HP MSR Router Series Layer 3 - IP Services Command Reference(V7) Part number: 5998-5692 Software version: CMW710-R0106 Document version: 6PW100-20140607
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents ARP commands····························································································································································· 1 arp check enable ······················································································································································ 1 arp check log enable ············································································································································
display dhcp server conflict ·································································································································· 38 display dhcp server expired ································································································································· 39 display dhcp server free-ip ··································································································································· 40 display dhcp server ip-in
dhcp snooping binding record ···························································································································· 85 dhcp snooping check mac-address ····················································································································· 86 dhcp snooping check request-message··············································································································· 86 dhcp snooping enable ·······························
display nat address-group ·································································································································· 133 display nat dns-map ············································································································································ 134 display nat eim ···················································································································································· 135 display nat inbou
Flow classification commands ································································································································ 194 forwarding policy ················································································································································ 194 IPv4 adjacency table commands ··························································································································· 195 display adjacent-table ·
display ipv6 interface ········································································································································· 240 display ipv6 interface prefix ······························································································································ 244 display ipv6 neighbors ······································································································································· 245 display ipv6 neighbors
DHCPv6 commands ················································································································································ 296 Common DHCPv6 commands ···································································································································· 296 display ipv6 dhcp duid ······································································································································· 296 ipv6 dhcp dscp ·········
ipv6 dhcp snooping binding database filename ····························································································· 343 ipv6 dhcp snooping binding database update interval ·················································································· 344 ipv6 dhcp snooping binding database update now ······················································································· 345 ipv6 dhcp snooping binding record ·························································
display vam server statistics ······························································································································· 393 encryption-algorithm············································································································································ 396 hub-group ····························································································································································· 397 hub ipv6 priv
Subscription service ············································································································································ 452 Related information ······················································································································································ 452 Documents ···························································································································································· 452
ARP commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. arp check enable Use arp check enable to enable dynamic ARP entry check. Use undo arp check enable to disable dynamic ARP entry check. Syntax arp check enable undo arp check enable Default Dynamic ARP entry check is enabled.
Default ARP logging is disabled. Views System view Predefined user roles network-admin Usage guidelines This function enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The events include the following: • • On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the following IP addresses: { The IP address of the receiving interface. { The virtual IP address of the VRRP group. { The NATed external address.
VLAN interface view Predefined user roles network-admin Parameters number: Specifies the maximum number of dynamic ARP entries for an interface. The following matrix shows the value ranges and default values for the number argument: Hardware Value range Default MSR2000 0 to 4096 4096 MSR3000 0 to 4096 4096 MSR4000 0 to 16384 16384 Usage guidelines An interface can dynamically learn ARP entries.
arp max-learning-number number slot slot-number undo arp max-learning-number slot slot-number Views System view Predefined user roles network-admin Parameters number: Specifies the maximum number of dynamic ARP entries for a device. The following matrix shows the value ranges and default values for the number argument: Hardware Value range Default MSR2000 0 to 4096 4096 MSR3000 0 to 4096 4096 MSR4000 0 to 16384 16384 slot slot-number: Specifies a card by its slot number.
Parameters ip-address: Specifies an IP address for the static ARP entry. mac-address: Specifies a MAC address for the static ARP entry, in the format H-H-H. vlan-id: Specifies the ID of a VLAN to which the static ARP entry belongs. The value range is 1 to 4094. The VLAN and VLAN interface must already exist. interface-type interface-number: Specifies an interface by its type and number. Make sure the interface belongs to the specified VLAN.
undo arp timer aging Default The aging timer for dynamic ARP entries is 20 minutes. Views System view Predefined user roles network-admin Parameters aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes. Usage guidelines Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated.
dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. slot slot-number: Specifies a card by its slot number. (MSR4000) vlan vlan-id: Specifies a VLAN by its VLAN ID. The VLAN ID is in the range of 1 to 4094. interface interface-type interface-number: Specifies an interface by its type and number. count: Displays the number of ARP entries. verbose: Displays detailed information about ARP entries.
Field Description MAC Address MAC address in an ARP entry. VLAN ID of the VLAN to which the ARP entry belongs. Interface Output interface in an ARP entry. Aging Aging time for a dynamic ARP entry in minutes. N/A means unknown aging time or no aging time. ARP entry type: Type • • • • • D—Dynamic. S—Static. O—OpenFlow. M—Multiport. I—Invalid. Vpn Instance Name of VPN instance. [No Vrf] is displayed if no VPN instance is configured for the ARP entry.
Examples # Display the ARP entry for the IP address 20.1.1.1. display arp 20.1.1.1 Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid IP address MAC address VLAN Interface Aging Type 20.1.1.1 00e0-fc00-0001 N/A N/A N/A S Related commands • arp static • reset arp display arp timer aging Use display arp timer aging to display the aging timer of dynamic ARP entries.
Usage guidelines This command displays information about ARP entries for a VPN, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer. Examples # Display ARP entries for the VPN instance named test. display arp vpn-instance test Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid IP address MAC address VLAN ID Interface Aging Type 20.1.1.
reset arp static Related commands • arp static • display arp 11
Gratuitous ARP commands arp ip-conflict log prompt Use arp ip-conflict log prompt to enable IP conflict notification without conflict confirmation. Use undo arp ip-conflict log prompt to restore the default. Syntax arp ip-conflict log prompt undo arp ip-conflict log prompt Default The IP conflict notification is disabled. The receiving device sends a gratuitous ARP request, and it displays an error message after it receives an ARP reply about the conflict.
Predefined user roles network-admin Parameters interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds. Usage guidelines This function takes effect only when the enabled interface is up and an IP address has been assigned to the interface.
When this function is disabled, the device uses the received gratuitous ARP packets to update existing ARP entries only. ARP entries are not created based on the received gratuitous ARP packets, which saves ARP table space. Examples # Enable learning of gratuitous ARP packets.
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the local proxy ARP status. Syntax display local-proxy-arp [ interface interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The local ARP proxy status can be enabled or disabled.
Parameters interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines The proxy ARP status can be enabled or disabled. If an interface is specified, this command displays proxy ARP status for the specified interface. If no interface is specified, this command displays proxy ARP status for all interfaces. Examples # Display the proxy ARP status on GigabitEthernet 2/1/1.
Local proxy ARP allows communication between hosts that connect to the same Layer-3 interface and reside in different broadcast domains. Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on GigabitEthernet 2/1/1. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] local-proxy-arp enable # Enable local proxy ARP on GigabitEthernet 2/1/1 for an IP address range.
Examples # Enable proxy ARP on GigabitEthernet 2/1/1.
IP addressing commands display ip interface Use display ip interface to display IP configuration and statistics for the specified Layer 3 interface or all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 2 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command. • DOWN—The interface is administratively up but its physical state is down, which might be caused by a connection or link failure.
Field ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: Description Total number of ICMP packets received on the interface (statistics start at the device startup): • • • • • • • • • • • • • • • • Echo reply packets. Unreachable packets. Source quench packets.
• Without this keyword, the command displays a maximum of 9 characters for each interface description. If the description is longer than 9 characters, the first 9 characters are displayed, followed by an ellipsis (...). Usage guidelines Information displayed by this command includes the state of the physical and link layer protocols, IP address, and interface descriptions.
Related commands • display ip interface • ip address ip address Use ip address to assign an IP address to the interface. Use undo ip address to remove the IP address from the interface. Syntax ip address ip-address { mask-length | mask } [ sub ] undo ip address [ ip-address { mask-length | mask } [ sub ] ] Default No IP address is assigned to an interface.
system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] ip address 129.102.0.1 255.255.255.0 [Sysname-GigabitEthernet2/1/1] ip address 202.38.160.1 255.255.255.0 sub Related commands • display ip interface • display ip interface brief ip address unnumbered Use ip address unnumbered to configure the current interface as IP unnumbered to borrow an IP address from the specified interface. Use undo ip address unnumbered to disable IP unnumbered on the interface.
[Sysname-Tunnel0] ip address unnumbered interface gigabitethernet 2/1/1 25
DHCP commands Common DHCP commands dhcp dscp Use dhcp dscp to set the DSCP value for DHCP packets sent by the DHCP server or the DHCP relay agent. Use undo dhcp dscp to restore the default. Syntax dhcp dscp dscp-value undo dhcp dscp Default The DSCP value in DHCP packets is 56. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Views System view Predefined user roles network-admin Usage guidelines Enable DHCP before you perform DHCP server or relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp select Use dhcp select to enable the DHCP server or DHCP relay agent on an interface. Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The interface discards DHCP packets.
DHCP server commands address range Use address range to configure an IP address range in a DHCP address pool for dynamic allocation. Use undo address range to remove the IP address range in the address pool. Syntax address range start-ip-address end-ip-address undo address range Default No IP address range is configured. Views DHCP address pool view Predefined user roles network-admin Parameters start-ip-address: Specifies the start IP address. end-ip-address: Specifies the end IP address.
bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key undo bims-server Default No BIMS server information is specified. Views DHCP address pool view Predefined user roles network-admin Parameters ip ip-address: Specifies the IP address of the BIMS server.
undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Predefined user roles network-admin Parameters bootfile-name: Specifies the boot file name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use the bootfile-name command multiple times, the most recent configuration takes effect. Examples # Specify the boot file name boot.cfg in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] bootfile-name boot.
start-ip-address: Specifies the start IP address. end-ip-address: Specifies the end IP address. Usage guidelines The class command enables you to divide an address range into multiple address ranges for different DHCP user classes. The address range for a user class must be within the primary subnet specified by the network command. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command.
Usage guidelines In the DHCP user class view, use the if-match command to configure a match rule to match specific clients. Then use the class command to specify an IP address range for the matching clients. Examples # Create a DHCP user class test and enter DHCP user class view.
dhcp server apply ip-pool Use dhcp server apply ip-pool to apply an address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration. Syntax dhcp server apply ip-pool pool-name undo dhcp server apply ip-pool Default No address pool is applied on an interface Views Interface view Predefined user roles network-admin Parameters pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63 characters.
Views System view Predefined user roles network-admin Usage guidelines The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests. Examples # Configure the DHCP server to ignore BOOTP requests.
Use undo dhcp server forbidden-ip to remove the configuration. Syntax dhcp server forbidden-ip start-ip-address [ end-ip-address ] undo dhcp server forbidden-ip start-ip-address [ end-ip-address ] Default No IP addresses are excluded from dynamic allocation. Views System view Predefined user roles network-admin Parameters start-ip-address: Specifies the start IP address. end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address.
Default No DHCP address pool is created. Views System view Predefined user roles network-admin Parameters pool-name: Specifies the name for the DHCP address pool, a case-insensitive string of 1 to 63 characters used to uniquely identify this pool. Usage guidelines A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients. Examples # Create a DHCP address pool named pool1.
If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP client. Examples # Specify the maximum number of ping packets as 10.
dhcp server relay information enable Use dhcp server relay information enable to enable the DHCP server to handle Option 82. Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82. Syntax dhcp server relay information enable undo dhcp server relay information enable Default The DHCP server handles Option 82.
The DHCP server discovers that the only assignable address in the address pool is its own IP address. • Examples # Display information about all IP address conflicts. display dhcp server conflict IP address Detect time 4.4.4.1 Apr 25 16:57:20 2007 4.4.4.2 Apr 25 17:00:10 2007 Table 4 Command output Field Description IP address Conflicted IP address. Detect time Time when the conflict was discovered.
Table 5 Command output Field Description IP address Expired IP address. Client-identifier/Hardware address Client ID or MAC address. Lease expiration Time when the lease expired. Related commands reset dhcp server expired display dhcp server free-ip Use display dhcp server free-ip to display information about assignable IP addresses.
Table 6 Command output Field Description Pool name Name of the address pool. Network Assignable network. IP ranges Assignable IP address range. Secondary networks Assignable secondary networks. Related commands • address range • dhcp server ip-pool • network display dhcp server ip-in-use Use display dhcp server ip-in-use to display binding information about assigned IP addresses.
7468-6572-6e65-74 10.1.1.3 1111-1111-1111 After 2100 Static(C) Table 7 Command output Field Description IP address IP address assigned. Client identifier/Hardware address Client ID or hardware address. Lease expiration time: • Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire. Lease expiration • Not used—The IP address of the static binding has not been assigned to the specific client. • Unlimited—Infinite lease expiration time.
Examples # Display information about all DHCP address pools. display dhcp server pool Pool name: 0 Network 20.1.1.0 mask 255.255.255.0 class a range 20.1.1.50 20.1.1.60 bootfile-name abc.cfg dns-list 20.1.1.66 20.1.1.67 20.1.1.68 domain-name www.aabbcc.com bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU= option 2 ip-address 1.1.1.1 expired 1 2 3 0 Pool name: 1 Network 20.1.1.0 mask 255.255.255.0 secondary networks: 20.1.2.0 mask 255.255.255.0 20.1.3.0 mask 255.255.255.
expired unlimited Table 8 Command output Field Description Pool name Name of an address pool. Network Assignable network. secondary networks Assignable secondary networks. address range Assignable address range. class class-name range DHCP user class and its address range. static bindings Static IP-to-MAC/client ID bindings. option Customized DHCP option. expired Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3 minutes 4 seconds.
network-operator Parameters pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all address pools. Examples # Display the DHCP server statistics. display dhcp server statistics Pool number: 1 Pool utilization: 0.
Field Description DHCP packets received from clients: Messages received • • • • • • DHCPDISCOVER. DHCPREQUEST. DHCPDECLINE. DHCPRELEASE. DHCPINFORM. BOOTPREQUEST. This field is not displayed if you display statistics for a specific address pool. DHCP packets sent to clients: Messages sent • • • • DHCPOFFER. DHCPACK. DHCPNAK. BOOTPREPLY. This field is not displayed if statistics about a specific address pool are displayed. Bad Messages Number of bad messages.
If you do not specify any parameters, the undo dns-list command deletes all DNS server addresses in the DHCP address pool. Examples # Specify the DNS server address 10.1.1.254 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] dns-list 10.1.1.254 Related commands display dhcp server pool domain-name Use domain-name to specify a domain name in a DHCP address pool. Use undo domain-name to remove the specified domain name.
Syntax expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited } undo expired Default The lease duration of a dynamic address pool is one day. Views DHCP address pool view Predefined user roles network-admin Parameters day day: Specifies the number of days, in the range of 0 to 365. hour hour: Specifies the number of hours, in the range of 0 to 23. minute minute: Specifies the number of minutes, in the range of 0 to 59.
Default No IP addresses are excluded from dynamic allocation in an address pool. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces. Usage guidelines The excluded IP addresses in an address pool are still assignable in other address pools. You can exclude a maximum of 4096 IP addresses in an address pool.
Usage guidelines If you use this command multiple times, the most recent configuration takes effect. If you do not specify any parameters, the undo gateway-list command deletes all gateway addresses. If you specify gateways in both address pool view and secondary subnet view, DHCP assigns the gateway addresses in the secondary subnet view to the clients on the secondary subnet.
length length: Matches the specified length of the option, in the range of 1 to 128 bytes. The specified length must be the same as the hex-string length. Usage guidelines You can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified by a rule ID. Different match rules can include the same option code, but they cannot have the same matching criteria. The DHCP server matches DHCP requests against the match rules.
undo nbns-list [ ip-address&<1-8> ] Default No WINS server address is specified. Views DHCP address pool view Predefined user roles network-admin Parameters ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to eight WINS server addresses separated by spaces. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. If you do not specify any parameters, the undo nbns-list command deletes all WINS server addresses.
h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server. m-node: Specifies the mixed node. An m-node client broadcasts the destination name. If it does not receive a response, the m-node client unicasts the destination name to the WINS server to get the mapping. p-node: Specifies the peer-to-peer node.
Usage guidelines You can use the secondary keyword to specify a secondary subnet and enter its view, where you can specify gateways by using the gateway-list command for DHCP clients in the secondary subnet. You can specify only one primary subnet for a DHCP address pool. If you use the network command multiple times, the most recent configuration takes effect. You can specify up to 32 secondary subnets for a DHCP address pool.
Usage guidelines Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it contacts the specified server, such as a TFTP server, to get other boot information. If you use the next-server command multiple times, the most recent configuration takes effect. Examples # Specify a server's IP address 10.1.1.254 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] next-server 10.1.1.
• Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients. • Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command. For example, the dns-list command can specify up to eight DNS servers. To specify more than eight DNS server, you must use the option 6 command to define all DNS servers.
reset dhcp server expired Use reset dhcp server expired to clear binding information about expired IP addresses. Syntax reset dhcp server expired [ ip ip-address | pool pool-name ] Views User view Predefined user roles network-admin Parameters ip ip-address: Clears binding information about the specified expired IP address. pool pool-name: Clears binding information about the expired IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.
Examples # Clear binding information about the IP address 10.110.1.1. reset dhcp server ip-in-use ip 10.110.1.1 Related commands display dhcp server ip-in-use reset dhcp server statistics Use reset dhcp server statistics to clear DHCP server statistics. Syntax reset dhcp server statistics Views User view Predefined user roles network-admin Examples # Clear DHCP server statistics.
client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…., in which the last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is a correct ID, while aabb-c-dddd and aabb-cc-dddd are incorrect IDs.
Parameters domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters. Usage guidelines If you use this command multiple times, the most recent configuration takes effect. Examples # Specify the TFTP server name aaa in DHCP address pool 0.
voice-config Use voice-config to configure the content for Option 184 in a DHCP address pool. Use undo voice-config to remove the Option 184 content from a DHCP address pool. Syntax voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } } undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ] Default No Option 184 content is configured in a DHCP address pool.
DHCP relay agent commands dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the relay agent. Syntax dhcp relay check mac-address undo dhcp relay check mac-address Default The MAC address check function is disabled.
undo dhcp relay check mac-address aging-time Default The aging time is 30 seconds. Views System view Predefined user roles network-admin Parameters time: Specifies the aging time for MAC address check entries in seconds, in the range of 30 to 600. Usage guidelines This command takes effect only after you execute the dhcp relay check mac-address command. Examples # Set the aging time for MAC address check entries on the DHCP relay agent to 60 seconds.
Related commands • dhcp relay client-information refresh • dhcp relay client-information refresh enable dhcp relay client-information refresh Use dhcp relay client-information refresh to configure the interval at which the DHCP relay agent periodically refreshes relay entries. Use undo dhcp relay client-information refresh to restore the default.
undo dhcp relay client-information refresh enable Default The DHCP relay agent periodically refreshes relay entries. Views System view Predefined user roles network-admin Usage guidelines A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.
Views Interface view Predefined user roles network-admin Parameters string circuit-id: Specifies a case-sensitive string of 3 to 63 characters as the content of the Circuit ID sub-option. normal: Specifies the normal mode, in which the padding content consists of the VLAN ID and port number. verbose: Specifies the verbose mode. The padding content includes the VLAN ID and interface number. node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier.
Keyword (mode) If no padding format is specified If the padding format is ascii The padding format is hex normal Hex. ASCII. Hex. Hex for the VLAN ID. verbose ASCII for the node identifier and Ethernet type. ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number. ASCII. Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID.
If this feature is disabled, the relay agent forwards requests that contain or do not contain Option 82 to the DHCP server. Examples # Enable Option 82 support on the relay agent.
If you use the command multiple times, the most recent configuration takes effect. Examples # Specify the padding content for the Remote ID sub-option of Option 82 as device001.
[Sysname-GigabitEthernet2/1/1] dhcp relay information strategy keep Related commands • dhcp relay information enable • display dhcp relay information dhcp relay release ip Use dhcp relay release ip to release a specific client IP address. Syntax dhcp relay release ip client-ip [ vpn-instance vpn-instance-name ] Views System view Predefined user roles network-admin Parameters client-ip: Specifies the IP address to be released.
Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP packets received from DHCP clients to this DHCP server. Usage guidelines The specified IP address of the DHCP server must not reside on the same subnet as the IP address of the DHCP relay agent interface. Otherwise, the DHCP clients might fail to obtain IP addresses. You can specify a maximum of eight DHCP servers on an interface.
Field Description Interface Interface where the attack comes from. Aging-time Aging time of the MAC address check entry, in seconds. display dhcp relay client-information Use display dhcp relay client-information to display relay entries on the relay agent.
Field Description IP address IP address of the DHCP client. MAC address MAC address of the DHCP client. Relay entry type: • Dynamic—The relay agent creates a dynamic relay entry upon receiving an ACK response from the DHCP server. Type • Temporary—The relay agent creates a temporary relay entry upon receiving a REQUEST packet from a DHCP client. Interface Layer 3 interface connected to the DHCP client. N/A is displayed for relay entries without interface information.
Strategy: Replace Circuit ID Pattern: User Defined Remote ID Pattern: User Defined Circuit ID format-type: ASCII Remote ID format-type: ASCII User defined: Circuit ID: vlan100 Remote ID: device001 Table 13 Command output Field Description Interface Interface name. Option 82 states: Status • Enable—DHCP relay agent support for Option 82 is enabled. • Disable—DHCP relay agent support for Option 82 is disabled.
Parameters interface interface-type interface-number: Displays DHCP server addresses on the specified interface. If you do not specify any interface, the command displays DHCP server addresses on all interfaces operating in DHCP relay agent mode. Examples # Display DHCP server addresses on all interfaces operating in DHCP relay agent mode. display dhcp relay server-address Interface name Server IP address GE2/1/1 2.2.2.
DHCP packets received from servers: 0 DHCPOFFER: 0 DHCPACK: 0 DHCPNAK: 0 BOOTPREPLY: 0 DHCP packets relayed to servers: 0 DHCPDISCOVER: 0 DHCPREQUEST: 0 DHCPINFORM: 0 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets relayed to clients: 0 DHCPOFFER: 0 DHCPACK: 0 DHCPNAK: 0 BOOTPREPLY: 0 DHCP packets sent to servers: 0 DHCPDISCOVER: 0 DHCPREQUEST: 0 DHCPINFORM: 0 DHCPRELEASE: 0 DHCPDECLINE: 0 BOOTPREQUEST: 0 DHCP packets sent to clients: 0 DHCPOFFER:
vpn-instance vpn-instance-name: Clears the relay entry for the specified IP address in the specified MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31 characters. If you do not specify any VPN instance, the command clears the relay entry in the public network. Usage guidelines If you do not specify any parameters, this command clears all relay entries on the DHCP relay agent. Examples # Clear all relay entries on the DHCP relay agent.
Views System view Predefined user roles network-admin Usage guidelines DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply, which makes the client unable to use the IP address assigned by the server. HP recommends that you disable duplicate address detection when ARP attacks exist on the network. Examples # Disable the duplicate address.
Syntax dhcp client identifier { ascii string | hex string | mac interface-type interface-number } undo dhcp client identifier Default An interface generates the DHCP client ID based on its MAC address. If the interface has no MAC address, it uses the MAC address of the first Ethernet interface to generate its client ID. Views Interface view Predefined user roles network-admin Parameters ascii string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID.
Parameters verbose: Displays verbose DHCP client information. interface interface-type interface-number: Specifies an interface by its type and number. Usage guidelines If you do not specify any interface, the command displays DHCP client information about all interfaces. Examples # Display DHCP client information about all interfaces. display dhcp client Vlan-interface10 DHCP client information: Current state: BOUND Allocated IP: 40.1.1.20 255.255.255.
Field Description Current state of the DHCP client: • HALT—The client stops applying for an IP address. • INIT—The initialization state. • SELECTING—The client has sent out a DHCP-DISCOVER message in search for a DHCP server and is waiting for the response from DHCP servers. Current state • REQUESTING—The client has sent out a DHCP-REQUEST message requesting for an IP address and is waiting for the response from DHCP servers.
• ip address dhcp-alloc ip address dhcp-alloc Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition. Use undo ip address dhcp-alloc to cancel an interface from using DHCP. Syntax ip address dhcp-alloc undo ip address dhcp-alloc Default An interface does not use DHCP for IP address acquisition.
dhcp snooping binding database filename Use dhcp snooping binding database filename to specify a database file to store DHCP snooping entries. Use undo dhcp snooping binding database filename to restore the default. Syntax dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } key ] ] } undo dhcp snooping binding database filename Default No file is specified.
• If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[1::1]/database.dhcp. • You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp. Examples # Specify the file database.dhcp to store DHCP snooping entries. system-view [Sysname] dhcp snooping binding database filename database.dhcp # Save DHCP snooping entries to file database.
Examples # Set the device to wait 600 seconds to update the database file. system-view [Sysname] dhcp snooping binding database update interval 600 Related commands dhcp snooping binding database filename dhcp snooping binding database update now Use dhcp snooping binding database update now to manually save DHCP snooping entries to the database file.
Usage guidelines This command enables DHCP snooping on the port directly connecting to the clients to record client information in DHCP snooping entries. Examples # Enable recording of client information in DHCP snooping entries. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] dhcp snooping binding record dhcp snooping check mac-address Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.
Default This function is disabled. Views Layer 2 Ethernet interface view Predefined user roles network-admin Usage guidelines DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This function prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server. With this function enabled, DHCP snooping looks for a matching DHCP snooping entry for each received DHCP-REQUEST message.
Examples # Enable DHCP snooping. system-view [Sysname] dhcp snooping enable dhcp snooping information circuit-id Use dhcp snooping information circuit-id to configure the padding content and code type for the Circuit ID sub-option. Use undo dhcp snooping information circuit-id to restore the default.
• user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. The padding format for the specified character string is always ASCII regardless of the specified padding format. format: Specifies the code type for the Circuit ID sub-option. ascii: Specifies the ASCII code type. hex: Specifies the hex code type. Usage guidelines The Circuit ID sub-option cannot carry information about interface splitting or subinterfaces.
dhcp snooping information enable Use dhcp snooping information enable to enable DHCP snooping to support Option 82. Use undo dhcp snooping information enable to disable this function. Syntax dhcp snooping information enable undo dhcp snooping information enable Default DHCP snooping does not support Option 82.
Default The padding format is normal and the code type is hex. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters vlan vlan-id: Specifies the VLAN ID as the Remote ID sub-option. string remote-id: Specifies the character string as the Remote ID sub-option, a case-sensitive string of 1 to 63 characters. sysname: Specifies the device name as the Remote ID sub-option. You can configure the device name by using the sysname command in system view.
undo dhcp snooping information strategy Default The handling strategy for Option 82 in request messages is replace. Views Layer 2 Ethernet interface view Predefined user roles network-admin Parameters drop: Drops DHCP messages that contain Option 82. keep: Keeps the original Option 82 intact. replace: Replaces the original Option 82 with the configured Option 82. Usage guidelines This command takes effect only on DHCP requests that contain Option 82.
Parameters number: Specifies the maximum number of DHCP snooping entries for an interface to learn. The value range is 1 to 4294967295. Examples # Set the maximum number of DHCP snooping entries for the Layer 2 Ethernet interface GigabitEthernet 2/1/1 to learn to 1000. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] dhcp snooping max-learning-num 1000 dhcp snooping trust Use dhcp snooping trust to configure a port as a trusted port.
Predefined user roles network-admin network-operator Parameters ip ip-address: Displays the DHCP snooping entry for the specified IP address. vlan vlan-id: Specifies the VLAN ID where the IP address resides. Usage guidelines If you do not specify any parameters, the command displays all DHCP snooping entries. Examples # Display all DHCP snooping entries.
Views Any view Predefined user roles network-admin network-operator Examples # Display information about the database file that stores DHCP snooping entries. display dhcp snooping binding database File name : Username : database.dhcp Password : Update interval : 600 seconds Latest write time : Feb 27 18:48:04 2012 Status : Last write succeeded. Table 18 Command output Field Description File name Name of the database file that stores the DHCP snooping entries.
interface interface-type interface-number: Specifies an interface by its type and number. Examples # Display Option 82 configuration on all interfaces. display dhcp snooping information all Interface: Bridge-Aggregation1 Status: Disable Strategy: Drop Circuit ID: Padding format: User Defined User defined: abcd Format: ASCII Remote ID: Padding format: Normal Format: ASCII VLAN 10: Circuit ID: abcd Remote ID: company Table 19 Command output Field Description Interface Interface name.
display dhcp snooping packet statistics MSR4000: display dhcp snooping packet statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by the slot number. (MSR4000.) Usage guidelines If you do not specify the slot slot-number option, this command displays DHCP packet statistics for the card where the command is executed on an MSR4000. Examples # Display DHCP packet statistics for DHCP snooping.
Related commands dhcp snooping trust reset dhcp snooping binding Use reset dhcp snooping binding to clear DHCP snooping entries. Syntax reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] } Views User view Predefined user roles network-admin Parameters all: Clears all DHCP snooping entries. ip ip-address: Clears the DHCP snooping entry for the specified IP address. vlan vlan-id: Clears DHCP snooping entries for the specified VLAN.
Usage guidelines If you do not specify the slot slot-number option, this command clears DHCP packet statistics for the card where the command is executed on an MSR4000. Examples # Clear DHCP packet statistics for DHCP snooping. reset dhcp snooping packet statistics Related commands display dhcp snooping packet statistics BOOTP client commands display bootp client Use display bootp client to display information about a BOOTP client.
Field Description Transaction ID Value of the XID field in a BOOTP message, which is a random number chosen when the BOOTP client sends a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server. If the values of the XID field are different in the BOOTP response and request, the BOOTP client drops the BOOTP response. Mac Address MAC address of a BOOTP client.
DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If you do not specify this keyword, the command displays the statically configured and dynamically obtained domain name suffixes.
display dns host Use display dns host to display information about domain name-to-IP address mappings. Syntax display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ] Views Any view Predefined user roles network-admin network-operator Parameters ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address.
Field Description Time in seconds that a mapping can be stored in the cache. TTL For a static mapping, a hyphen (-) is displayed. Query type Query type, type A or type AAAA. Replied IP address: • For type A query, the replied IP address is an IPv4 address. • For type AAAA query, the replied IP address is an IPv6 address. IP addresses Related commands • ip host • ipv6 host • reset dns host display dns server Use display dns server to display IPv4 DNS server information.
Table 23 Command output Field Description No. Sequence number. DNS server type: Type • S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IP address IPv4 address of the DNS server. Related commands dns server display ipv6 dns server Use display ipv6 dns server to display IPv6 DNS server information.
Field Description DNS server type: Type • S—A manually configured DNS server. • D—DNS server information dynamically obtained through DHCP or other protocols. IPv6 address IPv6 address of the DNS server. Outgoing Interface Output interface. Related commands ipv6 dns server dns domain Use dns domain to configure a domain name suffix. Use undo dns domain to delete the specified domain name suffix.
system-view [Sysname] dns domain com Related commands display dns domain dns dscp Use dns dscp to set the DSCP value for DNS packets sent by a DNS client or DNS proxy. Use undo dns dscp to restore the default. Syntax dns dscp dscp-value undo dns dscp Default The DSCP value in DNS packets is 0. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for outgoing DNS packets, in the range of 0 to 63.
Predefined user roles network-admin Usage guidelines This configuration applies to both IPv4 DNS and IPv6 DNS. Examples # Enable DNS proxy. system-view [Sysname] dns proxy enable dns server Use dns server to specify an IPv4 address of a DNS server. Use undo dns server to remove the specified IPv4 address of a DNS server. Syntax dns server ip-address [ vpn-instance vpn-instance-name ] undo dns server [ ip-address ] [ vpn-instance vpn-instance-name ] Default No DNS server is specified.
dns source-interface Use dns source-interface to specify the source interface for DNS packets. Use undo dns source-interface to restore the default. Syntax dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] undo dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ] Default No source interface for DNS packets is specified.
undo dns spoofing ip-address [ vpn-instance vpn-instance-name ] Default DNS spoofing is disabled. Views System view Predefined user roles network-admin Parameters ip-address: Specifies the IPv4 address used to spoof name query requests. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. To enable DNS spoofing function on the public network, do not use this option.
Predefined user roles network-admin Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address.
Usage guidelines You can configure the following: • Host name-to-IPv4 address mappings for the public network and up to 1024 VPNs. • A maximum of 1024 host name-to-IPv4 address mappings for the public network or each VPN. On the public network or a VPN, each host name maps to only one IPv4 address. If you use the command multiple times, the most recent configuration takes effect.
ipv6 dns server Use ipv6 dns server to specify a DNS server IPv6 address. Use undo ipv6 dns server to remove the specified DNS server IPv6 address. If you do not specify any IPv6 address, the undo ipv6 dns server command removes all DNS server IPv6 addresses on the public network or the specified VPN.
Syntax ipv6 dns spoofing ipv6-address [ vpn-instance vpn-instance-name ] undo ipv6 dns spoofing ipv6-address [ vpn-instance vpn-instance-name ] Default DNS spoofing is disabled. Views System view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address used to spoof name query requests. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters.
Views System view Predefined user roles network-admin Parameters host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include letters, digits, hyphens (-), underscores (_), and dots (.). ipv6-address: Specifies the IPv6 address of the host. vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. To create a host name-to-IPv6 address mapping on the public network, do not use this option.
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a case-sensitive string of 1 to 31 characters. If you do not specify any VPN, the command clears the domain name-to-IPv6 address mapping on the public network. Usage guidelines If you do not specify the ip or ipv6 keyword, the reset dns host command without the ip and ipv6 keywords clears dynamic DNS cache information about all query types.
DDNS commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update.
ddns dscp Use ddns dscp to set the DSCP value for outgoing DDNS packets. Use undo ddns dscp to restore the default. Syntax ddns dscp dscp-value undo ddns dscp Default The DSCP value for outgoing DDNS packets is 0. Views System view Predefined user roles network-admin Parameters dscp-value: Sets the DSCP value for outgoing DDNS packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet.
Usage guidelines You can create up to 16 DDNS policies on the device. Examples # Create a DDNS policy steven_policy and enter its view. system-view [Sysname] ddns policy steven_policy Related commands • ddns apply policy • display ddns policy display ddns policy Use display ddns policy to display information about DDNS policies.
Interval : 0 days 0 hours 30 minutes DDNS policy: tom-policy URL : http://members.3322.org/dyndns/update?system= Username : Password : Method : GET dyndns&hostname=&myip= SSL client policy: Interval : 0 days 0 hours 15 minutes DDNS policy: u-policy URL : oray://phservice2.oray.net Username : username Password : Method : - SSL client policy: Interval : 0 days 0 hours 15 minutes Table 25 Command output Field Description DDNS policy DDNS policy name.
Default The DDNS update request interval is one hour. Views DDNS policy view Predefined user roles network-admin Parameters days: Days in the range of 0 to 365. hours: Hours in the range of 0 to 23. minutes: Minutes in the range of 0 to 59. Usage guidelines A DDNS update request is initiated immediately after the primary IP address of the interface changes or the link state of the interface changes from down to up.
Views DDNS policy view Predefined user roles network-admin Parameters http-get: Uses the get operation. http-post: Uses the post operation. Usage guidelines This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS service, choose a parameter transmission method compatible with the DDNS server. For example, a DHS server supports the http-post method.
password: Specifies a case-sensitive password string. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters. Usage guidelines For security purposes, all passwords, including passwords configured in plain text, are saved in ciphertext. Examples # Specify the login password as nevets to be included in the URL address for update requests of DDNS policy steven_policy.
[Sysname-ddns-policy-steven_policy] ssl-client-policy ssl_policy Related commands • ddns policy • display ddns policy • ssl-client-policy (Security Command Reference) url Use url to specify the URL address for DDNS update requests. Use undo url to delete the URL address. Syntax url request-url undo url Default No URL address is specified for DDNS update requests.
DDNS server URL addresses for DDNS update requests DHS http://members.dhs.org/nic/hosts?domain=dyn.dhs.org&hostname=&hostscmd =edit&hostscmdstage=2&type=1&ip= HP https://server-name/nic/update?group=group-name&myip= ODS ods://update.ods.org GNUDIP gnudip://server-name PeanutHull oray://phservice2.oray.net No username or password is included in the URL address. To configure the username and password, use the username command and the password command.
[Sysname-ddns-policy-steven_policy] url http:// members.3322.org/dyndns/update?system=dyndns&hostname=&myip= Related commands • ddns policy • display ddns policy • password • username username Use username to specify the username to be included in the URL address for DDNS update requests. Use undo username to remove the username. Syntax username username undo username Default No username is specified for the URL address.
NAT commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. address Use address to add a member to a NAT address group. A group member specifies an address pool. Use undo address to remove a group member from a NAT address group. Syntax address start-address end-address undo address start-address end-address Default No address group member exists.
Use undo block-size to restore the default. Syntax block-size block-size undo block-size Default The port block size is 256. Views NAT port block group view Predefined user roles network-admin Parameters block-size: Sets the number of ports for a port block. The value range is 1 to 65535. Usage guidelines When you set a port block size, make sure the port block size is not larger than the number of ports in the port range. Examples # Set the port block size to 1024 for port block group 1.
Address group 2: Address information: Start address End address 202.110.10.20 202.110.10.25 202.110.10.30 202.110.10.35 Address group 3: Port range: 1024-65535 Address information: Start address End address 202.110.10.40 202.110.10.50 Address group 4: Port range: 10001-65535 Port block size: 500 Extended block number: 1 Address information: Start address End address 202.110.10.60 202.110.10.
NAT outbound information: There are 2 NAT outbound rules. Interface: GigabitEthernet2/1/1 ACL: 2036 Address group: 1 NO-PAT: N Reversible: N Port-preserved: Y Interface: GigabitEthernet2/1/1 ACL: 2037 Address group: --- NO-PAT: Y Reversible: Y Port-preserved: N VPN instance: vpn_nat NAT internal server information: There are 4 internal servers. Interface: GigabitEthernet2/1/3 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23 Local IP/port : 192.168.10.
Local VPN : vpn1 ACL : 2000 Reversible: Y IP-to-IP: Global IP : 5.5.5.5 Local IP : 4.4.4.4 Global VPN: vpn2 Local VPN : vpn1 ACL : 2000 Reversible: Y There are 2 outbound static NAT mappings. Net-to-net: Local IP : 1.1.1.1 - 1.1.1.255 Global IP : 2.2.2.0 Netmask : 255.255.255.0 Local VPN : vpn1 Global VPN: vpn2 ACL : 2000 Reversible: Y IP-to-IP: Local IP : 4.4.4.4 Global IP : 5.5.5.
Port-block-withdraw : Disabled Alarm : Disabled NAT hairpinning: There are 2 interfaces enabled with NAT hairpinning.
Start address End address VPN instance 10.1.1.1 10.1.10.255 vpnb Global IP pool information: Start address End address 202.10.10.101 202.10.10.120 Port block group 3: Port range: 1-65535 Block size: 256 Local IP address information: Start address End address VPN instance --- --- --- Global IP pool information: Start address End address --- --- NAT outbound port block group information: There are 2 outbound port block group items.
Field Description NAT mapping behavior Mapping behavior mode of PAT: Endpoint-Independent or Address and Port-Dependent. ACL ACL number. If no ACL is used for NAT, this field displays hyphens (---). NAT ALG NAT with ALG configuration for different protocols. NAT port block group information Configuration information about NAT port block groups. See Table 37 for output description. NAT outbound port block group information Information about port block group application.
202.110.10.40 202.110.10.50 Address group 4: Port range: 10001-65535 Port block size: 500 Extended block number: 1 Address information: Start address End address 202.110.10.60 202.110.10.65 Address group 6: Address information: Start address End address --- --- # Display information about NAT address group 1. display nat address-group 1 Address group 1: Address information: Start address End address 202.110.10.10 202.110.10.
Views Any view Predefined user roles network-admin network-operator Examples # Display NAT with DNS mapping configuration. display nat dns-map NAT DNS mapping information: There are 1 NAT DNS mappings. Domain name: www.server.com Global IP : 6.6.6.6 Global port: 23 Protocol : TCP(6) Table 29 Command output Field Description NAT DNS mapping information Information about NAT with DNS mappings. Domain-name Domain name of the internal server. Public IP address of the internal server.
Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify any card, this command displays EIM entry information for all cards. (MSR4000.) Usage guidelines A NAT device with PAT EIM configured does the following: • First creates a NAT session entry. • Then creates an EIM entry for recording the mapping between an internal address/port and a NAT address/port.
Table 30 Command output Field Description Local IP/port Private IP address and port number. Global IP/port Public IP address and port number. Local VPN MPLS L3VPN instance to which the private IP address belongs. If no VPN is specified, this field is not displayed. Global VPN MPLS L3VPN instance to which the public IP address belongs. If no VPN is specified, this field is not displayed. Protocol Protocol type and number. Total entries found Total number of EIM entries.
Field Description Address group NAT address group used by inbound dynamic NAT rule. If no NAT address group is used, the field displays hyphens (---). Add route Whether to add a route when a packet matches the inbound dynamic NAT rule. Whether NO-PAT or PAT is used: NO-PAT • Y—NO-PAT is used. • N—PAT is used. Reversible Whether reverse address translation is allowed. VPN instance MPLS L3VPN instance to which the NAT address group belongs.
Field Description Flow-begin Whether logging is enabled for NAT session establishment events. Flow-end Whether logging is enabled for NAT session removal events. Flow-active Whether logging is enabled for active NAT flows. If it is, this field also displays the interval in minutes at which active flow logging is generated. Port-block-assign Whether logging is enabled for NAT444 port block assignment. Port-block-withdraw Whether logging is enabled for NAT444 port block withdrawal.
The destination IP address of the packets of a connection originating from the reverse direction to the NAT address can be translated based on the existing NO-PAT entry. • Outbound and inbound NO-PAT address translations create their own NO-PAT tables. These two types of tables are displayed separately. Examples # (MSR2000/MSR3000.) Display information about NO-PAT entries for all cards. display nat no-pat Global IP: 200.100.1.100 Local IP: 192.168.100.
Field Description Type of the NO-PAT entry: Type • Inbound—NO-PAT entries are created during inbound dynamic NAT. • Outbound—NO-PAT entries are created during outbound dynamic NAT. Total entries found Total number of NO-PAT entries. Related commands • nat inbound • nat outbound display nat outbound Use display nat outbound to display information about outbound dynamic NAT.
Field Description Port-preserved Whether to try to preserve the port numbers for PAT. Whether NO-PAT is used: NO-PAT • Y—NO-PAT is used. • N—PAT is used. Reversible Whether reverse address translation is allowed. VPN instance MPLS L3VPN instance to which the NAT address group belongs. If the group does not belong to any VPN instance, the field is not displayed.
display nat port-block Use display nat port-block to display NAT444 mappings. Syntax MSR2000/MSR3000: display nat port-block { dynamic | static } MSR4000: display nat port-block { dynamic | static } [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters dynamic: Displays dynamic NAT444 mappings. static: Displays static NAT444 mappings. slot slot-number: Specifies a card by its slot number.
Field Description Port block Port block defined by a start port and an end port. Connections Number of connections established by using the ports in the port block. display nat port-block-group Use display nat port-block-group to display information about NAT port block groups. Syntax display nat port-block-group [ group-number ] Views Any view Predefined user roles network-admin network-operator Parameters group-number: Specifies the ID of a port block group. The value range is 0 to 65535.
202.10.10.101 202.10.10.120 Port block group 3: Port range: 1-65535 Block size: 256 Local IP address information: Start address End address VPN instance --- --- --- Global IP pool information: Start address End address --- --- # Display information about port block group 1. display nat port-block-group 1 Port block group 1: Port range: 1-65535 Block size: 256 Local IP address information: Start address End address VPN instance 172.16.1.1 172.16.1.254 --- 192.168.1.1 192.168.1.
display nat server Use display nat server to display NAT Server configuration. Syntax display nat server Views Any view Predefined user roles network-admin network-operator Examples # Display NAT Server configuration. display nat server NAT internal server information: There are 4 internal servers. Interface: GigabitEthernet2/1/3 Protocol: 6(TCP) Global IP/port: 50.1.1.1/23 Local IP/port : 192.168.10.15/23 Interface: GigabitEthernet2/1/4 Protocol: 6(TCP) Global IP/port: 50.1.1.
Table 38 Command output Field Description NAT internal server information Information about NAT Server configuration. Interface Interface where NAT Server is configured. Protocol Protocol number and type of the internal server. External IP address and port number of the internal server. • Global IP—A single IP address or an address pool of consecutive addresses. If you use Easy IP, this field displays the address of the specified interface.
Examples # Display configuration about all internal server groups. display nat server-group NAT server group information: There are 3 NAT server groups. Group Number Inside IP Port Weight 1 192.168.0.26 23 100 192.168.0.27 23 500 2 --- --- --- 3 192.168.0.26 69 100 # Display configuration about the specified internal server group. display nat server-group 1 Group Number Inside IP Port Weight 1 192.168.0.26 23 100 192.168.0.
Predefined user roles network-admin network-operator Parameters source-ip source-ip: Displays NAT sessions for the source IP address specified by the source-ip argument. The IP address must be the real source IP address of the packet that triggers the session establishment. destination-ip destination-ip: Displays NAT sessions for the destination IP address specified by the destination-ip argument. The IP address must be the destination IP address of the packet that triggers the session establishment.
display nat session verbose slot 1 Slot 1: Initiator: Source IP/port: 192.168.1.18/1877 Destination IP/port: 192.168.1.55/22 DS-Lite tunnel peer: VPN instance/VLAN ID/VLL ID: -/-/Protocol: TCP(6) Responder: Source IP/port: 192.168.1.55/22 Destination IP/port: 192.168.1.
Field Description Total sessions found Total number of session tables. Related commands reset nat session display nat static Use display nat static to display static NAT mappings. Syntax display nat static Views Any view Predefined user roles network-admin network-operator Examples # Display static NAT mappings. display nat static Static NAT mappings: There are 2 inbound static NAT mappings. Net-to-net: Global IP : 1.1.1.1 - 1.1.1.255 Local IP : 2.2.2.0 Netmask : 255.255.255.
Global VPN: vpn2 ACL : 2000 Reversible: Y IP-to-IP: Local IP : 4.4.4.4 Global IP : 5.5.5.5 Local VPN : vpn1 Global VPN: vpn2 ACL: : 2001 Reversible: Y Interfaces enabled with static NAT: There are 2 interfaces enabled with static NAT. Interface: GigabitEthernet2/1/2 GigabitEthernet2/1/3 Table 41 Command output Field Description Net-to-net Net-to-net static NAT mapping. IP-to-IP One-to-one static NAT mapping. Local IP Internal IP address or address pool.
MSR4000: display nat statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. If you do not specify any card, this command displays NAT statistics for all cards. (MSR4000.) Examples # Display all NAT statistics.
Syntax global-ip-pool start-address end-address undo global-ip-pool start-address Default No public IP address member exists in the NAT port block group. Views NAT port block group view Predefined user roles network-admin Parameters start-address end-address: Specifies the start IP address and end IP address of a public IP address member. The end IP address cannot be smaller than the start IP address. If the start and end IP addresses are the same, you specifies only one public IP address.
Parameters inside-ip: Specifies the IP address of an internal server. port port-number: Specifies the port number of an internal server, in the range of 1 to 65535, excluding FTP port 20. weight weight-value: Specifies the weight of the internal server. The value range is 1 to 1000, and the default value is 100. An internal server with a larger weight receives a larger percentage of connections in the internal server group. Examples # Add a member with IP address 10.1.1.
Examples # Add a private IP address member to the port block group 1. The private IP address member consists of IP addresses from 172.16.1.1 to 172.16.1.255 on VPN instance vpn1. system-view [Sysname] nat port-block-group 1 [Sysname-nat-port-block-group-1] local-ip-address 172.16.1.1 172.16.1.255 vpn-instance vpn1 Related commands nat port-block-group nat address-group Use nat address-group to create a NAT address group and enter its view.
nat alg Use nat alg to enable NAT with ALG for the specified or all supported protocols. Use undo nat alg to disable NAT with ALG for the specified or all protocols. Syntax nat alg { all | dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp } undo nat alg { all | dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet |tftp | xdmcp } Default NAT ALG for all protocols is enabled.
example, an FTP application involves both data connection and control connection. The data connection establishment dynamically depends on the payload information for the control connection. Examples # Enable NAT with ALG for FTP. system-view [Sysname] nat alg ftp Related commands display nat all nat dns-map Use nat dns-map to map the domain name of an internal server to the public IP address, public port number, and protocol type of the server.
server. NAT Server maps the public IP and port to the private IP and port of the internal server. This allows an internal host to access an internal server on the same private network by using the domain name of the internal server when the DNS server is on the public network. You can configure multiple NAT with DNS mappings. Examples # Configure a NAT with DNS mapping between the domain name www.server.com, the public IP address 202.112.0.1, and the public port number 12345.
nat inbound Use nat inbound to configure an inbound dynamic NAT rule on an interface. Use undo nat inbound to remove the specified inbound dynamic NAT rule. Syntax nat inbound acl-number address-group group-number [ vpn-instance vpn-instance-name ] [ no-pat [ reversible ] [ add-route ] ] undo nat inbound acl-number Default No inbound dynamic NAT rule is configured. Views Interface view Predefined user roles network-admin Parameters acl-number: Specifies an ACL number in the range of 2000 to 3999.
An address group cannot be used by both the nat inbound and nat outbound commands. It cannot be used by the nat inbound command in both PAT and NO-PAT modes. An ACL can be used by only one inbound dynamic NAT rule an interface. You can configure multiple inbound dynamic NAT rules on an interface. Examples # Configure ACL 2001, and create a rule to permit packets only from segment 10.110.10.0/24 in VPN vpn10 to pass through.
Predefined user roles network-admin Usage guidelines Enable NAT logging before you enable NAT444 alarm logging. The alarm logs are informational. The NAT444 gateway generates alarm logs in the following situations: • The ports in the mapped port block of a static NAT444 mapping are all occupied. • The ports in the mapped port blocks (including extended ones) of a dynamic NAT444 mapping are all occupied. • The public IP addresses or port blocks for dynamic NAT444 mappings are all assigned.
The acl acl-number option takes effect only for NAT session logging. With an ACL specified, only flows matching the permit rule can trigger NAT session logs. If you do not specify an ACL, all flows processed by NAT might trigger NAT session logs. Examples # Enable NAT logging.
Related commands • display nat all • display nat log • nat log enable nat log flow-begin Use nat log flow-begin to enable logging for NAT session establishment events. When a NAT session is established, this command outputs a NAT log. Use undo nat log flow-begin to disable logging for NAT session establishment events. Syntax nat log flow-begin undo nat log flow-begin Default Logging for NAT session establishment events is disabled.
Views System view Predefined user roles network-admin Usage guidelines Logging for NAT session removal events takes effect only after you enable NAT logging. Examples # Enable logging for NAT session removal events. system-view [Sysname] nat log flow-end Related commands • display nat all • display nat log • nat log enable nat log port-block-assign Use nat log port-block-assign to enable NAT444 user logging for port block assignment.
Related commands • display nat all • display nat log • nat log enable nat log port-block-withdraw Use nat log port-block-withdraw to enable NAT444 user logging for port block withdrawal. Use undo nat log port-block-withdraw to disable NAT444 user logging for port block withdrawal. Syntax nat log port-block-withdraw undo nat log port-block-withdraw Default NAT444 user logging is disabled for port block withdrawal.
Syntax nat mapping-behavior endpoint-independent [ acl acl-number ] undo nat mapping-behavior endpoint-independent Default Address and Port-Dependent Mapping applies. Views System view Predefined user roles network-admin Parameters acl acl-number: Specifies an ACL number in the range of 2000 to 3999. Applies the NAT mapping behavior to packets that are permitted by the ACL. If you do not specify any ACL, the Endpoint-Independent Mapping applies to all packets.
nat outbound Use nat outbound to configure outbound dynamic NAT on an interface. Use undo nat outbound to disable outbound dynamic NAT. Syntax NO-PAT: nat outbound [ acl-number ] address-group group-number [ vpn-instance vpn-instance-name ] no-pat [ reversible ] undo nat outbound [ acl-number ] PAT: nat outbound [ acl-number ] [ address-group group-number ] [ vpn-instance vpn-instance-name ] [ port-preserved ] undo nat outbound [ acl-number ] Default No outbound dynamic NAT rule is configured.
An address group cannot be used by both the nat inbound and nat outbound commands. It cannot be used by the nat outbound command in both PAT and NO-PAT modes. An ACL can be used by only one outbound dynamic NAT rule an interface. You can configure multiple outbound dynamic NAT rules on an interface. Outbound dynamic NAT rules with ACLs configured on an interface takes precedence over those without ACLs. An outbound dynamic NAT rule with a high ACL number takes effect over that with a low ACL number.
• display nat outbound • nat mapping-behavior nat outbound port-block-group Use nat outbound port-block-group to apply a port block group to the outbound direction of an interface. Use undo nat outbound port-block-group to remove a port block group application. Syntax nat outbound port-block-group group-number undo nat outbound port-block-group group-number Default No port block group is applied to an interface.
Syntax nat port-block-group group-number undo nat port-block-group group-number Default No port block group exists. Views System view Predefined user roles network-admin Parameters group-number: Assigns an ID to the NAT port block group. The value range for this argument is 0 to 65535. Usage guidelines A port block group is configured to implement static NAT444. The port block group configuration takes effect after you apply it to an interface by using the nat outbound port-block-group command.
Syntax Common internal server: • A single external address with no or a single external port: nat server protocol pro-type global { global-address | current-interface | interface interface-type interface-number } [ global-port ] [ vpn-instance global-name ] inside local-address [ local-port ] [ vpn-instance local-name ] [ acl acl-number ] undo nat server protocol pro-type global { global-address | current-interface | interface interface-type interface-number } [ global-port ] [ vpn-instance global-name ]
Parameters protocol pro-type: Specifies a protocol type. If the protocol is not TCP or UDP, NAT Server is configured without port information. The protocol type format can be one of the following: • A number in the range of 1 to 255. • A protocol name of icmp, tcp, or udp. global-address: Specifies the external address of an internal server. global-address1 global address2: Specifies an external address pool, which can include a maximum number of 255 addresses.
Usage guidelines You can configure the NAT Server feature to allow internal servers (such as Web, FTP, Telnet, POP3, and DNS servers) in the internal network or an MPLS VPN instance to provide services for external users. NAT Server is usually configured on the interface that connects the external network on a NAT device. By using the global-address and global-port arguments, external users can access the internal server at local-address and local-port.
Examples # Allow external users to access the internal Web server at 10.110.10.10 on the LAN through http://202.110.10.10:8080. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] nat server protocol tcp global 202.110.10.10 8080 inside 10.110.10.10 http # Allow external users to access the internal FTP server at 10.110.10.11 in MPLS VPN vrf10 through ftp://202.110.10.10.
Parameters group-number: Assigns an ID to the internal server group, in the range of 0 to 65535. Usage guidelines An internal server group can contain multiple members configured by the inside ip command. Examples # Create internal server group 1. system-view [Sysname] nat server-group 1 Related commands • display nat all • display nat server-group • inside ip • nat server nat static enable Use nat static enable to enable static NAT on an interface.
• nat static net-to-net nat static inbound Use nat static inbound to configure a one-to-one mapping for inbound static NAT. Use undo nat static inbound to remove a one-to-one mapping for inbound static NAT. Syntax nat static inbound global-ip [ vpn-instance global-name ] local-ip [ vpn-instance local-name ] [ acl acl-number [ reversible ] ] undo nat static inbound global-ip [ vpn-instance global-name ] Default No NAT mapping exists.
You can configure multiple inbound static NAT mappings by using the nat static inbound command and the nat static inbound net-to-net command. Examples # Configure an inbound static NAT mapping between external IP address 2.2.2.2 and internal IP address 192.168.1.1. system-view [Sysname] nat static inbound 2.2.2.2 192.168.1.
reversible: Translates the destination address of a packet that originates from internal hosts to the external host if the packet is permitted by ACL reverse matching. Usage guidelines You can specify an external network through a start address and an end address, and an internal network through an external address and a mask. An external end address cannot be greater than the greatest IP address in the network segment determined by an external start address and an internal network mask.
Default No NAT mapping exists. Views System view Predefined user roles network-admin Parameters local-ip: Specifies an internal IP address. vpn-instance local-name: Specifies the MPLS L3VPN instance to which an internal IP address belongs. The local-name argument is a case-sensitive string of 1 to 31 characters. To specify a public IP address, do not use this parameter. global-ip: Specifies an external IP address.
[Sysname-acl-adv-3001] rule permit ip destination 3.3.3.0 0.0.0.255 [Sysname-acl-adv-3001] quit [Sysname] nat static outbound 192.168.1.1 2.2.2.2 acl 3001 Related commands • display nat all • display nat static • nat static enable nat static outbound net-to-net Use nat static outbound net-to-net to configure a net-to-net outbound static NAT mapping. Use undo nat static outbound net-to-net to remove the specified net-to-net outbound static NAT mapping.
When the source IP address of a packet from the private network matches the internal NAT address pool, the source IP address is translated into a public address in the external NAT address pool. When the destination IP address of a packet from the public network matches the external NAT address pool, the destination IP address is translated into a private address in the internal NAT address pool.
Views NAT address group view Predefined user roles network-admin Parameters block-size block-size: Sets the port block size. The value range for this argument is 1 to 65535. In a NAT address group, the port block size cannot be larger than the number of ports in the port range. extended-block-number extended-block-number: Specifies the number of extended port blocks, in the range of 1 to 5.
Usage guidelines The port range must include all ports that a public IP address uses for address translation. The number of ports in a port range cannot be smaller than the port block size. Examples # Specify the port range as 1024 to 65535 for NAT address group 1. system-view [Sysname] nat address-group 1 [Sysname-nat-address-group-1] port-range 1024 65535 # Specify the port range as 30001 to 65535 for NAT port block group 1.
Related commands display nat session 185
Basic IP forwarding commands display fib Use display fib to display FIB entries. Syntax display fib [ topology topo-name | vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ] Views Any view Predefined user roles network-admin network-operator Parameters topology topo-name: Displays the FIB table for the specified topology. The topo-name argument is a case-sensitive string of 1 to 31 characters. To specify a public topology, use base as the topology name.
Destination/Mask Nexthop Flag OutInterface/Token Label 0.0.0.0/32 127.0.0.1 UH InLoop0 Null 127.0.0.0/8 127.0.0.1 U InLoop0 Null 127.0.0.0/32 127.0.0.1 UH InLoop0 Null 127.0.0.1/32 127.0.0.1 UH InLoop0 Null 127.255.255.255/32 127.0.0.1 UH InLoop0 Null 224.0.0.0/4 0.0.0.0 UB NULL0 Null 224.0.0.0/24 0.0.0.0 UB NULL0 Null UH InLoop0 Null 255.255.255.255/32 127.0.0.1 # Display all FIB entries of the public network.
U:Useable G:Gateway R:Relay F:FRR H:Host B:Blackhole D:Dynamic S:Static Destination/Mask Nexthop Flag OutInterface/Token Label 10.2.1.1/32 127.0.0.1 UH InLoop0 Null Table 44 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of FIB entries. Destination/Mask Destination address/mask length. Nexthop Next hop address. Flags of routes: Flag • • • • • • • • U—Usable route. G—Gateway route. H—Host route.
Fast forwarding commands display ip fast-forwarding aging-time Use display ip fast-forwarding aging-time to display the aging time of fast forwarding entries. Syntax display ip fast-forwarding aging-time Views Any view Predefined user roles network-admin network-operator Examples # Display the aging time of fast forwarding entries.
Usage guidelines This command displays fast forwarding entries. Each entry includes the source IP address, source port number, destination IP address, destination port number, protocol number, input and output interfaces, and internal tag of a data flow. Examples # Display all fast forwarding entries. display ip fast-forwarding cache Total number of fast-forwarding entries: 3 SIP SPort DIP DPort Pro Input_If 7.0.0.13 68 8.0.0.1 67 17 GE2/1/3 Output_If GE2/1/1 Flg 5 8.0.0.1 67 7.0.0.
Views Any view Predefined user roles network-admin network-operator Parameters ip-address: Specifies an IP address. If you do not specify this argument, this command displays fast forwarding entries for all fragmented packets. slot slot-number: Specifies a card by the slot number. If you do not specify this option, this command displays fast forwarding entries for the fragmented packets on all cards. (MSR4000) Usage guidelines This command displays fast forwarding entries for fragmented packets.
ip fast-forwarding load-sharing Use ip fast-forwarding load-sharing to enable fast-forwarding load sharing. Use undo ip fast-forwarding load-sharing to disable fast-forwarding load sharing. Syntax ip fast-forwarding load-sharing undo ip fast-forwarding load-sharing Default Fast-forwarding load sharing is enabled.
Predefined user roles network-admin Parameters aging-time: Specifies the aging time for fast forwarding entries, in the range of 10 to 300 seconds. Examples # Set the aging time of fast forwarding entries to 20 seconds. system-view [Sysname] ip fast-forwarding aging-time 20 Related commands display ip fast-forwarding aging-time reset ip fast-forwarding cache Use reset ip fast-forwarding cache to clear fast forwarding table information.
Flow classification commands The following matrix shows the support of MSR routers for the flow classification commands: Hardware Command compatibility MSR2000 No MSR3000 Yes MSR4000 Yes forwarding policy Use forwarding policy to specify a flow classification policy. Use undo forwarding policy to restore the default. Syntax forwarding policy { per-flow | per-packet } undo forwarding policy Default The flow-based policy is used.
IPv4 adjacency table commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. display adjacent-table Use display adjacent-table to display IPv4 adjacency entries.
Link media type : P2P Slot : 2 Virtual circuit information : N/A Link head information(IP) : ff030021 Link head information(MPLS) : ff030281 # (MSR4000.) Display the IPv4 adjacency entries on the card in slot 2. display adjacent-table slot 2 IP address Routing interface Physical interface Type 0.0.0.0 Pos2/2/0 Pos2/20 PPP # (MSR4000.) Display the number of IPv4 adjacency entries on the card in slot 2.
IPv6 adjacency table commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. display ipv6 adjacent-table Use display ipv6 adjacent-table to display IPv6 adjacency entries.
Link media type : P2P Slot : 0 Virtual circuit information : N/A Link head information(IPv6) : ff030057 # (MSR4000.) Display the IPv6 adjacency entries on the card in slot 0. display ipv6 adjacent-table slot 0 IPv6 address Routing interface Physical interface Type N/A Pos2/2/0 Pos2/2/0 PPP # (MSR4000.) Display the total number of IPv6 adjacency entries on the card in slot 0.
IRDP commands ip irdp Use ip irdp to enable IRDP on an interface. Use undo ip irdp to disable IRDP on an interface. Syntax ip irdp undo ip irdp Default IRDP is disabled on an interface. Views Interface view Predefined user roles network-admin Usage guidelines After IRDP is enabled on an interface, the IRDP configuration takes effect, and the device sends RA messages out of the interface. Examples # Enable IRDP on GigabitEthernet 2/1/1.
Parameters ip-address: Specifies an IP address in dotted decimal notation. preference: Specifies the preference for the proxy-advertised IP address, in the range of –2147483648 to 2147483647. Usage guidelines You can specify a maximum of four proxy-advertised IP addresses on an interface. An RA sent on an interface includes the IP addresses of the interface and the proxy-advertised IP addresses.
[Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] ip irdp lifetime 2000 Related commands • ip irdp • ip irdp interval ip irdp interval Use ip irdp interval to set the maximum and minimum intervals for advertising RAs on an interface. Use undo ip irdp interval to restore the default.
ip irdp multicast Use ip irdp multicast to specify the multicast address 224.0.0.1 as the destination IP address of RAs sent on an interface. Use undo ip irdp multicast to restore the default. Syntax ip irdp multicast undo ip irdp multicast Default The destination IP address is 255.255.255.255. Views Interface view Predefined user roles network-admin Examples # Specify the multicast address 224.0.0.1 as the destination IP address for GigabitEthernet 2/1/1 to send RAs.
Parameters preference-value: Specifies the preference in the range of –2147483648 to 2147483647. A larger value represents a higher preference. To request that neighboring hosts do not use any advertised IP address as the default gateway, set the value to the minimum value (–2147483648). Examples # Specify preference 1 for IP addresses advertised on GigabitEthernet 2/1/1.
IP performance optimization commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. display icmp statistics Use display icmp statistics to display ICMP statistics.
time exceeded 0 bad address 0 packet error router advert 3 1442 display ip statistics Use display ip statistics to display IP packet statistics. Syntax MSR2000/MSR3000: display ip statistics MSR4000: display ip statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. (MSR4000) Usage guidelines IP statistics include information about received and sent packets and reassembly.
Field Output Fragment Reassembling Description bad options Total number of packets with incorrect option. forwarding Total number of packets forwarded. local Total number of packets locally sent. dropped Total number of packets discarded. no route Total number of packets for which no route is available. compress fails Total number of packets failed to be compressed. input Total number of fragments received. output Total number of fragments sent.
display rawip Local Addr Foreign Addr Protocol PCB 0.0.0.0 0.0.0.0 1 0x0000000000000009 0.0.0.0 0.0.0.0 1 0x0000000000000008 0.0.0.0 0.0.0.0 1 0x0000000000000002 # (MSR4000) Display brief information about RawIP connections. display rawip Local Addr Foreign Addr Protocol Slot CPU PCB 0.0.0.0 0.0.0.0 1 1 0 0x0000000000000009 0.0.0.0 0.0.0.0 1 1 0 0x0000000000000008 0.0.0.0 0.0.0.
Usage guidelines Use the display rawip verbose command to display detailed information about socket creator, state, option, type, protocol number, and the source and destination IP addresses of RawIP connections. Examples # Display detailed information about RawIP connections.
Field Description Displays send buffer information in the following order: Sending buffer (cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states. Socket type: • 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. Type • 2—SOCK_DGRAM.
Field Description IP version flags in the Internet PCB: • • • • • • Inpcb vflag INP_IPV4—IPv4 protocol. INP_TIMEWAIT—In TIMEWAIT state. INP_ONESBCAST—Sends broadcast packets. INP_DROPPED—Protocol dropped flag. INP_SOCKREF—Strong socket reference. INP_DONTBLOCK—Do not block synchronization of the Internet PCB. • N/A—None of the above flags. TTL TTL value in the Internet PCB. display tcp Use display tcp to display brief information about TCP connections.
Local Addr:port Foreign Addr:port State Slot CPU PCB 0.0.0.0:0 LISTEN 1 0 0x000000000000c387 192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 0 0x0000000000000009 192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 0 0x0000000000000002 *0.0.0.0:21 Table 52 Command output Field Description * Indicates the TCP connection uses MD5 authentication. Local Addr:port Local IP address and port number. Foreign Addr:port Peer IP address and port number. State TCP connection state.
checksum error: 0, offset error: 0, short error: 0 packets dropped for lack of memory: 0 packets dropped due to PAWS: 0 duplicate packets: 12 (36 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 0 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 3531 (795048 bytes) duplicate ACK packets: 33, ACK packets for unsent data: 0 Sent packets: Total: 4058 urgent packets: 0 control packets: 50 window probe packets: 3, window update packets: 11 data pack
fin_wait_2 timeout, so connections disconnected: 0 initiated connections: 29, accepted connections: 12, established connections: 23 closed connections: 50051 (dropped: 0, initiated dropped: 0) bad connection attempt: 0 ignored RSTs in the window: 0 listen queue overflows: 0 RTT updates: 3518(attempt segment: 3537) correct ACK header predictions: 0 correct data packet header predictions: 568 resends due to MTU discovery: 0 packets dropped with MD5 authentication: 0 packets permitted with MD5 authentication:
CPU: 0 Creator: bgpd[199] State: ISCONNECTED Options: N/A Error: 0 Receiving buffer(cc/hiwat/lowat/state): 0 / 65700 / 1 / N/A Sending buffer(cc/hiwat/lowat/state): 0 / 65700 / 512 / N/A Type: 1 Protocol: 6 Connection info: src = 192.168.20.200:179 , dst = 192.168.20.
Field Description Displays send buffer information in the following order: Sending buffer (cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states. Socket type: • 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. Type • 2—SOCK_DGRAM.
Field Description IP version flags in the Internet PCB: • • • • • • Inpcb vflag INP_IPV4—IPv4 protocol. INP_TIMEWAIT—In TIMEWAIT state. INP_ONESBCAST—Sends broadcast packets. INP_DROPPED—Protocol dropped flag. INP_SOCKREF—Strong socket reference. INP_DONTBLOCK—Do not block synchronization of the Internet PCB. • N/A—None of the above flags. TTL TTL value in the Internet PCB. State of the TCP connections. Between the parentheses is the role of the connection: NSR state • M—Main connection.
# (MSR4000) Display brief information about UDP connections. display udp Local Addr:port Foreign Addr:port Slot CPU PCB 0.0.0.0:69 0.0.0.0:0 1 0 0x0000000000000003 192.168.20.200:1024 192.168.20.14:69 5 0 0x0000000000000002 Table 54 Command output Field Description Local Addr:port Local IP address and port number. Foreign Addr:port Peer IP address and port number. Slot Slot number of the card. CPU CPU number. PCB PCB index.
Sent packets: Total: 0 Related commands reset udp statistics display udp verbose Use display udp verbose to display detailed information about UDP connections. Syntax MSR2000/MSR3000: display udp verbose [ pcb pcb-index ] MSR4000: display udp verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The value range is 1 to 16.
Inpcb flags: N/A Inpcb vflag: INP_IPV4 TTL: 255(minimum TTL: 0) Send VRF: 0xffff Receive VRF: 0xffff Table 55 Command output Field Description Total UDP socket number Total number of UDP sockets. Slot Slot number of the card. CPU CPU number. Creator Name of the operation that created the socket. The number in brackets is the process number of the creator. State Socket state. Options Socket option. Error Error code.
Field Description Flags in the Internet PCB: • • • • • • • • • Inpcb flags INP_RECVOPTS—Receives IP options. INP_RECVRETOPTS—Receives replied IP options. INP_RECVDSTADDR—Receives destination IP address. INP_HDRINCL—Provides the entire IP header. INP_REUSEADDR—Reuses the IP address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_RECVIF—Records the input interface of the packet. INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag.
Default An interface cannot forward directed broadcasts destined for the directly connected network. Views Interface view Predefined user roles network-admin Usage guidelines A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.
Parameters milliseconds: Sets the interval for tokens to arrive in the bucket. The value range is 0 to 2147483647 milliseconds, and the default is 100 milliseconds. To disable the ICMP rate limit, set the value to 0. bucketsize: Specifies the maximum number of tokens allowed in the bucket. The value range is 1 to 200, and the default is 10. Usage guidelines This command limits the rate at which ICMP error messages are sent.
system-view [Sysname] ip icmp source 1.1.1.1 ip mtu Use ip mtu to configure an MTU for an interface. Use undo ip mtu to restore the default. Syntax ip mtu mtu-size undo ip mtu Default No MTU is configured for an interface. Views Interface view Predefined user roles network-admin Parameters mtu-size: Specifies an MTU in the range of 128 to 2000 bytes.
Default Sending ICMP redirect messages is disabled. Views System view Predefined user roles network-admin Usage guidelines ICMP redirect messages simplify host management and enable hosts to gradually optimize its routing table. A host that has only one route destined to the default gateway sends all packets to the default gateway. The default gateway sends an ICMP redirect message to inform the host of a correct next hop by following these rules: • The receiving and sending interfaces are the same.
• When the device receives the first fragment of an IP datagram destined for the device itself, it starts a timer. If the timer expires before all the fragments of the datagram are received, the device sends an ICMP fragment reassembly time exceeded message to the source. A device disabled from sending ICMP time exceeded messages does not send ICMP TTL exceeded in transit messages but can still send ICMP fragment reassembly time exceeded messages. Examples # Enable sending ICMP time exceeded messages.
reset ip statistics Use reset ip statistics to clear IP traffic statistics. Syntax MSR2000/MSR3000: reset ip statistics MSR4000: reset ip statistics [ slot slot-number ] Views User view Predefined user roles network-admin Parameters slot slot-number: Specifies a card by its slot number. (MSR4000) Usage guidelines To collect new IP traffic statistics within a period of time, use this command to clear history IP traffic statistics first. Examples # Clear IP traffic statistics.
reset udp statistics Use reset udp statistics to clear UDP traffic statistics. Syntax reset udp statistics Views User view Predefined user roles network-admin Examples # Clear UDP traffic statistics. reset udp statistics Related commands display udp statistics tcp mss Use tcp mss to configure the TCP maximum segment size (MSS). Use undo tcp mss to restore the default. Syntax tcp mss value undo tcp mss Default No TCP MSS is configured.
If you configure a TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value. Examples # Set the TCP MSS to 300 bytes on GigabitEthernet 2/1/1. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] tcp mss 300 tcp path-mtu-discovery Use tcp path-mtu-discovery to enable TCP path MTU discovery. Use undo tcp path-mtu-discovery to disable TCP path MTU discovery.
Syntax tcp syn-cookie enable undo tcp syn-cookie enable Default SYN Cookie is disabled. Views System view Predefined user roles network-admin Usage guidelines A TCP connection is established through a three-way handshake: 1. The sender sends a SYN packet to the server. 2. The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state, and replies with a SYN ACK packet to the sender. 3. The sender receives the SYN ACK packet and replies with an ACK packet.
Predefined user roles network-admin Parameters time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds. Usage guidelines TCP starts the FIN wait timer when the state changes to FIN_WAIT_2. If no FIN packet is received within the timer interval, the TCP connection is terminated. If a FIN packet is received, TCP changes connection state to TIME_WAIT. If a non-FIN packet is received, TCP restarts the timer and tears down the connection when the timer expires.
Use undo tcp window to restore the default. Syntax tcp window window-size undo tcp window Default The size of the TCP receive/send buffer is 64 KB. Views System view Predefined user roles network-admin Parameters window-size: Specifies the size of the TCP receive/send buffer in KB, in the range of 1 to 64. Examples # Configure the size of the TCP receive/send buffer as 3 KB.
UDP helper commands display udp-helper interface Use display udp-helper interface to display information about broadcast to unicast conversion by UDP helper on an interface. Syntax display udp-helper interface interface-type interface-number Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number.
reset udp-helper statistics Use reset udp-helper statistics to clear packet statistics for UDP helper. Syntax reset udp-helper statistics Views User view Predefined user roles network-admin Examples # Clear the packet statistics for UDP helper. reset udp-helper statistics Related commands display udp-helper interface udp-helper broadcast-map Use udp-helper broadcast-map to specify a multicast address for UDP helper to convert broadcast to multicast.
You can configure a maximum of 20 unicast and multicast addresses for UDP helper to convert broadcast packets. Examples # Configure UDP helper to convert received broadcast packets on GigabitEthernet 2/1/1 to multicast packets destined for 225.0.0.1. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] udp-helper broadcast-map 225.0.0.1 udp-helper enable Use udp-helper enable to enable UDP helper. Use undo udp-helper enable to disable UDP helper.
udp-helper multicast-map Use udp-helper multicast-map to map a multicast address to a directed broadcast or a unicast address for UDP helper. Use undo udp-helper multicast-map restore the default. Syntax udp-helper multicast-map multicast-address ip-address [ global | vpn-instance vpn-instance-name ] [ acl acl-number ] undo udp-helper multicast-map vpn-instance-name ] multicast-address ip-address [ global | vpn-instance Default No address mapping is specified for UDP helper.
[Sysname-GigabitEthernet2/1/1] udp-helper multicast-map 225.0.0.1 192.168.1.255 # Configure UDP helper to convert the multicast packets destined for 225.0.0.1 to unicast packets destined for 192.168.1.3 in VPN instance a. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname- GigabitEthernet2/1/1] udp-helper multicast-map 225.0.0.1 192.168.1.3 vpn-instance a udp-helper port Use udp-helper port to specify a UDP port number for UDP helper.
Use undo udp-helper server to remove a destination server. Syntax udp-helper server ip-address [ global | vpn-instance vpn-instance-name ] undo udp-helper server [ ip-address [ global | vpn-instance vpn-instance-name ] ] Default No destination server is specified for UDP helper. Views Interface view Predefined user roles network-admin Parameters ip-address: Specifies the IP address of a destination server, in dotted decimal notation.
IPv6 basics commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries.
Table 57 Command output Field Description Destination count Total number of destination addresses. FIB entry count Total number of IPv6 FIB entries. Destination Destination address. Prefix length Prefix length of the destination address. Nexthop Next hop. Route flag: Flags • • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Black hole route. D—Dynamic route. S—Static route. R—Recursive route. F—Fast re-route. Time stamp Time when the IPv6 FIB entry was generated.
Examples # Display ICMPv6 packet statistics.
Examples # Display IPv6 information about interface GigabitEthernet 2/1/1.
OutDiscards: 0 Table 58 Command output Field Description Physical state of the interface: • Administratively DOWN—The interface has been administratively shut down by using the shutdown command. GigabitEthernet2/1/1 current state • DOWN—The interface is administratively up but its physical state is down, possibly because of a connection or link failure. • UP—The administrative and physical states of the interface are both up.
Field Description DAD is enabled. ND DAD is enabled, number of DAD attempts • If DAD is enabled, this field displays the number of attempts to send a NS message for DAD (set by using the ipv6 nd dad attempts command). • If DAD is disabled, this field displays ND DAD is disabled. To disable DAD, set the number of attempts to 0. ND reachable time Time during which a neighboring device is reachable. ND retransmit interval Interval for retransmitting a NS message.
display ipv6 interface prefix Use display ipv6 interface prefix to display IPv6 prefix information for an interface. Syntax display ipv6 interface interface-type interface-number prefix Views Any view Predefined user roles network-admin network-operator Parameters interface-type interface-number: Specifies an interface by its type and number. Examples # Display IPv6 prefix information for VLAN-interface 10.
Related commands ipv6 nd ra prefix display ipv6 neighbors Use display ipv6 neighbors to display IPv6 neighbor information.
IPv6 Address: FE80::200:5EFF:FE32:B800 Link layer State : 0000-5e32-b800 VID : N/A : REACH Interface: GE2/1/1 Type: IS Age : - Vpn-instance: vpn1 Table 61 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link Layer Link layer address (MAC address) of a neighbor. VID VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. State of a neighbor: • INCMP—The address is being resolved.
display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count Views Any view Predefined user roles network-admin network-operator Parameters all: Displays the total number of all neighbor entries, including neighbor entries created dynamically and configured statically. dynamic: Displays the total number of neighbor entries created dynamically. static: Displays the total number of neighbor entries configured statically.
FE80::200:5EFF:FE32:B800 0000-5e32-b800 N/A GE2/1/1 REACH IS - Table 62 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link-layer Link layer address (MAC address) of a neighbor. VID VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. Neighbor state: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown. State • REACH—The neighbor is reachable.
ipv6-address: Specifies the destination IPv6 address for which the Path MTU information is to be displayed. all: Displays all Path MTU information for the public network. dynamic: Displays all dynamic Path MTU information. static: Displays all static Path MTU information. count: Displays the total number of Path MTU entries. Usage guidelines Use display ipv6 pathmtu to display the IPv6 Path MTU information, including the dynamic Path MTUs and the static Path MTUs.
Predefined user roles network-admin network-operator Parameters prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024. If this argument is not specified, the command displays information about all IPv6 prefixes. Usage guidelines A static IPv6 prefix is configured by using the ipv6 prefix command. A dynamic IPv6 prefix is obtained from the DHCPv6 server, and its prefix ID is configured by using the ipv6 dhcp client pd command. Examples # Display information about all IPv6 prefixes.
Syntax MSR2000/MSR3000: display ipv6 rawip MSR4000: display ipv6 rawip [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. (MSR4000) Usage guidelines Brief information about IPv6 RawIP connections includes the local and peer IPv6 addresses, protocol number, and PCB. Examples # Display brief information about IPv6 RawIP connections.
MSR4000: display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the specified PCB. The value of the pcb-index argument is 1 to 16. slot slot-number: Specifies a card by its slot number.
Field Description Options Socket options. Displays receive buffer information in the following order: Receiving buffer(cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states.
Field Description Flags in the Internet PCB: • • • • • • • • • INP_RECVOPTS—Receives IPv6 options. INP_RECVRETOPTS—Receives replied IPv6 options. INP_RECVDSTADDR—Receives destination IPv6 address. INP_HDRINCL—Provides the entire IPv6 header. INP_REUSEADDR—Reuses the IPv6 address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_PROTOCOL_PACKET—Identifies a protocol packet. INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag.
display ipv6 statistics Use display ipv6 statistics to display IPv6 and ICMPv6 packet statistics. Syntax MSR2000/MSR3000: display ipv6 statistics MSR4000: display ipv6 statistics [ slot slot-number ] Views Any view Predefined user roles network-admin network-operator Parameters slot slot-number: Specifies a card by its slot number. (MSR4000) Usage guidelines This command displays statistics about received and sent IPv6 and ICMPv6 packets.
Sent packets: Total: 0 Unreachable: 0 Hop limit exceeded: 0 Parameter problems: 0 Echo requests: Too big: Reassembly timeouts: 0 0 Echo replies: Neighbor solicits: 0 Neighbor adverts: Router solicits: 0 Router adverts: Redirects: 0 0 Router renumbering: 0 0 0 0 Send failed: Rate limitation: 0 Other errors: 0 Too short: 0 Received packets: Total: 0 Checksum errors: Bad codes: 0 Unreachable: 0 0 Too big: 0 Hop limit exceeded: 0 Reassembly timeouts: 0 Parameter problem
Parameters slot slot-number: Specifies a card by its slot number. (MSR4000) Usage guidelines Brief information about IPv6 TCP connections includes the local IPv6 address and port number, peer IPv6 address and port number, and TCP connection state. Examples # Display brief information about IPv6 TCP connections.
display ipv6 tcp verbose [ pcb pcb-index ] MSR4000: display ipv6 tcp verbose [ slot slot-number [ pcb pcb-index ] ] Views Any view Predefined user roles network-admin network-operator Parameters pcb pcb-index: Displays detailed information about IPv6 TCP connections of the specified PCB. The value range of the pcb-index argument is 1 to 16. slot slot-number: Specifies a card by its slot number.
Table 68 Command output Field Description TCP inpcb number Number of IPv6 TCP Internet PCBs. tcpcb number Number of IPv6 TCP PCBs (excluding PCBs of TCP in TIME_WAIT state). Slot Number of the slot that holds the card. CPU CPU number. Creator Task name of the socket. The process number is in the square brackets. State Socket state. Options Socket options. Error Error code.
Field Description Flags in the Internet PCB: • • • • • • • • • INP_RECVOPTS—Receives IPv6 options. INP_RECVRETOPTS—Receives replied IPv6 options. INP_RECVDSTADDR—Receives destination IPv6 address. INP_HDRINCL—Provides the entire IPv6 header. INP_REUSEADDR—Reuses the IPv6 address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_PROTOCOL_PACKET—Identifies a protocol packet. INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag.
Field Description TCP connection state: • CLOSED—The server receives a disconnection request's reply from the client. • LISTEN—The server is waiting for connection requests. • SYN_SENT—The client is waiting for the server to reply to the connection request. • SYN_RCVD—The server receives a connection request. • ESTABLISHED—The server and client have established connections and can Connection state transmit data bidirectionally. • CLOSE_WAIT—The server receives a disconnection request from the client.
Usage guidelines Brief information about an IPv6 UDP connection includes local IPv6 address and port number, and peer IPv6 address and port number. Examples # Displays brief information about IPv6 UDP connections.
Usage guidelines Detailed information about an IPv6 UDP connection includes socket's creator, state, option, type, protocol number, source IPv6 address and port number, destination IPv6 address and port number, and the connection state. Examples # Display detailed information about an IPv6 UDP connection.
Field Description Displays send buffer information in the following order: Sending buffer(cc/hiwat/lowat/state) • • • • cc—Used space. hiwat—Maximum space. lowat—Minimum space. state—Buffer state: { CANTSENDMORE—Unable to send data to the peer. { CANTRCVMORE—Unable to receive data from the peer. { RCVATMARK—Receiving tag. { N/A—None of the above states. Socket type: • 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. Type • 2—SOCK_DGRAM.
Field Description Flags in the Internet PCB: • • • • • • • • • INP_RECVOPTS—Receives IPv6 options. INP_RECVRETOPTS—Receives replied IPv6 options. INP_RECVDSTADDR—Receives destination IPv6 address. INP_HDRINCL—Provides the entire IPv6 header. INP_REUSEADDR—Reuses the IPv6 address. INP_REUSEPORT—Reuses the port number. INP_ANONPORT—Port number not specified. INP_PROTOCOL_PACKET—Identifies a protocol packet. INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag.
ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove an IPv6 address of the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No IPv6 global unicast address is configured for an interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies an IPv6 address.
Default No IPv6 anycast address is configured for an interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies an IPv6 anycast address. prefix-length: Specifies a prefix length in the range of 1 to 128. Examples # Set the IPv6 anycast address of interface GigabitEthernet 2/1/1 to 2001::1 with prefix length 64.
Examples # Enable stateless address autoconfiguration on interface GigabitEthernet 2/1/1. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] ipv6 address auto ipv6 address auto link-local Use ipv6 address auto link-local to automatically generate a link-local address for an interface. Use undo ipv6 address auto link-local to remove the automatically generated link-local address for the interface.
Examples # Configure GigabitEthernet 2/1/1 to automatically generate a link-local address. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] ipv6 address auto link-local Related commands ipv6 address link-local ipv6 address eui-64 Use ipv6 address eui-64 to configure an EUI-64 IPv6 address for an interface. Use undo ipv6 address eui-64 to remove the EUI-64 IPv6 address of the interface.
Related commands display ipv6 interface ipv6 address link-local Use ipv6 address link-local to configure a link-local address for the interface. Use undo ipv6 address link-local to remove the link-local address of the interface. Syntax ipv6 address ipv6-address link-local undo ipv6 address ipv6-address link-local Default No link-local address is configured for the interface. Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies an IPv6 link-local address.
Syntax ipv6 hop-limit value undo ipv6 hop-limit Default The hop limit is 64. Views System view Predefined user roles network-admin Parameters value: Specifies the number of hops, in the range of 1 to 255. Usage guidelines The hop limit determines the number of hops that an IPv6 packet generated by the device can travel.
To prevent too many ICMPv6 error messages from affecting device performance, disable this function. Even with the function disabled, the device still sends fragment reassembly time exceeded messages. Examples # Disable sending ICMPv6 time exceeded messages. system-view [Sysname] undo ipv6 hoplimit-expires enable ipv6 icmpv6 error-interval Use ipv6 icmpv6 error-interval to set the interval and bucket size for ICMPv6 error messages. Use undo ipv6 icmpv6 error-interval to restore the default.
Use undo ipv6 icmpv6 multicast-echo-reply to disable replying to multicast echo requests. Syntax ipv6 icmpv6 multicast-echo-reply enable undo ipv6 icmpv6 multicast-echo-reply enable Default The device is disabled from replying to multicast echo requests. Views System view Predefined user roles network-admin Usage guidelines If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host.
Usage guidelines It is a good practice to specify the IPv6 address of the loopback interface as the source IPv6 address for outgoing ping echo request and ICMPv6 error messages. This feature helps users to locate the sending device easily. Examples # Specify IPv6 address 1::1 as the source address for outgoing ICMPv6 packets. system-view [Sysname] ipv6 icmpv6 source 1::1 ipv6 mtu Use ipv6 mtu to set the MTU of IPv6 packets sent over an interface. Use undo ipv6 mtu to restore the default MTU.
Syntax ipv6 nd autoconfig managed-address-flag undo ipv6 nd autoconfig managed-address-flag Default The M flag is set to 0 so that the host can obtain an IPv6 address through stateless autoconfiguration. Views Interface view Predefined user roles network-admin Usage guidelines The M flag determines whether a host uses stateful autoconfiguration to obtain an IPv6 address. If the M flag is set to 1, the host uses stateful autoconfiguration (for example, from an DHCPv6 server) to obtain an IPv6 address.
If the O flag is set to 1, the host uses stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 address. Otherwise, the host uses stateless autoconfiguration. Examples # Configure the host to obtain configuration information other than IPv6 address through stateless autoconfiguration.
ipv6 nd ns retrans-timer Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message. Use undo ipv6 nd ns retrans-timer to restore the default. Syntax ipv6 nd ns retrans-timer value undo ipv6 nd ns retrans-timer Default The local interface sends NS messages at an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0. The interval for retransmitting an NS message is determined by the receiving device.
Default The neighbor reachable time on the local interface is 30000 milliseconds, and the value of the Reachable Time field in RA messages is 0. The reachable time is determined by the receiving device. Views Interface view Predefined user roles network-admin Parameters value: Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds.
[Sysname-GigabitEthernet2/1/1] undo ipv6 nd ra halt ipv6 nd ra hop-limit unspecified Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages. Use undo ipv6 nd ra hop-limit unspecified to restore the default. Syntax ipv6 nd ra hop-limit unspecified undo ipv6 nd ra hop-limit unspecified Default The maximum number of hops in the RA messages is limited to 64.
Parameters max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Specifies the minimum interval for advertising RA messages, in the range of 3 seconds to three-fourths of the maximum interval. Usage guidelines The device advertises RA messages at intervals of a random value between the maximum interval and the minimum interval.
ipv6 nd ra prefix Use ipv6 nd ra prefix to configure the prefix information in RA messages. Use undo ipv6 nd ra prefix to remove the prefix information from RA messages. Syntax ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } Default No prefix information is configured for RA messages.
[Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] ipv6 nd ra prefix 2001:10::100 64 100 10 ipv6 nd ra router-lifetime Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages. Use undo ipv6 nd ra router-lifetime to restore the default. Syntax ipv6 nd ra router-lifetime value undo ipv6 nd ra router-lifetime Default The router lifetime in RA messages is 1800 seconds.
Default The router preference is medium. Views Interface view Predefined user roles network-admin Parameters high: Sets the router preference to the highest setting. low: Sets the router preference to the lowest setting. medium: Sets the router preference to the medium setting. Usage guidelines A hosts selects a router with the highest preference as the default router.
interface interface-type interface-number: Specifies a Layer 3 interface of the static neighbor entry by its type and number. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the static neighbor entry belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the static neighbor entry is for the public network, do not specify this option..
Views System view Predefined user roles network-admin Usage guidelines Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries comprising link-local addresses. By default, the device assigns all ND entries to the driver. With this feature enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route to the driver. This saves driver resources.
ipv6 neighbors max-learning-num Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries that an interface can learn. This prevents the interface from occupying too many neighbor table resources. Use undo ipv6 neighbors max-learning-num to restore the default.
Default No static Path MTU is configured. Views System view Predefined user roles network-admin Parameters vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance that the Path MTU belongs to. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the Path MTU is for the public network, do not specify this option. ipv6-address: IPv6 address. value: Specifies the Path MTU of the specified IPv6 address, in the range of 1280 to 10240 bytes.
Usage guidelines After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU. After the aging time expires: • The dynamic Path MTU is removed. • The source host re-determines a dynamic path MTU through the Path MTU mechanism. The aging time is invalid for a static Path MTU. Examples # Set the aging time for a dynamic Path MTU to 40 minutes.
ipv6 prefix Use ipv6 prefix to configure a static IPv6 prefix. Use undo ipv6 prefix to remove a static IPv6 prefix. Syntax ipv6 prefix prefix-number ipv6-prefix/prefix-length undo ipv6 prefix prefix-number Default No static IPv6 prefix is configured on the device. Views System view Predefined user roles network-admin Parameters prefix-number: Specifies a prefix ID in the range of 1 to 1024. ipv6-prefix/prefix-length: Specifies a prefix and its length.
Views System view Predefined user roles network-admin Usage guidelines The default gateway sends an ICMPv6 redirect message to the source of an IPv6 packet to inform the source of a better first hop. Sending ICMPv6 redirect messages enables hosts that hold few routes to establish routing tables and find the best route. Because this function adds host route into the routing tables, host performance degrades when there are too many host routes.
the MAC address of the interface and is globally unique. An attacker can exploit this rule to easily identify the sending device. To fix the vulnerability, you can enable the temporary address function. With this function, an IEEE 802 interface generates the following addresses: • Public IPv6 address—Includes an address prefix in the RA message and a fixed interface ID generated based on the MAC address of the interface.
Usage guidelines If the device fails to forward a received IPv6 packet because of a destination unreachable error, it drops the packet and sends an ICMPv6 destination unreachable message to the source. If the device is generating ICMPv6 destination unreachable messages incorrectly, disable sending ICMPv6 destination unreachable messages to prevent attack risks. Examples # Enable sending ICMPv6 destination unreachable messages.
Views VLAN interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view Predefined user roles network-admin Examples # Enable common ND proxy on interface GigabitEthernet 2/1/1. system-view [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] proxy-nd enable Related commands local-proxy-nd enable reset ipv6 neighbors Use reset ipv6 neighbors to clear IPv6 neighbor information.
reset ipv6 neighbors dynamic This will delete all the dynamic entries. Continue? [Y/N]:Y # Clear all neighbor information for GigabitEthernet 2/1/1. reset ipv6 neighbors interface gigabitethernet 2/1/1 This will delete all the dynamic entries by the interface you specified. Contin ue? [Y/N]:Y Related commands • display ipv6 neighbors • ipv6 neighbor reset ipv6 pathmtu Use reset ipv6 pathmtu to clear the Path MTU information.
Predefined user roles network-admin Parameters slot slot-number: Specifies a card by its slot number. (MSR4000) Usage guidelines You can use the display ipv6 statistics command to display the IPv6 and ICMPv6 packet statistics. If you do not specify the slot slot-number option, this command clears IPv6 and ICMPv6 packet statistics of all cards. If you specify the slot slot-number option, this command clears IPv6 and ICMP packet statistics of the specified card.
DHCPv6 commands Common DHCPv6 commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DUID of the local device. Syntax display ipv6 dhcp duid Views Any view Predefined user roles network-admin network-operator Usage guidelines A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or relay agent). A DHCPv6 device adds its DUID in a sent packet. Examples # Display the DUID of the local device.
Parameters dscp-value: Specifies the DSCP value for DHCPv6 packets, in the range of 0 to 63. Usage guidelines The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority. Examples # Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay agent.
[Sysname] interface gigabitethernet 2/1/2 [Sysname-GigabitEthernet2/1/2] ipv6 dhcp select relay Related commands • display ipv6 dhcp relay server-address • display ipv6 dhcp server DHCPv6 server commands address range Use address range to specify a non-temporary IPv6 address range in a DHCPv6 address pool for dynamic allocation. Use undo address range to remove the non-temporary IPv6 address range in the address pool.
Examples # Configure a non-temporary IPv6 address range from 3ffe:501:ffff:100::10 through 3ffe:501:ffff:100::31 in address pool 1.
Type: Static Interface: N/A aaa.com Domain name: Type: Dynamic (DHCPv6 address allocation) Interface: GigabitEthernet2/1/1 aaa.com Options: Code: 23 Type: Dynamic (DHCPv6 prefix allocation) Interface: GigabitEthernet2/1/1 Length: 2 bytes Hex: ABCD DHCPv6 option group: 20 DNS server addresses: Type: Static Interface: N/A 1::1 DNS server addresses: Type: Dynamic (DHCPv6 address allocation) Interface: GigabitEthernet2/1/1 1::1 Domain name: Type: Static Interface: N/A aaa.
Field Description DNS server addresses IPv6 address of the DNS server. Domain name Domain name suffix. SIP server addresses IPv6 address of the SIP server. SIP server domain names Domain name of the SIP server. Options Self-defined options. Code Code of the self-defined option. Length Self-defined option length in bytes. Hex Self-defined option content represented by a hexadecimal string.
Temporary addresses: Range: from 3FFE:501:FFFF:100::200 to 3FFE:501:FFFF:100::210 Preferred lifetime 60480, valid lifetime 259200 Total address number: 17 Available: 17 In-use: 0 Static bindings: DUID: 0003000100e0fc000001 IAID: 0000003f Prefix: 3FFE:501:FFFF:200::/64 Preferred lifetime 604800, valid lifetime 2592000 DUID: 0003000100e0fc00cff1 IAID: 00000001 Address: 3FFE:501:FFFF:2001::1/64 Preferred lifetime 604800, valid lifetime 2592000 DNS server addresses: 2::2 Domain name: aaa.
Field Description DNS server addresses DNS server address. Domain name Domain name. SIP server addresses SIP server address. SIP server domain names Domain name of the SIP server. display ipv6 dhcp prefix-pool Use display ipv6 dhcp prefix-pool to display information about a prefix pool.
Field Description Static Number of statically bound prefixes. Assigned length Length of assigned prefixes. Total prefix number Number of prefixes. display ipv6 dhcp server Use display ipv6 dhcp server to display DHCPv6 server configuration information.
Field Description Address pool applied to the interface. Using pool If no address pool is applied to the interface, global is displayed. The DHCPv6 server selects a global address pool to assign a prefix, an address, and other configuration parameters to a client. Preference value Server preference in the DHCPv6 Advertise message. The value range is 0 to 255. The bigger the value is, the higher preference the server has. Allow-hint Indicates whether desired address/prefix assignment is enabled.
Related commands reset ipv6 dhcp server conflict display ipv6 dhcp server expired Use display ipv6 dhcp server expired to display lease expiration information. Syntax display ipv6 dhcp server expired [ address ipv6-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays lease expiration information for the specified IPv6 address.
Syntax display ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ] Views Any view Predefined user roles network-admin network-operator Parameters address ipv6-address: Displays binding information for the specified IPv6 address. pool pool-name: Displays binding information for the IPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters.
Table 77 Command output Field Description Pool DHCPv6 address pool. IPv6 address IPv6 address assigned. IPv6 address binding types: Type • Static(F)—Free static binding whose IPv6 address has not been assigned. • Static(O)—Offered static binding whose IPv6 address has been selected and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the client. • Static(C)—Committed static binding whose IPv6 address has been assigned to the client.
Parameters pool pool-name: Displays IPv6 prefix binding information for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. prefix prefix/prefix-len: Displays binding information for the specified IPv6 prefix. The value range for the prefix length is 1 to 128. Usage guidelines If you do not specify any parameters, the command displays all IPv6 prefix binding information. Examples # Display all IPv6 prefix binding information.
Field Description Prefix binding types: • Static(F)—Free static binding whose IPv6 prefix has not been assigned. • Static(O)—Offered static binding whose IPv6 prefix has been selected and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the client. • Static(C)—Committed static binding whose IPv6 prefix has been assigned to Type the client. • Auto(O)—Offered dynamic binding whose IPv6 prefix has been dynamically selected by the DHCPv6 server and sent in a DHCPv6-OFFER packet to the DHCPv6 client.
Parameters pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its name, a case-insensitive string of 1 to 63 characters. If you do not specify any pool, the command displays DHCPv6 packet statistics for all address pools. Examples # Display all DHCPv6 packet statistics on the DHCPv6 server.
Field Description Number of messages received by the DHCPv6 server. The message types include: Packets received • • • • • • • • • Solicit. Request. Confirm. Renew. Rebind. Release. Decline. Information-request. Relay-forward. If statistics about a specific address pool are displayed, this field is not displayed. Packets dropped Number of packets discarded. If statistics about a specific address pool are displayed, this field is not displayed. Number of messages sent by the DHCPv6 server.
Usage guidelines You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS server specified earlier has a higher preference. Examples # Specify the DNS server address 2:2::3 in DHCPv6 address pool 1. system-view [Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] dns-server 2:2::3 Related commands display ipv6 dhcp pool domain-name Use domain-name to specify a domain name suffix in a DHCPv6 address pool. Use undo domain-name to remove the domain name suffix.
Use undo ipv6 dhcp option-group to delete the specified static DHCPv6 option group. Syntax ipv6 dhcp option-group option-group-number undo ipv6 dhcp option-group option-group-number Default No DHCPv6 option group exists on the device. Views System view Predefined user roles network-admin Parameters option-group-number: Assigns an ID to the static option group, in the range of 1 to 100. Usage guidelines A static DHCPv6 option group can use the same ID as a dynamic DHCPv6 option group.
Parameters pool-name: Specifies a name for the DHCPv6 address pool, a case-insensitive string of 1 to 63 characters. Usage guidelines A DHCPv6 address pool stores IPv6 address/prefix and other configuration parameters to be assigned to DHCPv6 clients. When you remove a DHCPv6 address pool, binding information for the assigned IPv6 addresses and prefixes in the address pool is also removed. Examples # Create a DHCPv6 address pool named pool1 and enter its view.
You cannot modify an existing prefix pool. To change the prefix pool settings, you must delete the prefix pool first. Removing a prefix pool clears all prefix bindings from the prefix pool. Examples # Create prefix pool named 1, and specify the prefix 2001:0410::/32 with assigned prefix length being 42. Prefix pool 1 contains 1024 prefixes from 2001:0410::/42 to 2001:0410:FFC0::/42.
Examples # Configure global address assignment on the interface GigabitEthernet 2/1/1. Use the desired address/prefix assignment and rapid address/prefix assignment, and set the server preference to the highest 255.
A non-existing address pool can be applied to an interface, but the server cannot assign any prefix, address, or other configuration information from the address pool until the address pool is created. Examples # Apply address pool 1 to GigabitEthernet 2/1/1, configure the address pool to support desired address/prefix assignment and address/prefix rapid assignment, and set the preference to 255.
Examples # Exclude IPv6 addresses of 2001:10:110::1 through 2001:10:110::20 from dynamic assignment. system-view [Sysname] ipv6 dhcp server forbidden-address 2001:10:110::1 2001:10:110::20 Related commands • ipv6 dhcp server forbidden-prefix • static-bind ipv6 dhcp server forbidden-prefix Use ipv6 dhcp server forbidden-prefix to exclude specific IPv6 prefixes from dynamic allocation. Use undo ipv6 dhcp server forbidden-prefix to remove the configuration.
• static-bind network Use network to specify an IPv6 subnet for dynamic allocation in a DHCPv6 address pool. Use undo network to remove the specified IPv6 subnet. Syntax network prefix/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo network Default No IPv6 subnet is specified in an address pool. Views DHCPv6 address pool view Predefined user roles network-admin Parameters prefix/prefix-length: Specifies the IPv6 subnet for dynamic allocation.
Use undo option to remove a self-defined DHCPv6 option from a DHCPv6 address pool. Syntax option code hex hex-string undo option code Default No self-defined DHCPv6 option is configured in a DHCPv6 address pool. Views DHCPv6 address pool view, DHCPv6 option group view Predefined user roles network-admin Parameters code: Specifies a number for the self-defined option, in the range of 21 to 65535, excluding 25 through 26, 37 through 40, and 43 through 48.
prefix-pool Use prefix-pool to apply a prefix pool to a DHCPv6 address pool, so the DHCPv6 server can dynamically select a prefix from the prefix pool for a client. Use undo prefix-pool to remove the configuration. Syntax prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo prefix-pool prefix-pool-number Default No prefix pool is applied to an address pool.
reset ipv6 dhcp server conflict Use reset ipv6 dhcp server conflict to clear IPv6 address conflict information. Syntax reset ipv6 dhcp server conflict [ address ipv6-address ] Views User view Predefined user roles network-admin Parameters address ipv6-address: Clears conflict information for the specified IPv6 address. If you do not specify any IPv6 address, the command clears all IPv6 address conflict information.
reset ipv6 dhcp server expired address 2001:f3e0::1 Related commands display ipv6 dhcp server expired reset ipv6 dhcp server ip-in-use Use reset ipv6 dhcp server ip-in-use to clear binding information for assigned IPv6 addresses. Syntax reset ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ] Views User view Predefined user roles network-admin Parameters address ipv6-address: Clears binding information for the assigned IPv6 address.
Parameters pool pool-name: Clears binding information for assigned IPv6 prefixes in the address pool specified by its name, a case-insensitive string of 1 to 63 characters. prefix prefix/prefix-len: Clears binding information for the specified IPv6 prefix. The value range for the prefix length is 1 to 128. Usage guidelines If you do not specify any parameters, this command clears binding information for all assigned IPv6 prefixes.
undo sip-server { address ipv6-address | domain-name domain-name } Default No SIP server address or domain name is specified. Views DHCPv6 address pool view, DHCPv6 option group view Predefined user roles network-admin Parameters address ipv6-address: Specifies the IPv6 address of a SIP server. domain-name domain-name: Specifies the domain name of a SIP server, a case-insensitive string of 1 to 50 characters.
Parameters address ipv6-address/addr-prefix-length: Specifies the IPv6 address and prefix length. The value range for the prefix length is 1 to 128. prefix prefix/prefix-len: Specifies the prefix and prefix length. The value range for the prefix length is 1 to 128. duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to 256. iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF.
Default No temporary IPv6 address range is configured in an address pool. Views DHCPv6 address pool view Predefined user roles network-admin Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days). valid-lifetime valid-lifetime: Specifies the valid lifetime.
Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays DHCPv6 server addresses on all interfaces enabled with DHCPv6 relay agent. Examples # Display DHCPv6 server addresses on all interfaces enabled with DHCPv6 relay agent.
Views Any view Predefined user roles network-admin network-operator Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays DHCPv6 packets statistics on all interfaces enabled with DHCPv6 relay agent. Examples # Display DHCPv6 packet statistics on all interfaces enabled with DHCPv6 relay agent.
Advertise : 0 Reconfigure : 0 Reply : 8 Relay-forward : 8 Relay-reply : 0 Table 81 Command output Field Description Packets dropped Number of discarded packets. Packets received Number of received packets. Solicit Number of received solicit packets. Request Number of received request packets. Confirm Number of received confirm packets. Renew Number of received renew packets. Rebind Number of received rebind packets. Release Number of received release packets.
Views Interface view Predefined user roles network-admin Parameters ipv6-address: Specifies the IPv6 address of a DHCPv6 server. interface interface-type interface-number: Specifies an output interface through which the relay agent forwards the DHCPv6 requests to the DHCPv6 server. If you do not specify any output interface, the relay agent looks up the routing table for an output interface.
Parameters interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify any interface, the command clears all relay agent statistics. Examples # Clear packet statistics on the DHCPv6 relay agent. reset ipv6 dhcp relay statistics Related commands display ipv6 dhcp relay statistics DHCPv6 client commands display ipv6 dhcp client Use display ipv6 dhcp client to display DHCPv6 client information.
aaa.com SIP server addresses: 2:2::4 SIP server domain names: bbb.com Options: Code: 88 Length: 3 bytes Hex: AABBCC Table 82 Command output Field Description Types of DHCPv6 client: • Stateful client requesting address—A DHCPv6 client that requests an IPv6 address. Type • Stateful client requesting prefix—A DHCPv6 client that requests an IPv6 prefix. • Stateless client—A DHCPv6 client that requests configuration parameters through stateless DHCPv6.
Field Description Will expire on Feb 4 2013 at 15:37:20 (288 seconds left) Time when the lease expires and the remaining time of the lease. If the lease expires after the year 2100, this field displays Will expire after 2100. DNS server addresses IPv6 address of the DNS server. Domain name Domain name suffix. SIP server addresses IPv6 address of the SIP server. SIP server domain names Domain name of the SIP server. Options Self-defined options. Code Code of the self-defined option.
Request : 0 Renew : 0 Rebind : 0 Information-request : 5 Release : 0 Decline : 0 Table 83 Command output Field Description Interface Interface that serves as the DHCPv6 client. Packets Received Number of received packets. Reply Number of received reply packets. Advertise Number of received advertise packets. Reconfigure Number of received reconfigure packets. Invalid Number of invalid packets. Packets sent Number of sent packets. Solicit Number of sent solicit packets.
VLAN interface view Predefined user roles network-admin Parameters option-group option-group-number: Enables the DHCPv6 client to create a dynamic DHCPv6 option group for saving the configuration parameters, and assigns an ID to the option group. The value range for the ID is 1 to 100. If you do not specify this option, the DHCPv6 client does not create any dynamic DHCPv6 option groups. rapid-commit: Supports rapid address or prefix assignment.
[Sysname] ipv6 dhcp client dscp 30 ipv6 dhcp client pd Use ipv6 dhcp client pd to configure an interface to use DHCPv6 for IPv6 prefix acquisition. Use undo ipv6 dhcp client pd to cancel an interface from using DHCPv6, and clear the obtained IPv6 prefix and other configuration parameters. Syntax ipv6 dhcp client pd prefix-number [ option-group option-group-number | rapid-commit ]* undo ipv6 dhcp client pd Default An interface does not use DHCPv6 for IPv6 prefix acquisition.
Syntax ipv6 dhcp client stateless enable undo ipv6 dhcp client stateless enable Default Stateless DHCPv6 is disabled. Views Layer 3 Ethernet interface/subinterface view Layer 3 aggregate interface view VLAN interface view Predefined user roles network-admin Usage guidelines With stateless DHCPv6 enabled on an interface, the interface sends an Information-request message to the multicast address of all DHCPv6 servers and DHCPv6 relay agents to request configuration parameters.
DHCPv6 snooping commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. DHCPv6 snooping works between the DHCPv6 client and the DHCPv6 server or between the DHCPv6 client and DHCPv6 the relay agent. DHCPv6 snooping does not work between the DHCPv6 server and the DHCPv6 relay agent.
Field Description VLAN When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCPv6 client resides. SVLAN When both DHCPv6 snooping and QinQ are enabled or the DHCPv6 packet contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise, it displays N/A. Interface Port connecting to the DHCPv6 client.
Field Description Indicates whether the file was written successfully: Status • Writing—The file is being written. • Last write succeeded.—The file was written successfully. • Last write failed.—The file was not written successfully. display ipv6 dhcp snooping packet statistics Use display ipv6 dhcp snooping packet statistics to display DHCPv6 packet statistics for DHCPv6 snooping.
Predefined user roles network-admin network-operator Examples # Display information about trusted ports. display ipv6 dhcp snooping trust DHCPv6 snooping is enabled. Interface Trusted ========================= ============ GigabitEthernet2/1/1 Trusted The output shows that DHCPv6 snooping is enabled, GigabitEthernet 2/1/1 is the trusted port.
Usage guidelines For security purposes, all passwords, including passwords configured in plaintext, are saved in ciphertext. This command enables the device to immediately save DHCPv6 snooping entries to the specified database file. If the file does not exist, the device automatically creates the file. The device does not update the file for a specific amount of time after a DHCPv6 snooping entry changes. The default period is 300 seconds.
undo ipv6 dhcp snooping binding database update interval Default The waiting period is 300 seconds. Views System view Predefined user roles network-admin Parameters seconds: Sets the waiting period in seconds, in the range of 60 to 864000. Usage guidelines When a DHCPv6 snooping entry is learned or removed, the device updates the database file when the waiting period is reached. All changed entries during that period will be updated. If no file has been specified, this command does not take effect.
ipv6 dhcp snooping binding record Use ipv6 dhcp snooping binding record to enable recording of client information in DHCPv6 snooping entries. Use undo ipv6 dhcp snooping binding record to disable the function. Syntax ipv6 dhcp snooping binding record undo ipv6 dhcp snooping binding record Default DHCPv6 snooping does not record client information.
Usage guidelines Use the DHCPv6-REQUEST check function to protect the DHCPv6 server against DHCPv6 client spoofing attacks. The function enables the DHCPv6 snooping device to check every received DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping entries. • If any of the criteria in an entry is matched, the device compares the entry with the message information. { { • If they are consistent, the device considers the message valid and forwards it to the DHCPv6 server.
ipv6 dhcp snooping max-learning-num Use ipv6 dhcp snooping max-learning-num to set the maximum number of DHCPv6 snooping entries for an interface to learn. Use undo ipv6 dhcp snooping max-learning-num to restore the default. Syntax ipv6 dhcp snooping max-learning-num number undo ipv6 dhcp snooping max-learning-num Default The number of DHCPv6 snooping entries for an interface to learn is not limited.
Examples # Enable support for Option 18. system-view [Sysname] ipv6 dhcp snooping enable [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] ipv6 dhcp snooping option interface-id enable Related commands • ipv6 dhcp snooping enable • ipv6 dhcp snooping option interface-id string ipv6 dhcp snooping option interface-id string Use ipv6 dhcp snooping option interface-id string to specify the content as the interface ID for Option 18.
Use undo ipv6 dhcp snooping option remote-id enable to restore the default. Syntax ipv6 dhcp snooping option remote-id enable undo ipv6 dhcp snooping option remote-id enable Default Option 37 is not supported. Views Layer 2 Ethernet interface view Predefined user roles network-admin Usage guidelines This command takes effect only when DHCPv6 snooping is globally enabled. Examples # Enable support for Option 37.
Examples # Specify device001 as the remote ID. system-view [Sysname] ipv6 dhcp snooping enable [Sysname] interface gigabitethernet 2/1/1 [Sysname-GigabitEthernet2/1/1] ipv6 dhcp snooping option remote-id enable [Sysname-GigabitEthernet2/1/1] ipv6 dhcp snooping option remote-id string device001 Related commands • ipv6 dhcp snooping enable • ipv6 dhcp snooping option remote-id enable ipv6 dhcp snooping trust Use ipv6 dhcp snooping trust to configure a port as a trusted port.
Views User view Predefined user roles network-admin Parameters address ipv6-address: Clears the DHCPv6 snooping entry for the specified IPv6 address. vlan vlan-id: Clears DHCPv6 snooping entries for the specified VLAN. all: Clears all DHCPv6 snooping entries. Usage guidelines This command applies to all slots on MSR4000. Examples # Clear all DHCPv6 snooping entries.
IPv6 fast forwarding commands display ipv6 fast-forwarding aging-time Use display ipv6 fast-forwarding aging-time to display the aging time of IPv6 fast forwarding entries. Syntax display ipv6 fast-forwarding aging-time Views Any view Predefined user roles network-admin network-operator Examples # Display the aging time of IPv6 fast forwarding entries.
Parameters ipv6-address: Specifies an IPv6 address. If you do not specify any IPv6 address, this command displays all IPv6 fast forwarding entries. slot slot-number: Specifies a card by the slot number. If you do not specify any slot number, this command displays IPv6 fast forwarding entries for all cards. (MSR4000) Usage guidelines This command displays IPv6 fast forwarding entries.
Field Description VPN instance VPN instance. Input interface type and number. Input interface If no interface is involved in fast forwarding, this field displays N/A. If the input interface does not exist, this field displays a hyphen (-). Output interface type and number. Output interface If no interface is involved in fast forwarding, this field displays N/A. If the output interface does not exist, this field displays a hyphen (-).
ipv6 fast-forwarding aging-time Use ipv6 fast-forwarding aging-time to set the aging time of IPv6 fast forwarding entries. Use undo ipv6 fast-forwarding aging-time to restore the default. Syntax ipv6 fast-forwarding aging-time aging-time undo ipv6 fast-forwarding aging-time Default The aging time of IPv6 fast forwarding entries is 30 seconds.
reset ipv6 fast-forwarding cache Related commands • display ipv6 fast-forwarding cache • ipv6 fast-forwarding load-sharing 357
Tunneling commands In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. bandwidth Use bandwidth to configure the expected bandwidth of an interface. Use undo bandwidth to restore the default. Syntax bandwidth bandwidth-value undo bandwidth Default The expected bandwidth is 64 kbps.
Usage guidelines The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions. Use the display this command in interface view to identify these commands. Use their undo forms or follow the command reference to restore their default settings.
destination Use destination to specify the destination address for a tunnel interface. Use undo destination to remove the configured tunnel destination address. Syntax destination { ip-address | ipv6-address } undo destination Default No tunnel destination address is configured. Views Tunnel interface view Predefined user roles network-admin Parameters ip-address: Specifies the tunnel destination IPv4 address. ipv6-address: Specifies the tunnel destination IPv6 address.
display ds-lite b4 information Use display ds-lite b4 information to display information about the connected B4 routers on the AFTR, including the IPv6 addresses of the B4 routers, and the assigned tunnel IDs. Syntax display ds-lite b4 information Views Any view Predefined user roles network-admin network-operator Examples # (MSR2000/MSR3000.) Display information about the connected B4 routers.
Field Idle time Description Remaining time in minutes for the mapping between IPv6 address of the B4 router and tunnel ID. When the mapping ages out but is still applied by a session, this field displays hyphens (--). display interface tunnel Use display interface tunnel to display information about tunnel interfaces, including the source address, destination address, and tunnel mode.
Tunnel TOS 0xC8, Tunnel TTL 255 Tunnel protocol/transport GRE/IPv6 GRE key value is 1 Checksumming of GRE packets disabled Output queue - Urgent queuing: Size/Length/Discards 0/100/0 Output queue - Protocol queuing: Size/Length/Discards 0/500/0 Output queue - FIFO queuing: Size/Length/Discards 0/75/0 Last clearing of counters: Never Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Outpu
Field Description Tunnel keepalive enabled, Period(50 s), Retries(3) Keepalive is enabled to detect the state of the tunnel interface. In this example, keepalive packets are sent every 50 seconds, and the maximum sending times are three. Tunnel TOS ToS of tunneled packets. Tunnel TTL TTL of tunneled packets. Tunnel mode and transport protocol: • • • • • • • • Tunnel protocol/transport GRE/IP—GRE over IPv4 tunnel mode. GRE/IPv6—GRE over IPv6 tunnel mode. IP/IP—IPv4 over IPv4 tunnel mode.
Brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Description Tun1 UP aaaaaaaaaaaaaaaaaaaaaaaaaaaaa UP 1.1.1.1 Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa # Display information about interfaces in DOWN state and the causes.
Field Description Causes for the physical state of DOWN: • Administratively—The link has been shut down by using the shutdown command. To bring it up, use the undo shutdown command. Cause • Not connected—The tunnel is not established. • DOWN (Tunnel-Bundle administratively down)—The tunnel bundle interface to which the tunnel interface belongs has been shut down by using the shutdown command.
Syntax encapsulation-limit number undo encapsulation-limit Default There is no limit to the nested encapsulations of a packet. Views Tunnel interface view Predefined user roles network-admin Parameters number: Specifies the number of nested encapsulations, in the range of 0 to 10. Usage guidelines A packet added with excessive headers becomes oversized. If it exceeds the MTU, it must be fragmented, which decreases forwarding rate and increases processing complexity.
Parameters number: Specifies the number of the tunnel interface. The number of tunnel interfaces that can be created is restricted by the total number of interfaces and the memory. The following matrix shows the value ranges for the number argument: Hardware Value range MSR2000 0 to 1023 MSR3000 0 to 2047 MSR4000 0 to 4095 mode ds-lite-aftr: Specifies DS-Lite tunnel mode on the AFTR. mode gre: Specifies GRE over IPv4 tunnel mode. mode gre ipv6: Specifies GRE over IPv6 tunnel mode.
Syntax mtu mtu-size undo mtu Default The MTU is 64000 bytes. Views Tunnel interface view Predefined user roles network-admin Parameters mtu-size: Specifies the MTU for IPv4 packets, in the range of 100 to 64000 bytes. Examples # Set the MTU for IPv4 packets on the interface Tunnel 1 to 10000 bytes.
Related commands display interface tunnel service Use service to specify a service card for forwarding the traffic on the tunnel interface. Use undo service to restore the default. Syntax service slot slot-number undo service slot The following matrix shows the support of MSR routers for the command: Hardware Command compatibility MSR2000 No MSR3000 No MSR4000 Yes Default No service card is specified for the tunnel interface.
shutdown Use shutdown to shut down a tunnel interface. Use undo shutdown to bring up a tunnel interface. Syntax shutdown undo shutdown Default The tunnel interface is up. Views Tunnel interface view Predefined user roles network-admin Usage guidelines This command disconnects all links set up on the interface. Make sure you fully understand the impact of the command on your network. Examples # Shut down the interface Tunnel 1.
ipv6-address: Specifies the tunnel source IPv6 address. interface-type interface-number: Specifies the source interface. The interface must be up and must have an IP address. Usage guidelines The specified source address or the address of the specified source interface is used as the source address of tunneled packets. To display the configured tunnel source address, use the display interface tunnel command.
Usage guidelines To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is larger than tunneled packets. Otherwise, do not set the DF bit to avoid discarding tunneled packets larger than the path MTU. This command is not supported on a GRE over IPv6 tunnel interface and an IPv6 tunnel interface. Examples # Set the DF bit for tunneled packets on the interface Tunnel 1.
Default The ToS of tunneled packets is the same as the ToS of the original packets. Views Tunnel interface view Predefined user roles network-admin Parameters tos-value: Specifies the ToS of tunneled packets, in the range of 0 to 255. Usage guidelines After you configure this command, all the tunneled packets of different services sent on the tunnel interface will use the same configured ToS. For more information about ToS, see ACL and QoS Configuration Guide.
Examples # Set the TTL of tunneled packets to 100 on the interface Tunnel 1. system-view [Sysname] interface tunnel 1 mode gre [Sysname-Tunnel1] tunnel ttl 100 Related commands display interface tunnel tunnel vpn-instance Use tunnel vpn-instance to specify the VPN instance to which the tunnel destination belongs. Use undo tunnel vpn-instance to restore the default.
[Sysname-Tunnel1] destination 1.1.1.
GRE commands gre checksum Use gre checksum to enable the GRE checksum function. Use undo gre checksum to disable the GRE checksum function. Syntax gre checksum undo gre checksum Default The GRE checksum function is disabled. Views Tunnel interface view Predefined user roles network-admin Usage guidelines The GRE checksum function verifies packet integrity. You can enable or disable the GRE checksum function at each end of a tunnel as needed.
undo gre key Default No key is configured for a GRE tunnel interface. Views Tunnel interface view Predefined user roles network-admin Parameters key-number: Specifies the key for the GRE tunnel interface, in the range of 0 to 4294967295. Usage guidelines You can configure a GRE key to check for the validity of packets received on a GRE tunnel interface. When a GRE key is configured, the sender puts the GRE key into each sent packet.
Usage guidelines This command enables the tunnel interface to send keepalive packets at the specified interval. If the device receives no response from the peer within the timeout time, the device shuts down the local tunnel interface until it receives a keepalive acknowledgement packet from the peer. The timeout time is the result of multiplying the keepalive interval by the keepalive number. Regardless of whether GRE keepalive is enabled, the device always acknowledges keepalive packets it receives.
ADVPN commands VAM server commands authentication-algorithm Use authentication-algorithm to specify the algorithms for VAM protocol packet authentication and their priorities. Use undo authentication-algorithm to restore the default. Syntax authentication-algorithm { aes-xcbc-mac | md5 | none | sha-1 | sha-256 } * undo authentication-algorithm Default SHA-1 is used for protocol packet authentication.
authentication-method Use authentication-method to specify the authentication mode that the VAM server uses to authenticate clients. Use undo authentication-method to restore the default. Syntax authentication-method { none | { chap | pap } [ domain isp-name ] } undo authentication-method Default The authentication method is CHAP, and the default domain is used. Views ADVPN domain view Predefined user roles network-admin mdc-admin Parameters none: Performs no authentication on clients.
Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters advpn-domain domain-name: Displays address mappings for VAM clients in the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can only include letters, digits, and dots (.). If you do not specify this option, the command displays address mappings for the VAM clients in all ADVPN domains.
ADVPN domain name: 1 Total private address mappings: 2 Group Private address Public address Type NAT Holding time 1 10.0.0.1 2001::1 Hub No 0H 13M 34S 1 10.0.0.3 74.125.128.102 Spoke Yes 0H 4M 21S # Display the address mapping for the VAM client with private IPv4 address 10.0.0.1 in ADVPN domain 1. display vam server address-map advpn-domain 1 private-address 10.0.0.1 Group Private address Public address Type NAT Holding time 1 10.0.0.
ADVPN domain name : 3 Private address : 30.0.0.1 Type : Hub Hub group : 1 Holding time : 0H 0M 2S Link protocol : GRE Public address : 113.124.136.1 Registered address: 113.124.136.1 Behind NAT : No ADVPN domain name : 4 Private address : 40.0.0.1 Hub group : 1 Holding time : 1H 8M 22S Link protocol : IPsec-UDP Public address : 4001::1 Registered address: 4001::1 Registered port : 4072 Behind NAT : No ADVPN domain name : 5 Private address : 50.0.0.
Holding time : 0H 4M 21S Link protocol : UDP Public address : 74.125.128.102 Public port : 11297 Registered address: 192.168.23.6 Registered port : 2158 Behind NAT : Yes # Display detailed information about address mappings for the client with private IPv4 address 10.0.0.1 in ADVPN domain 1. display vam server address-map advpn-domain 1 private-address 10.0.0.1 verbose ADVPN domain name : 1 Private address : 10.0.0.
Field Description UDP port number used by the IPsec link. IPsec port This field is displayed when the Link protocol is IPsec-UDP or IPsec-GRE. Behind NAT Whether NAT traversal is used. Related commands reset vam server address-map display vam server ipv6 address-map Use display vam server ipv6 address-map to display IPv6 private-public address mappings for VAM clients registered on the VAM server.
ADVPN domain name: 3 Total private address mappings: 1 Group Private address Public address Type NAT Holding time 1 1003::1:0:0:1 3001::1 Hub No 0H 0M 2S ADVPN domain name: 4 Total private address mappings: 1 Group Private address Public address Type NAT Holding time 1 1004::1:0:0:1 202.108.231.
Holding time : 0H 13M 34S Link protocol : UDP Public address : 2001::1 Public port : 2098 Registered address: 2001::1 Registered port : 2098 Behind NAT : No ADVPN domain name : 1 Private address : 1000::2:0:0:1 Link local address: FE80::60:4 Type : Spoke Hub group : 2 Holding time : 0H 4M 21S Link protocol : UDP Public address : 220.181.111.85 Public port : 10018 Registered address: 10.158.26.
Holding time : 132H 41M 29S Link protocol : IPsec-GRE Public address : 5001::1 Registered address: 5001::1 Behind NAT : No # Display detailed information about address mappings for the clients in ADVPN domain 1.
Table 94 Command output Field Description Private address Private address that the VAM client registers with the VAM server. Link local address Link local address that the VAM client registers with the VAM server. Type VAM client type: Hub or Spoke. Hub group Hub group to which the VAM client belongs. Holding time Duration time that elapses after the VAM client successfully registers with the server, in the format of xH yM zS.
mdc-admin mdc-operator Parameters advpn-domain domain-name: Displays IPv6 private networks for VAM clients in the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can only include letters, digits, and dots (.). If you do not specify this option, the command displays IPv6 private networks for the VAM clients in all ADVPN domains.
Table 95 Command output Field Description Network/Prefix Private network address/prefix length for an ADVPN tunnel interface. Private address Private address that the VAM client registers with the VAM server. Preference Preference of the private route that the VAM client registers with the VAM server. display vam server private-network Use display vam server private-network to display IPv4 private networks for VAM clients registered on the VAM server.
Total private networks: 0 ADVPN domain name: 3 Total private networks: 1 Network/Mask Private address Preference 192.168.200.0/24 20.0.0.1 80 # Display IPv4 private networks for the VAM clients in ADVPN domain 1. display vam server private-network advpn-domain 1 ADVPN domain name: 1 Total private networks: 5 Network/Mask Private address Preference 192.168.0.0/24 10.0.0.2 80 192.168.0.0/28 10.0.0.1 80 192.168.1.0/24 10.0.0.1 80 192.168.100.0/24 10.0.0.2 80 192.168.100.
Parameters advpn-domain domain-name: Displays statistics for the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can only include letters, digits, and dots (.). If you do not specify this option, the command displays statistics for all ADVPN domains on the VAM server. Examples # Display statistics for all ADVPN domains.
ADVPN domain name : 3 Server status : Enabled Holding time : 0H 33M 53S Registered spoke number: 23 Registered hub number : 1 Packets received: Initialization request : 24 Initialization complete : 24 Register request : 24 Authentication information : 24 Address resolution request : 23 Network registration request : 0 Update request : 5 Logout request : 0 Hub information response : 2 Data flow information response: 0 Keepalive : 362 Error notification : 0 Unkonwn : 0 Packets
Hub information response : 2 Data flow information response: 0 Keepalive : 642 Error notification : 0 Unkonwn : 0 Packets sent: Initialization response : 100 Initialization complete : 100 Authentication request : 100 Register response : 100 Address resolution response : 203 Network registration response: 59 Update response : 196 Hub information request : 2 Data flow information request: 0 Logout response : 0 Keepalive : 642 Error notification : 0 Table 97 Command output Field De
mdc-admin Parameters 3des-cbc: Uses the 3DES-CBC encryption algorithm. aes-cbc-128: Uses the AES-CBC encryption algorithm, with a key length of 128 bits. aes-cbc-192: Uses the AES-CBC encryption algorithm, with a key length of 192 bits. aes-cbc-256: Uses the AES-CBC encryption algorithm, with a key length of 256 bits. aes-ctr-128: Uses the AES-CTR encryption algorithm, with a key length of 128 bits. aes-ctr-192: Uses the AES-CTR encryption algorithm, with a key length of 192 bits.
Parameters group-name: Specifies a group name, a case-insensitive string of 1 to 31 characters that can only include letters, digits, and dots (.). Usage guidelines Hub groups apply to large ADVPN networks. You can classify spokes to different hub groups, and specify one or more hubs for each group. When a VAM client registers with the VAM server, the VAM server selects a hub group for the client as follows: 1.
Parameters private-ipv6-address: Specifies the private IPv6 address of a hub. The address must be a global unicast address. public-address: Specifies the public address of a hub. If you do not specify this keyword, the VAM server uses the public address registered by the hub. public-ip-address: Specifies the public IPv4 address of the hub. The address must be a unicast address. public-ipv6-address: Specifies the public IPv6 address of the hub. The address must be a global unicast address.
Parameters private-ip-address: Specifies the private IPv4 address of a hub. The address must be a unicast address. public-address: Specifies the public address of a hub. If you do not specify this keyword, the VAM server uses the public address registered by the hub. public-ip-address: Specifies the public IPv4 address of the hub. The address must be a unicast address. public-ipv6-address: Specifies the public IPv6 address of the hub. The address must be a global unicast address.
Parameters interval time-interval: Specifies the keepalive interval in the range of 5 to 65535 seconds. retry retry-times: Specifies the maximum number of keepalive attempts, in the range of 1 to 6. Usage guidelines The VAM server assigns the configured keepalive parameters to clients in the ADVPN domain. A client sends keepalives to the server at the specified interval. If a client receives no responses from the server after maximum keepalive attempts, the client stops sending keepalives.
Usage guidelines The pre-shared key is used to generate initial encryption and authentication keys during connection initialization. It is also used to generate encryption and authentication keys for subsequent packets if encryption and authentication are needed. The VAM server must have the same pre-shared key as the clients in the same ADVPN domain. For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
reset vam server address-map Use reset vam server address-map to clear IPv4 private-public address mappings for VAM clients registered on the VAM server. Syntax reset vam server address-map [ advpn-domain domain-name [ private-address private-ip-address ] ] Views User view Predefined user roles network-admin mdc-admin Parameters advpn-domain domain-name: Clears address mappings for VAM clients in the specified ADVPN domain.
Predefined user roles network-admin mdc-admin Parameters advpn-domain domain-name: Clears address mappings for VAM clients in the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can only include letters, digits, and dots (.). If you do not specify this option, the command clears address mappings for the VAM clients in all ADVPN domains.
# Clear statistics for all ADVPN domains. reset vam server statistics Related commands display vam server statistics server enable Use server enable to enable the VAM server feature for an ADVPN domain. Use undo server enable to disable the VAM server feature for an ADVPN domain. Syntax server enable undo server enable Default The VAM server feature is disabled.
Views Hub group view Predefined user roles network-admin mdc-admin Parameters all: Specifies that IPv4 spoke-to-spoke tunnels can be established between all spokes in different hub groups. acl: Specifies that IPv4 spoke-to-spoke tunnels can be established only between spokes permitted by an IPv4 ACL. acl-number: Specifies the number of an IPv4 ACL: • 2000 to 2999 for basic ACLs. • 3000 to 3999 for advanced ACLs. name acl-name: Assigns a name to the IPv4 ACL for easy identification.
shortcut ipv6 interest Use shortcut ipv6 interest to configure rules for establishing IPv6 spoke-to-spoke tunnels. Use undo shortcut ipv6 interest to restore the default. Syntax shortcut ipv6 interest { all | acl { ipv6-acl-number | name ipv6-acl-name } } undo shortcut ipv6 interest Default No rules for establishing IPv6 spoke-to-spoke tunnels are configured. Spokes are not allowed to establish direct tunnels.
• If the referenced ACL is an IPv6 advanced ACL, this command supports rules that match protocols, source/destination addresses, and source/destination ports. It does not support rules that exclude a source/destination port. • If the referenced ACL contains an unsupported rule, the rule does not take effect. Examples # Configure IPv6 ACL 3000 as a rule for establishing IPv6 spoke-to-spoke tunnels.
system-view [Sysname] vam server advpn-domain 1 [Sysname-vam-server-domain-1] hub-group 1 [Sysname-vam-server-domain-1-hub-group-1] spoke ipv6 private-address netwrok 1000:: 64 spoke private-address Use spoke private-address to configure a spoke private IPv4 address range in a hub group. Use undo spoke private-address to delete a spoke private IPv4 address range in a hub group.
vam server advpn-domain Use vam server advpn-domain to create an ADVPN domain and enter its view. If the ADVPN domain has been configured, the command places you into ADVPN domain view. Use undo vam server advpn-domain to remove an ADVPN domain. Syntax vam server advpn-domain domain-name [ id domain-id ] undo vam server advpn-domain domain-name Default No ADVPN domain is configured.
Predefined user roles network-admin mdc-admin Parameters advpn-domain domain-name: Enables the VAM server feature for the specified ADVPN domain. The domain-name argument is a case-insensitive string of 1 to 31 characters that can only include letters, digits, and dots (.). If you do not specify this option, the command enables the VAM server feature for all ADVPN domains.
Examples # Set the port number to 10000. system-view [Sysname] vam server listen-port 10000 Related commands • server primary • server secondary VAM client commands advpn-domain Use advpn-domain to configure an ADVPN domain to which the VAM client belongs. Use undo advpn-domain to remove the ADVPN domain. Syntax advpn-domain domain-name undo advpn-domain Default The VAM client does not belong to any ADVPN domain.
Syntax client enable undo client enable Default The VAM client feature is disabled. Views VAM client view Predefined user roles network-admin mdc-admin Usage guidelines You can also execute the vam client enable command in system view to enable the VAM client feature for one or all VAM clients. Examples # Enable the VAM client feature for VAM client abc.
Examples # Display FSM information for all VAM clients. display vam client fsm Client name : abc Status : Enabled ADVPN domain name: 1 Primary server: abc.com (28.1.1.23) Private address: 10.0.0.
Primary server: 202.159.36.24 Private address: 10.0.0.12 Interface : Tunnel20 Current state : Online (active) Client type : Hub Holding time : 0H 0M 47S Encryption algorithm : AES-CBC-128 Authentication algorithm: SHA1 Keepalive : 30 seconds, 3 times Number of hubs : 1 Client name : spoke Status : Disabled ADVPN domain name: Table 98 Command output Field Description Status VAM client status: Enabled or Disabled. Primary server Public address of the primary VAM server.
display vam client shortcut interest Use display vam client shortcut interest to display IPv4 spoke-to-spoke tunnel establishment rules assigned by the VAM server. Syntax display vam client shortcut interest [ name client-name ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters name client-name: Displays ruls received by the specified VAM client.
Client type : Unknown ACL rules : 0 # Display IPv4 spoke-to-spoke tunnel establishment rules received by VAM client abc. display vam client shortcut interest name abc Client name : abc ADVPN domain name: 1 Client type : Spoke ACL rules : 0 Table 99 Command output Field Description VAM client type: Client type ACL rules • Hub. • Spoke. • Unknown. Number of ACL rules received by the VAM client. n represents the number of an ACL rule.
Usage guidelines The VAM server assigns the rules for establishing IPv6 spoke-to-spoke tunnels to a hub. If the specified VAM client is a spoke, the number of rules is displayed as 0. Examples # Display IPv6 spoke-to-spoke tunnel establishment rules received by all VAM clients.
Table 100 Command output Field Description VAM client type: Client type ACL rules • Hub. • Spoke. • Unknown. Number of ACL rules received by the VAM client. n represents the number of an ACL rule. Rule operation: Rule n: operation • Permit—Allows the spokes to establish direct tunnels. • Deny—Disallows the spokes to establish direct tunnels. • Discard—Discards the packet. Protocol Matches the specified protocol. Start source address Start address of the source IPv6 address range to be matched.
Examples # Display statistics for all VAM clients. display vam client statistics Client name: abc Status : Enabled Primary server: abc.
Initialization response : 0 Initialization complete : 0 Register response : 0 Authentication request : 0 Address resolution response : 0 Network registration response: 0 Update response : 0 Hub information request : 0 Data flow information request: 0 Logout response : 0 Keepalive : 0 Error notification : 0 Unkonwn : 0 Client name: hub Status : Disabled Client name: spoke Status : Enabled Primary server: test.
display vam client statistics name abc Client name: abc Status : Enabled Primary server: abc.
Register response : 0 Authentication request : 0 Address resolution response : 0 Network registration response: 0 Update response : 0 Hub information request : 0 Data flow information request: 0 Logout response : 0 Keepalive : 0 Error notification : 0 Unkonwn : 0 Table 101 Command output Field Description Status VAM client status: Enabled or Disabled. Primary server Public address or domain name of the primary VAM server.
Examples # Set the dumb timer to 100 seconds. system-view [Sysname] vam client name abc [Sysname-vam-client-abc] dumb-time 100 pre-shared-key (VAM client view) Use pre-shared-key to configure a pre-shared key for the VAM server. Use undo pre-shared-key to remove the configuration. Syntax pre-shared-key { cipher cipher-string | simple simple-string } undo pre-shared-key Default No pre-shared key is configured.
reset vam client fsm Use reset vam client fsm to reset FSMs for VAM clients. Syntax reset vam client fsm [ name client-name ] Views User view Predefined user roles network-admin Parameters name client-name: Resets the FSM for the specified VAM client. The client-name argument is a case-insensitive string of 1 to 63 characters that can only include letters, digits, and dots (.). If you do not specify this option, the command resets FSMs for all VAM clients.
reset vam client ipv6 fsm name abc # Reset FSMs for all IPv6 VAM clients. reset vam client ipv6 fsm Related commands display vam client fsm reset vam client statistics Use reset vam client ipv6 fsm to clear VAM client statistics. Syntax reset vam client statistics [ name client-name ] Views User view Predefined user roles network-admin mdc-admin Parameters name client-name: Clears statistics for the specified VAM client.
Predefined user roles network-admin mdc-admin Parameters interval time-interval: Specifies the retry timer in the range of 3 to 30 seconds. count retry-times: Specifies the retry times in the range of 1 to 6. Usage guidelines A VAM client starts a retry timer after sending a request to the server. If the client receives no response before the retry timer expires, it resends the request.
ipv6-address ipv6-address: Specifies the public IPv6 address for the primary VAM server. The address must be a global unicast address. port port-number: Specifies the port number for the primary VAM server, in the range of 1025 to 65535. The default is 18000. Usage guidelines The port number of a VAM server must be the same as that configured on the VAM server by using the vam server listen-port command.
Parameters name host-name: Specifies the domain name for the secondary VAM server. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), and underscores (_). The domain name can include at most 253 characters, and each separated string includes no more than 63 characters. ip-address ip-address: Specifies the public IP address for the secondary VAM server. The address must be a unicast address.
Views VAM client view Predefined user roles network-admin mdc-admin Parameters username: Specifies the username, a case-sensitive string of 1 to 253 characters. It cannot include slashes (/), back slashes (\), colons (:), asterisks (*), question marks (?), left angle brackets (<), right angle brackets (>), quotation marks (”), vertical bars (|), and at signs (@). password: Sets a password. cipher cipher-string: Sets a ciphertext password.
Parameters name client-name: Enables the VAM client feature for the specified VAM client. The client-name argument is a case-insensitive string of 1 to 63 characters that can only include letters, digits, and dots (.). If you do not specify this option, the command enables the VAM client feature for all VAM clients. Usage guidelines You can also execute the client enable command in VAM client view to enable the VAM client feature for a VAM client.
ADVPN tunnel commands advpn ipv6 network Use advpn ipv6 network to configure a private IPv6 network for an IPv6 ADVPN tunnel interface. Use undo advpn ipv6 network to remove a private IPv6 network from an IPv6 ADVPN tunnel interface. Syntax advpn ipv6 network prefix prefix-length [ preference preference-value ] undo advpn ipv6 network prefix prefix-length Default No private IPv6 network is configured.
Use undo advpn network to remove a private IPv4 network from an IPv4 ADVPN tunnel interface. Syntax advpn network ip-address { mask-length | mask } [ preference preference-value ] undo advpn network ip-address { mask-length | mask } Default No private IPv4 network is configured. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters ip-address: Specifies the private IPv4 network address. mask-length: Specifies the mask length of the private IPv4 network address.
Syntax advpn session dumb-time time-interval undo advpn session dumb-time Default The dumb time is 120 seconds. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters time-interval: Specifies the dumb time in the range of 10 to 600 seconds. Usage guidelines This command is available only for an ADVPN tunnel interface. The new dumb time setting only applies to subsequently established tunnels. Examples # Set the dumb time to 100 seconds.
Usage guidelines This command is available only for an ADVPN tunnel interface. The new idle timeout setting applies to both existing and subsequently established spoke-spoke tunnels. Examples # Set the idle timeout to 800 seconds. system-view [Sysname] interface tunnel 1 mode advpn udp ipv4 [Sysname-tunnel1] advpn session idle-time 800 advpn source-port Use advpn source-port to configure the source UDP port number for ADVPN packets. Use undo advpn source-port to restore the default.
Syntax display advpn ipv6 session [ interface tunnel number [ private-address private-ipv6-address ] ] [ verbose ] Views Any view Predefined user roles network-admin network-operator mdc-admin mdc-operator Parameters interface tunnel number: Displays IPv6 ADVPN tunnels on a tunnel interface specified by the interface number. If you do not specify this option, the command displays information about all IPv6 ADVPN tunnels.
# Display brief information about IPv6 ADVPN tunnels on tunnel interface Tunnel 1. display advpn ipv6 session interface tunnel 1 Interface : Tunnel1 Number of sessions: 2 Private address Public address Port Type State Holding time 1001::3 2000::180:136 1139 H-S Success 5H 38M 8S 1001::4 2000::180:137 3546 H-S Dumb 0H 0M 27S # Display brief information about the IPv6 ADVPN tunnel with peer private IPv6 address 1001::3 on Tunnel 1.
2191 multicasts, 0 errors Output: 2169 packets, 216 data packets, 1 control packets 2163 multicasts, 0 errors Private address: 1001::4 Public address : 2000::180:137 ADVPN port : 3546 Session type : Hub-Spoke State : Dumb Holding time : 0H 0M 27S Input : 1 packets, 0 data packets, 1 control packets 0 multicasts, 0 errors Output: 16 packets, 0 data packets, 16 control packets 0 multicasts, 0 errors Interface : Tunnel2 Client name : vpn2 ADVPN domain name : 2 Link protocol : GRE Number of sessi
Interface : Tunnel4 Client name : vpn4 ADVPN domain name : 4 Link protocol : IPsec-GRE Number of sessions: 1 Private address: 1004::4 Public address : 204.1.
Input : 1 packets, 0 data packets, 1 control packets 0 multicasts, 0 errors Output: 16 packets, 0 data packets, 16 control packets 0 multicasts, 0 errors # Display detailed information about the IPv6 ADVPN tunnel with peer private IPv6 address 1001::3 on Tunnel 1.
Field Description Input Statistics for incoming packets, including the number of all packets, data packets, control packets, multicast packets, and erroneous packets. Output Statistics for outgoing packets, including the number of all packets, data packets, control packets, multicast packets, and erroneous packets. Related commands reset advpn ipv6 session display advpn session Use display advpn session to display IPv4 ADVPN tunnel information.
Interface : Tunnel3 Number of sessions: 1 Private address Public address Port Type State Holding time 30.0.0.3 192.168.200.22 2057 S-S Success 1H 12M 26S Interface : Tunnel4 Number of sessions: 1 Private address Public address Port Type State Holding time 40.0.0.3 4::4 -- H-H Success 10H 48M 19S Interface : Tunnel5 Number of sessions: 0 # Display brief information about IPv4 ADVPN tunnels on tunnel interface Tunnel 1.
display advpn session verbose Interface : Tunnel1 Client name : vpn1 ADVPN domain name : 1 Link Protocol : UDP Number of sessions: 2 Private address: 10.0.1.3 Public address : 192.168.180.136 ADVPN Port : 1139 Behind NAT : No Session type : Hub-Spoke State : Success Holding time : 5H 38M 8S Input : 2201 packets, 218 data packets, 3 control packets 2191 multicasts, 0 errors Output: 2169 packets, 2168 data packets, 1 control packets 2163 multicasts, 0 errors Private address: 10.0.1.
ADVPN domain name : 3 Link Protocol : IPsec-UDP Number of sessions: 1 Private address: 30.0.0.3 Public address : 192.168.200.
Number of sessions: 2 Private address: 10.0.1.3 Public address : 192.168.180.136 ADVPN Port : 1139 Behind NAT : No Session type : Hub-Spoke State : Success Holding time : 5H 38M 8S Input : 2201 packets, 218 data packets, 3 control packets 2191 multicasts, 0 errors Output: 2169 packets, 2168 data packets, 1 control packets 2163 multicasts, 0 errors Private address: 10.0.1.4 Public address : 192.168.180.
Field Description Link layer protocol for the ADVPN tunnel: Link protocol • • • • UDP. GRE. IPsec-UDP. IPsec-GRE. Number of sessions Number of ADVPN tunnels established on the tunnel interface. Private address Private address of the ADVPN tunnel peer. Public address Public address of the ADVPN tunnel peer. ADVPN port UDP port number for the ADVPN tunnel when the link layer protocol is UDP or IPsec-UDP.
Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters interval time-interval: Specifies the keepalive interval in the range of 1 to 32767 seconds. retry retry-times: Specifies the maximum number of keepalive attempts, in the range of 1 to 255. Usage guidelines All tunnel interfaces in an ADVPN domain must have the same keepalive interval and maximum number of keepalive attempts.
# Delete IPv6 ADVPN tunnels on tunnel interface Tunnel 1. reset advpn ipv6 session interface tunnel 1 # Delete the IPv6 ADVPN tunnel with peer private IPv6 address 1000::1 on Tunnel 1. reset advpn ipv6 session interface tunnel 1 private-address 1000::1 Related commands display advpn ipv6 session reset advpn ipv6 session statistics Use reset advpn ipv6 session statistics to clear IPv6 ADVPN tunnel statistics.
Parameters interface tunnel number: Deletes IPv4 ADVPN tunnels on a tunnel interface specified by the interface number. If you do not specify this option, the command deletes all IPv4 ADVPN tunnels. private-address private-ip-address: Deletes the IPv4 ADVPN tunnel with the specified peer private IPv4 address. Usage guidelines If the remote tunnel end is a hub in the same group as the local end, the tunnel will be reestablished after it is deleted. Examples # Delete all IPv4 ADVPN tunnels.
vam client Use vam client to bind a VAM client to an IPv4 ADVPN tunnel interface. Use undo vam client to remove the binding. Syntax vam client client-name [ compatible advpn0 ] undo vam client Default No VAM client is bound to an IPv4 ADVPN tunnel interface. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters client-name: Specifies the VAM client name, a case-insensitive string of 1 to 63 characters that can only include letters, digits, and dots (.).
Use undo vam ipv6 client to remove the binding. Syntax vam ipv6 client client-name undo vam ipv6 client Default No VAM client is bound to an IPv6 ADVPN tunnel interface. Views Tunnel interface view Predefined user roles network-admin mdc-admin Parameters client-name: Specifies the VAM client name, a case-insensitive string of 1 to 63 characters that can only include letters, digits, and dots (.).
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point. Represents a mesh access point.
Index ABCDEFGHIKLMNOPRSTUVW dhcp client dad enable,77 A dhcp client dscp,78 address,126 dhcp client identifier,78 address range,28 dhcp dscp,26 address range,298 dhcp enable,26 advpn ipv6 network,432 dhcp relay check mac-address,62 advpn network,432 dhcp relay check mac-address aging time,62 advpn session dumb-time,433 dhcp relay client-information record,63 advpn session idle-time,434 dhcp relay client-information refresh,64 advpn source-port,435 dhcp relay client-information refresh enab
display ipv6 dhcp prefix-pool,303 dhcp snooping trust,93 display adjacent-table,195 display ipv6 dhcp relay server-address,328 display advpn ipv6 session,435 display ipv6 dhcp relay statistics,329 display advpn session,441 display ipv6 dhcp server,304 display arp,6 display ipv6 dhcp server conflict,305 display arp ip-address,8 display ipv6 dhcp server expired,306 display arp timer aging,9 display ipv6 dhcp server ip-in-use,306 display arp vpn-instance,9 display ipv6 dhcp server pd-in-use,308
display nat server-group,147 G display nat session,148 gateway-list,49 display nat static,151 global-ip-pool,153 display nat statistics,152 gratuitous-arp-learning enable,13 display proxy-arp,15 gratuitous-arp-sending enable,14 display rawip,206 gre checksum,377 display rawip verbose,207 gre key,377 display tcp,210 H display tcp statistics,211 hub ipv6 private-address,398 display tcp verbose,213 hub private-address,399 display udp,216 display udp statistics,217 hub-group,397 display ud
ipv6 dhcp client dscp,337 ipv6 nd ra hop-limit unspecified,279 ipv6 dhcp client pd,338 ipv6 nd ra interval,279 ipv6 dhcp client stateless enable,338 ipv6 nd ra no-advlinkmtu,280 ipv6 dhcp dscp,296 ipv6 nd ra prefix,281 ipv6 dhcp option-group,313 ipv6 nd ra router-lifetime,282 ipv6 dhcp pool,314 ipv6 nd router-preference,282 ipv6 dhcp prefix-pool,315 ipv6 neighbor,283 ipv6 dhcp relay server-address,331 ipv6 neighbor link-local minimize,284 ipv6 dhcp select,297 ipv6 neighbor stale-aging,285
nat outbound port-block-group,170 reset ip statistics,226 nat port-block-group,170 reset ipv6 dhcp client statistics,339 nat server,171 reset ipv6 dhcp relay statistics,332 nat server-group,175 reset ipv6 dhcp server conflict,323 nat static enable,176 reset ipv6 dhcp server expired,323 nat static inbound,177 reset ipv6 dhcp server ip-in-use,324 nat static inbound net-to-net,178 reset ipv6 dhcp server pd-in-use,324 nat static outbound,179 reset ipv6 dhcp server statistics,325 nat static outbo
tcp path-mtu-discovery,228 udp-helper port,236 tcp syn-cookie enable,228 udp-helper server,236 tcp timer fin-timeout,229 url,123 tcp timer syn-timeout,230 user,429 tcp window,230 username,125 temporary address range,327 V tftp-server domain-name,59 vam client,450 tftp-server ip-address,60 vam client enable,430 tunnel dfbit enable,372 vam client name,431 tunnel discard ipv4-compatible-packet,373 vam ipv6 client,450 tunnel tos,373 vam server advpn-domain,410 tunnel ttl,374 vam server en
