HP FlexFabric 11900 Switch Series Layer 3 - IP Services Command Reference Part number: 5998-5274 Software version: Release 2111 and later Document version: 6W100-20140110
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ARP commands····························································································································································· 1 arp check enable ······················································································································································ 1 arp check log enable ············································································································································
dhcp server bootp reply-rfc-1048 ························································································································ 37 dhcp server forbidden-ip ······································································································································ 38 dhcp server ip-pool ··············································································································································· 39 dhcp server ping packets
display dhcp client ················································································································································ 84 ip address dhcp-alloc ············································································································································ 87 DHCP snooping commands ·········································································································································· 87 dhcp snooping
ssl-client-policy ····················································································································································· 129 url ·········································································································································································· 130 username ························································································································································
display ipv6 tcp ··················································································································································· 191 display ipv6 tcp verbose ···································································································································· 193 display ipv6 udp ················································································································································· 197 display ipv6 u
domain-name ······················································································································································· 244 ipv6 dhcp pool ···················································································································································· 245 ipv6 dhcp prefix-pool ·········································································································································· 245 ipv6 dhcp s
source ··································································································································································· 290 tunnel dfbit enable··············································································································································· 291 tunnel discard ipv4-compatible-packet ·············································································································· 292 tunnel tos ······
ARP commands arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines The dynamic ARP entry check function controls whether the device supports dynamic ARP entries with multicast MAC addresses.
Default ARP log output is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines The device can generate a large amount of ARP logs. To conserve system resources, enable the device to output ARP logs only when you are troubleshooting or debugging ARP events. Examples # Enable ARP log output. system-view [Sysname] arp check log enable arp max-learning-num Use arp max-learning-num to set the maximum number of dynamic ARP entries that an interface can learn.
Examples # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries. system-view [Sysname] interface vlan-interface 40 [Sysname-Vlan-interface40] arp max-learning-num 500 # Specify Ten-GigabitEthernet 1/0/1 to learn up to 1000 dynamic ARP entries. system-view [Sysname] interface Ten-GigabitEthernet1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] arp max-learning-num 1000 # Specify Layer 2 aggregate interface bridge-aggregation 1 to learn up to 1000 dynamic ARP entries.
Usage guidelines A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that a device can learn. When the maximum number is reached, the device stops learning ARP entries. When the number argument is set to 0, the device is disabled from learning dynamic ARP entries. Examples # Set the interface card in slot 1 to learn up to 64 dynamic ARP entries.
Examples # Configure a multiport ARP entry that comprises IP address 202.38.10.2 and MAC address 00e0-fc01-0000 in VLAN 10. system-view [Sysname] arp multiport 202.39.10.2 00e0-fc01-0000 10 Related commands • display arp multiport • reset arp multiport arp static Use arp static to configure a static ARP entry. Use undo arp to remove an ARP entry.
A static ARP entry is effective when the device works correctly. However, if the VLAN or VLAN interface to which an ARP entry corresponds is deleted, the entry is deleted if it is long. If it is short and resolved, the entry becomes unresolved. A resolved short static ARP entry might become unresolved upon certain events. For example, it is unresolved if the output interface is down. A long static ARP entry is ineffective when the corresponding VLAN interface or output interface is down.
Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. Dynamic ARP entries that are not updated before their aging timers expire are deleted from the ARP table. Set the aging timer for dynamic ARP entries as needed. For example, when you configure proxy ARP, set a short aging time so that invalid dynamic ARP entries can be deleted timely.
vlan vlan-id: Displays the ARP entries for the specified VLAN. The VLAN ID is in the range of 1 to 4094. interface interface-type interface-number: Displays the ARP entries for the interface specified by the argument interface-type interface-number. count: Displays the number of ARP entries. verbose: Displays detailed information about ARP entries.
Field Description Interface Output interface in an ARP entry. Aging Aging time for a dynamic ARP entry in minutes. N/A means unknown aging time or no aging time. ARP entry type: Type • • • • • D—Dynamic. S—Static. O—OpenFlow. M—Multiport. I—Invalid. Vpn Instance Name of VPN instance. [No Vrf] is displayed if no VPN instance is configured for the ARP entry. Total number of entries Number of ARP entries.
verbose: Displays the detailed information about the specified ARP entry. Usage guidelines This command displays the ARP entry for a specific IP address, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer. Examples # Display the ARP entry for the IP address 20.1.1.1. display arp 20.1.1.1 Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid IP address MAC address VLAN Interface Aging Type 20.1.1.
Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters vpn-instance-name: Specifies the name of an MPLS L3VPN, a case-sensitive string of 1 to 31 characters. count: Displays the number of ARP entries. Usage guidelines This command shows information about ARP entries for a specific VPN, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer. Examples # Display ARP entries for the VPN instance named test.
multiport: Clears all multiport ARP entries. static: Clears all static ARP entries. slot slot-number: Clears the ARP entries for the interface card specified by the slot number. (In standalone mode.) chassis chassis-number slot slot-number: Clears the ARP entries of a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.
Gratuitous ARP commands arp ip-conflict log prompt Use arp ip-conflict log prompt to enable IP conflict notification without conflict confirmation. Use undo arp ip-conflict log prompt to restore the default. Syntax arp ip-conflict log prompt undo arp ip-conflict log prompt Default The IP conflict notification is disabled. The receiving device sends a gratuitous ARP request, and it displays an error message after it receives an ARP reply about the conflict.
mdc-admin Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds. Usage guidelines This function takes effect only when the enabled interface is up and an IP address has been assigned to the interface. This function can send gratuitous ARP requests only for a VRRP virtual IP address, or the sending interface's primary IP address or manually configured secondary IP address.
When learning of gratuitous ARP packets is disabled, the device uses the received gratuitous ARP packets to update existing ARP entries, but not to create new ARP entries. You can disable this function to save ARP entry resources. Examples # Enable learning of gratuitous ARP packets.
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface interface-type interface-number: Displays the local proxy ARP status for the specified interface. Usage guidelines The local ARP proxy status can be enabled or disabled.
Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface interface-type interface-number: Displays the proxy ARP status for the specified interface. Usage guidelines The proxy ARP status can be enabled or disabled. If an interface is specified, this command displays proxy ARP status for the specified interface. If no interface is specified, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status on VLAN-interface 1.
Usage guidelines Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on the same network. Proxy ARP includes common proxy ARP and local proxy ARP. Common proxy ARP allows communication between hosts that connect to different Layer-3 interfaces and reside in different broadcast domains.
Proxy ARP includes common proxy ARP and local proxy ARP. Common proxy ARP allows communication between hosts that connect to different Layer-3 interfaces and reside in different broadcast domains. Local proxy ARP allows communication between hosts that connect to the same Layer-3 interface and reside in different broadcast domains. Examples # Enable proxy ARP on VLAN-interface 2.
ARP snooping commands arp snooping enable Use arp snooping enable to enable ARP snooping. Use undo arp snooping enable to disable ARP snooping. Syntax arp snooping enable undo arp snooping enable Default ARP snooping is disabled. Views VLAN view Predefined user roles network-admin mdc-admin Examples # Enable ARP snooping on VLAN 2. system-view [Sysname] vlan 2 [Sysname-vlan2] arp snooping enable display arp snooping Use display arp snooping to display ARP snooping entries.
network-operator mdc-admin mdc-operator Parameters vlan vlan-id: Displays ARP snooping entries for a specific VLAN. The vlan-id argument is in the range of 1 to 4094. count: Displays the number of the current ARP snooping entries. ip ip-address: Displays the ARP snooping entry for the specified IP address. slot slot-number: Specifies a card by its slot number. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on the specified IRF member device.
Syntax reset arp snooping [ ip ip-address | vlan vlan-id ] Views User view Predefined user roles network-admin mdc-admin Parameters ip ip-address: Removes the ARP snooping entry for a specific IP address. vlan vlan-id: Removes the ARP snooping entries for a specific VLAN. The vlan-id argument is in the range of 1 to 4094. Usage guidelines If you do not specify any keywords or arguments, the command removes all ARP snooping entries. Examples # Remove ARP snooping entries for VLAN 2.
IP addressing commands The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
TTL invalid packet number: 0 ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 3 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down w
Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Description Total number of ICMP packets received on the interface (statistics start at the device startup): • • • • • • • • • • • • • • • • Echo reply packets. Unreachable packets. Source quench packets.
Usage guidelines Use the display ip interface brief command to display brief IP configuration information, including the state, IP address, and description of the physical and link layer protocols, for the specified Layer 3 interface or all Layer 3 interfaces. If you do not specify the interface type and interface number, this command displays the brief IP configuration information for all Layer 3 interfaces.
ip address Use ip address to assign an IP address to the interface. Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ] Default No IP address is assigned to an interface. Views Interface view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the IP address of the interface, in dotted decimal notation.
Related commands • display ip interface • display ip interface brief ip address unnumbered Use ip address unnumbered to configure the current interface as IP unnumbered to borrow an IP address from the specified interface. Use undo ip address unnumbered to disable IP unnumbered on the interface. Syntax ip address unnumbered interface interface-type interface-number undo ip address unnumbered Default The interface does not borrow IP addresses from other interfaces.
DHCP commands Common DHCP commands dhcp dscp Use dhcp dscp to set the DSCP value for DHCP packets sent by the DHCP server or the DHCP relay agent. Use undo dhcp dscp to restore the default. Syntax dhcp dscp dscp-value undo dhcp dscp Default The DSCP value in DHCP packets is 56. Views System view Predefined user roles network-admin mdc-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Default DHCP is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines Enable DHCP before you perform DHCP server or relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp select Use dhcp select to enable the DHCP server or DHCP relay agent on an interface. Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The interface discards DHCP packets.
system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] dhcp select relay Related commands reset dhcp server ip-in-use DHCP server commands The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
system-view [Sysname] dhcp server ip-pool 1 [Sysname-dhcp-pool-1] address range 192.168.8.1 192.168.8.150 Related commands • class • dhcp class • display dhcp server pool • network bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information.
[Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bims-server ip 1.1.1.1 port 80 sharekey simple aabbcc Related commands display dhcp server pool bootfile-name Use bootfile-name to specify a boot file name in a DHCP address pool. Use undo bootfile-name to remove the specified boot file name. Syntax bootfile-name bootfile-name undo bootfile-name Default No bootfile name is specified.
Syntax class class-name range start-ip-address end-ip-address undo class class-name Default No IP address range is specified for a DHCP user class. Views DHCP address pool view Predefined user roles network-admin mdc-admin Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any client.
Use undo dhcp class to remove the specified user class. Syntax dhcp class class-name undo dhcp class class-name Default No DHCP user class exists. Views System view Predefined user roles network-admin mdc-admin Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. Usage guidelines In the DHCP user class view, use the if-match option command to configure a match rule to match specific clients.
Predefined user roles network-admin mdc-admin Usage guidelines This command enables the DHCP server to ignore the broadcast flag in DHCP requests and broadcast all responses. If a DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0), the DHCP server always unicasts a response (the destination address is ciaddr) to the DHCP client regardless of whether this command is executed.
Examples # Apply DHCP address pool 0 on VLAN-interface 2. system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] dhcp server apply ip-pool 0 Related commands dhcp server ip-pool dhcp server bootp ignore Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests. Use undo dhcp server bootp ignore to restore the default. Syntax dhcp server bootp ignore undo dhcp server bootp ignore Default The DHCP server does not ignore BOOTP requests.
Views System view Predefined user roles network-admin mdc-admin Usage guidelines Not all BOOTP clients can send requests compliant with RFC 1048. By default, the DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses. Use this command to enable the DHCP server to fill in the Vend field using the RFC 1048-compliant format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients that request statically bound addresses.
If the excluded IP address is in a static binding, the address can be still assigned to the client. The address or address range specified in the undo form of the command must be the same as the address or address range specified in the command. To remove an IP address that has been specified as part of an address range, you must remove the entire address range. Examples # Exclude the IP addresses of 10.110.1.1 through 10.110.1.63 from dynamic allocation.
dhcp server ping packets Use dhcp server ping packets to specify the maximum number of ping packets. Use undo dhcp server ping packets to restore the default. Syntax dhcp server ping packets number undo dhcp server ping packets Default The maximum number of ping packets is 1. Views System view Predefined user roles network-admin mdc-admin Parameters number: Specifies the maximum number of ping packets, in the range of 0 to 10.
Default The ping response timeout time is 500 milliseconds. Views System view Predefined user roles network-admin mdc-admin Parameters milliseconds: Specifies the timeout time in the range of 0 to 10000 milliseconds. To disable the ping operation for address conflict detection, set the value to 0 milliseconds. Usage guidelines To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.
Usage guidelines Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82. Examples # Configure the DHCP server to ignore Option 82. system-view [Sysname] undo dhcp server relay information enable display dhcp server conflict Use display dhcp server conflict to display information about IP address conflicts.
Field Description Detect time Time when the conflict was discovered. Related commands reset dhcp server conflict display dhcp server expired Use display dhcp server expired to display the lease expiration information. Syntax display dhcp server expired [ ip ip-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters ip ip-address: Displays lease expiration information about the specified IP address.
Related commands reset dhcp server expired display dhcp server free-ip Use display dhcp server free-ip to display information about assignable IP addresses. Syntax display dhcp server free-ip [ pool pool-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters pool pool-name: Displays assignable IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.
Related commands • address range • dhcp server ip-pool • network display dhcp server ip-in-use Use display dhcp server ip-in-use to display binding information about assigned IP addresses. Syntax display dhcp server ip-in-use [ ip ip-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters ip ip-address: Displays binding information about the specified IP address.
Table 8 Command output Field Description IP address IP address assigned. Client identifier/Hardware address Client ID or hardware address. Lease expiration time: • Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire. Lease expiration • Not used—The IP address of the static binding has not been assigned to the specific client. • Unlimited—Infinite lease expiration time. • After 2100—The lease will expire after 2100.
Examples # Display information about all DHCP address pools. display dhcp server pool Pool name: 0 Network 20.1.1.0 mask 255.255.255.0 class a range 20.1.1.50 20.1.1.60 bootfile-name abc.cfg dns-list 20.1.1.66 20.1.1.67 20.1.1.68 domain-name www.aabbcc.com bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU= option 2 ip-address 1.1.1.1 expired 1 2 3 0 Pool name: 1 Network 20.1.1.0 mask 255.255.255.0 secondary networks: 20.1.2.0 mask 255.255.255.0 20.1.3.0 mask 255.255.255.
expired unlimited Table 9 Command output Field Description Pool name Name of an address pool. Network Assignable network. secondary networks Assignable secondary networks. address range Assignable address range. class class-name range DHCP user class and its address range. static bindings Static IP-to-MAC/client ID bindings. option Customized DHCP option. expired Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3 minutes 4 seconds.
network-operator mdc-admin mdc-operator Parameters pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. Without this option, the command displays information about all address pools. Examples # Display the DHCP server statistics. display dhcp server statistics Pool number: 1 Pool utilization: 0.
Field Description DHCP packets received from clients: Messages received • • • • • • DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM BOOTPREQUEST This field is not displayed if you display statistics for a specific address pool. DHCP packets sent to clients: Messages sent • • • • DHCPOFFER DHCPACK DHCPNAK BOOTPREPLY This field is not displayed if statistics about a specific address pool are displayed. Bad Messages Number of bad messages.
Usage guidelines If you use the dns-list command multiple times, the most recent configuration takes effect. The undo dns-list command without any parameter specified deletes all DNS server addresses in the DHCP address pool. Examples # Specify the DNS server address 10.1.1.254 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list 10.1.1.
expired Use expired to specify the lease duration in a DHCP address pool. Use undo expired to restore the default lease duration for a DHCP address pool. Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic address pool is one day. Views DHCP address pool view Predefined user roles network-admin mdc-admin Parameters day day: Specifies the number of days, in the range of 0 to 365.
Use undo forbidden-ip to cancel the configuration. Syntax forbidden-ip ip-address&<1-8> undo forbidden-ip [ ip-address&<1-8> ] Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles network-admin mdc-admin Parameters ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces.
Predefined user roles network-admin mdc-admin Parameters ip-address&<1-8>: Specifies gateways. &<1-8> indicates that you can specify up to eight gateway addresses separated by spaces. Gateway addresses must reside on the same subnet as the assignable IP addresses. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Without any parameters specified, the undo gateway-list command deletes all gateway addresses.
hex hex-string: Matches the specified string in the option, which must be a hex string of even numbers in the range of 2 to 256. If you do not specify the hex-string argument, the DHCP server only checks whether the specified option exists in the received packets. mask mask: Specifies the mask used to match the option content. The mask argument is a hex string of even numbers in the range of 2 to 256. The length of mask must be the same as that of hex-string.
nbns-list Use nbns-list to specify WINS server addresses in a DHCP address pool. Use undo nbns-list to remove the specified WINS server addresses. Syntax nbns-list ip-address&<1-8> undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles network-admin mdc-admin Parameters ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to eight WINS server addresses separated by spaces.
Views DHCP address pool view Predefined user roles network-admin mdc-admin Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server. h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server. m-node: Specifies the mixed node.
mdc-admin Parameters network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified, the natural mask will be used. mask-length: Specifies the mask length in the range of 1 to 30. mask mask: Specifies the mask in dotted decimal format. secondary: Specifies the subnet as a secondary subnet. Without this keyword, this command specifies the primary subnet.
Default No server's IP address is specified in an address pool. Views DHCP address pool view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the IP address of a server. Usage guidelines Upon startup, the DHCP client obtains its own IP address and the specified server IP address, and then contacts the specified server, such as a TFTP server, to get other boot information. If you use the next-server command multiple times, the most recent configuration takes effect.
ascii ascii-string: Specifies an ASCII string of 1 to 255 characters as the option content. hex hex-string: Specifies a hex string of even numbers from 2 to 256 as the option content. ip-address ip-address&<1-8>: Specifies the IP addresses as the option content. &<1-8> indicates that you can specify up to eight IP addresses separated by spaces. Usage guidelines The DHCP server fills the customized option with the specified ASCII string, hex string, or IP addresses, and sends it in a response to the client.
Parameters ip ip-address: Clears conflict information about the specified IP address. If no IP address is specified, this command clears all address conflict information. Usage guidelines Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts. After the conflicts are resolved, you can use the reset dhcp server conflict command to clear conflict information so that the conflicted addresses can be assigned to clients.
Views User view Predefined user roles network-admin mdc-admin Parameters ip ip-address: Clears binding information about the specified assigned IP address. pool pool-name: Clears binding information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. Usage guidelines Using this command without any parameter clears binding information about all assigned IP addresses.
Syntax static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] } undo static-bind ip-address ip-address Default No static binding is specified in a DHCP address pool. Views DHCP address pool view Predefined user roles network-admin mdc-admin Parameters ip-address ip-address: Specifies the IP address of the static binding. The natural mask is used if no mask length or mask is specified.
Related commands display dhcp server pool tftp-server domain-name Use tftp-server domain-name to specify a TFTP server name in a DHCP address pool. Use undo tftp-server domain-name to remove the TFTP server name from a DHCP address pool. Syntax tftp-server domain-name domain-name undo tftp-server domain-name Default No TFTP server name is specified.
Views DHCP address pool view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the IP address of a TFTP server. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server address 10.1.1.1 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.
• disable: Disables the specified VLAN. DHCP clients will not take this VLAN as their voice VLAN. • enable: Enables the specified VLAN. DHCP clients will take this VLAN as their voice VLAN. Usage guidelines If you use the command multiple times, the most recent configuration takes effect. Examples # Configure Option 184 in DHCP address pool 0: the primary network calling processor 10.1.1.1, backup network calling processor 10.2.2.2, voice VLAN 3 that is enabled, failover IP address 10.3.3.
The MAC address check function takes effect only when the dhcp select relay command has been configured on the interface. Enable the MAC address check function only on the DHCP relay agent directly connected to the DHCP clients. A DHCP relay agent changes the source MAC address of DHCP packets before sending them. If you enable this feature on an intermediate relay agent, it might discard valid DHCP packet, and the sending clients will not obtain IP addresses.
dhcp relay client-information record Use dhcp relay client-information record to enable recording client information in relay entries. A relay entry contains information about a client such as the client's IP and MAC addresses. Use undo dhcp relay client-information record to disable the function. Syntax dhcp relay client-information record undo dhcp relay client-information record Default The DHCP relay agent does not record client information in relay entries.
Predefined user roles network-admin mdc-admin Parameters auto: Automatically calculates the refresh interval. The more the entries, the shorter the refresh interval. The shortest interval must not be less than 500 ms. interval interval: Specifies the refresh interval in the range of 1 to 120 seconds. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Examples # Set the refresh interval to 100 seconds.
• If the server returns a DHCP-ACK message or does not return any message within a specific interval, the DHCP relay agent removes the entry and sends a DHCP-RELEASE message to the DHCP server to release the IP address. • If the server returns a DHCP-NAK message, the relay agent keeps the entry. With this feature disabled, the DHCP relay agent does not remove relay entries automatically.
sub-slot number, interface number, and VLAN ID. The node identifier varies with the keyword mac, sysname, and user-defined. • mac: Uses the MAC address of the access node as the node identifier. It is the default node identifier. • sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format.
• dhcp relay information strategy • display dhcp relay information dhcp relay information enable Use dhcp relay information enable to enable the relay agent to support Option 82. Use undo dhcp relay information enable to disable Option 82 support. Syntax dhcp relay information enable undo dhcp relay information enable Default The DHCP relay agent does not support Option 82.
Syntax dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname } undo dhcp relay information remote-id Default The content mode is normal and the padding format is hex. Views Interface view Predefined user roles network-admin mdc-admin Parameters normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface. format: Specifies the code type for the remote ID sub-option. The default code type is hex.
Use undo dhcp relay information strategy to restore the default handling strategy. Syntax dhcp relay information strategy { drop | keep | replace } undo dhcp relay information strategy Default The handling strategy for messages that contain Option 82 is replace. Views Interface view Predefined user roles network-admin mdc-admin Parameters drop: Drops DHCP messages that contain Option 82 messages. keep: Keeps the original Option 82 intact.
mdc-admin Parameters client-ip: Specifies the IP address to be released. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance of the IP address. The vpn-instance-name is a case-sensitive string of 1 to 31 characters. If you do not specify any VPN instance, this command releases the IP address in the public network. Usage guidelines After you execute this command, the relay agent sends a DHCP-RELEASE packet to the DHCP server and removes the relay entry of the IP address.
Examples # Specify the DHCP server 1.1.1.1 on the relay agent interface VLAN-interface 10. system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] dhcp relay server-address 1.1.1.1 Related commands • dhcp select relay • display dhcp relay interface display dhcp relay check mac-address Use display dhcp relay check mac-address to display MAC address check entries on the relay agent.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. ip ip-address: Displays the relay entry for the specified IP address. vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the specified MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31 characters.
Related commands • dhcp relay client-information record • reset dhcp relay client-information display dhcp relay information Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent.
Table 14 Command output Field Description Interface Interface name. Option 82 states: Status • Enable—DHCP relay agent support for Option 82 is enabled. • Disable—DHCP relay agent support for Option 82 is disabled. Strategy Handling strategy for request messages containing Option 82, Drop, Keep, or Replace. Circuit ID Pattern Padding content mode of the circuit ID sub-option, Verbose, Normal, or User Defined.
Interface name Vlan-interface2 Server IP address 2.2.2.2 Table 15 Command output Field Description Interface name Interface name. Server IP address DHCP server IP address specified on the DHCP relay agent. Related commands dhcp relay server-address display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent.
DHCP packets relayed to servers: 0 DHCPDISCOVER: 0 DHCPREQUEST: 0 DHCPINFORM: 0 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets relayed to clients: 0 DHCPOFFER: 0 DHCPACK: 0 DHCPNAK: 0 BOOTPREPLY: 0 DHCP packets sent to servers: 0 DHCPDISCOVER: 0 DHCPREQUEST: 0 DHCPINFORM: 0 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets sent to clients: 0 DHCPOFFER: 0 DHCPACK: 0 DHCPNAK: 0 BOOTPREPLY: 0 Related commands reset dhcp relay statistics rese
Usage guidelines Without any parameter, this command clears all relay entries on the DHCP relay agent. Examples # Clear all relay entries on the DHCP relay agent. reset dhcp relay client-information Related commands display dhcp relay client-information reset dhcp relay statistics Use reset dhcp relay statistics to clear relay agent statistics.
Views System view Predefined user roles network-admin mdc-admin Usage guidelines DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply, which makes the client unable to use the IP address assigned by the server. HP recommends that you disable duplicate address detection when ARP attacks exist on the network. Examples # Disable the duplicate address.
dhcp client identifier Use dhcp client identifier to configure a DHCP client ID for an interface. Use undo dhcp client identifier to restore the default. Syntax dhcp client identifier { ascii string | hex string | mac interface-type interface-number } undo dhcp client identifier Default An interface generates the DHCP client ID based on its MAC address. If the interface has no MAC address, it uses the MAC address of the first Ethernet interface to generate its client ID.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters verbose: Displays verbose DHCP client information. interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If you do not specify any interface, the command displays DHCP client information about all interfaces. Examples # Display DHCP client information about all interfaces.
Table 16 Command output Field Description Vlan-interface10 DHCP client information Information about the interface that serves as the DHCP client. Current state of the DHCP client: • HALT—The client stops applying for an IP address. • INIT—The initialization state. • SELECTING—The client has sent out a DHCP-DISCOVER message in search for a DHCP server and is waiting for the response from DHCP servers.
Related commands • dhcp client identifier • ip address dhcp-alloc ip address dhcp-alloc Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition. Use undo ip address dhcp-alloc to cancel an interface from using DHCP. Syntax ip address dhcp-alloc undo ip address dhcp-alloc Default An interface does not use DHCP for IP address acquisition.
undo dhcp snooping binding database filename Default No file is specified. Views System view Predefined user roles network-admin mdc-admin Parameters filename: Specifies the name of a local file. For information about the filename argument, see Fundamentals Configuration Guide. url url: Specifies the URL of a remote file. Do not include any username or password in the URL. Case sensitivity and the supported path format type depend on the server.
# Save DHCP snooping entries to file database.dhcp in the working directory of the FTP server at 10.1.1.1 with both the username and password as 1. system-view [Sysname] dhcp snooping binding database filename url ftp://10.1.1.1/database.dhcp username 1 password simple 1 # Save DHCP snooping entries to file database.dhcp in the working directory of the TFTP server at 10.1.1.1. system-view [Sysname] dhcp snooping binding database filename tftp://10.1.1.1/database.
dhcp snooping binding database update now Use dhcp snooping binding database update now to manually save DHCP snooping entries to the database file. Syntax dhcp snooping binding database update now Views System view Predefined user roles network-admin mdc-admin Usage guidelines Use this command to manually save DHCP snooping entries to the database file. Use the dhcp snooping binding database filename command before performing the manual saving operation.
Examples # Enable recording of client information in DHCP snooping entries. system-view [Sysname]interface Ten-GigabitEthernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping binding record dhcp snooping check mac-address Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping. Use undo dhcp snooping check mac-address to disable MAC address check for DHCP snooping.
Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin mdc-admin Usage guidelines DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This function prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server. With this function enabled, DHCP snooping looks for a matching DHCP snooping entry for each received DHCP-REQUEST message.
Examples # Enable DHCP snooping. system-view [Sysname] dhcp snooping enable dhcp snooping information circuit-id Use dhcp snooping information circuit-id to configure the padding content and code type for the circuit ID sub-option. Use undo dhcp snooping information circuit-id to restore the default.
ascii: Specifies the ASCII code type. hex: Specifies the hex code type. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. The padding format for the user-defined string, the normal mode, or the verbose modes varies with the command configuration. Table 17 shows how the padding format is determined for different modes.
Syntax dhcp snooping information enable undo dhcp snooping information enable Default DHCP snooping does not support Option 82. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin mdc-admin Usage guidelines This command enables DHCP snooping to add Option 82 into DHCP request packets that do not contain Option 82 before forwarding the requests to the DHCP server.
Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin mdc-admin Parameters vlan vlan-id: Specifies the VLAN ID as the remote ID sub-option. string remote-id: Specifies the character string as the remote ID sub-option, a case-sensitive string of 1 to 63 characters. sysname: Specifies the device name as the remote ID sub-option. You can configure the device name by using the sysname command in system view. normal: Specifies the normal padding format.
Default The handling strategy for Option 82 in request messages is replace. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin mdc-admin Parameters drop: Drops DHCP messages that contain Option 82. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only on DHCP requests that contain Option 82.
mdc-admin Parameters number: Specifies the maximum number of DHCP snooping entries that an interface can learn. The value range is 1 to 4294967295. Examples # Set the maximum number of DHCP snooping entries for the Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 to learn to 1000.
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping rate-limit 64 dhcp snooping trust Use dhcp snooping trust to configure a port as a trusted port. Use undo dhcp snooping trust to restore the default state of a port. Syntax dhcp snooping trust undo dhcp snooping trust Default After you enable DHCP snooping, all ports are untrusted.
Parameters ip ip-address: Displays the DHCP snooping entry for the specified IP address. vlan vlan-id: Specifies the VLAN ID where the IP address resides. Usage guidelines If you do not specify any parameters, the command displays all DHCP snooping entries. Examples # Display all DHCP snooping entries. display dhcp snooping binding 5 DHCP snooping entries found IP address MAC address Lease VLAN SVLAN Interface =============== ============== ============ ===== ===== ================= 1.1.1.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about the database file that stores DHCP snooping entries. display dhcp snooping binding database File name : database.dhcp Username : Password : Update interval : 600 seconds Latest write time : Feb 27 18:48:04 2012 Status : Last write succeeded.
network-operator mdc-admin mdc-operator Parameters all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces. interface interface-type interface-number: Specifies an interface by its type and number. Examples # Display Option 82 configuration on all interfaces.
display dhcp snooping packet statistics Use display dhcp snooping packet statistics to display DHCP packet statistics for DHCP snooping. Syntax In standalone mode: display dhcp snooping packet statistics [ slot slot-number ] In IRF mode: display dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Specifies a card by the slot number. (In standalone mode.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about trusted ports. display dhcp snooping trust DHCP snooping is enabled. DHCP snooping trust becomes active. Interface Trusted ========================= ============ Ten-GigabitEthernet1/0/1 Trusted Related commands dhcp snooping trust reset dhcp snooping binding Use reset dhcp snooping binding to clear DHCP snooping entries.
reset dhcp snooping packet statistics Use reset dhcp snooping packet statistics to clear DHCP packet statistics for DHCP snooping. Syntax In standalone mode: reset dhcp snooping packet statistics [ slot slot-number ] In IRF mode: reset dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Views User view Predefined user roles network-admin mdc-admin Parameters slot slot-number: Specifies a card by the slot number. (In standalone mode.
Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If no interface is specified, the command displays BOOTP client information for all interfaces. Examples # Display BOOTP client information for VLAN-interface 10. display bootp client interface vlan-interface 10 Vlan-interface10 BOOTP client information: Allocated IP: 169.254.0.2 255.255.0.
Views Interface view Predefined user roles network-admin mdc-admin Examples # Configure VLAN-interface 10 to use BOOTP for IP address acquisition.
DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If this keyword is not specified, the command displays the statically configured and dynamically obtained domain name suffixes.
Related commands dns domain display dns host Use display dns host to display information about domain name-to-IP address mappings. Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
Table 23 Command output Field Description No. Sequence number. Host name Domain name. Domain name-to-IP address mapping type: Type • S—A static mapping configured by the ip host or ipv6 host command. • D—A mapping dynamically obtained through dynamic domain name resolution. Time in seconds that a mapping can be stored in the cache. TTL For a static mapping, a hyphen (-) is displayed. Query type Query type, type A or type AAAA.
Examples # Display IPv4 DNS server information about the public network. display dns server Type: D: Dynamic S: Static No. Type IP address 1 S 202.114.0.124 2 S 169.254.65.125 Table 24 Command output Field Description No. Sequence number. DNS server type: Type • S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server.
display ipv6 dns server Type: D: Dynamic S: Static No. Type IPv6 address 1 2::2 S Outgoing Interface Table 25 Command output Field Description No. Sequence number. DNS server type: Type • S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IPv6 address IPv6 address of the DNS server. Outgoing Interface Output interface.
system-view [Sysname] dns dscp 30 dns domain Use dns domain to configure a domain name suffix. Use undo dns domain to delete the specified domain name suffix. Syntax dns domain domain-name [ vpn-instance vpn-instance-name ] undo dns domain domain-name [ vpn-instance vpn-instance-name ] Default No domain name suffix is configured. Only the provided domain name is resolved. Views System view Predefined user roles network-admin mdc-admin Parameters domain-name: Specifies a domain name suffix.
Use undo dns proxy enable to restore the default. Syntax dns proxy enable undo dns proxy enable Default DNS proxy is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines This configuration applies to both IPv4 DNS and IPv6 DNS. Examples # Enable DNS proxy. system-view [Sysname] dns proxy enable dns server Use dns server to specify an IPv4 address of a DNS server. Use undo dns server to remove the specified IPv4 address of a DNS server.
Usage guidelines The device sends DNS query request to the DNS servers in the order their IPv4 addresses are specified. You can specify DNS server IPv4 addresses for the public network and up to 1024 VPNs, and specify a maximum of six IPv4 addresses for the public network or each VPN. Examples # Specify the IPv4 address of a DNS server as 172.16.1.1. system-view [Sysname] dns server 172.16.1.
Make sure the specified interface is on the VPN specified by the vpn-instance vpn-instance-name option. Examples # Specify VLAN-interface 2 as the source interface for DNS packets on the public network. system-view [Sysname] dns source-interface vlan-interface 2 dns spoofing Use dns spoofing to enable DNS spoofing and specify the IPv4 address to spoof DNS query requests. Use undo dns spoofing to restore the default.
dns trust-interface Use dns trust-interface to specify the DNS trusted interface. Use undo dns trust-interface to remove the specified DNS trusted interface. If no interface is specified, the undo dns trust-interface command removes all DNS trusted interfaces. Syntax dns trust-interface interface-type interface-number undo dns trust-interface [ interface-type interface-number ] Default No trusted interface is specified.
Views System view Predefined user roles network-admin mdc-admin Parameters host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include letters, digits, hyphens (-), underscores (_), and dots (.). ip-address: Specifies the IPv4 address of the host. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. To specify a host name-to-IP address mapping on the public network, do not specify this option.
Predefined user roles network-admin mdc-admin Parameters dscp-value: Sets the DSCP value for outgoing IPv6 DNS packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value for outgoing IPv6 DNS packets to 30.
You can specify DNS server IPv6 addresses for the public network and up to 1024 VPNs, and specify a maximum of six DNS server IPv6 addresses for the public network or each VPN. Examples # Specify the DNS server IPv6 address as 2002::1 for the public network. system-view [Sysname] ipv6 dns server 2002::1 Related commands display ipv6 dns server ipv6 dns spoofing Use ipv6 dns spoofing to enable DNS spoofing and specify the translated IPv6 address.
Related commands dns proxy enable ipv6 host Use ipv6 host to create a host name-to-IPv6 address mapping. Use undo ipv6 host to remove a mapping. Syntax ipv6 host host-name ipv6-address [ vpn-instance vpn-instance-name ] undo ipv6 host host-name ipv6-address [ vpn-instance vpn-instance-name ] Default No mappings are created. Views System view Predefined user roles network-admin mdc-admin Parameters host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters.
reset dns host Use reset dns host to clear information about the dynamic DNS cache. Syntax reset dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views User view Predefined user roles network-admin mdc-admin Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
DDNS commands The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update.
Related commands • ddns policy • display ddns policy ddns dscp Use ddns dscp to set the DSCP value for outgoing DDNS packets. Use undo ddns dscp to restore the default. Syntax ddns dscp dscp-value undo ddns dscp Default The DSCP value for outgoing DDNS packets is 0. Views System view Predefined user roles network-admin mdc-admin Parameters dscp-value: Sets the DSCP value for outgoing DDNS packets, in the range of 0 to 63.
Predefined user roles network-admin mdc-admin Parameters policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters. Usage guidelines You can create up to 16 DDNS policies on the device. Examples # Create a DDNS policy steven_policy and enter its view. system-view [Sysname] ddns policy steven_policy Related commands • ddns apply policy • display ddns policy display ddns policy Use display ddns policy to display information about DDNS policies.
Interval : 1 days 0 hours 1 minutes # Display information about all DDNS policies. display ddns policy DDNS policy: steven_policy URL : http://members.3322.org/dyndns/update?system= dyndns&hostname=&myip= Username : steven Password : ****** Method : GET SSL client policy: Interval : 0 days 0 hours 30 minutes DDNS policy: tom-policy URL : http://members.3322.
Related commands ddns policy interval Use interval to specify the interval for sending DDNS update requests after DDNS update is enabled. Use undo interval to restore the default value. Syntax interval days [ hours [ minutes ] ] undo interval Default The DDNS update request interval is one hour. Views DDNS policy view Predefined user roles network-admin mdc-admin Parameters days: Days in the range of 0 to 365. hours: Hours in the range of 0 to 23. minutes: Minutes in the range of 0 to 59.
method Use method to specify the parameter transmission method for sending DDNS update requests to HTTP/HTTPS-based DDNS servers. Use undo method to restore the default. Syntax method { http-get | http-post } undo method Default The method http-get applies. Views DDNS policy view Predefined user roles network-admin mdc-admin Parameters http-get: Uses the get operation. http-post: Uses the post operation. Usage guidelines This command applies to DDNS updates in HTTP/HTTPS.
Syntax password { cipher | simple } password undo password Default No password is specified for the URL address. Views DDNS policy view Predefined user roles network-admin mdc-admin Parameters cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies a case-sensitive password string. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters.
Views DDNS policy view Predefined user roles network-admin mdc-admin Parameters policy-name: Specifies the SSL client policy name, a case-insensitive string of 1 to 31 characters. Usage guidelines The SSL client policy is effective only for HTTPS-based DDNS update requests. If you use the ssl-client-policy command multiple times with different SSL client policies, the most recent configuration takes effect. Examples # Associate the SSL client policy ssl_policy with the DDNS policy steven_policy.
Usage guidelines The URL addresses configured for update requests vary with DDNS servers. Common DDNS server URL address format are shown in Table 27. Table 27 Common URL addresses for DDNS update request DDNS server URL addresses for DDNS update requests www.3322.org http://members.3322.org/dyndns/update?system=dyndns&hostname=&myip= DYNDNS http://members.dyndns.org/nic/update?system=dyndns&hostname=&myip= DYNS http://www.dyns.cx/postscript.
The system automatically fills with the FQDN that is specified when the DDNS policy is applied to the interface and automatically fills with the primary IP address of the interface to which the DDNS policy is applied. You might also manually specify an FQDN and an IP address in and , respectively. After that, the FQDN that is specified when the DDNS policy is applied becomes ineffective. However, manual configuration of and is not recommended.
Examples # Specify the username as steven to be contained in the URL address for update requests of DDNS policy steven_policy.
Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters vpn-instance vpn-instance-name: Displays the FIB table of the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
Destination/Mask Nexthop Flag OutInterface/Token 0.0.0.0/0 10.153.78.1 USGR M-GE0/0/0 Label Null 0.0.0.0/32 127.0.0.1 UH InLoop0 Null 10.153.78.0/24 10.153.78.83 U M-GE0/0/0 Null 10.153.78.0/32 10.153.78.83 UBH M-GE0/0/0 Null 10.153.78.1/32 10.153.78.1 UH M-GE0/0/0 Null 10.153.78.2/32 10.153.78.2 UH M-GE0/0/0 Null # Display the FIB entries for VPN vpn1.
Field Description Flags of routes: Flag • • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Blackhole route. D—Dynamic route. S—Static route. R—Relay route. F—Fast reroute. OutInterface/Token Output interface/LSP index number. Label Inner label.
Load sharing commands ip load-sharing mode per-flow Use ip load-sharing mode per-flow to configure per-flow load sharing. Use undo ip load-sharing mode per-flow to restore the default.
Examples # In standalone mode, configure per-flow load sharing on slot 2. system-view [Sysname] ip load-sharing mode per-flow slot 2 # In IRF mode, configure per-flow load sharing on slot 2 of chassis 1.
IP performance optimization commands The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). display icmp statistics Use display icmp statistics to display ICMP statistics.
router advert 0 router solicit 0 broadcast/multicast echo requests ignored 0 broadcast/multicast timestamp requests ignored 0 Output: echo 0 destination unreachable 0 source quench 0 redirects 0 echo replies 175 parameter problem 0 timestamp 0 information replies 0 mask requests 0 mask replies 0 time exceeded 0 bad address 0 packet error router advert 3 1442 display ip statistics Use display ip statistics to display IP packet statistics.
compress fails 0 Fragment:input 0 output 0 dropped 0 fragmented 0 couldn't fragment 0 0 timeouts Reassembling:sum 0 Table 29 Command output Field Input Output Fragment Reassembling Description sum Total number of packets received. local Total number of packets destined for the device. bad protocol Total number of unknown protocol packets. bad format Total number of packets with incorrect format. bad checksum Total number of packets with incorrect checksum.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Displays brief RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief RawIP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device.
display rawip verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters pcb pcb-index: Displays detailed RawIP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16. slot slot-number: Displays detailed RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card.
Field Description Chassis ID of the IRF member device. Slot Number of the slot that holds the card. Creator Name of the operation that created the socket. The number in brackets is the process number of the creator. State State of the socket. Options Socket options. Error Error code. Displays receive buffer information in the following order: Receiving buffer (cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space.
Field Description Flags in the Internet PCB: • • • • • • • • • Inpcb flags INP_RECVOPTS—Receives IP options. INP_RECVRETOPTS—Receives replied IP options. INP_RECVDSTADDR—Receives destination IP address. INP_HDRINCL—Provides the entire IP header. INP_REUSEADDR—Reuses the IP address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_RECVIF—Records the input interface of the packet. INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Displays brief TCP connection information for the specified card. The slot-number argument specifies the slot number of the card. The number range depends on the device model. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief TCP connection information for the specified card on the specified IRF member device.
display tcp statistics Use display tcp statistics to display TCP traffic statistics. Syntax In standalone mode: display tcp statistics [ slot slot-number ] In IRF mode: display tcp statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Displays TCP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card.
Total: 4058 urgent packets: 0 control packets: 50 window probe packets: 3, window update packets: 11 data packets: 3862 (795012 bytes), data packets retransmitted: 0 (0 bytes) ACK-only packets: 150 (52 delayed) unnecessary packet retransmissions: 0 Syncache/syncookie related statistics: entries added to syncache: 12 syncache entries retransmitted: 0 duplicate SYN packets: 0 reply failures: 0 successfully build new socket: 12 bucket overflows: 0 zone failures: 0 syncache entries removed due to RST: 0 syncac
packets dropped with MD5 authentication: 0 packets permitted with MD5 authentication: 0 Related commands reset tcp statistics display tcp verbose Use display tcp verbose to display detailed information about TCP connections.
Error: 0 Receiving buffer(cc/hiwat/lowat/state): 0 / 65700 / 1 / N/A Sending buffer(cc/hiwat/lowat/state): 0 / 65700 / 512 / N/A Type: 1 Protocol: 6 Connection info: src = 192.168.20.200:23 , dst = 192.168.20.14:4181 Inpcb flags: N/A Inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) Connection state: ESTABLISHED Send VRF: 0x0 Receive VRF: 0x0 Table 33 Command output Field Description TCP inpcb number Number of TCP IP PCBs. tcpcb number Number of TCP PCBs. Chassis ID of the IRF member device.
Field Description Socket type: • 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. Type • 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. • 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. • N/A—None of the above types. Protocol Number of the protocol using the socket. Connection info Source IP address and destination IP address.
display udp Use display udp to display brief information about UDP connections. Syntax In standalone mode: display udp [ slot slot-number ] In IRF mode: display udp [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Displays brief UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. The number range depends the device model.
display udp statistics Use display udp statistics to display UDP traffic statistics. Syntax In standalone mode: display udp statistics [ slot slot-number ] Distributed devices–In IRF mode: display udp statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Displays UDP traffic statistics on the specified card. The slot-number argument specifies the slot number of the card.
display udp verbose Use display udp verbose to display detailed information about UDP connections. Syntax In standalone mode: display udp verbose [ slot slot-number [ pcb pcb-index ] ] In IRF mode: display udp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters pcb pcb-index: Displays detailed UDP connection information for the specified PCB.
Protocol: 17 Connection info: src = 0.0.0.0:69, dst = 0.0.0.0:0 Inpcb flags: N/A Inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) Send VRF: 0xffff Receive VRF: 0xffff Table 35 Command output Field Description Total UDP socket number Total number of UDP sockets. Chassis ID of the IRF member device. Slot Slot number of the card. Creator Name of the operation that created the socket. The number in brackets is the process number of the creator. State Socket state. Options Socket option.
Field Description Flags in the Internet PCB: • • • • • • • • • Inpcb flags INP_RECVOPTS—Receives IP options. INP_RECVRETOPTS—Receives replied IP options. INP_RECVDSTADDR—Receives destination IP address. INP_HDRINCL—Provides the entire IP header. INP_REUSEADDR—Reuses the IP address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_RECVIF—Records the input interface of the packet. INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag.
Views Interface view Predefined user roles network-admin mdc-admin Usage guidelines A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones. If an interface is allowed to forward directed broadcasts destined for the directly connected network, hackers can exploit this vulnerability to attack the target network.
bucketsize: Specifies the maximum number of tokens allowed in the bucket. The value range is 1 to 200, and the default is 10. Usage guidelines To avoid sending excessive ICMP error messages within a short period that might cause network congestion, you can use the command to limit the rate at which ICMP error messages are sent. A token bucket algorithm is used with one token representing one ICMP error message.
undo ip icmp source [ vpn-instance vpn-instance-name ] Default The device uses the IP address of the sending interface as the source IP address for outgoing ICMP packets. Views System view Predefined user roles network-admin mdc-admin Parameters vpn-instance vpn-instance-name: Specifies the VPN instance to which the specified address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The specified VPN instance must exist.
Usage guidelines Set an appropriate MTU to avoid fragmentation. The MTU for the interface applies to only packets that are sent to the CPU for forwarding by software, for example, the packets that are sourced from or destined to the interface. When a packet exceeds the MTU of the output interface, the device processes it in one of the following ways: • If the packet disallows fragmentation, the device discards it. • If the packet allows fragmentation, the device fragments it and forwards the fragments.
• There is no source route option in the received packet. Examples # Enable sending ICMP redirect messages. system-view [Sysname] ip redirects enable ip ttl-expires enable Use ip ttl-expires enable to enable sending ICMP time-exceeded messages. Use undo ip ttl-expires enable to disable sending ICMP time-exceeded messages. Syntax ip ttl-expires enable undo ip ttl-expires enable Default Sending ICMP time-exceeded messages is disabled.
undo ip unreachables enable Default Sending ICMP destination unreachable messages is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines A device sends ICMP destination unreachable messages by following these rules: • If a packet does not match any specific route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error message to the source.
Parameters slot slot-number: Clears IP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. The number range depends on the device model. (In standalone mode.) chassis chassis-number slot slot-number: Clears IP traffic statistics for the specified card of the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number specifies the slot number of the card. (In IRF mode.
Predefined user roles network-admin mdc-admin Examples # Clear UDP traffic statistics. reset udp statistics Related commands display udp statistics tcp mss Use tcp mss to configure the TCP maximum segment size (MSS). Use undo tcp mss to restore the default. Syntax tcp mss value undo tcp mss Default No TCP MSS is configured. Views Interface view Predefined user roles network-admin mdc-admin Parameters Value: Specifies the TCP MSS in the range of 128 to 2048 bytes.
[Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] tcp mss 300 tcp path-mtu-discovery Use tcp path-mtu-discovery to enable TCP path MTU discovery. Use undo tcp path-mtu-discovery to disable TCP path MTU discovery. Syntax tcp path-mtu-discovery [ aging age-time | no-aging ] undo tcp path-mtu-discovery Default TCP path MTU discovery is disabled.
Default SYN Cookie is disabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines A TCP connection is established through a three-way handshake: 1. The sender sends a SYN packet to the server. 2. The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state, and replies with a SYN ACK packet to the sender. 3. The sender receives the SYN ACK packet and replies with an ACK packet. Then, a TCP connection is established.
Parameters time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds. Usage guidelines TCP starts the FIN wait timer when the state changes to FIN_WAIT_2. If no FIN packet is received within the timer interval, the TCP connection is terminated. If a FIN packet is received, TCP changes connection state to TIME_WAIT. If a non-FIN packet is received, TCP restarts the timer and tears down the connection when the timer expires. Examples # Set the TCP FIN wait timer to 800 seconds.
Syntax tcp window window-size undo tcp window Default The size of the TCP receive/send buffer is 64 KB. Views System view Predefined user roles network-admin mdc-admin Parameters window-size: Specifies the size of the TCP receive/send buffer in KB, in the range of 1 to 64. Examples # Configure the size of the TCP receive/send buffer as 3 KB.
UDP helper commands The term "interface" in this chapter collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). display udp-helper interface Use display udp-helper interface to display information about packets forwarded by UDP helper on an interface.
• udp-helper server reset udp-helper statistics Use reset udp-helper statistics to clear the statistics of UDP packets forwarded by UDP helper. Syntax reset udp-helper statistics Views User view Predefined user roles network-admin mdc-admin Examples # Clear the statistics of UDP packets forwarded by UDP helper. reset udp-helper statistics Related commands display udp-helper interface udp-helper enable Use udp-helper enable to enable UDP helper.
udp-helper port Use udp-helper port to specify a UDP port number for UDP helper. Use undo udp-helper port to remove UDP port numbers. Syntax udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } Default No UDP port number is specified for UDP helper.
Syntax udp-helper server ip-address undo udp-helper server [ ip-address ] Default No destination server is specified. Views Interface view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the IP address of a destination server, in dotted decimal notation. Usage guidelines Specify destination servers on an interface that receives UDP broadcast packets. You can specify up to 20 destination servers on an interface.
IPv6 basics commands The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries.
Destination: 1::1 Prefix length: 64 Nexthop Flags: UHS : 1::2 Time stamp : 0x1 Interface Label: 100 : XGE1/0/2 Token: Invalid Table 37 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of IPv6 FIB entries. Destination Destination address. Prefix length Prefix length of the destination address. Nexthop Next hop. Route flag: Flags • • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Black hole route.
mdc-operator Parameters slot slot-number: Displays ICMPv6 packet statistics for the specified card. The slot-number argument specifies the slot that holds the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays ICMPv6 packet statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the number of the slot that holds the card. (In IRF mode.
interface-number: Interface number. brief: Displays brief information. Usage guidelines If you specify the brief keyword, this command displays brief information including physical status, link-layer protocols, and IPv6 address. If you do not specify the brief keyword, this command displays detailed information including IPv6 configuration and operating information, and IPv6 packet statistics. If you do not specify any interface, this command displays IPv6 information about all interfaces.
InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 0 OutRequests: 0 OutForwDatagrams: 0 InNoRoutes: 0 InTooBigErrors: 0 OutFragOKs: 0 OutFragCreates: 0 InMcastPkts: 0 InMcastNotMembers: 0 OutMcastPkts: 0 InAddrErrors: 0 InDiscards: 0 OutDiscards: 0 Table 38 Command output Field Description Physical state of the interface: • Administratively DOWN—The VLAN interface has been administratively shut down with the shutdown command.
Field Description Global unicast addresses of the interface. IPv6 address states: • TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. • DUPLICATE—The address is not unique on the link. • PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. • DEPRECATED—The address is beyond the preferred lifetime but in the valid lifetime.
Field Description InFragDrops IPv6 fragments that are discarded because of certain errors. InFragTimeouts IPv6 fragments that are discarded because the amount of time they stayed in the system buffer exceeded the specified interval. OutFragFails Packets that failed to be fragmented on the output interface. InUnknownProtos Received IPv6 packets with unknown or unsupported protocol type.
Field Description Physical state of the interface: • *down—The interface has been shut down with the shutdown command. • down—The interface is up but its physical state is down because all ports in Physical the VLAN are down. • up—The administrative and physical states of the interface are both up. Link layer protocol state of the interface: • down—The network layer protocol state of the interface is down. • up—The network layer protocol state of the interface is up.
Age: 600 Flag: A Lifetime(Valid/Preferred): - Table 40 Command output Filed Description Prefix IPv6 address prefix. How the prefix is generated: Origin Age • STATIC—Manually configured with the ipv6 nd ra prefix command. • RA—Advertised in RA messages after stateless autoconfiguration is enabled. • ADDRESS—Generated by a manually configured address. Aging time in seconds. If the prefix does not age out, this field displays a hyphen (-). Flags advertised in RA messages.
all: Displays information about all neighbors, including neighbors acquired dynamically and configured statically on the public network and all private networks. dynamic: Displays information about all neighbors acquired dynamically. static: Displays information about all neighbors configured statically. slot slot-number: Displays neighbor information for the specified card. (In standalone mode.
Field Description State of a neighbor: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable. • STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. • DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. • PROBE—Whether the neighbor is reachable is unknown.
Parameters all: Displays the total number of all neighbor entries, including neighbor entries created dynamically and configured statically. dynamic: Displays the total number of neighbor entries created dynamically. static: Displays the total number of neighbor entries configured statically. slot slot-number: Displays the total number of neighbor entries for the specified card. The slot-number argument specifies the number of the slot that holds the card. (In standalone mode.).
FE80::200:5EFF:FE32:B800 0000-5e32-b800 N/A XGE1/0/1 REACH IS - Table 42 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link-layer Link layer address (MAC address) of a neighbor. VID VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. Neighbor state: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable.
mdc-operator Parameters slot slot-number: Displays brief information about IPv6 RawIP connections for the specified card. The slot-number argument specifies the number of the slot that holds the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief information about IPv6 RawIP connections for the specified card for the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device.
Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16. slot slot-number: Displays detailed information about IPv6 RawIP connections for the specified card. The slot-number argument specifies the number of the slot that holds the card. (In standalone mode.
Field Description State Socket state. Options Socket options. Displays receive buffer information in the following order: Receiving buffer(cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states.
Field Description Flags in the Internet PCB: • • • • • • • • • INP_RECVOPTS—Receives IPv6 options. INP_RECVRETOPTS—Receives replied IPv6 options. INP_RECVDSTADDR—Receives destination IPv6 address. INP_HDRINCL—Provides the entire IPv6 header. INP_REUSEADDR—Reuses the IPv6 address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_PROTOCOL_PACKET—Identifies a protocol packet. INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag.
display ipv6 statistics Use display ipv6 statistics to display IPv6 and ICMPv6 packet statistics. Syntax In standalone mode: display ipv6 statistics [ slot slot-number ] In IRF mode: display ipv6 statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Displays IPv6 and ICMPv6 packet statistics for the specified card. The slot-number specifies the number of the slot that holds the card.
Received packets: Total: 0 Received locally: Fragments: Reassembly failures: Format errors: Protocol errors: 0 Hop limit exceeded: 0 0 Reassembled: 0 Reassembly timeout: 0 0 0 Option errors: 0 0 ICMPv6 statistics: Sent packets: Total: 0 Unreachable: 0 Hop limit exceeded: 0 Parameter problems: 0 Echo requests: Too big: 0 Reassembly timeouts: 0 0 Echo replies: 0 Neighbor solicits: 0 Neighbor adverts: Router solicits: 0 Router adverts: 0 0 Other errors: 0 0 Too short:
display ipv6 tcp [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Displays brief information about IPv6 TCP connections for the specified card. The slot-number argument specifies the number of the slot that holds the card. (In standalone mode.
Field Description TCP connection state: • • • • • State CLOSED—The server receives a disconnection request's reply from the client. LISTEN—The server is waiting for connection requests. SYN_SENT—The client is waiting for the server to reply to the connection request. SYN_RCVD—The server receives a connection request. ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. • CLOSE_WAIT—The server receives a disconnection request from the client.
chassis chassis-number slot slot-number: Displays detailed information about IPv6 TCP connections for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the number of the slot that holds the card. (In IRF mode.
Field Description Displays receive buffer information in the following order: Receiving buffer(cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states. Displays send buffer information in the following order: Sending buffer(cc/hiwat/lowat/state) • • • • cc—Used space.
Field Description Flags in the Internet PCB: • • • • • • • • • INP_RECVOPTS—Receives IPv6 options. INP_RECVRETOPTS—Receives replied IPv6 options. INP_RECVDSTADDR—Receives destination IPv6 address. INP_HDRINCL—Provides the entire IPv6 header. INP_REUSEADDR—Reuses the IPv6 address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_PROTOCOL_PACKET—Identifies a protocol packet. INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag.
Field Description TCP connection state: • CLOSED—The server receives a disconnection request's reply from the client. • LISTEN—The server is waiting for connection requests. • SYN_SENT—The client is waiting for the server to reply to the connection request. • SYN_RCVD—The server receives a connection request. • ESTABLISHED—The server and client have established connections and can Connection state transmit data bidirectionally. • CLOSE_WAIT—The server receives a disconnection request from the client.
chassis chassis-number slot slot-number: Displays brief information about IPv6 UDP connections for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the number of the slot that holds the card. (In IRF mode.) Usage guidelines Brief information about an IPv6 UDP connection includes local IPv6 address and port number, and peer IPv6 address and port number.
Parameters pcb pcb-index: Displays detailed information about IPv6 UDP connections of the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16. slot slot-number: Displays detailed information about IPv6 UDP connections for the specified card. The slot-number argument specifies the number of the slot that holds the card. (In standalone mode.
Field Description Displays receive buffer information in the following order: Receiving buffer(cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states. Displays send buffer information in the following order: Sending buffer(cc/hiwat/lowat/state) • • • • cc—Used space.
Field Description Flags in the Internet PCB: • • • • • • • • • INP_RECVOPTS—Receives IPv6 options. INP_RECVRETOPTS—Receives replied IPv6 options. INP_RECVDSTADDR—Receives destination IPv6 address. INP_HDRINCL—Provides the entire IPv6 header. INP_REUSEADDR—Reuses the IPv6 address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_PROTOCOL_PACKET—Identifies a protocol packet. INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag.
ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove the IPv6 global unicast address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No IPv6 global unicast address is configured for an interface.
Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast Default No IPv6 anycast address is configured for an interface. Views Interface view Predefined user roles network-admin mdc-admin Parameters ipv6-address: Specifies an IPv6 anycast address. prefix-length: Specifies a prefix length in the range of 1 to 128.
Usage guidelines After a global unicast address is generated through stateless autoconfiguration, a link-local address is generated automatically. The link-local address can be removed only by executing the undo ipv6 address auto command. Examples # Enable stateless address autoconfiguration on VLAN-interface 100.
• If you first use manual assignment and then automatic generation, the automatically generated link-local address does not take effect and the link-local address of an interface is still the manually assigned address. If you delete the manually assigned address, the automatically generated link-local address is validated. For more information about manually assignment of an IPv6 link-local address, see the ipv6 address link-local command.
system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1/64 eui-64 Method 2: system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 address 2001::1 64 eui-64 Related commands display ipv6 interface ipv6 address link-local Use ipv6 address link-local to configure a link-local address for the interface. Use undo ipv6 address link-local to remove the link-local address of the interface.
Related commands ipv6 address auto link-local ipv6 hop-limit Use ipv6 hop-limit to set the Hop Limit field in the IPv6 header. Use undo ipv6 hop-limit to restore the default. Syntax ipv6 hop-limit value undo ipv6 hop-limit Default The hop limit is 64. Views System view Predefined user roles network-admin mdc-admin Parameters Value: Specifies the number of hops, in the range of 1 to 255.
Default Sending ICMPv6 Time Exceeded messages is enabled. Views System view Predefined user roles network-admin mdc-admin Usage guidelines ICMPv6 Time Exceeded messages are sent to the source of IPv6 packets after the device discards IPv6 packets because hop or reassembly times out. To prevent too many ICMPv6 error messages from affecting device performance, disable this function. Even with the function disabled, the device still sends Fragment Reassembly Time Exceeded messages.
Usage guidelines To avoid sending excessive ICMPv6 error messages within a short period that might cause network congestion, you can use the command to limit the rate at which ICMPv6 error messages are sent. A token bucket algorithm is used with one token representing one ICMPv6 error message. Tokens are placed in the bucket at a specific interval until the maximum number of tokens that the bucket can hold is reached. Tokens are removed from the bucket when ICMPv6 error messages are sent.
Syntax ipv6 icmpv6 source [ vpn-instance vpn-instance-name ] ipv6-address undo ipv6 icmpv6 source [ vpn-instance vpn-instance-name ] Default The device uses the IPv6 address of the sending interface as the source IPv6 address for outgoing ICMPv6 packets. Views System view Predefined user roles network-admin mdc-admin Parameters vpn-instance vpn-instance-name: Specifies the VPN instance to which the specified address belongs.
mdc-admin Usage guidelines The M flag determines whether a host uses stateful autoconfiguration to obtain an IPv6 address. If the M flag is set to 1, the host uses stateful autoconfiguration (for example, from an DHCPv6 server to obtain an IPv6 address. Otherwise, the host uses stateless autoconfiguration to generate an IPv6 address according to its link-layer address and the prefix information in the RA message. Examples # Configure the host to obtain an IPv6 address through stateful autoconfiguration.
ipv6 nd dad attempts Use ipv6 nd dad attempts to configure the number of attempts to send an NS message for DAD. Use undo ipv6 nd dad attempts to restore the default. Syntax ipv6 nd dad attempts value undo ipv6 nd dad attempts Default The number of attempts to send an NS message for DAD is 1. Views Interface view Predefined user roles network-admin mdc-admin Parameters value: Number of attempts to send an NS message for DAD, in the range of 0 to 600. If it is set to 0, DAD is disabled.
Default A port operates as a network-side port. Views VLAN interface view Predefined user roles network-admin mdc-admin Usage guidelines By default, the device associates an ND entry with routing information when the device learns an ND entry. The ND entry provides the next hop information for routing.
The value specified by this command serves as the interval for the local interface to retransmit an NS message. It also serves as the value in the Retrans Timer field in RA messages sent by the local interface. Examples # Specify VLAN-interface 100 to retransmit NS messages at an interval of 10000 milliseconds.
Related commands display ipv6 interface ipv6 nd ra halt Use ipv6 nd ra halt to suppress an interface from advertising RA message. Use undo ipv6 nd ra halt to disable this function. Syntax ipv6 nd ra halt undo ipv6 nd ra halt Default An interface is suppressed from sending RA messages. Views Interface view Predefined user roles network-admin mdc-admin Examples # Disable RA message suppression on VLAN-interface 100.
Usage guidelines To set the maximum number of hops to a value rather than the default setting, use the ipv6 hop-limit command. Examples # Specify unlimited hops in the RA messages on VLAN-interface 100. system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ipv6 nd ra hop-limit unspecified Related commands ipv6 hop-limit ipv6 nd ra interval Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages.
[Sysname-Vlan-interface100] ipv6 nd ra interval 1000 700 Related commands ipv6 nd ra router-lifetime ipv6 nd ra no-advlinkmtu Use ipv6 nd ra no-advlinkmtu to turn off the MTU option in RA messages. Use undo ipv6 nd ra no-advlinkmtu to restore the default. Syntax ipv6 nd ra no-advlinkmtu undo ipv6 nd ra no-advlinkmtu Default RA messages contain the MTU option.
If the IPv6 address is automatically obtained (through DHCP, for example), the prefix uses the valid and preferred lifetime of the IPv6 address. Views Interface view Predefined user roles network-admin mdc-admin Parameters ipv6-prefix: Specifies the IPv6 prefix. prefix-length: Specifies the prefix length of the IPv6 address. valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds.
Views Interface view Predefined user roles network-admin mdc-admin Parameters value: Specifies the router lifetime in the range of 0 to 9000 seconds. If the value is set to 0, the router does not serve as the default router. Usage guidelines The router lifetime in RA messages specifies how long the router sending the RA messages serves as the default router. Hosts receiving the RA messages check this value to determine whether using the sending router as the default router.
Usage guidelines A hosts selects a router with the highest preference as the default router. When router preferences are the same in RA messages, a host selects the router corresponding to the first received RA message as the default gateway. Examples # Set the router preference in RA messages to the highest on VLAN-interface 100.
• Method 1—Associate a neighbor IPv6 address and link-layer address with the Layer 3 interface of the local node. • Method 2—Associate a neighbor IPv6 address and link-layer address with a port in a VLAN containing the local node. You can use either of the previous configuration methods to configure a static neighbor entry for a VLAN interface. • If Method 1 is used, the neighbor entry is in INCMP state.
This feature affects only newly learned link-local ND entries rather than existing ND entries. Examples # Minimize link-local ND entries. system-view [Sysname] ipv6 neighbor link-local minimize ipv6 neighbor stale-aging Use ipv6 neighbor stale-aging to set the age timer for ND entries in stale state. Use undo ipv6 neighbor stale-aging to restore the default.
Default An interface can learn a maximum of 65536 dynamic neighbor entries. Views Layer 2 interface view, Layer 2 aggregate interface view, Layer 3 interface view Predefined user roles network-admin mdc-admin Parameters number: Specifies the maximum number of dynamic neighbor entries that an interface can learn. The value range is 1 to 65536. Usage guidelines The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table.
Usage guidelines The temporary address function enables the system to generate and preferentially use the temporary IPv6 address of the sending interface as the source address of a packet. If the temporary IPv6 address cannot be used because of a DAD conflict, the system uses the public IPv6 address. Examples # Enable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of the packet.
ipv6 temporary-address Use ipv6 temporary-address to enable the system to generate a temporary IPv6 address. Use undo ipv6 temporary-address to disable the system from generating a temporary IPv6 address and remove the existing temporary addresses. Syntax ipv6 temporary-address [ valid-lifetime preferred-lifetime ] undo ipv6 temporary-address Default The system does not generate any temporary IPv6 address.
{ • The preferred lifetime configured for temporary IPv6 addresses minus DESYNC_FACTOR (a random number in the range of 0 to 600 seconds). The valid lifetime of a temporary IPv6 address takes the smaller of the following values: { The valid lifetime of the address prefix. { The valid lifetime configured for temporary IPv6 addresses. Examples # Enable the system to generate a temporary IPv6 address.
reset ipv6 neighbors Use reset ipv6 neighbors to clear IPv6 neighbor information.
Related commands • display ipv6 neighbors • ipv6 neighbor reset ipv6 statistics Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics. Syntax In standalone mode: reset ipv6 statistics [ slot slot-number ] In IRF mode: reset ipv6 statistics [ chassis chassis-number slot slot-number ] Views User view Predefined user roles network-admin mdc-admin Parameters slot slot-number: Clears IPv6 and ICMPv6 packet statistics for the specified card.
DHCPv6 commands Common DHCPv6 commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent). A DHCPv6 device adds its DUID in a sent packet. Examples # Display the DUID of the local device.
Predefined user roles network-admin mdc-admin Parameters dscp-value: Specifies the DSCP value for DHCPv6 packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.
[Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ipv6 dhcp select server # Enable the DHCPv6 relay agent on VLAN-interface 20. system-view [Sysname] interface vlan-interface 20 [Sysname-Vlan-interface20] ipv6 dhcp select relay Related commands • display ipv6 dhcp relay server-address • display ipv6 dhcp server DHCPv6 server commands The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces.
Usage guidelines When no non-temporary IPv6 address range is specified, all unicast addresses on the subnet specified by the network command in address pool view are assignable. If a non-temporary IPv6 address range is specified, only the IPv6 addresses in the IPv6 address range are assignable. You can specify only one non-temporary IPv6 address range in an address pool. If you use the address range command multiple times, the most recent configuration takes effect.
Preferred lifetime 604800, valid lifetime 2592000 Prefix pool: 1 Preferred lifetime 24000, valid lifetime 36000 Addresses: Range: from 3FFE:501:FFFF:100::1 to 3FFE:501:FFFF:100::99 Preferred lifetime 70480, valid lifetime 200000 Total address number: 153 Available: 153 In-use: 0 Temporary addresses: Range: from 3FFE:501:FFFF:100::200 to 3FFE:501:FFFF:100::210 Preferred lifetime 60480, valid lifetime 259200 Total address number: 17 Available: 17 In-use: 0 Static bindings: DUID: 0003000100e0fc000001 IAID: 000
Field Description Available Total number of available IPv6 addresses. In-use Total number of assigned IPv6 addresses. Temporary addresses Temporary IPv6 address range for dynamic allocation. Static bindings Static bindings configured in the address pool. DUID Client DUID. IAID Client IAID. If no IAID is configured, this field displays Not configured. Prefix IPv6 address prefix. Address Static IPv6 address. DNS server addresses DNS server address. Domain name Domain name.
Total prefix number: 64 Available: 64 In-use: 0 Static: 0 Table 50 Command output Field Description Prefix-pool Prefix pool number. Prefix Prefix specified in the prefix pool. Available Number of available prefixes. In-use Number of assigned prefixes. Static Number of statically bound prefixes. Assigned length Length of assigned prefixes. Total prefix number Number of prefixes. display ipv6 dhcp server Use display ipv6 dhcp server to display DHCPv6 server configuration information.
Allow-hint: Enabled Rapid-commit: Disabled Table 51 Command output Field Description Interface Interface enabled with DHCPv6 server. Address pool applied to the interface. Pool If no address pool is applied to the interface, global is displayed. The DHCPv6 server selects a global address pool to assign a prefix, an address, and other configuration parameters to a client. Address pool applied to the interface. Using pool If no address pool is applied to the interface, global is displayed.
Examples # Display information about all address conflicts. display ipv6 dhcp server conflict IPv6 address Detect time 2001::1 Apr 25 16:57:20 2007 1::1:2 Apr 25 17:00:10 2007 Table 52 Command output Field Description IPv6 address Conflicted IPv6 address. Detect time Time when the conflict was discovered. Related commands reset ipv6 dhcp server conflict display ipv6 dhcp server expired Use display ipv6 dhcp server expired to display lease expiration information.
37ee:7::1 3130-3234-2d45-7468-65726e65-7430-2f31 Table 53 Command output Field Description IPv6 address Expired IPv6 address. DUID Client DUID bound to the expired IPv6 address. Lease expiration Time when the lease expired. Related commands reset ipv6 dhcp server expired display ipv6 dhcp server ip-in-use Use display ipv6 dhcp server ip-in-use to display binding information for assigned IPv6 addresses.
IPv6 address Type 1:2::1f1 Static(O) Oct Lease expiration 9 09:23:31 2008 # Display binding information for all assigned IPv6 addresses for the specified DHCPv6 address pool. display ipv6 dhcp server ip-in-use pool 1 Pool: 1 IPv6 address Type Lease expiration 2:1::1 Auto(O) Jul 10 22:22:22 2008 3:1::2 Static(C) Jan 1 11:11:11 2008 # Display binding information for the specified IPv6 address.
Related commands reset ipv6 dhcp server ip-in-use display ipv6 dhcp server pd-in-use Use display ipv6 dhcp server pd-in-use to display binding information for the assigned IPv6 prefixes.
display ipv6 dhcp server pd-in-use prefix 2:1::3/24 Pool: 1 Client: FE80::C800:CFF:FE18:0 Type: Auto(O) DUID: 00030001CA000C180000 IAID: 0x00030001 IPv6 prefix: 2:1::/24 Preferred lifetime 400, valid lifetime 500 Expires at Jul 10 09:45:01 2008 (288 seconds left) Table 55 Command output Field Description IPv6 prefix IPv6 prefix assigned. Prefix binding types: • Static(F)—Free static binding whose IPv6 prefix has not been assigned.
Syntax display ipv6 dhcp server statistics [ pool pool-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify any pool, the command displays DHCPv6 packet statistics for all address pools. Examples # Display all DHCPv6 packet statistics on the DHCPv6 server.
Field Description Conflict Total number of conflicted addresses. If statistics about a specific address pool are displayed, this field is not displayed. Number of messages received by the DHCPv6 server. The message types include: Packets received • • • • • • • • • Solicit. Request. Confirm. Renew. Rebind. Release. Decline. Information-request. Relay-forward. If statistics about a specific address pool are displayed, this field is not displayed. Packets dropped Number of packets discarded.
mdc-admin Parameters ipv6-address: Specifies the IPv6 address of a DNS server. Usage guidelines You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1.
Related commands display ipv6 dhcp pool ipv6 dhcp pool Use ipv6 dhcp pool to create a DHCPv6 address pool and enter its view. If the pool has been created, you directly enter its view. Use undo ipv6 dhcp pool to remove the specified DHCPv6 address pool. Syntax ipv6 dhcp pool pool-name undo ipv6 dhcp pool pool-name Default No DHCPv6 address pool is configured.
Syntax ipv6 dhcp prefix-pool prefix-pool-number prefix prefix/prefix-len assign-len assign-len undo ipv6 prefix-pool prefix-pool-number Default No prefix pool is configured. Views System view Predefined user roles network-admin mdc-admin Parameters prefix-pool-number: Specifies a prefix pool number in the range of 1 to 128. prefix prefix/prefix-len: Specifies a prefix/prefix length for the pool. The value range for the prefix-len argument is 1 to 128.
Default The server does not support desired address/prefix assignment or rapid address/prefix assignment. The server preference is set to 0. Views Interface view Predefined user roles network-admin mdc-admin Parameters allow-hint: Enables desired address/prefix assignment. preference preference-value: Specifies the server preference in Advertise messages, in the range of 0 to 255. The default value is 0. A greater value specifies a higher preference.
Views Interface view Predefined user roles network-admin mdc-admin Parameters pool-name: Specifies a DHCPv6 address pool by its name, a case-insensitive string of 1 to 63 characters. allow-hint: Enables desired address/prefix assignment. preference preference-value: Specifies the server preference in Advertise messages, in the range of 0 to 255. The default value is 0. A greater value specifies a higher preference. rapid-commit: Enables rapid address/prefix assignment involving two messages.
Syntax ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] undo ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ] Default Except for the DHCPv6 server address, all IPv6 addresses in a DHCPv6 address pool are assignable. Views System view Predefined user roles network-admin mdc-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address, which cannot be lower than start-ipv6-address.
Default No IPv6 prefixes in the DHCPv6 prefix pool are excluded from dynamic allocation. Views System view Predefined user roles network-admin mdc-admin Parameters start-prefix/prefix-len: Specifies the start IPv6 prefix. The prefix-len argument specifies the prefix length in the range of 1 to 128. end-prefix/prefix-len: Specifies the end IPv6 prefix. The prefix-len argument specifies the prefix length, ranging from 1 to 128. The value for end-prefix cannot be lower than that for start-prefix.
Predefined user roles network-admin mdc-admin Parameters prefix/prefix-length: Specifies the IPv6 subnet for dynamic allocation. The value range for prefix-length is 1 to 128. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days). valid-lifetime valid-lifetime: Specifies the valid lifetime. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days).
Parameters code: Specifies a number for the self-defined option, in the range of 21 to 65535, excluding 25 through 26, 37 through 40, and 43 through 48. hex hex-string: Specifies the content of the option, a hex string of even numbers from 2 to 256. Usage guidelines The DHCPv6 server fills the self-defined option with the specified hex string and sends it in a response to the client. If you use the option command multiple times with the same code specified, the most recent configuration takes effect.
Views DHCPv6 address pool view Predefined user roles network-admin mdc-admin Parameters prefix-pool-number: Specifies a prefix pool by its number in the range of 1 to 128. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime in the range of 60 to 4294967295 seconds. The default value is 604800 seconds (7 days). valid-lifetime valid-lifetime: Specifies the valid lifetime in the range of 60 to 4294967295 seconds. The default value is 2592000 seconds (30 days).
Predefined user roles network-admin mdc-admin Parameters address ipv6-address: Clears conflict information for the specified IPv6 address. If you do not specify any IPv6 address, the command clears all IPv6 address conflict information. Usage guidelines Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts.
reset ipv6 dhcp server ip-in-use Use reset ipv6 dhcp server ip-in-use to clear binding information for assigned IPv6 addresses. Syntax reset ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ] Views User view Predefined user roles network-admin mdc-admin Parameters address ipv6-address: Clears binding information for the assigned IPv6 address.
Parameters pool pool-name: Clears binding information for assigned IPv6 prefixes in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. prefix prefix/prefix-len: Clears binding information for the specified IPv6 prefix. The value range for the prefix length is 1 to 128. Usage guidelines Using this command without any parameter clears binding information for all assigned IPv6 prefixes.
Syntax sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name } Default No SIP server address or domain name is specified. Views DHCPv6 address pool view Predefined user roles network-admin mdc-admin Parameters address ipv6-address: Specifies the IPv6 address of a SIP server. domain-name domain-name: Specifies the domain name of a SIP server, a case-insensitive string of 1 to 50 characters.
Views DHCPv6 address pool view Predefined user roles network-admin mdc-admin Parameters address ipv6-address/addr-prefix-length: Specifies the IPv6 address and prefix length. The value range for the prefix length is 1 to 128. prefix prefix/prefix-len: Specifies the prefix and prefix length. The value range for the prefix length is 1 to 128. duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to 256. iaid iaid: Specifies a client IAID.
Use undo temporary address range to remove the temporary IPv6 address range from the address pool. Syntax temporary address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo temporary address range Default No temporary IPv6 address range is configured in an address pool. Views DHCPv6 address pool view Predefined user roles network-admin mdc-admin Parameters start-ipv6-address: Specifies the start IPv6 address.
DHCPv6 relay agent commands The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). display ipv6 dhcp relay server-address Use display ipv6 dhcp relay server-address to display DHCPv6 server addresses specified on the DHCPv6 relay agent.
Table 57 Command output Field Description Server address DHCPv6 server address specified on the DHCP relay agent. Outgoing Interface Output interface of DHCPv6 packets. If no output interface is specified, the device searches the routing table for the output interface. Related commands • ipv6 dhcp relay server-address • ipv6 dhcp select display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display DHCPv6 packet statistics on the DHCPv6 relay agent.
Advertise : 0 Reconfigure : 0 Reply : 7 Relay-forward : 7 Relay-reply : 0 # Display DHCPv6 packet statistics on the DHCPv6 relay agent on VLAN-interface 2.
Field Description Reply Number of sent reply packets. Relay-forward Number of sent Relay-forward packets. Relay-reply Number of sent Relay-reply packets. Related commands reset ipv6 dhcp relay statistics ipv6 dhcp relay server-address Use ipv6 dhcp relay server-address to specify a DHCPv6 server on the DHCPv6 relay agent. Use undo ipv6 dhcp relay server-address to remove DHCPv6 server addresses.
Examples # Enable the DHCPv6 relay agent on VLAN-interface 2 and specify the DHCPv6 server address 2001:1::3. system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] ipv6 dhcp select relay [Sysname-Vlan-interface2] ipv6 dhcp relay server-address 2001:1::3 Related commands • display ipv6 dhcp relay server-address • ipv6 dhcp select reset ipv6 dhcp relay statistics Use reset ipv6 dhcp relay statistics to clear packets statistics on the DHCPv6 relay agent.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters address ipv6-address: Displays the DHCPv6 snooping entry for the specified IPv6 address. vlan vlan-id: Specifies the ID of the VLAN where the IPv6 address resides. Usage guidelines If you do not specify any parameters, the command displays all DHCPv6 snooping entries. Examples # Display all DHCPv6 snooping entries. display ipv6 dhcp snooping binding 1 DHCPv6 snooping entries found.
Syntax display ipv6 dhcp snooping binding database Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Examples # Display information about the file that stores DHCPv6 snooping entries. display ipv6 dhcp snooping binding database File name : Username : database.dhcp Password : Update interval : 600 seconds Latest write time : Feb 27 18:48:04 2012 Status : Last write succeeded.
display ipv6 dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters slot slot-number: Specifies the slot number of a card. If you do not specify any slot number, this command displays DHCPv6 packet statistics for the card where the command is executed. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card in an IRF member device.
Interface Trusted ========================= ============ Ten-GigabitEthernet1/0/1 Trusted The output shows that DHCPv6 snooping is enabled, Ethernet 1/1 is the trusted port. Related commands ipv6 dhcp snooping trust ipv6 dhcp snooping binding database filename Use ipv6 dhcp snooping binding database filename to specify a database file to store DHCPv6 snooping entries. Use undo ipv6 dhcp snooping binding database filename to restore the default.
is 300 seconds. To change the value, use the ipv6 dhcp snooping binding database update interval command. When the file is on a remote device, follow these guidelines to specify the URL, username, and password: • If the file is on an FTP server, enter URL in the format of ftp://server address:port/file path, where the port number is optional. • If the file is on an FTP server, enter URL in the format of tftp://server address:port/file path, where the port number is optional.
Predefined user roles network-admin mdc-admin Parameters seconds: Sets the waiting period in seconds, in the range of 60 to 864000. Usage guidelines When a DHCPv6 snooping entry is learned or removed, the device updates the database file when the waiting period is reached. All changed entries during that period will be updated. If no file has been specified, this command does not take effect. Examples # Set the device to wait 600 seconds (10 minutes) to update the database file.
ipv6 dhcp snooping binding record Use ipv6 dhcp snooping binding record to enable recording of client information in DHCPv6 snooping entries. Use undo ipv6 dhcp snooping binding record to disable the function. Syntax ipv6 dhcp snooping binding record undo ipv6 dhcp snooping binding record Default DHCPv6 snooping does not record client information.
Usage guidelines Use the DHCPv6-REQUEST check function to protect the DHCPv6 server against DHCPv6 client spoofing attacks. The function enables the DHCPv6 snooping device to check every received DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries. • If any of the criteria in an entry is matched, the device compares the entry with the message information. { { • If they are consistent, the device considers the message valid and forwards it to the DHCPv6 server.
ipv6 dhcp snooping max-learning-num Use ipv6 dhcp snooping max-learning-num to set the maximum number of DHCPv6 snooping entries that an interface can learn. Use undo ipv6 dhcp snooping max-learning-num to restore the default. Syntax ipv6 dhcp snooping max-learning-num number undo ipv6 dhcp snooping max-learning-num Default The number of DHCPv6 snooping entries that an interface can learn is not limited.
mdc-admin Usage guidelines This command takes effect only when DHCPv6 snooping is globally enabled. Examples # Enable support for Option 18.
• ipv6 dhcp snooping option interface-id enable ipv6 dhcp snooping option remote-id enable Use ipv6 dhcp snooping option remote-id enable to enable support for the remote-ID option (also called Option 37). Use undo ipv6 dhcp snooping option remote-id enable to restore the default. Syntax ipv6 dhcp snooping option remote-id enable undo ipv6 dhcp snooping option remote-id enable Default Option 37 is not supported.
Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin mdc-admin Parameters vlan vlan-id: Specifies the VLAN where the DHCPv6 clients resides. remote-id: Specifies the a string of 1 to 128 characters as the remote ID. Examples # Specify device001 as the remote ID.
The DHCPv6 packet rate limit feature enables the interface to discard DHCPv6 packets that exceed the maximum rate. If you configure this command on a Layer 2 Ethernet interface that is a member port of a Layer 2 aggregate interface, the Layer 2 Ethernet interface uses the DHCP packet maximum rate configured on the Layer 2 aggregate interface. If the Layer 2 Ethernet interface leaves the aggregation group, it uses its own DHCP packet maximum rate.
Syntax reset ipv6 dhcp snooping binding { all | address ipv6-address [ vlan vlan-id ] } Views User view Predefined user roles network-admin mdc-admin Parameters address ipv6-address: Clears the DHCPv6 snooping entry for the specified IPv6 address. vlan vlan-id: Clears DHCPv6 snooping entries for the specified VLAN. all: Clears all DHCPv6 snooping entries. Usage guidelines This command applies to all slots. Examples # Clear all DHCPv6 snooping entries.
command clears DHCPv6 packet statistics for the card where the command is executed. (Distributed devices–In IRF mode.) Examples # Clear DHCPv6 packet statistics for DHCPv6 snooping.
Tunneling commands bandwidth Use bandwidth to configure the expected bandwidth of an interface. Use undo bandwidth to restore the default. Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth is 64 kbps. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
mdc-admin Usage guidelines The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to individually restore their default settings.
Related commands display interface tunnel destination Use destination to specify the destination address for a tunnel interface. Use undo destination to remove the configured tunnel destination address. Syntax destination { ip-address | ipv6-address } undo destination Default No tunnel destination address is configured. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the tunnel destination IPv4 address.
Related commands • display interface tunnel • interface tunnel • source display interface tunnel Use display interface tunnel to display information about tunnel interfaces, including the source address, destination address, and tunnel mode.
Internet protocol processing: disabled Tunnel source unknown, destination unknown Tunnel encapsulation-limit is disabled Tunnel TTL 255 Tunnel protocol/transport IPv6 Last clearing of counters: 13:49:20 Thu 06/13/2013 Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops Table 61 Command output Field Description Tunnel1 Information about the tunnel int
Field Description Tunnel mode and transport protocol: • • • • • • • Tunnel protocol/transport GRE/IP—GRE over IPv4 tunnel mode. GRE/IPv6—GRE over IPv6 tunnel mode. IP/IP—IPv4 over IPv4 tunnel mode. IPv6—IPv6 tunnel mode. IPv6/IP—IPv6 over IPv4 manual tunnel mode. IPv6/IP 6to4—IPv6 over IPv4 6to4 tunnel mode. IPv6/IP ISATAP—IPv6 over IPv4 ISATAP tunnel mode. Last clearing of counters Last time of clearing counters.
Field Description Link status: Link: ADM - administratively down; Stby - standby • ADM—The interface has been administratively shut down. To recover its physical state, use the undo shutdown command. • Stby—The interface is a backup interface. Protocol: (s) - spoofing (s) indicates that the link layer protocol state is UP, but the link is not available because it is an on-demand link or not present at all. Interface Abbreviated interface name.
Views System view Predefined user roles network-admin mdc-admin Parameters number: Specifies the number of the tunnel interface, in the range of 0 to 511. mode gre: Specifies GRE over IPv4 tunnel mode. mode gre ipv6: Specifies GRE over IPv6 tunnel mode. mode ipv4-ipv4: Specifies IPv4 over IPv4 tunnel mode. mode ipv6: Specifies IPv6 tunnel mode. Set this mode for IPv4 over IPv6 manual and IPv6 over IPv6 tunnels. mode ipv6-ipv4: Specifies IPv6 over IPv4 manual tunnel mode.
Default The MTU is 64000 bytes. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters mtu-size: Specifies the MTU for IPv4 packets, in the range of 100 to 64000 bytes. Usage guidelines Set an appropriate MTU to avoid fragmentation. The MTU for the tunnel interface applies only to unicast packets. An MTU set on any tunnel interface is effective on all existing tunnel interfaces. Examples # Set the MTU for IPv4 packets on the interface Tunnel 1 to 10000 bytes.
Examples # Clear the statistics for the interface Tunnel 1. reset counters interface tunnel 3 Related commands display interface tunnel service Use service to specify a service card for forwarding the traffic on the tunnel interface. Use undo service to restore the default. Syntax In standalone mode: service slot slot-number undo service slot In IRF mode: service chassis chassis-number slot slot-number undo service chassis Default No service card is specified for the tunnel interface.
Examples # In standalone mode, specify the card in slot 2 to forward traffic for interface Tunnel 200. system-view [Sysname] interface tunnel 200 [Sysname-Tunnel200] service slot 2 # In IRF mode, specify the card in slot 2 of IRF member device 2 to forward traffic for interface Tunnel 200. system-view [Sysname] interface tunnel 200 [Sysname-Tunnel200] service chassis 2 slot 2 shutdown Use shutdown to shut down a tunnel interface. Use undo shutdown to bring up a tunnel interface.
Syntax source { ip-address | ipv6-address | interface-type interface-number } undo source Default No source address or source interface is specified for the tunnel interface. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the tunnel source IPv4 address. ipv6-address: Specifies the tunnel source IPv6 address. interface-type interface-number: Specifies the source interface. The interface must be up and must have an IP address.
Syntax tunnel dfbit enable undo tunnel dfbit enable Default The DF bit is not set for tunneled packets. Views Tunnel interface view Predefined user roles network-admin mdc-admin Usage guidelines To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than tunneled packets. Otherwise, do not set the DF bit to avoid discarding tunneled packets larger than the path MTU.
Usage guidelines The tunnel discard ipv4-compatible-packet command enables the device to check the source and destination IPv6 addresses of the de-encapsulated IPv6 packets from the tunnel and discard packets that use a source or destination IPv4-compatible IPv6 address. Examples # Enable dropping of IPv6 packets using IPv4-compatible IPv6 addresses. system-view [Sysname] tunnel discard ipv4-compatible-packet tunnel tos Use tunnel tos to set the ToS of tunneled packets.
Use undo tunnel ttl to restore the default. Syntax tunnel ttl ttl-value undo tunnel ttl Default The TTL of tunneled packets is 255. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters ttl-value: Specifies the TTL of tunneled packets, in the range of 1 to 255. Usage guidelines The TTL determines the maximum number of hops that the tunneled packets can pass. When the TTL expires, the tunneled packet is discarded to avoid loops.
GRE commands keepalive Use keepalive to enable the GRE keepalive function, and set the keepalive interval and the keepalive number. Use undo keepalive to disable the keepalive function. Syntax keepalive [ interval [ times ] ] undo keepalive Default The GRE keepalive function is disabled. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters interval: Specifies the keepalive interval in the range of 1 to 32767 seconds. The default value is 10.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEFGIKLMNOPRSTUVW dhcp relay client-information refresh enable,69 A dhcp relay information circuit-id,70 address range,31 dhcp relay information enable,72 address range,231 dhcp relay information remote-id,72 arp check enable,1 dhcp relay information strategy,73 arp check log enable,1 dhcp relay release ip,74 arp ip-conflict log prompt,13 dhcp relay server-address,75 arp max-learning-num,2 dhcp select,30 arp max-learning-number,3 dhcp server always-broadcast,35 arp multiport,4 dhc
display ipv6 interface prefix,180 display dhcp client,84 display dhcp relay check mac-address,76 display ipv6 neighbors,181 display dhcp relay client-information,76 display ipv6 neighbors count,183 display dhcp relay information,78 display ipv6 neighbors vpn-instance,184 display dhcp relay server-address,79 display ipv6 rawip,185 display dhcp relay statistics,80 display ipv6 rawip verbose,186 display dhcp server conflict,42 display ipv6 statistics,190 display dhcp server expired,43 display ipv
ipv6 dhcp snooping rate-limit,276 if-match option,54 interface tunnel,286 ipv6 dhcp snooping trust,277 interval,127 ipv6 dns dscp,118 ip address,27 ipv6 dns server,119 ip address bootp-alloc,106 ipv6 dns spoofing,120 ip address dhcp-alloc,87 ipv6 hop-limit,207 ip address unnumbered,28 ipv6 hoplimit-expires enable,207 ip forward-broadcast,156 ipv6 host,121 ip host,117 ipv6 icmpv6 error-interval,208 ip icmp error-interval,157 ipv6 icmpv6 multicast-echo-reply enable,209 ip icmp fragment disc
network,250 reset udp-helper statistics,170 next-server,58 S O service,289 option,59 shutdown,290 option,251 sip-server,256 P source,290 ssl-client-policy,129 password,128 static-bind,62 prefix-pool,252 static-bind,257 proxy-arp enable,18 Subscription service,296 R T reset arp,11 tcp mss,164 reset arp snooping,21 tcp path-mtu-discovery,165 reset counters interface,288 tcp syn-cookie enable,165 reset dhcp relay client-information,81 tcp timer fin-timeout,166 reset dhcp relay stati
