the MLD host tracking function on an interface. Use undo mld host-tracking to disable the MLD host tracking function on an interface By default, this function is disabled. Related commands: host-tracking. Examples # Enable the MLD host tracking function on GigabitEthernet 0/1.
Examples # Set the MLD last listener query interval to 3 seconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mld last-listener-query-interval 3 mld max-response-time Syntax mld max-response-time interval undo mld max-response-time View Interface view Default level 2: System level Parameters interval: Maximum response delay for MLD general query messages in seconds, in the range of 1 to 25.
Parameters None Description Use mld proxying enable to enable MLD proxying on an interface. Use undo mld proxying enable to disable MLD proxying on the interface. By default, MLD proxying is disabled. This command takes effect only after IPv6 multicast routing is enabled. If MLD proxying is enabled on a loopback interface, the proxy device maintains only the MLD routing table without adding the MLD routes to the multicast routing table and forwarding table. Related commands: multicast ipv6 routing-enable.
mld require-router-alert Syntax mld require-router-alert undo mld require-router-alert View Interface view Default level 2: System level Parameters None Description Use mld require-router-alert to configure the interface to discard MLD messages without the Router-Alert option. Use undo mld require-router-alert to restore the default. By default, the device does not check the Router-Alert option. That is, it forwards all received MLD messages to the upper layer protocol for processing.
The MLD querier's robustness variable defines the maximum number of attempts for transmitting MLD general queries, multicast-address-specific queries, or multicast-address-and-source-specific queries in case of packet loss due to network problems. A greater value of the robustness variable makes the MLD querier "more robust", but results in a longer IPv6 multicast group timeout time.
mld ssm-mapping enable Syntax mld ssm-mapping enable undo mld ssm-mapping enable View Interface view Default level 2: System level Parameters None Description Use mld ssm-mapping enable to enable the MLD SSM mapping feature on the current interface. Use undo mld ssm-mapping enable to disable the MLD SSM mapping feature on the current interface. By default, the MLD SSM mapping feature is disabled on all interfaces. Examples # Enable the MLD SSM mapping feature on GigabitEthernet 0/1.
Examples # Set the startup query count to 3 on GigabitEthernet 0/1.
Parameters ipv6-group-address: IPv6 multicast group address, in the range of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16, and FF0y::), where x and y represent any hexadecimal number ranging from 0 to F. ipv6-source-address: IPv6 address of the specified multicast source. all: Removes all static IPv6 multicast groups that the current interface has joined.
By default, MLD other querier present interval = [ MLD query interval ] × [ MLD querier's robustness variable ] + [ maximum response delay for MLD general queries ] /2. Related commands: display mld interface, mld max-response-time, mld robust-count, mld timer query, and timer other-querier-present. Examples # Set the MLD other querier present interval to 200 seconds on GigabitEthernet 0/1.
Default level 2: System level Parameters version-number: MLD version, 1 or 2. Description Use mld version to configure the MLD version on the current interface. Use undo mld version to restore the default MLD version. By default, the MLD version is MLDv1. Related commands: version. Examples # Set the MLD version to MLDv2 on GigabitEthernet 0/1.
reset mld group Syntax reset mld group { all | interface interface-type interface-number { all | ipv6-group-address [ prefix-length ] [ ipv6-source-address [ prefix-length ] ] } } View User view Default level 2: System level Parameters all: The first all specifies all interfaces, and the second all specifies all MLD groups. interface interface-type interface-number: Specifies an interface by its type and number.
Parameters all: The first all specifies to clear IPv6 multicast group information created based on the configured MLD SSM mappings on all interfaces, and the second all specifies to clear all IPv6 multicast group information created based on the configured MLD SSM mappings.. interface-type interface-number: Specifies an interface by its type and number.
• The number of multicast-address-specific queries that the MLDv1 querier sends after receiving an MLD done message. • The number of multicast-address-and-source-specific queries that the MLDv2 querier sends after receiving an MLD report that tells relation changes between IPv6 multicast groups and IPv6 multicast sources. Related commands: display mld interface, last-listener-query-interval, startup-query-count, timer other-querier-present, and timer query.
View MLD view Default level 2: System level Parameters ipv6-group-address: Specifies an IPv6 multicast group by its IPv6 address, in the form of FFxy::/16, where x and y represent any hexadecimal number ranging from 0 to F. prefix-length: Prefix length of the IPv6 multicast group address, in the range of 8 to 128. ipv6-source-address: Specifies a multicast source by its IPv6 address. all: Removes all MLD SSM mappings. Description Use ssm-mapping to configure an MLD SSM mapping.
Examples # Set the startup query count to 3 globally. system-view [Sysname] mld [Sysname-mld] startup-query-count 3 startup-query-interval (MLD view) Syntax startup-query-interval interval undo startup-query-interval View MLD view Default level 2: System level Parameters interval: Startup query interval in seconds, namely, the interval between general queries that the MLD querier sends on startup, with an effective range of 1 to 18000.
Description Use timer other-querier-present to configure the MLD other querier present interval globally. Use undo timer other-querier-present to restore the default. By default, MLD other querier present interval = [ MLD query interval ] × [ MLD querier's robustness variable ] + [ maximum response delay for MLD general queries ] /2. Related commands: display mld interface, max-response-time, mld timer other-querier-present, robust-count, and timer query.
View MLD view Default level 2: System level Parameters version-number: MLD version number, 1 or 2. Description Use version to configure the MLD version globally. Use undo version to restore the default MLD version. By default, the MLD version is MLDv1. Related commands: mld version. Examples # Set the MLD version to MLDv2 globally.
Routing policy configuration commands NOTE: • The common routing policy configuration commands are applicable to both IPv4 and IPv6. • Only F5000 supports the IS-IS configuration commands in this chapter. Common routing policy configuration commands apply as-path Syntax apply as-path as-number&<1-10> [ replace ] undo apply as-path View Routing policy view Default level 2: System level Parameters as-number&<1-10>: Autonomous system number, in the range of 1 to 4294967295.
apply comm-list delete Syntax apply comm-list { comm-list-number | comm-list-name } delete undo apply comm-list View Routing policy view Default level 2: System level Parameters comm-list-number: Community list number. A basic community list number ranges from 1 to 99. A advanced community list number ranges from 100 to 199. comm-list-name: Community list name, a string of 1 to 31 characters, which can contain letters, numbers, and signs.
aa:nn: Community number; both aa and nn are in the range of 0 to 65535. &<1-16>: Indicates the argument before it can be entered up to 16 times. internet: Sets the internet community attribute for BGP routes. Routes with this attribute can be advertised to all BGP peers. no-advertise: Sets the no-advertise community attribute for BGP routes. Routes with this attribute cannot be advertised to any peers. no-export: Sets the no-export community attribute for BGP routes.
Use undo apply cost to remove the clause configuration. No cost is set for routing information by default. Examples # Configure node 10 in permit mode of routing policy policy1: set a cost of 120 for routing information whose outgoing interface is GigabitEthernet 0/1.
Examples # Create node 10 in permit mode of routing policy policy1: If a route has a tag of 8, set the cost type for the route to IS-IS internal route.
Parameters egp: Sets the origin attribute of BGP routing information to EGP. as-number: Autonomous system number for EGP routes, in the range of 1 to 4294967295. igp: Sets the origin attribute of BGP routing information to IGP. incomplete: Sets the origin attribute of BGP routing information to unknown. Description Use apply origin to set the specified origin attribute for BGP routes. Use undo apply origin to remove the clause configuration.
[Sysname-route-policy] if-match route-type external-type1or2 [Sysname-route-policy] apply preference 90 apply preferred-value Syntax apply preferred-value preferred-value undo apply preferred-value View Routing policy view Default level 2: System level Parameters preferred-value: Preferred value, in the range of 0 to 65535. Description Use apply preferred-value to set a preferred value for BGP routes. Use undo apply preferred-value to remove the clause configuration.
No routing tag is set for RIP , OSPF, or IS-IS routing information by default. Examples # Configure node 10 in permit mode of routing policy policy1: set a tag of 100 for OSPF external routes.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ip community-list to display BGP community list information. All BGP community list information will be displayed if no basic-community-list-number or adv-community-list-number is specified.
apply cost 120 Table 234 Command output. Field Description Route-policy Routing policy name Permit Match mode of routing policy node 10 if-match ip-prefix abc Match criterion apply cost 120 If the match criterion is satisfied, set a cost of 120 for routing information.
undo if-match community [ { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number ]&<1-16> View Routing policy view Default level 2: System level Parameters basic-community-list-number: Basic community list number, in the range of 1 to 99. adv-community-list-number: Advanced community list number, in the range of 100 to 199. comm-list-name: Community list name, a string of 1 to 31 characters, which can contain letters, numbers, and signs.
Use undo if-match cost to remove the match criterion. The match criterion is not configured by default. Examples # Configure node 10 in permit mode of routing policy policy1: define an if-match clause to permit routing information with a cost of 8.
undo if-match route-type [ external-type1 | external-type1or2 | external-type2 | internal | is-is-level-1 | is-is-level-2 | nssa-external-type1 | nssa-external-type1or2 | nssa-external-type2 ] * View Routing policy view Default level 2: System level Parameters external-type1: OSPF Type 1 external routes. external-type1or2: OSPF Type 1 or 2 external routes. external-type2: OSPF Type 2 external routes. internal: Internal routes (OSPF intra-area and inter-area routes). is-is-level-1: IS-IS Level-1 routes.
Default level 2: System level Parameters value: Specifies a tag from 0 to 4294967295. Description Use if-match tag to match routing information having the specified tag. Use undo if-match tag to remove the match criterion. The match criterion is not configured by default. Examples # Configure node 10 in permit mode of routing policy policy1 to permit RIP, OSPF and IS-IS routing information with a tag of 8.
[Sysname] ip as-path 1 permit ^10 ip community-list Syntax ip community-list { basic-comm-list-num | basic comm-list-name } { deny | [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * permit } undo ip community-list { basic-comm-list-num | basic comm-list-name } [ deny | permit ] [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * ip community-list { adv-comm-list-num | advanced comm-list-name } { deny | permit } regular-expres
No community list is defined by default. Examples # Define basic community list 1 to permit routing information with the internet community attribute. system-view [Sysname] ip community-list 1 permit internet # Define advanced community list 100 to permit routing information with the community attribute starting with 10.
[Sysname-route-policy] IPv4 routing policy configuration commands apply ip-address next-hop Syntax apply ip-address next-hop ip-address undo apply ip-address next-hop View Routing policy view Default level 2: System level Parameters ip-address: IP address of the next hop. Description Use apply ip-address next-hop to set a next hop for IPv4 routing information. Use undo apply ip-address next-hop to remove the clause configuration. No next hop is set for IPv4 routing information by default.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ip ip-prefix to display the statistics of an IPv4 prefix list.
Description Use if-match acl to configure an ACL match criterion. Use undo if-match acl to remove the match criterion. No ACL match criterion is configured by default. Examples # Configure node 10 of routing policy policy1 to permit routes matching ACL 2000.
View Routing policy view Default level 2: System level Parameters ip-prefix-name: Matches an IP prefix list with a name being a string of 1 to 19 characters. Description Use if-match ip-prefix to configure an IP prefix list based match criterion. Use undo if-match ip-prefix to remove the match criterion. No IP prefix list based match criterion is configured by default. Examples # Configure node 10 of routing policy policy2 to permit routes whose destination address matches IP prefix list p1.
min-mask-length <= max-mask-length <= 32. If only the min-mask-length is specified, the prefix length range is [ min-mask-length, 32 ]. If only the max-mask-length is specified, the prefix length range is [ mask-length, max-mask-length ]. If both min-mask-length and max-mask-length are specified, the prefix length range is [ min-mask-length, max-mask-length ]. Description Use ip ip-prefix to configure an IPv4 prefix list or an item of it.
IPv6 routing policy configuration commands apply ipv6 next-hop Syntax apply ipv6 next-hop ipv6-address undo apply ipv6 next-hop View Routing policy view Default level 2: System level Parameters ipv6-address: Next hop IPv6 address. Description Use apply ipv6 next-hop to configure a next hop for IPv6 routes. Use undo apply ipv6 next-hop to remove the clause configuration. No next hop address is configured for IPv6 routing information by default. This command cannot set a next hop for redistributed routes.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ip ipv6-prefix to display the statistics of the specified IPv6 prefix list. If no IPv6 prefix list is specified, the statistics of all IPv6 prefix lists will be displayed. Examples # Display the statistics of all IPv6 prefix lists.
acl acl6-number: Specifies the number of an IPv6 ACL for filtering, in the range of 2000 to 3999 for address, and 2000 to 2999 for next-hop and route-source. prefix-list ipv6-prefix-name: Specifies the name of a IPv6 prefix list for filtering, a string of 1 to 19 characters. Description Use if-match ipv6 to configure a destination, next hop or source address based match criterion for IPv6 routes. Use undo if-match ipv6 to remove the match criterion. The match criterion is not configured by default.
The length relation is mask-length <= min-mask-length <= max-mask-length <= 128. If only the min-prefix-length is specified, the prefix length range is [ min-prefix-length, 128 ]. If only the max-prefix-length is specified, the prefix length range is [ prefix-length, max-prefix-length ]. If both the min-prefix-length and max-prefix-length are specified, the prefix length range is [ min-prefix-length, max-prefix-length ]. Description Use ip ipv6-prefix to configure an IPv6 prefix list or an item of it.
SSL configuration commands IMPORTANT: The FIPS mode is available only for the firewall modules. For more information about FIPS, see Access Control Configuration Guide.
Keyword F1000-A-EI/S-EI F1000-E F5000 Firewall module rsa_3des_ede_cbc_sha and rsa_aes_256_cbc_sha Yes Yes No Yes Description Use ciphersuite to specify the cipher suites for an SSL server policy to support. By default, an SSL server policy supports all cipher suites. With no keyword specified, the command configures an SSL server policy to support all cipher suites. If you execute the command repeatedly, the last one takes effect. Related commands: display ssl server-policy.
Examples # Configure the SSL server to require certificate-based SSL client authentication. system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] client-verify enable client-verify weaken Syntax client-verify weaken undo client-verify weaken View SSL server policy view Default level 2: System level Parameters None Description Use client-verify weaken to enable SSL client weak authentication. Use undo client-verify weaken to restore the default.
close-mode wait Syntax close-mode wait undo close-mode wait View SSL server policy view Default level 2: System level Parameters None Description Use close-mode wait to set the SSL connection close mode to wait mode. In this mode, after sending a close-notify alert message to a client, the server does not close the connection until it receives a close-notify alert message from the client. Use undo close-mode wait to restore the default.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Description Use display ssl client-policy to view information about a specified SSL client policy or all SSL client policies. Examples # Display information about SSL client policy policy1. display ssl client-policy policy1 SSL Client Policy: policy1 SSL Version: SSL 3.
Description Use display ssl server-policy to view information about a specified SSL server policy or all SSL server policies. Examples # Display information about SSL server policy policy1.
View SSL server policy view Default level 2: System level Parameters time: Handshake timeout time in seconds, in the range of 180 to 7200. Description Use handshake timeout to set the handshake timeout time for an SSL server policy. Use undo handshake timeout to restore the default. By default, the handshake timeout time is 3600 seconds. If the SSL server does not receive any packet from the SSL client before the handshake timeout time expires, the SSL server will terminate the handshake process.
[Sysname-ssl-server-policy-policy1] pki-domain server-domain # Configure SSL client policy policy1 to use PKI domain client-domain.
Keyword F1000-A-EI/S-EI F1000-E F5000 Firewall module rsa_3des_ede_cbc_sha and rsa_aes_256_cbc_sha Yes Yes No Yes Description Use prefer-cipher to specify the preferred cipher suite for an SSL client policy. Use undo prefer-cipher to restore the default. By default, the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5. Related commands: display ssl client-policy. Examples # Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha.
session Syntax session { cachesize size | timeout time } * undo session { cachesize | timeout } * View SSL server policy view Default level 2: System level Parameters cachesize size: Specifies the maximum number of cached sessions, in the range of 100 to 1000. timeout time: Specifies the caching timeout time in seconds, in the range of 1800 to 72000. Description Use session to set the maximum number of cached sessions and the caching timeout time. Use undo session to restore the default.
Parameters policy-name: SSL client policy name, a case-insensitive string of 1 to 16 characters, which cannot be a, al, or all. all: Specifies all SSL client policies. Description Use ssl client-policy to create an SSL policy and enter its view. Use undo ssl client-policy to delete a specified SSL client policy or all SSL client policies. Related commands: display ssl client-policy. Examples # Create SSL client policy policy1 and enter its view.
version Syntax In non-FIPS mode: version { ssl3.0 | tls1.0 } undo version In FIPS mode: version tls1.0 undo version View SSL client policy view Default level 2: System level Parameters ssl3.0: Specifies SSL 3.0. tls1.0: Specifies TLS 1.0. Description Use version to specify the SSL protocol version for an SSL client policy. Use undo version to restore the default. By default, the SSL protocol version for an SSL client policy is TLS 1.0. Related commands: display ssl client-policy.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a firewall. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device.
Index ABCDEFGHIJLMNOPQRSTUVW A abr-summary (OSPF area view),281 abr-summary (OSPFv3 area view),724 authentication-mode,283 auto-cost enable,424 auto-rp enable,559 active region-configuration,70 B aggregate,345 balance,768 aggregate,767 balance (BGP/BGP-VPN instance view),346 apply access-vpn vpn-instance,496 bandwidth-reference,725 apply as-path,966 bandwidth-reference (IS-IS view),425 apply comm-list delete,967 bandwidth-reference (OSPF view),284 apply community,967 bestroute as-path-neglect
c-bsr holdtime (IPv6 PIM view),884 default cost (RIPng view),704 c-bsr holdtime (PIM view),564 default ipv4-unicast,354 c-bsr interval (IPv6 PIM view),884 default local-preference,772 c-bsr interval (PIM view),564 c-bsr priority (IPv6 PIM view),885 default local-preference (BGP/BGP-VPN instance view),354 c-bsr priority (PIM view),565 default med,773 c-bsr scope,886 check region-configuration,70 checkzero,704 default med (BGP/BGP-VPN instance view),355 default-cost (OSPF area view),285 default-cos
dhcp server detect,141 display bgp routing-table regular-expression,375 dhcp server forbidden-ip,142 display bgp routing-table statistic,376 dhcp server ip-pool,143 display bootp client,195 dhcp server ping packets,143 display ddns policy,207 dhcp server ping timeout,144 display dhcp client,191 dhcp server relay information enable,145 display dhcp relay,182 dhcp server threshold,145 display dhcp relay information,183 display arp,214 display dhcp relay security,185 display arp ip-address,215
display ip policy-based-route setup,501 display isis route ipv6,834 display ip policy-based-route statistics,502 display isis spf-log,442 display ip routing-table,481 display isis statistics,444 display ip routing-table acl,485 display local-proxy-arp,222 display ip routing-table ip-address,488 display mac-address,64 display ip routing-table ip-prefix,490 display mac-address aging-time,65 display ip routing-table protocol,492 display mac-forwarding statistics,133 display ip routing-table stati
display ospfv3 lsdb statistic,734 display router id,377 display ospfv3 next-hop,735 display router id,311 display ospfv3 peer,736 display ssl client-policy,995 display ospfv3 peer statistic,738 display ssl server-policy,996 display ospfv3 request-list,739 display stp,71 display ospfv3 retrans-list,741 display stp abnormal-port,78 display ospfv3 routing,743 display stp bpdu-statistics,78 display ospfv3 statistic,744 display stp down-port,81 display ospfv3 topology,745 display stp history,82
filter,312 I filter-policy export,795 filter-policy export (BGP/BGP-VPN instance view),378 filter-policy export (IS-IS view),446 if-match acl,984 filter-policy export (OSPF view),313 if-match acl6,863 filter-policy export (OSPFv3 view),748 if-match as-path,976 filter-policy export (RIP view),259 if-match community,976 filter-policy export (RIPng view),711 if-match cost,977 filter-policy import,796 filter-policy import (BGP/BGP-VPN instance view),379 filter-policy import (IS-IS view),448 filter-p
import-route isis level-2 into level-1,451 ipv6 filter-policy import,840 import-route limit (IS-IS view),452 ipv6 hoplimit-expires enable,655 import-source,618 ipv6 host,700 inline-interfaces,136 ipv6 icmp-error,656 instance,86 ipv6 icmpv6 multicast-echo-reply enable,656 interface,17 ipv6 import-route,841 interface loopback,34 ipv6 import-route isisv6 level-2 into level-1,842 interface null,35 ipv6 import-route limit,843 interface virtual-template,127 ipv6 local policy-based-route,865 inte
isis mesh-group,459 maximum load-balancing (RIPng view),714 isis mib-binding,459 maximum-routes,321 isis silent,460 max-response-time (IGMP view),550 isis small-hello,461 max-response-time (MLD view),945 isis timer csnp,461 mdi,25 isis timer hello,462 mld,945 isis timer holding-multiplier,463 mld enable,946 isis timer lsp,464 mld fast-leave,946 isis timer retransmit,465 mld group-limit,947 is-level,465 mld group-policy,948 is-name,466 mld host-tracking,949 is-name map,467 mld last-lis
N ospfv3 timer poll,761 name,53 ospfv3 timer retransmit,760 naturemask-arp enable,217 ospfv3 trans-delay,761 nbns-list,158 output-delay,265 netbios-type,158 P network,800 peer,265 network,159 network,264 network (BGP/BGP-VPN instance view),384 network (OSPF area view),322 network ip range,160 network mask,161 peer,334 peer advertise-community,800 peer advertise-community (BGP/BGP-VPN instance view),385 peer advertise-ext-community,801 network short-cut (BGP/BGP-VPN instance view),384 peer adv
peer ebgp-max-hop,811 peer sa-cache-maximum,623 peer ebgp-max-hop (BGP/BGP-VPN instance view),397 peer sa-request-policy,625 peer enable (BGP/BGP-VPN instance view),397 peer substitute-as,825 peer fake-as,812 peer fake-as (BGP/BGP-VPN instance view),398 peer filter-policy,812 peer filter-policy (BGP/BGP-VPN instance view),399 peer group,813 peer group (BGP/BGP-VPN instance view),400 peer ignore,814 peer sa-policy,624 peer substitute-as (BGP/BGP-VPN instance view),411 peer timer,825 peer timer (BGP/B
port,54 reflect between-clients,827 port access vlan,54 reflect between-clients (BGP view/BGP-VPN instance view),413 port hybrid pvid,55 port hybrid vlan,56 port inline-interfaces,136 port link-mode,18 port link-mode interface-list,19 port link-type,58 port trunk permit vlan,59 port trunk pvid,60 ppp account-statistics enable,112 ppp authentication-mode,112 ppp chap password,114 ppp chap user,114 ppp ignore match-next-hop,115 ppp ipcp dns,116 ppp ipcp dns admit-any,116 ppp ipcp dns request,117 ppp ipcp
reset ipv6 neighbors,668 rip version,276 reset ipv6 pathmtu,669 ripng,716 reset ipv6 policy-based-route statistics,866 ripng default-route,717 reset ipv6 routing-table statistics,856 ripng enable,718 reset ipv6 statistics,670 ripng ipsec-policy,719 reset isis all,473 ripng metricin,719 reset isis peer,474 ripng metricout,720 reset mac-forwarding statistics,134 ripng poison-reverse,720 reset mld group,959 ripng split-horizon,721 reset mld ssm-mapping group,959 ripng summary-address,721 re
ssl server-policy,1002 stp timer hello,105 ssm-mapping (IGMP view),554 stp timer max-age,106 ssm-mapping (MLD view),961 stp timer-factor,107 ssm-policy (IPv6 PIM view),927 stp transmit-limit,107 ssm-policy (PIM view),605 stub (OSPF area view),341 startup-query-count (IGMP view),555 stub (OSPFv3 area view),765 startup-query-count (MLD view),962 stub-router,342 startup-query-interval (IGMP view),556 sub-interface rate-statistic,22 startup-query-interval (MLD view),963 Subscription service,100
V validate-source-address,279 vendor-class-identifier,167 version,1003 vlan,62 vlan-mapping modulo,108 vlink-peer (OSPF area view),343 vlink-peer (OSPFv3 area view),765 version,280 voice-config,168 version (IGMP view),558 W version (MLD view),964 Websites,1004 virtual-system,479 1020
