HP FlexFabric 11900 Switch Series Layer 3 - IP Services Command Reference Part number: 5998-4076 Software version: Release 2105 and later Document version: 6W100-20130515
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ARP commands····························································································································································· 1 arp check enable ······················································································································································ 1 arp max-learning-num ············································································································································
class ········································································································································································ 31 dhcp class ······························································································································································ 32 dhcp server always-broadcast ····························································································································· 33 dhc
dhcp relay information remote-id ························································································································ 68 dhcp relay information strategy ··························································································································· 69 dhcp relay release ip ············································································································································ 70 dhcp relay server-address·····
display dns server ··············································································································································· 103 display ipv6 dns server ······································································································································· 104 dns domain ·························································································································································· 105 dns proxy e
reset ip statistics ··················································································································································· 148 reset tcp statistics ················································································································································· 149 reset udp statistics················································································································································ 149
ipv6 nd nud reachable-time ······························································································································· 196 ipv6 nd ra halt ····················································································································································· 197 ipv6 nd ra hop-limit unspecified ························································································································ 197 ipv6 nd ra interval ·····
reset ipv6 dhcp server ip-in-use·························································································································· 236 reset ipv6 dhcp server pd-in-use ························································································································ 237 reset ipv6 dhcp server statistics ························································································································· 238 sip-server·························
ARP commands arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Predefined user roles network-admin Usage guidelines The dynamic ARP entry check function controls whether the device supports dynamic ARP entries with multicast MAC addresses.
Default An interface can learn a maximum of 16384 dynamic ARP entries. Views Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, VLAN interface view, Layer 2 aggregate interface view Predefined user roles network-admin Parameters number: Specifies the maximum number of dynamic ARP entries. The value is in the range of 0 to 16384. Usage guidelines An interface can dynamically learn ARP entries.
Parameters ip-address: Specifies an IP address for the multiport ARP entry. mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H. vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094. vpn-instance vpn-instance-name: Specifies a MPLS L3VPN for the multiport ARP entry. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The specified VPN instance must already exist.
mac-address: Specifies the MAC address in an ARP entry, in the format H-H-H. vlan-id: Specifies the ID of a VLAN to which a static ARP entry belongs. The value range is 1 to 4094. The VLAN must already exist. interface-type interface-number: Specifies the interface type and interface number. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN for a static ARP entry. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The VPN instance must already exist.
Default The aging timer for dynamic ARP entries is 20 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes. Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated.
multiport: Displays multiport ARP entries. static: Displays static ARP entries. slot slot-number: Displays the ARP entries for the interface card specified by the slot number. (In standalone mode.) chassis chassis-number slot slot-number: Displays the ARP entries of a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.) vlan vlan-id: Displays the ARP entries for the specified VLAN.
Table 1 Command output Field Description IP Address IP address in an ARP entry. MAC Address MAC address in an ARP entry. VLAN ID of the VLAN to which the ARP entry belongs. Interface Output interface in an ARP entry. Aging Aging time for a dynamic ARP entry in minutes. N/A means unknown aging time or no aging time. ARP entry type: Type • • • • D—Dynamic. S—Static. M—Multiport. I—Ineffective. Vpn Instance Name of VPN instance.
chassis chassis-number slot slot-number: Displays the specified ARP entry of a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.) verbose: Displays the detailed information about the specified ARP entry. Usage guidelines This command displays the ARP entry for a specific IP address, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.
Predefined user roles network-admin network-operator Parameters vpn-instance-name: Specifies the name of a MPLS L3VPN, a case-sensitive string of 1 to 31 characters. count: Displays the number of ARP entries. Usage guidelines This command shows information about ARP entries for a specific VPN, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer. Examples # Display ARP entries for the VPN instance named test.
chassis chassis-number slot slot-number: Clears the ARP entries of a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.) interface interface-type interface-number: Clears the ARP entries for the interface specified by the argument interface-type interface-number.
Gratuitous ARP commands arp send-gratuitous-arp Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets on an interface. Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets. Syntax arp send-gratuitous-arp undo arp send-gratuitous-arp Default Periodic sending of gratuitous ARP is disabled.
Views Layer 3 Ethernet interface view, VLAN interface view Predefined user roles network-admin Parameters Milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. Usage guidelines If you change the interval for sending gratuitous ARP packets, the configuration takes effect at the next sending interval.
Examples # Enable learning of gratuitous ARP packets. system-view [Sysname] gratuitous-arp-learning enable gratuitous-arp-sending enable Use gratuitous-arp-sending enable to enable sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet. Use undo gratuitous-arp-sending enable to restore the default.
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays the local proxy ARP status for the specified interface. Usage guidelines The local ARP proxy status can be enabled or disabled.
Parameters interface interface-type interface-number: Displays the proxy ARP status for the specified interface. Usage guidelines The proxy ARP status can be enabled or disabled. If an interface is specified, this command displays proxy ARP status for the specified interface. If no interface is specified, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status for VLAN-interface 1.
Examples # Enable local proxy ARP on VLAN-interface 2. system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable # Enable local proxy ARP on VLAN-interface 2 for a specific IP address range. system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.20 Related commands display local-proxy-arp proxy-arp enable Use proxy-arp enable to enable proxy ARP.
ARP snooping commands arp snooping enable Use arp snooping enable to enable ARP snooping. Use undo arp snooping enable to disable ARP snooping. Syntax arp snooping enable undo arp snooping enable Default ARP snooping is disabled. Views VLAN view Predefined user roles network-admin Examples # Enable ARP snooping on VLAN 2. system-view [Sysname] vlan 2 [Sysname-vlan2] arp snooping enable display arp snooping Use display arp snooping to display ARP snooping entries.
Predefined user roles network-admin network-operator Parameters vlan vlan-id: Displays ARP snooping entries for a specific VLAN. The vlan-id argument is in the range of 1 to 4094. count: Displays the number of the current ARP snooping entries. ip ip-address: Displays the ARP snooping entry for the specified IP address. slot slot-number: Specifies a card by its slot number. (In standalone mode.) chassis chassis-number slot slot-number: Specifies a card on the specified IRF member device.
Syntax reset arp snooping [ ip ip-address | vlan vlan-id ] Views User view Predefined user roles network-admin Parameters ip ip-address: Removes the ARP entry for a specific IP address. vlan vlan-id: Removes the ARP entries for a specific VLAN. The vlan-id argument is in the range of 1 to 4094. Usage guidelines If you do not specify any keywords or arguments, the command removes all ARP snooping entries. Examples # Remove ARP snooping entries for VLAN 2.
IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for the specified Layer 3 interface or all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 3 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command.
Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Description Total number of ICMP packets received on the interface (statistics start at the device startup): • • • • • • • • • • • • • • • • Echo reply packets. Unreachable packets. Source quench packets.
Usage guidelines Use the display ip interface brief command to display brief IP configuration information, including the state, IP address, and description of the physical and link layer protocols, for the specified Layer 3 interface or all Layer 3 interfaces. When the interface type and interface number are specified, the brief IP configuration information for all Layer 3 interfaces is displayed.
Related commands • display ip interface • ip address ip address Use ip address to assign an IP address to the interface. Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ] Default No IP address is assigned to an interface.
Examples # Assign VLAN-interface 10 a primary IP address 129.12.0.1 and a secondary IP address 202.38.160.1, with subnet masks being 255.255.255.0. system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] ip address 129.12.0.1 255.255.255.0 [Sysname-Vlan-interface10] ip address 202.38.160.1 255.255.255.
Examples # Configure the interface Tunnel 1 to borrow the IP address of VLAN-interface 100.
DHCP commands dhcp enable Use dhcp enable to enable DHCP. Use undo dhcp enable to disable DHCP. Syntax dhcp enable undo dhcp enable Default DHCP is disabled. Views System view Predefined user roles network-admin Usage guidelines Enable DHCP before you perform DHCP server or relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp select Use dhcp select to enable the DHCP server or DHCP relay agent on an interface.
Views Interface view Predefined user roles network-admin Parameters relay: Enables the DHCP relay agent on the interface. server: Enables the DHCP server on the interface. Usage guidelines Before changing the DHCP server mode to the DHCP relay agent mode on an interface, use the reset dhcp server ip-in-use command to remove address bindings. These bindings might conflict with ARP entries that are created after the DHCP relay agent is enabled. Examples # Enable the DHCP relay agent on VLAN-interface 2.
DHCP server commands address range Use address range to configure an IP address range in a DHCP address pool for dynamic allocation. Use undo address range to remove the IP address range in the address pool. Syntax address range start-address end-address undo address range Default No IP address range is configured. Views DHCP address pool view Predefined user roles network-admin Parameters start-address: Specifies the start IP address. end-address: Specifies the end IP address.
bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key undo bims-server Default No BIMS server information is specified. Views DHCP address pool view Predefined user roles network-admin Parameters ip ip-address: Specifies the IP address of the BIMS server.
undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters bootfile-name: Specifies the boot file name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use the bootfile-name command multiple times, the most recent configuration takes effect. Examples # Specify the boot file name boot.cfg in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bootfile-name boot.
start-address: Specifies the start IP address. end-address: Specifies the end IP address. Usage guidelines The class command enables you to divide an address range into multiple address ranges for different DHCP user classes. The address range for a user class must be within the primary subnet specified by the network command. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command.
Usage guidelines In the DHCP user class view, use the if-match option command to configure a match rule to match specific clients. Then use the class command to specify an IP address range for the matching clients. Examples # Create a DHCP user class test and enter DHCP user class view.
Use undo dhcp server apply ip-pool to remove the configuration. Syntax dhcp server apply ip-pool pool-name undo dhcp server apply ip-pool Default No address pool is applied on an interface Views Interface view Predefined user roles network-admin Parameters pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63 characters.
Usage guidelines The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests. Examples # Configure the DHCP server to ignore BOOTP requests.
Default No IP addresses are excluded from dynamic allocation. Views System view Predefined user roles network-admin Parameters start-ip-address: Specifies the start IP address. end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If the argument is not specified, only the start-ip-address is excluded from dynamic allocation. If it is specified, the IP addresses from start-ip-address through end-ip-address are all excluded from dynamic allocation.
Predefined user roles network-admin Parameters pool-name: Specifies the name for the DHCP address pool, a case-insensitive string of 1 to 63 characters used to uniquely identify this pool. Usage guidelines A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients. Examples # Create a DHCP address pool named pool1.
Related commands • dhcp server ping timeout • display dhcp server conflict • reset dhcp server conflict dhcp server ping timeout Use dhcp server ping timeout to configure the ping response timeout time on the DHCP server. Use undo dhcp server ping timeout to restore the default. Syntax dhcp server ping timeout milliseconds undo dhcp server ping timeout Default The ping response timeout time is 500 ms.
undo dhcp server relay information enable Default The DHCP server handles Option 82. Views System view Predefined user roles network-admin Usage guidelines Upon receiving a DHCP request containing Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82. Examples # Configure the DHCP server to ignore Option 82.
4.4.4.2 Apr 25 17:00:10 2007 Table 5 Command output Field Description IP address Conflicted IP address. Detect time Time when the conflict was discovered. Related commands reset dhcp server conflict display dhcp server expired Use display dhcp server expired to display the lease expiration information.
Related commands reset dhcp server expired display dhcp server free-ip Use display dhcp server free-ip to display information about assignable IP addresses. Syntax display dhcp server free-ip [ pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Displays assignable IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.
• dhcp server ip-pool • network display dhcp server ip-in-use Use display dhcp server ip-in-use to display the binding information for assigned IP addresses. Syntax display dhcp server ip-in-use [ ip ip-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip ip-address: Displays the binding information for the specified IP address. pool pool-name: Displays the binding information for the specified IP address pool.
Field Description Lease expiration time: • Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire. Lease expiration • Not used—The IP address of the static binding has not been assigned to the specific client. • Unlimited—Infinite lease expiration time. • After 2100—The lease will expire after 2100. Binding types: • Static(F)—A free static binding whose IP address has not been assigned.
dns-list 20.1.1.66 20.1.1.67 20.1.1.68 domain-name www.aabbcc.com bims-server ip 192.168.0.51 sharekey cipher $c$3$60k7O5ouTckKhteOKFWu3PQMxw IABdQ3pQ option 2 ip-address 1.1.1.1 expired 1 2 3 0 Pool name: 1 Network 20.1.1.0 mask 255.255.255.0 secondary networks: 20.1.2.0 mask 255.255.255.0 20.1.3.0 mask 255.255.255.0 bims-server ip 192.168.0.51 port 50 sharekey cipher $c$3$60k7O5ouTckKhteOKFWu3PQMxw IABdQ3pQ forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37 forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.
Field Description Network Assignable network. secondary networks Assignable secondary networks. address range Assignable address range. class class-name range DHCP user class and its address range. static bindings Static IP-to-MAC/client ID bindings. option Self-defined DHCP option. expired Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3 minutes 4 seconds. bootfile-name Boot file name dns-list DNS server IP address. domain-name Domain name suffix.
Examples # Display the DHCP server statistics. display dhcp server statistics Pool number: 1 Pool utilization: 0.39% Bindings: Automatic: 1 Manual: 0 Expired: 0 Conflict: 1 Messages received: 10 DHCPDISCOVER: 5 DHCPREQUEST: 3 DHCPDECLINE: 0 DHCPRELEASE: 2 DHCPINFORM: 0 BOOTPREQUEST: 0 Messages sent: 6 DHCPOFFER: 3 DHCPACK: 3 DHCPNAK: 0 BOOTPREPLY: 0 Bad Messages: 0 Table 10 Command output Field Description Pool number Total number of address pools.
Field Description DHCP packets received from clients: Messages received • • • • • • DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM BOOTPREQUEST This field is not displayed if you display statistics for a specific address pool. DHCP packets sent to clients: Messages sent • • • • DHCPOFFER DHCPACK DHCPNAK BOOTPREPLY This field is not displayed if statistics about a specific address pool are displayed. Bad Messages Number of bad messages.
The undo dns-list command without any parameter specified deletes all DNS server addresses in the DHCP address pool. Examples # Specify the DNS server address 10.1.1.254 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list 10.1.1.254 Related commands display dhcp server pool domain-name Use domain-name to specify a domain name in a DHCP address pool. Use undo domain-name to remove the specified domain name.
Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic address pool is one day. Views DHCP address pool view Predefined user roles network-admin Parameters day day: Specifies the number of days, in the range of 0 to 365. hour hour: Specifies the number of hours, in the range of 0 to 23. minute minute: Specifies the number of minutes, in the range of 0 to 59.
Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces. Usage guidelines The excluded IP addresses in an address pool are still assignable in other address pools. You can exclude a maximum of 4096 IP addresses in an address pool.
Usage guidelines The gateway-list command executed in DHCP address pool view specifies gateway addresses for all DHCP clients that obtain IP addresses from this address pool. To specify gateways for clients that obtain IP addresses from a secondary subnet, use the gateway-list command in secondary subnet view.
length length: Matches the specified length of the option, in the range of 1 to 128 bytes. The specified length must be the same as the hex-string length. Usage guidelines You can configure multiple match rules for a DHCP the user class. The DHCP server matches DHCP requests against the match rules. A DHCP client matches the DHCP user class as long as it matches one of the specified rules.
undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to eight WINS server addresses separated by spaces. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. The undo nbns-list command with no parameter specified deletes all WINS server addresses.
h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server. m-node: Specifies the mixed node. An m-node client broadcasts the destination name. If it does not receive a response, the m-node client unicasts the destination name to the WINS server to get the mapping. p-node: Specifies the peer-to-peer node.
Usage guidelines You can use the secondary keyword to specify a secondary subnet and enter its view, where you can specify gateways by using the gateway-list command for the DHCP clients in the secondary subnet. You can specify only one primary subnet for a DHCP address pool. If you use the network command multiple times, the most recent configuration takes effect. You can specify up to 32 secondary subnets for a DHCP address pool.
If you use the next-server command multiple times, the most recent configuration takes effect. Examples # Specify a server's IP address 10.1.1.254 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] next-server 10.1.1.254 Related commands display dhcp server pool option Use option to configure a self-defined DHCP option in a DHCP address pool. Use undo option to remove a self-defined DHCP option from a DHCP address pool.
• Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command. For example, the dns-list command can specify up to eight DNS servers. To specify more than eight DNS server, you must use the option 6 command to define all DNS servers. If a DHCP option is specified by both the dedicated command and the option command, the DHCP server preferentially assigns the content specified by the dedicated command.
Syntax reset dhcp server expired [ ip ip-address | pool pool-name ] Views User view Predefined user roles network-admin Parameters ip ip-address: Clears the binding information for the specified expired IP address. pool pool-name: Clears the binding information for the expired IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. Usage guidelines Using this command without any parameter clears binding information for all expired IP addresses.
Related commands display dhcp server ip-in-use reset dhcp server statistics Use reset dhcp server statistics to clear DHCP server statistics. Syntax reset dhcp server statistics Views User view Predefined user roles network-admin Examples # Clear DHCP server statistics. reset dhcp server statistics Related commands display dhcp server statistics static-bind Use static-bind to statically bind a client ID or MAC address to an IP address. Use undo static-bind to remove a static binding.
hexadecimal numbers. For example, aabb-cccc-dd is a correct ID, while aabb-c-dddd and aabb-cc-dddd are incorrect IDs. hardware-address hardware-address: Specifies the client hardware address of the static binding, a string of 4 to 79 characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…, in which the last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers.
Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server name aaa in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server domain-name aaa Related commands • display dhcp server pool • tftp-server ip-address tftp-server ip-address Use tftp-server ip-address to specify a TFTP server address in a DHCP address pool.
Use undo voice-config to remove the Option 184 content from a DHCP address pool. Syntax voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } } undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ] Default No Option 184 content is configured in a DHCP address pool.
DHCP relay agent commands dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the relay agent. Syntax dhcp relay check mac-address undo dhcp relay check mac-address Default The MAC address check function is disabled.
Syntax dhcp relay client-information record undo dhcp relay client-information record Default The DHCP relay agent does not record client information in relay entries. Views System view Predefined user roles network-admin Usage guidelines Disabling recording of client information deletes all recorded relay entries. Examples # Enable recording of relay entries on the relay agent.
Examples # Set the refresh interval to 100 seconds. system-view [Sysname] dhcp relay client-information refresh interval 100 Related commands • dhcp relay client-information record • dhcp relay client-information refresh enable dhcp relay client-information refresh enable Use dhcp relay client-information refresh enable to enable the relay agent to periodically refresh dynamic relay entries.
Related commands • dhcp relay client-information record • dhcp relay client-information refresh • reset dhcp relay client-information dhcp relay information circuit-id Use dhcp relay information circuit-id to configure the padding content and padding format for the circuit ID sub-option of Option 82. Use undo dhcp relay information circuit-id to restore the default.
Usage guidelines If you use this command multiple times, the most recent configuration takes effect. The padding format for the user-defined string, the normal mode, or the verbose modes varies with the command configuration. The following matrix shows how the padding format is determined for different modes.
Default The DHCP relay agent does not support Option 82. Views Interface view Predefined user roles network-admin Usage guidelines With this feature enabled, the DHCP relay agent adds Option 82 to a DHCP request that does not contain Option 82 before forwarding it to the DHCP server. You can configure the content of Option 82 with the dhcp relay information circuit-id and dhcp relay information remote-id commands.
Parameters normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface. format: Specifies the padding format. The default setting is Hex. ascii: Specifies the ASCII padding format. hex: Specifies the Hex padding format. string remote-id: Specifies a case-sensitive string of 1 to 63 characters as the content of the remote ID sub-option. sysname: Uses the system name as the content of the remote ID sub-option.
Parameters drop: Drops messages containing Option 82. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only for DHCP requests containing Option 82. If the DHCP relay agent is enabled to support Option 82, it always adds Option 82 to a DHCP request that does not contain Option 82 before forwarding the request to the DHCP server.
dhcp relay server-address Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent. Use undo dhcp relay server-address to remove DHCP servers. Syntax dhcp relay server-address ip-address undo dhcp relay server-address [ ip-address ] Default No DHCP server is specified on the relay agent. Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a DHCP server.
Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. ip ip-address: Displays the relay entry for the specified IP address. vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the specified MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31 characters.
display dhcp relay information Use display dhcp relay information to display Option 82 configuration information on the DHCP relay agent. Syntax display dhcp relay information [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays Option 82 configuration information on the specified interface.
Field Description Strategy Handling strategy for request messages containing Option 82, Drop, Keep, or Replace. Circuit ID Pattern Padding content mode of the circuit ID sub-option, Verbose, Normal, or User Defined. Remote ID Pattern Padding content mode of the remote ID sub-option, Sysname, Normal, or User Defined. Circuit ID format-type Padding format of the circuit ID sub-option, ASCII, Hex, or Undefined.
Related commands dhcp relay server-address display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent. Syntax display dhcp relay statistics [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays DHCP packet statistics on the specified interface.
DHCPDISCOVER: 0 DHCPREQUEST: 0 DHCPINFORM: 0 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets sent to clients: 0 DHCPOFFER: 0 DHCPACK: 0 DHCPNAK: 0 BOOTPREPLY: 0 Related commands reset dhcp relay statistics reset dhcp relay client-information Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.
Syntax reset dhcp relay statistics [ interface interface-type interface-number ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Clears DHCP relay agent statistics on the specified interface. If no interface is specified, this command clears all DHCP relay agent statistics. Examples # Clear all DHCP relay agent statistics.
DHCP client commands dhcp client dad enable Use dhcp client dad enable to enable duplicate address detection. Use undo dhcp client dad enable to disable duplicate address detection. Syntax dhcp client dad enable undo dhcp client dad enable Default The duplicate address detection feature is enabled on an interface. Views System view Predefined user roles network-admin Usage guidelines DHCP client detects IP address conflict through ARP packets.
Predefined user roles network-admin Parameters ascii string: Specifies a case-insensitive ASCII string of 1 to 63 characters as the client ID. hex string: Specifies a case-insensitive hex string of 4 to 64 characters as the client ID. mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID. The interface-type interface-number argument specifies an interface by its type and number.
Current state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds DHCP server: 40.1.1.2 # Display verbose DHCP client information. display dhcp client verbose Vlan-interface10 DHCP client information: Current state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from May 21 19:00:29 2012 to May 31 19:00:29 2012 DHCP server: 40.1.1.
Field Description T2 7/8 lease time (in seconds) of the DHCP client IP address. Lease from….to…. Start and end time of the lease. DHCP server DHCP server IP address that assigned the IP address. Transaction ID Transaction ID, a random number chosen by the client to identify an IP address allocation. Default router Gateway address assigned to the client. Classless static routes Classless static routes assigned to the client. Static routes Classful static routes assigned to the client.
Predefined user roles network-admin Usage guidelines When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message for releasing the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. Examples # Configure VLAN-interface 10 to use DHCP for IP address acquisition.
DHCP snooping commands DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay agent. dhcp snooping binding database filename Use dhcp snooping binding database filename to specify a file to store DHCP snooping entries. Use undo dhcp snooping binding database filename to restore the default.
Syntax dhcp snooping binding database update interval seconds undo dhcp snooping binding database update interval Default The device does not update DHCP snooping entries periodically. Views System view Predefined user roles network-admin Parameters Seconds: Sets the update interval in the range of 60 to 864000 seconds. Usage guidelines When a DHCP snooping entry is learned or removed, the device does not update the database file until after the specified waiting period.
Related commands dhcp snooping binding database filename dhcp snooping binding record Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries. Use undo dhcp snooping binding record to disable the function. Syntax dhcp snooping binding record undo dhcp snooping binding record Default DHCP snooping does not record client information.
Usage guidelines With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request. Examples # Enable MAC address check for DHCP snooping.
Use undo dhcp snooping enable to disable DHCP snooping. Syntax dhcp snooping enable undo dhcp snooping enable Default DHCP snooping is disabled. Views System view Predefined user roles network-admin Usage guidelines When a DHCP snooping entry is learned or removed, the device does not update the database file until after the specified waiting period. All changed entries during that period will be updated. When DHCP snooping is disabled, the device forwards all responses from DHCP servers.
normal: Specifies the normal padding format. The padding content includes the VLAN ID and interfce number. verbose: Specifies the verbose padding format. node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier. By default, the node MAC address is used as the node identifier. The padding content includes the node identifier, Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, interface number, and VLAN ID.
[Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information enable [Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information strategy replace [Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping information circuit-id verbose node-identifier sysname format ascii Related commands • dhcp snooping information enable • dhcp snooping information strategy • display dhcp snooping information dhcp snooping information enable Use dhcp snooping information enable to enable DHCP snooping to support Option 82.
Use undo dhcp snooping information remote-id to restore the default. Syntax dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string remote-id | sysname } } undo dhcp snooping information remote-id [ vlan vlan-id ] Default The padding format is normal and the code type is hex. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin Parameters vlan vlan-id: Specifies the VLAN ID as the remote ID sub-option.
dhcp snooping information strategy Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages. Use undo dhcp snooping information strategy to restore the default. Syntax dhcp snooping information strategy { drop | keep | replace } undo dhcp snooping information strategy Default The handling strategy for Option 82 in request messages is replace.
Default Incoming DHCP packets on an interface are not rate limited. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin Parameters rate: Specifies the maximum rate at which the interface can receive DHCP packets, in the range of 64 to 512 Kbps. Usage guidelines This command takes effect only when DHCP snooping has been enabled. With the rate limit function, the interface discards DHCP packets that exceed the maximum rate.
Examples # Specify the Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 as a trusted port. system-view [Sysname] interface Ten-GigabitEthernet 1/0/1 [Sysname-Ten-GigabitEthernet1/0/1] dhcp snooping trust Related commands display dhcp snooping trust display dhcp snooping binding Use display dhcp snooping binding to display DHCP snooping entries.
Field Description Interface Port connected to the DHCP client. Related commands • dhcp snooping enable • reset dhcp snooping binding display dhcp snooping binding database Use display dhcp snooping binding database to display information about the file that stores DHCP snooping entries. Syntax display dhcp snooping binding database Views Any view Predefined user roles network-admin network-operator Examples # Display information about the file that stores DHCP snooping entries.
Syntax display dhcp snooping information { all | interface interface-type interface-number } Views Any view Predefined user roles network-admin network-operator Parameters all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces. interface interface-type interface-number: Specifies an interface by its type and number. Examples # Display Option 82 configuration on all interfaces.
Field Description Code type of Option 82 sub-option: Format • For circuit ID sub-option, the code type can be ASCII, Default, or Hex. • For remote ID sub-option, the code type can be ASCII or Hex. Remote ID Content of the remote ID sub-option. VLAN Pads circuit ID sub-option and remote ID sub-option in the DHCP packets received in the specified VLAN. display dhcp snooping packet statistics Use display dhcp snooping packet statistics to display DHCP packet statistics for DHCP snooping.
display dhcp snooping trust Use display dhcp snooping trust to display information about trusted ports. Syntax display dhcp snooping trust Views Any view Predefined user roles network-admin network-operator Examples # Display information about trusted ports. display dhcp snooping trust DHCP snooping is enabled. DHCP snooping trust becomes active.
Related commands display dhcp snooping binding reset dhcp snooping packet statistics Use reset dhcp snooping packet statistics to clear DHCP packet statistics for DHCP snooping. Syntax In standalone mode: reset dhcp snooping packet statistics [ slot slot-number ] In IRF mode: reset dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by the slot number. (In standalone mode.
BOOTP client commands display bootp client Use display bootp client to display information about a BOOTP client. Syntax display bootp client [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If no interface is specified, the command displays BOOTP client information for all interfaces.
Related commands ip address bootp-alloc ip address bootp-alloc Use ip address bootp-alloc to configure an interface to use BOOTP for IP address acquisition. Use undo ip address bootp-alloc to cancel an interface from using BOOTP from acquiring an IP address. Syntax ip address bootp-alloc undo ip address bootp-alloc Default An interface does not use BOOTP for IP address acquisition.
DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If this keyword is not specified, the command displays the statically configured and dynamically obtained domain name suffixes.
Related commands dns domain display dns host Use display dns host to display information about domain name-to-IP address mappings. Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
Table 22 Command output Field Description No. Sequence number. Host name Domain name. Domain name-to-IP address mapping type: Type • S—A static mapping configured by the ip host or ipv6 host command. • D—A mapping dynamically obtained through DNS. Time in seconds that a mapping can be stored in the cache. TTL For a static mapping, a hyphen (-) is displayed. Query type Query type, type A or type AAAA. Replied IP address: IP addresses • For type A query, the replied IP address is an IPv4 address.
Type: D: Dynamic S: Static No. Type IP address 1 S 202.114.0.424 2 S 169.254.65.125 Table 23 Command output Field Description No. Sequence number. DNS server type: Type • S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server. Related commands dns server display ipv6 dns server Use display ipv6 dns server to display IPv6 DNS server information.
No. Type IPv6 address 1 2::2 S Outgoing Interface Table 24 Command output Field Description No. Sequence number. DNS server type: Type S—A manually configured DNS server. D—DNS server information dynamically obtained through DHCP or other protocols. IPv6 address IPv6 address of the DNS server. Outgoing Interface Output interface. Related commands ipv6 dns server dns domain Use dns domain to configure a domain name suffix. Use undo dns domain to delete the specified domain name suffix.
You can specify domain name suffixes for the public network and up to 1024 VPNs, and specify a maximum of 16 domain name suffixes for the public network or each VPN. The system automatically adds the suffixes in the order they are configured to the domain name string received from a host for resolution. Examples # Configure the domain name suffix com for the public network.
Syntax dns server ip-address [ vpn-instance vpn-instance-name ] undo dns server [ ip-address ] [ vpn-instance vpn-instance-name ] Default No DNS server is specified. Views System view Predefined user roles network-admin Parameters ip-address: Specifies an IPv4 address of a DNS server. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To specify an IPv4 address on the public network, do not use this option.
Predefined user roles network-admin Parameters interface-type interface-number: Specifies an interface by its type and number. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN by its name, a case-sensitive string of 1 to 31 characters. To specify a source interface on the public network, do not use this option. Usage guidelines This configuration applies to both IPv4 and IPv6.
Parameters ip-address: Specifies the IPv4 address used to spoof name query requests. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN, a case-sensitive string of 1 to 31 characters. To enable DNS spoofing function on the public network, do not use this option. Usage guidelines Use the dns spoofing command together with the dns proxy enable command. DNS spoofing enables the DNS proxy on the device to send a spoofed reply with an IPv4 address in response to a type A DNS request.
Usage guidelines By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker may act as the DHCP server to assign wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or may get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attack.
On the public network or a VPN, each host name maps to only one IPv4 address. If you use the command multiple times, the most recent configuration takes effect. Examples # Map the IPv4 address 10.110.0.1 to the host name aaa on the public network. system-view [Sysname] ip host aaa 10.110.0.1 Related commands display dns host ipv6 dns server Use ipv6 dns server to specify a DNS server IPv6 address. Use undo ipv6 dns server to remove the specified DNS server IPv6 address.
Examples # Specify the DNS server IPv6 address as 2002::1 for the public network. system-view [Sysname] ipv6 dns server 2002::1 Related commands display ipv6 dns server ipv6 dns spoofing Use ipv6 dns spoofing to enable DNS spoofing and specify the translated IPv6 address. Use undo ipv6 dns spoofing to disable DNS spoofing.
Related commands dns proxy enable ipv6 host Use ipv6 host to create a host name-to-IPv6 address mapping. Use undo ipv6 host to remove a mapping. Syntax ipv6 host host-name ipv6-address [ vpn-instance vpn-instance-name ] undo ipv6 host host-name ipv6-address [ vpn-instance vpn-instance-name ] Default No mappings are created. Views System view Predefined user roles network-admin Parameters host-name: Specifies a host name.
reset dns host Use reset dns host to clear information about the dynamic DNS cache. Syntax reset dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views User view Predefined user roles network-admin Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
DDNS commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update.
Related commands • ddns policy • display ddns policy ddns policy Use ddns policy to create a DDNS policy and enter its view. Use undo ddns policy to delete a DDNS policy. Syntax ddns policy policy-name undo ddns policy policy-name Default No DDNS policy is created. Views System view Predefined user roles network-admin Parameters policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters. Usage guidelines You can create up to 16 DDNS policies on the device.
Predefined user roles network-admin network-operator Parameters policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters. If no DDNS policy is specified, the command displays information about all DDNS policies. Examples # Display information about the DDNS policy steven_policy. display ddns policy steven_policy DDNS policy: steven_policy URL : http://members.3322.
Table 25 Command output Field Description DDNS policy DDNS policy name. URL URL address for a DDNS update request. This field is blank if no URL address is configured. Username Username for the URL address that requests a DDNS update. This field is blank if no username is configured. Password Password for the URL address that requests a DDNS update. This field is blank if no password is configured and displays ****** if a password is configured.
Usage guidelines A DDNS update request is initiated immediately after the primary IP address of the interface changes or the link state of the interface changes from down to up. If you set the interval to 0, the device does not periodically initiate any DDNS update request, but initiates a DDNS update request when the primary IP address of the interface changes or the link state of the interface changes from down to up.
Usage guidelines This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS service, choose a parameter transmission method compatible with the DDNS server. For example, a DHS server supports the http-post method. If the DDNS policy has been applied to an interface, a DDNS update is sent immediately after the parameter transmission is changed. Examples # Specify the parameter transmission method as http-post for DDNS update request for DDNS policy steven_policy.
Examples # Specify the login password as nevets to be contained in the URL address for update requests of DDNS policy steven_policy. system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] password simple nevets Related commands • ddns policy • display ddns policy • url • username ssl client policy Use ssl-client-policy to associate a specific SSL client policy with a DDNS policy. Use undo ssl-client-policy to cancel the association.
Related commands • ddns policy • display ddns policy • ssl-client-policy (Security Command Reference) url Use url to specify the URL address for DDNS update requests. Use undo url to delete the URL address. Syntax url request-url undo url Default No URL address is specified for DDNS update requests.
DDNS server URL addresses for DDNS update requests CHANGE-IP http://nic.changeip.com/nic/update?hostname=&offline=1 NO-IP http://dynupdate.no-ip.com/nic/update?hostname=&myip= DHS http://members.dhs.org/nic/hosts?domain=dyn.dhs.org&hostname=&hostscmd =edit&hostscmdstage=2&type=1&ip= HP https://server-name/nic/update?group=group-name&myip= ODS ods://update.ods.org GNUDIP gnudip://server-name PeanutHull oray://phservice2.oray.
If you use the url command multiple times with different URL addresses, the most recent configuration takes effect. Examples # Specify the URL address for DDNS policy steven_policy. system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] url http://members.3322.
• password • url 125
Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Displays the FIB table of the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the command displays the FIB entries of the public network.
Destination/Mask Nexthop Flag OutInterface/Token Label 10.2.0.0/16 10.2.1.1 U Vlan20 Null 10.2.1.1/32 127.0.0.1 UH InLoop0 Null 127.0.0.0/8 127.0.0.1 U InLoop0 Null 127.0.0.1/32 127.0.0.1 UH InLoop0 Null # Display the FIB entries matching the destination IP address 10.2.1.1. display fib 10.2.1.
IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax In standalone mode: display icmp statistics [ slot slot-number ] In IRF mode: display icmp statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays ICMP statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.
broadcast/multicast timestamp requests ignored Output: echo 0 0 destination unreachable 0 source quench 0 redirects 0 echo replies 175 parameter problem 0 timestamp 0 information replies 0 mask requests 0 mask replies 0 time exceeded 0 bad address 0 packet error 1442 display ip statistics Use display ip statistics to display IP packet statistics.
dropped 0 fragmented 0 couldn't fragment 0 0 timeouts Reassembling:sum 0 Table 28 Command output Field Input Output Fragment Reassembling Description sum Total number of packets received. local Total number of packets destined for the device. bad protocol Total number of unknown protocol packets. bad format Total number of packets with incorrect format. bad checksum Total number of packets with incorrect checksum. bad options Total number of packets with incorrect option.
Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief RawIP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device.
Syntax In standalone mode: display rawip verbose [ slot slot-number [ pcb pcb-index ] ] In IRF mode: display rawip verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed RawIP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB. The index value range is 1 to 16.
# In IRF mode, display detailed information about RawIP connections. display rawip verbose Total RawIP Socket Number: 1 chassis: 1 slot: 1 creator: dhcpd[378] state: N/A options: N/A error: 0 rcvbuf(cc/hiwat/lowat/state): 0 / 9216 / 1 / N/A sndbuf(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A type: 3 protocol: 1 connection info: src = 0.0.0.0, dst = 0.0.0.
Syntax In standalone mode: display tcp [ slot slot-number ] In IRF mode: display tcp [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief TCP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.
Field Description Foreign Addr:port Peer IP address and port number. State TCP connection state. Chassis ID of the IRF member device. Slot Number of the slot that holds the card. PCB PCB index. display tcp statistics Use display tcp statistics to display TCP traffic statistics.
packets dropped due to PAWS: 0 duplicate packets: 12 (36 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 3531 (795048 bytes) duplicate ACK packets: 33, ACK packets for unsent data: 0 Sent packets: Total: 4058 urgent packets: 0 control packets: 50 window probe packets: 3, window update packets: 11 data packets: 3862 (795012 bytes), data packets retransmitted: 0 (0 bytes) ACK-only packets: 150 (
23 closed connections: 50051 (dropped: 0, initiated dropped: 0) bad connection attempt: 0 ignored RSTs in the window: 0 listen queue overflows: 0 RTT updates: 3518(attempt segment: 3537) correct ACK header predictions: 0 correct data packet header predictions: 568 resends due to MTU discovery: 0 packets dropped with MD5 authentication: 0 packets permitted with MD5 authentication: 0 Related commands reset tcp statistics display tcp verbose Use display tcp verbose to display detailed information about TCP c
Examples # In standalone mode, display detailed information about TCP connections. display tcp verbose TCP inpcb number: 3(tcpcb number: 2) slot: 1 creator: telnetd[230] state: N/A options: SO_ACCEPTCONN SO_REUSEADDR SO_REUSEPORT error: 0 rcvbuf(cc/hiwat/lowat/state): 0 / 65536 / 1 / N/A sndbuf(cc/hiwat/lowat/state): 0 / 65536 / 512 / N/A type: 1 protocol: 6 connection info: src = 0.0.0.0:23 , dst = 0.0.0.
# In IRF mode, display detailed information about TCP connections. display tcp verbose TCP inpcb number: 2(tcpcb number: 2) chassis: 1 slot: 1 creator: telnetd[317] state: N/A options: SO_ACCEPTCONN SO_REUSEADDR SO_REUSEPORT error: 0 rcvbuf(cc/hiwat/lowat/state): 0 / 65536 / 1 / N/A sndbuf(cc/hiwat/lowat/state): 0 / 65536 / 512 / N/A type: 1 protocol: 6 connection info: src = 0.0.0.0:23 , dst = 0.0.0.
display udp [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief UDP connection information for the specified card on the specified IRF member device.
Syntax In standalone mode: display udp statistics [ slot slot-number ] In IRF mode: display udp statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays UDP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.
display udp verbose [ slot slot-number [ pcb pcb-index ] ] In IRF mode: display udp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The value range is 1 to 16. slot slot-number: Displays detailed UDP connection information for the specified card. The slot-number argument specifies the slot number of the card.
# In IRF mode, display detailed UDP connection information. display udp verbose Total UDP Socket Number: 1 chassis: 1 slot: 1 creator: sock_test_mips[250] state: N/A options: N/A error: 0 rcvbuf(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A sndbuf(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A type: 2 protocol: 17 connection info: src = 0.0.0.0:69, dst = 0.0.0.
Use undo ip forward-broadcast to disable an interface from receiving and forwarding directed broadcast packets destined for the directly connected network. Syntax ip forward-broadcast undo ip forward-broadcast Default An interface cannot receive or forward directed broadcasts destined for the directly connected network. Views Interface view Predefined user roles network-admin Usage guidelines A directed broadcast packet is destined for all hosts on a specific network.
Views System view Predefined user roles network-admin Usage guidelines Disable forwarding of ICMP fragments can prevent ICMP fragment attacks. Examples # Disable forwarding of ICMP fragments. system-view [Sysname] ip icmp fragment discarding ip mtu Use ip mtu to configure an MTU for an interface. Use undo ip mtu to restore the default. Syntax ip mtu mtu-size undo ip mtu Default No MTU is configured for an interface.
If an interface supports both the mtu and ip mtu commands, the device fragments a packet based on the MTU set by the ip mtu command. Examples # Set the MTU of VLAN interface 100 to 1280 bytes. system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ip mtu 1280 ip redirects enable Use ip redirects enable to enable sending ICMP redirect packets. Use undo ip redirects enable to disable sending ICMP redirect packets.
ip ttl-expires enable Use ip ttl-expires enable to enable sending ICMP time-exceeded packets. Use undo ip ttl-expires enable to disable sending ICMP time-exceeded packets. Syntax ip ttl-expires enable undo ip ttl-expires enable Default Sending ICMP time-exceeded packets is disabled.
Views System view Predefined user roles network-admin Usage guidelines A device sends ICMP destination unreachable packets by following these rules: • If a packet does not match any specific route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error packet to the source.
Parameters slot slot-number: Clears IP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. The number range depends on the device model. (In standalone mode.) chassis chassis-number slot slot-number: Clears IP traffic statistics for the specified card of the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number specifies the slot number of the card. (In IRF mode.
Syntax reset udp statistics Views User view Predefined user roles network-admin Examples # Clear UDP traffic statistics. reset udp statistics Related commands display udp statistics tcp mss Use tcp mss to configure the TCP maximum segment size (MSS). Use undo tcp mss to restore the default. Syntax tcp mss value undo tcp mss Default The TCP MSS is 1460 bytes. Views Interface view Predefined user roles network-admin Parameters Value: Specifies the TCP MSS in the range of 128 to 2048 bytes.
If you configure a TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value. Examples # Set the TCP MSS to 300 bytes on VLAN-interface 100. system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] tcp mss 300 tcp path-mtu-discovery Use tcp path-mtu-discovery to enable TCP path MTU discovery. Use undo tcp path-mtu-discovery to disable TCP path MTU discovery.
tcp syn-cookie enable Use tcp syn-cookie enable to enable SYN Cookie to protect the device from SYN flood attacks. Use undo tcp syn-cookie enable to disable SYN Cookie. Syntax tcp syn-cookie enable undo tcp syn-cookie enable Default SYN Cookie is disabled. Views System view Predefined user roles network-admin Usage guidelines A TCP connection is established through a three-way handshake: 1. The sender sends a SYN packet to the server. 2.
Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout Default The TCP FIN wait timer is 675 seconds. Views System view Predefined user roles network-admin Parameters time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds. Usage guidelines TCP starts the FIN wait timer when the state changes to FIN_WAIT_2. If no FIN packet is received within the timer interval, the TCP connection is terminated. If a FIN packet is received, TCP changes connection state to TIME_WAIT.
Usage guidelines TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within the SYN wait timer interval, TCP fails to establish the connection. Examples # Set the TCP SYN wait timer to 80 seconds. system-view [Sysname] tcp timer syn-timeout 80 tcp window Use tcp window to configure the size of the TCP receive/send buffer. Use undo tcp window to restore the default.
UDP helper commands display udp-helper interface Use display udp-helper interface to display information about packets forwarded by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
reset udp-helper statistics Use reset udp-helper statistics to clear the statistics of UDP packets forwarded by UDP helper. Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the statistics of UDP packets forwarded by UDP helper. reset udp-helper statistics Related commands display udp-helper interface udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper.
udp-helper port Use udp-helper port to specify a UDP port number for UDP helper. Use undo udp-helper port to remove UDP port numbers. Syntax udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } Default No UDP port number is specified for UDP helper.
Use undo udp-helper server to remove a destination server for UDP helper. Syntax udp-helper server ip-address undo udp-helper server [ ip-address ] Default No destination server is specified. Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a destination server, in dotted decimal notation. Usage guidelines Specify destination servers on an interface that receives UDP broadcast packets.
IPv6 basics commands display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address [ prefix-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. ipv6-address: Specifies an IPv6 address.
Time stamp : 0x1 Label: 100 Interface Token: Invalid : Eth1/2 Table 35 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of IPv6 FIB entries. Destination Destination address. Prefix length Prefix length of the destination address. Nexthop Next hop. Route flag: Flags • • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Black hole route. D—Dynamic route. S—Static route. R—Recursive route. F—Fast re-route.
Parameters slot slot-number: Displays ICMPv6 packet statistics for the specified card. The slot-number argument specifies the slot that holds the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays ICMPv6 packet statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the number of the slot that holds the card. (In IRF mode.
brief: Displays brief information. Usage guidelines If the brief keyword is specified, this command displays brief information including physical status, link-layer protocols, and IPv6 address. If the brief keyword is not specified, this command displays detailed information including IPv6 configuration and operating information, and IPv6 packet statistics. If no interface is specified, this command displays IPv6 information for all interfaces.
InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 0 OutRequests: 0 OutForwDatagrams: 0 InNoRoutes: 0 InTooBigErrors: 0 OutFragOKs: 0 OutFragCreates: 0 InMcastPkts: 0 InMcastNotMembers: 0 OutMcastPkts: 0 InAddrErrors: 0 InDiscards: 0 OutDiscards: 0 Table 36 Command output Field Description Physical state of the interface: • Administratively DOWN—The VLAN interface has been administratively shut down with the shutdown command.
Field Description Global unicast addresses of the interface: If the state of an address is not preferred (addresses in the preferred state can be used as source or destination addresses of packets), the following marks other address states: • TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. • DUPLICATE—The address is not unique on the link. • DEPRECATED—The address is beyond the preferred lifetime but in the valid lifetime.
Field Description InFragDrops IPv6 fragments that are discarded because of certain errors. InFragTimeouts IPv6 fragments that are discarded because the amount of time they stayed in the system buffer exceeded the specified interval. OutFragFails Packets that failed to be fragmented on the output interface. InUnknownProtos Received IPv6 packets with unknown or unsupported protocol type.
Field Description Interface Name of the interface. Physical state of the interface: • *down—The interface has been administratively shut down with the shutdown command. Physical • down—The interface is administratively up but its physical state is down. • up—The administrative and physical states of the interface are both up. Link layer protocol state of the interface: • down—The network layer protocol state of the interface is down. • up—The network layer protocol state of the interface is up.
Age: 600 Flag: A Lifetime(Valid/Preferred): - Table 38 Command output Filed Description Prefix IPv6 address prefix. How the prefix is generated: Origin Age • STATIC—Manually configured with the ipv6 nd ra prefix command. • RA—Advertised in RA messages after stateless autoconfiguration is enabled. • ADDRESS—Generated by a manually configured address. Aging time in seconds. If the prefix does not age out, a hyphens (-) is displayed. Flags advertised in RA messages.
all: Displays information about all neighbors, including neighbors acquired dynamically and configured statically on the public network and all private networks. dynamic: Displays information about all neighbors acquired dynamically. static: Displays information about all neighbors configured statically. slot slot-number: Displays neighbor information for the specified card. (In standalone mode.
Field Description State of a neighbor: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable. • STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. • DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. • PROBE—Whether the neighbor is reachable is unknown.
Parameters all: Displays the total number of all neighbor entries, including neighbor entries created dynamically and configured statically. dynamic: Displays the total number of neighbor entries created dynamically. static: Displays the total number of neighbor entries configured statically. slot slot-number: Displays the total number of neighbor entries for the specified card. The slot-number argument specifies the number of the slot that holds the card. (In standalone mode.).
Type: S-Static IPv6 Address D-Dynamic Link Layer FE80::200:5EFF:FE32:B800 0000-5e32-b800 VID N/A I-Invalid Interface XGE1/0/1 State T REACH IS Age - Table 40 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link-layer Link layer address (MAC address) of a neighbor. VID VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. Neighbor state: • INCMP—The address is being resolved.
network-operator Parameters slot slot-number: Displays brief information about IPv6 RawIP connections for the specified card. The slot-number argument specifies the number of the slot that holds the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief information about IPv6 RawIP connections for the specified card for the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device.
display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ] In IRF mode: display ipv6 rawip verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16. slot slot-number: Displays detailed information about IPv6 RawIP connections for the specified card.
display ipv6 rawip verbose Total RawIP Socket Number: 1 chassis: 1 slot: 1 creator: ping ipv6[320] state: N/A options: N/A error: 0 rcvbuf(cc/hiwat/lowat/state): 0 / 9216 / 1 / N/A sndbuf(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A type: 3 protocol: 58 connection info: src = ::, dst = :: inpcb flags: N/A inpcb vflag: INP_IPV6 hop limit: 255 (minimum hop limit: 0) send VRF: 0xffff receive VRF: 0xffff Table 42 Command output Field Description Total RawIP Socket Number Total number of IPv6 RawIP
Field Description Socket type: type • • • • • • SOCK_STREAM—1. SOCK_DGRAM—2. SOCK_RAW—3. SOCK_RDM—4. SOCK_SEQPACKET—5. N/A—None of the above types. protocol Number of protocol using the socket. 58 represents ICMP. connection info Connection information, including the source and destination IPv6 addresses. Flags in the Internet PCB: inpcb flags • • • • • INP_RECVOPTS—Receives IPv6 options. INP_RECVRETOPTS—Receives replied IPv6 options. INP_RECVDSTADDR—Receives destination IPv6 address.
chassis chassis-number slot slot-number: Displays IPv6 and ICMPv6 packet statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the number of the slot that holds the card. (In IRF mode.) Usage guidelines This command displays statistics about received and sent IPv6 and ICMPv6 packets. Use the reset ipv6 statistics command to clear the statistics of all IPv6 and ICMPv6 packets.
Received packets: Total: 0 Checksum errors: 0 Too short: Bad codes: 0 Unreachable: 0 0 Too big: 0 Hop limit exceeded: 0 Reassembly timeouts: 0 Parameter problems: 0 Unknown error types: 0 Echo requests: Neighbor solicits: Router solicits: 0 Neighbor adverts: 0 Redirects: Unknown info types: Echo replies: 0 Router adverts: 0 Router renumbering: 0 0 0 0 0 Deliver failed: Bad length: 0 Related commands reset ipv6 statistics display ipv6 tcp Use display ipv6 tcp to display bri
Usage guidelines Brief information about IPv6 TCP connections includes the local IPv6 address and port number, peer IPv6 address and port number, and TCP connection state. Examples # In standalone mode, display brief information about an IPv6 TCP connection. display ipv6 tcp *: TCP MD5 Connection LAddr->port FAddr->port State Slot PCB ::->23 ::->0 LISTEN 1 0xffffffffffffff9e # In IRF mode, display brief information about IPv6 TCP connections.
Syntax In standalone mode: display ipv6 tcp verbose [ slot slot-number [ pcb pcb-index ] ] In IRF mode: display ipv6 tcp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 TCP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16.
inpcb vflag: INP_IPV6 INP_IPV6PROTO hop limit: 255(minimum hop limit: 0) connection state: LISTEN send VRF: 0xffff receive VRF: 0xffff # In IRF mode, display detailed information about an IPv6 TCP connection.
Field Description Sending buffer information: the used space, maximum space, minimum space, and state in the parentheses. The state can be: sndbuf(cc/hiwat/lowat/state) • • • • SBS_CANTSENDMORE—Unable to send data to the peer. SBS_CANTRCVMORE—Unable to receive data from the peer. SBS_RCVATMARK—Receiving tag. N/A—None of the above states. Socket types: type • • • • • • SOCK_STREAM—1. SOCK_DGRAM—2. SOCK_RAW—3. SOCK_RDM—4. SOCK_SEQPACKET—5. N/A—None of the above types.
Field Description send VRF Sent instances. receive VRF Received instances. display ipv6 udp Use display ipv6 udp to display brief information about IPv6 UDP connections. Syntax In standalone mode: display ipv6 udp [ slot slot-number ] In IRF mode: display ipv6 udp [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief information about IPv6 UDP connections for the specified card.
2003::1->25 2001::2->1283 1 3 0x0000000000000009 Table 45 Command output Field Description LAddr->port Local IPv6 address and port number. FAddr->port Peer IPv6 address and port number. Chassis ID of the IRF member device. Slot Number of the slot that holds the card. PCB PCB index. display ipv6 udp verbose Use display ipv6 udp verbose to display detailed information about IPv6 UDP connections.
Examples # In standalone mode, display detailed information about an IPv6 UDP connection.
Field Description creator Task name of the socket. The progress number is displayed in the square brackets. state Socket state. options Socket options. Receiving buffer information: the used space, maximum space, minimum space, and state in the parentheses. The state can be: rcvbuf(cc/hiwat/lowat/state) • • • • SBS_CANTSENDMORE—Unable to send data to the peer. SBS_CANTRCVMORE—Unable to receive data from the peer. SBS_RCVATMARK—Receiving tag. N/A—None of the above states.
ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove the IPv6 global unicast address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No IPv6 global unicast address is configured for an interface.
Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast Default No IPv6 anycast address is configured for an interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies an IPv6 anycast address. prefix-length: Specifies the prefix length in the range of 1 to 128.
Predefined user roles network-admin Usage guidelines After a global unicast address is generated through stateless autoconfiguration, a link-local address is generated automatically. The link-local address can be removed only by executing the undo ipv6 address auto command. Examples # Enable stateless address autoconfiguration on VLAN-interface 100.
• If the interface has no IPv6 global unicast address configured, it has no link-local address. Manual assignment takes precedence over automatic generation. • If you first adopt automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated address.
Usage guidelines An EUI-64 IPv6 address is generated based on the specified prefix and the automatically generated interface identifier and is displayed by using the display ipv6 interface command. The prefix length of an EUI-64 IPv6 address cannot be greater than 64. Examples # Configure an EUI-64 IPv6 address for VLAN-interface 100. The prefix of the address is the same as that of 2001::1/64, and the interface ID is generated based on the MAC address of the device.
If you adopt automatic generation, and then use manual assignment, the manually assigned link-local address overwrites the one that is automatically generated. If you adopt manual assignment, and then use automatic generation, the automatically generated link-local address does not take effect and the manually assigned link-local address of an interface remains. After you delete the manually assigned address, the automatically generated link-local address takes effect.
system-view [Sysname] ipv6 hop-limit 100 Related commands ipv6 nd hop-limit unspecified ipv6 hoplimit-expires enable Use ipv6 hoplimit-expires enable to enable sending ICMPv6 Time Exceeded messages. Use undo ipv6 hoplimit-expires to disable sending ICMPv6 Time Exceeded messages. Syntax ipv6 hoplimit-expires enable undo ipv6 hoplimit-expires enable Default Sending ICMPv6 Time Exceeded messages is enabled.
Views System view Predefined user roles network-admin Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host. For example, if Host A (an attacker) sends an echo request to a multicast address with Host B as the source, all hosts in the multicast group send echo replies to Host B. To prevent attacks, do not enable the device to reply to multicast echo requests unless necessary.
[Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag Use ipv6 nd autoconfig other-flag to set the other stateful configuration flag (O) to 1 so that the host can obtain information other than IPv6 address through stateful autoconfiguration (for example, from a DHCPv6 server). Use undo ipv6 nd autoconfig other-flag to restore the default.
Default The number of attempts to send an NS message for DAD is 1. Views Interface view Predefined user roles network-admin Parameters value: Specifies the number of attempts to send an NS message for DAD, in the range of 0 to 600. If it is set to 0, DAD is disabled. Usage guidelines An interface sends an NS message for DAD after obtaining an IPv6 address.
Predefined user roles network-admin Parameters value: Specifies the interval for retransmitting an NS message, in the range of 1000 to 4294967295 milliseconds. Usage guidelines If a device does not receive a response from the peer within the specified interval, the device re-sends an NS message.
Usage guidelines If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor reachable within the specified reachable time. If the device must send a packet to the neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is reachable.
Syntax ipv6 nd ra hop-limit unspecified undo ipv6 nd ra hop-limit unspecified Default The maximum number of hops in the RA messages is limited to 64. Views Interface view Predefined user roles network-admin Usage guidelines To set the maximum number of hops to a value rather than the default setting, use the ipv6 hop-limit command. Examples # Specify unlimited hops in the RA messages on VLAN-interface 100.
min-interval-value: Specifies the minimum interval for advertising RA messages in seconds, in the range of 3 to three-fourths of the maximum interval. Usage guidelines The device advertises RA messages at intervals of a random value between the maximum interval and the minimum interval. The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.
ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages. Syntax ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } Default No prefix information is configured for RA messages.
system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100/64 100 10 Method 2: system-view [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100 64 100 10 ipv6 nd ra router-lifetime Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages. Use undo ipv6 nd ra router-lifetime to restore the default.
ipv6 nd router-preference Use ipv6 nd router-preference to set a router preference in RA messages. Use undo ipv6 nd router-preference to restore the default. Syntax ipv6 nd router-preference { high | low | medium } undo ipv6 nd router-preference Default The router preference is medium. Views Interface view Predefined user roles network-admin Parameters high: Sets the router preference to the highest. low: Sets the router preference to the lowest. medium: Sets the router preference to the medium.
Default No static neighbor entry is configured. Views System view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of the static neighbor entry. mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of H-H-H. vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094. port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number.
system-view [Sysname] ipv6 neighbor 2000::1 fe-e0-89 interface Ten-GigabitEthernet 1/0/1 Related commands • display ipv6 neighbors • reset ipv6 neighbors ipv6 neighbor link-local minimize Use ipv6 neighbor link-local minimize to minimize link-local ND entries. Use undo ipv6 neighbor link-local minimize to restore the default. Syntax ipv6 neighbor link-local minimize undo ipv6 neighbor link-local minimize Default All ND entries are assigned to the driver.
undo ipv6 neighbor stale-aging Default The aging timer for ND entries in stale state is 240 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Specifies the aging timer for ND entries in stale state, in the range of 1 to 1440 minutes. Usage guidelines ND entries in stale state have an aging timer. If an ND entry in stale state is not refreshed before the timer expires, it moves to the delay state.
Usage guidelines The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table. When the number of dynamic neighbor entries reaches the threshold, the interface stops learning neighbor information. Examples # Set the maximum number of dynamic neighbor entries that VLAN-interface 100 can learn to 10.
To fix the vulnerability, configure the temporary address function that enables the system to generate and use temporary IPv6 addresses with different interface ID portions on an interface. With this function configured on an IEEE 802 interface, the system can generate two addresses: public IPv6 address and temporary IPv6 address. • Public IPv6 address—Includes an address prefix provided by the RA message and a fixed interface ID generated based on the MAC address of the interface.
Default Sending ICMPv6 redirect messages is disabled. Views System view Predefined user roles network-admin Usage guidelines The default gateway sends an ICMPv6 redirect message to the source of an IPv6 packet to inform of a better first hop. Sending ICMPv6 redirect messages enables hosts that hold few routes to establish routing tables and find the best route. Because this function adds host route into the routing tables, host performance degrades when there are too many host routes.
Examples # Enable sending ICMPv6 destination unreachable packets. system-view [Sysname] ipv6 unreachables enable reset ipv6 neighbors Use reset ipv6 neighbors to clear IPv6 neighbor information.
reset ipv6 neighbors dynamic This will delete all the dynamic entries. Continue? [Y/N]:Y # Clear all neighbor information on Ten-GigabitEthernet 1/0/1. reset ipv6 neighbors interface Ten-GigabitEthernet 1/0/1 This will delete all the dynamic entries by the interface you specified. Contin ue? [Y/N]:Y Related commands • display ipv6 neighbors • ipv6 neighbor reset ipv6 statistics Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics.
Related commands display ipv6 statistics 211
DHCPv6 commands ipv6 dhcp select Use ipv6 dhcp select to enable the DHCPv6 server or DHCPv6 relay agent on an interface. Use undo ipv6 dhcp select to restore the default. Syntax ipv6 dhcp select { relay | server } undo ipv6 dhcp select Default An interface discards DHCPv6 packets from DHCPv6 clients. Views Interface view Predefined user roles network-admin Parameters relay: Enables the DHCPv6 relay agent on the interface. server: Enables the DHCPv6 server on the interface.
• display ipv6 dhcp server display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent). A DHCPv6 device adds its DUID in a sent packet. Examples # Display the DUID of the local device.
DHCPv6 server commands address range Use address range to specify a non-temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation. Use undo address range to remove the non-temporary IPv6 address range in the address pool. Syntax address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo address range Default No non-temporary IPv6 address range is configured.
[Sysname-dhcp6-pool-1] address range 3ffe:501:ffff:100::10 3ffe:501:ffff:100::31 Related commands • display ipv6 dhcp pool • network • temporary address range display ipv6 dhcp pool Use display ipv6 dhcp pool to display information about a DHCPv6 address pool. Syntax display ipv6 dhcp pool [ pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters pool-name: Displays information about the specified DHCPv6 address pool.
IAID: 0000003f Prefix: 3FFE:501:FFFF:200::/64 Preferred lifetime 604800, valid lifetime 2592000 DUID: 0003000100e0fc00cff1 IAID: 00000001 Address: 3FFE:501:FFFF:2001::1/64 Preferred lifetime 604800, valid lifetime 2592000 DNS server addresses: 2::2 Domain name: aaa.com SIP server addresses: 5::1 SIP server domain names: bbb.com Table 47 Command output Field Description DHCPv6 pool Name of the DHCPv6 address pool. Network IPv6 subnet for dynamic IPv6 address allocation.
Syntax display ipv6 dhcp prefix-pool [ prefix-pool-number ] Views Any view Predefined user roles network-admin network-operator Parameters prefix-pool-number: Displays detailed information about a prefix pool specified by its number in the range of 1 to 128. If no prefix pool is specified, the command displays brief information about all prefix pools. Examples # Display brief information about all prefix pools.
Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays DHCPv6 server configuration information on the specified interface. If no interface is specified, the command displays DHCPv6 server configuration information on all interfaces. Examples # Display DHCPv6 server configuration information on all interfaces.
Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays conflict information for the specified IPv6 address. If no IPv6 address is specified, this command displays information about all IPv6 address conflicts. Usage guidelines The DHCPv6 server creates IP address conflict information in the following conditions: • The DHCPv6 client sends a DECLINE packet to the DHCPv6 server to inform the server of an IPv6 address conflict.
pool pool-name: Displays lease expiration information for the address pool specified by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines If no parameter is specified, the command displays lease expiration information for all IPv6 address pools. DHCPv6 assigns the expired IPv6 addresses to DHCPv6 clients when all available addresses have been assigned. Examples # Display all lease expiration information.
Examples # Display binding information for all assigned IPv6 address. display ipv6 dhcp server ip-in-use Pool: 1 IPv6 address Type Lease expiration 2:1::1 Auto(O) Jul 10 19:45:01 2008 Pool: 2 IPv6 address Type Lease expiration 1:1::2 Static(F) Not available Pool: 3 IPv6 address Type 1:2::1f1 Static(O) Oct Lease expiration 9 09:23:31 2008 # Display binding information for all assigned IPv6 addresses for the specified DHCPv6 address pool.
Field Description Client IPv6 address of the DHCPv6 client. For an unassigned static binding, this field is blank. DUID Client DUID. IAID Client IAID. For an unassigned static binding without IAID specified, this field displays N/A. Preferred lifetime Preferred lifetime in seconds of the IPv6 address. valid lifetime Valid lifetime in seconds of the IPv6 address. Expires at Time when the lease of an IPv6 address will expire.
1:2::/64 Static(O) Oct 9 09:23:31 2008 # Display IPv6 prefix binding information for DHCPv6 address pool 1. display ipv6 dhcp server pd-in-use pool 1 Pool: 1 IPv6 prefix Type Lease expiration 2:1::/24 Auto(O) Jul 10 22:22:22 2008 3:1::/64 Static(C) Jan 1 11:11:11 2008 # Display binding information for the IPv6 prefix 2:1::3/24.
Related commands reset ipv6 dhcp server pd-in-use display ipv6 dhcp server statistics Use display ipv6 dhcp server statistics to display DHCPv6 packet statistics on the DHCPv6 server. Syntax display ipv6 dhcp server statistics [ pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters.
Table 54 Command output Field Description Number of bindings: Bindings Conflict • Ip-in-use—Total number of address bindings. • Pd-in-use—Total number of prefix bindings. • Expired—Total number of expired address bindings. Total number of conflicted addresses. If statistics about a specific address pool are displayed, this field is not displayed. Number of messages received by the DHCPv6 server. The message types include: Packets received • • • • • • • • • Solicit. Request. Confirm. Renew. Rebind.
Views DHCPv6 address pool view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of a DNS server. Usage guidelines You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1.
[Sysname-dhcp6-pool-1] domain-name aaa.com Related commands display ipv6 dhcp pool ipv6 dhcp pool Use ipv6 dhcp pool to create a DHCPv6 address pool and enter its view. If the pool has been created, you directly enter its view. Use undo ipv6 dhcp pool to remove the specified DHCPv6 address pool. Syntax ipv6 dhcp pool pool-name undo ipv6 dhcp pool pool-name Default No DHCPv6 address pool is configured.
Syntax ipv6 dhcp prefix-pool prefix-pool-number prefix prefix/prefix-len assign-len assign-len undo ipv6 prefix-pool prefix-pool-number Default No prefix pool is configured. Views System view Predefined user roles network-admin Parameters prefix-pool-number: Specifies a prefix pool number in the range of 1 to 128. prefix prefix/prefix-len: Specifies a prefix/prefix length for the pool. The value range for the prefix-len argument is 1 to 128.
Default The server does not support desired address/prefix assignment or rapid address/prefix assignment. The server preference is set to 0. Views Interface view Predefined user roles network-admin Parameters allow-hint: Enables desired address/prefix assignment. preference preference-value: Specifies the server preference in Advertise messages, in the range of 0 to 255. The default value is 0. A greater value specifies a higher preference.
Views Interface view Predefined user roles network-admin Parameters pool-name: Specifies a DHCPv6 address pool by its name, a case-insensitive string of 1 to 63 characters. allow-hint: Enables desired address/prefix assignment. preference preference-value: Specifies the server preference in Advertise messages, in the range of 0 to 255. The default value is 0. A greater value specifies a higher preference. rapid-commit: Enables rapid address/prefix assignment involving two messages.
Default Except for the DHCPv6 server address, all IPv6 addresses in a DHCPv6 address pool are assignable. Views System view Predefined user roles network-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address, which cannot be lower than start-ipv6-address. If no end IPv6 address is specified, only the start IPv6 address is excluded from dynamic allocation.
Predefined user roles network-admin Parameters start-prefix/prefix-len: Specifies the start IPv6 prefix. The prefix-len argument specifies the prefix length, ranging from 1 to 128. end-prefix/prefix-len: Specifies the end IPv6 prefix. The prefix-len argument specifies the prefix length, ranging from 1 to 128. The value for end-prefix cannot be lower than that for start-prefix. If this argument is not specified, only the start-prefix/prefix-len is excluded from dynamic allocation.
preferred-lifetime preferred-lifetime: Specifies the preferred lifetime. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days). valid-lifetime valid-lifetime: Specifies the valid lifetime. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days). The valid lifetime must be longer than or equal to the preferred lifetime. Usage guidelines You can specify only one subnet for a DHCPv6 address pool.
Usage guidelines The DHCPv6 server fills the self-defined option with the specified hex string and sends it in a response to the client. If you use the option command multiple times with the same code specified, the most recent configuration takes effect. You can self-define options for the following purposes: • Add newly released options. • Add options for which the vendor defines the contents, Option 43 for example.
Predefined user roles network-admin Parameters prefix-pool-number: Specifies a prefix pool by its number in the range of 1 to 128. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime in the range of 60 to 4294967295 seconds. The default value is 604800 seconds (7 days). valid-lifetime valid-lifetime: Specifies the valid lifetime in the range of 60 to 4294967295 seconds. The default value is 2592000 seconds (30 days).
Usage guidelines Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts. After the conflicts are resolved, you can use the reset ipv6 dhcp server conflict command to clear conflict information so that the conflicted addresses can be assigned to clients. Examples # Clear all IPv6 address conflict information.
Predefined user roles network-admin Parameters address ipv6-address: Clears binding information for the assigned IPv6 address. pool pool-name: Clears binding information for assigned IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. Usage guidelines Using this command without any parameter clears binding information for all IPv6 addresses.
reset ipv6 dhcp server pd-in-use # Clears binding information for assigned IPv6 prefixes in DHCPv6 address pool 1. reset ipv6 dhcp server pd-in-use pool 1 # Clears binding information for the assigned IPv6 prefix 2001:0:0:1::/64. reset ipv6 dhcp server pd-in-use prefix 2001:0:0:1::/64 Related commands display ipv6 dhcp server pd-in-use reset ipv6 dhcp server statistics Use reset ipv6 dhcp server statistics to clear DHCPv6 server statistics.
Usage guidelines You can specify up to eight SIP server addresses and eight SIP server domain names in an address pool. A SIP server that is specified earlier has a higher preference. Examples # Specify the SIP server address 2:2::4 in DHCPv6 address pool 1. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] sip-server address 2:2::4 # Specify the SIP server domain name bbb.com in DHCPv6 address pool 1. [Sysname-dhcp6-pool-1] sip-server domain-name bbb.
Usage guidelines You can specify multiple static bindings in a DHCPv6 address pool. An IPv6 address or prefix can be bound to only one DHCPv6 client. You cannot modify bindings that have been created. To change the binding for a DHCPv6 client, you must delete the existing binding first. Examples # In address pool 1, bind IPv6 address 2001:0410::/35 to the client DUID 0003000100e0fc005552 and IAID A1A1A1A1.
valid-lifetime valid-lifetime: Specifies the valid lifetime. The value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days). The valid lifetime cannot be shorter than the preferred lifetime. Usage guidelines If you do not execute the temporary address range command, the DHCPv6 server does not support temporary address assignment. You can configure only one temporary IPv6 address range in an address pool.
DHCPv6 relay agent commands display ipv6 dhcp relay server-address Use display ipv6 dhcp relay server-address to display DHCPv6 server addresses specified on the DHCPv6 relay agent. Syntax display ipv6 dhcp relay server-address [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number.
Table 55 Command output Field Description Interface Interface enabled with DHCPv6 relay agent. Server address DHCPv6 server address specified on the DHCP relay agent. Outgoing Interface Output interface of DHCPv6 packets. If no output interface is specified, the device searches the routing table for the output interface.
Packets sent : 14 Advertise : 0 Reconfigure : 0 Reply : 7 Relay-forward : 7 Relay-reply : 0 # Display DHCPv6 packet statistics on the DHCPv6 relay agent on VLAN-interface 2.
Field Description Reconfigure Number of sent reconfigure packets. Reply Number of sent reply packets. Relay-forward Number of sent Relay-forward packets. Relay-reply Number of sent Relay-reply packets. Related commands reset ipv6 dhcp relay statistics ipv6 dhcp relay server-address Use ipv6 dhcp relay server-address to specify a DHCPv6 server on the DHCPv6 relay agent. Use undo ipv6 dhcp relay server-address to remove DHCPv6 server addresses.
Do not enable the DHCPv6 client and the DHCPv6 relay agent on the same interface. Examples # Enable the DHCPv6 relay agent on VLAN-interface 2 and specify the DHCPv6 server address 2001:1::3.
Tunneling commands default Use default to restore the default settings for the tunnel interface. Syntax default Views Tunnel interface view Predefined user roles network-admin Usage guidelines The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it in a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
Views Tunnel interface view Predefined user roles network-admin Parameters text: Specifies a description for the interface, a string of 1 to 80 case-sensitive characters. Usage guidelines Configure descriptions for different interfaces for identification and management purpose. This command configures an interface description and has no any other function. You can use the display interface command to view the configured interface description.
Usage guidelines For a manual tunnel interface, you must configure the destination address. For an automatic tunnel interface, you do not need to configure the destination address. The tunnel destination address must be the address of the receiving interface on the tunnel peer. It is used as the destination address of tunneled packets. The destination address of the local tunnel interface must be the source address of the peer tunnel interface, and vice versa.
Parameters number: Specifies a tunnel interface ID. brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information. description: Displays the entire user configured interface description. Without this keyword, the command can display the first 27 characters if the description string contains more than 27 characters.
Field Description Link layer state of the tunnel interface: Line protocol current state • DOWN—The protocol state of the interface is down. • UP—The protocol state of the interface is up. Description Description of the tunnel interface. Maximum Transmit Unit MTU of the tunnel interface. IP address of the tunnel interface. If no IP address is assigned to the interface, this field displays Internet protocol processing : disabled, and the tunnel interface cannot process packets.
Protocol: (s) - spoofing Interface Tun1 Link Protocol Main IP UP UP Description 1.1.1.1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Table 58 Command output Field Description The brief information of interface(s) under route mode Brief information about Layer 3 interfaces. Link status: Link: ADM - administratively down; Stby - standby • ADM—The interface has been administratively shut down. To recover its physical state, perform the undo shutdown command.
Default No tunnel interface is created on the device. Views System view Predefined user roles network-admin Parameters number: Specifies a tunnel interface ID in the range of 0 to 126. mode gre: Specifies GRE over IPv4 tunnel mode. mode gre ipv6: Specifies GRE over IPv6 tunnel mode. mode ipv4-ipv4: Specifies IPv4 over IPv4 tunnel mode. mode ipv6: Specifies IPv6 tunnel mode. Set this mode for IPv4 over IPv6 and IPv6 over IPv6 tunnels. mode ipv6-ipv4: Specifies IPv6 over IPv4 manual tunnel mode.
Syntax mtu mtu-size undo mtu Default The MTU is 64000 bytes. Views Tunnel interface view Predefined user roles network-admin Parameters mtu-size: Specifies the MTU for IPv4 packets, in the range of 100 to 64000 bytes. Usage guidelines Set an appropriate MTU to avoid fragmentation. The MTU for the tunnel interface applies to only unicast packets. An MTU set on any tunnel interface is effective on all existing tunnel interfaces.
If both the tunnel keyword and the number argument are specified, this command clears the statistics for the specified tunnel interface. Examples # Clear the statistics for the interface Tunnel 1. reset counters interface tunnel 3 Related commands display interface tunnel shutdown Use shutdown to shut down a tunnel interface. Use undo shutdown to bring up a tunnel interface. Syntax shutdown undo shutdown Default After a tunnel is created, the tunnel interface is enabled.
Syntax source { ip-address | ipv6-address | interface-type interface-number } undo source Default No source address or source interface is specified for the tunnel interface. Views Tunnel interface view Predefined user roles network-admin Parameters ip-address: Specifies the tunnel source IPv4 address. ipv6-address: Specifies the tunnel source IPv6 address. interface-type interface-number: Specifies the source interface. The interface must be up and must have an IP address.
tunnel bandwidth Use tunnel bandwidth to set the bandwidth of a tunnel interface. Use undo tunnel bandwidth to restore the default. Syntax tunnel bandwidth bandwidth-value undo tunnel bandwidth Default The bandwidth of a tunnel interface is 64 kbps. Views Tunnel interface view Predefined user roles network-admin Parameters bandwidth-value: Specifies the bandwidth value of the tunnel interface in kbps, in the range of 1 to 10000000.
Default The DF bit is not set for tunneled packets. Views Tunnel interface view Predefined user roles network-admin Usage guidelines To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure that the path MTU is larger than tunneled packets. Otherwise, do not set the DF bit to avoid discarding tunneled packets larger than the path MTU. This command is not supported on a GRE over IPv6 tunnel interface and an IPv6 tunnel interface.
Examples # Enable dropping of IPv6 packets using IPv4-compatible IPv6 addresses. system-view [Sysname] tunnel discard ipv4-compatible-packet tunnel tos Use tunnel tos to set the Type of Service (ToS) of tunneled packets. Use undo tunnel tos to restore the default. Syntax tunnel tos tos-value undo tunnel tos Default The ToS of tunneled packets is the same as the ToS of the original packets.
undo tunnel ttl Default The TTL of tunneled packets is 255. Views Tunnel interface view Predefined user roles network-admin Parameters ttl-value: Specifies the TTL of tunneled packets, in the range of 1 to 255. Usage guidelines The TTL determines the maximum number of hops that the tunneled packets can pass. When the TTL expires, the tunneled packet is discarded to avoid loops. Examples # Set the TTL of tunneled packets to 100 on the interface Tunnel 1.
GRE commands keepalive Use keepalive to enable the GRE keepalive function and set the keepalive interval and the keepalive number. Use undo keepalive to disable the keepalive function. Syntax keepalive [ interval [ times ] ] undo keepalive Default The GRE keepalive function is disabled. Views Tunnel interface view Predefined user roles network-admin Parameters interval: Specifies the keepalive interval in the range of 1 to 32767 seconds. The default value is 10.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
• HP manuals http://www.hp.com/support/manuals • HP download drivers and software http://www.hp.com/support/downloads • HP software depot http://www.software.hp.com • HP Education http://www.hp.com/learn Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values.
Convention Description An alert that provides helpful information. TIP Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch.
Index ABCDEFGIKLMNOPRSTUVW dhcp relay information circuit-id,66 A dhcp relay information enable,67 address range,29 dhcp relay information remote-id,68 address range,214 dhcp relay information strategy,69 arp check enable,1 dhcp relay release ip,70 arp max-learning-num,1 dhcp relay server-address,71 arp multiport,2 dhcp select,27 arp send-gratuitous-arp,11 dhcp server always-broadcast,33 arp send-gratuitous-arp interval,11 dhcp server apply ip-pool,33 arp snooping enable,17 dhcp server boo
display arp timer aging,8 display ipv6 dhcp server pd-in-use,222 display arp vpn-instance,8 display ipv6 dhcp server statistics,224 display bootp client,99 display ipv6 dns server,104 display ddns policy,116 display ipv6 fib,159 display dhcp client,79 display ipv6 icmp statistics,160 display dhcp relay client-information,71 display ipv6 interface,161 display dhcp relay information,73 display ipv6 interface prefix,166 display dhcp relay server-address,74 display ipv6 neighbors,167 display dhc
domain-name,226 ipv6 dhcp server forbidden-address,230 E ipv6 dhcp server forbidden-prefix,231 ipv6 dns server,111 expired,48 ipv6 dns spoofing,112 F ipv6 hop-limit,191 forbidden-ip,49 ipv6 hoplimit-expires enable,192 G ipv6 host,113 ipv6 icmpv6 multicast-echo-reply enable,192 gateway-list,50 ipv6 nd autoconfig managed-address-flag,193 gratuitous-arp-learning enable,12 ipv6 nd autoconfig other-flag,194 gratuitous-arp-sending enable,13 ipv6 nd dad attempts,194 I ipv6 nd ns retrans-timer,19
netbios-type,53 reset udp-helper statistics,156 network,54 S network,232 shutdown,255 next-server,55 sip-server,238 O source,255 option,56 ssl client policy,121 option,233 static-bind,59 P static-bind,239 Subscription service,262 password,120 prefix-pool,234 T proxy-arp enable,16 tcp mss,150 R tcp path-mtu-discovery,151 tcp syn-cookie enable,152 reset arp,9 tcp timer fin-timeout,152 reset arp snooping,18 tcp timer syn-timeout,153 reset counters interface,254 tcp window,154 reset
