HP HSR6800 Routers Layer 3 - IP Services Command Reference Part number: 5998-4506 Software version: HSR6800-CMW520-R3303P05 Document version: 6PW105-20140507
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ARP configuration commands ····································································································································· 1 arp check enable ······················································································································································ 1 arp max-learning-num ·············································································································································· 1 arp
display dhcp server forbidden-ip ························································································································· 36 display dhcp server ip-in-use ································································································································ 37 display dhcp server statistics ································································································································ 39 display dhcp server tree ····
reset dhcp relay statistics ······································································································································ 81 DHCP client configuration commands ······················································································································ 82 display dhcp client ················································································································································ 82 ip address dhcp-allo
inside ip ································································································································································ 128 nat address-group················································································································································ 128 nat dns-map ························································································································································· 129 n
udp-helper port ···················································································································································· 175 udp-helper server ················································································································································· 176 IPv6 basics configuration commands ···················································································································· 178 display ipv6 fib··
DHCPv6 configuration commands ························································································································· 224 DHCPv6 common configuration commands ············································································································· 224 display ipv6 dhcp duid ······································································································································· 224 DHCPv6 server configuration commands ·····
reset natpt statistics ·············································································································································· 268 AFT configuration commands ································································································································· 269 display aft address-group ··································································································································· 269 display aft addres
vam server enable ··············································································································································· 315 vam server ip-address ········································································································································· 316 vam server vpn ···················································································································································· 316 VAM client con
ARP configuration commands arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Default command level 2: System level Examples # Enable dynamic ARP entry check.
Parameters number: Maximum number of dynamic ARP entries that an interface can learn. The value range is 1 to 4096 and the default value is 1024. Usage guidelines When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries. Examples # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries.
Usage guidelines A static ARP entry is effective when the device works correctly. However, when the VLAN or VLAN interface to which an ARP entry corresponds is deleted, the entry, if short and resolved, becomes unresolved. Examples # Configure a static ARP entry, with IP address 202.38.10.2, MAC address 00e0-fc01-0000 and outbound interface GigabitEthernet 3/0/1 of VLAN 10. system-view [Sysname] arp static 202.38.10.
display arp [ [ all | dynamic | static ] [ slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] [ | { begin | exclude | include } regular-expression ] In IRF mode: display arp [ [ all | dynamic | static ] [ chassis chassis-number slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Display
193.1.1.70 00e0-fe50-6503 [No Vrf] 192.168.0.115 GE2/1/0 14 D GE2/1/1 18 D GE2/1/2 20 D data 000d-88f7-9f7d [No Vrf] 192.168.0.39 N/A N/A data 0012-a990-2241 [No Vrf] N/A [No MT] Table 1 Command output Field Description IP Address IP address in an ARP entry. MAC Address MAC address in an ARP entry. VLAN ID ID of the VLAN to which the ARP entry belongs. Interface Outbound interface in an ARP entry.
Default command level 1: Monitor level Parameters ip-address: Displays the ARP entry for the specified IP address. slot slot-number: Displays the specified ARP entry for the interface card specified by its slot number. (In standalone mode.) chassis chassis-number slot slot-number: Displays the specified ARP entry for a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Related commands • arp static • reset arp naturemask-arp enable Use naturemask-arp enable to enable natural mask support for ARP requests. Use undo naturemask-arp enable to restore the default. Syntax naturemask-arp enable undo naturemask-arp enable Default Natural mask support for ARP requests is disabled. Views System view Default command level 2: System level Examples # Enable natural mask support for ARP requests.
slot slot-number: Clears ARP entries for the interface card specified by its slot number. (In standalone mode.) chassis chassis-number slot slot-number: Clears ARP entries for a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.) interface interface-type interface-number: Clears the ARP entries for the interface specified by the argument interface-type interface-number.
Gratuitous ARP configuration commands arp send-gratuitous-arp Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets and set the sending interval on an interface. Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets. Syntax arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp Default An interface is disabled from sending gratuitous ARP packets periodically.
gratuitous-arp-learning enable Use gratuitous-arp-learning enable to enable the gratuitous ARP packet learning function. Use undo gratuitous-arp-learning enable to disable the function. Syntax gratuitous-arp-learning enable undo gratuitous-arp-learning enable Default The function is enabled.
Examples # Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet.
Proxy ARP configuration commands display proxy-arp Use display proxy-arp to display the proxy ARP status. Syntax display proxy-arp [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays the proxy ARP status of the interface specified by the argument interface-type interface-number. |: Filters command output by specifying a regular expression.
Syntax proxy-arp enable undo proxy-arp enable Default Proxy ARP is disabled. Views VLAN interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view Default command level 2: System level Examples # Enable proxy ARP on GigabitEthernet 3/0/1.
ARP snooping configuration commands NOTE: The ARP snooping commands are supported only when SAP modules operate in bridge mode. arp-snooping enable Use arp-snooping enable to enable ARP snooping. Use undo arp-snooping enable to disable ARP snooping. Syntax arp-snooping enable undo arp-snooping enable Default ARP snooping is disabled. Views VLAN view Default command level 2: System level Examples # Enable ARP snooping on VLAN 1.
vlan vlan-id: Displays ARP snooping entries for a specific VLAN. The vlan-id argument is in the range of 1 to 4094. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
IP addressing configuration commands display ip interface Use display ip interface to display IP configuration information for a specific Layer 3 interface or for all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number.
Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 3 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command.
Field Description TTL invalid packet number Number of TTL-invalid packets received on the interface (statistics start at device startup).
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If you do not specify the interface type or interface number, this command displays the brief IP configuration information for all Layer 3 interfaces. If you specify only the interface type, this command displays the brief IP configuration information for all Layer 3 interfaces of the specified type.
Related commands display ip interface ip address Use ip address to assign an IP address and mask to the interface. Use undo ip address to remove all IP addresses from the interface. Use undo ip address ip-address { mask | mask-length } to remove the primary IP address. Use undo ip address ip-address { mask | mask-length } sub to remove a secondary IP address.
ip address unnumbered Use ip address unnumbered to configure the current interface as IP unnumbered to borrow an IP address from another interface. Use undo ip address unnumbered to disable IP unnumbered on the interface. Syntax ip address unnumbered interface interface-type interface-number undo ip address unnumbered Default The interface does not borrow IP addresses from other interfaces.
DHCP server configuration commands bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey [ cipher | simple ] key undo bims-server Default No BIMS server information is specified.
bootfile-name Use bootfile-name to specify a bootfile name in a DHCP address pool. Use undo bootfile-name to remove the specified bootfile name. Syntax bootfile-name bootfile-name undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Default command level 2: System level Parameters bootfile-name: Boot file name, a string of 1 to 63 characters. Usage guidelines If you execute the bootfile-name command multiple times, the most recent configuration takes effect.
Default command level 2: System level Usage guidelines Enable DHCP before performing DHCP server or relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp server apply ip-pool Use dhcp server apply ip-pool to apply an address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration.
dhcp select server global-pool Use dhcp select server global-pool to enable the DHCP server on an interface. After the interface receives a DHCP request from a client, the DHCP server allocates an IP address from the address pool. Use undo dhcp select server global-pool to remove the configuration. Upon receiving a DHCP request from a client, the interface neither assigns an IP address to the client, nor serves as a DHCP relay agent to forward the request.
Syntax dhcp server client-detect enable undo dhcp server client-detect enable Default The function is disabled. Views Interface view Default command level 2: System level Usage guidelines With this feature enabled, the DHCP server considers that a DHCP client goes offline when the ARP entry for the client ages out. In addition, it removes the client entry and releases the IP address of the client. Examples # Enable client offline detection on the DHCP server.
dhcp server forbidden-ip Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation. Use undo dhcp server forbidden-ip to remove the configuration. Syntax dhcp server forbidden-ip low-ip-address [ high-ip-address ] undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] Default All IP addresses in a DHCP address pool are assignable except IP addresses of the DHCP server interfaces.
Use undo dhcp server ip-pool to remove the specified DHCP address pool. Syntax dhcp server ip-pool pool-name [ extended ] undo dhcp server ip-pool pool-name Default No DHCP address pool is created. Views System view Default command level 2: System level Parameters pool-name: Specifies the name for the global address pool, a string of 1 to 35 characters used to uniquely identify this pool. extended: Specifies the address pool as an extended address pool.
Parameters number: Specifies the maximum number of ping packets, in the range of 0 to 10. The value of 0 means that the DHCP server does not perform address conflict detection. Usage guidelines To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client. The DHCP server pings the IP address. If the server gets a response within the specified period, the server believes that the IP address is in use, selects and pings another IP address.
[Sysname] dhcp server ping timeout 1000 dhcp server relay information enable Use dhcp server relay information enable to enable the DHCP server to handle Option 82. Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82. Syntax dhcp server relay information enable undo dhcp server relay information enable Default The DHCP server handles Option 82. Views System view Default command level 2: System level Examples # Configure the DHCP server to ignore Option 82.
average-ip-use threshold-value: Enables the DHCP server to send trap messages to the network management server when the average IP address utilization of an address pool within 5 minutes reaches the threshold specified by the threshold-value argument. The threshold is a percentage value in the range of 1 to 100.
display dhcp server conflict Use display dhcp server conflict to display information about IP address conflicts. Syntax display dhcp server conflict { all | ip ip-address } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays information about all IP address conflicts. ip-address: Displays conflict information for the specified IP address.
Syntax display dhcp server expired { all | ip ip-address | pool [ pool-name ] } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays the lease expiration information for all DHCP address pools. ip ip-address: Displays the lease expiration information for the specified IP address. pool [ pool-name ]: Displays the lease expiration information for the specified address pool. The pool name is a string of 1 to 35 characters.
display dhcp server free-ip Use display dhcp server free-ip to display information about assignable IP addresses. Syntax display dhcp server free-ip [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Examples # Display IP addresses excluded from dynamic allocation in the DHCP address pool. display dhcp server forbidden-ip Global: IP Range from 1.1.0.2 to 1.1.0.3 IP Range from 1.1.1.2 to 1.1.1.3 Pool name: 2 1.1.1.5 1.1.1.6 Table 7 Command output Field Description Global Globally excluded IP addresses specified with the dhcp server forbidden-ip command in system view. No address pool can assign these IP addresses.
Usage guidelines In the command output, the lease duration of a used static binding is displayed as Unlimited instead of the actual lease duration. To view the actual lease duration, use the display this command in DHCP address pool view. Examples # Display the binding information for all DHCP address pools. display dhcp server ip-in-use all Pool utilization: 0.39% IP address Client-identifier/ Lease expiration Type Hardware address 10.1.1.1 10.1.1.
Related commands reset dhcp server ip-in-use display dhcp server statistics Use display dhcp server statistics to display the statistics of the DHCP server. Syntax display dhcp server statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Table 9 Command output Field Description Global Pool Statistics of a DHCP address pool. Pool Number Number of address pools. Auto Number of dynamic bindings. Manual Number of static bindings. Expire Number of expired bindings. DHCP packets received from clients: • • • • • • BOOTP Request DHCPDISCOVER. DHCPREQUEST. DHCPDECLINE. DHCPRELEASE. DHCPINFORM. BOOTPREQUEST. DHCP packets sent to clients: • • • • BOOTP Reply Bad Messages DHCPOFFER. DHCPACK. DHCPNAK. BOOTPREPLY.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display information for all DHCP address pools. display dhcp server tree all Global pool: Pool name: 0 network 20.1.1.0 mask 255.
Field Description Sibling node of the current node. Nodes of this kind in the output information can be: • Child node—The child node (subnet segment) address pool of the current node. • Parent node—The parent node (nature network segment) Sibling node address pool of the current node. • Sibling node—The latter sibling node of the current node (another subnet of the same nature network). The earlier the sibling node is configured, the higher order the sibling node has.
system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list 10.1.1.254 Related commands • dhcp server ip-pool • display dhcp server tree domain-name Use domain-name to specify a domain name in a DHCP address pool. Use undo domain-name to remove the specified domain name. Syntax domain-name domain-name undo domain-name Default No domain name suffix is specified.
Default The lease duration of a static address pool is unlimited, and the lease duration of a dynamic address pool is 1 day. Views DHCP address pool view Default command level 2: System level Parameters day day: Specifies the number of days, in the range of 0 to 365. hour hour: Specifies the number of hours, in the range of 0 to 23. minute minute: Specifies the number of minutes, in the range of 0 to 59. second second: Specifies the number of seconds, in the range of 0 to 59.
Default command level 2: System level Parameters ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces. all: Excludes all IP addresses from dynamic allocation. Usage guidelines Only the extended address pools support this command. IP addresses specified with the forbidden-ip command in DHCP address pool view are excluded from dynamic address allocation in the current extended address pool only.
Usage guidelines If you use the gateway-list command multiple times, the most recent configuration takes effect. Examples # Specify the gateway address 10.110.1.99 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] gateway-list 10.110.1.99 Related commands • dhcp server ip-pool • display dhcp server tree nbns-list Use nbns-list to specify WINS server addresses in a DHCP address pool. Use undo nbns-list to remove the specified WINS server addresses.
netbios-type Use netbios-type to specify the NetBIOS node type in a DHCP address pool. Use undo netbios-type to remove the specified NetBIOS node type. Syntax netbios-type { b-node | h-node | m-node | p-node } undo netbios-type Default No NetBIOS node type is specified. Views DHCP address pool view Default command level 2: System level Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server.
Default No subnet is specified. Views DHCP address pool view Default command level 2: System level Parameters network-address: Subnet for dynamic allocation. If no mask length and mask is specified, the natural mask is used. mask-length: Mask length in the range of 1 to 30. mask mask: Specifies the IP address network mask in dotted decimal format. Usage guidelines You can specify only one subnet for each common address pool.
Usage guidelines In a common address pool, you can use the network ip range command to further specify an IP address range on the subnet for address allocation. The specified IP address range must belong to the subnet. Otherwise, the common address pool cannot assign IP addresses. You can specify only one IP address range for each address pool. If you use the network ip range command multiple times, the most recent configuration takes effect. Examples # Specify addresses 10.1.1.1 through 10.1.1.
If you specify an IP address range for an extended address pool without an IP address mask, the extended address pool is not valid, and therefore the system cannot assign IP addresses from the extended address pool. Examples # Specify 255.255.255.0 as the IP address mask for dynamic allocation in extended address pool 0. system-view [Sysname] dhcp server ip-pool 0 extended [Sysname-dhcp-pool-0] network mask 255.255.255.
option Use option to configure a self-defined DHCP option in a DHCP address pool. Use undo option to remove a self-defined DHCP option from a DHCP address pool. Syntax option code { ascii ascii-string | hex hex-string&<1-16> | ip-address ip-address&<1-8> } undo option code Default The option command is not configured.
Views User view Default command level 2: System level Parameters all: Clears the conflict statistics of all IP addresses. ip ip-address: Clears the conflict statistics of a specific IP address. Examples # Clears the statistics of all IP address conflicts. reset dhcp server conflict all Related commands display dhcp server conflict reset dhcp server ip-in-use Use reset dhcp server ip-in-use to clear dynamic IP address binding information.
Views User view Default command level 1: Monitor level Examples # Clear the statistics of the DHCP server. reset dhcp server statistics Related commands display dhcp server statistics static-bind client-identifier Use static-bind client-identifier to specify the client ID of a static binding in a DHCP address pool. Use undo static-bind client-identifier to remove the client ID of a static binding from a DHCP address pool.
[Sysname-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0 [Sysname-dhcp-pool-0] static-bind client-identifier aaaa-bbbb Related commands • dhcp server ip-pool • static-bind ip-address • static-bind mac-address • display dhcp server tree • display dhcp client verbose static-bind ip-address Use static-bind ip-address to specify an IP address in a DHCP address pool for a static binding. Use undo static-bind ip-address to remove the statically bound IP address.
Related commands • dhcp server ip-pool • static-bind client-identifier • static-bind mac-address • display dhcp server tree static-bind mac-address Use static-bind mac-address to statically bind a MAC address to an IP address in a DHCP address pool. Use undo static-bind mac-address to remove the statically bound MAC address. Syntax static-bind mac-address mac-address undo static-bind mac-address Default No MAC address is statically bound.
tftp-server domain-name Use tftp-server domain-name to specify a TFTP server name in a DHCP address pool. Use undo tftp-server domain-name to remove the TFTP server name from a DHCP address pool. Syntax tftp-server domain-name domain-name undo tftp-server domain-name Default No TFTP server name is specified. Views DHCP address pool view Default command level 2: System level Parameters domain-name: TFTP server name, a string of 1 to 63 characters.
Default command level 2: System level Parameters ip-address: TFTP server IP address. Usage guidelines If you use the tftp-server ip-address command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server address 10.1.1.1 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.
If yes, the DHCP server selects an IP address from the address range specified with this command. If not, the DHCP server selects one from the address range specified with the network ip range command. Only extended address pools support this command. The IP address range specified with this command must be included in that specified with the network ip range command. Examples # Specify IP address rang 10.1.1.1 to 10.1.1.5 for the DHCP clients of vender a0 b0 0c.
Usage guidelines Specify the IP address of a network calling processor first to make other configured parameters take effect. Examples # Configure Option 184 in DHCP address pool 0: the primary network calling processor 10.1.1.1, backup network calling processor 10.2.2.2, voice VLAN ID 3 that is enabled, the failover IP address 10.3.3.3 and dialer string 99*. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] voice-config ncp-ip 10.1.1.1 [Sysname-dhcp-pool-0] voice-config as-ip 10.
DHCP relay agent configuration commands The DHCP relay agent configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), virtual Ethernet interfaces (or subinterfaces), VLAN interfaces, Layer 3 aggregate interfaces, and serial interfaces. dhcp enable (for DHCP relay agent) Use dhcp enable to enable DHCP. Use undo dhcp enable to disable DHCP. Syntax dhcp enable undo dhcp enable Default DHCP is disabled.
Default command level 2: System level Usage guidelines With this feature enabled, the DHCP relay agent can dynamically record clients' IP-to-MAC bindings after clients get IP addresses through DHCP. It also supports static bindings. You can manually configure IP-to-MAC bindings on the DHCP relay agent, so that users can access external networks using fixed IP addresses.
Examples # Enable MAC address check on the DHCP relay agent. system-view [Sysname] interface gigabitethernet 3/1/1 [Sysname-GigabitEthernet3/1/1] dhcp relay check mac-address dhcp relay client-detect enable Use dhcp relay client-detect enable to enable offline detection on the DHCP relay agent. Use undo dhcp relay client-detect enable to disable offline detection on the DHCP relay agent.
Views Interface view Default command level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex. Usage guidelines This command applies to configuring the non-user-defined circuit ID sub-option only. After you configure the padding content for the circuit ID sub-option using the dhcp relay information circuit-id string command, ASCII is adopted as the code type.
Examples # Configure the padding content for the circuit ID sub-option as company001. system-view [Sysname] interface gigabitethernet 3/1/1 [Sysname-GigabitEthernet3/1/1] dhcp relay information circuit-id string company001 Related commands • dhcp relay information format • display dhcp relay information dhcp relay information enable Use dhcp relay information enable to enable the relay agent to support Option 82. Use undo dhcp relay information enable to disable Option 82 support.
Views Interface view Default command level 2: System level Parameters normal: Specifies the normal padding format. verbose: Specifies the verbose padding format. node-identifier { mac | sysname | user-defined node-identifier }: Specifies access node identifier. By default, the node MAC address is used as the node identifier. • mac indicates using MAC address as the node identifier. • sysname indicates using the device name of a node as the node identifier.
Views Interface view Default command level 2: System view Parameters ascii: Specifies the code type for the remote ID sub-option as ascii. hex: Specifies the code type for the remote ID sub-option as hex. Usage guidelines This command applies to configuring the non-user-defined remote ID sub-option only. After you configure the padding content for the remote ID sub-option using the dhcp relay information remote-id string command, ASCII is adopted as the code type.
Usage guidelines After you configure the padding content for the remote ID sub-option using this command, ASCII is adopted as the code type. If you want to specify the character string sysname (a case-insensitive character string) as the padding content for the remote ID sub-option, you need to use quotation marks to make it take effect.
Related commands display dhcp relay information dhcp relay release ip Use dhcp relay release ip to request the DHCP server to release a specific client IP address. Syntax dhcp relay release ip client-ip Views System view Default command level 2: System level Parameters client-ip: DHCP client IP address. Examples # Request the DHCP server to release the IP address 1.1.1.1. system-view [Sysname] dhcp relay release ip 1.1.1.
dynamic: Specifies dynamic client entries to be removed. static: Specifies manual client entries to be removed. Usage guidelines Use the undo dhcp relay security command to remove specified client entries from the relay agent. When using the dhcp relay security static command to bind an interface to a static client entry, make sure that the interface is configured as a DHCP relay agent. Otherwise, entry conflicts might occur.
Related commands • dhcp relay security tracker • dhcp relay security static dhcp relay security tracker Use dhcp relay security tracker to set a refreshing interval at which the relay agent contacts the DHCP server for refreshing dynamic bindings. Use undo dhcp relay security tracker to restore the default interval.
Views System view Default command level 2: System level Usage guidelines With this function enabled, upon receiving a DHCP request, the DHCP relay agent records the IP addresses of all DHCP servers that offered IP addresses to the DHCP client and the receiving interface. Each server detected is recorded only once. The administrator can use this information from logs to check for unauthorized DHCP servers.
Examples # Specify DHCP server 1.1.1.1 for DHCP server group 1 on the relay agent. system-view [Sysname] dhcp relay server-group 1 ip 1.1.1.1 Related commands display dhcp relay server-group dhcp relay server-select Use dhcp relay server-select to correlate specified interfaces to a specific DHCP server group. Use undo dhcp relay server-select to remove a configured correlation.
dhcp select relay Use dhcp select relay to enable the relay agent on the current interface. Upon receiving requests from an enabled interface, the relay agent forwards these requests to outside DHCP servers for IP address allocation. Use undo dhcp select relay to restore the default. Syntax dhcp select relay undo dhcp select relay Views Interface view Default command level 2: System level Usage guidelines After DHCP is enabled, the DHCP server is enabled on an interface by default.
Examples # Configure GigabitEthernet 3/1/1 to support authorized ARP. system-view [Sysname] interface gigabitethernet 3/1/1 [Sysname-GigabitEthernet3/1/1] dhcp update arp display dhcp relay Use display dhcp relay to display information about DHCP server groups correlated to an interface or all interfaces.
Syntax display dhcp relay information { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays the Option 82 configuration information for all interfaces. interface interface-type interface-number: Displays the Option 82 configuration information for a specific interface. |: Filters command output by specifying a regular expression.
Field Description Strategy Handling strategy for requesting messages containing Option 82, Drop, Keep, or Replace. Format Padding format of Option 82, Normal or Verbose. Circuit ID format-type Non-user-defined code type of the circuit ID sub-option, ASCII or HEX. Remote ID format-type Non-user-defined code type of the remote ID sub-option, ASCII or HEX. Node identifier Access node identifier. User defined Content of user-defined sub-options.
display dhcp relay security IP Address 10.1.1.1 --- MAC Address Type 00e0-0000-0001 Static 1 dhcp-security item(s) found Interface GE3/1/1 --- Table 13 Command output Field Description IP Address Client IP address. MAC Address Client MAC address. Type Type of binding, dynamic, static, and temporary. Interface Layer 3 interface connecting to the DHCP client. If no interface is recorded in the binding entry, N/A is displayed.
Table 14 Command output Field Description Static Items Static binding items. Dynamic Items Dynamic binding items. Temporary Items Temporary binding items. All Items All binding items. display dhcp relay security tracker Use display dhcp relay security tracker to display the interval for refreshing dynamic bindings on the relay agent.
Default command level 1: Monitor level Parameters group-id: Displays the information for the specified DHCP server group numbered from 0 to 19. all: Displays the information for all DHCP server groups. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
DHCPACK packets sent: 0 DHCPNAK packets sent: 0 BOOTPREPLY packets sent: 0 # Display DHCP packet statistics related to every server group on the relay agent.
DHCP client configuration commands The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), VLAN interfaces, and Layer 3 aggregate interfaces. When multiple VLAN interfaces having the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be the Windows 2000 Server or Windows 2003 Server. You cannot configure an interface of an aggregation group as a DHCP client.
Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from 2005.08.13 15:37:59 to 2005.08.16 15:37:59 DHCP server: 40.1.1.2 Transaction ID: 0x1c09322d Default router: 40.1.1.2 Classless static route: Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16 DNS server: 44.1.1.11 DNS server: 44.1.1.
Field Description Default router Gateway address assigned to the client. Classless static route Classless static routes assigned to the client. Static route Classful static routes assigned to the client. DNS server DNS server address assigned to the client. Domain name Domain name suffix assigned to the client. Boot server PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43. Client ID Client ID.
[Sysname-GigabitEthernet3/1/1] ip address dhcp-alloc 85
DHCP snooping configuration commands A DHCP snooping enabled device can work between the DHCP client and relay agent or between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server. The DHCP snooping commands are supported only when SAP modules operate in Layer 2 mode. dhcp-snooping Use dhcp-snooping to enable DHCP snooping. Use undo dhcp-snooping to disable DHCP snooping. Syntax dhcp-snooping undo dhcp-snooping Default DHCP snooping is disabled.
Default No file is specified. Views System view Default command level 2: System level Parameters filename: File name. For information about defining the file name, see Fundamentals Configuration Guide. Usage guidelines If the specified file does not exist, the device automatically creates the file when it stores the first DHCP snooping entry. This command enables the device to store DHCP snooping entries in the specified file immediately.
Parameters minutes: Update interval in the range of 1 to 14400 minutes. Usage guidelines This command enables updating DHCP snooping entries at the specified interval. • If a DHCP snooping entry is learned or removed during an interval, DHCP snooping adds or removes this entry at the end of this interval. • If no change occurs within the interval, DHCP snooping does not perform update operation.
Syntax dhcp-snooping check mac-address undo dhcp-snooping check mac-address Default This function is disabled. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Usage guidelines With this function enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server.
forwards it to the DHCP server. If they are not consistent, DHCP snooping considers the message a forged lease renewal request and discards it. • If no match is found, DHCP snooping forwards the message to the DHCP server. Examples # Enable DHCP-REQUEST message check for DHCP snooping.
dhcp-snooping information circuit-id string Use dhcp-snooping information circuit-id string to configure the padding content for the user-defined circuit ID sub-option. Use undo dhcp-snooping information circuit-id string to restore the default. Syntax dhcp-snooping information [ vlan vlan-id ] circuit-id string circuit-id undo dhcp-snooping information [ vlan vlan-id ] circuit-id string Default The padding content for the circuit ID sub-option depends on the padding format of Option 82.
undo dhcp-snooping information enable Default DHCP snooping does not support Option 82. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Examples # Configure DHCP snooping to support Option 82.
• sysname indicates using the device name of a node as the node identifier. • user-defined node-identifier indicates using a specific character string as the node identifier, a string of 1 to 50 characters. Usage guidelines When you use the undo dhcp-snooping information format command: • If the verbose node-identifier option is not included, the padding format is restored to normal.
Examples # Configure the code type for the non-user-defined remote ID sub-option as ascii. system-view [Sysname] interface gigabitethernet 3/1/1 [Sysname-GigabitEthernet3/1/1] dhcp-snooping information remote-id format-type ascii Related commands • display dhcp-snooping information • dhcp-snooping information format dhcp-snooping information remote-id string Use dhcp-snooping information remote-id string to configure the padding content for the user-defined remote ID sub-option.
[Sysname] interface gigabitethernet 3/1/1 [Sysname-GigabitEthernet3/1/1] dhcp-snooping information remote-id string device001 Related commands • dhcp-snooping information format • display dhcp-snooping information dhcp-snooping information strategy Use dhcp-snooping information strategy to configure the handling strategy for Option 82 in requesting messages. Use undo dhcp-snooping information strategy to restore the default.
dhcp-snooping information sub-option Use dhcp-snooping information sub-option to configure a sub-option. Use undo dhcp-snooping information sub-option to restore the default. Syntax dhcp-snooping information [ vlan vlan-id ] sub-option sub-option-code [ string user-string&<1-8> ] undo dhcp-snooping information [ vlan vlan-id ] sub-option sub-option-code Default No sub-option is configured.
• display dhcp-snooping information dhcp-snooping trust Use dhcp-snooping trust to configure a port as a trusted port. Use undo dhcp-snooping trust to restore the default state of a port. Syntax dhcp-snooping trust [ no-user-binding ] undo dhcp-snooping trust Default All ports are untrusted.
Parameters ip ip-address: Displays the DHCP snooping entries corresponding to the specified IP address. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
display dhcp-snooping binding database Use display dhcp-snooping binding database to display information about the DHCP snooping entry file. Syntax display dhcp-snooping binding database [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Syntax display dhcp-snooping information { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays the Option 82 configuration information for all Layer 2 Ethernet interfaces. interface interface-type interface-number: Displays the Option 82 configuration information for a specific interface. |: Filters command output by specifying a regular expression.
Sub-option 9 content: group1 VLAN 20: Remote ID: device001 Sub-option 9: Enabled display dhcp-snooping packet statistics Use display dhcp-snooping packet statistics to display DHCP packet statistics for DHCP snooping.
Packets dropped due to rate limitation : 20 Dropped invalid packets : 0 Related commands reset dhcp-snooping packet statistics display dhcp-snooping trust Use display dhcp-snooping trust to display information about trusted ports. Syntax display dhcp-snooping trust [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Views User view Default command level 1: Monitor level Parameters all: Clears all DHCP snooping entries. ip ip-address: Clears the DHCP snooping entries for the specified IP address. Usage guidelines This command clears specified DHCP snooping entries for all slots. Examples # Clear all DHCP snooping entries.
Examples # Clear DHCP packet statistics for DHCP snooping.
IPv4 DNS configuration commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. |: Filters command output by specifying a regular expression.
display dns host Use display dns host to display the dynamic DNS cache information. Syntax display dns host [ ip | ipv6 | naptr | srv ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip: Displays dynamic cache information for type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Displays dynamic cache information for type AAAA queries.
Field Description Host Domain name for query. TTL Time that a mapping can be stored in the cache (in seconds). Type Query type, IP, IPv6, NAPTR, and SRV. Reply data concerning the query type: • For an IP query, the reply data is an IPv4 address. • For an IPv6 query, the reply data is an IPv6 address. • For a NAPTR query, the reply data comprises order, preference, flags, Reply Data services, regular expression, and replacement.
Table 21 Command output Field Description DNS Server Sequence number of the DNS server, configured automatically by the device, starting from 1. Type of domain name server: Type • S—A manually configured DNS server. • D—A DNS server obtained dynamically through DHCP. IP Address IPv4 address of the DNS server. Related commands dns server display ip host Use display ip host to display the host names and corresponding IPv4 addresses in the static domain name resolution table.
Field Description Time to live. The value of 0 means that the static mapping never ages out. Age Flags Address You can only manually remove the static mappings between host names and IPv4 addresses. Mapping type. Static represents static IPv4 domain name resolution. Host IPv4 address. dns domain Use dns domain to configure a domain name suffix. The system can automatically add the suffix to part of the domain name you entered for resolution.
dns proxy enable Use dns proxy enable to enable DNS proxy. Use undo dns proxy enable to disable DNS proxy. Syntax dns proxy enable undo dns proxy enable Default DNS proxy is disabled. Views System view Default command level 2: System level Examples # Enable DNS proxy. system-view [Sysname] dns proxy enable dns resolve Use dns resolve to enable dynamic domain name resolution. Use undo dns resolve to disable dynamic domain name resolution.
dns server Use dns server to specify a DNS server. Use undo dns server to remove DNS servers. Syntax In system view: dns server ip-address undo dns server [ ip-address ] In interface view: dns server ip-address undo dns server ip-address Default No DNS server is specified. Views System view, interface view Default command level 2: System level Parameters ip-address: IPv4 address of the DNS server.
Syntax dns source-interface interface-type interface-number undo dns source-interface Default No source interface for DNS packets is specified. The device uses the primary IP address of the output interface of the matching route as the source IP address of a DNS request. Views System view Default command level 2. System level Parameters interface-type interface-number: Specifies the interface type and number.
to spoof a reply with the configured IP address. Once a DNS server is reachable, the device sends DNS requests to the server and return replies to the requesting DNS clients. If you execute the dns spoofing command with different IP addresses specified multiple times, the most recent configuration takes effect. Examples # Enable DNS spoofing and specify the IP address as 1.1.1.1. system-view [Sysname] dns spoofing 1.1.1.
Syntax reset dns host [ ip | ipv6 | naptr | srv ] Views User view Default command level 2: System level Parameters ip: Clears dynamic cache information for type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Clears dynamic cache information for type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. For more information, see Layer 3—IP Services Configuration Guide. naptr: Clears dynamic cache information for NAPTR queries.
NAT configuration commands address Use address to add a member that specifies an address pool to the address group. The address pools of group members might not be consecutive. Use undo address to remove a group member from the address group. Syntax address start-address end-address undo address start-address end-address Views Address group view Default command level 2: System level Parameters start-address: Specifies the start IP address of the address group member.
display nat address-group Use display nat address-group to display the NAT address pool information. Syntax display nat address-group [ group-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters group-number: Specifies the NAT address group number. If you do not specify this argument, this command displays information for all NAT address pools. |: Filters command output by specifying a regular expression.
Syntax display nat all [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Table 24 Command output Field Description NAT address-group information NAT address pool information. There are currently 1 nat address-group(s) See the display nat address-group command for descriptions on the specific fields. NAT bound information: Configuration information about internal address-to-external address translation. See the display nat bound command for descriptions on the specific fields. NAT server in private network information Internal server information.
Interface: GigabitEthernet2/1/1 Direction: inbound ACL: 3000 Address-group: 300 NO-PAT: N Address-group: --- NO-PAT: N VPN-instance: vpn2 Interface: GigabitEthernet2/1/2 Direction: outbound ACL: 2001 VPN-instance: --- Table 25 Command output Field Description NAT bound information: Display configured NAT address translation information. Interface Interface associated with a NAT address pool. Direction Address translation direction: inbound or outbound. ACL ACL number.
display nat dns-map NAT DNS mapping information: There are currently 2 NAT DNS mapping(s) Domain-name: www.server.com Global-IP : 202.113.16.117 Global-port: 80(www) Protocol : 6(tcp) Domain-name: ftp.server.com Global-IP : 202.113.16.100 Global-port: 21(ftp) Protocol : 6(tcp) Table 26 Command output Field Description Domain-name Domain name of the internal server. Global-IP External IP address of the internal server. Global-port Public port number of the internal server.
NAT server in private network information: There are currently 2 internal server(s) Interface: GigabitEthernet2/1/1, Protocol: 6(tcp) Global: 202.110.10.10 : 80(www) Local : 10.110.10.10 : 80(www) Status: Inactive Interface: GigabitEthernet2/1/1, Protocol: 6(tcp) Global: 100.100.100.100 : 21(ftp) Local : 1.1.1.1 : 21(ftp) vpn1 Status: Active Table 27 Command output Field Description NAT server in private network information Information about internal servers.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays NAT entries for the specified MPLS L3VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Without this option, this command displays NAT entries of the public network. slot slot-number: Displays NAT entries for the interface card specified by the slot number. (In standalone mode.) chassis chassis-number slot slot-number: Displays NAT entries for a card in an IRF member device.
Field Description NAT session lifetime in the format of hh:mm:ss. TTL The HSR6800 routers cannot display information about NAT session lifetime. Left NAT session remaining lifetime, in the format of hh:mm:ss. display nat static Use display nat static to display static NAT entries and interfaces with static NAT enabled.
Destination : --- Destination Mask: --Out-interface : --- Status: Inactive NAT static enabled information: Interface Direction Vlan-interface11 out-static Table 30 Command output Field Description NAT static information Configuration information about static NAT. net-to-net Net-to-net static NAT. single static One-to-one static NAT. Local-IP Internal IP address. Global-IP External IP address. Netmask Network mask. Local-VPN MPLS L3VPN to which the internal IP address belongs.
Views Any view Default command level 1: Monitor level Parameters slot slot-number: Displays NAT statistics for the interface card specified by the slot number. (In standalone mode.) chassis chassis-number slot slot-number: Displays NAT statistics for a card in an IRF member device. The chassis-number argument represents the IRF member ID of the device, and the slot-number argument represents the slot number of the card on the device. (In IRF mode.
Views Any view Default command level 1: Monitor level Parameters slot slot-number: Displays NAT log information for the interface card specified by the slot number. (In standalone mode.) chassis chassis-number slot slot-number: Displays NAT log information for a card in an IRF member device. The chassis-number argument represents the IRF member ID of the device, and the slot-number argument represents the slot number of the card on the device. (In IRF mode.
Field Description VPN-instance MPLS L3VPN where the log server resides. Logs in buffer Total number of flow or NAT logs buffered. inside ip Use inside ip to add a member into an internal server group. Use undo inside ip to remove a member from the internal server group.
undo nat address-group group-number [ start-address end-address ] Views System view Default command level 2: System level Parameters group-number: Specifies the index of the address pool, in the range of 0 to 127. start-address: Specifies the start IP address of the address pool. end-address: Specifies the end IP address of the address pool. The end-address cannot be lower than the start-address. If they are the same, the address pool has only one IP address.
Parameters domain domain-name: Specifies the domain name of an internal server. A domain name is a string containing no more than 255 case-insensitive characters. It consists of several labels separated by dots (.). Each label has no more than 63 characters that must begin and end with letters or digits. Dashes (-) can also be included. protocol pro-type: Specifies the protocol type used by the internal server, tcp or udp.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the addresses of the address pool belong. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. With this option, inter-VPN access through NAT is supported. Without this option, the addresses in the address pool do not belong to any VPN. no-pat: Indicates that no many-to-many NAT is implemented. If this keyword is not configured, many-to-one NAT is implemented using the TCP/UDP port information.
[Sysname-Serial2/1/0] nat outbound 2001 nat outbound static Use nat outbound static to enable static NAT on an interface, making the configured static NAT mappings take effect. Use undo nat outbound static to disable static NAT on the interface. Syntax nat outbound static [ track vrrp virtual-router-id ] undo nat outbound static [ track vrrp virtual-router-id ] Views Interface view Default command level 2: System level Parameters track vrrp virtual-router-id: Associates static NAT with a VRRP group.
Default command level 2: System level Parameters protocol pro-type: Specifies a protocol type, TCP or UDP. global-address: Specifies the public IP address for the internal server. current-interface: Uses the current interface's address as the public IP address of the internal server. interface interface-type interface-number: Uses the specified interface's address as the external IP address of the internal server, the Easy IP feature. The interface is specified by its type and number.
Related commands • nat server-group • display nat server nat server (for normal NAT server) Use nat server to configure a load sharing internal server. Use undo nat server to remove the configuration.
local-port: Specifies the port number provided by the internal server, in the range of 0 to 65535, excluding FTP port number 20. • You can use the service names to represent those well-known port numbers. For example, you can use www to represent port number 80, ftp to represent port number 21, and so on. • You can use the keyword any to represent port number 0, which means all types of services are supported. This has the same effect as a static translation between the global-address and local-address.
When the protocol type is not udp (with a protocol number of 17) or tcp (with a protocol number of 6), you can configure one-to-one NAT between an internal IP address and an external IP address only, but cannot specify port numbers. Examples # Allow external users to access the internal Web server 10.110.10.10 on the LAN through http://202.110.10.10:8080, and the internal FTP server 10.110.10.11 in MPLS VPN vrf10 through ftp://202.110.10.10/.
nat server-group Use nat server-group to configure an internal server group. Use undo nat server-group to remove the specified internal server group. Syntax nat server-group group-number undo nat server-group group-number Views System view Default command level 2: System level Parameters group-number: Specifies the internal server group number in the range of 0 to 31. Usage guidelines An interval server group referenced by the nat server command on an interface cannot be removed.
global-ip: External IP address. vpn-instance global-name: Specifies the VPN to which the external IP address belongs. The global-name argument is a case-sensitive string of 1 to 31 characters. Without this option, the external IP address does not belong to any VPN. Examples # Configure static NAT mapping between internal IP address 192.168.1.1 and external IP address 2.2.2.2. system-view [Sysname] nat static 192.168.1.1 2.2.2.
Examples # Configure a net-to-net static NAT mapping: Internal network address is 192.168.1.0/24 that belongs to VPN vpn10, and external network address is 10.1.1.0/24 that belongs to VPN vpn20. system-view [Sysname] nat static net-to-net 192.168.1.0 vpn-instance vpn10 10.1.1.
IP forwarding basics commands display fib Use display fib to display FIB entries. If you do not specify any parameters, this command displays all FIB entries. Syntax display fib [ multiple-topology topology-name | vpn-instance vpn-instance-name ] [ acl acl-number | ip-prefix ip-prefix-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters multiple-topology topology-name: Displays the FIB entries of a specific topology.
Destination/Mask Nexthop Flag OutInterface InnerLabel Token 10.2.0.0/16 10.2.1.1 U GE3/0/1 Null Invalid 10.2.1.1/32 127.0.0.1 UH InLoop0 Null Invalid 127.0.0.0/8 127.0.0.1 U InLoop0 Null Invalid 127.0.0.1/32 127.0.0.1 UH InLoop0 Null Invalid # Display FIB entries matching ACL 2000. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.2.0.0 0.0.255.
Field Description Destination/Mask Destination address/length of mask. Nexthop Next hop address. Flags of routes: Flag • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Blackhole route. D—Dynamic route. S—Static route. R—Recursive route. OutInterface Outbound interface. InnerLabel Inner label. Token Label switched path index number. display fib bandwidth-based-sharing Use display fib bandwidth-based-sharing to display FIB entries used for bandwidth-based load sharing.
Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface Token Load-sharingBW 100.0.0.0/24 10.0.0.2 USG GE3/0/1 Invalid Invalid 100.0.0.0/24 20.0.0.2 USG GE3/0/2 Invalid Invalid 200.0.0.0/24 30.0.0.2 USG GE3/0/3 Invalid 1000 200.0.0.0/24 40.0.0.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If you do not specify any mask or mask length, this command displays the FIB entry that matches the destination IP address and has the longest mask.
Load sharing commands bandwidth-based-sharing Use bandwidth-based-sharing to enable bandwidth-based load sharing. Use undo bandwidth-based-sharing to disable bandwidth-based load sharing. Syntax bandwidth-based-sharing undo bandwidth-based-sharing Default Bandwidth-based load sharing is disabled.
ip load-sharing mode { all | chassis chassis-number slot slot-number } { per-flow [ dest-ip | src-ip ] * | per-packet } undo ip load-sharing mode { all | chassis chassis-number slot slot-number } Default The load sharing mode is per-flow. Views System view Default command level 2: System level Parameters per-flow: Enables flow-based load sharing. src-ip: Identifies flows by source IP address. per-packet: Enables packet-based load sharing. all: Specifies all cards. slot slot-number: Specifies a card.
Views Interface view Default command level 2: System level Parameters bandwidth: Specifies the bandwidth of the interface for load sharing, in Kbps. The value range is 0 to 10000000. Examples # Configure the bandwidth of the interface for load sharing.
Flow classification configuration commands display forwarding policy Use display forwarding policy to display the current flow classification policy. Syntax display forwarding policy [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Default command level 2: System level Examples # Disable flow classification. system [Sysname] undo flow-classification enable forwarding policy Use forwarding policy to specify a flow classification policy. Use undo forwarding policy to restore the default policy. Syntax forwarding policy { per-flow | per-packet } [ ip | mpls ] undo forwarding policy Default The per-flow policy is specified.
Adjacency table configuration commands display adjacent-table Use display adjacent-table to display IPv4 adjacency table entries.
Examples # Display detailed information about all IPv4 adjacency table entries. display adjacent-table all verbose IP Address : 1.1.1.1 Routing Interface : Pos1/1/0 Physical Interface : Pos1/1/0 Logical Interface : N/A Service Type : PPP Action Type : FORWARDING Link Media Type : P2P Slot : 1 Virtual Circuit Information : N/A Link Head Information(IP) : ff030021 Link Head Information(MPLS) : ff030281 # Display the IPv4 adjacency table entries in slot 1.
display ipv6 adjacent-table Use display ipv6 adjacent-table to display IPv6 adjacency table entries.
Physical Interface : Pos1/1/0 Logical Interface : N/A Service Type : PPP Action Type : FORWARDING Link Media Type : P2P Slot : 0 Virtual Circuit Information : N/A Link Head Information(IPv6) : ff030057 Time Stamp : 141225 # Display the IPv6 adjacency table entries in slot 1. display ipv6 adjacent-table slot 1 IPv6 Address Routing Interface N/A Pos1/1/0 Physical Interface Type Pos1/1/0 Slot PPP 1 # Display the number of IPv6 adjacency table entries in slot 1.
IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics.
source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information reply 0 mask replies 0 mask requests 0 time exceeded 0 Related commands • display ip interface • reset ip statistics display ip socket Use display ip socket to display socket information.
Examples # Display the TCP socket information. display ip socket SOCK_STREAM: Task = VTYD(38), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_REUSEPORT SO_SENDVPNID(3073) SO_SETKEEPALIVE, socket state = SS_PRIV SS_ASYNC Task = HTTP(36), socketid = 1, Proto = 6, LA = 0.0.0.0:80, FA = 0.0.0.
Task = NTPT(37), socketid = 1, Proto = 17, LA = 0.0.0.0:123, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_UDPCHECKSUM SO_SENDVPNID(3073), socket state = SS_PRIV Task = AGNT(51), socketid = 1, Proto = 17, LA = 0.0.0.0:161, FA = 0.0.0.
socket state = SS_PRIV SS_NBIO SS_ASYNC Task = ROUT(69), socketid = 2, Proto = 103, LA = 0.0.0.0, FA = 0.0.0.0, sndbuf = 65536, rcvbuf = 256000, sb_cc = 0, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_SENDVPNID(0) SO_RCVVPNID(0), socket state = SS_PRIV SS_NBIO SS_ASYNC Task = ROUT(69), socketid = 1, Proto = 65, LA = 0.0.0.0, FA = 0.0.0.
display ip statistics Use display ip statistics to display statistics of IP packets. Syntax In standalone mode: display ip statistics [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] In IRF mode: display ip statistics [ chassis chassis-number slot slot-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters slot slot-number: Displays IP packet statistics for the specified card.
Table 38 Command output Field Input Output Fragment Reassembling Description sum Total number of packets received. local Total number of packets with destination being local. bad protocol Total number of unknown protocol packets. bad format Total number of packets with incorrect format. bad checksum Total number of packets with incorrect checksum. bad options Total number of packets with incorrect option. forwarding Total number of packets forwarded.
Parameters interface interface-type interface-number: Displays the IP virtual fragment reassembly information about the interface specified by interface-type interface-number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Syntax display tcp statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Table 40 Command output Field Received packets Sent packets Description Total Total number of packets received. packets in sequence Number of packets arriving in sequence. window probe packets Number of window probe packets received. window update packets Number of window update packets received. checksum error Number of checksum error packets received. offset error Number of offset error packets received.
Field Description established connections Number of connections established. Closed connections Number of connections closed. In brackets are connections closed accidentally (before receiving SYN from the peer) and connections closed initiatively (after receiving SYN from the peer). Packets dropped with MD5 authentication Number of packets dropped by MD5 authentication. Packets permitted with MD5 authentication Number of packets permitted by MD5 authentication.
Table 41 Command output Field Received packets Sent packets Description Total Total number of UDP packets received. checksum error Total number of packets with incorrect checksum. shorter than header Number of packets with data shorter than head. data length larger than packet Number of packets with data longer than packet. unicast(no socket on port) Number of unicast packets with no socket on port.
system-view [Sysname] interface gigabitethernet 3/0/1 [Sysname-GigabitEthernet3/0/1] ip forward-broadcast acl 2001 ip forward-broadcast (system view) Use ip forward-broadcast to enable the device to receive directed broadcasts. Use undo ip forward-broadcast to disable the device from receiving directed broadcasts. Syntax ip forward-broadcast undo ip forward-broadcast Views System view Default command level 2: System level Examples # Enable the device to receive directed broadcasts.
[Sysname] ip icmp-extensions compliant ip redirects enable Use ip redirects enable to enable sending ICMP redirection packets. Use undo ip redirects to disable sending ICMP redirection packets. Syntax ip redirects enable undo ip redirects Default Sending ICMP redirection packets is disabled. Views System view Default command level 2: System level Examples # Enable sending ICMP redirect packets.
[Sysname] ip ttl-expires enable ip unreachables enable Use ip unreachables enable to enable sending ICMP destination unreachable packets. Use undo ip unreachables to disable sending ICMP destination unreachable packets. Syntax ip unreachables enable undo ip unreachables Default Sending ICMP destination unreachable packets is disabled. Views System view Default command level 2: System level Examples # Enable sending ICMP destination unreachable packets.
max-reassemblies number: Specifies the maximum number of concurrent reassemblies. The value range is 1 to 1024, and the default is 64. timeout seconds: Specifies the timeout interval of a reassembly in seconds (1 to 64). The default value is 3 seconds. Usage guidelines When the maximum number of concurrent reassemblies is reached, the device discards all subsequent fragments (not including fragments that belong to assemblies established before the number is reached) and sends a syslog message.
Related commands • display ip statistics • display ip interface reset tcp statistics Use reset tcp statistics to clear statistics of TCP traffic. Syntax reset tcp statistics Views User view Default command level 1: Monitor level Examples # Clear statistics of TCP traffic. reset tcp statistics Related commands display tcp statistics reset udp statistics Use reset udp statistics to clear statistics of UDP traffic.
Default The TCP MSS is 1460 bytes. Views Interface view Default command level 2: System level Parameters value: TCP maximum segment size (MSS) in bytes, in the range of 128 to 2048. Usage guidelines TCP MSS = path MTU – IP header length – TCP header length Examples # Set the TCP MSS to 300 bytes on GigabitEthernet 3/0/1.
tcp timer fin-timeout Use tcp timer fin-timeout to configure the TCP finwait timer. Use undo tcp timer fin-timeout to restore the default. Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout Default The TCP finwait timer is 675 seconds. Views System view Default command level 2: System level Parameters time-value: Specifies the TCP finwait timer in seconds, in the range of 76 to 3600.
Default command level 2: System level Parameters time-value: Specifies the TCP synwait timer in seconds, in the range of 2 to 600. Examples # Set the TCP synwait timer to 80 seconds. system-view [Sysname] tcp timer syn-timeout 80 Related commands • tcp timer fin-timeout • tcp window tcp window Use tcp window to configure the size of the TCP send/receive buffer. Use undo tcp window to restore the default.
UDP helper configuration commands display udp-helper server Use display udp-helper server to display information about forwarded UDP packets on the specified interface or all interfaces. Syntax display udp-helper server [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays information about forwarded UDP packets on a specific interface.
Views User view Default command level 1: Monitor level Examples # Clear the statistics of UDP packets forwarded by UDP helper. reset udp-helper packet Related commands display udp-helper server udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper. Syntax udp-helper enable undo udp-helper enable Default UDP helper is disabled.
Default No UDP port number is specified. Views System view Default command level 2: System level Parameters port-number: UDP port number with which packets need to be forwarded, in the range of 1 to 65535 (except 67 and 68). dns: Forwards DNS data packets. The corresponding UDP port number is 53. netbios-ds: Forwards NetBIOS data packets. The corresponding UDP port number is 138. netbios-ns: Forwards NetBIOS name service data packets. The corresponding UDP port number is 137.
Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command specifies a destination server on the public network for UDP helper. ip-address: IP address of a destination server, in dotted decimal notation. Usage guidelines You can specify up to 20 destination servers on an interface.
IPv6 basics configuration commands display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. If you do not specify any parameter, this command displays all IPv6 FIB entries. Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the IPv6 FIB entries of the specified MPLS L3VPN.
Destination: NextHop Label Interface : : : ::1 PrefixLength : 128 ::1 Flag : UH NULL Token : 0 InLoopBack0 Table 42 Command output Field Description Total number of Routes Total number of routes in the FIB. Destination Destination address. PrefixLength Prefix length of the destination address. NextHop Next hop. Route flag: Flag • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Black hole route. D—Dynamic route. S—Static route. Label Label.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type: Interface type. interface-number: Interface number. brief: Displays brief IPv6 information about an interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 0 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 0 OutRequests: 0 OutForwDatagrams: 0 InNoRo
Field Description link-local address Link-local address of the interface. Global unicast address(es) Global unicast addresses of the interface. valid lifetime Valid lifetime of the global unicast address. preferred lifetime Preferred lifetime of the global unicast address. Joined group address(es) Addresses of the multicast groups that the interface has joined. MTU Maximum transmission unit of the interface. Number of DAD attempts, with DAD enabled.
Field Description IPv6 Address IPv6 address of the interface. Only the first of configured IPv6 addresses is displayed. If no address is configured for the interface, Unassigned is displayed. display ipv6 neighbors Use display ipv6 neighbors to display neighbor information.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information. Examples # Display all neighbor information.
• reset ipv6 neighbors display ipv6 neighbors count Use display ipv6 neighbors count to display the total number of neighbor entries meeting the specified condition.
Examples # Display the total number of neighbor entries acquired dynamically. display ipv6 neighbors dynamic count Total dynamic entry(ies): 2 display ipv6 neighbors vpn-instance Use display ipv6 neighbors vpn-instance to display neighbor information for a specific VPN.
Field Description State of a neighbor: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable. • STALE—The reachability of the neighbor is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. • DELAY—The reachability of the neighbor is unknown. The device sends an NS message after a delay. • PROBE—The reachability of the neighbor is unknown.
Examples # Display all path MTU information. display ipv6 pathmtu all IPv6 Destination Address ZoneID fe80::12 2222::3 PathMTU 0 0 Age 1300 1280 Type 40 -- Dynamic Static Table 48 Command output Field Description IPv6 Destination Address Destination IPv6 address. ZoneID ID of address zone, invalid. PathMTU Path MTU value on the network path to an IPv6 address. Age Time for a path MTU to live. For a static path MTU, two hyphens (--) are displayed.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
socket state = SS_PRIV SS_ASYNC Table 49 Command output Field Description SOCK_STREAM TCP socket. SOCK_DGRAM UDP socket. SOCK_RAW Raw IP socket. Task Task name and ID of the created socket. socketid ID assigned by the kernel to the created socket. Proto Protocol type, for example, 6 indicates TCP and 17 indicates UDP. LA Local address and local port number. FA Remote address and remote port number. sndbuf Size of the send buffer. rcvbuf Size of the receive buffer.
display ipv6 statistics Use display ipv6 statistics to display statistics of IPv6 packets and ICMPv6 packets.
Total: 0 local host: 0 hopcount exceeded: 0 format error: 0 option error: 0 protocol error: 0 fragments: 0 reassembled: 0 reassembly failed: 0 reassembly timeout: 0 ICMPv6 protocol: Sent packets: Total: 0 unreached: 0 too big: 0 hopcount exceeded: 0 reassembly timeout: 0 parameter problem: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert: 0 redirected: 0 Send failed: ratelimited: 0 other errors: 0 Recei
Field Description Statistics of sent IPv6 packets: Sent packets • • • • • • • • Total—Total number of packets sent and forwarded locally. local sent out—Number of packets sent locally. forwarded—Number of forwarded packets. raw packets—Number of packets sent through raw socket. discarded—Number of discarded packets. routing failed—Number of packets failing to be routed. fragments—Number of sent fragment packets. fragments failed—Number of fragments failing to be sent.
Field Description Statistics of received ICMPv6 packets: Received packets • • • • • • • • Total—Total number of received packets. • • • • • • • • • • • • • • parameter problem—Number of Parameter Problem packets. checksum error—Number of packets with checksum errors. too short—Number of too small packets. bad code—Number of packets with error codes. unreached—Number of Destination Unreachable packets. too big—Number of Packet Too Big packets. hopcount exceeded—Number of Hop Limit Exceeded packets.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines You can use the reset tcp ipv6 statistics command to clear statistics of all IPv6 TCP packets. Examples # Display the statistics of IPv6 TCP connections.
Table 51 Command output Field Description Statistics of received packets: Received packets • • • • • • • Total—Total number of received packets. • • • • duplicate packets—Number of duplicate packets. packets in sequence—Number of packets received in sequence. window probe packets—Number of window probe packets. window update packets—Number of window size update packets. checksum error—Number of packets with checksum errors. offset error—Number of packets with offset errors.
Field Description initiated dropped Number of initiated but dropped connections (before SYN is received from the peer). Packets dropped with MD5 authentication Number of packets that fail the MD5 authentication and are dropped. Packets permitted with MD5 authentication Number of packets that pass the MD5 authentication.
Field Description IPv6 TCP connection status: State • • • • • • • • • • • Closed. Listening. Syn_Sent. Syn_Rcvd. Established. Close_Wait. Fin_Wait1. Closing. Last_Ack. Fin_Wait2. Time_Wait. display udp ipv6 statistics Use display udp ipv6 statistics to display the statistics of IPv6 UDP packets.
not delivered, input socket full: 0 input packets missing pcb cache: 0 Sent packets: Total: 0 Table 53 Command output Field Description Total Total number of received/sent packets. checksum error Total number of packets with a checksum error. shorter than header Total number of IPv6 UDP packets whose total length is less than that specified by the packet header. data length larger than packet Total number of packets whose data length exceeds that specified by the packet header.
ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove the IPv6 address from the interface. Syntax ipv6 address { ipv6-address prefix-length | prefix/prefix-length } undo ipv6 address [ ipv6-address prefix-length | prefix/prefix-length ] Default No global unicast address is configured for an interface. Views Interface view Default command level 2: System level Parameters ipv6-address: IPv6 address.
Default No IPv6 anycast address is configured for an interface. Views Interface view Default command level 2: System level Parameters ipv6-address/prefix-length: Specifies an IPv6 anycast address and its prefix length. The value range for the prefix length argument is 1 to 128. Examples # Set the IPv6 anycast address of GigabitEthernet 3/1/1 to 2001::1 with prefix length 64.
generated address. If you first use manual assignment and then automatic generation, the automatically generated link-local address does not take effect and the link-local address of an interface is still the manually assigned address. If you delete the manually assigned address, the automatically generated link-local address is validated. For more information about manually assignment of an IPv6 link-local address, see the ipv6 address link-local command.
Use undo ipv6 address link-local to remove the configured link-local address for the interface. Syntax ipv6 address ipv6-address link-local undo ipv6 address ipv6-address link-local Views Interface view Default command level 2: System level Parameters ipv6-address: IPv6 link-local address. The first 10 bits of an address must be 1111111010 (binary). The first group of hexadecimals in the address must be FE80 to FEBF. Usage guidelines Manual assignment takes precedence over automatic generation.
Usage guidelines After you disable sending ICMPv6 Time Exceeded packets, the device still sends Fragment Reassembly Time Exceeded packets. Examples # Disable sending ICMPv6 Time Exceeded packets. system-view [Sysname] undo ipv6 hoplimit-expires ipv6 icmp-error Use ipv6 icmp-error to configure the size and update period of the token bucket. Use undo ipv6 icmp-error to restore the defaults.
Views System view Default command level 2: System level Examples # Enable replying to multicast echo requests. system-view [Sysname] ipv6 icmpv6 multicast-echo-reply enable ipv6 mtu Use ipv6 mtu to set the MTU of IPv6 packets sent over an interface. Use undo ipv6 mtu to restore the default MTU. Syntax ipv6 mtu mtu-size undo ipv6 mtu Views Interface view Default command level 2: System level Parameters mtu-size: Size of the maximum transmission units (MTUs) of an interface in bytes.
Views Interface view Default command level 2: System level Examples # Configure the host to acquire an IPv6 address through stateful autoconfiguration.
Views Interface view Default command level 2: System level Parameters value: Number of attempts to send an NS message for DAD, in the range of 0 to 600. The default value is 1. To disable DAD, set the value to 0. Examples # Set the number of attempts to send an NS message for DAD to 20.
ipv6 nd ns retrans-timer Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. The local interface retransmits an NS message at intervals of this value. Furthermore, the Retrans Timer field in RA messages sent by the local interface is equal to this value. Use undo ipv6 nd ns retrans-timer to restore the default.
Views Interface view Default command level 2: System level Parameters value: Neighbor reachable time in milliseconds, in the range of 1 to 3,600,000. Examples # Set the neighbor reachable time on GigabitEthernet 3/1/1 to 10000 milliseconds. system-view [Sysname] interface GigabitEthernet 3/1/1 [Sysname-GigabitEthernet3/1/1] ipv6 nd nud reachable-time 10000 Related commands display ipv6 interface ipv6 nd ra halt Use ipv6 nd ra halt to enable RA message suppression.
Syntax ipv6 nd ra interval max-interval-value min-interval-value undo ipv6 nd ra interval Default The maximum interval between RA messages is 600 seconds, and the minimum interval is 200 seconds. Views Interface view Default command level 2: System level Parameters max-interval-value: Maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Minimum interval for advertising RA messages in seconds, in the range of 3 to 1350.
system-view [Sysname] interface GigabitEthernet 3/1/1 [Sysname-GigabitEthernet3/1/1] ipv6 nd ra no-advlinkmtu ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages.
Syntax ipv6 nd ra router-lifetime value undo ipv6 nd ra router-lifetime Default The router lifetime in RA messages is 1800 seconds. Views Interface view Default command level 2: System level Parameters value: Router lifetime in seconds, in the range of 0 to 9000. When it is set to 0, the device does not serve as the default router. Usage guidelines The router lifetime in RA messages should be greater than or equal to the advertising interval.
port-type port-number: Type and number of a Layer 2 port of the static neighbor entry. The port-type port-number option is supported by HSR6802/HSR6804/HSR6808 configured with SAP modules that operate in bridge mode. interface interface-type interface-number: Type and number of a Layer 3 interface of the static neighbor entry. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the static neighbor entry belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
Examples # Set the aging timer for ND entries in stale state to 2 hours. system-view [Sysname] ipv6 neighbor stale-aging 2 ipv6 neighbors max-learning-num Use ipv6 neighbors max-learning-num to configure the maximum number of neighbors that can be dynamically learned on the interface. Use undo ipv6 neighbors max-learning-num to restore the default.
Views System view Default command level 2: System level Examples # Enable the device to discard IPv6 packets that contain extension headers. system-view [Sysname] ipv6 option drop enable ipv6 pathmtu Use ipv6 pathmtu to configure a static path MTU for a specific IPv6 address. Use undo ipv6 pathmtu to remove the path MTU configuration for the specified IPv6 address.
undo ipv6 pathmtu age Default The aging time is 10 minutes. Views System view Default command level 2: System level Parameters age-time: Aging time for path MTU in minutes, in the range of 10 to 100. Usage guidelines The aging time is invalid for a static path MTU. Examples # Set the aging time for a dynamic path MTU to 40 minutes.
Use undo ipv6 unreachables to disable sending ICMPv6 destination unreachable packets. Syntax ipv6 unreachables enable undo ipv6 unreachables Default Sending of ICMPv6 destination unreachable packets is disabled. Views System view Default command level 2: System level Examples # Enable sending ICMPv6 destination unreachable packets. system-view [Sysname] ipv6 unreachables enable local-proxy-nd enable Use local-proxy-nd enable to enable local ND proxy.
reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number | static } In IRF mode: reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | chassis chassis-number slot slot-number | static } Views User view Default command level 2: System level Parameters all: Clears static and dynamic neighbor information on all interfaces. dynamic: Clears dynamic neighbor information on all interfaces.
Parameters all: Clears all path MTUs. static: Clears all static path MTUs. dynamic: Clears all dynamic path MTUs. Examples # Clear all path MTUs. reset ipv6 pathmtu all reset ipv6 statistics Use reset ipv6 statistics to clear the statistics of IPv6 packets and ICMPv6 packets.
Default command level 1: Monitor level Usage guidelines You can use the display tcp ipv6 statistics command to display the statistics of IPv6 TCP connections. Examples # Clear the statistics of all IPv6 TCP connections. reset tcp ipv6 statistics reset udp ipv6 statistics Use reset udp ipv6 statistics to clear the statistics of all IPv6 UDP packets.
Examples # Set the finwait timer of IPv6 TCP connections to 800 seconds. system-view [Sysname] tcp ipv6 timer fin-timeout 800 tcp ipv6 timer syn-timeout Use tcp ipv6 timer syn-timeout to set the synwait timer for IPv6 TCP connections. Use undo tcp ipv6 timer syn-timeout to restore the default. Syntax tcp ipv6 timer syn-timeout wait-time undo tcp ipv6 timer syn-timeout Default The synwait timer of IPv6 TCP connections is 75 seconds.
Parameters size: Size of the IPv6 TCP send/receive buffer in KB, in the range of 1 to 32. Examples # Set the size of the IPv6 TCP send/receive buffer to 4 KB.
DHCPv6 configuration commands DHCPv6 common configuration commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Parameters pool-number: Displays information about the DHCPv6 address pool specified by the pool number. The value range for the pool number is 1 to 128. If you do not specify any pool number, this command displays all DHCPv6 address pool information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description valid lifetime Valid lifetime of the prefix, in seconds. Static bindings Static IPv6 address or prefix information configured in the address pool. If no static prefix is configured, this field is not displayed. DUID Client DUID. IAID Client IAID. If no IAID is configured, this field displays Not configured. Prefix IPv6 address prefix. Address Static IPv6 address. Prefix pool Prefix pool referenced by the address pool.
display ipv6 dhcp prefix-pool Prefix-pool Prefix Available In-use Static 1 64 5::/64 0 0 # Display details about prefix pool 1. display ipv6 dhcp prefix-pool 1 Prefix: 5::/64 Assigned length: 70 Total prefix number: 64 Available: 64 In-use: 0 Static: 0 Table 55 Command output Field Description Prefix-pool Prefix pool number. Prefix Prefix contained in the prefix pool. Available Number of idle prefixes. In-use Number of assigned prefixes.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display DHCPv6 server information for all interfaces. display ipv6 dhcp server DHCPv6 server status: Enabled Interface Pool GigabitEthernet3/1/1 1 GigabitEthernet3/1/2 2 # Display DHCPv6 server information for the specified interface.
all: Displays all IPv6 address conflict information. pool pool-number: Displays IPv6 address conflict information for the DHCPv6 address pool specified by the pool number. The value range is 1 to 128. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
pool pool-number: Displays information about expired IPv6 addresses in the address pool specified by the pool number. The value range is 1 to 128. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
pool pool-number: Displays IPv6 address binding information for the address pool specified by the pool number. The value range is 1 to 128. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description Type of an IPv6 address binding: • Static(F)—Free static binding, indicating the static address has not been assigned to the client. • Static(O)—Offered static binding. If the server replies with an Advertise message to the client during the four-step message exchange, the server sets the type of the static binding configured for the client to Static(O). Type • Static(C)—Committed static binding, indicating the static IPv6 address has been assigned to the client in a Reply message.
pool pool-number: Displays prefix binding information for the DHCPv6 address pool specified by the pool number. The value range for the pool number is 1 to 128. prefix prefix/prefix-len: Displays binding information for the specified prefix. The prefix/prefix-len indicates the IPv6 prefix and prefix length. The value range for the prefix length is 1 to 128. prefix-pool prefix-pool-number: Displays prefix binding information for the prefix pool specified by the prefix pool number.
Expires at Jul 10 2008 09:45:01 (288 seconds left) Table 60 Command output Field Description Total number Total number of prefix bindings. Prefix Assigned IPv6 prefix. Type of a prefix binding: • Static(F)—Free static binding, indicating the static prefix has not been assigned to the client. • Static(O)—Offered static binding.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Number of messages sent out from the DHCPv6 server. The message types include: Packets sent • • • • ADVERTISE. RECONFIGURE. REPLY. RELAY-REPLY. dns-server Use dns-server to specify a DNS server for the client. Use undo dns-server to remove the specified DNS server. Syntax dns-server ipv6-address undo dns-server ipv6-address Default No DNS server address is specified.
Syntax domain-name domain-name undo domain-name Default No domain name is configured for the client. Views DHCPv6 address pool view Default command level 2: System level Parameters domain-name: Domain name, a string of 1 to 50 characters. Usage guidelines You can configure only one domain name in an address pool. If you use the domain-name command multiple times, the most recent configuration takes effect. Examples # Configure the domain name to be assigned to the client as aaa.com.
You can specify only one AFTR address for an address pool. The latest setting overrides the previous one. Examples # Specify the AFTR address as 2::1. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] ds-lite address 2::1 network Use network to specify an IPv6 subnet in a DHCPv6 address pool for dynamic address assignment. Use undo network to remove an IPv6 subnet from a DHCPv6 address pool.
system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 Related commands display ipv6 dhcp pool ipv6 dhcp pool Use ipv6 dhcp pool to create a DHCPv6 address pool and enter DHCPv6 address pool view, or enter DHCPv6 address pool view if the specified address pool already exists. Use undo ipv6 dhcp pool to remove the address pool. Syntax ipv6 dhcp pool pool-number undo ipv6 dhcp pool pool-number Default No DHCPv6 address pool is configured.
Default command level 2: System level Parameters prefix-pool-number: Prefix pool number in the range of 1 to 128. prefix prefix/prefix-len: Specifies the prefix contained in the specified prefix pool. The prefix indicates the IPv6 prefix. The prefix-len indicates the prefix length in the range of 1 to 128. assign-len assign-len: Specifies the length of the prefix assigned, in the range of 1 to 128.
preference preference-value: Specifies the server priority in Advertise messages, in the range of 0 to 255. The default value is 0. A higher value indicates a higher priority. rapid-commit: Configure the server to support rapid address and prefix assignment. If this keyword is not specified, the server does not support rapid address and prefix assignment.
Usage guidelines Other DHCPv6 server related configuration is effective only when the DHCPv6 server is enabled. Examples # Enable the DHCPv6 server. system-view [Sysname] ipv6 dhcp server enable prefix-pool Use prefix-pool to apply a prefix pool to the DHCPv6 address pool, so that the DHCPv6 server can dynamically select a prefix from the prefix pool and assign it to the client. Use undo prefix-pool to remove the configuration.
# Apply prefix pool 1 to address pool 1, and set the valid lifetime to three days, the preferred lifetime to one day. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] prefix-pool 1 preferred-lifetime 86400 valid-lifetime 259200 reset ipv6 dhcp server conflict Use reset ipv6 dhcp server conflict to clear IPv6 address conflict information.
Usage guidelines This command changes offered and committed static bindings to free static bindings. Examples # Clear all IPv6 address binding information. reset ipv6 dhcp server ip-in-use all # Clear IPv6 address binding information for address pool 1. reset ipv6 dhcp server ip-in-use pool 1 # Clear the binding information for IPv6 address 2001:0:0:1::1.
Syntax reset ipv6 dhcp server statistics Views User view Default command level 1: Monitor level Examples # Clear packet statistics on the DHCPv6 server. reset ipv6 dhcp server statistics sip-server Use sip-server to configure the IPv6 address or domain name of a SIP server for the client. Use undo sip-server to remove the configuration.
static-bind address Use static-bind address to configure a static IPv6 address binding in an address pool. Use undo static-bind address to remove a static IPv6 address binding. Syntax static-bind address ipv6-address/addr-prefix-length duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind address ipv6-address/addr-prefix-length Default No static IPv6 address binding is configured in an address pool.
static-bind prefix Use static-bind prefix to configure a static prefix. Use undo static-bind prefix to remove a static prefix. Syntax static-bind prefix prefix/prefix-len duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind prefix prefix/prefix-len Default No static prefix is configured. Views DHCPv6 address pool view Default command level 2: System level Parameters prefix/prefix-len: Static prefix and prefix length.
DHCPv6 relay agent configuration commands display ipv6 dhcp relay server-address Use display ipv6 dhcp relay server-address to display information about DHCPv6 server addresses specified on the DHCPv6 relay agent. Syntax display ipv6 dhcp relay server-address { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays all DHCPv6 server address information.
Table 62 Command output Field Description Interface Interface that serves as the DHCPv6 relay agent. Server address(es) DHCPv6 server addresses specified on the interface. Output Interface Output interface of DHCPv6 packets. display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display packet statistics on the DHCPv6 relay agent.
RECONFIGURE : 0 REPLY : 7 RELAY-FORWARD : 7 RELAY-REPLY : 0 Table 63 Command output Field Description Packets dropped Number of discarded packets. Error Number of discarded error packets. Excess of rate limit Number of packets discarded due to excess of rate limit. Packets received Number of received packets. SOLICIT Number of received solicit packets. REQUEST Number of received request packets. CONFIRM Number of received confirm packets. RENEW Number of received renew packets.
Default DHCPv6 relay agent is disabled and no DHCPv6 server is specified on the interface. Views Interface view Default command level 2: System level Parameters ipv6-address: IPv6 address of the DHCPv6 server. interface interface-type interface-number: Specifies an output interface for DHCPv6 packets.
Usage guidelines After this command is executed, the packets statistics are displayed as 0 for the output from the display ipv6 dhcp relay statistics command. Examples # Clear packet statistics on the DHCPv6 relay agent.
IPv6 DNS configuration commands display dns ipv6 server Use display dns ipv6 server to display IPv6 DNS server information. Syntax display dns ipv6 server [ dynamic ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters dynamic: Displays IPv6 DNS server information acquired dynamically through DHCP or other protocols. |: Filters command output by specifying a regular expression.
display ipv6 host Use display ipv6 host to display the mappings between host names and IPv6 addresses in the static domain name resolution table. Syntax display ipv6 host [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Syntax dns server ipv6 ipv6-address [ interface-type interface-number ] undo dns server ipv6 ipv6-address [ interface-type interface-number ] Default No DNS server is configured. Views System view Default command level 2: System level Parameters ipv6-address: IPv6 address of a DNS server. interface-type interface-number: Specifies an interface. When the IPv6 address of the DNS server is a link-local address, the two arguments must be specified.
Usage guidelines Each host name can correspond to only one IPv6 address. The IPv6 address you last assign to the host name overwrites the previous one if there is any. Examples # Configure the mapping between a host name and an IPv6 address.
NAT-PT configuration commands display natpt address-group Use display natpt address-group to display NAT-PT address pool configuration information. Syntax display natpt address-group [ | { begin | exclude | include } regular-expression ] Views Any view Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Views Any view Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays the lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
display natpt all Use display natpt all to display all NAT-PT configuration information. Syntax display natpt all [ | { begin | exclude | include } regular-expression ] Views Any view Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Total Sessions: 0 Expired Sessions: 0 Hits: 0 Misses: 0 Total Address Mappings: 0 (static: 0 dynamic: 0 ) Total V6Server Mappings: 0 Enabled Interfaces: GigabitEthernet3/1/0 For the explanations to the information displayed above, see the descriptions of related commands. display natpt statistics Use display natpt statistics to display NAT-PT statistics.
display natpt statistics NATPT Statistics: Total Sessions: 0 Expired Sessions: 0 Hits: 0 Misses: 0 Total Address Mapping: 1 (static: 1 Total V6Server Mappings: 2 dynamic: 0 ) Enabled Interfaces: GigabitEthernet3/1/0 Table 68 Command output Field Description Total Sessions Total number of sessions. Expired Sessions Number of expired sessions. Hits Number of times that a packet matches a NAT-PT session. Misses Number of times that a packet matches no NAT-PT sessions.
Usage guidelines If start-ipv4-address is the same as end-ipv4-address, only one address is available in the address pool. The execution of the undo natpt address-group command might affect some dynamic NAT-PT mappings. A NAT-PT address pool and an IPv4 NAT address pool do not share any address. When there is only one address in the NAT-PT address pool, the address applies to only NAPT-PT. When there is more than one address in the NAT-PT address pool, the end IPv4 address is reserved for NAPT-PT.
natpt prefix Use natpt prefix to configure a NAT-PT prefix. Use undo natpt prefix to remove the configured NAT-PT prefix. Syntax natpt prefix natpt-prefix [ interface interface-type interface-number [ nexthop ipv4-address ] ] undo natpt prefix natpt-prefix Views System view Default Level 2: System level Parameters natpt-prefix: Specifies the prefix of an IPv6 address, 96 bits in length. interface interface-type interface-number: Specifies an interface by its type and number.
Views System view Default Level 2: System level Examples # Set the ToS field in an IPv4 packet translated from an IPv6 packet to 0. system-view [Sysname] natpt turn-off tos natpt turn-off traffic-class Use natpt turn-off traffic-class to set the Traffic Class field in an IPv6 packet translated from an IPv4 packet to 0. Use undo natpt turn-off traffic-class to restore the default.
Default Level 2: System level Parameters acl number acl-number: Specifies the IPv4 ACL number in the range of 2000 to 2999. prefix natpt-prefix: Specifies the NAT-PT prefix, which is 96 bits in length. Usage guidelines For a packet from an IPv4 host to an IPv6 host, if the source IPv4 address matches the specified ACL, the NAT-PT prefix is added to translate the source IPv4 address into an IPv6 address.
[Sysname] natpt v4bound static 2.3.4.9 2001::1 Related commands display natpt address-mapping natpt v4bound static v6server Use natpt v4bound static v6server to configure a static NAPT-PT mapping for an IPv6 server. Use undo natpt v4bound static v6server to remove a static NAPT-PT mapping for an IPv6 server.
Syntax natpt v6bound dynamic { acl6 number acl6-number | prefix natpt-prefix } { address-group address-group [ no-pat ] | interface interface-type interface-number } undo natpt v6bound dynamic { acl6 number acl6-number | prefix natpt-prefix } Views System view Default Level 2: System level Parameters acl6 number acl6-number: Specifies the IPv6 ACL number in the range of 2000 to 3999.
Default Level 2: System level Parameters ipv6-address: Specifies the IPv6 address to be mapped. ipv4-address: Specifies the IPv4 address to which an IPv6 address is mapped. Examples # Configure the static mapping between the IPv6 address 2001::1 and the IPv4 address 2.3.4.5 on the IPv6 side. system-view [Sysname] natpt v6bound static 2001::1 2.3.4.5 Related commands display natpt address-mapping reset natpt statistics Use reset natpt statistics to clear all NAT-PT statistics.
AFT configuration commands display aft address-group Use display aft address-group to display AFT address pool configuration information. Syntax display aft address-group [ | { begin | exclude | include } regular-expression ] Views Any view Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Views Any view Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays the lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays the lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display all AFT information. display aft all IPv4 Address Pool Information: 1 : from 1.1.1.1 to 1.1.1.4 2 : from 2.2.2.2 to 2.
Table 71 Command output Field Description IPv4 Address Pool Information AFT IPv4 address pool information. 1: Address pool number. from 1.1.1.1 Start IP address in an address pool. to 1.1.1.4 End IP address in an address pool. Address Mappings (V6toV4) IPv6-to-IPv4 address mapping information. IPv4 Address IPv4 address. IPv6 Address IPv6 address. V4toV6 Information 4to6 AFT policy, including the ACL number, DNS64 prefix and its length, and IVI prefix.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display AFT statistics. display aft statistics Statistics: Total Sessions: 0 Expired Sessions: 0 Hits: 0 Misses: 0 Total Address Mappings: 0 Enabled Interfaces: GigabitEthernet3/0/1 Table 72 Command output Field Description Total Sessions Total number of AFT sessions.
start-ipv4-address: Specifies the start IPv4 address in a pool. end-ipv4-address: Specifies the end IPv4 address in a pool. Usage guidelines You cannot delete an address pool that is referenced by a v6tov4 policy. To delete such an address pool, delete the policy first. If start-ipv4-address equals end-ipv4-address, only one address is available in the address pool. Examples # Create an AFT IPv4 address pool which contains addresses from 10.168.11.200 to 10.168.11.210.
aft prefix-dns64 Use aft prefix-dns64 to specify a DNS64 prefix. Use undo aft prefix-dns64 to delete a specific DNS64 prefix. Syntax aft prefix-dns64 dns64-prefix prefix-length undo aft prefix-dns64 dns64-prefix prefix-length Default No DNS64 prefix is specified. Views System view Default Level 2: System level Parameters dns64-prefix: Specifies the DNS64 prefix. prefix-length: Specifies the prefix length, which can be 32, 40, 48, 56, 64, or 96 bits.
Default No IVI prefix is specified. Views System view Default Level 2: System level Parameters ivi-prefix: Specifies the IVI prefix of an IPv6 address. Usage guidelines The length of an IVI prefix is 32 bits. If an IPv6 address matches the specified IVI prefix format, AFT extracts the IPv4 address embedded in the IPv6 address to translate the IPv6 address into an IPv4 address. The DNS64 prefix cannot be the same as the IVI prefix.
Examples # Configure a static mapping between 192.168.1.22 and 1::1. system-view [Sysname] aft static 192.168.1.22 1::1 Related commands display aft all aft v4tov6 Use aft v4tov6 to configure a 4to6 AFT policy. Use undo aft v4tov6 to delete a specific AFT policy.
[Sysname] aft v4tov6 acl number 3000 prefix-ivi 3000:: Related commands display aft all aft v6tov4 Use aft v6tov4 to configure an AFT policy to translate the source addresses of IPv6 packets destined to IPv4 networks. Use undo aft v6tov4 to delete a specific AFT policy.
Related commands display aft all reset aft statistics Use reset aft statistics to clear all AFT statistics. Syntax reset aft statistics Views User view Default Level 1: Monitor level Examples # Clear all AFT statistics.
Tunneling configuration commands bandwidth Use bandwidth to set the expected bandwidth for the tunnel interface. Use undo bandwidth to remove the setting. Syntax bandwidth bandwidth-value undo bandwidth Views Tunnel interface view Default command level 2: System level Parameters bandwidth-value: Specifies the expected bandwidth in the range of 1 to 4294967295 kbps.
Default command level 2: System level Parameters text: Specifies a description for the interface, a string of 1 to 240 characters. Examples # Configure the description for the interface Tunnel 1 as tunnel1. system-view [Sysname] interface tunnel 1 [Sysname-Tunnel1] description tunnel1 Related commands display interface tunnel destination Use destination to specify the destination address for a tunnel interface. Use undo destination to remove the configured tunnel destination address.
[Sysname1-Tunnel0] source 193.101.1.1 [Sysname1-Tunnel0] destination 192.100.1.1 # Configure the source address 192.100.1.1 and destination address 193.101.1.1 for the tunnel interface of Sysname 2. system-view [Sysname2] interface tunnel 1 [Sysname2-Tunnel1] source 192.100.1.1 [Sysname2-Tunnel1] destination 193.101.1.
Usage guidelines If you do not specify the tunnel keyword, this command displays information about all interfaces on the device. If you specify the tunnel keyword without the number argument, this command displays information about all existing tunnel interfaces. Examples # Display detailed information about interface Tunnel 0. Tunnel0 current state: UP Line protocol current state: UP Description: Tunnel0 Interface The Maximum Transmit Unit is 1476 Internet Address is 1.1.1.
Field Description IP address of the tunnel interface. Internet Address If no IP address is assigned to the interface, this field displays Internet protocol processing : disabled, which means that the tunnel interface cannot process packets. Primary indicates it is the primary IP address of the interface. Sub indicates it is a secondary IP address of the interface. Encapsulation is TUNNEL The encapsulation protocol is tunnel. ID of the service loopback group referenced by the tunnel.
Field Description Last 300 seconds output: 0 bytes/sec, 0 packets/sec Average output rate in the last 300 seconds in bytes/sec or packets/sec. packets input Total number of input packets. input error Number of input error packets. packets output Total number of output packets. output error Number of output error packets. # Display brief information about interface Tunnel 0.
Field Description Cause Cause of a DOWN physical link. If the port has been shut down with the shutdown command, this field displays Administratively. To bring up the port, use the undo shutdown command. Related commands • interface tunnel • source • destination • tunnel-protocol display ipv6 interface tunnel Use display ipv6 interface tunnel to display IPv6 information about tunnel interfaces.
3000::1, subnet is 3000::/64 Joined group address(es): FF02::1:FF02:201 FF02::1:FF00:1 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 45 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InD
Field Description Link layer state of the tunnel interface: Line protocol current state • DOWN—The protocol state of the interface is down. • UP—The protocol state of the interface is up. IPv6 is enabled IPv6 packet forwarding state of the tunnel interface. IPv6 packet forwarding is automatically enabled after an IPv6 address is assigned to the interface. IPv6 packet forwarding is enabled in the example. link-local address Link-local address configured for the tunnel interface.
Field Description OutFragCreates Number of packet fragments after fragmentation on the outbound interface. InMcastPkts IPv6 multicast packets received on the interface. InMcastNotMembers Incoming IPv6 multicast packets that were discarded because the interface did not belong to the corresponding multicast groups. OutMcastPkts IPv6 multicast packets sent by the interface. InAddrErrors IPv6 packets that were discarded due to invalid destination addresses.
undo interface tunnel number Default No tunnel interface is created on the device. Views System view Default command level 2: System level Parameters number: Specifies the number of the tunnel interface. The value range depends on the device model. The number of tunnel interfaces that can be created is restricted by the total number of interfaces and the memory. Usage guidelines Use the interface tunnel command to enter the interface view of a specific tunnel.
Default command level 2: System level Parameters mtu-size: Specifies the MTU for IPv6 packets on the interface, in the range of 1280 to 1500 bytes. Examples # Set the MTU for IPv6 packets on the interface GigabitEthernet 3/1/1 to 1280 bytes. system-view [Sysname] interface GigabitEthernet 3/1/1 [Sysname-GigabitEthernet3/1/1] ipv6 mtu 1280 mtu Use mtu to set the MTU for IPv4 packets on a tunnel interface. Use undo mtu to restore the default.
Default command level 2: System level Parameters number: Specifies the tunnel interface number. Usage guidelines If you want to observe new traffic statistics on a tunnel interface, you can use this command to clear old statistics: • If you do not specify any parameters, this command clears the statistics for all interfaces. • If you specify only the tunnel keyword, this command clears the statistics for all tunnel interfaces.
Usage guidelines If no service card is specified for forwarding the traffic on the current interface, a GRE, IPv4 over IPv4, or IPv4 over IPv6 tunnel automatically selects a service card.
[Sysname-Tunnel1] shutdown source Use source to specify the source address or source interface for the tunnel interface. Use undo source to restore the default. Syntax source { ip-address | ipv6-address | interface-type interface-number } undo source Default No source address or source interface is specified for the tunnel interface. Views Tunnel interface view Default command level 2: System level Parameters ip-address: Specifies the tunnel source IPv4 address.
tunnel bandwidth Use tunnel bandwidth to set the bandwidth of a tunnel interface. Use undo tunnel bandwidth to restore the default. Syntax tunnel bandwidth bandwidth-value undo tunnel bandwidth Default The bandwidth of the tunnel interface is 64 kbps. Views Tunnel interface view Default command level 2: System level Parameters bandwidth-value: Specifies the bandwidth value of the tunnel interface in kbps, in the range of 1 to 10000000.
Default command level 2: System level Usage guidelines The tunnel discard ipv4-compatible-packet command enables the device to check the source and destination IPv6 addresses of the de-encapsulated IPv6 packets from the tunnel and discard packets that use a source or destination IPv4-compatible IPv6 address. Examples # Enable dropping of IPv6 packets using IPv4-compatible IPv6 addresses.
ipv6-ipv6: Specifies the IPv6 over IPv6 tunnel mode. mpls te: Specifies the MPLS TE tunnel mode. Usage guidelines You can select a tunnel mode according to the actual network topology and application. The two ends of a tunnel must have the same tunnel mode specified. Otherwise, traffic transmission might fail. Only one automatic tunnel can be created at the start point of a tunnel. For more information about DVPN tunnel mode and GRE tunnel mode, see Layer 3—IP Services Configuration Guide.
GRE configuration commands display gre p2mp tunnel-table interface tunnel Use display gre p2mp tunnel-table interface tunnel to display the tunnel entry information for a point to multipoint (P2MP) GRE tunnel interface. Syntax display gre p2mp tunnel-table interface tunnel number [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters number: Specifies the tunnel interface number.
gre checksum Use gre checksum to enable the GRE packet checksum function. This function verifies the validity of packets and discards invalid packets. Use undo gre checksum to disable the GRE packet checksum function. Syntax gre checksum undo gre checksum Default The GRE packet checksum function is disabled. Views Tunnel interface view Default command level 2: System level Examples # Enable the GRE packet checksum function for the tunnel between Sysname1 and Sysname2.
Default command level 2: System level Parameters key-number: Specifies the key for the GRE tunnel interface, in the range of 0 to 4294967295. Usage guidelines For a P2P GRE tunnel, both ends of the tunnel must be configured with the same GRE key. Otherwise, packets cannot pass the GRE key verification and will be discarded. This weak security mechanism can prevent packets from being received mistakenly. For a P2MP GRE tunnel, the GRE key identifies the priority of a tunnel entry.
Usage guidelines This command is available only for tunnel interfaces operating in P2MP GRE tunnel mode. If a device at the headquarters does not receive any packet from a branch before the aging time expires, it removes the corresponding tunnel entry. Too short a tunnel entry aging time might make tunnel entries age out too quickly, resulting in forwarding failures of packets to the branch.
gre p2mp branch-network-mask Use gre p2mp branch-network-mask to configure the mask or mask length of the private network addresses of a branch in tunnel entries. Use undo gre p2mp branch-network-mask to restore the default. Syntax gre p2mp branch-network-mask { mask | mask-length } undo gre p2mp branch-network-mask Default The mask of the private network addresses of a branch is 255.255.255.255, and the mask length is 32.
gre recursion Use gre recursion to specify a value for the Recursion Control field in the GRE header. Use undo gre recursion to restore the default. Syntax gre recursion recursion-value undo gre recursion Default The value of the Recursion Control field in the GRE header is 0, which means not to limit the number of encapsulations.
Views Tunnel interface view Default command level 2: System level Parameters interval: Specifies the keepalive interval in the range of 1 to 32767 seconds. The default value is 10. times: Specifies the keepalive number in the range of 1 to 255. The default value is 3. Usage guidelines This command enables the tunnel interface to send keepalive packets at the specified interval.
Examples # Clear all tunnel entries on all P2MP GRE tunnel interfaces. reset gre p2mp tunnel-table Warning: All tunnel table will be deleted. Continue? [Y/N]: # Clear all tunnel entries on the P2MP GRE tunnel interface Tunnel 0. reset gre p2mp tunnel-table interface tunnel 0 Warning: All tunnel table will be deleted. Continue? [Y/N]: # Clear the tunnel entry whose private IP address is 10.0.0.1 and the tunnel destination address is 20.0.0.1 on the P2MP GRE tunnel interface Tunnel 0.
DVPN configuration commands VAM server configuration commands authentication-algorithm Use authentication-algorithm to specify the algorithms for protocol packet authentication and their priorities. Use undo authentication-algorithm to restore the default. Syntax authentication-algorithm { none | { md5 | sha-1 } * } undo authentication-algorithm Default SHA-1 is used for protocol packet authentication.
authentication-method Use authentication-method to specify the authentication mode that the VAM server uses to authenticate clients. Use undo authentication-method to restore the default. Syntax authentication-method { none | { chap | pap } [ domain name-string ] } undo authentication-method Default A VAM server performs CHAP authentication of clients, using the default domain that you configure.
Default command level 1: Monitor level Parameters all: Displays the address mapping information of all VAM clients registered on the VAM server. vpn vpn-name: Displays the address mapping information of all registered VAM clients in a VPN domain. The vpn-name argument indicates the VPN domain name and is a case-insensitive string of 1 to 15 characters. private-ip private-ip: Displays the address mapping information of the VAM client with the specified private IP address.
Field Description Total address-map number Total number of address mappings. Private-ip Private address that the VAM client registers with the VAM server. Public-ip Public address that the VAM client registers with the VAM server. Type Type of the VAM client, hub or spoke. Holding time Time that elapses after the VAM client successfully registers with the server, in the format xxH xxM xxS (xx hours xx minutes xx seconds).
Succeeded resolution times: Failed resolution times: VPN name: Service: 10 1 9 enable Holding time: 0h 33m 53s Registered spoke number: 23 Registered hub number: 1 Address resolution times: 150 Succeeded resolution times: Failed resolution times: 148 2 # Display statistics about VAM clients in VPN domain 1.
undo encryption-algorithm Default Four encryption algorithms are available and preferred in this order: AES-128, AES-256, 3DES, DES. Views VPN domain view Default command level 2: System level Parameters 3des: Uses the 3DES encryption algorithm. aes-128: Uses the AES encryption algorithm, with a key length of 128 bits. aes-256: Uses the AES encryption algorithm, with a key length of 256 bits. des: Uses the DES encryption algorithm. none: Performs no encryption.
Default command level 2: System level Parameters private-ip-address: Specifies the private IP address of the hub. public-ip public-ip-address: Specifies the public IP address of the hub. Usage guidelines The public IP address is optional. The VAM server can get the public address of a hub when the hub registers. Up to two hubs can be configured on a VAM server. Examples # Configure a hub for VPN domain 1, setting the public and private IP addresses as 123.0.0.1 and 10.1.1.1, respectively.
Examples # Set the client keepalive interval to 30 seconds. system-view [Sysname] vam server vpn 1 [Sysname-vam-server-vpn-1] keepalive interval 30 Related commands • keepalive retry • vam server vpn keepalive retry Use keepalive retry to set the maximum number of attempts for a VAM client to send a keepalive packet to the VAM server. If the maximum number of attempts is reached but the client receives no response, the connection is considered broken.
pre-shared-key (VPN domain view) Use pre-shared-key to configure the pre-shared key of the VAM server, which is used to generate the keys for encryption and integrity validation of the VAM protocol packets. Use undo pre-shared-key to remove the configuration. Syntax pre-shared-key { cipher | simple } key-string undo pre-shared-key Default No pre-shared key is configured. Views VPN domain view Default command level 2: System level Parameters cipher: Sets a ciphertext pre-shared key.
undo server enable Default The VAM server feature is disabled. Views VPN domain view Default command level 2: System level Examples # Enable the VAM server feature for VPN domain 1. system-view [Sysname] vam server vpn 1 [Sysname-vam-server-vpn-1] server enable Related commands • display vam server statistic • vam server enable • vam server vpn vam server enable Use vam server enable to enable the VAM server feature for all VPN domains or a specific VPN domain.
[Sysname] vam server enable all Related commands • display vam server statistic • server enable • vam server vpn vam server ip-address Use vam server ip-address to configure the listening IP address and UDP port number for a VAM server. Use undo vam server ip-address to remove the configuration. Syntax vam server ip-address ip-address [ port port-number ] undo vam server ip-address Default A VAM server has neither listening IP address nor UDP port number configured.
Syntax vam server vpn vpn-name undo vam server vpn vpn-name Default There is no VPN domain. Views System view Default command level 2: System level Parameters vpn-name: VPN domain name, a case-insensitive string of 1 to 15 characters. Valid characters are A to Z, a to z, 0 to 9, and the dot sign (.). Examples # Create VPN domain 1 and enter its view.
Related commands • vam client enable • vam client name display vam client Use display vam client to display registration information about VAM clients, which is received from the server. Syntax display vam client { address-map | fsm } [ client-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters address-map: Specifies the address mapping information between public and private network addresses of VAM clients.
Username: user1 Primary server: 28.1.1.23 Current state: ONLINE Holding time: 9h 20m 30s Encryption-algorithm: AES-128 Authentication-algorithm: SHA1 Secondary server: 28.1.1.33 Current state: OFFLINE Holding time: 1h 24m 1s Encryption-algorithm: AES-128 Authentication-algorithm: SHA1 Table 80 Command output Field Description Client name Name of the VAM client. VPN name Name of the VPN domain where the VAM client resides. Interface DVPN tunnel interface of the VAM client.
Field Description Private-ip Private IP address. Public-ip Public IP address corresponding to the private IP address. Type VAM client type, spoke or hub. Remaining-time(s) Remaining time before the mapping entry ages out. pre-shared-key (VAM client view) Use pre-shared-key to configure the pre-shared key of a VAM client, which is used to generate the keys for encryption and integrity validation of the VAM protocol packets. Use undo pre-shared-key to remove the configuration.
resend interval Use resend interval to set the interval for the VAM client to resend VAM protocol packets. Use undo resend interval to restore the default. Syntax resend interval time-interval undo resend interval Default The protocol packet retransmission interval is 5 seconds. Views VAM client view Default command level 2: System level Parameters time-interval: Protocol packet retransmission interval in the range of 3 to 30 seconds.
Default command level 2: System level Parameters ip-address: Public IP address of the primary VAM server. port-number: Port number of the primary VAM server, in the range of 1025 to 65535. The default is 18000. Usage guidelines If you execute the command repeatedly, the last configuration takes effect. Examples # Specify the primary VAM server for the client, setting the public IP address and port number to 1.1.1.1 and 2000 respectively.
Examples # Specify the secondary VAM server for the client, setting the public IP address and port number to 1.1.1.2 and 3000 respectively. system-view [Sysname] vam client name abc [Sysname-vam-client-name-abc] server secondary ip-address 1.1.1.2 port 3000 Related commands • display vam client • server primary • vam client name user Use user to create a local user by configuring a username and a password for a VAM client. Use undo user to remove the configuration.
[Sysname] vam client name abc [Sysname-vam-client-name-abc] user user password simple user Related commands • display vam client • vam client name vam client enable Use vam client enable to enable the VAM client feature for all VAM clients or a specific VAM client. Use undo vam client enable to disable the VAM client feature for all VAM clients or a specific VAM client.
Default No VAM client exists. Views System view Default command level 2: System level Parameters client-name: Name for the VAM client, a case-insensitive string of 1 to 31 characters. Valid characters are A to Z, a to z, 0 to 9 and the dot sign (.). Usage guidelines A VAM client applied to an interface cannot be removed directly. Examples # Create a VAM client named abc.
[Sysname] vam client name abc [Sysname-vam-client-name-abc] vpn 100 Related commands • display vam client • vam client name DVPN tunnel configuration commands display dvpn session Use display dvpn session to display information about DVPN sessions.
58 multicasts, Output: 279 packets, 0 errors 103 data packets, 93 multicasts, 0 errors Private IP: 10.0.0.22 Public IP: 28.1.1.22 Session type: State: 176 control packets Hub-Spoke SUCCESS Holding time: 0h 44m 9s Input: 279 packets, 100 data packets, 91 multicasts, Output: 273 packets, 0 errors 99 data packets, 91 multicasts, 179 control packets 174 control packets 0 errors Table 82 Command output Field Description Interface DVPN tunnel interface. VPN name Name of a VPN domain.
Default The quiet period is 120 seconds. Views Tunnel interface view Default command level 2: System level Parameters time-interval: Quiet period of a DVPN tunnel, in the range of 10 to 600 seconds. Usage guidelines During the quiet period, the DVPN tunnel is in the sleep state and no tunnel connection exists. Examples # Set the quiet period of the DVPN tunnel to 100 seconds.
Examples # Set the idle timeout for a spoke-spoke DVPN tunnel to 800 seconds. system-view [Sysname] interface tunnel 0 [Sysname-tunnel0] dvpn session idle-time 800 Related commands • interface tunnel • tunnel-protocol keepalive Use keepalive to set the DVPN keepalive interval and the maximum number of attempts for transmitting a keepalive packet. Use undo keepalive to restore the default.
reset dvpn session Use reset dvpn session to delete the specified DVPN sessions on the local client. Syntax reset dvpn session { all | interface interface-type interface-number [ private-ip ip-address ] } Views User view Default command level 2: System level Parameters all: Specifies all DVPN sessions of the VAM client. interface interface-type interface-number: Specifies the DVPN sessions on an interface. The interface-type argument can only be tunnel.
Usage guidelines If you use the tunnel vpn-instance command to specify the VPN to which the tunnel destination address belongs, the device searches the routing table of the specified VPN instance to forward tunneled packets. You can use the ip binding vpn-instance command on the tunnel's source interface to specify the VPN to which the tunnel source address belongs. The tunnel source address and the tunnel destination address must belong to the same VPN or both belong to the public network.
Examples # Bind VAM client abc to DVPN tunnel interface Tunnel 0.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEFGHIKLMNOPRSTUVW dhcp relay information remote-id format-type,65 A dhcp relay information remote-id string,66 address,115 dhcp relay information strategy,67 aft address-group,273 dhcp relay release ip,68 aft enable,274 dhcp relay security refresh enable,69 aft prefix-dns64,275 dhcp relay security static,68 aft prefix-ivi,275 dhcp relay security tracker,70 aft static,276 dhcp relay server-detect,70 aft v4tov6,277 dhcp relay server-group,71 aft v6tov4,278 dhcp relay server-select,
display adjacent-table,150 display ip interface brief,20 display aft address-group,269 display ip socket,155 display aft address-mapping,269 display ip statistics,159 display aft all,270 display ip virtual-reassembly,160 display aft statistics,272 display ipv6 adjacent-table,152 display arp,3 display ipv6 dhcp duid,224 display arp ip-address,5 display ipv6 dhcp pool,224 display arp multiple-topology,6 display ipv6 dhcp prefix-pool,226 display arp timer aging,7 display ipv6 dhcp relay server
display udp statistics,164 interface tunnel,289 display udp-helper server,174 ip address,22 display userlog export,126 ip address dhcp-alloc,84 display vam client,318 ip address unnumbered,23 display vam server address-map,307 ip forward-broadcast (interface view),165 display vam server statistic,309 ip forward-broadcast (system view),166 dns domain,109 ip host,113 dns proxy enable,110 ip icmp-extensions,166 dns resolve,110 ip load-sharing mode,145 dns server,111 ip redirects enable,167
ipv6 pathmtu,216 O ipv6 pathmtu age,216 option,51 ipv6 redirects enable,217 P ipv6 unreachables enable,217 prefix-pool,242 K pre-shared-key (VAM client view),320 keepalive,303 pre-shared-key (VPN domain view),314 keepalive,329 proxy-arp enable,14 keepalive interval,312 R keepalive retry,313 resend interval,321 L reset aft statistics,279 load-bandwidth,146 reset arp,9 local-proxy-nd enable,218 reset arp-snooping,17 M reset counters interface,291 mtu,291 reset dhcp relay statistics,
sip-server,245 tunnel vpn-instance,330 source,294 tunnel-protocol,296 static-bind address,246 U static-bind client-identifier,53 udp-helper enable,175 static-bind ip-address,54 udp-helper port,175 static-bind mac-address,55 udp-helper server,176 static-bind prefix,247 user,323 Subscription service,333 V T vam client,331 tcp ipv6 timer fin-timeout,221 vam client enable,324 tcp ipv6 timer syn-timeout,222 vam client name,324 tcp ipv6 window,222 vam server enable,315 tcp mss,170 vam ser
