HP MSR2000/3000/4000 Router Series Layer 3 - IP Services Command Reference (V7) Part number: 5998-4012 Software version: CMW710-R0007P02 Document version: 6PW100-20130927
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ARP commands····························································································································································· 1 arp check enable ······················································································································································ 1 arp check log enable ············································································································································
display dhcp server conflict ·································································································································· 37 display dhcp server expired ································································································································· 38 display dhcp server free-ip ··································································································································· 39 display dhcp server ip-in
dhcp snooping check request-message··············································································································· 84 dhcp snooping enable ·········································································································································· 85 dhcp snooping information circuit-id ··················································································································· 85 dhcp snooping information enable ··········
display nat log ····················································································································································· 132 display nat no-pat ················································································································································ 133 display nat outbound ·········································································································································· 134 display na
display udp verbose ············································································································································ 191 ip forward-broadcast ·········································································································································· 193 ip icmp error-interval ··········································································································································· 193 ip icmp source ·
ipv6 nd autoconfig other-flag ····························································································································· 242 ipv6 nd dad attempts ·········································································································································· 243 ipv6 nd ns retrans-timer ······································································································································ 244 ipv6 nd nud reachable-ti
reset ipv6 dhcp server ip-in-use·························································································································· 287 reset ipv6 dhcp server pd-in-use ························································································································ 288 reset ipv6 dhcp server statistics ························································································································· 288 sip-server·························
tunnel ttl ································································································································································ 329 tunnel vpn-instance ·············································································································································· 330 Flow classification commands ································································································································ 332 forwar
ARP commands arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled. Views System view Predefined user roles network-admin Usage guidelines The dynamic ARP entry check function controls whether the device supports dynamic ARP entries with multicast MAC addresses.
Default ARP log output is disabled. Views System view Predefined user roles network-admin Usage guidelines Do not enable ARP log output unless necessary. The number of ARP logs can be massive, and outputting these logs occupies system resources. You can enable the device to output ARP logs when you are troubleshooting or debugging ARP events. Examples # Enable ARP log output.
Usage guidelines An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that an interface can learn. When the maximum number is reached, the interface stops learning ARP entries. When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries. Examples # Specify VLAN-interface 40 to learn up to 500 dynamic ARP entries.
Item MSR2000 MSR3000 MSR4000 Value range 1 to 2048 1 to 4096 1 to 16384 slot slot-number: Specifies the maximum number of dynamic ARP entries for the interface card specified by the slot number. (MSR4000) Usage guidelines A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that a device can learn. When the maximum number is reached, the device stops learning ARP entries.
Usage guidelines A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry. Static ARP entries can be classified into long and short static ARP entries. A short static ARP entry contains an IP-to-MAC mapping. A long static ARP entry contains an IP-to-MAC mapping, a VLAN, and an output interface. A static ARP entry is effective when the device works correctly.
Parameters aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes. Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. Dynamic ARP entries that are not updated before their aging timers expire are deleted from the ARP table. Set the aging timer for dynamic ARP entries as needed.
verbose: Displays detailed information about ARP entries. Usage guidelines This command displays information about ARP entries, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer. If you do not specify any parameters, the command displays all static and dynamic ARP entries. Examples # Display all ARP entries. display arp all Type: S-Static D-Dynamic M-Multiport I-Invalid IP Address MAC Address VLAN Interface Aging Type 20.1.1.
Field Description ARP entry type: • D—Dynamic. • S—Static. • I—Ineffective. Type Vpn Instance Name of VPN instance. [No Vrf] is displayed if no VPN instance is configured for the ARP entry. Total number of entries Number of ARP entries. Related commands • arp static • reset arp display arp ip-address Use display arp ip-address to display the ARP entry for a specific IP address.
Related commands • arp static • reset arp display arp timer aging Use display arp timer aging to display the aging timer of dynamic ARP entries. Syntax display arp timer aging Views Any view Predefined user roles network-admin network-operator Examples # Display the aging timer of dynamic ARP entries.
display arp vpn-instance test Type: S-Static D-Dynamic M-Multiport I-Invalid IP Address MAC Address VLAN ID Interface Aging Type 20.1.1.1 00e0-fc00-0001 N/A N/A N/A S Related commands • arp static • reset arp reset arp Use reset arp to clear ARP entries from the ARP table.
• display arp 11
Gratuitous ARP commands arp ip-conflict log prompt Use arp ip-conflict log prompt to enable IP conflict notification without conflict confirmation. Use undo arp ip-conflict log prompt to restore the default. Syntax arp ip-conflict log prompt undo arp ip-conflict log prompt Default The IP conflict notification is disabled. The receiving device sends a gratuitous ARP request, and it displays an error message after it receives an ARP reply about the conflict.
Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds. Usage guidelines This function takes effect only when the enabled interface is up and an IP address has been assigned to the interface. This function can send gratuitous ARP requests only for a VRRP virtual IP address, or the sending interface's primary IP address or manually configured secondary IP address.
Examples # Enable learning of gratuitous ARP packets. system-view [Sysname] gratuitous-arp-learning enable gratuitous-arp-sending enable Use gratuitous-arp-sending enable to enable sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet. Use undo gratuitous-arp-sending enable to restore the default.
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays the local proxy ARP status for the specified interface. Usage guidelines The local ARP proxy status can be enabled or disabled.
Parameters interface interface-type interface-number: Displays the proxy ARP status for the specified interface. Usage guidelines The proxy ARP status can be enabled or disabled. If an interface is specified, this command displays proxy ARP status for the specified interface. If no interface is specified, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status on Ethernet 1/1.
Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on Ethernet 1/1. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] local-proxy-arp enable # Enable local proxy ARP on Ethernet 1/1 for a specific IP address range. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.
Related commands display proxy-arp 18
IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for the specified Layer 3 interface or all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 2 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command. • DOWN—The interface is administratively up but its physical state is down, which might be caused by a connection or link failure.
Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Description Total number of ICMP packets received on the interface (statistics start at the device startup): • • • • • • • • • • • • • • • • Echo reply packets. Unreachable packets. Source quench packets.
If you do not specify the interface type and interface number, this command displays the brief IP configuration information for all Layer 3 interfaces. If you specify only the interface type, this command displays the brief IP configuration information for all Layer 3 interfaces of the specified type. If you specify both the interface type and interface number, this command displays the brief IP configuration information for the specified interface is displayed.
Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ] Default No IP address is assigned to an interface. Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of the interface, in dotted decimal notation. mask-length: Specifies the subnet mask length. The value range is from 1 to 31. For a loopback interface, the value range is from 1 to 32.
ip address unnumbered Use ip address unnumbered to configure the current interface as IP unnumbered to borrow an IP address from the specified interface. Use undo ip address unnumbered to disable IP unnumbered on the interface. Syntax ip address unnumbered interface interface-type interface-number undo ip address unnumbered Default The interface does not borrow IP addresses from other interfaces.
DHCP commands Common DHCP commands dhcp dscp Use dhcp dscp to set the DSCP value for DHCP packets sent by the DHCP server or the DHCP relay agent. Use undo dhcp dscp to restore the default. Syntax dhcp dscp dscp-value undo dhcp dscp Default The DSCP value in DHCP packets is 56. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Views System view Predefined user roles network-admin Usage guidelines Enable DHCP before you perform DHCP server or relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp select Use dhcp select to enable the DHCP server or DHCP relay agent on an interface. Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The interface discards DHCP packets.
DHCP server commands address range Use address range to configure an IP address range in a DHCP address pool for dynamic allocation. Use undo address range to remove the IP address range in the address pool. Syntax address range start-address end-address undo address range Default No IP address range is configured. Views DHCP address pool view Predefined user roles network-admin Parameters start-address: Specifies the start IP address. end-address: Specifies the end IP address.
bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key undo bims-server Default No BIMS server information is specified. Views DHCP address pool view Predefined user roles network-admin Parameters ip ip-address: Specifies the IP address of the BIMS server.
Syntax bootfile-name bootfile-name undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters bootfile-name: Specifies the boot file name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use the bootfile-name command multiple times, the most recent configuration takes effect. Examples # Specify the boot file name boot.cfg in DHCP address pool 0.
Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any client. start-address: Specifies the start IP address. end-address: Specifies the end IP address. Usage guidelines The class command enables you to divide an address range into multiple address ranges for different DHCP user classes.
Parameters class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. Usage guidelines In the DHCP user class view, use the if-match option command to configure a match rule to match specific clients. Then use the class command to specify an IP address range for the matching clients. Examples # Create a DHCP user class test and enter DHCP user class view.
system-view [Sysname] dhcp server always-broadcast dhcp server apply ip-pool Use dhcp server apply ip-pool to apply an address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration.
Default The DHCP server does not ignore BOOTP requests. Views System view Predefined user roles network-admin Usage guidelines The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests. Examples # Configure the DHCP server to ignore BOOTP requests.
dhcp server forbidden-ip Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation. Use undo dhcp server forbidden-ip to remove the configuration. Syntax dhcp server forbidden-ip start-ip-address [ end-ip-address ] undo dhcp server forbidden-ip start-ip-address [ end-ip-address ] Default No IP addresses are excluded from dynamic allocation. Views System view Predefined user roles network-admin Parameters start-ip-address: Specifies the start IP address.
Syntax dhcp server ip-pool pool-name undo dhcp server ip-pool pool-name Default No DHCP address pool is created. Views System view Predefined user roles network-admin Parameters pool-name: Specifies the name for the DHCP address pool, a case-insensitive string of 1 to 63 characters used to uniquely identify this pool. Usage guidelines A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients. Examples # Create a DHCP address pool named pool1.
Usage guidelines To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client. If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP client. Examples # Specify the maximum number of ping packets as 10.
• display dhcp server conflict • reset dhcp server conflict dhcp server relay information enable Use dhcp server relay information enable to enable the DHCP server to handle Option 82. Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82. Syntax dhcp server relay information enable undo dhcp server relay information enable Default The DHCP server handles Option 82.
• Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and discovers that it has been used by other host. • The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP address conflict. • The DHCP server discovers that the only assignable address in the address pool is its own IP address. Examples # Display information about all IP address conflicts. display dhcp server conflict IP address Detect time 4.4.4.
Examples # Display all lease expiration information. display dhcp server expired IP address Client-identifier/Hardware address Lease expiration 4.4.4.6 3030-3066-2e65-3230-302e-3130-3234 Apr 25 17:10:47 2007 -2d45-7468-6572-6e65-7430-2f31 Table 5 Command output Field Description IP address Expired IP address. Client-identifier/Hardware address Client ID or MAC address. Lease expiration Time when the lease expired.
Pool name: 2 Network: 20.1.1.0 mask 255.255.255.0 IP ranges from 20.1.1.0 to 20.1.1.255 Table 6 Command output Field Description Pool name Name of the address pool. Network Assignable network. IP ranges Assignable IP address range. Secondary networks Assignable secondary networks. Related commands • address range • dhcp server ip-pool • network display dhcp server ip-in-use Use display dhcp server ip-in-use to display binding information about assigned IP addresses.
10.1.1.1 4444-4444-4444 Not used Static(F) 10.1.1.2 3030-3030-2e30-3030- May 1 14:02:49 2009 Auto(C) After 2100 Static(C) 662e-3030-3033-2d457468-6572-6e65-74 10.1.1.3 1111-1111-1111 Table 7 Command output Field Description IP address IP address assigned. Client identifier/Hardware address Client ID or hardware address. Lease expiration time: • Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire.
Parameters pool-name: Displays information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify the pool-name argument, the command displays information about all address pools. Examples # Display information about all DHCP address pools. display dhcp server pool Pool name: 0 Network 20.1.1.0 mask 255.255.255.0 class a range 20.1.1.50 20.1.1.60 bootfile-name abc.cfg dns-list 20.1.1.66 20.1.1.67 20.1.1.68 domain-name www.aabbcc.
ip-address 10.10.1.2 mask 255.0.0.0 hardware-address 00e0-00fc-0001 ethernet ip-address 10.10.1.3 mask 255.0.0.0 client-identifier aaaa-bbbb expired unlimited Table 8 Command output Field Description Pool name Name of an address pool. Network Assignable network. secondary networks Assignable secondary networks. address range Assignable address range. class class-name range DHCP user class and its address range. static bindings Static IP-to-MAC/client ID bindings.
Views Any view Predefined user roles network-admin network-operator Parameters pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. Without this option, the command displays information about all address pools. Examples # Display the DHCP server statistics. display dhcp server statistics Pool number: 1 Pool utilization: 0.
Field Description Conflict Total number of conflict addresses. This field is not displayed if you display statistics for a specific address pool. DHCP packets received from clients: Messages received • • • • • • DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM BOOTPREQUEST This field is not displayed if you display statistics for a specific address pool.
Usage guidelines If you use the dns-list command multiple times, the most recent configuration takes effect. The undo dns-list command without any parameter specified deletes all DNS server addresses in the DHCP address pool. Examples # Specify the DNS server address 10.1.1.254 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list 10.1.1.
Use undo expired to restore the default lease duration for a DHCP address pool. Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic address pool is one day. Views DHCP address pool view Predefined user roles network-admin Parameters day day: Specifies the number of days, in the range of 0 to 365. hour hour: Specifies the number of hours, in the range of 0 to 23.
Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces. Usage guidelines The excluded IP addresses in an address pool are still assignable in other address pools. You can exclude a maximum of 4096 IP addresses in an address pool.
Parameters ip-address&<1-8>: Specifies gateways. &<1-8> indicates that you can specify up to eight gateway addresses separated by spaces. Gateway addresses must reside on the same subnet as the assignable IP addresses. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Without any parameters specified, the undo gateway-list command deletes all gateway addresses.
offset offset: Specifies the offset to match the option, in the range of 0 to 254 bytes. If you do not specify the offset argument, the server matches the entire option with the rule. length length: Matches the specified length of the option, in the range of 1 to 128 bytes. The specified length must be the same as the hex-string length. Usage guidelines You can configure multiple match rules for a DHCP user class. The DHCP server matches DHCP requests against the match rules.
Syntax nbns-list ip-address&<1-8> undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to eight WINS server addresses separated by spaces. Usage guidelines If you use this command multiple times, the most recent configuration takes effect.
Parameters b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server. h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server. m-node: Specifies the mixed node. An m-node client broadcasts the destination name.
secondary: Specifies the subnet as a secondary subnet. Without this keyword, this command specifies the primary subnet. If the addresses in the primary subnet are used up, the DHCP server can select addresses from a secondary subnet for clients. Usage guidelines You can use the secondary keyword to specify a secondary subnet and enter its view, where you can specify gateways by using the gateway-list command for DHCP clients in the secondary subnet.
Parameters ip-address: Specifies the IP address of a server. Usage guidelines Upon startup, the DHCP client obtains its own IP address and the specified server IP address, and then contacts the specified server, such as a TFTP server, to get other boot information. If you use the next-server command multiple times, the most recent configuration takes effect. Examples # Specify a server's IP address 10.1.1.254 in DHCP address pool 0.
• Add newly released options. • Add options for which the vendor defines the contents, for example, Option 43. • Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients. • Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command. For example, the dns-list command can specify up to eight DNS servers.
reset dhcp server expired Use reset dhcp server expired to clear binding information about expired IP addresses. Syntax reset dhcp server expired [ ip ip-address | pool pool-name ] Views User view Predefined user roles network-admin Parameters ip ip-address: Clears binding information about the specified expired IP address. pool pool-name: Clears binding information about the expired IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.
Examples # Clear binding information about the IP address 10.110.1.1. reset dhcp server ip-in-use ip 10.110.1.1 Related commands display dhcp server ip-in-use reset dhcp server statistics Use reset dhcp server statistics to clear DHCP server statistics. Syntax reset dhcp server statistics Views User view Predefined user roles network-admin Examples # Clear DHCP server statistics.
mask mask: Specifies the mask, in dotted decimal format. client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…., in which the last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is a correct ID, while aabb-c-dddd and aabb-cc-dddd are incorrect IDs.
Predefined user roles network-admin Parameters domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server name aaa in DHCP address pool 0.
• tftp-server domain-name voice-config Use voice-config to configure the content for Option 184 in a DHCP address pool. Use undo voice-config to remove the Option 184 content from a DHCP address pool. Syntax voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } } undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ] Default No Option 184 content is configured in a DHCP address pool.
DHCP relay agent commands dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the relay agent. Syntax dhcp relay check mac-address undo dhcp relay check mac-address Default The MAC address check function is disabled.
undo dhcp relay client-information record Default The DHCP relay agent does not record client information in relay entries. Views System view Predefined user roles network-admin Usage guidelines Disabling recording of client information deletes all recorded relay entries. Client information is recorded only when the DHCP relay agent is configured on the gateway of DHCP clients. Examples # Enable recording of relay entries on the relay agent.
Examples # Set the refresh interval to 100 seconds. system-view [Sysname] dhcp relay client-information refresh interval 100 Related commands • dhcp relay client-information record • dhcp relay client-information refresh enable dhcp relay client-information refresh enable Use dhcp relay client-information refresh enable to enable the relay agent to periodically refresh dynamic relay entries.
Related commands • dhcp relay client-information record • dhcp relay client-information refresh • reset dhcp relay client-information dhcp relay information circuit-id Use dhcp relay information circuit-id to configure the padding content and padding format for the circuit ID sub-option of Option 82. Use undo dhcp relay information circuit-id to restore the default.
Usage guidelines If you use this command multiple times, the most recent configuration takes effect. The padding format for the user-defined string, the normal mode, or the verbose modes varies with the command configuration. The following matrix shows how the padding format is determined for different modes.
Default The DHCP relay agent does not support Option 82. Views Interface view Predefined user roles network-admin Usage guidelines This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id and dhcp relay information remote-id commands.
Parameters normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface. format: Specifies the code type for the remote ID sub-option. The default code type is hex. ascii: Specifies the ASCII code type. hex: Specifies the Hex code type. string remote-id: Specifies a case-sensitive string of 1 to 63 characters as the content of the remote ID sub-option. sysname: Uses the device name as the content of the remote ID sub-option.
Parameters drop: Drops DHCP messages that contain Option 82 messages. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only on DHCP requests that contain Option 82. When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP. Examples # Specify the handling strategy for Option 82 as keep.
dhcp relay server-address Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent. Use undo dhcp relay server-address to remove DHCP servers. Syntax dhcp relay server-address ip-address undo dhcp relay server-address [ ip-address ] Default No DHCP server is specified on the relay agent. Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a DHCP server.
Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays relay entries on the specified interface. ip ip-address: Displays the relay entry for the specified IP address. vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the specified MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31 characters.
display dhcp relay information Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent. Syntax display dhcp relay information [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays Option 82 configuration information for the specified interface.
Field Description Strategy Handling strategy for request messages containing Option 82, Drop, Keep, or Replace. Circuit ID Pattern Padding content mode of the circuit ID sub-option, Verbose, Normal, or User Defined. Remote ID Pattern Padding content mode of the remote ID sub-option, Sysname, Normal, or User Defined. Circuit ID format-type Padding format of the circuit ID sub-option, ASCII, Hex, or Undefined.
Related commands dhcp relay server-address display dhcp relay statistics Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent. Syntax display dhcp relay statistics [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays DHCP packet statistics on the specified interface.
BOOTPREPLY: DHCP packets sent to servers: 0 0 DHCPDISCOVER: 0 DHCPREQUEST: 0 DHCPINFORM: 0 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets sent to clients: 0 DHCPOFFER: 0 DHCPACK: 0 DHCPNAK: 0 BOOTPREPLY: 0 Related commands reset dhcp relay statistics reset dhcp relay client-information Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.
reset dhcp relay statistics Use reset dhcp relay statistics to clear relay agent statistics. Syntax reset dhcp relay statistics [ interface interface-type interface-number ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Clears DHCP relay agent statistics on the specified interface. If you do not specify any interface, this command clears all DHCP relay agent statistics. Examples # Clear all DHCP relay agent statistics.
Examples # Disable the duplicate address. system-view [Sysname] undo dhcp client dad enable dhcp client dscp Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client. Use undo dhcp client dscp to restore the default. Syntax dhcp client dscp dscp-value undo dhcp client dscp Default The DSCP value in DHCP packets is 56. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Predefined user roles network-admin Parameters ascii string: Specifies a case-insensitive ASCII string of 1 to 63 characters as the client ID. hex string: Specifies a case-insensitive hex string of 4 to 64 characters as the client ID. mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID. The interface-type interface-number argument specifies an interface by its type and number. Usage guidelines A DHCP client ID is added to the DHCP option 61.
Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds DHCP server: 40.1.1.2 # Display verbose DHCP client information. display dhcp client verbose Vlan-interface10 DHCP client information: Current state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from May 21 19:00:29 2012 to May 31 19:00:29 2012 DHCP server: 40.1.1.
Field Description Lease from….to…. Start and end time of the lease. DHCP server DHCP server IP address that assigned the IP address. Transaction ID Transaction ID, a random number chosen by the client to identify an IP address allocation. Default router Gateway address assigned to the client. Classless static routes Classless static routes assigned to the client. Static routes Classful static routes assigned to the client. DNS servers DNS server address assigned to the client.
Predefined user roles network-admin Usage guidelines When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. For a subinterface that obtained an IP address through DHCP, using the shutdown command on its primary interface does not make the subinterface send a DHCP-RELEASE message for releasing the subinterface's IP address.
url url: Specifies the URL of a remote file. Do not contain a username or password in the URL. Case-sensitivity of the URL and the supported path format type depend on the server. username username: Specifies the username for logging in to the remote device. cipher: Sets a ciphertext password. simple: Sets a plaintext password. key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 32 characters.
dhcp snooping binding database update interval Use dhcp snooping binding database update interval to set the amount of time to wait to update the database file after a DHCP snooping entry changes. Use undo dhcp snooping binding database update interval to restore the default. Syntax dhcp snooping binding database update interval seconds undo dhcp snooping binding database update interval Default The waiting period is 300 seconds.
Usage guidelines Use this command to manually save DHCP snooping entries to the database file. Use the dhcp snooping binding database filename command before performing the manual saving operation. Otherwise, the manual saving does not take effect. Examples # Save DHCP snooping entries to the database file.
Default This function is disabled. Views Layer 2 Ethernet interface view Predefined user roles network-admin Usage guidelines With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request. Examples # Enable MAC address check for DHCP snooping.
Examples # Enable DHCP-REQUEST check for DHCP snooping. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] dhcp snooping check request-message dhcp snooping enable Use dhcp snooping enable to enable DHCP snooping. Use undo dhcp snooping enable to disable DHCP snooping. Syntax dhcp snooping enable undo dhcp snooping enable Default DHCP snooping is disabled.
Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters vlan vlan-id: Specifies a VLAN ID for the circuit ID sub-option. string circuit-id: Specifies the padding content for the circuit ID sub-option, a case-sensitive string of 3 to 63 characters. normal: Specifies the normal padding format. The padding content includes the VLAN ID and interface number. verbose: Specifies the verbose padding format.
Keyword (mode) If no padding format is specified If the padding format is ascii The padding format is hex Hex for the VLAN ID. verbose ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number. ASCII for the node identifier and Ethernet type. ASCII. Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID.
Usage guidelines This command enables DHCP snooping to add Option 82 into DHCP request packets that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp snooping information circuit-id and dhcp snooping information remote-id commands. If the received DHCP request packets contain Option 82, DHCP snooping handles the packets according to the strategy configured with the dhcp snooping information strategy command.
format: Specifies the code type for the remote ID sub-option. The default code type is hex. ascii: Specifies the ASCII code type. hex: Specifies the hex code type. Usage guidelines DHCP snooping uses ASCII to pad the specified string or device name for the remote ID sub-option. The code type for the normal padding format is determined by the command configuration. If you use this command multiple times, the most recent configuration takes effect.
When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP. Examples # Specify the handling strategy for Option 82 in request messages as keep.
dhcp snooping trust Use dhcp snooping trust to configure a port as a trusted port. Use undo dhcp snooping trust to restore the default state of a port. Syntax dhcp snooping trust undo dhcp snooping trust Default After you enable DHCP snooping, all ports are untrusted.
Usage guidelines If you do not specify any parameters, the command displays all DHCP snooping entries. Examples # Display all DHCP snooping entries. display dhcp snooping binding 2 DHCP snooping entries found IP address MAC address Lease VLAN SVLAN Interface =============== ============== ============ ===== ===== ================= 1.1.1.1 0000-0101-0101 16907527 2 3 Eth1/1 1.1.1.
display dhcp snooping binding database File name : database.dhcp Username : Password : Update interval : 600 seconds Latest write time : Feb 27 18:48:04 2012 Status : Last write succeeded. Table 17 Command output Field Description File name Name of the database file that stores the DHCP snooping entries. Username Username for logging in to the remote device. Password Password for logging in to the remote device. This field displays ****** if a password is configured.
Circuit ID: Padding format: User Defined User defined: abcd Format: ASCII Remote ID: Padding format: Normal Format: ASCII VLAN 10: Circuit ID: abcd Remote ID: company Table 18 Command output Field Description Interface Interface name. Status Option 82 status, Enable or Disable. Strategy Handling strategy for DHCP requests that contain Option 82, Drop, Keep, or Replace. Circuit ID Content of the Circuit ID sub-option.
Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by the slot number. (MSR4000.) Usage guidelines Without the slot slot-number option, this command displays DHCP packet statistics for the card where the command is executed. (MSR4000.) Examples # Display DHCP packet statistics for DHCP snooping.
Syntax reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] } Views User view Predefined user roles network-admin Parameters all: Clears all DHCP snooping entries. ip ip-address: Clears the DHCP snooping entry for the specified IP address. vlan vlan-id: Clears DHCP snooping entries for the specified VLAN. Usage guidelines This command applies to all slots on MSR4000. Examples # Clear all DHCP snooping entries.
Related commands display dhcp snooping packet statistics BOOTP client commands display bootp client Use display bootp client to display information about a BOOTP client. Syntax display bootp client [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number.
ip address bootp-alloc Use ip address bootp-alloc to configure an interface to use BOOTP for IP address acquisition. Use undo ip address bootp-alloc to cancel an interface from using BOOTP from acquiring an IP address. Syntax ip address bootp-alloc undo ip address bootp-alloc Default An interface does not use BOOTP for IP address acquisition. Views Interface view Predefined user roles network-admin Examples # Configure Ethernet 1/1 to use BOOTP for IP address acquisition.
DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display domain name suffixes on the public network, do not use this option. Examples # Display domain name suffixes on the public network.
Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Field Description Replied IP address: • For type A query, the replied IP address is an IPv4 address. • For type AAAA query, the replied IP address is an IPv6 address. IP addresses Related commands • ip host • ipv6 host • reset dns host display dns server Use display dns server to display IPv4 DNS server information.
Field Description DNS server type: Type • S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server. Related commands dns server display ipv6 dns server Use display ipv6 dns server to display IPv6 DNS server information.
Related commands ipv6 dns server dns domain Use dns domain to configure a domain name suffix. Use undo dns domain to delete the specified domain name suffix. Syntax dns domain domain-name [ vpn-instance vpn-instance-name ] undo dns domain domain-name [ vpn-instance vpn-instance-name ] Default No domain name suffix is configured. Only the provided domain name is resolved. Views System view Predefined user roles network-admin Parameters domain-name: Specifies a domain name suffix.
Syntax dns dscp dscp-value undo dns dscp Default The DSCP value in DNS packets is 0. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for outgoing DNS packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value for outgoing DNS packets to 30.
dns server Use dns server to specify an IPv4 address of a DNS server. Use undo dns server to remove the specified IPv4 address of a DNS server. If no IPv4 address is specified, the undo dns server command removes all DNS server IPv4 addresses on the public network or the specified VPN. Syntax dns server ip-address [ vpn-instance vpn-instance-name ] undo dns server [ ip-address ] [ vpn-instance vpn-instance-name ] Default No DNS server is specified.
Default No source interface for DNS packets is specified. The device uses the primary IP address of the output interface of the matching route as the source IP address for a DNS request. Views System view Predefined user roles network-admin Parameters interface-type interface-number: Specifies an interface by its type and number. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Parameters ip-address: Specifies the IPv4 address used to spoof name query requests. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. To enable DNS spoofing function on the public network, do not use this option. Usage guidelines Use the dns spoofing command together with the dns proxy enable command.
trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attack. This configuration is applicable to both IPv4 and IPv6. You can configure up to 128 DNS trusted interfaces on the device. Examples # Specify Ethernet 1/1 as the DNS trusted interface. system-view [Sysname] dns trust-interface ethernet 1/1 ip host Use ip host to create a host name-to-IPv4 address mapping. Use undo ip host to remove a mapping.
Related commands display dns host ipv6 dns dscp Use ipv6 dns dscp to set the DSCP value for IPv6 DNS packets sent by an IPv6 DNS client or DNS proxy. Use undo ipv6 dns dscp to restore the default. Syntax ipv6 dns dscp dscp-value undo ipv6 dns dscp Default The DSCP value for IPv6 DNS packets is 0. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for outgoing IPv6 DNS packets, in the range of 0 to 63.
Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of a DNS server. interface-type interface-number: Specifies the output interface by its type and number. If you do not specify any interface, the device forwards DNS packets out of the output interface of the matching route. You must specify the output interface when the IPv6 address of the DNS server is a link-local address.
Usage guidelines Use the ipv6 dns spoofing command together with the dns proxy enable command. DNS spoofing enables the DNS proxy on the device to send a spoofed reply with an IPv6 address in response to a type AAAA DNS request. Without DNS spoofing, the device does not forward or answer a request if no DNS server is specified or no DNS server is reachable.
For the public network or a VPN, each host name maps to only one IPv6 address. If you use the command multiple times, the most recent configuration takes effect. Examples # Map IPv6 address 2001::1 to host name aaa on the public network. system-view [Sysname] ipv6 host aaa 2001::1 Related commands ip host reset dns host Use reset dns host to clear information about the dynamic DNS cache.
DDNS commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update.
ddns dscp Use ddns dscp to set the DSCP value for outgoing DDNS packets. Use undo ddns dscp to restore the default. Syntax ddns dscp dscp-value undo ddns dscp Default The DSCP value for outgoing DDNS packets is 0. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for outgoing DDNS packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.
Usage guidelines You can create up to 16 DDNS policies on the device. Examples # Create a DDNS policy steven_policy and enter its view. system-view [Sysname] ddns policy steven_policy Related commands • ddns apply policy • display ddns policy display ddns policy Use display ddns policy to display information about DDNS policies.
SSL client policy: Interval : 0 days 0 hours 30 minutes DDNS policy: tom-policy URL : http://tom:admin@members.3322.org/dyndns/update?system= dyndns&hostname=&myip= Username : steven Password : ****** Method : GET SSL client policy: Interval : 0 days 0 hours 15 minutes DDNS policy: u-policy URL : oray://phservice2.oray.
undo interval Default The DDNS update request interval is one hour. Views DDNS policy view Predefined user roles network-admin Parameters days: Days in the range of 0 to 365. hours: Hours in the range of 0 to 23. minutes: Minutes in the range of 0 to 59. Usage guidelines A DDNS update request is initiated immediately after the primary IP address of the interface changes or the link state of the interface changes from down to up.
Views DDNS policy view Predefined user roles network-admin Parameters http-get: Uses the get operation. http-post: Uses the post operation. Usage guidelines This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS service, choose a parameter transmission method compatible with the DDNS server. For example, a DHS server supports the http-post method.
password: Specifies a case-sensitive password string. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters. Usage guidelines For security purposes, all passwords, including passwords configured in plain text, are saved in ciphertext. Examples # Specify the login password as nevets to be contained in the URL address for update requests of DDNS policy steven_policy.
DDNS server URL addresses for DDNS update requests DYNDNS http://members.dyndns.org/nic/update?system=dyndns&hostname=&myip= DYNS http://www.dyns.cx/postscript.php?host=&ip= ZONEEDIT http://dynamic.zoneedit.com/auth/dynamic.html?host=&dnsto= TZO http://cgi.tzo.com/webclient/signedon.html?TZOName=IPAddress= EASYDNS http://members.easydns.com/dyn/ez-ipupdate.php?action=edit&myip=&host_i d= HEIPV6TB http://dyn.dns.he.
automatically uses the primary IP address of the interface to which the DDNS policy is applied as the IP address for DDNS update. To avoid misinterpretation, do not include colons (:), at signs (@), and question marks (?) in your login ID or password, even if you can do so. If you use the url command multiple times with different URL addresses, the most recent configuration takes effect. Examples # Specify the URL address for DDNS policy steven_policy. The device contacts www.3322.org for DDNS update.
Related commands • ddns policy • display ddns policy • password • url 122
NAT commands address Use address to add a member to a NAT address group. A group member specifies an address pool. Use undo address to remove a group member from a NAT address group. Syntax address start-address end-address undo address start-address end-address Default No address group member exists. Views NAT address group view Predefined user roles network-admin Parameters start-address end-address: Specifies the start and end IP addresses of the group member.
Syntax display nat all Views Any view Predefined user roles network-admin network-operator Examples # Display all NAT configuration information. display nat all NAT address group information: There are 3 NAT address groups. Group Number Start Address End Address 1 202.110.10.10 202.110.10.15 2 202.110.10.20 202.110.10.25 202.110.10.30 202.110.10.35 --- --- 6 NAT server group information: There are 3 NAT server groups. Group Number Inside IP Port Weight 1 192.168.0.
Interface: GigabitEthernet1/3 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23 Local IP/port : 192.168.10.15/23 Interface: GigabitEthernet1/4 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23-30 Local IP/port : 192.168.10.15-192.168.10.22/23 Global VPN : vpn1 Local VPN : vpn3 Interface: GigabitEthernet1/4 Protocol: 255 Global IP/port: 50.1.1.100/--Local IP/port : 192.168.10.150/--Global VPN : vpn2 Local VPN : vpn4 Interface: GigabitEthernet1/5 Protocol: 17(UDP) Global IP/port: 50.1.1.
Net-to-net: Local IP : 1.1.1.1 - 1.1.1.255 Global IP : 2.2.2.0 Netmask : 255.255.255.0 Local VPN : vpn1 Global VPN: vpn2 ACL : 2000 Reversible: Y IP-to-IP: Local IP : 4.4.4.4 Global IP : 5.5.5.5 Local VPN : vpn1 Global VPN: vpn2 ACL: : 2001 Reversible: Y Interfaces enabled with static NAT: There are 2 interfaces enabled with static NAT. Interface: GigabitEthernet1/2 GigabitEthernet1/3 NAT DNS mappings: There are 1 NAT DNS mappings. Domain name: www.server.com Global IP : 6.6.6.
ICMP-ERROR : Enabled RTSP : Enabled SIP : Disabled TFTP : Enabled The output shows all NAT configuration information. Table 26 describes only the fields for the output of the nat hairpin enable, nat mapping-behavior, and nat alg commands. Table 26 Command output Field Description NAT address group information Information about the NAT address group. See Table 27 for output description. NAT server group information Information about the internal NAT server group.
Parameters group-number: Specifies the number of a NAT address group, in the range of 0 to 65535. If you do not specify the max_number argument, this command displays information about all NAT address groups. Examples # Display information about all NAT address groups. display nat address-group NAT address group information: There are 3 NAT address groups. Group Number Start Address End Address 1 202.110.10.10 202.110.10.15 2 202.110.10.20 202.110.10.25 202.110.10.30 202.110.10.
display nat dns-map NAT DNS mapping information: There are 1 NAT DNS mappings. Domain name: www.server.com Global IP : 6.6.6.6 Global port: 23 Protocol : TCP(6) Table 28 Command output Field Description NAT DNS mapping information Information about NAT with DNS mappings. Domain-name Domain name of the internal server. Public IP address of the internal server. Global IP • If Easy IP is configured, this field displays the IP address of the specified interface.
Usage guidelines A NAT device with PAT EIM configured first creates a NAT session entry, and then an EIM entry for recording the mapping between an internal address/port and a NAT address/port. The EIM entry ensures the following: • The same mapping applies to subsequent connections originating from the same source IP and port as the first connection. • Allow reverse translation for connections originating from the external to the NAT address and port based on the EIM entry.
Field Description Protocol Protocol type and number. Total entries found Total number of EIM entries. Related commands • nat mapping-behavior • nat outbound display nat inbound Use display nat inbound to display information about inbound dynamic NAT. Syntax display nat inbound Views Any view Predefined user roles network-admin network-operator Examples # Display information about inbound dynamic NAT. display nat inbound NAT inbound information: There are 1 NAT inbound rules.
Field Description Reversible Whether reverse address translation is allowed. VPN instance MPLS L3VPN instance to which the NAT address group belongs. If the group does not belong to any VPN, the field is not displayed. Related commands nat inbound display nat log Use display nat log to display NAT logging configuration. Syntax display nat log Views Any view Predefined user roles network-admin network-operator Examples # Display NAT logging configuration.
display nat no-pat Use display nat no-pat command to display information about NAT NO-PAT entries. Syntax MSR2000/MSR3000: display nat no-pat MSR4000: display nat no-pat [ slot slot-number ] Views Any view Default user roles network-admin network-operator Parameters slot slot-number: Specifies the slot number of a card. If no slot number is specified, this command displays NO-PAT entry information for all cards.
Total entries found: 2 # On the MSR4000 router, display information about NO-PAT entries for the card in slot 0. display nat no-pat slot 0 Slot 0: Global IP: 200.100.1.100 Local IP: 192.168.100.100 Global VPN: vpn2 Local VPN: vpn1 Reversible: N Type : Inbound Local IP: 192.168.100.200 Global IP: 200.100.1.200 Reversible: Y Type : Outbound Total entries found: 2 Table 32 Command output Field Description Local IP Internal IP address. Global IP External IP address.
Predefined user roles network-admin network-operator Examples # Display information about outbound dynamic NAT. display nat outbound NAT outbound information: There are 2 NAT outbound rules.
Views Any view Predefined user roles network-admin network-operator Examples # Display NAT Server configuration. display nat server NAT internal server information: There are 4 internal servers. Interface: GigabitEthernet1/3 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23 Local IP/port : 192.168.10.15/23 Interface: GigabitEthernet1/4 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23-30 Local IP/port : 192.168.10.15-192.168.10.
Field Description External IP address and port number of the internal server. • Global IP—A single IP address or an address pool of consecutive addresses. If you use Easy IP, this field displays the address of the specified interface. If you do not specify an address for the interface, the Global IP field displays hyphens (---). Global IP/port • port—A single port number or a port pool of consecutive port numbers. If no port number is in the specified protocol, the port field displays hyphens (---).
There are 3 NAT server groups. Group Number Inside IP Port Weight 1 192.168.0.26 23 100 192.168.0.27 23 500 2 --- --- --- 3 192.168.0.26 69 100 # Display configuration about the specified internal server group. display nat server-group 1 Group Number Inside IP Port Weight 1 192.168.0.26 23 100 192.168.0.27 23 500 Table 35 Command output Field Description Group Number Number of the internal server group. Inside IP Internal IP address of an internal server group.
Parameters source-ip source-ip: Displays NAT sessions for the source IP address specified by the source-ip argument. The IP address must be the real source IP address of the packet that triggers the session establishment. destination-ip destination-ip: Displays NAT sessions for the destination IP address specified by the destination-ip argument. The IP address must be the destination IP address of the packet that triggers the session establishment.
Protocol: TCP(6) Responder: Source IP/port: 192.168.1.55/22 Destination IP/port: 192.168.1.18/1877 VPN instance/VLAN ID/VLL ID: -/-/Protocol: TCP(6) State: TCP_SYN_SENT Application: SSH Start time: 2011-07-29 19:12:36 TTL: 28s Interface(in) : Ethernet0/1 Interface(out): Ethernet0/2 Initiator->Responder: 1 packets 48 bytes Responder->Initiator: 0 packets 0 bytes Total sessions found: 1 Table 36 Command output Field Description Initiator Session information about an initiator.
Syntax display nat static Views Any view Predefined user roles network-admin network-operator Examples # Display static NAT mappings. display nat static Static NAT mappings: There are 2 inbound static NAT mappings. Net-to-net: Global IP : 1.1.1.1 - 1.1.1.255 Local IP : 2.2.2.0 Netmask : 255.255.255.0 Global VPN: vpn2 Local VPN : vpn1 ACL : 2000 Reversible: Y IP-to-IP: Global IP : 5.5.5.5 Local IP : 4.4.4.
Interfaces enabled with static NAT: There are 2 interfaces enabled with static NAT. Interface: GigabitEthernet1/2 GigabitEthernet1/3 Table 37 Command output Field Description Net-to-net Net-to-net static NAT mapping. IP-to-IP One-to-one static NAT mapping. Local IP Internal IP address or address pool. Global IP External IP address or address pool. Netmask Network mask. Local VPN Global VPN ACL Reversible MPLS L3VPN instance to which the internal IP address belongs.
Parameters slot slot-number: Specifies the slot number of a card. If no slot number is specified, this command displays NAT statistics for all cards. (MSR4000) Examples # Display all NAT statistics. display nat statistics Total session entries: 100 Total EIM entries: 1 Total inbound NO-PAT entries: 0 Total outbound NO-PAT entries: 0 Table 38 Command output Field Description Total session entries Number of NAT session entries. Total EIM entries Number of EIM entries.
system-view [Sysname] nat server-group 1 [Sysname-nat-server-group-1] inside ip 10.1.1.2 port 30 Related commands nat server-group nat address-group Use nat address-group to create a NAT address group and enter its view. Use undo nat address-group to remove a NAT address group. Syntax nat address-group group-number undo nat address-group group-number Default No NAT address group exists.
Syntax nat alg { all | dns | ftp | h323 | icmp-error | rtsp | sip | tftp } undo nat alg { all | dns | ftp | h323 | icmp-error | rtsp | sip | tftp } Default NAT ALG for all protocols is enabled. Views System view Predefined user roles network-admin Parameters all: Enables NAT with ALG for all supported protocols. dns: Enables NAT with ALG for DNS. ftp: Enables NAT with ALG for FTP. h123: Enables NAT with ALG for H123. icmp-error: Enables NAT with ALG for ICMP error packets.
undo nat dns-map domain domain-name Default No DNS mapping for NAT exists. Views System view Predefined user roles network-admin Parameters domain domain-name: Specifies the domain name of an internal server. A domain name is a dot-separated case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.) (for example, aabbcc.com). The domain name suffix can contain at most 253 characters, and each separated string contains no more than 63 characters.
Syntax nat hairpin enable undo nat hairpin enable Default NAT hairpin is disabled. Views Interface view Predefined user roles network-admin Usage guidelines NAT hairpin allows internal hosts behind the same NAT device to access each other only after they use the NAT addresses. NAT hairpin functions on the interface that connects the internal network and translates the source and destination IP addresses of a packet on the interface.
address-group group-number: Specifies an address group for address translation. The value range for the group-number argument is 0 to 65535. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the addresses in the address group belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. To specify addresses in the public network, do not use this option. no-pat: Uses NO-PAT for inbound NAT. If you do not specify this keyword, PAT is used.
# Configure an inbound NO-PAT rule on interface Ethernet 1/1 to translate the source addresses of incoming packets into the addresses in address group 1, and automatically add a route for translated packets. [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] nat inbound 2001 address-group 1 vpn-instance vpn10 no-pat add-route Related commands • display nat all • display nat inbound • display nat no-pat nat log enable Use nat log enable to enable the NAT logging function.
Related commands • display nat all • display nat log • nat log flow-active • nat log flow-begin nat log flow-active Use nat log flow-active to log active NAT flows and set the logging interval. Use undo nat log flow-active to disable the logging function for active NAT flows. Syntax nat log flow-active time-value undo nat log flow-active Default Logging for active NAT flows is disabled.
Syntax nat log flow-begin undo nat log flow-begin Default Logging for NAT session establishment events is disabled. Views System view Predefined user roles network-admin Usage guidelines Logging for NAT session establishment events takes effect only after you enable NAT logging. Examples # Enable logging for NAT session establishment events.
[Sysname] nat log flow-end Related commands • display nat all • display nat log • nat log enable nat mapping-behavior Use nat mapping-behavior to configure the mapping behavior mode for PAT. Use undo nat mapping-behavior to restore the default. Syntax nat mapping-behavior endpoint-independent [ acl acl-number ] undo nat mapping-behavior endpoint-independent Default Address and Port-Dependent Mapping applies.
# Apply the Endpoint-Independent Mapping to FTP and HTTP packets, and the Address and Port-Dependent Mapping to other packets for address translation.
no-pat: Uses NO-PAT for outbound NAT. If you do not specify this keyword, PAT is used. PAT only supports TCP, UDP, and ICMP query packets. For an ICMP packet, the ICMP ID is used as its source port number. reversible: Allows reverse address translation. NAT translates the destination IP address of the packets of a connection originating from an external host to the NAT address based on the existing NO-PAT entry. port-preserved: Tries to preserve port number for PAT.
[Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] nat outbound 2001 Or # Enable reverse address translation and use addresses in address pool 1 as NAT addresses.
undo nat server protocol pro-type global global-address1 global-address2 global-port [ vpn-instance global-name ] Load sharing internal server: nat server protocol pro-type global { { global-address | current-interface | interface interface-type interface-number } { global-port | global-port1 global-port2 } | global-address1 global-address2 global-port } [ vpn-instance global-name ] inside server-group group-number [ vpn-instance local-name ] [ acl acl-number ] undo nat server protocol pro-type global { { g
local-address: Specifies the local IP address. vpn-instance global-name: Specifies the MPLS L3VPN instance to which the advertised external IP address belongs. The global-name argument is a case-sensitive string of 1 to 31 characters. To specify a public IP address, do not use this option. vpn-instance local-name: Specifies the MPLS L3VPN instance to which the internal server belongs. The local-name argument is a case-sensitive string of 1 to 31 characters.
The number of the nat server commands that can be configured on an interface depends on the device model. The number of internal servers that each command can define equals the difference between global-port2 and global-port1. You can configure a maximum of 4096 internal servers on an interface. The system allows you to configure a maximum of 1024 internal servers. When the protocol type is not udp (protocol number 17) or tcp (protocol number 6), you can configure only one-to-one IP address mapping.
nat server-group Use nat server-group to create an internal server group. Use undo nat server-group to remove an internal server group. Syntax nat server-group group-number undo nat server-group group-number Default No server group exists. Views System view Predefined user roles network-admin Parameters group-number: Assigns a number to the internal server group. The value range for the group-number argument is 0 to 65535.
Views Interface view Predefined user roles network-admin Usage guidelines Static NAT mappings take effect on an interface only after static NAT is enabled on the interface. Examples # Configure an outbound static NAT mapping between internal IP address 192.168.1.1 and external IP address 2.2.2.2, and enable static NAT on interface Ethernet 1/1. system-view [Sysname] nat static outbound 192.168.1.1 2.2.2.
vpn-instance local-name: Specifies the MPLS L3VPN instance to which an internal IP address belongs. The local-name argument is a case-sensitive string of 1 to 31 characters. To specify a public IP address, do not use this parameter. acl acl-number: Specifies an ACL number in the range of 3000 to 3999. reversible: Translates the destination address of a packet that originates from internal hosts to the external host if the packet is permitted by ACL reverse matching.
Views System view Predefined user roles network-admin Parameters global-start-address global-end-address: Specifies an external address pool which can contain a maximum of 255 addresses. The global-end-address must not be lower than global-start-address. If they are the same, the external address pool has only one address. vpn-instance global-name: Specifies the MPLS L3VPN instance to which an external IP address belongs. The global-name argument is a case-sensitive string of 1 to 31 characters.
Examples # Configure an inbound static NAT between external network address 202.100.1.0/24 and internal network address 192.168.1.0/24. system-view [Sysname] nat static inbound net-to-net 202.100.1.1 202.100.1.255 local 192.168.1.0 24 Related commands • display nat all • display nat static • nat static enable nat static outbound Use nat static outbound to configure a one-to-one mapping for outbound static NAT.
• If you do not specify an ACL, the source addresses of all outgoing packets and the destination addresses of all incoming packets are translated. • If you specify an ACL and do not specify the reversible keyword, the source addresses of outgoing packets permitted by the ACL are translated. The destination addresses of packets originating from external hosts to the internal are not translated.
Parameters local-start-address local-end-address: Specifies an internal network address pool which can contain a maximum of 255 addresses. The local-end-address must not be lower than local-start-address. If they are the same, the internal network address pool has only one address. global-network: Specifies an external network address. mask-length: Specifies the mask length of the external network address, in the range of 8 to 31. mask: Specifies the mask of the external network address.
[Sysname-acl-adv-3001] quit [Sysname] nat static outbound net-to-net 192.168.1.1 192.168.1.255 global 2.2.2.0 24 acl 3001 Related commands • display nat all • display nat static • nat static enable reset nat session Use reset nat session to clear NAT sessions. Syntax MSR2000/MSR3000: reset nat session MSR4000: reset nat session [ slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Clears NAT sessions for the card specified by the slot number.
Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters vpn-instance vpn-instance-name: Displays the FIB table of the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify any VPN, the command displays the FIB entries of the public network.
20.20.20.25 SGF GE0/0 Null 127.0.0.0/8 127.0.0.1 U InLoop0 Null 127.0.0.0/32 127.0.0.1 UH InLoop0 Null 127.0.0.1/32 127.0.0.1 UH InLoop0 Null # Display the FIB entries for VPN vpn1. display fib vpn-instance vpn1 Destination count: 8 FIB entry count: 8 Flag: U:Useable G:Gateway R:Relay F:FRR H:Host B:Blackhole D:Dynamic S:Static Destination/Mask Nexthop Flag OutInterface/Token Label 0.0.0.0/32 127.0.0.1 UH InLoop0 Null 20.20.20.0/24 20.20.20.
Field Description Flags of routes: Flag • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Blackhole route. D—Dynamic route. S—Static route. R—Relay route. • F—Fast reroute. OutInterface/Token Output interface/LSP index number. Label Inner label.
Fast forwarding commands display ip fast-forwarding aging-time Use display ip fast-forwarding aging-time to display the aging time of fast forwarding entries. Syntax display ip fast-forwarding aging-time Views Any view Predefined user roles network-admin network-operator Examples # Display the aging time of fast forwarding entries.
slot slot-number: Specifies a card by the slot number. If you do not specify this option, this command displays fast forwarding entries for all cards. (MSR4000) Usage guidelines This command displays fast forwarding entries. Each entry includes the source IP address, source port number, destination IP address, destination port number, protocol number, input and output interface numbers, and internal tag of a data flow. Examples # Display all fast forwarding entries.
MSR4000: display ip fast-forwarding fragcache [ ip-address ] [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters ip-address: Specifies an IP address. If you do not specify this argument, this command displays fast forwarding entries for all fragmented packets. slot slot-number: Specifies a card by the slot number. If you do not specify this option, this command displays fast forwarding entries for the fragmented packets on all cards.
• reset ip fast-forwarding cache ip fast-forwarding Use ip fast-forwarding to enable fast forwarding. Use undo ip fast-forwarding to disable fast forwarding. Syntax ip fast-forwarding undo ip fast-forwarding Default Fast forwarding is enabled. Views System view Predefined user roles network-admin Usage guidelines Fast forwarding creates an entry for a data flow after the first packet of the flow is forwarded through the routing table, and uses the entry to forward subsequent packets of the flow.
Views System view Predefined user roles network-admin Parameters aging-time: Specifies the aging time for fast forwarding entries, in the range of 10 to 300 seconds. Examples # Set the aging time of fast forwarding entries to 20 seconds. system-view [Sysname] ip fast-forwarding aging-time 20 Related commands display ip fast-forwarding aging-time reset ip fast-forwarding cache Use reset ip fast-forwarding cache to clear fast forwarding table information.
IPv4 adjacency table commands display adjacent-table Use display adjacent-table to display IPv4 adjacency entries. Syntax display adjacent-table { all | physical-interface interface-type interface-number | routing-interface interface-type interface-number | slot slot-number } [ count | verbose ] View Any view Predefined user roles network-admin network-operator Parameters all: Displays all IPv4 adjacency entries.
# Display the IPv4 adjacency entries on the card in slot 1. display adjacent-table slot 1 IP address Routing interface Physical interface Type Slot 0.0.0.0 Pos1/0 Pos1/0 PPP 1 # Display the number of IPv4 adjacency entries on the card in slot 1. display adjacent-table slot 1 count Total entries on slot 1 : 1 Table 43 Command output Field Description IP address of the next hop. • For a P2P link, the IP address of the next hop is not needed. This field IP address displays 0.
IPv6 adjacency table commands display ipv6 adjacent-table Use display ipv6 adjacent-table to display IPv6 adjacency entries. Syntax display ipv6 adjacent-table { all | physical-interface interface-type interface-number | routing-interface interface-type interface-number | slot slot-number } [ count | verbose ] Views Any view Predefined user roles network-admin network-operator Parameters all: Displays all IPv6 adjacency entries.
# Display the IPv6 adjacency entries on the card in slot 1. display ipv6 adjacent-table slot 1 IPv6 address Routing interface Physical interface N/A Pos1/0 Pos1/0 Type PPP Slot 1 # Display the total number of IPv6 adjacency entries on the card in slot 1. display ipv6 adjacent-table slot 1 count Total entries on slot 1: 1 Table 44 Command output Field Description IPv6 address of the next hop. • For a P2P link, the IPv6 address of the next hop is not needed.
IP performance optimization commands display icmp statistics Use display icmp statistics to display ICMP statistics. Syntax MSR2000/MSR3000: display icmp statistics MSR4000: display icmp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays ICMP statistics for the specified card. The slot-number argument specifies the slot number of the card.
packet error 1442 router advert 3 display ip statistics Use display ip statistics to display IP packet statistics. Syntax MSR2000/MSR3000: display ip statistics MSR4000: display ip statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays IP packet statistics for the specified card. The slot-number argument specifies the slot number of the card.
Field Output Fragment Reassembling Description bad options Total number of packets with incorrect option. forwarding Total number of packets forwarded. local Total number of packets locally sent. dropped Total number of packets discarded. no route Total number of packets for which no route is available. compress fails Total number of packets failed to be compressed. input Total number of fragments received. output Total number of fragments sent.
Fragments per reassembly (max-fragments): 16 Reassembly timeout (timeout): 3 seconds Drop fragments: No Current reassembly count: 12 Current fragment count: 48 Total reassembly count: 6950 Total reassembly failures: 9 Table 46 Command output Field Description Concurrent reassemblies (max-reassemblies) Maximum number of concurrent reassemblies. Fragments per reassembly (max-fragments) Maximum number of fragments per reassembly. Reassembly timeout (timeout) Timeout interval of each reassembly.
Examples # Display brief information about RawIP connections. (MSR2000/MSR3000) display rawip Local Addr Foreign Addr Protocol PCB 0.0.0.0 0.0.0.0 1 0x0000000000000009 0.0.0.0 0.0.0.0 1 0x0000000000000008 0.0.0.0 0.0.0.0 1 0x0000000000000002 # Display brief information about RawIP connections. (MSR4000) display rawip display rawip Local Addr Foreign Addr Protocol Slot PCB 0.0.0.0 0.0.0.0 1 1 0x0000000000000009 0.0.0.0 0.0.0.
Usage guidelines Use the display rawip verbose command to display detailed information about socket creator, state, option, type, protocol number, and the source and destination IP addresses of RawIP connections. Examples # Display detailed information about RawIP connections.
display tcp Use display tcp to display brief information about TCP connections. Syntax MSR2000/MSR3000: display tcp MSR4000: display tcp [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief TCP connection information for the specified card. The slot-number argument specifies the slot number of the card.
Field Description State TCP connection state. Slot Number of the slot that holds the card. PCB PCB index. display tcp statistics Use display tcp statistics to display TCP traffic statistics. Syntax MSR2000/MSR3000: display tcp statistics MSR4000: display tcp statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays TCP traffic statistics for the specified card.
Total: 4058 urgent packets: 0 control packets: 50 window probe packets: 3, window update packets: 11 data packets: 3862 (795012 bytes), data packets retransmitted: 0 (0 bytes) ACK-only packets: 150 (52 delayed) unnecessary packet retransmissions: 0 Syncache/syncookie related statistics: entries added to syncache: 12 syncache entries retransmitted: 0 duplicate SYN packets: 0 reply failures: 0 successfully build new socket: 12 bucket overflows: 0 zone failures: 0 syncache entries removed due to RST: 0 syncac
packets dropped with MD5 authentication: 0 packets permitted with MD5 authentication: 0 Related commands reset tcp statistics display tcp verbose Use display tcp verbose to display detailed information about TCP connections.
TTL: 255(minimum TTL: 0) Connection state: ESTABLISHED Send VRF: 0x0 Receive VRF: 0x0 Table 50 Command output Field Description TCP inpcb number Number of TCP IP PCBs. tcpcb number Number of TCP PCBs. Slot Number of the slot that holds the card. Creator Name of the operation that created the socket. The number in brackets is the process number of the creator. State State of the socket. Options Socket options. Error Error code.
Parameters slot slot-number: Displays brief UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. (MSR4000) Usage guidelines Brief UDP connection information includes local IP address and port number, and peer IP address and port number. Examples # Display brief information about UDP connections. (MSR2000/MSR3000) display udp Local Addr:port Foreign Addr:port PCB 0.0.0.0:69 0.0.0.0:0 0x0000000000000003 192.168.20.200:1024 192.
Parameters slot slot-number: Displays UDP traffic statistics on the specified card. The slot-number argument specifies the slot number of the card. (MSR4000) Usage guidelines UDP traffic statistics include information about received and sent UDP packets. Examples # Display UDP traffic statistics.
Examples # Display detailed UDP connection information. (MSR4000) display udp verbose Total UDP socket number: 1 Slot: 6 Creator: sock_test_mips[250] State: N/A Options: N/A Error: 0 Receiving buffer(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A Type: 2 Protocol: 17 Connection info: src = 0.0.0.0:69, dst = 0.0.0.
ip forward-broadcast Use ip forward-broadcast to enable an interface to receive and forward directed broadcast packets destined for the directly connected network. Use undo ip forward-broadcast to disable an interface from receiving and forwarding directed broadcast packets destined for the directly connected network. Syntax ip forward-broadcast undo ip forward-broadcast Default An interface cannot receive or forward directed broadcasts destined for the directly connected network.
Syntax ip icmp error-interval milliseconds [ bucketsize ] undo ip icmp error-interval Default The bucket allows a maximum of 10 tokens, and tokens are placed in the bucket at the interval of 100 milliseconds. Views System view Predefined user roles network-admin Parameters milliseconds: Sets the interval between tokens arriving in the bucket. The value range is 0 to 2147483647 milliseconds, and the default is 100 milliseconds. To disable the ICMP rate limit, set the value to 0.
Predefined user roles network-admin Parameters vpn-instance vpn-instance-name: Specifies the VPN instance to which the specified address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The specified VPN instance must exist. If the specified IP address is on the public network, do not use this option. ip-address: Specifies an IP address.
Examples # Set the MTU of interface Ethernet 1/1 to 1280 bytes. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] ip mtu 1280 ip redirects enable Use ip redirects enable to enable sending ICMP redirect packets. Use undo ip redirects enable to disable sending ICMP redirect packets. Syntax ip redirects enable undo ip redirects enable Default Sending ICMP redirect packets is disabled.
undo ip ttl-expires enable Default Sending ICMP time-exceeded packets is disabled. Views System view Predefined user roles network-admin Usage guidelines A device sends ICMP time-exceeded packets by following these rules: • If a received packet is not destined for the device and the TTL field of the packet is 1, the device sends an ICMP "TTL expired in transit" packet to the source. • When the device receives the first fragment of an IP datagram destined for the device itself, it starts a timer.
• If a UDP packet is destined for the device but the packet's port number does not match the running process, the device sends the source a Port Unreachable ICMP error packet. • If the source uses Strict Source Routing to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device sends the source a Source Routing Failure ICMP error packet.
Use undo ip virtual-reassembly to disable IP virtual fragment reassembly. Syntax ip virtual-reassembly [ drop-fragments | max-fragments number | max-reassemblies number | timeout seconds ] * undo ip virtual-reassembly Default The IP virtual fragment reassembly feature is disabled. Views Layer 3 Ethernet interface view, VLAN interface view, Synchronous serial interface view, Asynchronous serial interface view Predefined user roles network-admin Parameters drop-fragments: Drops all fragments.
Syntax reset tcp statistics Views User view Predefined user roles network-admin Examples # Clear TCP traffic statistics. reset tcp statistics Related commands display tcp statistics reset udp statistics Use reset udp statistics to clear UDP traffic statistics. Syntax reset udp statistics Views User view Predefined user roles network-admin Examples # Clear UDP traffic statistics.
Predefined user roles network-admin Parameters Value: Specifies the TCP MSS in the range of 128 to 2048 bytes. Usage guidelines This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist. This configuration is effective only on IP packets. If MPLS is enabled on the interface, do not configure the TCP MSS on the interface. The MSS option informs the receiver of the largest segment that the sender can accept.
Usage guidelines After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation. After you disable TCP path MTU discovery, the system stops all path MTU timers. The TCP connections established later do not detect the path MTU, but the TCP connections previously established still can detect the path MTU. Examples # Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes.
[Sysname] tcp syn-cookie enable tcp timer fin-timeout Use tcp timer fin-timeout to configure the TCP FIN wait timer. Use undo tcp timer fin-timeout to restore the default. Syntax tcp timer fin-timeout time-value undo tcp timer fin-timeout Default The TCP FIN wait timer is 675 seconds. Views System view Predefined user roles network-admin Parameters time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds.
Predefined user roles network-admin Parameters time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds. Usage guidelines TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within the SYN wait timer interval, TCP fails to establish the connection. Examples # Set the TCP SYN wait timer to 80 seconds. system-view [Sysname] tcp timer syn-timeout 80 tcp window Use tcp window to configure the size of the TCP receive/send buffer.
UDP helper commands display udp-helper interface Use display udp-helper interface to display information about packets forwarded by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the statistics of UDP packets forwarded by UDP helper. reset udp-helper statistics Related commands display udp-helper interface udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper. Syntax udp-helper enable undo udp-helper enable Default UDP helper is disabled.
undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time } Default No UDP port number is specified for UDP helper. Views System view Predefined user roles network-admin Parameters port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). dns: Specifies the UDP port 53 used by DNS packets. netbios-ds: Specifies the UDP port 138 used by NetBIOS datagram distribution service packets.
Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a destination server, in dotted decimal notation. Usage guidelines Specify destination servers on an interface that receives UDP broadcast packets. You can specify up to 20 destination servers on an interface. If you do not specify the ip-address argument, the undo udp-helper server command removes all destination servers on the interface. Examples # Specify the destination server 192.1.1.2 on Ethernet 1/1.
IPv6 basics commands display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries.
Destination: 1::1 Prefix length: 64 Nexthop Flags: UHS : 1::2 Time stamp : 0x1 Label: 100 Interface Token: Invalid : Eth1/2 Table 54 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of IPv6 FIB entries. Destination Destination address. Prefix length Prefix length of the destination address. Nexthop Next hop. Route flag: Flags • • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Black hole route.
Parameters slot slot-number: Displays ICMPv6 packet statistics for the specified card. The slot-number argument specifies the slot that holds the card. (MSR4000) Usage guidelines This command displays statistics about received and sent ICMPv6 packets. Examples # Display ICMPv6 packet statistics.
If you do not specify the brief keyword, this command displays detailed information including IPv6 configuration and operating information, and IPv6 packet statistics. If you do not specify any interface, this command displays IPv6 information about all interfaces. If you specify only the interface-type argument, this command displays IPv6 information about the interfaces of the specified type.
InTooBigErrors: 0 OutFragOKs: 0 OutFragCreates: 0 InMcastPkts: 0 InMcastNotMembers: 0 OutMcastPkts: 0 InAddrErrors: 0 InDiscards: 0 OutDiscards: 0 Table 55 Command output Field Description Physical state of the interface: • Administratively DOWN—The interface has been administratively shut Ethernet1/1 current state down with the shutdown command. • DOWN—The interface is administratively up but its physical state is down, possibly because of a connection or link failure.
Field Description Joined group address(es) Addresses of the multicast groups that the interface has joined. MTU MTU of the interface. DAD is enabled. ND DAD is enabled, number of DAD attempts • If DAD is enabled, this field displays the number of attempts to send a NS message for DAD (set by the ipv6 nd dad attempts command). • If DAD is disabled, this field displays ND DAD is disabled. To disable DAD, set the number of attempts to 0.
display ipv6 interface brief *down: administratively down (s): spoofing Interface Physical Protocol IPv6 Address Vlan-interface1 down down Unassigned Vlan-interface2 up up 2001::1 Vlan-interface100 up up Unassigned Table 57 Command output Field Description *down: administratively down The interface has been administratively shut down with the shutdown command. Spoofing attribute of the interface.
Examples # Display IPv6 prefix information for VLAN-interface 10. display ipv6 interface Vlan-interface10 prefix Prefix: 1001::/65 Age: Origin: ADDRESS - Flag: AL Lifetime(Valid/Preferred): 2592000/604800 Prefix: 2001::/64 Age: Origin: STATIC - Flag: L Lifetime(Valid/Preferred): 3000/2000 Prefix: 3001::/64 Age: Origin: RA 600 Flag: A Lifetime(Valid/Preferred): - Table 58 Command output Filed Description Prefix IPv6 address prefix.
Views Any view Predefined user roles network-admin network-operator Parameters ipv6-address: Specifies the IPv6 address of a neighbor whose information is displayed. all: Displays information about all neighbors, including neighbors acquired dynamically and configured statically on the public network and all private networks. dynamic: Displays information about all neighbors acquired dynamically. static: Displays information about all neighbors configured statically.
Field Description State of a neighbor: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable. • STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. • DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. • PROBE—Whether the neighbor is reachable is unknown.
dynamic: Displays the total number of neighbor entries created dynamically. static: Displays the total number of neighbor entries configured statically. slot slot-number: Displays the total number of neighbor entries for the specified card. The slot-number argument specifies the number of the slot that holds the card. (MSR4000) interface interface-type interface-number: Displays the total number of neighbor entries of a specific interface.
Field Description Neighbor state: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable. • STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. • DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. • PROBE—Whether the neighbor is reachable is unknown.
Usage guidelines Use display ipv6 pathmtu to display the IPv6 Path MTU information, including the dynamic Path MTUs and the static Path MTUs. Examples # Display all Path MTU information. display ipv6 pathmtu all IPv6 destination address PathMTU Age Type 1:2::3:2 1800 - Static 1:2::4:2 1400 10 Dynamic 1:2::5:2 1280 10 Dynamic # Displays the total number of Path MTU entries.
Parameters slot slot-number: Displays brief information about IPv6 RawIP connections for the specified card. The slot-number argument specifies the number of the slot that holds the card. (MSR4000) Usage guidelines Brief information about IPv6 RawIP connections includes the local and peer IPv6 addresses, protocol number, and PCB. Examples # Display brief information about IPv6 RawIP connections.
slot slot-number: Displays detailed information about IPv6 RawIP connections for the specified card. The slot-number argument specifies the number of the slot that holds the card. (MSR4000) Usage guidelines Detailed information about an IPv6 RawIP connection includes socket's creator, state, option, type, and protocol number, and source and destination IPv6 addresses of the connection. Examples # Display detailed information about an IPv6 RawIP connection.
Field Description Sending buffer information: the used space, maximum space, minimum space, and the state in the parentheses. Sending buffer(cc/hiwat/lowat/state) The state can be: • • • • SBS_CANTSENDMORE—Unable to send data to the peer. SBS_CANTRCVMORE—Unable to receive data from the peer. SBS_RCVATMARK—Receiving tag. N/A—None of the above types. Socket type: Type • • • • • • SOCK_STREAM—1. SOCK_DGRAM—2. SOCK_RAW—3. SOCK_RDM—4. SOCK_SEQPACKET—5. N/A—None of the above types.
network-operator Parameters slot slot-number: Displays IPv6 and ICMPv6 packet statistics for the specified card. The slot-number specifies the number of the slot that holds the card. (MSR4000) Usage guidelines This command displays statistics about received and sent IPv6 and ICMPv6 packets. Use the reset ipv6 statistics command to clear the statistics of all IPv6 and ICMPv6 packets. If the slot slot-number option is not specified, this command displays IPv6 and ICMPv6 packet statistics for all cards.
Bad codes: 0 Unreachable: 0 Too big: 0 Hop limit exceeded: 0 Reassembly timeouts: 0 Parameter problems: 0 Unknown error types: 0 Echo requests: Neighbor solicits: Router solicits: 0 Echo replies: 0 Neighbor adverts: 0 Redirects: Router adverts: 0 Unknown info types: Router renumbering: 0 0 0 0 0 Deliver failed: Bad length: 0 Related commands reset ipv6 statistics display ipv6 tcp Use display ipv6 tcp to display brief information about IPv6 TCP connections.
2003::1->25 2001::2->1283 LISTEN 3 0x0000000000000009 Table 64 Command output Field Description * Indicates the TCP connection uses MD5 authentication. LAddr->port Local IPv6 address and port number. FAddr->port Peer IPv6 address and port number. TCP connection state: • • • • • State CLOSED—The server receives a disconnection request's reply from the client. LISTEN—The server is waiting for connection requests. SYN_SENT—The client is waiting for the server to reply to the connection request.
slot slot-number: Displays detailed information about IPv6 TCP connections for the specified card. The slot-number argument specifies the number of the slot that holds the card. (MSR4000) Usage guidelines Detailed information about an IPv6 TCP connection includes socket's creator, state, option, type, protocol number, source IPv6 address and port number, destination IPv6 address and port number, and the connection state. Examples # Display detailed information about an IPv6 TCP connection.
Field Description Sending buffer information: the used space, maximum space, minimum space, and state in the parentheses. Sending buffer(cc/hiwat/lowat/state) The state can be: • • • • SBS_CANTSENDMORE—Unable to send data to the peer. SBS_CANTRCVMORE—Unable to receive data from the peer. SBS_RCVATMARK—Receiving tag. N/A—None of the above states. Socket types: Type • • • • • • SOCK_STREAM—1. SOCK_DGRAM—2. SOCK_RAW—3. SOCK_RDM—4. SOCK_SEQPACKET—5. N/A—None of the above types.
Field Description Send VRF Sent instances. Receive VRF Received instances. display ipv6 udp Use display ipv6 udp to display brief information about IPv6 UDP connections. Syntax MSR2000/MSR3000: display ipv6 udp MSR4000: display ipv6 udp [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Displays brief information about IPv6 UDP connections for the specified card. The slot-number argument specifies the slot that holds the card.
display ipv6 udp verbose Use display ipv6 udp verbose to display detailed information about IPv6 UDP connections. Syntax MSR2000/MSR3000: display ipv6 udp verbose [ pcb pcb-index ] MSR4000: display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 UDP connections of the specified PCB. The value range for the pcb-index argumentis 1 to 16.
Table 67 Command output Field Description Total UDP socket number Total number of IPv6 UDP sockets. Slot Number of the slot that holds the card. Creator Task name of the socket. The progress number is in the square brackets. State Socket state. Options Socket options. Receiving buffer information: the used space, maximum space, minimum space, and state in the parentheses. Receiving buffer(cc/hiwat/lowat/state) The state can be: • • • • SBS_CANTSENDMORE—Unable to send data to the peer.
ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove the IPv6 global unicast address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No IPv6 global unicast address is configured for an interface.
undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast Default No IPv6 anycast address is configured for an interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies an IPv6 anycast address. prefix-length: Specifies a prefix length in the range of 1 to 128. Examples # Set the IPv6 anycast address of interface Ethernet 1/1 to 2001::1 with prefix length 64.
Examples # Enable stateless address autoconfiguration on interface Ethernet 1/1. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] ipv6 address auto ipv6 address auto link-local Use ipv6 address auto link-local to automatically generate a link-local address for an interface. Use undo ipv6 address auto link-local to remove the automatically generated link-local address for the interface.
Examples # Configure Ethernet 1/1 to automatically generate a link-local address. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] ipv6 address auto link-local Related commands ipv6 address link-local ipv6 address eui-64 Use ipv6 address eui-64 to configure an EUI-64 IPv6 address for an interface. Use undo ipv6 address eui-64 to remove the EUI-64 IPv6 address of the interface.
Related commands display ipv6 interface ipv6 address link-local Use ipv6 address link-local to configure a link-local address for the interface. Use undo ipv6 address link-local to remove the link-local address of the interface. Syntax ipv6 address ipv6-address link-local undo ipv6 address ipv6-address link-local Default No link-local address is configured for the interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address: IPv6 link-local address.
Syntax ipv6 hop-limit value undo ipv6 hop-limit Default The hop limit is 64. Views System view Predefined user roles network-admin Parameters Value: Specifies the number of hops, in the range of 1 to 255. Usage guidelines The hop limit determines the number of hops that an IPv6 packet generated by the device can travel.
To prevent too many ICMPv6 error packets from affecting device performance, disable this function. Even with the function disabled, the device still sends Fragment Reassembly Time Exceeded packets. Examples # Disable sending ICMPv6 Time Exceeded packets. system-view [Sysname] undo ipv6 hoplimit-expires enable ipv6 icmpv6 error-interval Use ipv6 icmpv6 error-interval to set the interval and bucket size for ICMPv6 error messages. Use undo ipv6 icmpv6 error-interval to restore the default.
Syntax ipv6 icmpv6 multicast-echo-reply enable undo ipv6 icmpv6 multicast-echo-reply enable Default The device is disabled from replying to multicast echo requests. Views System view Predefined user roles network-admin Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host.
Usage guidelines It is a good practice to specify the IPv6 address of the loopback interface as the source IPv6 address for outgoing ping echo request and ICMPv6 error messages. This feature helps users to locate the sending device easily. Examples # Specify IPv6 address 1::1 as the source address for outgoing ICMPv6 packets. system-view [Sysname] ipv6 icmpv6 source 1::1 ipv6 mtu Use ipv6 mtu to set the MTU of IPv6 packets sent over an interface. Use undo ipv6 mtu to restore the default MTU.
Syntax ipv6 nd autoconfig managed-address-flag undo ipv6 nd autoconfig managed-address-flag Default The M flag is set to 0 so that the host can obtain an IPv6 address through stateless autoconfiguration. Views Interface view Predefined user roles network-admin Usage guidelines The M flag determines whether a host uses stateful autoconfiguration to obtain an IPv6 address. If the M flag is set to 1, the host uses stateful autoconfiguration (for example, from an DHCPv6 server to obtain an IPv6 address.
If the O flag is set to 1, the host uses stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 address. Otherwise, the host uses stateless autoconfiguration. Examples # Configure the host to obtain configuration information other than IPv6 address through stateless autoconfiguration.
ipv6 nd ns retrans-timer Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. Use undo ipv6 nd ns retrans-timer to restore the default. Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer Default The local interface sends NS messages at an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0, so that the interval for retransmitting an NS message is determined by the receiving device.
Default The neighbor reachable time on the local interface is 30000 milliseconds and the value of the Reachable Time field in RA messages is 0, so that the reachable time is determined by the receiving device. Views Interface view Predefined user roles network-admin Parameters value: Neighbor reachable time in the range of 1 to 3600000 milliseconds.
[Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] undo ipv6 nd ra halt ipv6 nd ra hop-limit unspecified Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages. Use undo ipv6 nd ra hop-limit unspecified to restore the default. Syntax ipv6 nd ra hop-limit unspecified undo ipv6 nd ra hop-limit unspecified Default The maximum number of hops in the RA messages is limited to 64.
Predefined user roles network-admin Parameters max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Specifies the minimum interval for advertising RA messages, in the range of 3 seconds to three-fourths of the maximum interval. Usage guidelines The device advertises RA messages at intervals of a random value between the maximum interval and the minimum interval.
[Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] ipv6 nd ra no-advlinkmtu ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages.
[Sysname-Ethernet1/1] ipv6 nd ra prefix 2001:10::100/64 100 10 Method 2: system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] ipv6 nd ra prefix 2001:10::100 64 100 10 ipv6 nd ra router-lifetime Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages. Use undo ipv6 nd ra router-lifetime to restore the default. Syntax ipv6 nd ra router-lifetime value undo ipv6 nd ra router-lifetime Default The router lifetime in RA messages is 1800 seconds.
Syntax ipv6 nd router-preference { high | low | medium } undo ipv6 nd router-preference Default The router preference is medium. Views Interface view Predefined user roles network-admin Parameters high: Sets the router preference to the highest. low: Sets the router preference to the lowest. medium: Sets the router preference to the medium. Usage guidelines A hosts selects a router with the highest preference as the default router.
Parameters ipv6-address: Specifies the IPv6 address of the static neighbor entry. mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of H-H-H. vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094. port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number. interface interface-type interface-number: Specifies a Layer 3 interface of the static neighbor entry by its type and number.
undo ipv6 neighbor link-local minimize Default All ND entries are assigned to the driver. Views System view Predefined user roles network-admin Usage guidelines Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries comprising link-local addresses. By default, the device assigns all ND entries to the driver.
Examples # Set the age timer for ND entries in stale state to 120 minutes. system-view [Sysname] ipv6 neighbor stale-aging 120 local-proxy-nd enable Use local-proxy-nd enable to enable local ND proxy. Use undo local-proxy-nd enable to restore the default. Syntax local-proxy-nd enable undo local-proxy-nd enable Default Local ND proxy is disabled.
Examples # Enable common ND proxy on interface Ethernet 1/1. system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] proxy-nd enable Related commands local-proxy-nd enable ipv6 neighbors max-learning-num Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries that an interface can learn, to prevent the interface from occupying too many neighbor table resources. Use undo ipv6 neighbors max-learning-num to restore the default.
[Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] ipv6 neighbors max-learning-num 10 ipv6 pathmtu Use ipv6 pathmtu to configure a static Path MTU for a specific IPv6 address. Use undo ipv6 pathmtu to remove the Path MTU configuration for a specific IPv6 address. Syntax ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address value undo ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address Default No static Path MTU is configured.
Syntax ipv6 pathmtu age age-time undo ipv6 pathmtu age Default The aging time for dynamic Path MTU is 10 minutes. Views System view Predefined user roles network-admin Parameters age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100. Usage guidelines After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU.
Usage guidelines The temporary address function enables the system to generate and preferably use the temporary IPv6 address of the sending interface as the source address of a packet. If the temporary IPv6 address cannot be used because of a DAD conflict, the system uses the public IPv6 address. Examples # Enable the system to preferably use the temporary IPv6 address of the sending interface as the source address of the packet.
ipv6 temporary-address Use ipv6 temporary-address to enable the system to generate a temporary IPv6 address. Use undo ipv6 temporary-address to disable the system from generating a temporary IPv6 address and remove the existed temporary addresses. Syntax ipv6 temporary-address [ valid-lifetime preferred-lifetime ] undo ipv6 temporary-address Default The system does not generate any temporary IPv6 address.
• The valid lifetime of a temporary IPv6 address takes the smaller of the following values: { The valid lifetime of the address prefix. { The valid lifetime configured for temporary IPv6 addresses. Examples # Enable the system to generate a temporary IPv6 address.
reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | static } MSR4000: reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number | static } Views User view Predefined user roles network-admin Parameters all: Clears static and dynamic neighbor information for all interfaces. dynamic: Clears dynamic neighbor information for all interfaces.
Predefined user roles network-admin Parameters all: Clears all Path MTUs. dynamic: Clears all dynamic Path MTUs. static: Clears all static Path MTUs. Examples # Clear all Path MTUs. reset ipv6 pathmtu all Related commands display ipv6 pathmtu reset ipv6 statistics Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics.
DHCPv6 commands Common DHCPv6 commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent). A DHCPv6 device adds its DUID in a sent packet. Examples # Display the DUID of the local device.
Parameters dscp-value: Specifies the DSCP value for DHCPv6 packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.
[Sysname-Ethernet1/2] ipv6 dhcp select relay Related commands • display ipv6 dhcp relay server-address • display ipv6 dhcp server DHCPv6 server commands address range Use address range to specify a non-temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation. Use undo address range to remove the non-temporary IPv6 address range in the address pool.
Examples # Configure a non-temporary IPv6 address range from 3ffe:501:ffff:100::10 through 3ffe:501:ffff:100::31 in address pool 1. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 [Sysname-dhcp6-pool-1] address range 3ffe:501:ffff:100::10 3ffe:501:ffff:100::31 Related commands • display ipv6 dhcp pool • network • temporary address range display ipv6 dhcp pool Use display ipv6 dhcp pool to display information about a DHCPv6 address pool.
to 3FFE:501:FFFF:100::210 Preferred lifetime 60480, valid lifetime 259200 Total address number: 17 Available: 17 In-use: 0 Static bindings: DUID: 0003000100e0fc000001 IAID: 0000003f Prefix: 3FFE:501:FFFF:200::/64 Preferred lifetime 604800, valid lifetime 2592000 DUID: 0003000100e0fc00cff1 IAID: 00000001 Address: 3FFE:501:FFFF:2001::1/64 Preferred lifetime 604800, valid lifetime 2592000 DNS server addresses: 2::2 Domain name: aaa.com SIP server addresses: 5::1 SIP server domain names: bbb.
Field Description SIP server addresses SIP server address. SIP server domain names Domain name of the SIP server. display ipv6 dhcp prefix-pool Use display ipv6 dhcp prefix-pool to display information about a prefix pool. Syntax display ipv6 dhcp prefix-pool [ prefix-pool-number ] Views Any view Predefined user roles network-admin network-operator Parameters prefix-pool-number: Displays detailed information about a prefix pool specified by its number in the range of 1 to 128.
Field Description Total prefix number Number of prefixes. display ipv6 dhcp server Use display ipv6 dhcp server to display DHCPv6 server configuration information. Syntax display ipv6 dhcp server [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Displays DHCPv6 server configuration information for the specified interface.
Field Description Preference value Server preference in the DHCPv6 Advertise message. The value ranges from 0 to 255. The bigger the value is, the higher preference the server has. Allow-hint Indicates whether desired address/prefix assignment is enabled. Rapid-commit Indicates whether rapid address/prefix assignment is enabled. display ipv6 dhcp server conflict Use display ipv6 dhcp server conflict to display information about IPv6 address conflicts.
display ipv6 dhcp server expired Use display ipv6 dhcp server expired to display lease expiration information. Syntax display ipv6 dhcp server expired [ address ipv6-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays lease expiration information for the specified IPv6 address.
Syntax display ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays binding information for the specified IPv6 address. pool pool-name: Displays binding information for the IPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters.
Table 73 Command output Field Description Pool DHCPv6 address pool. IPv6 address IPv6 address assigned. IPv6 address binding types: Type • Static(F)—Free static binding whose IPv6 address has not been assigned. • Static(O)—Offered static binding whose IPv6 address has been selected and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the client. • Static(C)—Committed static binding whose IPv6 address has been assigned to the client.
Parameters pool pool-name: Displays IPv6 prefix binding information for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. prefix prefix/prefix-len: Displays binding information for the specified IPv6 prefix. The value for the prefix length ranges from 1 to 128. Usage guidelines If you do not specify any parameter, the command displays all IPv6 prefix binding information. Examples # Display all IPv6 prefix binding information.
Field Description Prefix binding types: • Static(F)—Free static binding whose IPv6 prefix has not been assigned. • Static(O)—Offered static binding whose IPv6 prefix has been selected and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the client. • Static(C)—Committed static binding whose IPv6 prefix has been assigned to Type the client. • Auto(O)—Offered dynamic binding whose IPv6 prefix has been dynamically selected by the DHCPv6 server and sent in a DHCPv6-OFFER packet to the DHCPv6 client.
Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify any pool, the command displays DHCPv6 packet statistics for all address pools. Examples # Display all DHCPv6 packet statistics on the DHCPv6 server.
Field Description Number of messages received by the DHCPv6 server. The message types include: Packets received • • • • • • • • • Solicit. Request. Confirm. Renew. Rebind. Release. Decline. Information-request. Relay-forward. If statistics about a specific address pool are displayed, this field is not displayed. Packets dropped Number of packets discarded. If statistics about a specific address pool are displayed, this field is not displayed. Number of messages sent by the DHCPv6 server.
Parameters ipv6-address: Specifies the IPv6 address of a DNS server. Usage guidelines You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1.
ipv6 dhcp pool Use ipv6 dhcp pool to create a DHCPv6 address pool and enter its view. If the pool has been created, you directly enter its view. Use undo ipv6 dhcp pool to remove the specified DHCPv6 address pool. Syntax ipv6 dhcp pool pool-name undo ipv6 dhcp pool pool-name Default No DHCPv6 address pool is configured. Views System view Predefined user roles network-admin Parameters pool-name: Specifies a name for the DHCPv6 address pool, a case-insensitive string of 1 to 63 characters.
Default No prefix pool is configured. Views System view Predefined user roles network-admin Parameters prefix-pool-number: Specifies a prefix pool number in the range of 1 to 128. prefix prefix/prefix-len: Specifies a prefix/prefix length for the pool. The value for the prefix-len argument ranges from 1 to 128. assign-len assign-len: Specifies the assigned prefix length. The value ranges from 1 to 128, and must be greater than or equal to prefix-len.
Predefined user roles network-admin Parameters allow-hint: Enables desired address/prefix assignment. preference preference-value: Specifies the server preference in Advertise messages, in the range of 0 to 255. The default value is 0. A greater value specifies a higher preference. rapid-commit: Enables rapid address/prefix assignment involving two messages. Usage guidelines The allow-hint keyword enables the server to assign the desired address or prefix to the requesting client.
allow-hint: Enables desired address/prefix assignment. preference preference-value: Specifies the server preference in Advertise messages, in the range of 0 to 255. The default value is 0. A greater value specifies a higher preference. rapid-commit: Enables rapid address/prefix assignment involving two messages. Usage guidelines Upon receiving a DHCPv6 request, the DHCPv6 server selects an IPv6 address or prefix from the address pool applied to the receiving interface.
Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address, which cannot be lower than start-ipv6-address. If no end IPv6 address is specified, only the start IPv6 address is excluded from dynamic allocation. If it is specified, the IP addresses from start-ipv6-address through end-ipv6-address are all excluded from dynamic allocation. Usage guidelines You can exclude multiple IP address ranges from dynamic allocation.
is not specified, only the start-prefix/prefix-len is excluded from dynamic allocation. If it is specified, the prefixes from start-prefix/prefix-len to end-prefix/prefix-len are all excluded. Usage guidelines You can exclude multiple IPv6 prefix ranges from dynamic allocation. If the excluded IPv6 prefix is in a static binding, the prefix can still be assigned to the client.
Modifying or removing the network configuration removes assigned addresses in the current address pool. Examples # Specify the subnet 3ffe:501:ffff:100::/64 in DHCPv6 address pool 1. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64 Related commands • address range • display ipv6 dhcp pool • temporary address range option Use option to configure a self-defined DHCPv6 option in a DHCPv6 address pool.
If a DHCPv6 option is specified by both the dedicated command and the option command, the DHCPv6 server preferentially assigns the content specified by the dedicated command. For example, if a DNS server address is specified by the dns-server command and the option 23 command, the server uses the address specified by dns-server command. Examples # Configure Option 23 that specifies a DNS server address 2001:f3e0::1 in DHCPv6 address pool 1.
You cannot modify prefix pools that have been applied. To change the prefix pool for an address pool, you must remove the prefix pool application first. Examples # Apply prefix pool 1 to address pool 1, and use the default preferred lifetime and valid lifetime. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] prefix-pool 1 # Apply prefix pool 2 to address pool 2, and set the preferred lifetime to one day and the valid lifetime to three days.
Syntax reset ipv6 dhcp server expired [ address ipv6-address | pool pool-name ] Views User view Predefined user roles network-admin Parameters address ipv6-address: Clears binding information for the specified lease-expired IPv6 address. pool pool-name: Clears binding information for lease-expired IPv6 addresses in the address pool specified by its name, a case-insensitive string of 1 to 63 characters.
# Clears binding information for assigned IPv6 addresses in DHCPv6 address pool 1. reset ipv6 dhcp server ip-in-use pool 1 # Clears binding information for the assigned IPv6 address 2001:0:0:1::1. reset ipv6 dhcp server ip-in-use address 2001:0:0:1::1 Related commands display ipv6 dhcp server ip-in-use reset ipv6 dhcp server pd-in-use Use reset ipv6 dhcp server pd-in-use to clear binding information for assigned IPv6 prefixes.
Views User view Predefined user roles network-admin Examples # Clear DHCPv6 server statistics. reset ipv6 dhcp server statistics Related commands display ipv6 dhcp server statistics sip-server Use sip-server to specify the IPv6 address or domain name of a SIP server in the DHCPv6 address pool. Use undo sip-server to remove a SIP server.
static-bind Use static-bind to statically bind a client DUID or client IAID to an IPv6 address or prefix in the DHCPv6 address pool. Use undo static-bind to remove a static binding.
system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] static-bind prefix 2001:0410::/35 duid 00030001CA0006A400 iaid A1A1A1A1 Related commands display ipv6 dhcp pool temporary address range Use temporary address range to configure a temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation. Use undo temporary address range to remove the temporary IPv6 address range from the address pool.
[Sysname-dhcp6-pool-1] temporary address range 3ffe:501:ffff:100::50 3ffe:501:ffff:100::60 Related commands • display ipv6 dhcp pool • address range • network DHCPv6 relay agent commands display ipv6 dhcp relay server-address Use display ipv6 dhcp relay server-address to display DHCPv6 server addresses specified on the DHCPv6 relay agent.
Table 76 Command output Field Description Server address DHCPv6 server address specified on the DHCP relay agent. Outgoing Interface Output interface of DHCPv6 packets. If no output interface is specified, the device searches the routing table for the output interface. Related commands • ipv6 dhcp relay server-address • ipv6 dhcp select display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display DHCPv6 packet statistics on the DHCPv6 relay agent.
Relay-forward : 7 Relay-reply : 0 # Display DHCPv6 packet statistics on the DHCPv6 relay agent on Ethernet 1/1.
Field Description Relay-reply Number of sent Relay-reply packets. Related commands reset ipv6 dhcp relay statistics ipv6 dhcp relay server-address Use ipv6 dhcp relay server-address to specify a DHCPv6 server on the DHCPv6 relay agent. Use undo ipv6 dhcp relay server-address to remove DHCPv6 server addresses.
Related commands • display ipv6 dhcp relay server-address • ipv6 dhcp select reset ipv6 dhcp relay statistics Use reset ipv6 dhcp relay statistics to clear packets statistics on the DHCPv6 relay agent. Syntax reset ipv6 dhcp relay statistics [ interface interface-type interface-number ] Views User view Predefined user roles network-admin Parameters interface interface-type interface-number: Specifies an interface by its type and number.
network-operator Parameters address ipv6-address: Displays the DHCPv6 snooping entry for the specified IPv6 address. vlan vlan-id: Specifies the ID of the VLAN where the IPv6 address resides. Usage guidelines If you do not specify any parameters, the command displays all DHCPv6 snooping entries. Examples # Display all DHCPv6 snooping entries. display ipv6 dhcp snooping binding 1 DHCPv6 snooping entries found.
network-operator Examples # Display information about the file that stores DHCPv6 snooping entries. display ipv6 dhcp snooping binding database File name : database.dhcp Update interval : 600 seconds Latest write time : Feb 27 18:48:04 2012 Status : Last write succeeded. Table 79 Command output Field Description File name Name of the database file that stores the DHCPv6 snooping entries. Update interval Waiting period before the database file is updated, in seconds.
DHCPv6 packets sent : 200 Invalid DHCPv6 packets dropped : 0 Related commands reset ipv6 dhcp snooping packet statistics display ipv6 dhcp snooping trust Use display ipv6 dhcp snooping trust to display information about trusted ports. Syntax display ipv6 dhcp snooping trust Views Any view Predefined user roles network-admin network-operator Examples # Display information about trusted ports. display ipv6 dhcp snooping trust DHCPv6 snooping is enabled.
Parameters filename: Specifies the name or URL of the file. If the file is on an FTP or TFTP server, specify a URL. If the file is a local one, specify the file name, a case-sensitive string. Whether the URL is case sensitive depends on the server. For information about file name formats, see Fundamentals Configuration Guide. Usage guidelines This command enables the device to immediately save DHCPv6 snooping entries to the specified database file.
Views System view Predefined user roles network-admin Parameters seconds: Sets the waiting period in seconds, in the range of 60 to 864000. Usage guidelines When a DHCPv6 snooping entry is learned or removed, the device updates the database file when the waiting period is reached. All changed entries during that period will be updated. If no file has been specified, this command does not take effect. Examples # Set the device to wait 600 seconds (10 minutes) to update the database file.
ipv6 dhcp snooping binding record Use ipv6 dhcp snooping binding record to enable recording of client information in DHCPv6 snooping entries. Use undo ipv6 dhcp snooping binding record to disable the function. Syntax ipv6 dhcp snooping binding record undo ipv6 dhcp snooping binding record Default DHCPv6 snooping does not record client information.
Usage guidelines Use the DHCPv6-REQUEST check function to protect the DHCPv6 server against DHCPv6 client spoofing attacks. The function enables the DHCPv6 snooping device to check every received DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries. • If any of the criteria in an entry is matched, the device compares the entry with the message information. { { • If they are consistent, the device considers the message valid and forwards it to the DHCPv6 server.
ipv6 dhcp snooping max-learning-num Use ipv6 dhcp snooping max-learning-num to set the maximum number of DHCPv6 snooping entries for an interface to learn. Use undo ipv6 dhcp snooping max-learning-num to restore the default. Syntax ipv6 dhcp snooping max-learning-num number undo ipv6 dhcp snooping max-learning-num Default The number of DHCPv6 snooping entries for an interface to learn is not limited.
Usage guidelines This command takes effect only when DHCPv6 snooping is globally enabled. Examples # Enable support for Option 18.
ipv6 dhcp snooping option remote-id enable Use ipv6 dhcp snooping option remote-id enable to enable support for the remote-ID option (also called Option 37). Use undo ipv6 dhcp snooping option remote-id enable to restore the default. Syntax ipv6 dhcp snooping option remote-id enable undo ipv6 dhcp snooping option remote-id enable Default Option 37 is not supported.
Parameters vlan vlan-id: Specifies the VLAN where the DHCPv6 clients resides. remote-id: Specifies the a string of 1 to 128 characters as the remote ID. Examples # Specify device001 as the remote ID.
reset ipv6 dhcp snooping binding Use reset ipv6 dhcp snooping binding to clear DHCPv6 snooping entries. Syntax reset ipv6 dhcp snooping binding { all | address ipv6-address [ vlan vlan-id ] } Views User view Predefined user roles network-admin Parameters address ipv6-address: Clears the DHCPv6 snooping entry for the specified IPv6 address. vlan vlan-id: Clears DHCPv6 snooping entries for the specified VLAN. all: Clears all DHCPv6 snooping entries.
reset ipv6 dhcp snooping packet statistics Related commands display ipv6 dhcp snooping packet statistics 309
IPv6 fast forwarding commands display ipv6 fast-forwarding aging-time Use display ipv6 fast-forwarding aging-time to display the aging time of IPv6 fast forwarding entries. Syntax display ipv6 fast-forwarding aging-time Views Any view Predefined user roles network-admin network-operator Examples # Display the aging time of IPv6 fast forwarding entries.
Parameters ipv6-address: Specifies an IPv6 address. If you do not specify this argument, this command displays all IPv6 fast forwarding entries. slot slot-number: Specifies a card by the slot number. If you do not specify this option, this command displays IPv6 fast forwarding entries for all cards. (MSR4000) Usage guidelines This command displays IPv6 fast forwarding entries.
Field Description Output interface type and number. Output interface If no interface is involved in fast forwarding, this field displays N/A. If the output interface does not exist, this field displays a hyphen (-). Related commands • ipv6 fast-forwarding • reset ipv6 fast-forwarding cache ipv6 fast-forwarding Use ipv6 fast-forwarding to enable IPv6 fast forwarding. Use undo ipv6 fast-forwarding to disable IPv6 fast forwarding and remove all IPv6 fast forwarding entries.
Syntax ipv6 fast-forwarding aging-time aging-time undo ipv6 fast-forwarding aging-time Default The aging time of IPv6 fast forwarding entries is 30 seconds. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging time for IPv6 fast forwarding entries, in the range of 10 to 300 seconds. Examples # Set the aging time for IPv6 fast forwarding entries to 20 seconds.
• ipv6 fast-forwarding 314
Tunneling commands bandwidth Use bandwidth to configure the expected bandwidth of an interface. Use undo bandwidth to restore the default. Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth is 64 kbps. Views Tunnel interface view Predefined user roles network-admin Parameters bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps. Usage guidelines The expected bandwidth of an interface affects the link costs in OSPF, OSPFv3, and IS-IS.
Usage guidelines The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it in a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions. Use the display this command in interface view to identify these commands, and then use their undo forms or follow the command reference to individually restore their default settings.
destination Use destination to specify the destination address for a tunnel interface. Use undo destination to remove the configured tunnel destination address. Syntax destination { ip-address | ipv6-address } undo destination Default No tunnel destination address is configured. Views Tunnel interface view Predefined user roles network-admin Parameters ip-address: Specifies the tunnel destination IPv4 address. ipv6-address: Specifies the tunnel destination IPv6 address.
• source display ds-lite b4 information Use display ds-lite b4 information to display information about the connected B4 routers on the AFTR, including the IPv6 addresses of the B4 routers, and the assigned tunnel IDs. Syntax display ds-lite b4 information Views Any view Predefined user roles network-admin network-operator Examples # (MSR2000/MSR3000) Display information about the connected B4 routers.
Field Description ID of the tunnel interface on the DS-Lite tunnel to which the mapping belongs. Tunnel interface Idle time When the tunnel to which the mapping belongs is removed or a tunnel with a same ID but different mode is created, this field displays hyphens (--). Remaining time in minutes for the mapping between IPv6 address of the B4 router and tunnel ID. When the mapping ages out but is still applied by a session, this field displays hyphens (--).
Line protocol state: UP Description: Tunnel1 Interface Bandwidth: 64kbps Maximum Transmit Unit: 1476 Internet Address is 10.1.2.
Field Description Tunnel keepalive enabled, Period(50 s), Retries(3) Keepalive is enabled to detect the state of the tunnel interface. In this example, keepalive packets are sent every 50 seconds, and the maximum sending times are three. Tunnel TOS ToS of tunneled packets. Tunnel TTL TTL of tunneled packets. Tunnel mode and transport protocol: • • • • • • • • Tunnel protocol/transport GRE/IP—GRE over IPv4 tunnel mode. GRE/IPv6—GRE over IPv6 tunnel mode. IP/IP—IPv4 over IPv4 tunnel mode.
Tun1 DOWN Not connected Table 84 Command output Field Description Brief information of interface(s) under route mode Brief information about Layer 3 interfaces. Link status: Link: ADM - administratively down; Stby - standby • ADM—The interface has been administratively shut down. To recover its physical state, use the undo shutdown command. • Stby—The interface is a backup interface.
undo ds-lite enable Default DS-Lite tunneling is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines Use this command on the AFTR's interface that connects to the public IPv4 network, so the AFTR can forward IPv4 packets to the B4 router through the DS-Lite tunnel. You cannot enable DS-Lite tunneling on a DS-Lite tunnel interface on the AFTR. Examples # Enable DS-Lite tunneling on interface Ethernet 1/1.
Examples # Set the maximum number of nested encapsulations to 3 on the tunnel interface. system-view [Sysname] interface tunnel 1 mode ipv6 [Sysname-Tunnel1] encapsulation-limit 3 Related commands display interface tunnel interface tunnel Use interface tunnel to create a tunnel interface, specify the tunnel mode, and enter tunnel interface view. Use undo interface tunnel to delete a specific tunnel interface.
A tunnel interface number is locally significant. The tunnel interfaces on the two ends of a tunnel can use the same or different interface numbers. Examples # Create a GRE over IPv4 tunnel interface Tunnel 1 and enter tunnel interface view. system-view [Sysname] interface tunnel 1 mode gre [Sysname-Tunnel1] Related commands • destination • display interface tunnel • source mtu Use mtu to set the MTU for IPv4 packets on a tunnel interface. Use undo mtu to restore the default.
Predefined user roles network-admin Parameters number: Specifies the tunnel interface number. Usage guidelines Use this command to clear old statistics so you can observe new traffic statistics on a tunnel interface. If you do not specify any parameter, this command clears the statistics for all interfaces. If you specify only the tunnel keyword, this command clears the statistics for all tunnel interfaces.
source Use source to specify the source address or source interface for the tunnel interface. Use undo source to restore the default. Syntax source { ip-address | ipv6-address | interface-type interface-number } undo source Default No source address or source interface is specified for the tunnel interface. Views Tunnel interface view Predefined user roles network-admin Parameters ip-address: Specifies the tunnel source IPv4 address. ipv6-address: Specifies the tunnel source IPv6 address.
tunnel dfbit enable Use tunnel dfbit enable to set the Don't Fragment (DF) bit for tunneled packets. Use undo tunnel dfbit enable to restore the default. Syntax tunnel dfbit enable undo tunnel dfbit enable Default The DF bit is not set for tunneled packets. Views Tunnel interface view Predefined user roles network-admin Usage guidelines To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than tunneled packets.
Usage guidelines The tunnel discard ipv4-compatible-packet command enables the device to check the source and destination IPv6 addresses of the de-encapsulated IPv6 packets from the tunnel and discard packets that use a source or destination IPv4-compatible IPv6 address. Examples # Enable dropping of IPv6 packets using IPv4-compatible IPv6 addresses. system-view [Sysname] tunnel discard ipv4-compatible-packet tunnel tos Use tunnel tos to set the ToS of tunneled packets.
Syntax tunnel ttl ttl-value undo tunnel ttl Default The TTL of tunneled packets is 255. Views Tunnel interface view Predefined user roles network-admin Parameters ttl-value: Specifies the TTL of tunneled packets, in the range of 1 to 255. Usage guidelines The TTL determines the maximum number of hops that the tunneled packets can pass. When the TTL expires, the tunneled packet is discarded to avoid loops. Examples # Set the TTL of tunneled packets to 100 on the interface Tunnel 1.
Usage guidelines The device looks up the routing table of the specified VPN to forward tunneled packets on the tunnel interface. To set the VPN for the tunnel source, use the ip binding vpn-instance command on the tunnel source interface. The tunnel source and destination must belong to the same VPN. Otherwise, the tunnel interface cannot go up. Examples # Specify the VPN instance vpn10 for the tunnel destination on the interface Tunnel 1.
Flow classification commands The following matrix shows the feature and router compatibility: Feature MSR2000 MSR3000 MSR4000 Flow classification No Yes Yes forwarding policy Use forwarding policy to specify a flow classification policy. Use undo forwarding policy to restore the default. Syntax forwarding policy { per-flow | per-packet } undo forwarding policy Default The flow-based policy is used.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEFGILMNOPRSTUVW dhcp relay information enable,65 A dhcp relay information remote-id,66 address,123 dhcp relay information strategy,67 address range,264 dhcp relay release ip,68 address range,27 dhcp relay server-address,69 arp check enable,1 dhcp select,26 arp check log enable,1 dhcp server always-broadcast,31 arp ip-conflict log prompt,12 dhcp server apply ip-pool,32 arp max-learning-num,2 dhcp server bootp ignore,32 arp max-learning-number,3 dhcp server bootp reply-rfc-1048,33
display dhcp relay statistics,73 display ipv6 icmp statistics,210 display dhcp server conflict,37 display ipv6 interface,211 display dhcp server expired,38 display ipv6 interface prefix,215 display dhcp server free-ip,39 display ipv6 neighbors,216 display dhcp server ip-in-use,40 display ipv6 neighbors count,218 display dhcp server pool,41 display ipv6 neighbors vpn-instance,219 display dhcp server statistics,43 display ipv6 pathmtu,220 display dhcp snooping binding,91 display ipv6 rawip,221
ipv6 dhcp pool,278 dns-list,45 dns-server,276 ipv6 dhcp prefix-pool,278 Documents,333 ipv6 dhcp relay server-address,295 domain-name,46 ipv6 dhcp select,263 domain-name,277 ipv6 dhcp server,279 ds-lite enable,322 ipv6 dhcp server apply pool,280 E ipv6 dhcp server forbidden-address,281 ipv6 dhcp server forbidden-prefix,282 encapsulation-limit,323 ipv6 dhcp snooping binding database filename,299 expired,46 ipv6 dhcp snooping binding database update interval,300 F ipv6 dhcp snooping binding d
ipv6 nd router-preference,249 option,54 ipv6 neighbor,250 P ipv6 neighbor link-local minimize,251 password,118 ipv6 neighbor stale-aging,252 prefix-pool,285 ipv6 neighbors max-learning-num,254 proxy-arp enable,17 ipv6 pathmtu,255 proxy-nd enable,253 ipv6 pathmtu age,255 ipv6 prefer temporary-address,256 R ipv6 redirects enable,257 reset arp,10 ipv6 temporary-address,258 reset counters interface,325 ipv6 unreachables enable,259 reset dhcp relay client-information,74 L reset dhcp relay st
T tunnel vpn-instance,330 tcp mss,200 U tcp path-mtu-discovery,201 udp-helper enable,206 tcp syn-cookie enable,202 udp-helper port,206 tcp timer fin-timeout,203 udp-helper server,207 tcp timer syn-timeout,203 username,121 tcp window,204 V temporary address range,291 tftp-server domain-name,58 voice-config,60 tftp-server ip-address,59 W tunnel dfbit enable,328 Websites,333 tunnel discard ipv4-compatible-packet,328 tunnel tos,329 tunnel ttl,329 340
