HP FlexFabric 7900 Switch Series Layer 3 - IP Services Command Reference Part number: 5998-4292 Software version: Release 2109 Document version: 6W100-20140122
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ARP commands····························································································································································· 1 arp check enable ······················································································································································ 1 arp check log enable ············································································································································
display dhcp relay statistics ································································································································· 39 reset dhcp relay client-information······················································································································· 40 reset dhcp relay statistics ······································································································································ 40 DHCP client commands ····
display tcp statistics ··············································································································································· 83 display tcp verbose ··············································································································································· 85 display udp ···························································································································································· 88 dis
ARP commands The switch has one built-in MPU. The slot number of this MPU is fixed at 0. Unless otherwise stated, the term "card" in this document refers to both the MPU and LPUs. arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled.
undo arp check log enable Default ARP log output is disabled. Views System view Predefined user roles network-admin Usage guidelines The device can generate a large amount of ARP logs. To conserve system resources, enable the device to output ARP logs only when you are troubleshooting or debugging ARP events. Examples # Enable ARP log output.
Examples # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries. system-view [Sysname] interface vlan-interface 40 [Sysname-Vlan-interface40] arp max-learning-num 500 # Specify FortyGigE 1/0/1 to learn up to 1000 dynamic ARP entries. system-view [Sysname] interface fortygige 1/0/1 [Sysname-FortyGigE1/0/1] arp max-learning-num 1000 # Specify Layer 2 aggregate interface bridge-aggregation 1 to learn up to 1000 dynamic ARP entries.
Usage guidelines A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that a device can learn. When the maximum number is reached, the device stops learning ARP entries. When the number argument is set to 0, the device is disabled from learning dynamic ARP entries. Examples # Set the card in slot 1 to learn up to 64 dynamic ARP entries.
Default No multiport ARP entries are configured. Views System view Predefined user roles network-admin Parameters ip-address: Specifies an IP address for the multiport ARP entry. mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H. vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094. Usage guidelines The specified VLAN must already exist.
Predefined user roles network-admin Parameters ip-address: Specifies the IP address in an ARP entry. mac-address: Specifies the MAC address in an ARP entry, in the format H-H-H. vlan-id: Specifies the ID of a VLAN to which a static ARP entry belongs. The value range is from 1 to 4094. The VLAN must already exist. interface-type interface-number: Specifies the interface type and interface number. Usage guidelines A static ARP entry is manually configured and maintained.
Default The aging timer for dynamic ARP entries is 20 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes. Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated.
multiport: Displays multiport ARP entries. static: Displays static ARP entries. slot slot-number: Displays the ARP entries for the card specified by the slot number. (In standalone mode.) chassis chassis-number slot slot-number: Displays the ARP entries for a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.) vlan vlan-id: Displays the ARP entries for the specified VLAN.
Table 1 Command output Field Description IP Address IP address in an ARP entry. MAC Address MAC address in an ARP entry. VLAN ID of the VLAN to which the ARP entry belongs. Interface Output interface in an ARP entry. Aging Aging time for a dynamic ARP entry in minutes. N/A means unknown aging time or no aging time. ARP entry type: Type Total number of entries • • • • • D—Dynamic. S—Static. O—OpenFlow. M—Multiport. I—Invalid. Number of ARP entries.
verbose: Displays the detailed information about the specified ARP entry. Usage guidelines This command displays the ARP entry for a specific IP address, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer. Examples # Display the ARP entry for the IP address 20.1.1.1. display arp 20.1.1.1 Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid IP address MAC address VLAN Interface Aging Type 20.1.1.
reset arp { all | chassis chassis-number slot slot-number | dynamic | interface interface-type interface-number | multiport | static } Views User view Predefined user roles network-admin Parameters all: Clears all ARP entries. dynamic: Clears all dynamic ARP entries. multiport: Clears all multiport ARP entries. static: Clears all static ARP entries. slot slot-number: Clears the ARP entries for the card specified by the slot number. (In standalone mode.
Gratuitous ARP commands arp ip-conflict log prompt Use arp ip-conflict log prompt to enable IP conflict notification without conflict confirmation. Use undo arp ip-conflict log prompt to restore the default. Syntax arp ip-conflict log prompt undo arp ip-conflict log prompt Default The IP conflict notification is disabled. The receiving device sends a gratuitous ARP request, and it displays an error message after it receives an ARP reply about the conflict.
Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds. Usage guidelines This function takes effect only when the enabled interface is up and an IP address has been assigned to the interface. This function can send gratuitous ARP requests only for a VRRP virtual IP address, or the sending interface's primary IP address or manually configured secondary IP address.
Examples # Enable learning of gratuitous ARP packets. system-view [Sysname] gratuitous-arp-learning enable gratuitous-arp-sending enable Use gratuitous-arp-sending enable to enable sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet. Use undo gratuitous-arp-sending enable to restore the default.
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays the local proxy ARP status for the specified interface. Usage guidelines The local ARP proxy status can be enabled or disabled.
Parameters interface interface-type interface-number: Displays the proxy ARP status for the specified interface. Usage guidelines The proxy ARP status can be enabled or disabled. If an interface is specified, this command displays proxy ARP status for the specified interface. If no interface is specified, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status on VLAN-interface 1.
Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on VLAN-interface 2. system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable # Enable local proxy ARP on VLAN-interface 2 for a specific IP address range. system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.
Related commands display proxy-arp 18
IP addressing commands The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified. The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 2 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command.
Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Description Total number of ICMP packets received on the interface (statistics start at the device startup): • • • • • • • • • • • • • • • • Echo reply packets. Unreachable packets. Source quench packets.
If you do not specify the interface type and interface number, this command displays the brief IP configuration information for all Layer 3 interfaces. If you specify only the interface type, this command displays the brief IP configuration information for all Layer 3 interfaces of the specified type. If you specify both the interface type and interface number, this command displays the brief IP configuration information for the specified interface.
Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ] Default No IP address is assigned to an interface. Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of the interface, in dotted decimal notation. mask-length: Specifies the subnet mask length in the range of 1 to 31.
DHCP commands The switch has one built-in MPU. The slot number of this MPU is fixed at 0. Unless otherwise stated, the term "card" in this document refers to both the MPU and LPUs. DHCP relay agent commands The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
Syntax dhcp enable undo dhcp enable Default DHCP is disabled. Views System view Predefined user roles network-admin Usage guidelines Enable DHCP before you perform DHCP relay agent configuration. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.
Examples # Enable MAC address check on the relay agent. system-view [Sysname] interface vlan-interface 10 [Sysname-Vlan-interface10] dhcp relay check mac-address Related commands dhcp select relay dhcp relay check mac-address aging time Use dhcp relay check mac-address aging time to configure the aging time for MAC address check entries on the DHCP relay agent. Use undo dhcp relay check mac-address aging time to restore the default.
Default The DHCP relay agent does not record client information in relay entries. Views System view Predefined user roles network-admin Usage guidelines Disabling recording of client information deletes all recorded relay entries. Client information is recorded only when the DHCP relay agent is configured on the gateway of DHCP clients. Examples # Enable recording of relay entries on the relay agent.
Examples # Set the refresh interval to 100 seconds. system-view [Sysname] dhcp relay client-information refresh interval 100 Related commands • dhcp relay client-information record • dhcp relay client-information refresh enable dhcp relay client-information refresh enable Use dhcp relay client-information refresh enable to enable the relay agent to periodically refresh dynamic relay entries.
Related commands • dhcp relay client-information record • dhcp relay client-information refresh • reset dhcp relay client-information dhcp relay information circuit-id Use dhcp relay information circuit-id to configure the padding content and padding format for the circuit ID sub-option of Option 82. Use undo dhcp relay information circuit-id to restore the default.
Usage guidelines If you use this command multiple times, the most recent configuration takes effect. The padding format for the user-defined string, the normal mode, or the verbose modes varies with the command configuration. Table 4 shows how the padding format is determined for different modes.
Views Interface view Predefined user roles network-admin Usage guidelines This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id and dhcp relay information remote-id commands.
format: Specifies the code type for the remote ID sub-option. The default code type is hex. ascii: Specifies the ASCII code type. hex: Specifies the Hex code type. string remote-id: Specifies a case-sensitive string of 1 to 63 characters as the content of the remote ID sub-option. sysname: Uses the device name as the content of the remote ID sub-option. You can set the device name by using the sysname command.
replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only on DHCP requests that contain Option 82. When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP. Examples # Specify the handling strategy for Option 82 as keep.
Syntax dhcp relay server-address ip-address undo dhcp relay server-address [ ip-address ] Default No DHCP server is specified on the relay agent. Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP packets received from DHCP clients to this DHCP server.
Views Interface view Predefined user roles network-admin Examples # Enable the DHCP relay agent on VLAN-interface 2. system-view [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] dhcp select relay display dhcp relay check mac-address Use display dhcp relay check mac-address to display MAC address check entries on the relay agent.
Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. ip ip-address: Displays the relay entry for the specified IP address. Usage guidelines The DHCP relay agent records relay entries only when the dhcp relay client-information record command has been issued. Without any parameter, the display dhcp relay client-information command shows all relay entries on the relay agent.
display dhcp relay information Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent. Syntax display dhcp relay information [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays Option 82 configuration information for the specified interface.
Field Description Strategy Handling strategy for request messages containing Option 82, Drop, Keep, or Replace. Circuit ID Pattern Padding content mode of the circuit ID sub-option, Verbose, Normal, or User Defined. Remote ID Pattern Padding content mode of the remote ID sub-option, Sysname, Normal, or User Defined. Circuit ID format-type Padding format of the circuit ID sub-option, ASCII, Hex, or Undefined.
Related commands dhcp relay server-address display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent. Syntax display dhcp relay statistics [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays DHCP packet statistics on the specified interface.
BOOTPREPLY: DHCP packets sent to servers: 0 0 DHCPDISCOVER: 0 DHCPREQUEST: 0 DHCPINFORM: 0 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets sent to clients: 0 DHCPOFFER: 0 DHCPACK: 0 DHCPNAK: 0 BOOTPREPLY: 0 Related commands reset dhcp relay statistics reset dhcp relay client-information Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.
Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Clears DHCP relay agent statistics on the specified interface. If you do not specify any interface, this command clears all DHCP relay agent statistics. Examples # Clear all DHCP relay agent statistics. reset dhcp relay statistics Related commands display dhcp relay statistics DHCP client commands dhcp client dad enable Use dhcp client dad enable to enable duplicate address detection.
dhcp client dscp Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client. Use undo dhcp client dscp to restore the default. Syntax dhcp client dscp dscp-value undo dhcp client dscp Default The DSCP value in DHCP packets is 56. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Parameters ascii string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID. hex string: Specifies a hex string of 4 to 64 characters as the client ID. mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID. The interface-type interface-number argument specifies an interface by its type and number. Usage guidelines A DHCP client ID is added to the DHCP option 61.
# Display verbose DHCP client information. display dhcp client verbose Vlan-interface10 DHCP client information: Current state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from May 21 19:00:29 2012 to May 31 19:00:29 2012 DHCP server: 40.1.1.2 Transaction ID: 0x1c09322d Default router: 40.1.1.2 Classless static routes: Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.
Field Description Transaction ID Transaction ID, a random number chosen by the client to identify an IP address allocation. Default router Gateway address assigned to the client. Classless static routes Classless static routes assigned to the client. Static routes Classful static routes assigned to the client. DNS servers DNS server address assigned to the client. Domain name Domain name suffix assigned to the client.
Usage guidelines When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. Examples # Configure VLAN-interface 10 to use DHCP for IP address acquisition.
Usage guidelines For security purposes, all passwords, including passwords configured in plaintext, are saved in ciphertext. This command enables the device to immediately save DHCP snooping entries to the specified database file. If the file does not exist, the device automatically creates the file. The device does not update the file for a specific amount of time after a DHCP snooping entry changes. The default period is 300 seconds.
Default The waiting period is 300 seconds. Views System view Predefined user roles network-admin Parameters seconds: Sets the waiting period in seconds, in the range of 60 to 864000. Usage guidelines When a DHCP snooping entry is learned or removed, the device does not update the database file until after the specified waiting period. All changed entries during that period will be updated. If no file has been specified, this command does not take effect.
dhcp snooping binding record Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries. Use undo dhcp snooping binding record to disable the function. Syntax dhcp snooping binding record undo dhcp snooping binding record Default DHCP snooping does not record client information.
considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request. Examples # Enable MAC address check for DHCP snooping. system-view [Sysname] interface FortyGigE 1/0/1 [Sysname-FortyGigE1/0/1] dhcp snooping check mac-address dhcp snooping check request-message Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP snooping.
Syntax dhcp snooping enable undo dhcp snooping enable Default DHCP snooping is disabled. Views System view Predefined user roles network-admin Usage guidelines Use the DHCP snooping function together with trusted port configuration. Before trusted ports are configured, all ports on the DHCP snooping device are untrusted and the device discards all responses sent from DHCP servers. When DHCP snooping is disabled, the device forwards all responses from DHCP servers. Examples # Enable DHCP snooping.
normal: Specifies the normal padding format. The padding content includes the VLAN ID and interface number. verbose: Specifies the verbose padding format. node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier. The padding content includes the node identifier, Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, interface number, and VLAN ID. The node identifier varies with the keyword mac, sysname, and user-defined.
system-view [Sysname] interface FortyGigE 1/0/1 [Sysname-FortyGigE1/0/1] dhcp snooping information enable [Sysname-FortyGigE1/0/1] dhcp snooping information strategy replace [Sysname-FortyGigE1/0/1] dhcp snooping information circuit-id verbose node-identifier sysname format ascii Related commands • dhcp snooping information enable • dhcp snooping information strategy • display dhcp snooping information dhcp snooping information enable Use dhcp snooping information enable to enable DHCP snoo
dhcp snooping information remote-id Use dhcp snooping information remote-id to configure the padding content and code type for the remote ID sub-option. Use undo dhcp snooping information remote-id to restore the default. Syntax dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string remote-id | sysname } } undo dhcp snooping information remote-id [ vlan vlan-id ] Default The padding format is normal and the code type is hex.
• dhcp snooping information strategy • display dhcp snooping information dhcp snooping information strategy Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages. Use undo dhcp snooping information strategy to restore the default. Syntax dhcp snooping information strategy { drop | keep | replace } undo dhcp snooping information strategy Default The handling strategy for Option 82 in request messages is replace.
Syntax dhcp snooping max-learning-num number undo dhcp snooping max-learning-num Default The maximum number of DHCP snooping entries for an interface to learn is unlimited. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Predefined user roles network-admin Parameters number: Specifies the maximum number of DHCP snooping entries that an interface can learn. The value range is 1 to 4294967295.
If you configure this command on a Layer 2 Ethernet interface that is a member port of a Layer 2 aggregate interface, the Layer 2 Ethernet interface uses the DHCP packet maximum rate configured on the Layer 2 aggregate interface. If the Layer 2 Ethernet interface leaves the aggregation group, it uses its own DHCP packet maximum rate. Examples # Set the maximum rate at which the Layer 2 Ethernet interface FortyGigE 1/0/1 can receive DHCP packet to 64 Kbps.
Views Any view Predefined user roles network-admin network-operator Parameters ip ip-address: Displays the DHCP snooping entry for the specified IP address. vlan vlan-id: Specifies the VLAN ID where the IP address resides. Usage guidelines If you do not specify any parameters, the command displays all DHCP snooping entries. Examples # Display all DHCP snooping entries.
display dhcp snooping binding database Use display dhcp snooping binding database to display information about the database file that stores DHCP snooping entries. Syntax display dhcp snooping binding database Views Any view Predefined user roles network-admin network-operator Examples # Display information about the database file that stores DHCP snooping entries. display dhcp snooping binding database File name : Username : database.
Views Any view Predefined user roles network-admin network-operator Parameters all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces. interface interface-type interface-number: Specifies an interface by its type and number. Examples # Display Option 82 configuration on all interfaces.
Field Description VLAN Pads circuit ID sub-option and remote ID sub-option in the DHCP packets received in the specified VLAN. display dhcp snooping packet statistics Use display dhcp snooping packet statistics to display DHCP packet statistics for DHCP snooping.
Syntax display dhcp snooping trust Views Any view Predefined user roles network-admin network-operator Examples # Display information about trusted ports. display dhcp snooping trust DHCP snooping is enabled. DHCP snooping trust becomes active. Interface Trusted ========================= ============ FortyGigE1/0/1 Trusted Related commands dhcp snooping trust reset dhcp snooping binding Use reset dhcp snooping binding to clear DHCP snooping entries.
reset dhcp snooping packet statistics Use reset dhcp snooping packet statistics to clear DHCP packet statistics for DHCP snooping. Syntax In standalone mode: reset dhcp snooping packet statistics [ slot slot-number ] In IRF mode: reset dhcp snooping packet statistics [ chassis chassis-number slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by the slot number. (In standalone mode.
DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If this keyword is not specified, the command displays the statically configured and dynamically obtained domain name suffixes. Examples # Display domain name suffixes on the public network.
display dns host Use display dns host to display information about domain name-to-IP address mappings. Syntax display dns host [ ip ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. Usage guidelines If you do not specify the ip keyword, the command displays domain name-to-IP address mappings of all query types.
Related commands • ip host • reset dns host display dns server Use display dns server to display IPv4 DNS server information. Syntax display dns server [ dynamic ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays IPv4 DNS server information dynamically obtained through DHCP or other protocols. If this keyword is not specified, the command displays statically configured and dynamically obtained IPv4 DNS server addresses.
Use undo dns domain to delete the specified domain name suffix. Syntax dns domain domain-name undo dns domain domain-name Default No domain name suffix is configured. Only the provided domain name is resolved. Views System view Predefined user roles network-admin Parameters domain-name: Specifies a domain name suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.) (for example, aabbcc.com).
Parameters dscp-value: Sets the DSCP value for outgoing DNS packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value for outgoing DNS packets to 30. system-view [Sysname] dns dscp 30 dns server Use dns server to specify an IPv4 address of a DNS server.
Use undo dns source-interface to restore the default. Syntax dns source-interface interface-type interface-number undo dns source-interface interface-type interface-number Default No source interface for DNS packets is specified. The device uses the primary IP address of the output interface of the matching route as the source IP address for a DNS request. Views System view Predefined user roles network-admin Parameters interface-type interface-number: Specifies an interface by its type and number.
Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker might act as the DHCP server to assign wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address.
[Sysname] ip host aaa 10.110.0.1 Related commands display dns host reset dns host Use reset dns host to clear information about the dynamic DNS cache. Syntax reset dns host [ ip ] Views User view Predefined user roles network-admin Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. Usage guidelines Using the reset dns host command without the ip keyword clears dynamic DNS cache information about all query types.
Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters ip-address: Displays the FIB entry that matches the specified destination IP address. mask: Specifies the mask for the IP address. mask-length: Specifies the mask length for the IP address, the number of consecutive ones in the mask. The value range is 0 to 32.
10.153.78.2/32 10.153.78.2 UH M-GE0/0/0 Null # Display the FIB entries matching the destination IP address 10.2.1.1. display fib 10.2.1.1 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway R:Relay F:FRR H:Host B:Blackhole D:Dynamic S:Static Destination/Mask Nexthop Flag OutInterface/Token Label 10.2.1.1/32 127.0.0.1 UH InLoop0 Null Table 17 Command output Field Description Destination count Total number of destination addresses.
Load sharing commands The switch has one built-in MPU. The slot number of this MPU is fixed at 0. Unless otherwise stated, the term "card" in this document refers to both the MPU and LPUs. ip load-sharing mode per-flow Use ip load-sharing mode per-flow to configure per-flow load sharing. Use undo ip load-sharing mode per-flow to restore the default.
chassis chassis-number slot slot-number: Specifies a card in an IRF member device. The chassis-number argument represents the IRF member ID of the device. The slot-number argument represents the slot number of the card. (In IRF mode.) Examples # In standalone mode, configure per-flow load sharing on slot 2. system-view [Sysname] ip load-sharing mode per-flow slot 2 # In IRF mode, configure per-flow load sharing on slot 2 of chassis 1.
IP performance optimization commands The switch has one built-in MPU. The slot number of this MPU is fixed at 0. Unless otherwise stated, the term "card" in this document refers to both the MPU and LPUs. NOTE: The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
mask requests 0 mask replies 0 time exceeded 0 invalid type 0 router advert 0 router solicit 0 broadcast/multicast echo requests ignored 0 broadcast/multicast timestamp requests ignored 0 Output: echo 0 destination unreachable 0 source quench 0 redirects 0 echo replies 175 parameter problem 0 timestamp 0 information replies 0 mask requests 0 mask replies 0 time exceeded 0 bad address 0 packet error router advert 3 1442 display ip statistics Use display ip statistics to d
Fragment:input 0 output 0 dropped 0 fragmented 0 couldn't fragment 0 0 timeouts Reassembling:sum 0 Table 18 Command output Field Input Output Fragment Reassembling Description sum Total number of packets received. local Total number of packets destined for the device. bad protocol Total number of unknown protocol packets. bad format Total number of packets with incorrect format. bad checksum Total number of packets with incorrect checksum.
Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief RawIP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device.
Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed RawIP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16. slot slot-number: Displays detailed RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.
Field Description Options Socket options. Error Error code. Displays receive buffer information in the following order: Receiving buffer (cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states.
Field Description Flags in the Internet PCB: Inpcb flags • • • • • • • • • INP_RECVOPTS—Receives IP options. INP_RECVRETOPTS—Receives replied IP options. INP_RECVDSTADDR—Receives destination IP address. INP_HDRINCL—Provides the entire IP header. INP_REUSEADDR—Reuses the IP address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_RECVIF—Records the input interface of the packet. INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag.
Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief TCP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief TCP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card.
display tcp statistics [ chassis chassis-number slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays TCP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays TCP traffic statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device.
successfully build new socket: 12 bucket overflows: 0 zone failures: 0 syncache entries removed due to RST: 0 syncache entries removed due to timed out: 0 ACK checked by syncache or syncookie failures: 0 syncache entries aborted: 0 syncache entries removed due to bad ACK: 0 syncache entries removed due to ICMP unreachable: 0 SYN cookies sent: 0 SYN cookies received: 0 SACK related statistics: SACK recoveries: 1 SACK retransmitted segments: 0 (0 bytes) SACK blocks (options) received: 0 SACK blocks (options)
In IRF mode: display tcp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed TCP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16. slot slot-number: Displays detailed TCP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.
Field Description Chassis ID of the IRF member device. Slot Number of the slot that holds the card. Creator Name of the operation that created the socket. The number in brackets is the process number of the creator. State State of the socket. Options Socket options. Error Error code. Displays receive buffer information in the following order: Receiving buffer (cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space.
Field Description Flags in the Internet PCB: Inpcb flags • • • • • • • • • INP_RECVOPTS—Receives IP options. INP_RECVRETOPTS—Receives replied IP options. INP_RECVDSTADDR—Receives destination IP address. INP_HDRINCL—Provides the entire IP header. INP_REUSEADDR—Reuses the IP address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_RECVIF—Records the input interface of the packet. INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag.
Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays brief UDP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card.
network-operator Parameters slot slot-number: Displays UDP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays UDP traffic statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device and the slot-number argument specifies the slot number of the card. (In IRF mode.
slot slot-number: Displays detailed UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.) chassis chassis-number slot slot-number: Displays detailed UDP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.
Field Description Displays receive buffer information in the following order: Receiving buffer(cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states. Displays send buffer information in the following order: Sending buffer(cc/hiwat/lowat/state) • • • • cc—Used space.
Field Description Flags in the Internet PCB: Inpcb flags • • • • • • • • • INP_RECVOPTS—Receives IP options. INP_RECVRETOPTS—Receives replied IP options. INP_RECVDSTADDR—Receives destination IP address. INP_HDRINCL—Provides the entire IP header. INP_REUSEADDR—Reuses the IP address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_RECVIF—Records the input interface of the packet. INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag.
Views Interface view Predefined user roles network-admin Usage guidelines A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones. If an interface is allowed to forward directed broadcasts destined for the directly connected network, hackers can exploit this vulnerability to attack the target network.
Usage guidelines To avoid sending excessive ICMP error messages within a short period that might cause network congestion, you can use the command to limit the rate at which ICMP error messages are sent. A token bucket algorithm is used with one token representing one ICMP error message. Tokens are placed in the bucket at a specific interval until the maximum number of tokens that the bucket can hold is reached. Tokens are removed from the bucket when ICMP error messages are sent.
Default The device uses the IP address of the sending interface as the source IP address for outgoing ICMP packets. Views System view Predefined user roles network-admin Parameters ip-address: Specifies an IP address. Usage guidelines It is a good practice to specify the IP address of the loopback interface as the source IP address for outgoing ping echo request and ICMP error messages. This feature helps users to locate the sending device easily. Examples # Specify 1.1.1.
• There is no source route option in the received packet. Examples # Enable sending ICMP redirect messages. system-view [Sysname] ip redirects enable ip ttl-expires enable Use ip ttl-expires enable to enable sending ICMP time-exceeded messages. Use undo ip ttl-expires enable to disable sending ICMP time-exceeded messages. Syntax ip ttl-expires enable undo ip ttl-expires enable Default Sending ICMP time-exceeded messages is disabled.
Default Sending ICMP destination unreachable messages is disabled. Views System view Predefined user roles network-admin Usage guidelines A device sends ICMP destination unreachable messages by following these rules: • If a packet does not match any specific route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error message to the source.
chassis chassis-number slot slot-number: Clears IP traffic statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number specifies the slot number of the card. (In IRF mode.) Usage guidelines To collect new IP traffic statistics within a period of time, use this command to clear history IP traffic statistics first. Examples # Clear IP traffic statistics.
Related commands display udp statistics tcp mss Use tcp mss to configure the TCP maximum segment size (MSS). Use undo tcp mss to restore the default. Syntax tcp mss value undo tcp mss Default No TCP MSS is configured. Views Interface view Predefined user roles network-admin Parameters Value: Specifies the TCP MSS in the range of 128 to 2048 bytes.
undo tcp path-mtu-discovery Default TCP path MTU discovery is disabled. Views System view Predefined user roles network-admin Parameters aging age-time: Sets the aging time for the path MTU, in the range of 10 to 30 minutes. The default aging time is 10 minutes. no-aging: Does not age out the path MTU. Usage guidelines After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation.
2. The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state, and replies with a SYN ACK packet to the sender. 3. The sender receives the SYN ACK packet and replies with an ACK packet. Then, a TCP connection is established. An attacker can exploit this mechanism to mount SYN flood attacks. The attacker sends a large number of SYN packets, but they do not respond to the SYN ACK packets from the server.
tcp timer syn-timeout Use tcp timer syn-timeout to configure the TCP SYN wait timer. Use undo tcp timer syn-timeout to restore the default. Syntax tcp timer syn-timeout time-value undo tcp timer syn-timeout Default The TCP SYN wait timer is 75 seconds. Views System view Predefined user roles network-admin Parameters time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds. Usage guidelines TCP starts the SYN wait timer after sending a SYN packet.
Examples # Configure the size of the TCP receive/send buffer as 3 KB.
UDP helper commands The term "interface" in this chapter collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). display udp-helper interface Use display udp-helper interface to display information about packets forwarded by UDP helper on an interface.
reset udp-helper statistics Use reset udp-helper statistics to clear the statistics of UDP packets forwarded by UDP helper. Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the statistics of UDP packets forwarded by UDP helper. reset udp-helper statistics Related commands display udp-helper interface udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper.
Use undo udp-helper port to remove UDP port numbers. Syntax udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } Default No UDP port number is specified for UDP helper. Views System view Predefined user roles network-admin Parameters port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). dns: Specifies the UDP port 53 used by DNS packets.
Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a destination server, in dotted decimal notation. Usage guidelines Specify destination servers on an interface that receives UDP broadcast packets. You can specify up to 20 destination servers on an interface. If you do not specify the ip-address argument, the undo udp-helper server command removes all destination servers on the interface. Examples # Specify the destination server 192.1.1.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ADGILPRSTUW dhcp snooping information enable,53 A dhcp snooping information remote-id,54 arp check enable,1 dhcp snooping information strategy,55 arp check log enable,1 dhcp snooping max-learning-num,55 arp ip-conflict log prompt,12 dhcp snooping rate-limit,56 arp max-learning-num,2 dhcp snooping trust,57 arp max-learning-number,3 display arp,7 arp mode uni,4 display arp ip-address,9 arp multiport,4 display arp timer aging,10 arp send-gratuitous-arp,12 display dhcp client,43 arp sta
display udp-helper interface,105 R dns domain,66 reset arp,10 dns dscp,67 reset dhcp relay client-information,40 dns server,68 reset dhcp relay statistics,40 dns source-interface,68 reset dhcp snooping binding,62 dns trust-interface,69 reset dhcp snooping packet statistics,63 Documents,109 reset dns host,71 G reset ip statistics,98 gratuitous-arp-learning enable,13 reset tcp statistics,99 reset udp statistics,99 gratuitous-arp-sending enable,14 reset udp-helper statistics,106 I S ip ad
