HP MSR Router Series Layer 3 - IP Services Command Reference(V5) Part number: 5998-2041 Software version: CMW520-R2511 Document version: 6PW103-20140128
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ARP configuration commands ····································································································································· 1 arp check enable ······················································································································································ 1 arp max-learning-num ·············································································································································· 1 arp
domain-name ························································································································································· 35 expired ··································································································································································· 36 forbidden-ip····························································································································································
DHCP snooping configuration commands ··············································································································· 77 dhcp-snooping ······················································································································································· 77 dhcp-snooping binding database filename ········································································································ 77 dhcp-snooping binding database update inter
Fast forwarding configuration commands ············································································································· 122 display ip fast-forwarding cache ······················································································································· 122 ip fast-forwarding ················································································································································ 123 reset ip fast-forwarding cache····
reset nat session··················································································································································· 174 reset userlog nat export ······································································································································ 175 reset userlog nat logbuffer ·································································································································· 175 userlog nat expo
vam client name ·················································································································································· 214 vpn ········································································································································································ 215 DVPN tunnel configuration commands ······················································································································ 215 display dv
ipv6 address anycast ·········································································································································· 269 ipv6 address auto················································································································································ 270 ipv6 address auto link-local ······························································································································· 271 ipv6 address eui-64 ·
ipv6 dhcp prefix-pool ·········································································································································· 307 ipv6 dhcp server ·················································································································································· 308 ipv6 dhcp server enable ····································································································································· 309 prefix-pool ·····
router mobile ························································································································································ 349 tunnel mtu ····························································································································································· 349 mobile-network····················································································································································· 350
ARP configuration commands arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Default command level 2: System level Examples # Enable dynamic ARP entry check.
Parameters number: Maximum number of dynamic ARP entries that an interface can learn. The value range is 0 to 4096. Usage guidelines When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries. Examples # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries. system-view [Sysname] interface vlan-interface 40 [Sysname-Vlan-interface40] arp max-learning-num 500 # Specify Ethernet 1/1 to learn up to 1000 dynamic ARP entries.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN for a static ARP entry. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Without this option, the static ARP entry belongs to the public network. Usage guidelines A static ARP entry is effective when the device works correctly. However, when the VLAN or VLAN interface to which an ARP entry corresponds is deleted, the entry, if long, is deleted, and if short and resolved, becomes unresolved.
Related commands display arp timer aging display arp Use display arp to display ARP entries. Syntax display arp [ [ all | dynamic | static ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays all ARP entries. dynamic: Displays dynamic ARP entries. static: Displays static ARP entries.
192.168.0.115 000d-88f7-9f7d 1 GE1/2 18 D 0012-a990-2241 1 GE1/3 20 D 00e0-fc01-0000 N/A N/A N/A M [No Vrf] 192.168.0.39 [No Vrf] 192.168.1.1 [No Vrf] Table 1 Command output Field Description IP Address IP address in an ARP entry. MAC Address MAC address in an ARP entry. VLAN ID ID of the VLAN to which the ARP entry belongs. Interface Outbound interface in an ARP entry. Aging Aging time for a dynamic ARP entry in minutes (N/A means unknown aging time or no aging time).
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Related commands arp timer aging display arp vpn-instance Use display arp vpn-instance to display the ARP entries for a specific VPN. Syntax display arp vpn-instance vpn-instance-name [ count ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance-name: Specifies the name of a MPLS L3VPN, a case-sensitive string of 1 to 31 characters. count: Displays the number of ARP entries.
Default Natural mask support for ARP requests is disabled. Views System view Default command level 2: System level Examples # Enable natural mask support for ARP requests. system-view [Sysname] naturemask-arp enable reset arp Use reset arp to clear ARP entries except authorized ARP entries from the ARP table.
Gratuitous ARP configuration commands arp send-gratuitous-arp Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets and set the sending interval on an interface. Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets. Syntax arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp Default An interface is disabled from sending gratuitous ARP packets periodically.
gratuitous-arp-learning enable Use gratuitous-arp-learning enable to enable the gratuitous ARP packet learning function. Use undo gratuitous-arp-learning enable to disable the function. Syntax gratuitous-arp-learning enable undo gratuitous-arp-learning enable Default The function is enabled.
system-view [Sysname] undo gratuitous-arp-sending enable 11
Proxy ARP configuration commands display local-proxy-arp Use display local-proxy-arp to display the status of the local proxy ARP. Syntax display local-proxy-arp [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays the local proxy ARP status of the interface specified by the argument interface-type interface-number.
Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays the proxy ARP status of the interface specified by the argument interface-type interface-number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters ip-range startIP to endIP: Specifies the IP address range for which local proxy ARP is enabled. The start IP address must be lower than or equal to the end IP address. Usage guidelines Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on Ethernet 1/1.
ARP snooping configuration commands arp-snooping enable Use arp-snooping enable to enable ARP snooping. Use undo arp-snooping enable to disable ARP snooping. Syntax arp-snooping enable undo arp-snooping enable Default ARP snooping is disabled. Views VLAN view Default command level 2: System level Examples # Enable ARP snooping on VLAN 1. system-view [Sysname] vlan 1 [Sysname-vlan1] arp-snooping enable display arp-snooping Use display arp-snooping to display ARP snooping entries.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display ARP snooping entries for VLAN 1. display arp-snooping vlan 1 IP Address MAC Address Aging Status 3.3.3.3 0003-0003-0003 1 VLAN ID Interface Eth1/1 20 Valid 3.3.3.
DHCP server configuration commands bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey [ cipher | simple ] key undo bims-server Default No BIMS server information is specified.
bootfile-name Use bootfile-name to specify a bootfile name in a DHCP address pool. Use undo bootfile-name to remove the specified bootfile name. Syntax bootfile-name bootfile-name undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Default command level 2: System level Parameters bootfile-name: Boot file name, a string of 1 to 63 characters. Usage guidelines If you execute the bootfile-name command multiple times, the most recent configuration takes effect.
Usage guidelines Enable DHCP before performing DHCP server or relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp server apply ip-pool Use dhcp server apply ip-pool to apply an address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration.
Use undo dhcp select server global-pool to remove the configuration. Upon receiving a DHCP request from a client, the interface neither assigns an IP address to the client, nor serves as a DHCP relay agent to forward the request. Syntax dhcp select server global-pool [ subaddress ] undo dhcp select server global-pool [ subaddress ] Default The DHCP server is enabled on an interface when DHCP is enabled.
Views Interface view Default command level 2: System level Usage guidelines With this feature enabled, the DHCP server considers that a DHCP client goes offline when the ARP entry for the client ages out. In addition, it removes the client entry and releases the IP address of the client. Examples # Enable client offline detection on the DHCP server.
Syntax dhcp server forbidden-ip low-ip-address [ high-ip-address ] undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] Default All IP addresses in a DHCP address pool are assignable except IP addresses of the DHCP server interfaces. Views System view Default command level 2: System level Parameters low-ip-address: Specifies the start IP address. high-ip-address: Specifies the end IP address, which must have a higher sequence than the start one.
Default No DHCP address pool is created. Views System view Default command level 2: System level Parameters pool-name: Specifies the name for the global address pool, a string of 1 to 35 characters used to uniquely identify this pool. extended: Specifies the address pool as an extended address pool. If this keyword is not specified, the address pool is a common address pool. Examples # Create the common address pool identified by 0.
The DHCP server pings the IP address. If the server gets a response within the specified period, the server believes that the IP address is in use, selects and pings another IP address. If not, the server pings the IP address again until the maximum number of ping packets are sent. If still no response is received, the server assigns the IP address to the requesting client. Examples # Specify the maximum number of ping packets as 10.
Syntax dhcp server relay information enable undo dhcp server relay information enable Default The DHCP server handles Option 82. Views System view Default command level 2: System level Examples # Configure the DHCP server to ignore Option 82. system-view [Sysname] undo dhcp server relay information enable dhcp server threshold Use dhcp server threshold to enable the DHCP server to send trap messages to the network management server when the specified threshold is reached.
threshold specified by the threshold-value argument. The threshold is a percentage value ranging from 1 to 100. Examples # Enable the DHCP server to send trap messages to the network management server when the ratio of successfully allocated IP addresses to received DHCP requests within 5 minutes exceeds 50%.
Default command level 1: Monitor level Parameters all: Displays information about all IP address conflicts. ip-address: Displays conflict information for the specified IP address. If no IP address is specified, this command displays information about all IP address conflicts. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
pool [ pool-name ]: Displays the lease expiration information for the specified address pool. The pool name is a string of 1 to 35 characters. If the pool name is not specified, the lease expiration information of all address pools is displayed. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Table 4 Command output Field Description Global Globally excluded IP addresses specified with the dhcp server forbidden-ip command in system view. No address pool can assign these IP addresses. Pool name Excluded IP addresses specified with the forbidden-ip command in DHCP address pool view. They cannot be assigned from the current extended address pool. display dhcp server ip-in-use Use display dhcp server ip-in-use to display binding information about DHCP address pools or an IP address.
10.1.1.1 10.1.1.2 4444-4444-4444 3030-3030-2e30-3030- NOT Used Manual May Auto:COMMITTED 1 2009 14:02:49 662e-3030-3033-2d457468-6572-6e65-74302f31 --- total 2 entry --- Table 5 Command output Field Description Utilization rate of IP addresses in a DHCP address pool, which is the ratio of assigned IP addresses to assignable IP addresses in the DHCP address pool.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description DHCP packets received from clients: BOOTP Request • • • • • • DHCPDISCOVER. DHCPREQUEST. DHCPDECLINE. DHCPRELEASE. DHCPINFORM. BOOTPREQUEST. DHCP packets sent to clients: BOOTP Reply Bad Messages • • • • DHCPOFFER. DHCPACK. DHCPNAK. BOOTPREPLY. Number of bad messages. Related commands reset dhcp server statistics display dhcp server tree Use display dhcp server tree to display information of DHCP address pools.
Global pool: Pool name: 0 network 20.1.1.0 mask 255.255.255.0 Sibling node:1 option 2 ip-address 1.1.1.1 expired 1 0 0 0 Pool name: 1 static-bind ip-address 10.10.1.2 mask 255.0.0.0 static-bind mac-address 00e0-00fc-0001 PrevSibling node:0 expired unlimited Extended pool: Pool name: 2 network ip range 1.1.1.0 1.1.1.255 network mask 255.255.255.0 expired 0 0 2 0 Table 7 Command output Field Description Global pool Information of a common address pool. Pool name Address pool name.
dns-list Use dns-list to specify DNS server addresses in a DHCP address pool. Use undo dns-list to remove DNS server addresses from a DHCP address pool. Syntax dns-list ip-address&<1-8> undo dns-list { ip-address | all } Default No DNS server address is specified. Views DHCP address pool view Default command level 2: System level Parameters ip-address&<1-8>: Specifies DNS servers. &<1-8> means you can specify up to eight DNS server addresses separated by spaces.
Views DHCP address pool view Default command level 2: System level Parameters domain-name: Specifies the domain name, a string of 1 to 50 characters. Examples # Specify the domain name mydomain.com in address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] domain-name mydomain.com Related commands • dhcp server ip-pool • display dhcp server tree expired Use expired to specify the lease duration in a DHCP address pool.
Examples # Specify the lease duration as one day, two hours, three minutes, and four seconds in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] expired day 1 hour 2 minute 3 second 4 Related commands • dhcp server ip-pool • display dhcp server tree forbidden-ip Use forbidden-ip to exclude IP addresses from dynamic allocation in an extended address pool. Use undo forbidden-ip to cancel specified or all excluded IP addresses.
Related commands • dhcp server ip-pool • display dhcp server forbidden-ip gateway-list Use gateway-list to specify gateway addresses in a DHCP address pool. Use undo gateway-list to remove specified gateway addresses specified for the DHCP client from a DHCP address pool. Syntax gateway-list ip-address&<1-8> undo gateway-list { ip-address | all } Default No gateway address is specified.
Default No WINS server address is specified. Views DHCP address pool view Default command level 2: System level Parameters ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> means you can specify up to eight WINS server addresses separated by spaces. all: Specifies all WINS server addresses to be removed. Usage guidelines If you use the nbns-list command multiple times, the most recent configuration takes effect. Examples # Specify WINS server address 10.12.1.99 in DHCP address pool 0.
h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server, and if receiving no response, then broadcasts it to get the mapping from a server. m-node: Specifies the mixed node. An m-node client broadcasts the destination name, and if receiving no response, then unicasts the destination name to the WINS server to get the mapping. p-node: Specifies the peer-to-peer node.
[Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] network 192.168.8.0 mask 255.255.255.0 Related commands • dhcp server ip-pool • display dhcp server tree network ip range Use network ip range to specify the IP address range for dynamic allocation in an address pool. Use undo network ip range to remove the specified address range. Syntax network ip range min-address max-address undo network ip range Default No IP address range is specified.
Related commands • dhcp server ip-pool • network • display dhcp server tree network mask Use network mask to specify the IP address mask for dynamic allocation in an extended address pool. Use undo network mask to remove the specified IP address mask. Syntax network mask mask undo network mask Default No IP address mask is specified. Views DHCP extended address pool view Default command level 2: System level Parameters mask: Network mask in dotted decimal notation.
Syntax next-server ip-address undo next-server Default No server's IP address is specified in an address pool. Views DHCP address pool view Default command level 2: System level Parameters ip-address: Specifies the IP address of a server. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify a server's IP address 1.1.1.1 in DHCP address pool 0.
hex hex-string&<1-16>: Specifies hex digit strings. &<1-16> indicates that you can specify up to 16 hex digit strings, separated by spaces. Each string contains 2, 4, 6 or 8 hex digits. ip-address ip-address&<1-8>: Specifies the IP addresses as the option content. &<1-8> indicates that you can specify up to eight IP addresses separated by spaces. Usage guidelines If you use the option command multiple times, the most recent configuration takes effect.
Default command level 2: System level Parameters all: Clears IP address dynamic binding information about all DHCP address pools. ip ip-address: Clears dynamic binding information about a specific IP address. pool [ pool-name ]: Clears dynamic binding information about a specific address pool. The pool name is a string of 1 to 35 characters. If you do not specify any pool name, this command clears dynamic binding information about all address pools.
Views DHCP address pool view Default command level 2: System level Parameters client-identifier: The client ID of a static binding, a string with 4 to 160 characters in the format of H-H-H…, each H indicates 4 hex digits except the last H indicates 2 or 4 hex digits. For example, aabb-cccc-dd is a valid ID, but aabb-c-dddd and aabb-cc-dddd are both invalid.
Default command level 2: System level Parameters ip-address: Specifies the IP address of a static binding. If no mask and mask length is specified, the natural mask is used. mask-length: Specifies the mask length of the IP address, in the range of 1 to 30. mask mask: Specifies the IP address mask, in dotted decimal format. Usage guidelines Use the static-bind ip-address command together with the static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration.
Parameters mac-address: Specifies the MAC address of a static binding, in the format of H-H-H. Usage guidelines Use the static-bind mac-address command together with the static-bind ip-address command to complete a static binding configuration. If you use the static-bind mac-address or static-bind client-identifier command multiple times, the most recent configuration takes effect. Examples # Bind the client MAC address 0000-e03f-0305 to the IP address 10.1.1.1 with the mask 255.255.255.
system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server domain-name aaa Related commands • dhcp server ip-pool • display dhcp server tree tftp-server ip-address Use tftp-server ip-address to specify the TFTP server IP address in a DHCP address pool. Use undo tftp-server ip-address to remove the TFTP server IP address from a DHCP address pool. Syntax tftp-server ip-address ip-address undo tftp-server ip-address Default No TFTP server address is specified.
Default No IP address range is specified for the DHCP clients of any vendor. Views DHCP extended address pool view Default command level 2: System level Parameters hex-string&<1-255>: A character string, used to match against Option 60 (vendor class identifier option). The hex-string argument is a hexadecimal number ranging from 0 to FF. &<1-255> indicates that you can type up to 255 hexadecimal numbers, which are separated by spaces.
Views DHCP address pool view Default command level 2: System level Parameters as-ip ip-address: Specifies the IP address for the backup network calling processor. When the primary network calling processor is unavailable, the DHCP client uses the backup network calling processor. fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string is a string of 1 to 39 characters, which can be 0 to 9, and asterisk (*).
DHCP relay agent configuration commands The DHCP relay agent configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), virtual Ethernet interfaces (or subinterfaces), VLAN interfaces, Layer 3 aggregate interfaces, and serial interfaces. dhcp enable (for DHCP relay agent) Use dhcp enable to enable DHCP. Use undo dhcp enable to disable DHCP. Syntax dhcp enable undo dhcp enable Default DHCP is disabled.
Default command level 2: System level Usage guidelines With this feature enabled, the DHCP relay agent can dynamically record clients' IP-to-MAC bindings after clients get IP addresses through DHCP. It also supports static bindings. You can manually configure IP-to-MAC bindings on the DHCP relay agent, so that users can access external networks using fixed IP addresses.
system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] dhcp relay check mac-address dhcp relay client-detect enable Use dhcp relay client-detect enable to enable offline detection on the DHCP relay agent. Use undo dhcp relay client-detect enable to disable offline detection on the DHCP relay agent. Syntax dhcp relay client-detect enable undo dhcp relay client-detect enable Default This function is disabled.
Default command level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex. Usage guidelines This command applies to configuring the non-user-defined circuit ID sub-option only. After you configure the padding content for the circuit ID sub-option using the dhcp relay information circuit-id string command, ASCII is adopted as the code type.
Examples # Configure the padding content for the circuit ID sub-option as company001. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] dhcp relay information circuit-id string company001 Related commands • dhcp relay information format • display dhcp relay information dhcp relay information enable Use dhcp relay information enable to enable the relay agent to support Option 82. Use undo dhcp relay information enable to disable Option 82 support.
Views Interface view Default command level 2: System level Parameters normal: Specifies the normal padding format. verbose: Specifies the verbose padding format. node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier. • Mac: Uses the MAC address of the access node as the node identifier. It is the default node identifier. • Sysname: Uses the device name of a node as the node identifier.
Default command level 2: System view Parameters ascii: Specifies the code type for the remote ID sub-option as ascii. hex: Specifies the code type for the remote ID sub-option as hex. Usage guidelines This command applies to configuring the non-user-defined remote ID sub-option only. After you configure the padding content for the remote ID sub-option using the dhcp relay information remote-id string command, ASCII is adopted as the code type.
if you want to specify Sysname as the padding content for the remote ID sub-option, you need to enter the dhcp relay information remote-id string "Sysname" command. Examples # Configure the padding content for the remote ID sub-option as device001.
dhcp relay release ip Use dhcp relay release ip to request the DHCP server to release a specific client IP address. Syntax dhcp relay release ip client-ip Views System view Default command level 2: System level Parameters client-ip: DHCP client IP address. Examples # Request the DHCP server to release the IP address 1.1.1.1. system-view [Sysname] dhcp relay release ip 1.1.1.
Usage guidelines When using the dhcp relay security static command to bind an interface to a static client entry, make sure that the interface is configured as a DHCP relay agent. Otherwise, entry conflicts might occur. The undo dhcp relay security interface command is used to remove all the dynamic client entries from the interface. Examples # Bind DHCP relay interface Ethernet 1/1 to IP address 10.10.1.1 and MAC address 0005-5d02-f2b3 of the client.
dhcp relay security tracker Use dhcp relay security tracker to set a refreshing interval at which the relay agent contacts the DHCP server for refreshing dynamic bindings. Use undo dhcp relay security tracker to restore the default interval. Syntax dhcp relay security tracker { interval | auto } undo dhcp relay security tracker [ interval ] Default The refreshing interval is auto, the value of 60 seconds divided by the number of binding entries.
Usage guidelines With this function enabled, upon receiving a DHCP request, the DHCP relay agent records the IP addresses of all DHCP servers that offered IP addresses to the DHCP client and the receiving interface. Each server detected is recorded only once. The administrator can use this information from logs to check for unauthorized DHCP servers. After the information of recorded DHCP servers is cleared, the relay agent re-records server information following this mechanism.
dhcp relay server-select Use dhcp relay server-select to correlate specified interfaces to a specific DHCP server group. Use undo dhcp relay server-select to remove a configured correlation. Syntax dhcp relay server-select group-id undo dhcp relay server-select Default No DHCP server group is correlated with an interface on the relay agent. Views Interface view Default command level 2: System level Parameters group-id: DHCP server group number to be correlated, in the range of 0 to 19.
Views Interface view Default command level 2: System level Usage guidelines After DHCP is enabled, the DHCP server is enabled on an interface by default. Upon receiving a client's request from the interface, the DHCP server allocates an IP address from the DHCP address pool to the client. When the working mode of the interface is changed from DHCP server to DHCP relay agent, neither the IP address leases nor the authorized ARP entries are deleted.
Syntax display dhcp relay { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays information about DHCP server groups that all interfaces correspond to. interface interface-type interface-number: Displays information of the DHCP server group that a specific interface corresponds to. |: Filters command output by specifying a regular expression.
interface interface-type interface-number: Displays the Option 82 configuration information of a specific interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
display dhcp relay security Use display dhcp relay security to display information about bindings of DHCP relay agents. If no parameter is specified, information about all bindings is displayed. Syntax display dhcp relay security [ ip-address | dynamic | static ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip-address: Displays the binding information of an IP address. dynamic: Displays information about dynamic bindings.
display dhcp relay security statistics Use display dhcp relay security statistics to display statistics information about bindings of DHCP relay agents. Syntax display dhcp relay security statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Syntax display dhcp relay security tracker [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Examples # Display IP addresses of DHCP servers in DHCP server group 1. display dhcp relay server-group 1 No. Group IP 1 1.1.1.1 2 1.1.1.2 Table 12 Command output Field Description No. Sequence number. Group IP IP address in the server group. display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics related to a specific or all DHCP server groups.
DHCP packets received from clients: 0 DHCPDISCOVER packets received: 0 DHCPREQUEST packets received: 0 DHCPINFORM packets received: 0 DHCPRELEASE packets received: 0 DHCPDECLINE packets received: 0 BOOTPREQUEST packets received: 0 DHCP packets received from servers: 0 DHCPOFFER packets received: 0 DHCPACK packets received: 0 DHCPNAK packets received: 0 BOOTPREPLY packets received: 0 DHCP packets relayed to servers: 0 DHCPDISCOVER packets relayed: 0 DHCPREQUEST packets relayed: 0
DHCPOFFER 0 DHCPACK 0 DHCPNAK 0 BOOTPREPLY 0 Related commands reset dhcp relay statistics reset dhcp relay statistics Use reset dhcp relay statistics to remove statistics from the relay agent. Syntax reset dhcp relay statistics [ server-group group-id ] Views User view Default command level 1: Monitor level Parameters server-group group-id: Specifies a server group number (in the range of 0 to 19) about which to remove statistics from the relay agent.
DHCP client configuration commands The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), VLAN interfaces, and Layer 3 aggregate interfaces. When multiple VLAN interfaces having the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be the Windows 2000 Server or Windows 2003 Server. You cannot configure an interface of an aggregation group as a DHCP client.
Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from 2005.08.13 15:37:59 to 2005.08.16 15:37:59 DHCP server: 40.1.1.2 Transaction ID: 0x1c09322d Default router: 40.1.1.2 Classless static route: Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16 DNS server: 44.1.1.11 DNS server: 44.1.1.
Field Description Classless static route Classless static routes assigned to the client. Static route Classful static routes assigned to the client. DNS server DNS server address assigned to the client. Domain name Domain name suffix assigned to the client. Boot server PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43. T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. How long the T1 (1/2 lease time) timer will timeout.
DHCP snooping configuration commands A DHCP snooping enabled device can work between the DHCP client and relay agent or between the DHCP client and server. It does not work if it is between the DHCP relay agent and DHCP server. dhcp-snooping Use dhcp-snooping to enable DHCP snooping. Use undo dhcp-snooping to disable DHCP snooping. Syntax dhcp-snooping undo dhcp-snooping Default DHCP snooping is disabled.
Views System view Default command level 2: System level Parameters filename: File name. For information about how to define the file name, see Fundamentals Configuration Guide. Usage guidelines If the specified file does not exist, the device automatically creates the file when it stores the first DHCP snooping entry. This command enables the device to store DHCP snooping entries in the specified file immediately.
• If no change occurs within the interval, DHCP snooping does not perform update operation. This command takes effect only when the file for storing DHCP snooping entries has been specified with the command dhcp-snooping binding database filename. Examples # Configure the device to update DHCP snooping entries every 10 minutes.
Default command level 2: System level Usage guidelines With this function enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If not, DHCP snooping discards the DHCP request.
Usage guidelines With this function enabled, DHCP snooping looks for a matching DHCP snooping entry for each received DHCP-REQUEST message. • If a match is found, DHCP snooping compares the entry with the message. If they are consistent, DHCP snooping considers the DHCP-REQUEST message a valid lease renewal request and forwards it to the DHCP server. If they are not consistent, DHCP snooping considers the message a forged lease renewal request and discards it.
Default command level 2: System level Parameters ascii: Specifies the code type for the circuit ID sub-option as ascii. hex: Specifies the code type for the circuit ID sub-option as hex. Usage guidelines This command configures the code type for only the non-user-defined circuit ID sub-option. After you configure the padding content for the circuit ID sub-option by using the dhcp-snooping information circuit-id string command, ASCII is adopted as the code type.
Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view Default command level 2: System level Parameters vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094. circuit-id: Padding content for the user-defined circuit ID sub-option, a case-sensitive string of 3 to 63 characters. Usage guidelines After you configure the padding content for the circuit ID sub-option using this command, ASCII is adopted as the code type.
Syntax dhcp-snooping information enable undo dhcp-snooping information enable Default DHCP snooping does not support Option 82.
undo dhcp-snooping information format Default The node MAC address is used as the node identifier. Default The padding format for Option 82 is normal. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view, WLAN-BSS interface view Default command level 2: System level Parameters normal: Specifies the normal padding format. private private: Specifies the private padding format. The private value can only be 1, which represents the private padding format.
system-view [Sysname] interface ethernet1/1 [Sysname-Ethernet1/1] dhcp-snooping information enable [Sysname-Ethernet1/1] dhcp-snooping information strategy replace [Sysname-Ethernet1/1] dhcp-snooping information format verbose Related commands display dhcp-snooping information dhcp-snooping information remote-id format-type Use dhcp-snooping information remote-id format-type to configure the code type for the non-user-defined remote ID sub-option.
Hardware Command in Layer 2 aggregate interface view Command in WLAN-BSS interface view MSR1000 Yes Yes Examples # Configure the code type for the non-user-defined remote ID sub-option as ascii.
Sysname as the padding content for the remote ID sub-option, enter the dhcp relay information remote-id string "Sysname" command.
Parameters append: Forwards the message containing Option 82 after adding content to sub-option 9 of Option 82. The append strategy is supported only when the private padding format and sub-option 9 are configured. In other cases, the device forwards the message without changing Option 82. drop: Drops the requesting message containing Option 82. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82.
Views Layer 2 Ethernet interface/Layer 2 aggregate interface view WLAN-BSS interface/WLAN-ESS interface view Default command level 2: System level Parameters vlan vlan-id: Specifies the ID of a VLAN, in the range of 1 to 4094. sub-option sub-option-code: Specifies the number of the sub-option. Only sub-option 9 is supported. string user-string&<1-8>: Configures the content of the sub-option, a case-sensitive string of 1 to 63 characters.
Related commands • dhcp-snooping information format • dhcp-snooping information strategy • display dhcp-snooping information dhcp-snooping trust Use dhcp-snooping trust to configure a port as a trusted port. Use undo dhcp-snooping trust to restore the default state of a port. Syntax dhcp-snooping trust [ no-user-binding ] undo dhcp-snooping trust Default All ports are untrusted.
[Sysname-Ethernet1/1] dhcp-snooping trust Related commands display dhcp-snooping trust display dhcp-snooping Use display dhcp-snooping to display DHCP snooping entries. Syntax display dhcp-snooping [ ip ip-address ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip ip-address: Displays the DHCP snooping entries corresponding to the specified IP address. |: Filters command output by specifying a regular expression.
Table 14 Command output Field Description Entry type: Type • D—Dynamic. • S—Static. Static DHCP snooping entries are not supported. • R—Specifies that the DHCP snooping entry is being restored through the DHCP snooping entry file, and the interface in the entry is invalid. IP Address IP address assigned to the DHCP client. MAC Address MAC address of the DHCP client. Lease Remaining lease duration in seconds.
File name Update interval : : Latest read time : Jul 15 2008 16:38:22 Latest write time Status flash:/database.dhcp 10 minutes : : Jul 15 2008 16:38:24 Last write succeeded. Table 15 Command output Field Description File name File name. Update interval Interval at which DHCP snooping entries are updated. Latest read time Last time when the file is read. Latest write time Last time when the file is written. Status Indicates whether the file was written successfully last time.
Format: Verbose Circuit ID format-type: HEX Remote ID format-type: ASCII Node identifier: aabbcc Sub-option 9: Enabled User defined: Circuit ID: company001 Sub-option 9 content: group1 Interface: Ethernet 1/2 Status: Disable Strategy: Keep Format: Normal Circuit ID format-type: HEX Remote ID format-type: ASCII User defined: Circuit ID: company001 Remote ID: device001 VLAN 10: Circuit ID: vlan10@company001 Sub-option 9: Enable Sub-option 9 content: group1 VLAN 20: Remote ID: device001 Sub-option 9: Enabled
DHCP packets received : 100 DHCP packets sent : 200 Packets dropped due to rate limitation : 20 Dropped invalid packets : 0 Related commands reset dhcp-snooping packet statistics display dhcp-snooping trust Use display dhcp-snooping trust to display information about trusted ports. Syntax display dhcp-snooping trust [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Views User view Default command level 2: System level Parameters all: Clears all DHCP snooping entries. ip ip-address: Clears the DHCP snooping entries for the specified IP address. Examples # Clear all DHCP snooping entries. reset dhcp-snooping all Related commands display dhcp-snooping reset dhcp-snooping packet statistics Use reset dhcp-snooping packet statistics to clear DHCP packet statistics for the DHCP snooping device.
BOOTP client configuration commands BOOTP client configuration can only be used on Layer 3 Ethernet interfaces (including subinterfaces), Layer 3 aggregate interfaces, and VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server. You cannot configure an interface of an aggregation group as a BOOTP client.
Table 16 Command output Field Description Ethernet1/1 BOOTP client information or Vlan-interface1 BOOTP client information Information of the interface serving as a BOOTP client. Allocated IP BOOTP client's IP address allocated by the BOOTP server. Transaction ID Value of the XID field in a BOOTP message, a random number chosen when the BOOTP client sends a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server.
IPv4 DNS configuration commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. |: Filters command output by specifying a regular expression.
display dns host Use display dns host to display the dynamic DNS cache information. Syntax display dns host [ ip | ipv6 | naptr | srv ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip: Displays dynamic cache information about type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Displays dynamic cache information about type AAAA queries.
Field Description Host Domain name for query. TTL Time that a mapping can be stored in the cache, in seconds. Type Query type, IP, IPv6, NAPTR, and SRV. Reply data concerning the query type: • For an IP query, the reply data is an IPv4 address. • For an IPv6 query, the reply data is an IPv6 address. • For a NAPTR query, the reply data comprises order, preference, flags, Reply Data services, regular expression, and replacement.
Table 19 Command output Field Description DNS Server Sequence number of the DNS server, configured automatically by the device, starting from 1. Type of domain name server: Type • S—A manually configured DNS server. • D—A DNS server obtained dynamically through DHCP. IP Address IPv4 address of the DNS server. Related commands dns server display ip host Use display ip host to display the host names and corresponding IPv4 addresses in the static domain name resolution table.
Field Description Time to live. The value of 0 means that the static mapping never ages out. Age Flags Address You can only manually remove the static mappings between host names and IPv4 addresses. Indicates the mapping type. Static represents static IPv4 domain name resolution. Host IPv4 address. dns domain Use dns domain to configure a domain name suffix. The system can automatically add the suffix to part of the domain name you entered for resolution.
dns proxy enable Use dns proxy enable to enable DNS proxy. Use undo dns proxy enable to disable DNS proxy. Syntax dns proxy enable undo dns proxy enable Default DNS proxy is disabled. Views System view Default command level 2: System level Examples # Enable DNS proxy. system-view [Sysname] dns proxy enable dns resolve Use dns resolve to enable dynamic domain name resolution. Use undo dns resolve to disable dynamic domain name resolution.
dns server Use dns server to specify a DNS server. Use undo dns server to remove DNS servers. Syntax In system view: dns server ip-address undo dns server [ ip-address ] In interface view: dns server ip-address undo dns server ip-address Default No DNS server is specified. Views System view, interface view Default command level 2: System level Parameters ip-address: IPv4 address of the DNS server.
Syntax dns source-interface interface-type interface-number undo dns source-interface Default No source interface for DNS packets is specified. The device uses the primary IP address of the output interface of the matching route as the source IP address of a DNS request. Views System view Default command level 2. System level Parameters interface-type interface-number: Specifies the interface type and number.
If you execute the dns spoofing command multiple times with different IP addresses specified, the most recent configuration takes effect. Examples # Enable DNS spoofing and specify the IP address as 1.1.1.1. system-view [Sysname] dns spoofing 1.1.1.1 ip host Use ip host to create a host name to IPv4 address mapping in the static resolution table. Use undo ip host to remove a mapping. Syntax ip host hostname ip-address undo ip host hostname [ ip-address ] Default No mappings are created.
Views User view Default command level 2: System level Parameters ip: Clears dynamic cache information about type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Clears dynamic cache information about type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. For more information, see Layer 3—IP Services Configuration Guide. naptr: Clears dynamic cache information about NAPTR queries.
DDNS configuration commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update.
Syntax ddns policy policy-name undo ddns policy policy-name Default No DDNS policy is created. Views System view Default command level 2: System level Parameters policy-name: DDNS policy name, a case-insensitive string of 1 to 32 characters. Examples # Create a DDNS policy named steven_policy and enter its view.
Examples # Display information about the DDNS policy named steven_policy. display ddns policy steven_policy DDNS policy: steven_policy URL : http://steven:nevets@members.3322.org/dyndns/update? system=dyndns&hostname=&myip= SSL client policy: Interval : 1 days 0 hours 1 minutes Table 21 Command output Field Description DDNS policy DDNS policy name. URL URL address for the DDNS service. This field is blank if no URL address is configured.
If you execute the interval command multiple times with different time intervals specified, the most recent configuration takes effect. Examples # Set the interval for sending DDNS update requests to one day and one minute for the DDNS policy named steven_policy.
url Use url to specify the URL address for DDNS update requests. Use undo url to delete the URL address. Syntax url request-url undo url Default No URL address is specified for DDNS update requests. Views DDNS policy view Default command level 2: System level Parameters request-url: URL address for DDNS update requests, a case-sensitive string of 1 to 240 characters containing the login ID, password, and other information.
• To avoid ambiguity, it is better that your login ID and password not include colons (:), at signs (@), or question marks (?). • If you execute the url command multiple times with different URL addresses specified, the most recent configuration takes effect. Examples # Specify the URL address for DDNS policy steven_policy with login ID steven and password nevets. The device contacts www.3322.org for DDNS update.
IP addressing configuration commands display ip interface Use display ip interface to display IP configuration information about a specific Layer 3 interface or all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number.
Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 22 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command.
Field Description ARP packet input number: Total number of ARP packets received on the interface (statistics start at device startup): Request packet: Reply packet: Unknown packet: TTL invalid packet number ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: • ARP request packets
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. description: Displays complete interface descriptions. If you do not specify this keyword, the command displays the first 27 characters of interface descriptions.
Field Description Link layer protocol state of the interface: Protocol IP Address Description • • • • • down—The protocol state of the interface is down. up—The protocol state of the interface is up. up(s)—The protocol state of the interface is up (spoofing). up(l)—The protocol state of the interface is up (loopback). down(l)—The protocol state of the interface is down (loopback). IP address of the interface. If no IP address is configured, two hyphens (--) are displayed.
You cannot assign secondary IP addresses to an interface that obtains an IP address through BOOTP, DHCP, PPP address negotiation, or IP unnumbered. The undo ip address command removes all IP addresses from the interface. The undo ip address ip-address {mask | mask-length } command removes the primary IP address. The undo ip address ip-address { mask |mask-length } sub command removes a secondary IP address. Before removing the primary IP address, remove all secondary IP addresses.
Fast forwarding configuration commands display ip fast-forwarding cache Use display ip fast-forwarding cache to display information in the fast forwarding table. Syntax display ip fast-forwarding cache [ ip-address ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip-address: Specifies an IP address. |: Filters command output by specifying a regular expression.
Field Description Pro Protocol number. Input_If Input interface number. Output_If Output interface number. ip fast-forwarding Use ip fast-forwarding to enable fast forwarding on the interface in the inbound and/or outbound directions. Use undo ip fast-forwarding to disable fast forwarding on the interface in the inbound and/or outbound directions.
CAUTION: • To enable per-packet load balancing, you must disable fast forwarding in the corresponding direction of related interfaces. • The interface on which fast forwarding is enabled stops sending ICMP redirect messages. • After fast forwarding is enabled on an interface, no IP packet debugging information is displayed for the interface by using the debugging ip packet command.
IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax display icmp statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
display ip socket Use display ip socket to display socket information. Syntax display ip socket [ socktype sock-type ] [ task-id socket-id ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters socktype sock-type: Displays socket information about this type. The sock type is in the range of 1 to 3, corresponding to TCP, UDP, and raw IP respectively. task-id: Displays socket information about this task.
sb_maxcc = 0, rb_maxcc = 0, socket option = SO_ACCEPTCONN SO_REUSEADDR SO_REUSEPORT SO_SENDVPNID(0), socket state = SS_PRIV SS_ASYNC Task = VTYD(38), socketid = 4, Proto = 6, LA = 192.168.1.40:23, FA = 192.168.1.52:1917, sndbuf = 8192, rcvbuf = 8192, sb_cc = 237, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_KEEPALIVE SO_OOBINLINE SO_REUSEPORT SO_SENDVPNID(0) SO_SETKEEPALIVE, socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC Task = VTYD(38), socketid = 3, Proto = 6, LA = 192.168.1.
LA = 0.0.0.0:1025, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 0, sb_cc = 0, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV Task = RDSO(56), socketid = 2, Proto = 17, LA = 0.0.0.0:1812, FA = 0.0.0.0:0, sndbuf = 9216, rcvbuf = 41600, sb_cc = 0, rb_cc = 0, sb_maxcc = 0, rb_maxcc = 0, socket option = SO_UDPCHECKSUM, socket state = SS_PRIV SOCK_RAW: Task = ROUT(69), socketid = 8, Proto = 89, LA = 0.0.0.0, FA = 0.0.0.
Table 25 Command output Field Description SOCK_STREAM TCP socket. SOCK_DGRAM UDP socket. SOCK_RAW Raw IP socket. Task Task number. socketid Socket ID. Proto Protocol number of the socket, indicating the protocol type that IP carries. LA Local address and local port number. FA Remote address and remote port number. sndbuf Sending buffer size (in bytes) of the socket. rcvbuf Receiving buffer size (in bytes) of the socket.
Examples # Display statistics of IP packets. display ip statistics Input: Output: sum 7120 local 112 bad protocol 0 bad format 0 bad checksum 0 bad options 0 forwarding 0 local 27 dropped 0 no route 2 output 0 compress fails 0 Fragment:input 0 dropped 0 fragmented 0 couldn't fragment 0 0 timeouts Reassembling:sum 0 Table 26 Command output Field Input Output Fragment Reassembling Description sum Total number of packets received.
display ip virtual-reassembly Use display ip virtual-reassembly to display IP virtual fragment reassembly information about an interface, including the interface type and number, the maximum number of concurrent reassemblies, the maximum fragments per reassembly, the current numbers of concurrent reassemblies and fragments, and the reassembly timeout interval.
Table 27 Command output Field Description Concurrent reassemblies (max-reassemblies) Maximum number of concurrent reassemblies. Fragments per reassembly(max-fragments) Maximum number of fragments per reassembly. Reassembly timeout(timeout) Timeout interval of each reassembly. Drop fragments OFF/ON means dropping all fragments is disabled/enabled. Current reassembly count Number of current reassemblies. Current fragment count Number of current fragments.
packets received after close: 0 ACK packets: 4625 (141989 bytes) duplicate ACK packets: 1702, too much ACK packets: 0 Sent packets: Total: 6726 urgent packets: 0 control packets: 21 (including 0 RST) window probe packets: 0, window update packets: 0 data packets: 6484 (141984 bytes) data packets retransmitted: 0 (0 bytes) ACK-only packets: 221 (177 delayed) Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 1682, keepalive probe: 1682, Keepalive timeout, so conn
Field Description urgent packets Number of urgent packets sent. control packets Number of control packets sent. window probe packets Number of window probe packets sent. In the brackets are resent packets. window update packets Number of window update packets sent. data packets Number of data packets sent. data packets retransmitted Number of data packets retransmitted. ACK-only packets Number of ACK packets sent. In brackets are delayed ACK packets.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Use undo ip forward-broadcast to disable the interface from forwarding directed broadcasts to a directly-connected network. Syntax ip forward-broadcast [ acl acl-number ] undo ip forward-broadcast Default An interface is disabled from forwarding directed broadcasts to a directly-connected network. Views Interface view Default command level 2: System level Parameters acl acl-number: ACL number in the range of 2000 to 3999.
Examples # Enable support for ICMP extensions in compliant mode. system-view [Sysname] ip icmp-extensions compliant ip redirects enable Use ip redirects enable to enable sending ICMP redirection packets. Use undo ip redirects to disable sending ICMP redirection packets. Syntax ip redirects enable undo ip redirects Default Sending ICMP redirection packets is disabled. Views System view Default command level 2: System level Examples # Enable sending ICMP redirect packets.
Examples # Enable sending ICMP timeout packets. system-view [Sysname] ip ttl-expires enable ip unreachables enable Use ip unreachables enable to enable sending ICMP destination unreachable packets. Use undo ip unreachables to disable sending ICMP destination unreachable packets. Syntax ip unreachables enable undo ip unreachables Default Sending ICMP destination unreachable packets is disabled.
Parameters drop-fragments: Specifies the interface to drop all fragments. max-fragments number: Specifies the maximum number of fragments per reassembly. It is in the range of 1 to 255, and the default is 16. max-reassemblies number: Specifies the maximum number of concurrent reassemblies. It is in the range of 1 to 1024, and the default is 64. timeout seconds: Specifies the timeout interval of a reassembly in seconds (1 to 64). The default value is 3 seconds.
reset tcp statistics Use reset tcp statistics to clear statistics of TCP traffic. Syntax reset tcp statistics Views User view Default command level 1: Monitor level Examples # Clear statistics of TCP traffic. reset tcp statistics Related commands display tcp statistics reset udp statistics Use reset udp statistics to clear statistics of UDP traffic. Syntax reset udp statistics Views User view Default command level 1: Monitor level Examples # Clear statistics of UDP traffic.
Default command level 2: System level Parameters value: TCP maximum segment size (MSS) in bytes, in the range of 128 to 2048. Usage guidelines TCP MSS = path MTU – IP header length – TCP header length Examples # Set the TCP MSS to 300 bytes on Ethernet 1/1. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] tcp mss 300 tcp path-mtu-discovery Use tcp path-mtu-discovery to enable TCP path MTU discovery.
Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout Default The TCP finwait timer is 675 seconds. Views System view Default command level 2: System level Parameters time-value: Specifies the TCP finwait timer in seconds, in the range of 76 to 3600. Usage guidelines The actual finwait timer is determined by the following formula: Actual finwait timer = (Configured finwait timer – 75) + configured synwait timer Examples # Set the TCP finwait timer to 800 seconds.
Examples # Set the TCP synwait timer to 80 seconds. system-view [Sysname] tcp timer syn-timeout 80 Related commands • tcp timer fin-timeout • tcp window tcp window Use tcp window to configure the size of the TCP send/receive buffer. Use undo tcp window to restore the default. Syntax tcp window window-size undo tcp window Default The size of the TCP send/receive buffer is 8 KB.
NAT configuration commands address Use address to add a member that specifies an address pool to the address group. The address pools of group members might not be consecutive. Use undo address to remove a group member from the address group. Syntax address start-address end-address undo address start-address end-address Views Address group view Default command level 2: System level Parameters start-address: Specifies the start IP address of the address group member.
Syntax display nat address-group [ group-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters group-number: Specifies a NAT address group number in the range of 0 to 31. If this argument is not provided, this command displays information about all NAT address pools. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
display nat all Use display nat all to display all NAT configuration information. Syntax display nat all [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Ethernet1/4 out-static NAT aging-time value information: tcp ---- aging-time value is 300 (seconds) udp ---- aging-time value is 240 (seconds) icmp ---- aging-time value is 10 (seconds) pptp ---- aging-time value is 300 (seconds) dns ---- aging-time value is 10 (seconds) tcp-fin ---- aging-time value is 10 (seconds) tcp-syn ---- aging-time value is 10 (seconds) ftp-ctrl ---- aging-time value is 300 (seconds) ftp-data ---- aging-time value is no-pat ---- aging-time value is 300 (seconds) 2
single static: Local-IP : 4.4.4.4 Global-IP : 5.5.5.5 Unidirectional : N Local-VPN : --- Global-VPN : --- NAT static enabled information: Interface Direction GigabitEthernet1/2 out-static Table 32 Command output Field Description There are currently 1 nat address-group(s) See the display nat address-group command for descriptions on the specific fields. NAT bound information: Configuration information about internal address-to-external address translation.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display NAT configuration information.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display NAT DNS mapping configuration information. display nat dns-map NAT DNS mapping information: There are currently 2 NAT DNS mapping(s) Domain-name: www.server.com Global-IP : 202.113.16.117 Global-port: 80(www) Protocol : 6(tcp) Domain-name: ftp.server.com Global-IP : 202.113.16.
Examples # Display NAT logging configuration information. display nat log NAT log information: log enable : enable acl 2000 flow-begin : enable flow-active : 10(minutes) Table 35 Command output Field Description NAT log information : NAT logging configuration information. log enable : enable acl 2000 Logging data flows matching ACL 2000. flow-begin : enable Logging newly established sessions. flow-active : 10(minutes) Interval in logging active flows (10 minutes).
Interface: Vlan-interface10, Protocol: 6(tcp) Global: 100.100.120.120 : 21(ftp) Local : 192.168.100.100 : 21(ftp) Status: Inactive Interface: Vlan-interface11, Protocol: 6(tcp) Global: 100.100.100.121 : 80(www) Local : 192.168.100.101 : 80(www) vpn2 Status: Active # Display information about internal servers. display nat server NAT server in private network information: There are currently 2 internal server(s) Interface: Ethernet1/0, Protocol: 6(tcp) Global: 10.1.1.3 : 80(www) Local : 9.9.
display nat session Use display nat session to display dynamic NAT entries. Syntax display nat session [ vpn-instance vpn-instance-name ] [ source { global global-address | inside inside-address } ] [ destination dst-address ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays NAT entries for the specified MPLS L3VPN.
Field Description LocalVPN MPLS L3VPN to which the internal source IP address belongs. status NAT session status. NAT session lifetime in the format of hh:mm:ss. TTL The value of this field varies with device models. Left NAT session remaining lifetime, in the format of hh:mm:ss. display nat static Use display nat static to display static NAT entries and interfaces with static NAT enabled.
NAT static enabled information: Interface Direction Ethernet0/0 out-static Table 38 Command output Field Description NAT static information Configuration information of static NAT. net-to-net Net-to-net static NAT. single static One-to-one static NAT. Local-IP Internal IP address. Global-IP External IP address. Netmask Network mask. Local-VPN MPLS L3VPN to which the internal IP address belongs. Global-VPN MPLS L3VPN to which the external IP address belongs.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display NAT statistics.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines This command can display all types of logs output to the log server, but it only displays NAT logs in this document.
Use undo nat address-group to remove an address pool or address group. Syntax nat address-group group-number [ start-address end-address [ level level ] ] undo nat address-group group-number [ start-address end-address [ level level ] ] Views System view Default command level 2: System level Parameters group-number: Specifies an address pool number in the range of 0 to 31. start-address: Specifies the start IP address of the address pool. end-address: Specifies the end IP address of the address pool.
• display nat address-group nat aging-time Use nat aging-time to set NAT aging time. Use undo nat aging-time to restore the default. Syntax nat aging-time { dns | ftp-ctrl | ftp-data | icmp | no-pat | pptp | tcp | tcp-fin | tcp-syn | udp } seconds undo nat aging-time { dns | ftp-ctrl | ftp-data | icmp | no-pat | pptp | tcp | tcp-fin | tcp-syn | udp } [ seconds ] Default The default NAT aging times of various protocols are as follows: • 10 seconds for DNS. • 300 seconds for FTP control link.
Usage guidelines A NAT entry is not permanent. You can use this command to configure NAT aging time for TCP, UDP, ICMP, and other protocols. If a NAT entry is not used within the configured time, it will be aged out. For example, when a user with IP address 10.110.10.10 and port number 2000 establishes an external TCP connection, NAT assigns an IP address and a port number for the user. If, within a preconfigured aging time, the TCP connection is not used, the system removes it.
[Sysname] nat alg ftp nat dns-map Use nat dns-map to map the domain name to the public network information about an internal server. Use undo nat dns-map to remove a DNS mapping. Syntax nat dns-map domain domain-name protocol pro-type ip global-ip port global-port undo nat dns-map domain domain-name Views System view Default command level 2: System level Parameters domain domain-name: Specifies the domain name of an internal server.
Examples # A company provides Web service to external users. The domain name of the internal server is www.server.com, and the public IP address is 202.112.0.1. Configure a DNS mapping, so that internal users can access the Web server using its domain name. system-view [Sysname] nat dns-map domain www.server.com protocol tcp ip 202.112.0.
Default command level 2: System level Parameters acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999. Examples # Enable NAT logging. system-view [Sysname] nat log enable acl 2001 nat log flow-active Use nat log flow-active to enable logging for active NAT sessions and set the logging interval. Use undo nat log flow-active to disable this function. Syntax nat log flow-active minutes undo nat log flow-active [ minutes ] Default This function is disabled.
Default No log is generated when a session is established. Views System view Default command level 2: System level Examples # Enable logging of NAT session establishment events. system-view [Sysname] nat log flow-begin nat mapping-behavior Use nat mapping-behavior to configure the mapping behavior mode for NAPT. Use undo nat mapping-behavior to restore the default.
If an ACL is configured, NAPT mapping in endpoint-independent mapping behavior mode applies to packets permitted by the ACL only. If no ACL is configured, NAPT mapping in that mode applies to all packets. Examples # Apply the endpoint-independent mapping mode to all packets for address translation.
port-range port-range-start port-range-end: Specifies a port range for the NAT addresses. The port-range-start argument specifies the start port in the range of 1 to 65535. The port-range-end argument specifies the end port in the range of 1 to 65535. The end port number cannot be smaller than the start port number. track vrrp virtual-router-id: Associates address translation on a specific outbound interface with a VRRP group.
# Use addresses in address pool 1 as translated addresses and TCP/UDP port information. [Sysname] interface serial 1/0 [Sysname-Serial1/0] nat outbound 2001 address-group 1 # Use addresses in address pool 1 as translated addresses without using TCP/UDP port information. system-view [Sysname] interface serial 1/0 [Sysname-Serial1/0] nat outbound 2001 address-group 1 no-pat # Use the IP address of interface Serial 1/0 as translated address.
nat server (for normal NAT server) Use nat server to configure a load sharing internal server. Use undo nat server to remove the configuration.
• You can use the keyword any to represent port number 0, which means all types of services are supported. This has the same effect as a static translation between the global-address and local-address. global-port: Global port number for the internal server, in the range of 0 to 65535. local-address: Internal IP address of the internal server. vpn-instance global-name: Specifies the MPLS L3VPN to which the advertised external network address belongs.
In stateful failover networking, make sure you associate the public address of an internal server on an interface with one VRRP group only. Otherwise, the system associates the public address with the VRRP group having the highest group ID. When the protocol type is not udp (with a protocol number of 17) or tcp (with a protocol number of 6), you can configure one-to-one NAT between an internal IP address and an external IP address only, but cannot specify port numbers.
Related commands display nat server nat static Use nat static to configure a one-to-one static NAT mapping. Use undo nat static to remove a one-to-one static NAT mapping.
nat static net-to-net Use nat static net-to-net to configure a net-to-net static NAT mapping. Use undo nat static net-to-net to remove a net-to-net static NAT mapping.
Syntax port-range port-range-start port-range-end undo port-range Default The port range for a NAT address group is 1 to 65535. Views NAT address group view Default command level 2: System level Parameters port-range-start: Specifies the start port in the range of 1 to 65535. port-range-end: Specifies the end port in the range of 1 to 65535. The end port must not be lower than the start port. Usage guidelines This command takes effect only on a NAT address pool that is applied in PAT mode.
reset userlog nat export Use reset userlog nat export to clear NAT log statistics. Syntax reset userlog nat export Views User view Default command level 2: System level Parameters None Usage guidelines Once the NAT log function is enabled, the system takes statistics for NAT logs periodically. Examples # Clear the NAT log information. reset userlog nat export Related commands display userlog export reset userlog nat logbuffer Use reset userlog nat logbuffer to clear the NAT log buffer.
userlog nat export host Use userlog nat export host to specify the IP address and UDP port number of the NAT log server that receives NAT logs. Use undo userlog nat export host to restore the default. Syntax userlog nat export host { ipv4-address | ipv6 ipv6-address } udp-port undo userlog nat export host { ipv4-address | ipv6 ipv6-address } Default No NAT log server IP address or UDP port number is configured.
Default The source IP address of the UDP packets that carry NAT logs is the IP address of the interface that sends the UDP packets. Views System view Default command level 2: System level Parameters ip-address: Specifies the source IP address for the UDP packets. Examples # Use 169.254.1.2 as the source IP address of the UDP packets that carry NAT logs. system-view [Sysname] userlog nat export source-ip 169.254.1.
Use undo userlog nat syslog to restore the default. Syntax userlog nat syslog undo userlog nat syslog Default NAT logs are exported to the NAT log server. Views System view Default command level 2: System level Usage guidelines As NAT logs might consume a large volume of memory, HP recommends not exporting large amounts of NAT logs to the information center. Examples # Export NAT logs to the information center.
NAT-PT configuration commands display natpt address-group Use display natpt address-group to display NAT-PT address pool configuration information. Syntax display natpt address-group [ | { begin | exclude | include } regular-expression ] Views Any view Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays the lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Syntax display natpt aging-time [ | { begin | exclude | include } regular-expression ] Views Any view Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays the lines that do not match the specified regular expression.
Syntax display natpt all [ | { begin | exclude | include } regular-expression ] Views Any view Default Level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays the lines that do not match the specified regular expression.
finrst -------aging-time value is 5 (seconds) frag -------aging-time value is 5 (seconds) NATPT Statistics: Total Sessions: 0 Expired Sessions: 0 Hits: 0 Misses: 0 Total Fragment Sessions: 0 Expired Fragment Sessions: 0 Fragment Hits: 0 Fragment Misses: 0 Total Address Mapping: 0 (static: 0 dynamic: 0 ) Total V6Server Mappings: 0 NATPT Interfaces: Ethernet1/0 For the explanations to the information displayed above, see the descriptions of related commands.
Table 44 Command output Field Description No Sequence number. IPv6Source Source IPv6 address. IPv6Destination Destination IPv6 address. IPv4Source Source IPv4 address. IPv4Destination Destination IPv4 address. PacketID Sequence number of a fragment. display natpt session Use display natpt session to display information about dynamic NAT-PT sessions.
Table 45 Command output Field Description No Sequence number. IPV6Source Source IPv6 address. IPV6Destination Destination IPv6 address. IPV4Source Source IPv4 address. IPV4Destination Destination IPv4 address. Pro Protocol type. display natpt statistics Use display natpt statistics to display NAT-PT statistics information.
Total Address Mapping: 0 (static: 0 Total V6Server Mappings: 0 dynamic: 0 ) NATPT Interfaces: Ethernet1/0 Table 46 Command output Field Description Total Sessions Total number of sessions. Expired Sessions Number of expired sessions. Hits Number of times that a packet matches a NAT-PT session. Misses Number of times that a packet matches no NAT-PT sessions. Total Fragment Sessions Total number of active fragment sessions. Expired Fragment Sessions Number of expired fragment sessions.
The execution of the undo natpt address-group command might affect some dynamic NAT-PT mappings. A NAT-PT address pool and an IPv4 NAT address pool do not share any address. When there is only one address in the NAT-PT address pool, the address applies to only NAPT-PT. When there is more than one address in the NAT-PT address pool, the end IPv4 address is reserved for NAPT-PT. The number of addresses used for dynamic NAT-PT mapping is the number of configured addresses minus 1.
tcp: Specifies a NAT-PT session aging time for the TCP packets. time-value: Specifies the NAT-PT session aging time in seconds, in the range of 5 to 600. Examples # Set the NAT-PT session aging time to 30 seconds for UDP packets and 45 seconds for ICMP packets. system-view [Sysname] natpt aging-time udp 30 [Sysname] natpt aging-time icmp 45 Related commands display natpt aging-time natpt enable Use natpt enable to enable the NAT-PT feature on an interface.
Views System view Default Level 2: System level Parameters max-number: Specifies the maximum number of sessions, in the range of 0 to 10000. Examples # Configure the system to allow 300 concurrent NAT-PT sessions. system-view [Sysname] natpt max-session 300 natpt prefix Use natpt prefix to configure a NAT-PT prefix. Use undo natpt prefix to remove the configured NAT-PT prefix.
natpt turn-off tos Use natpt turn-off tos to set the ToS field in an IPv4 packet translated from an IPv6 packet to 0. Use undo natpt turn-off tos to restore the default. Syntax natpt turn-off tos undo natpt turn-off tos Default The value of the ToS field in an IPv4 packet translated from an IPv6 packet is the same as that of the Traffic Class field in the IPv6 packet. Views System view Default Level 2: System level Examples # Set the ToS field in an IPv4 packet translated from an IPv6 packet to 0.
natpt v4bound dynamic Use natpt v4bound dynamic to configure a dynamic source address mapping policy for packets from IPv4 hosts to IPv6 hosts by associating an ACL with a NAT-PT prefix. Use undo natpt v4bound dynamic to remove the association. Syntax natpt v4bound dynamic acl number acl-number prefix natpt-prefix undo natpt v4bound dynamic acl number acl-number Views System view Default Level 2: System level Parameters acl number acl-number: Specifies the IPv4 ACL number in the range of 2000 to 2999.
Default Level 2: System level Parameters ipv4-address: Specifies the IPv4 address to be mapped. ipv6-address: Specifies the IPv6 address to which an IPv4 address is mapped. Usage guidelines The ipv6-address prefix should be contained in the configured NAT-PT prefix. Examples # Configure a static mapping between the IPv4 address 2.3.4.9 and the IPv6 address 2001::1 on the IPv4 side. system-view [Sysname] natpt v4bound static 2.3.4.
system-view [Sysname] natpt v4bound static v6server protocol tcp 2.3.4.5 80 2001::1 80 Related commands display natpt address-mapping natpt v6bound dynamic Use natpt v6bound dynamic to configure a dynamic source address mapping policy for packets from IPv6 hosts to IPv4 hosts. Use undo natpt v6bound dynamic to remove the dynamic mapping.
natpt v6bound static Use natpt v6bound static to configure a static IPv4/IPv6 address mapping on the IPv6 side. Use undo natpt v6bound static to remove a static IPv4/IPv6 address mapping on the IPv6 side. Syntax natpt v6bound static ipv6-address ipv4-address undo natpt v6bound static ipv6-address ipv4-address Views System view Default Level 2: System level Parameters ipv6-address: Specifies the IPv6 address to be mapped. ipv4-address: Specifies the IPv4 address to which an IPv6 address is mapped.
Views User view Default Level 1: Monitor level Parameters None Examples # Clear all NAT-PT statistics information.
DVPN configuration commands VAM server configuration commands authentication-algorithm Use authentication-algorithm to specify the algorithms for protocol packet authentication and their priorities. Use undo authentication-algorithm to restore the default. Syntax authentication-algorithm { none | { md5 | sha-1 } * } undo authentication-algorithm Default SHA-1 is used for protocol packet authentication.
authentication-method Use authentication-method to specify the authentication mode that the VAM server uses to authenticate clients. Use undo authentication-method to restore the default. Syntax authentication-method { none | { chap | pap } [ domain name-string ] } undo authentication-method Default A VAM server performs CHAP authentication of clients, using the default domain that you configure.
Parameters all: Displays the address mapping information for all VAM clients registered on the VAM server. vpn vpn-name: Displays the address mapping information for all registered VAM clients in a VPN domain. The vpn-name argument indicates the VPN domain name and is a case-insensitive string of 1 to 15 characters. private-ip private-ip: Displays the address mapping information for the VAM client with the specified private IP address.
Field Description Public-ip Public address that the VAM client registers with the VAM server. Type Type of the VAM client, hub or spoke. Holding time Time that elapses after the VAM client successfully registers with the server, in the format xxH xxM xxS (xx hours xx minutes xx seconds). display vam server statistic Use display vam server statistic to display statistics about VAM clients.
VPN name: Service: 9 enable Holding time: 0h 33m 53s Registered spoke number: 23 Registered hub number: 1 Address resolution times: 150 Succeeded resolution times: Failed resolution times: 148 2 # Display statistics about VAM clients in VPN domain 1.
Views VPN domain view Default command level 2: System level Parameters 3des: Uses the 3DES encryption algorithm. aes-128: Uses the AES encryption algorithm, with a key length of 128 bits. aes-256: Uses the AES encryption algorithm, with a key length of 256 bits. des: Uses the DES encryption algorithm. none: Performs no encryption. Usage guidelines Based on its encryption algorithm configuration, a VAM server negotiates with a client to determine the encryption algorithm to be used between them.
Usage guidelines The public IP address is optional. The VAM server can get the public address of a hub when the hub registers. Up to two hubs can be configured on a VAM server. Examples # Configure a hub for VPN domain 1, setting the public and private IP addresses as 123.0.0.1 and 10.1.1.1, respectively. system-view [Sysname] vam server vpn 1 [Sysname-vam-server-vpn-1] hub private-ip 10.1.1.1 public-ip 123.0.0.
keepalive retry Use keepalive retry to set the maximum number of attempts for a VAM client to send a keepalive packet to the VAM server. If the maximum number of attempts is reached but the client receives no response, the connection is considered broken. Use undo keepalive retry to restore the default. Syntax keepalive retry retry-times undo keepalive retry Default The maximum number of attempts for a VAM client to send a keepalive packet to the VAM server is 3.
Default No pre-shared key is configured. Views VPN domain view Default command level 2: System level Parameters cipher: Sets a ciphertext pre-shared key. simple: Sets a plaintext pre-shared key. string-key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 31 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
Examples # Enable the VAM server feature for VPN domain 1. system-view [Sysname] vam server vpn 1 [Sysname-vam-server-vpn-1] server enable Related commands • display vam server statistic • vam server enable • vam server vpn vam server enable Use vam server enable to enable the VAM server feature for all VPN domains or a specific VPN domain. Use undo vam server enable to disable the VAM server feature for all VPN domains or a specific VPN domain.
Use undo vam server ip-address to remove the configuration. Syntax vam server ip-address ip-address [ port port-number ] undo vam server ip-address Default A VAM server has neither listening IP address nor UDP port number configured. Views System view Default command level 2: System level Parameters ip-address: Specifies the listening IP address of the VAM server. port-number: Specifies the listening UDP port of the VAM server, in the range of 1025 to 65535. The default is 18000.
Parameters vpn-name: Specifies the VPN domain name, a case-insensitive string of 1 to 15 characters. Valid characters are A to Z, a to z, 0 to 9, and the dot sign (.). Examples # Create VPN domain 1 and enter its view. system-view [Sysname] vam server vpn 1 [Sysname-vam-server-vpn-1] VAM client configuration commands client enable Use client enable to enable the VAM client feature for a VAM client. Use undo client enable to restore the default.
Views Any view Default command level 1: Monitor level Parameters address-map: Specifies the address mapping information between public and private network addresses of VAM clients. fsm: Specifies the status information for VAM clients. client-name: Specifies the VAM client name, a case-insensitive string of 1 to 31 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Authentication-algorithm: SHA1 Table 49 Command output Field Description Client name Name of the VAM client. VPN name Name of the VPN domain where the VAM client resides. Interface DVPN tunnel interface of the VAM client. Resend interval(seconds) Protocol packet retransmission interval of the VAM client. Client type VAM client type, hub or spoke. Username Username of the VAM client. Primary server Public IP address of the primary VAM server.
Syntax pre-shared-key { cipher | simple } key-string undo pre-shared-key Default No pre-shared key is configured. Views VAM client view Default command level 2: System level Parameters cipher: Sets a ciphertext pre-shared key. simple: Sets a plaintext pre-shared key. string-key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 31 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
Default command level 2: System level Parameters time-interval: Specifies the protocol packet retransmission interval in the range of 3 to 30 seconds. Usage guidelines If a VAM client sends a protocol packet to the VAM server but receives no response in the specified interval, it resends the packet. Protocol packets include connection request packets, negotiation acknowledgement packets, registration request packets, and authentication request packets.
[Sysname] vam client name abc [Sysname-vam-client-name-abc] server primary ip-address 1.1.1.1 port 2000 Related commands • display vam client • server secondary • vam client name server secondary Use server secondary to specify the public IP address and UDP port of the secondary VAM server. Use undo server secondary to restore the default.
Use undo user to remove the configuration. Syntax user username password { cipher | simple } string undo user Default No username or password is configured for a VAM client. Views VAM client view Default command level 2: System level Parameters username: Specifies the username for the VAM client, a case-sensitive string of 1 to 253 characters. It cannot contain forward slash (/), colon (:), asterisk (*), question mark (?), angle brackets (< >), at sign (@), vertical bar (|), and backslash (\).
Default The VAM client feature is disabled. Views System view Default command level 2: System level Parameters all: Specifies all configured VAM clients. name client-name: Specifies an existing VAM client. The client-name argument is a case-insensitive string of 1 to 31 characters. Valid characters are A to Z, a to z, 0 to 9, and the dot sign (.). Examples # Enable the VAM client feature for VAM client spoke.
system-view [Sysname] vam client name abc [Sysname-vam-client-name-abc] Related commands • display vam client • vam client vpn Use vpn to specify the VPN to which a VAM client belongs. Use undo vpn to remove the configuration. Syntax vpn vpn-name undo vpn Default A VAM client does not belong to any VPN.
Views Any view Default command level 1: Monitor level Parameters all: Specifies all DVPN sessions of the VAM client. interface interface-type interface-number: Specifies the DVPN sessions of an interface. The interface type must be tunnel. private-ip ip-address: Specifies the DVPN session to a peer VAM client. The ip-address specifies the private IP address of the peer VAM client. |: Filters command output by specifying a regular expression.
Table 51 Command output Field Description Interface DVPN tunnel interface. VPN name Name of a VPN domain. Total number Number of DVPN tunnels established on the tunnel interface. Private IP Private address of the DVPN session peer. Public IP Public address of the DVPN session peer. Session type Tunnel type of the DVPN session. Status of the DVPN tunnel. State • SUCCESS—The tunnel is already established. • ESTABLISH—The tunnel is being established.
Examples # Set the quiet period of the DVPN tunnel to 100 seconds. system-view [Sysname] interface tunnel 0 [Sysname-Tunnel0] dvpn session dumb-time 100 Related commands • interface tunnel • tunnel-protocol dvpn session idle-time Use dvpn session idle-time to set the idle timeout of a spoke-spoke DVPN tunnel. If no data is transferred along a spoke-spoke tunnel during this interval, the tunnel will be removed automatically. Use undo dvpn session idle-time to restore the default.
Syntax keepalive [ seconds [ times ] ] undo keepalive Default The DVPN keepalive interval is 180 seconds and the maximum number of transmission attempts is 3. Views Tunnel interface view Default command level 2: System level Parameters seconds: Specifies the interval for transmitting DVPN keepalive packets, in the range of 1 to 32767 seconds. times: Specifies the maximum number of attempts for transmitting a keepalive packet, in the range of 1 to 255.
private-ip ip-address: Specifies the DVPN session to a peer VAM client. The ip-address specifies the private IP address of the peer VAM client. Examples # Remove the DVPN session whose peer private IP address is 169.254.0.1 from tunnel 0. reset dvpn session interface tunnel 0 private-ip 169.254.0.1 Related commands display dvpn session tunnel vpn-instance Use tunnel vpn-instance to specify the VPN to which the tunnel destination address belongs.
[Sysname-Ethernet1/1] ip address 1.1.1.1 24 [Sysname-Ethernet1/1] quit [Sysname] interface tunnel 0 [Sysname-Tunnel0] tunnel-protocol dvpn udp [Sysname-Tunnel0] source ethernet 1/1 [Sysname-Tunnel0] tunnel vpn-instance vpn10 vam client Use vam client to bind a VAM client to a DVPN tunnel interface. Use undo vam client to remove the binding. Syntax vam client client-name undo vam client Default A DVPN tunnel interface is bound with no VAM client.
Tunneling configuration commands bandwidth Use bandwidth to configure the expected bandwidth for a tunnel interface. Use undo bandwidth to remove the setting. Syntax bandwidth bandwidth-value undo bandwidth Views Tunnel interface view Default command level 2: System level Parameters bandwidth-value: Specifies the expected bandwidth in the range of 1 to 4294967295 kbps.
Usage guidelines CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. Use the display this command in interface view to identify these commands. Use their undo forms or follow the command reference to individually restore their default settings.
Use undo destination to remove the configured tunnel destination address. Syntax destination { ip-address | ipv6-address } undo destination Default No tunnel destination address is configured. Views Tunnel interface view Default command level 2: System level Parameters ip-address: Specifies the tunnel destination IPv4 address. ipv6-address: Specifies the tunnel destination IPv6 address.
display interface tunnel Use display interface tunnel to display information about tunnel interfaces, including the source address, destination address, and tunnel mode. Syntax display interface [ tunnel ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface tunnel number [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters number: Specifies the number of a tunnel interface.
Checksumming of GRE packets disabled Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last clearing of counters: Last 300 seconds input: Never 0 bytes/sec, 0 packets/sec Last 300 seconds output: 0 packets input, 0/500/0 0/75/0 0 bytes/sec, 0 packets/sec 0 bytes 0 input error 0 packets output, 0 bytes 0 output error Table 52 Command output Field Description Physical state o
Field Description Tunnel mode and transport protocol: • • • • • • • • • • • • • • • Tunnel protocol/transport UDP_DVPN/IP—DVPN UDP tunnel mode. GRE_DVPN/IP—DVPN GRE tunnel mode. GRE/IP—GRE over IPv4 tunnel mode. GRE/IPv6—GRE over IPv6 tunnel mode. IPsec/IP—IPsec over IPv4 tunnel mode. IP/IP—IPv4 over IPv4 tunnel mode. IP/IPv6—IPv4 over IPv6 tunnel mode. IP/IPv6 dslite-aftr—IPv4 over IPv6 DS-lite tunnel mode on the AFTR. IP/IPv6 dslite-cpe—IPv4 over IPv6 DS-lite tunnel mode on the CPE.
display interface tunnel brief down The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Interface Link Cause Tun1 DOWN Not connected Table 53 Command output Field Description The brief information of interface(s) under route mode Brief information about Layer 3 interfaces. Link status: Link: ADM - administratively down; Stby - standby • ADM—The interface has been administratively shut down by using the undo shutdown command.
Views Any view Default command level 1: Monitor level Parameters number: Displays IPv6 information on a specific tunnel interface. If you do not specify any interface number, this command displays IPv6 information about all tunnel interfaces. brief: Displays brief information of tunnel interfaces. If you do not specify this keyword, this command displays detailed information and IPv6 packet statistics for tunnel interfaces. |: Filters command output by specifying a regular expression.
OutFragFails: 0 InUnknownProtos: 0 InDelivers: 45 OutRequests: 45 OutForwDatagrams: 0 InNoRoutes: 0 InTooBigErrors: 0 OutFragOKs: 0 OutFragCreates: 0 InMcastPkts: 0 InMcastNotMembers: 0 OutMcastPkts: 0 InAddrErrors: 0 InDiscards: 0 OutDiscards: 0 Table 54 Command output Field Description Physical state of the tunnel interface: • Administratively DOWN—The interface has been shut down by using the shutdown command.
Field Description InTruncatedPkts Received IPv6 packets with a length less than that specified in the packets. InHopLimitExceeds Received IPv6 packets with a hop count exceeding the limit. InBadHeaders Received IPv6 packets with bad basic headers. InBadOptions Received IPv6 packets with bad extension headers. ReasmReqds Received IPv6 fragments. ReasmOKs Number of packets after reassembly rather than the number of fragments. InFragDrops IPv6 fragments discarded due to certain errors.
Table 55 Command output Field Description *down The tunnel interface is administratively shut down by using the shutdown command. (s) Spoofing attribute of the tunnel interface. The link protocol state of the tunnel interface is up, but the link does not exist, or the link is established on demand, instead of being permanent. Interface Name of the tunnel interface. Physical state of the tunnel interface: Physical • *down—The interface has been shut down by using the shutdown command.
Hardware Value range MSR900 0 to 1023 MSR93X 0 to 1023 MSR20-1X 0 to 1023 MSR20 0 to 1023 MSR30 0 to 1023 MPUF: 0 to 1023 MSR50 MPU-G2: 0 to 2047 MSR1000 0 to 1023 Examples # Create interface Tunnel 3 and enter tunnel interface view.
system-view [Sysname] interface tunnel 3 [Sysname-Tunnel3] mtu 10000 reset counters interface Use reset counters interface to clear the statistics of tunnel interfaces. Syntax reset counters interface [ tunnel [ number ] ] Views User view Default command level 2: System level Parameters number: Specifies the tunnel interface number in the range of 0 to 1023.
Use undo shutdown to bring up a tunnel interface. Syntax shutdown undo shutdown Default A tunnel interface is in up state. Views Tunnel interface view Default command level 2: System level Examples # Shut down interface Tunnel 1. system-view [Sysname] interface tunnel 1 [Sysname-Tunnel1] shutdown source Use source to specify the source address or source interface for the tunnel interface. Use undo source to restore the default.
Automatic tunnel interfaces using the same encapsulation protocol must have different source addresses. Manual tunnel interfaces using the same encapsulation protocol must have different source and destination addresses. Examples # Set the tunnel source address to 192.100.1.1 on the interface Tunnel 5. system-view [Sysname] interface tunnel 5 [Sysname-Tunnel5] source 192.100.1.1 Or set the tunnel source interface to Ethernet 1/1.
[Sysname] interface tunnel 0 [Sysname-Tunnel0] tunnel bandwidth 100 tunnel discard ipv4-compatible-packet Use tunnel discard ipv4-compatible-packet to enable dropping of IPv6 packets using IPv4-compatible IPv6 addresses. Use undo tunnel discard ipv4-compatible-packet to restore the default. Syntax tunnel discard ipv4-compatible-packet undo tunnel discard ipv4-compatible-packet Default IPv6 packets using IPv4-compatible IPv6 addresses are not dropped.
Parameters dvpn gre: Specifies the DVPN GRE tunnel mode. dvpn udp: Specifies the DVPN UDP tunnel mode. gre: Specifies the GRE over IPv4 tunnel mode. gre ipv6: Specifies the GRE over IPv6 tunnel mode. ipsec ipv4: Specifies the IPsec over IPv4 tunnel mode. ipv4-ipv4: Specifies the IPv4 over IPv4 tunnel mode. ipv4-ipv6: Specifies the IPv4 over IPv6 manual tunnel mode. ipv4-ipv6 dslite-aftr: Specifies the IPv4 over IPv6 DS-lite tunnel mode on the AFTR.
UDP helper configuration commands display udp-helper server Use display udp-helper server to display information about forwarded UDP packets on the specified interface or all interfaces. Syntax display udp-helper server [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays information about forwarded UDP packets on a specific interface.
Views User view Default command level 1: Monitor level Examples # Clear the statistics of UDP packets forwarded by UDP helper. reset udp-helper packet Related commands display udp-helper server udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper. Syntax udp-helper enable undo udp-helper enable Default UDP helper is disabled. Views System view Default command level 2: System level Examples # Enable UDP helper.
Default command level 2: System level Parameters multicast-address: Specifies the destination multicast address of the UDP multicast packets to be forwarded by UDP helper. broadcast-address: Specifies the subnet broadcast address. acl acl-number: Specifies an ACL for identifying UDP multicast packets. UDP helper processes the packets matching the permit rule in the ACL. The acl-number argument is in the range of 2000 to 2999 for a basic ACL, or 3000 to 3999 for an advanced ACL.
tacacs: Forwards terminal access controller access control system (TACACS) data packet. The corresponding UDP port number is 49. tftp: Forwards TFTP data packets. The corresponding UDP port number is 69. time: Forwards time service data packets. The corresponding UDP port number is 37. Usage guidelines You can configure a UDP port either by specifying the port number or by specifying the keyword.
Related commands display udp-helper server 243
GRE configuration commands gre checksum Use gre checksum to enable the GRE packet checksum function. This function verifies the validity of packets and discards invalid packets. Use undo gre checksum to disable the GRE packet checksum function. Syntax gre checksum undo gre checksum Default The GRE packet checksum function is disabled. Views Tunnel interface view Default command level 2: System level Examples # Enable the GRE packet checksum function for the tunnel between Sysname1 and Sysname2.
Default No key is configured for a GRE tunnel interface. Views Tunnel interface view Default command level 2: System level Parameters key-number: Specifies the key for the GRE tunnel interface, in the range of 0 to 4294967295. Usage guidelines For a P2P GRE tunnel, both ends of the tunnel must be configured with the same GRE key. Otherwise, packets cannot pass the GRE key verification and will be discarded. This weak security mechanism can prevent packets from being received mistakenly.
Default command level 2: System level Parameters recursion-value: Specifies the value for the Recursion Control field in the GRE header, in the range of 1 to 7. Usage guidelines Devices of some vendors require that, for example, the Recursion Control field in the GRE header should not be 0, and will discard GRE packets whose Recursion Control field is 0. To solve this problem, you must use this command on the HP device to adjust the Recursion Control field.
sending the keepalive packet for the maximum number of attempts, the local tunnel interface goes down and stays down until it receives a keepalive acknowledgement packet from the peer. Examples # Set the GRE keepalive interval to 20 seconds and the maximum number of transmission attempts to 5.
IPv6 basics configuration commands display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. If no parameter is specified, this command displays all IPv6 FIB entries. Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the IPv6 FIB entries of the specified MPLS L3VPN.
Destination: NextHop Label Interface : : : ::1 PrefixLength : 128 ::1 Flag : UH Null Token : Invalid InLoopBack0 Table 56 Command output Field Description Total number of Routes Total number of routes in the FIB. Destination Destination address. PrefixLength Prefix length of the destination address. NextHop Next hop. Route flag: Flag • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Black hole route. D—Dynamic route. S—Static route. Label Label.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
display ipv6 interface Use display ipv6 interface to display IPv6 information about an interface. Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type: Specifies an interface by its type. interface-number: Specifies an interface by its number. brief: Displays brief IPv6 information about an interface.
[valid lifetime 4641s/preferred lifetime 4637s] Joined group address(es): FF02::1:FF00:1 FF02::1:FF04:5D00 FF02::2 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 0 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeout
Field Description Link layer state of the interface: • DOWN—The link layer protocol state of the interface is down. • UP—The link layer protocol state of the interface is up. Line protocol current state IPv6 is enabled IPv6 is enabled on the interface. This function is automatically enabled after an IPv6 address is configured for an interface. link-local address Link-local address of the interface. Global unicast address(es) Global unicast addresses of the interface.
Field Description Physical state of the interface: • *down—The interface is administratively shut down by the shutdown command. Physical • down—The interface is administratively up but its physical state is down, which might be caused by a connection or link failure. • up—The administrative and physical states of the interface are both up. Link layer protocol state of the interface: Protocol IPv6 Address • down—The network layer protocol state of the interface is down.
Usage guidelines You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information. Examples # Display all neighbor information. display ipv6 neighbors all Type: S-Static IPv6 Address D-Dynamic Link-layer FE80::200:5EFF:FE32:B800 VID 0000-5e32-b800 Interface State T N/A Eth1/1 Age REACH S - # Display detailed information about all neighbors.
Syntax display ipv6 neighbors { all | dynamic | interface interface-type interface-number | static | vlan vlan-id } count [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays the total number of all neighbor entries, including neighbor entries acquired dynamically and configured statically. dynamic: Displays the total number of neighbor entries acquired dynamically.
count: Displays the total number of neighbor entries in the specified VPN. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays IPv6 path MTU information about the specified MPLS L3VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Without this option specified, the display ipv6 pathmtu command displays the IPv6 path MTU information for the public network. ipv6-address: Specifies the destination IPv6 address for which the path MTU information is to be displayed.
Views Any view Default command level 1: Monitor level Parameters socktype socket-type: Displays the socket information of this type. The socket type is in the range of 1 to 3. The value 1 represents a TCP socket, 2 a UDP socket, and 3 a raw socket. task-id: Displays the socket information of the task. The value range is 1 to 150. socket-id: Displays the information of the socket. The socket ID is in the range of 0 to 3072. |: Filters command output by specifying a regular expression.
Task = TRAP(52), socketid = 2, Proto = 17, LA = ::->1024, FA = ::->0, sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0, socket option =, socket state = SS_PRIV SOCK_RAW: Task = ROUT(86), socketid = 5, Proto = 89, LA = ::, FA = ::, sndbuf = 262144, rcvbuf = 262144, sb_cc = 0, rb_cc = 0, socket option = SO_REUSEADDR, socket state = SS_PRIV SS_ASYNC Table 63 Command output Field Description SOCK_STREAM TCP socket. SOCK_DGRAM UDP socket. SOCK_RAW Raw IP socket.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Received packets: Total: 0 checksum error: 0 bad code: 0 too short: 0 unreached: hopcount exceeded: 0 too big: 0 0 reassembly timeout: 0 parameter problem: 0 unknown error type: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert: 0 redirected: 0 router renumbering: 0 unknown info type: 0 Deliver failed: bad length: 0 ratelimited: 0 Table 64 Command output Field Description IPv6 Protocol Statistics of IPv6 packe
Field Description Statistics of sent ICMPv6 packets: Sent packets • • • • • Total—Total number of sent packets. • • • • • • • • • • • parameter problem—Number of Parameter Problem packets. unreached—Number of Destination Unreachable packets. too big—Number of Packet Too Big packets. hopcount exceeded—Number of Hop Limit Exceeded packets. reassembly timeout—Number of Fragment Reassembly Time Exceeded packets. echo request—Number of Echo Request packets. echo replied—Number of Echo Reply packets.
display tcp ipv6 statistics Use display tcp ipv6 statistics to display IPv6 TCP connection statistics. Syntax display tcp ipv6 statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disconnected : 0 Initiated connections: 0, accepted connections: 0, established connections: 0 Closed connections: 0 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Table 65 Command output Field Description Statistics of received packets: Received packets • • • • • • • Total—Total
Field Description Initiated connections Number of initiated connections. accepted connections Number of accepted connections. established connections Number of established connections. Closed connections Number of closed connections. dropped Number of dropped connections (after SYN is received from the peer). initiated dropped Number of initiated but dropped connections (before SYN is received from the peer).
Table 66 Command output Field Description *: TCP6 MD5 Connection The asterisk (*) indicates that the TCP6 connection is secured with MD5 authentication. TCP6CB IPv6 TCP control block address (hexadecimal). Local Address Local IPv6 address. Foreign Address Remote IPv6 address. IPv6 TCP connection status: State • • • • • • • • • • • Closed. Listening. Syn_Sent. Syn_Rcvd. Established. Close_Wait. Fin_Wait1. Closing. Last_Ack. Fin_Wait2. Time_Wait.
display udp ipv6 statistics Received packets: Total: 0 checksum error: 0 shorter than header: 0, data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 0 not delivered, input socket full: 0 input packets missing pcb cache: 0 Sent packets: Total: 0 Table 67 Command output Field Description Total Total number of received/sent packets. checksum error Total number of packets with a checksum error.
Examples # Enable IPv6. system-view [Sysname] ipv6 ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove the IPv6 address from the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No global unicast address is configured for an interface.
Syntax ipv6 address ipv6-address/prefix-length anycast undo ipv6 address ipv6-address/prefix-length anycast Default No IPv6 anycast address is configured for an interface. Views Interface view Default command level 2: System level Parameters ipv6-address/prefix-length: Specifies an IPv6 anycast address and its prefix length. The value range for prefix length is 1 to 128. Examples # Set the IPv6 anycast address of Ethernet 1/1 to 2001::1 with prefix length 64.
[Sysname-Ethernet1/1] ipv6 address auto ipv6 address auto link-local Use ipv6 address auto link-local to automatically generate a link-local address for an interface. Use undo ipv6 address auto link-local to remove the automatically generated link-local address for the interface.
Syntax ipv6 address ipv6-address/prefix-length eui-64 undo ipv6 address ipv6-address/prefix-length eui-64 Default No EUI-64 IPv6 address is configured for an interface. Views Interface view Default command level 2: System level Parameters ipv6-address/prefix-length: Specifies an IPv6 address and its prefix length. The ipv6-address and prefix-length arguments jointly specify the prefix of an EUI-64 IPv6 address.
generated one. If you first adopt manual assignment and then automatic generation, the automatically generated link-local address does not take effect and the link-local address of an interface is still the manually assigned one. If you delete the manually assigned address, the automatically generated link-local address is validated. For information about automatic generation of an IPv6 link-local address, see the ipv6 address auto link-local command.
Default command level 2: System level Usage guidelines After you disable sending ICMPv6 Time Exceeded packets, the device still sends Fragment Reassembly Time Exceeded packets. Examples # Disable sending ICMPv6 Time Exceeded packets. system-view [Sysname] undo ipv6 hoplimit-expires ipv6 icmp-error Use ipv6 icmp-error to configure the size and update period of the token bucket. Use undo ipv6 icmp-error to restore the default.
Default The device is disabled from replying to multicast echo requests. Views System view Default command level 2: System level Examples # Enable replying to multicast echo requests. system-view [Sysname] ipv6 icmpv6 multicast-echo-reply enable ipv6 mtu Use ipv6 mtu to set the MTU of IPv6 packets sent over an interface. Use undo ipv6 mtu to restore the default MTU. Syntax ipv6 mtu mtu-size undo ipv6 mtu Default The MTU is 1500.
undo ipv6 nd autoconfig managed-address-flag Default The M flag is set to 0 so that the host can acquire an IPv6 address through stateless autoconfiguration. Views Interface view Default command level 2: System level Examples # Configure the host to acquire an IPv6 address through stateful autoconfiguration.
Default The number of attempts to send an NS message for DAD is 1. Views Interface view Default command level 2: System level Parameters value: Specifies the number of attempts to send an NS message for DAD, in the range of 0 to 600. The default value is 1. To disable DAD, set the value to 0. Examples # Set the number of attempts to send an NS message for DAD to 20.
ipv6 nd ns retrans-timer Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. The local interface retransmits an NS message at intervals of this value. Furthermore, the Retrans Timer field in RA messages sent by the local interface is equal to this value. Use undo ipv6 nd ns retrans-timer to restore the default.
Views Interface view Default command level 2: System level Parameters value: Specifies the neighbor reachable time in milliseconds, in the range of 1 to 3600000. Examples # Set the neighbor reachable time on Ethernet 1/1 to 10000 milliseconds. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] ipv6 nd nud reachable-time 10000 Related commands display ipv6 interface ipv6 nd ra halt Use ipv6 nd ra halt to enable RA message suppression.
undo ipv6 nd ra interval Default The maximum interval between RA messages is 600 seconds, and the minimum interval is 200 seconds. Views Interface view Default command level 2: System level Parameters max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Specifies the minimum interval for advertising RA messages in seconds, in the range of 3 to 1350.
[Sysname-Ethernet1/1] ipv6 nd ra no-advlinkmtu ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages.
Default The router lifetime in RA messages is 1800 seconds. Views Interface view Default command level 2: System level Parameters value: Specifies the router lifetime in seconds, in the range of 0 to 9000. When it is set to 0, the device does not serve as the default router. Usage guidelines The router lifetime in RA messages should be greater than or equal to the advertising interval. Examples # Set the router lifetime in RA messages on Ethernet 1/1 to 1000 seconds.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the static neighbor entry belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the static neighbor entry is for the public network, do not specify this option. Usage guidelines You can use a Layer 3 VLAN interface or a Layer 2 port in the VLAN to configure a static neighbor entry. • If the first method is used, the neighbor entry is in the INCMP state.
ipv6 neighbors max-learning-num Use ipv6 neighbors max-learning-num to configure the maximum number of neighbors that can be dynamically learned on the interface. Use undo ipv6 neighbors max-learning-num to restore the default. Syntax ipv6 neighbors max-learning-num number undo ipv6 neighbors max-learning-num Default A Layer 2 interface does not limit the number of neighbors dynamically learned. A Layer 3 interface can dynamically learn a maximum of 1024 neighbors.
Parameters vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the path MTU belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the path MTU is for the public network, do not specify this option. ipv6-address: Specifies an IPv6 address. value: Specifies the Path MTU of a specific IPv6 address in bytes. The value range is 1280 to 10000. Examples # Configure a static path MTU for a specified IPv6 address.
Syntax ipv6 redirects enable undo ipv6 redirects Default Sending ICMPv6 redirect packets is disabled. Views System view Default command level System level Examples # Enable sending ICMPv6 redirect packets. system-view [Sysname] ipv6 redirects enable ipv6 unreachables enable Use ipv6 unreachables enable to enable sending ICMPv6 destination unreachable packets. Use undo ipv6 unreachables to disable sending ICMPv6 destination unreachable packets.
Default Local ND proxy is disabled. Views VLAN interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view Default command level 2: System level Examples # Enable local ND proxy on interface Ethernet 1/1. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] local-proxy-nd enable reset ipv6 neighbors Use reset ipv6 neighbors to clear IPv6 neighbor information.
Syntax reset ipv6 pathmtu { all | static | dynamic } Views User view Default command level 2: System level Parameters all: Clears all path MTUs. static: Clears all static path MTUs. dynamic: Clears all dynamic path MTUs. Examples # Clear all path MTUs. reset ipv6 pathmtu all reset ipv6 statistics Use reset ipv6 statistics to clear the statistics of IPv6 packets and ICMPv6 packets.
Default command level 1: Monitor level Usage guidelines You can use the display tcp ipv6 statistics command to display the statistics of IPv6 TCP connections. Examples # Clear the statistics of all IPv6 TCP connections. reset tcp ipv6 statistics reset udp ipv6 statistics Use reset udp ipv6 statistics to clear the statistics of all IPv6 UDP packets.
Examples # Set the finwait timer of IPv6 TCP connections to 800 seconds. system-view [Sysname] tcp ipv6 timer fin-timeout 800 tcp ipv6 timer syn-timeout Use tcp ipv6 timer syn-timeout to set the synwait timer for IPv6 TCP connections Use undo tcp ipv6 timer syn-timeout to restore the default. Syntax tcp ipv6 timer syn-timeout wait-time undo tcp ipv6 timer syn-timeout Default The synwait timer of IPv6 TCP connections is 75 seconds.
Examples # Set the size of the IPv6 TCP send/receive buffer to 4 KB.
DHCPv6 configuration commands DHCPv6 common configuration commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Parameters pool-number: Displays information about the DHCPv6 address pool specified by the pool number. The value range is 1 to 128. If you do not specify a pool number, this command displays all DHCPv6 address pool information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description valid lifetime Valid lifetime of the prefix, in seconds. Static bindings Static IPv6 address or prefix information configured in the address pool. If no static prefix is configured, this field is not displayed. DUID Client DUID. IAID Client IAID. If no IAID is configured, this field displays Not configured. Prefix IPv6 address prefix. Address Static IPv6 address. Prefix pool Prefix pool referenced by the address pool.
Prefix-pool Prefix Available In-use Static 1 64 5::/64 0 0 # Display details about prefix pool 1. display ipv6 dhcp prefix-pool 1 Prefix: 5::/64 Assigned length: 70 Total prefix number: 64 Available: 64 In-use: 0 Static: 0 Table 69 Command output Field Description Prefix-pool Prefix pool number. Prefix Prefix contained in the prefix pool. Available Number of idle prefixes. In-use Number of assigned prefixes. Static Number of static prefixes.
Examples # Display DHCPv6 server information about all interfaces. display ipv6 dhcp server DHCPv6 server status: Enabled Interface Pool Ethernet1/1 1 Ethernet1/2 2 # Display DHCPv6 server information about the specified interface. display ipv6 dhcp server interface ethernet 1/1 Using pool: 1 Preference value: 0 Allow-hint: Enabled Rapid-commit: Disabled Table 70 Command output Field Description DHCPv6 server status DHCPv6 server status, Enabled or Disabled.
pool pool-number: Displays IPv6 address conflict information about the DHCPv6 address pool specified by the pool number. The value range is 1 to 128. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description Type of an IPv6 address binding: • Static(F)—Free static binding, indicating the static address has not been assigned to the client. • Static(O)—Offered static binding. If the server replies with an Advertise message to the client during the four-step message exchange, the server sets the type of the static binding configured for the client to Static(O). Type • Static(C)—Committed static binding, indicating the static IPv6 address has been assigned to the client in a Reply message.
prefix prefix/prefix-len: Displays binding information about the specified prefix. The prefix/prefix-len indicates the IPv6 prefix and prefix length. The value range for the prefix length is 1 to 128. prefix-pool prefix-pool-number: Displays prefix binding information about the prefix pool specified by the prefix pool number. The value range is 1 to 128. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
Table 74 Command output Field Description Total number Total number of prefix bindings. Prefix Assigned IPv6 prefix. Type of a prefix binding: • Static(F)—Free static binding, indicating the static prefix has not been assigned to the client. • Static(O)—Offered static binding. If the server replies with an Advertise message to the client during the four-step message exchange, the server sets the type of the static binding configured for the client to Static(O).
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Number of messages sent out from the DHCPv6 server. The message types include: Packets sent • • • • ADVERTISE. RECONFIGURE. REPLY. RELAY-REPLY. dns-server Use dns-server to specify a DNS server for the client. Use undo dns-server to remove the specified DNS server. Syntax dns-server ipv6-address undo dns-server ipv6-address Default No DNS server address is specified.
undo domain-name Default No domain name is configured for the client. Views DHCPv6 address pool view Default command level 2: System level Parameters domain-name: Domain name, a string of 1 to 50 characters. Usage guidelines You can configure only one domain name in an address pool. If you use the domain-name command multiple times, the most recent configuration takes effect. Examples # Configure the domain name to be assigned to the client as aaa.com.
Examples # Specify the AFTR address as 2::1. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] ds-lite address 2::1 network Use network to specify an IPv6 subnet in a DHCPv6 address pool for dynamic address assignment. Use undo network to remove an IPv6 subnet from a DHCPv6 address pool. Syntax network network-address/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo network Default No IPv6 subnet is configured for dynamic address assignment.
Related commands display ipv6 dhcp pool ipv6 dhcp pool Use ipv6 dhcp pool to create a DHCPv6 address pool and enter DHCPv6 address pool view, or enter DHCPv6 address pool view if the specified address pool already exists. Use undo ipv6 dhcp pool to remove the address pool. Syntax ipv6 dhcp pool pool-number undo ipv6 dhcp pool pool-number Default No DHCPv6 address pool is configured.
Parameters prefix-pool-number: Prefix pool number in the range of 1 to 128. prefix prefix/prefix-len: Specifies the prefix contained in the specified prefix pool. The prefix indicates the IPv6 prefix. The prefix-len indicates the prefix length in the range of 1 to 128. assign-len assign-len: Specifies the length of the prefix assigned. The value range is 1 to 128. The assign-len must be higher than or equal to the prefix-len, and the difference between them must be less than or equal to 16.
rapid-commit: Configure the server to support rapid address and prefix assignment. If you do not specify this keyword, the server does not support rapid address and prefix assignment. Usage guidelines Upon receiving a request, the interface enabled with the DHCPv6 server selects an IPv6 address or a prefix from the address pool and assigns it to the client. With the allow-hint keyword specified, the server assigns the desired address or prefix to the requesting client.
Examples # Enable the DHCPv6 server. system-view [Sysname] ipv6 dhcp server enable prefix-pool Use prefix-pool to apply a prefix pool to the DHCPv6 address pool, so that the DHCPv6 server can dynamically select a prefix from the prefix pool and assign it to the client. Use undo prefix-pool to remove the configuration.
[Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] prefix-pool 1 preferred-lifetime 86400 valid-lifetime 259200 reset ipv6 dhcp server conflict Use reset ipv6 dhcp server conflict to clear IPv6 address conflict information. Syntax reset ipv6 dhcp server conflict { address ipv6-address | all | pool pool-number } Views User view Default command level 2: System level Parameters address ipv6-address: Clears conflict information about a specific IPv6 address.
Examples # Clear all IPv6 address binding information. reset ipv6 dhcp server ip-in-use all # Clear IPv6 address binding information about address pool 1. reset ipv6 dhcp server ip-in-use pool 1 # Clear binding information about IPv6 address 2001:0:0:1::1. reset ipv6 dhcp server ip-in-use address 2001:0:0:1::1 Related commands display ipv6 dhcp server ip-in-use reset ipv6 dhcp server pd-in-use Use reset ipv6 dhcp server pd-in-use to clear IPv6 prefix binding information.
Views User view Default command level 1: Monitor level Examples # Clear packet statistics on the DHCPv6 server. reset ipv6 dhcp server statistics sip-server Use sip-server to configure the IPv6 address or domain name of a SIP server for the client. Use undo sip-server to remove the configuration. Syntax sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name } Default No SIP server address or domain name is specified.
static-bind address Use static-bind address to configure a static IPv6 address binding in an address pool. Use undo static-bind address to remove a static IPv6 address binding. Syntax static-bind address ipv6-address/addr-prefix-length duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind address ipv6-address/addr-prefix-length Default No static IPv6 address binding is configured in an address pool.
static-bind prefix Use static-bind prefix to configure a static prefix. Use undo static-bind prefix to remove a static prefix. Syntax static-bind prefix prefix/prefix-len duid duid [ iaid iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo static-bind prefix prefix/prefix-len Default No static prefix is configured. Views DHCPv6 address pool view Default command level 2: System level Parameters prefix/prefix-len: Static prefix and prefix length.
DHCPv6 relay agent configuration commands display ipv6 dhcp relay server-address Use display ipv6 dhcp relay server-address to display information about DHCPv6 server addresses specified on the DHCPv6 relay agent. Syntax display ipv6 dhcp relay server-address { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays all DHCPv6 server address information.
Table 76 Command output Field Description Interface Interface that serves as the DHCPv6 relay agent. Server address(es) DHCPv6 server addresses specified on the interface. Output Interface Outgoing interface of DHCPv6 packets. display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display packet statistics on the DHCPv6 relay agent.
RECONFIGURE : 0 REPLY : 7 RELAY-FORWARD : 7 RELAY-REPLY : 0 Table 77 Command output Field Description Packets dropped Number of discarded packets. Error Number of discarded error packets. Excess of rate limit Number of packets discarded due to excess of rate limit. Packets received Number of received packets. SOLICIT Number of received solicit packets. REQUEST Number of received request packets. CONFIRM Number of received confirm packets. RENEW Number of received renew packets.
Default DHCPv6 relay agent is disabled and no DHCPv6 server is specified on the interface. Views Interface view Default command level 2: System level Parameters ipv6-address: IPv6 address of the DHCPv6 server. interface interface-type interface-number: Specifies an outgoing interface for DHCPv6 packets.
Usage guidelines After this command is executed, the packets statistics are displayed as 0 for the output from the display ipv6 dhcp relay statistics command. Examples # Clear packet statistics on the DHCPv6 relay agent. reset ipv6 dhcp relay statistics Related commands display ipv6 dhcp relay statistics DHCPv6 client configuration commands display ipv6 dhcp client Use display ipv6 dhcp client to display DHCPv6 client information.
1:2:4::7 Domain names : abc.com Table 78 Command output Field Description in stateless DHCPv6 client mode Indicates the client is in the stateless DHCPv6 configuration mode. Current state of the DHCPv6 client: • INIT—After enabled, the DHCPv6 client enters the INIT state. • IDLE—After receiving an RA message with the "M" flag set to 0 and "O" flag State is OPEN set to 1 and enabled with stateless DHCPv6, the DHCPv6 client enters the IDLE state.
Usage guidelines If you do not specify a parameter, the command displays DHCPv6 client statistics of all interfaces. Examples # Display DHCPv6 client statistics of Ethernet 1/1.
reset ipv6 dhcp client statistics Use reset ipv6 dhcp client statistics to clear DHCPv6 client statistics. Syntax reset ipv6 dhcp client statistics [ interface interface-type interface-number ] Views User view Default command level 1: Monitor level Parameters interface interface-type interface-number: Clears DHCPv6 client statistics of a specific interface. Usage guidelines If you do not specify a parameter, the command clears DHCPv6 client statistics of all interfaces.
IPv6 fast forwarding configuration commands display ipv6 fast-forwarding cache Use display ipv6 fast-forwarding cache to display IPv6 fast forwarding table information. Syntax display ipv6 fast-forwarding cache [ ipv6-address | verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command Level 1: Monitor level Parameters ipv6-address: Specifies an IPv6 address. verbose: Displays detailed information about the IPv6 fast forwarding table.
Output interface: Eth1/1 Table 80 Command output Field Description IPv6 Fast-Forwarding cache Entries in the IPv6 fast forwarding table. Index Unique entry index. SIP Source IPv6 address. SPort Source port number. DIP Destination IPv6 address. DPort Destination port number. Pro Protocol number. Flg Internal tag, mainly for marking service process information. Input interface Incoming interface for packets. Output interface Outgoing interface for packets.
Field Description VlanID VLAN ID. This field is effective when the outgoing interface is a VLAN interface or an Ethernet subinterface. Otherwise, 0 is displayed. L2Port Name of the Layer-2 Ethernet interface. This field is effective when the outgoing interface is a VLAN interface. Otherwise, N/A is displayed. L2 Head Length Length of the link-layer header. L2 Head Complete link-layer header information.
Examples # Enable IPv6 fast forwarding on Ethernet 1/1 in the inbound direction. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] ipv6 fast-forwarding inbound # Disable IPv6 fast forwarding on Ethernet 1/1 in both the inbound and outbound directions. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] undo ipv6 fast-forwarding reset ipv6 fast-forwarding cache Use reset ipv6 fast-forwarding cache to clear IPv6 fast forwarding table information.
IPv6 DNS configuration commands display dns ipv6 server Use display dns ipv6 server to display IPv6 DNS server information. Syntax display dns ipv6 server [ dynamic ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters dynamic: Displays IPv6 DNS server information acquired dynamically through DHCP or other protocols. |: Filters command output by specifying a regular expression.
display ipv6 host Use display ipv6 host to display the mappings between host names and IPv6 addresses in the static domain name resolution table. Syntax display ipv6 host [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
undo dns server ipv6 ipv6-address [ interface-type interface-number ] Default No DNS server is configured. Views System view Default command level 2: System level Parameters ipv6-address: Specifies the IPv6 address of a DNS server. interface-type interface-number: Specifies an interface. When the IPv6 address of the DNS server is a link-local address, the two arguments must be specified. Usage guidelines You can configure a maximum of six DNS servers, including those with IPv4 addresses.
Examples # Configure the mapping between a host name and an IPv6 address.
IP forwarding basics commands display fib Use display fib to display FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ acl acl-number | ip-prefix ip-prefix-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the FIB entries of the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
10.2.1.1/32 127.0.0.1 UH InLoop0 Null Invalid 127.0.0.0/8 127.0.0.1 U InLoop0 Null Invalid 127.0.0.1/32 127.0.0.1 UH InLoop0 Null Invalid # Display FIB entries matching ACL 2000. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.2.0.0 0.0.255.
Field Description Flags of routes: Flag • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Blackhole route. D—Dynamic route. S—Static route. R—Recursive route. OutInterface Outbound interface. InnerLabel Inner label. Token Label switched path index number. display fib ip-address Use display fib ip-address to display FIB entries that match the specified destination IP address.
Examples # Display the FIB entry that matches the destination IP address of 10.2.1.1 and has the longest mask. display fib 10.2.1.1 Destination count: 1 FIB entry count: 1 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface InnerLabel Token 10.2.1.1/32 127.0.0.1 UH InLoop0 Null For the command output, see Table 84.
Load sharing commands bandwidth-based-sharing Use bandwidth-based-sharing to enable bandwidth-based load sharing. Use undo bandwidth-based-sharing to disable bandwidth-based load sharing. Syntax bandwidth-based-sharing undo bandwidth-based-sharing Default Bandwidth-based load sharing is disabled.
Parameters ip-address: Specifies a destination IP address in dotted decimal notation. mask: Specifies an IP address mask in dotted decimal notation. mask-length: Specifies the IP address mask length in the range of 0 to 32. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Default command level 2: System level Examples # Enable user-based load sharing. system-view [Sysname] ip user-based-sharing enable ip user-based-sharing enable (interface view) Use ip user-based-sharing enable to enable user-based load sharing on the interface. Use undo ip user-based-sharing enable to restore the default. Syntax ip user-based-sharing enable undo ip user-based-sharing enable Default User-based load sharing on the interface is disabled.
Views Interface view Default command level 2: System level Parameters bandwidth: Specifies the bandwidth of the interface for load sharing, in Kbps. The value range for this argument is 0 to 1000000. Examples # Configure the bandwidth of the interface for load sharing.
There are/is totally 3 route entry(s) to the same destination network. Nexthop Packet(s) Bandwidth[KB] Flow(s) Interface 10.1.1.2 0 100000 0 Ethernet1/1 10.1.2.2 0 155000 0 Atm1/0 10.1.3.
NEMO commands address Use address to assign a home address to the mobile router. Use undo address to remove the home address of the mobile router. Syntax address ip-address undo address Default The mobile router has no home address. Views Mobile router view Default command level 2: System level Parameters ip-address: Specifies a home address in dotted decimal notation. Examples # Assign home address 1.2.3.4 to the mobile router.
Registration accepted 01/31/13 07:01:24, On GigabitEthernet0/0 Care-of addr 10.52.52.1, HA addr 10.40.40.1, Home addr 10.80.80.1 Lifetime requested 10:00:00 (36000), Granted 01:00:00 (3600) Remaining 00:59:47 Flags sbdmG-tIdentification B68B7673.81565B8 Register next time 00:59:27 Extensions: Mobile Network 172.16.153.0/24 Mobile Network 172.16.143.0/24 Authentication SPI 101 Table 86 Command output Field Usage guidelines Registration accepted Data and time when the registration was accepted.
Views Mobile router view Default command level 2: System level Parameters ip-address: Specifies the IP address of a home agent, in dotted decimal notation. Examples # Configure the mobile router to use the home agent address 2.2.2.2 for registration. system-view [Sysname] ip mobile router [Sysname-mobile-router] home-agent 2.2.2.2 ip mobile router Use ip mobile router to enable the mobile router function and enter the mobile router view.
Views System view Default command level 2: System level Parameters priority priority-level: Specifies the priority level for a roaming interface. The value range for the priority-level argument is 0 to 255, and the default value is 100. Usage guidelines A device can have only one roaming interface. If you configure another roaming interface on the same device, your configuration will fail. Examples # Configure GigabitEthernet 0/1 as a roaming interface.
If the roaming interface obtains an IP address and a gateway from a DHCP server, it automatically uses the gateway as the next hop to send a registration request. In this situation, this command does not take effect. Examples # Specify the gateway address 172.21.58.23 for the roaming interface GigabitEthernet 0/0. system-view [Sysname] interface gigabitethernet 0/0 [Sysname-GigabitEthernet0/0] ip address 172.21.58.23 255.255.255.
Default No SA is specified for the home agent. Views System view Default command level 2: System level Parameters ip-address: Specifies the IP address of a home agent. hex-value: Specifies an SPI in hexadecimal notation. The value range is 0x100 to 0xffffffff. cipher: Specifies a ciphertext key. simple: Specifies a plaintext key. string: Specifies a case sensitive key string for HMAC-MD5 authentication. This argument cannot contain any spaces.
Examples # Enable the interoperability mode. system-view [Sysname] ip mobile router [Sysname-mobile-router] interop 1 register extend expire Use register extend to configure registration extending parameters for the mobile router to be kept alive. Use undo register extend to restore the default. Syntax register extend expire seconds retry number interval seconds undo register extend Default The mobile router sends a registration request 120 seconds before registration expires.
Default The default registration lifetime is 65534 seconds. Views Mobile router view Default command level 2: System level Parameters seconds: Sets the registration lifetime in seconds. The value range is 3 to 65535. To make the registration never expire, set the lifetime to 65535. Usage guidelines If the mobile router does not receive any reply from the home agent within the registration lifetime, the router does the following operations: • Removes the registration information.
retry number: Specifies the maximum number of retries for sending a registration request. The value range is 0 to 10. To disable the mobile router from retransmitting a registration request, set this value to 0. Usage guidelines The second waiting time is twice of the initial waiting time, the third waiting time is twice of the second waiting time, and so on. When the waiting time exceeds the maximum waiting time, the maximum waiting time takes effect.
Syntax tunnel mtu value undo tunnel mtu Default The MTU for the tunnel interface is 17916 bytes. Views Mobile router view Default command level 2: System level Parameters value: Specifies an MTU in bytes. The value range is 68 to 17916. Usage guidelines The tunnel between the mobile router and the home agent is created dynamically, so set MTU of the tunnel interface by using this command in mobile router view. Examples # Set the MTU of the tunnel interface to 1024 bytes.
Usage guidelines The IP address and mask of the interface are contained in the registration request to inform the home agent of the mobile network. Examples # Specify GigabitEthernet 0/2 as the mobile router interface.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEFGHIKLMNOPRSTUVW dhcp relay release ip,60 A dhcp relay security refresh enable,61 address,144 dhcp relay security static,60 address,341 dhcp relay security tracker,62 arp check enable,1 dhcp relay server-detect,62 arp max-learning-num,1 dhcp relay server-group,63 arp send-gratuitous-arp,9 dhcp relay server-select,64 arp static,2 dhcp select relay,64 arp timer aging,3 dhcp select server global-pool,19 arp-snooping enable,15 dhcp server apply ip-pool,19 authentication-algorithm,1
display arp vpn-instance,7 display ipv6 dhcp prefix-pool,294 display arp-snooping,15 display ipv6 dhcp relay server-address,316 display bootp client,98 display ipv6 dhcp relay statistics,317 display ddns policy,111 display ipv6 dhcp server,295 display dhcp client,74 display ipv6 dhcp server conflict,296 display dhcp relay,65 display ipv6 dhcp server expired,297 display dhcp relay information,66 display ipv6 dhcp server ip-in-use,298 display dhcp relay security,68 display ipv6 dhcp server pd-i
display udp statistics,134 ip address dhcp-alloc,76 display udp-helper server,239 ip address unnumbered,121 display userlog export,157 ip fast-forwarding,123 display vam client,207 ip forward-broadcast (interface view),135 display vam server address-map,197 ip host,108 display vam server statistic,199 ip icmp-extensions,136 dns domain,104 ip mobile router,343 dns proxy enable,105 ip mobile router-service collocated gateway,344 dns resolve,105 dns server,106 ip mobile router-service collocat
natpt turn-off traffic-class,190 ipv6 nd ra no-advlinkmtu,280 ipv6 nd ra prefix,281 natpt v4bound dynamic,191 ipv6 nd ra router-lifetime,281 natpt v4bound static,191 ipv6 neighbor,282 natpt v4bound static v6server,192 ipv6 neighbor stale-aging,283 natpt v6bound dynamic,193 ipv6 neighbors max-learning-num,284 natpt v6bound static,194 ipv6 pathmtu,284 naturemask-arp enable,7 ipv6 pathmtu age,285 nbns-list,38 ipv6 redirects enable,285 netbios-type,39 ipv6 unreachables enable,286 network,306
tcp mss,140 reset ipv6 dhcp server ip-in-use,311 reset ipv6 dhcp server pd-in-use,312 tcp path-mtu-discovery,141 reset ipv6 dhcp server statistics,312 tcp timer fin-timeout,141 reset ipv6 fast-forwarding cache,327 tcp timer syn-timeout,142 reset ipv6 neighbors,287 tcp window,143 reset ipv6 pathmtu,287 tftp-server domain-name,48 reset ipv6 statistics,288 tftp-server ip-address,49 reset load-sharing statistics,339 tunnel bandwidth,236 reset nat session,174 tunnel discard ipv4-compatible-packet
