3Com® Switch 8800 Family Command Reference Guide Switch 8807 Switch 8810 Switch 8814 www.3Com.com Part No. 10015595, Rev.
3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064 Copyright © 2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
ALPHABETICAL LISTING OF COMMANDS abr-summary 413 access-limit 309 accounting optional 309 accounting optional 328 acl 215 acl 275 active region-configuration 169 aggregate 497 aggregate 655 aggregate 707 anti-attack 293 apply as-path 547 apply community 548 apply cost 548 apply cost-type 549 apply ip next-hop 550 apply isis 550 apply local-preference 551 apply mpls-label 708 apply origin 551 apply tag 552 area 414 area-authentication-mode 461 arp enable size 820 arp max-aggregation-entry 819 arp max-entry
bgp 499 binary 991 boot boot-loader 981 boot bootrom 982 broadcast-restrain 773 broadcast-suppression 129 broadcast-suppression 583 bsr-policy 617 bye 962 bye 992 cache-sa-enable 637 c-bsr 618 ccc 761 cd 962 cd 971 cd 992 cdup 963 cdup 992 ce 766 check region-configuration 169 checkzero 397 clock datetime 1025 clock summer-time 1025 clock timezone 1026 close 993 command-privilege level 37 compare-different-as-med 499 compare-different-as-med 656 confederation id 500 confederation nonstandard 501 confederati
debugging 993 debugging arp 811 debugging arp packet 812 debugging bgp 503 debugging bgp 709 debugging bgp mp-update 656 debugging dhcp relay 850 debugging dhcp server 825 debugging dns 862 debugging ha 801 debugging hwtacacs 354 debugging igmp 603 debugging isis 463 debugging lacp packet 149 debugging lacp state 149 debugging link-aggregation error 150 debugging link-aggregation event 151 debugging mpls l2vpn 762 debugging mpls l2vpn 775 debugging mpls ldp 690 debugging mpls lspm 681 debugging mpm 569 debu
default tag 419 default type 419 default-cost 420 default-route imported 505 default-route-advertise 421 default-route-advertise 464 delete 963 delete 972 delete 994 delete static-routes all 393 delete vpn-instance 393 description 1073 description 131 description 711 description 77 description 775 destination-ip 1074 dhcp enable 823 dhcp relay information enable 855 dhcp relay information format 856 dhcp relay information format verbose node-identifier 857 dhcp relay information strategy 856 dhcp relay secu
display arp multi-port 814 display arp proxy 815 display arp timer aging 815 display bgp group 506 display bgp l2vpn 768 display bgp multicast group 658 display bgp multicast network 659 display bgp multicast peer 659 display bgp multicast routing-table 659 display bgp multicast routing-table as-path-acl 660 display bgp multicast routing-table cidr 660 display bgp multicast routing-table community 661 display bgp multicast routing-table community-list 661 display bgp multicast routing-table different-origin
display dhcp server free-ip 837 display dhcp server ip-in-use 837 display dhcp server statistics 838 display dhcp server tree 839 display dhcprelay-security 853 display diagnostic-information 1034 display dns domain 863 display dns dynamic-host 863 display dns server 864 display domain 313 display dot1x 293 display egress counter 1042 display environment 984 display fan 984 display fib | 107 display fib 105 display fib acl 107 display fib ip-address 106 display fib ip-prefix 108 display fib statistics 108 d
display ip routing-table ip-prefix 387 display ip routing-table protocol 388 display ip routing-table radix 390 display ip routing-table statistics 390 display ip routing-table verbose 392 display ip routing-table vpn-instance 391 display ip routing-table vpn-instance 713 display ip socket 110 display ip statistics 111 display ip vpn-instance 713 display isis interface 465 display isis lsdb 466 display isis mesh-group 466 display isis peer 467 display isis route 467 display isis spf-log 468 display isolate-
display mpm group 586 display msdp brief 638 display msdp peer-status 638 display msdp sa-cache 639 display msdp sa-count 640 display multicast forwarding-table 588 display multicast routing-table 589 display nqa 1074 display ntp-service sessions 930 display ntp-service status 930 display ntp-service trace 931 display ospf abr-asbr 422 display ospf abr-summary 435 display ospf asbr-summary 423 display ospf brief 424 display ospf cumulative 425 display ospf error 426 display ospf graceful-restart status 435
display port-group index 233 display power 985 display protocol-vlan interface 84 display qos conform-level 234 display qos cos-drop-precedence-map 236 display qos cos-local-precedence-map 236 display qos-interface all 237 display qos-interface drop-mode 237 display qos-interface mirrored-to 238 display qos-interface queue-scheduler 238 display qos-interface traffic-limit 239 display qos-interface traffic-priority 240 display qos-interface traffic-redirect 240 display qos-interface traffic-shape 241 display
display stop-accounting-buffer hwtacacs-scheme 355 display stp 172 display stp region-configuration 174 display stp tc 175 display supervision-module information 891 display supervlan 91 display switchover state 801 display tcp statistics 112 display tcp status 114 display this 72 display time-range 219 display traffic-params 246 display trapbuffer 1007 display trap-to-cpu 77 display udp statistics 115 display udp-helper 895 display user-interface 45 display users 1032 display users 46 display version 1032
dot1x quiet-period 302 dot1x retry 302 dot1x supp-proxy-check 303 dot1x timer 304 drop-mode 246 dscp 247 duplex 135 enable 871 enable snmp trap 905 encapsulation 779 execute 973 exit 964 exp 248 expired 842 file prompt 974 filter-policy export 399 filter-policy export 437 filter-policy export 438 filter-policy export 470 filter-policy export 519 filter-policy export 554 filter-policy export 663 filter-policy export 717 filter-policy import 400 filter-policy import 439 filter-policy import 440 filter-policy
graceful-restart interval 472 graceful-restart suppress-sa 472 gratuitous-arp-learning enable 816 group 520 group 718 gvrp 126 gvrp registration 126 header 48 help 965 history-command max-size 51 history-records 1077 host-route 401 hwtacacs nas-ip 356 hwtacacs scheme 356 idle-cut 317 idle-timeout 52 if-match { acl | ip-prefix } 556 if-match as-path 556 if-match community 557 if-match cost 558 if-match interface 558 if-match ip next-hop 559 if-match mpls-label 719 if-match tag 560 if-match vpn-target 719 igm
import-route 401 import-route 442 import-route 474 import-route 521 import-route 664 import-route 721 import-route isis level-2 into level-1 474 import-route-limit 442 import-source 641 info-center channel name 1008 info-center console channel 1009 info-center enable 1010 info-center logbuffer 1010 info-center logfile 1011 info-center loghost 1012 info-center loghost source 1013 info-center monitor channel 1013 info-center snmp channel 1014 info-center source 1015 info-center timestamp 1019 info-center trap
ip vpn-instance 723 ip-protect enable 104 ipv4-family 724 ipv4-family multicast 665 isis 475 isis authentication-mode 476 isis circuit-level 477 isis cost 478 isis dis-priority 478 isis enable 479 isis mesh-group 480 isis timer csnp 481 isis timer hello 481 isis timer hello minimal 482 isis timer holding-multiplier 483 isis timer lsp 484 isis timer retransmit 485 is-level 486 isolate-user-vlan 96 isolate-user-vlan enable 97 jumboframe enable 138 key 335 key 357 l2 binding vsi 780 l2vpn-family 769 label-rang
loopback-detection control 1047 loopback-detection disable 1047 loopback-detection enable 1045 loopback-detection enable vlan 1045 loopback-detection interval-time 1046 ls 965 ls 996 lsp-trigger 684 mac-address 162 mac-address 781 mac-address max-mac-count 163 mac-address max-mac-count enable 164 mac-address max-mac-count max-mac-num 166 mac-address multicast 599 mac-address timer 166 mac-table limit 782 md5-compatible 487 mdi 140 mirrored-to 251 mirrored-to 281 mirroring-group 252 mkdir 966 mkdir 975 mkdir
mtu 771 mtu 782 multicast 592 multicast route-limit 593 multicast routing-enable 594 multicast static-router-port 579 multicast-suppression 140 multicast-suppression 594 name 321 name 80 nas-ip 337 nas-ip 357 nbns-list 844 nesting-vpn 725 netbios-type 844 network 402 network 443 network 522 network 666 network 725 network 845 network-entity 487 NQA 1077 nqa-agent enable 1078 nqa-agent max-requests 1078 nssa 444 ntp-service access 932 ntp-service authentication enable 933 ntp-service authentication-keyid 933
ospf mib-binding 448 ospf mtu-enable 448 ospf network-type 449 ospf timer dead 449 ospf timer hello 450 ospf timer retransmit 451 ospf trans-delay 452 packet-filter 223 packet-filter 282 parity 55 passive 997 password 1090 password 321 password-control 1091 password-control enable 1093 password-control super 1094 peer 403 peer 644 peer 783 peer advertise-community 523 peer advertise-community 666 peer advertise-community 728 peer allow-as-loop 523 peer allow-as-loop 667 peer allow-as-loop 728 peer as-number
peer filter-policy export 670 peer filter-policy export 735 peer filter-policy import 529 peer filter-policy import 670 peer filter-policy import 735 peer graceful-restart 530 peer group 531 peer group 671 peer group 736 peer ip-prefix export 531 peer ip-prefix export 672 peer ip-prefix export 737 peer ip-prefix import 532 peer ip-prefix import 672 peer ip-prefix import 738 peer label-route-capability 738 peer mesh-group 645 peer minimum-ttl 646 peer next-hop-local 533 peer next-hop-local 673 peer next-hop-
peer vpn-instance group 745 peer vpn-instance route-policy import 746 peer-public-key end 947 pim 627 pim bsr-boundary 628 pim dm 628 pim neighbor-limit 629 pim neighbor-policy 630 pim sm 630 pim timer hello 631 ping 1035 poe enable 882 poe enable slot 882 poe legacy enable slot 883 poe max-power 884 poe max-power slot 884 poe mode 885 poe power max-value 887 poe power-management 886 poe priority 887 poe-power input-thresh lower 893 poe-power input-thresh upper 893 poe-power output-thresh lower 894 poe-powe
port-group 255 port-mode 144 preference 403 preference 452 preference 488 preference 539 preference 676 preference 748 primary accounting 338 primary accounting 358 primary authentication 339 primary authentication 359 primary authorization 360 priority 255 private-group-id mode standard 323 probe-failtimes 1079 protocol inbound 56 protocol inbound 948 protocol-vlan 86 public-key-code begin 949 public-key-code end 949 put 966 put 998 pwd 966 pwd 977 pwd 998 pwsignal 785 qos conform-level 256 qos cos-drop-pr
refresh bgp 541 refresh bgp multicast 677 region-name 177 register-policy 632 remotehelp 999 remote-ip 706 remove 967 rename 967 rename 977 reset 404 reset acl counter 224 reset arp 817 reset bgp 542 reset bgp flap-info 542 reset bgp group 543 reset counters interface 146 reset dampening 543 reset dhcp server conflict 847 reset dhcp server ip-in-use 847 reset dhcp server statistics 848 reset dns dynamic-host 866 reset dot1x statistics 306 reset garp statistics 124 reset hwtacacs statistics 360 reset igmp gr
reset recycle-bin 978 reset saved-configuration 73 reset stop-accounting-buffer 342 reset stop-accounting-buffer 361 reset stp 177 reset tcp statistics 116 reset traffic-statistic 262 reset trapbuffer 1021 reset udp statistics 117 reset vrrp statistics 793 retry 343 retry realtime-accounting 344 retry stop-accounting 345 retry stop-accounting 361 return 57 revision-level 178 rip 404 rip authentication-mode 405 rip input 406 rip metricin 407 rip metricout 407 rip output 408 rip split-horizon 408 rip version
schedule reboot at 986 schedule reboot delay 987 scheme 322 screen-length 57 secondary accounting 345 secondary accounting 362 secondary authentication 346 secondary authentication 363 secondary authorization 364 self-service-url 324 send 58 sendpacket passroute 1080 send-trap 1081 server-type 347 service-type 325 service-type multicast 581 service-type telnet 58 set authentication password 59 set egress 1041 set-overload 490 sftp 968 sftp server enable 960 sham-link 455 sham-link 754 share descriptors 273
snmp-agent trap enable ospf 456 snmp-agent trap life 913 snmp-agent trap queue-size 914 snmp-agent trap source 914 snmp-agent usm-user 278 snmp-agent usm-user 915 source-interface 1082 source-ip 1082 source-policy 634 speed 147 speed 61 spf-delay-interval 491 spf-schedule-interval 457 spf-slice-size 491 ssh authentication-type default 955 ssh client assign rsa-key 957 ssh client first-time enable 958 ssh server authentication-retries 952 ssh server compatible_ssh1x enable 952 ssh server rekey-interval 953 s
stp edged-port 183 stp instance root primary 184 stp instance root secondary 201 stp interface 185 stp interface edged-port 186 stp interface instance cost 185 stp interface instance port priority 187 stp interface loop-protection 188 stp interface mcheck 189 stp interface no-agreement-check 190 stp interface point-to-point 191 stp interface root-protection 192 stp interface transmit-limit 193 stp loop-protection 194 stp max-hops 194 stp mcheck 195 stp mode 196 stp no-agreement-check 196 stp non-flooding 19
temperature-limit 988 terminal debugging 1021 terminal logging 1022 terminal monitor 1022 terminal trapping 1023 test-enable 1083 test-failtimes 1083 test-type 1084 tftp get 1001 tftp put 1002 timeout 1085 timer 544 timer 752 timer lsp-generation 484 timer lsp-max-age 493 timer lsp-refresh 493 timer quiet 349 timer quiet 364 timer realtime-accounting 350 timer realtime-accounting 365 timer response-timeout 351 timer response-timeout 366 timer retry 652 timer spf 494 time-range 229 timers 411 tos 1085 tracer
undo mac-address vsi 787 undo snmp-agent 916 update l3plus 989 user 1000 user privilege level 64 user-interface 64 user-name-format 351 user-name-format 366 verbose 1000 vlan 82 vlan vpn-range 756 vlan-assignment-mode 326 vlan-mapping modulo 208 vlan-type ip-subnet 90 vlan-vpn enable 1067 vlan-vpn enable 148 vlan-vpn enable 213 vlan-vpn tpid 1068 vlan-vpn tunnel 1069 vlan-vpn tunnel 213 vlan-vpn uplink enable 1069 vlink-peer 458 vpls-load-share 785 vpn-instance 1087 vpn-instance 352 vpn-instance-capability
CONTENTS ABOUT THIS GUIDE Conventions 35 Related Documentation 1 36 COMMAND LINE INTERFACE COMMANDS Command Line Interface Commands 2 COMMANDS USED TO LOG IN TO SWITCH Logging in to Switch Commands 3 37 43 CONFIGURATION FILE MANAGEMENT COMMANDS Configuration File Management Commands 4 67 VLAN CONFIGURATION COMMANDS VLAN Configuration Commands 77 Port-Based VLAN Configuration Commands 83 Protocol-Based VLAN Configuration Commands 84 IP Subnet-Based VLAN Configuration Commands 87 5 SUPER VLAN C
10 ETHERNET PORT CONFIGURATION COMMANDS Ethernet Port Configuration Commands 11 129 ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS Ethernet Link Aggregation Configuration Commands 12 MAC ADDRESS TABLE MANAGEMENT COMMANDS MAC Address Table Management Commands 13 169 DIGEST SNOOPING CONFIGURATION COMMANDS Digest Snooping Configuration Commands 15 215 QOS COMMANDS QoS Commands 18 213 ACL COMMANDS ACL Commands 17 211 BPDU TUNNEL CONFIGURATION COMMANDS BPDU Tunnel Configuration Commands 16
23 STATIC ROUTE CONFIGURATION COMMANDS Display Commands of the Routing Table 381 Static Route Configuration Commands 393 24 RIP CONFIGURATION COMMANDS RIP Configuration Commands 25 OSPF CONFIGURATION COMMANDS OSPF Configuration Commands 26 397 413 INTEGRATED IS-IS CONFIGURATION COMMANDS Integrated IS-IS Configuration Commands 27 BGP CONFIGURATION COMMANDS BGP Configuration Commands 28 461 497 IP ROUTING POLICY CONFIGURATION COMMANDS IP Routing Policy Configuration Commands 29 ROUTE CAPACITY
36 PIM CONFIGURATION COMMANDS PIM Configuration Commands 37 MSDP CONFIGURATION COMMANDS MSDP Configuration Commands 38 617 637 MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS MBGP Multicast Extension Configuration Commands 39 655 MPLS BASIC CONFIGURATION COMMANDS MPLS Basic Configuration Commands LDP Configuration Commands 690 681 40 BGP/MPLS VPN CONFIGURATION COMMANDS 41 MPLS VLL CONFIGURATION COMMANDS CCC Configuration Commands 761 Martini MPLS L2VPN Configuration Commands 765 Kompella MPLS
48 DNS CONFIGURATION COMMANDS Static DNS Configuration Commands 861 Dynamic DNS Configuration Commands 862 49 NETSTREAM CONFIGURATION COMMANDS Netstream Configuration Commands 50 POE CONFIGURATION COMMANDS PoE Configuration Commands 51 869 879 POE PSU SUPERVISION COMMANDS PoE PSU Supervision Display Commands 889 PoE PSU Supervision Configuration Commands 52 UDP HELPER CONFIGURATION COMMANDS UDP Helper Configuration Commands 53 917 NTP CONFIGURATION COMMANDS NTP Configuration Commands 56 899
TFTP Configuration Commands 60 1001 INFORMATION CENTER Information Center Configuration Commands 61 1003 SYSTEM MAINTENANCE COMMANDS Basic System Configuration and Management Commands System Status and System Information Query Commands System Debug Commands 1033 Network Connection Test Commands 1035 62 PROTOCOL PORT SECURITY CONFIGURATION COMMANDS Protocol Port security Configuration Commands 63 1039 PORT PACKET STATISTICS COMMANDS Port Packet Statistics Commands 64 1041 PORT LOOPBACK DETECTIO
Conventions 35 ABOUT THIS GUIDE This guide describes the 3Com® Switch 8800 and how to install hardware, configure and boot software, and maintain software and hardware. This guide also provides troubleshooting and support information for your switch. This guide is intended for Qualified Service personnel who are responsible for configuring, using, and managing the switches.
36 ABOUT THIS GUIDE Table 2 Text Conventions Convention Description Words in italics Italics are used to: Emphasize a point. Denote a new term at the place where it is defined in the text. Identify menu names, menu commands, and software button names. Examples: From the Help menu, select Contents. Click OK. Words in bold Related Documentation Boldface type is used to highlight command names. For example, “Use the display user-interface command to...
1 COMMAND LINE INTERFACE COMMANDS Command Line Interface Commands command-privilege level Syntax command-privilege level level view view command undo command-privilege view view command View System view Parameter level: Specifies the command level, ranging from 0 to 3. view: Specifies the command view, which can be any of the views supported by the switch. command: Specifies the command to be configured.
38 CHAPTER 1: COMMAND LINE INTERFACE COMMANDS Example # Configure the precedence of the command "interface" as 0. system-view System View: return to User View with Ctrl+Z. [SW8800] command-privilege level 0 view system interface display history-command Syntax display history-command [Command-Number] [ | { begin | include | exclude } Match-string ] View Any view Parameter Command-Number: The number of history commands the user wants to query. The value range is 1 to 256.
Command Line Interface Commands 39 Figure 1 Relation between history buffer size and Command-Number 1 2 3 . . . Commands displayed by display history-command Command-Number Command-Number History buffer size . . . . . Max-size-2 Max-size-1 Max-size You can either specify the number of commands to be queried (Command-Number) or input a string to query commands that match the string. You can the two methods separately or in combination.
40 CHAPTER 1: COMMAND LINE INTERFACE COMMANDS # Display five commands executed recently in the history command buffer. display history-command 5 acl name lc interface Vlan-interface 1 ip address 10.11.113.14 24 quit quit # Display all the buffered history commands that match the specified regular expression. display history-command | begin ip ip address 10.11.113.
Command Line Interface Commands 41 Login users are classified into four levels that correspond to the four command levels respectively. After users of different levels log in, they can only use commands at the levels that are equal to or lower than its own level. Related command: super password, quit. Example # change to user level 3 from the current user level.
42 CHAPTER 1: COMMAND LINE INTERFACE COMMANDS system-view System View: return to User View with Ctrl+Z.
COMMANDS USED TO LOG IN TO SWITCH 2 Logging in to Switch Commands authentication-mode Syntax authentication-mode { password | scheme [ command-authorization ] | none } View User interface view Parameter password: Performs local password authentication. scheme: Performs local or remote authentication of username and password. command-authorization: Specifies that the commands available to users logging into a switch are defined on the server end (instead of an Switch 8800 Family switch).
44 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH interfaces, such as the AUX port and VTY interface, are configured for local password authentication, users cannot log in to the system without a password. Example # Configure local password authentication. system-view System View: return to User View with Ctrl+Z.
Logging in to Switch Commands databits 45 Syntax databits { 7 | 8 } undo databits View User interface view Parameter 7: Sets 7 data bits. 8: Sets 8 data bits. Description Use the databits command to configure the data bits for the user interface. Use the undo databits command to restore the default bits of the user interface. This command can only be performed in Console and AUX user interface view. By default, the value is 8. Example # Configure the data bits of AUX port to 7 bits.
46 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH display user-interface 0 Idx Type Tx/Rx Modem Privi Auth Int + 0 CON 0 9600 3 N + : Current user-interface is active. F : Current user-interface is active and work in async mode. Idx : Absolute index of user-interface. Type : Type and relative index of user-interface. Privi: The privilege of user-interface. Auth : The authentication mode of user-interface. Int : The physical location of UIs. A: Authenticate use AAA.
Logging in to Switch Commands 47 Description Use the display users command to view the information of the user interface. Example # Display the information of the current user interface. display users UI Delay Type Ipaddress + 0 CON 0 00:00:00 Username Table 5 Description on the fields of the display users command Field Description + Current user interface is in use and work in asynchronous mode. UI Number of the first list is the absolute number of user interface.
48 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH [SW8800] user-interface aux 0 [3Com-ui-aux0] flow-control software free user-interface Syntax free user-interface [ type ] number View User view Parameter type: Specifies the user interface type. number: Specifies the absolute/relative number of the user interface. Configured together with the type, it will specify the user interface number of the corresponding type. If the type is not specified, number will specify an absolute user interface number.
Logging in to Switch Commands 49 text: Specifies the title text. If you do not choose any keyword in the command, the system displays the login information by default. The system supports two types of input modes: one is to input all the text in one line, and altogether 256 characters, including command key word, can be input; the other is to input all the text in several lines using the key, and altogether 1024 characters, excluding command key word, can be input.
50 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH When you log in to the switch again, the preset session establishment header "Hello, welcome!" is displayed on the terminal screen. The initial character 0 is not header content. 2 You can also input the header content in a single line. In this case, the beginning and the end character serve as the identifiers and must be the same. For example, system-view System View: return to User View with Ctrl+Z.
Logging in to Switch Commands 51 Option 2: Input in multiple lines [SW8800] header shell % SHELL: (After you press the key, the system prompts the following message.) Input banner text, and quit with the character ’%’. Go on inputting the rest text and end your input with the first letter: Hello! Welcome % (Press the key) [SW8800] When you log in to the switch again, the following is displayed.
52 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH [SW8800] user-interface aux 0 [3Com-ui-aux0] history-command max-size 20 idle-timeout Syntax idle-timeout minutes [ seconds ] undo idle-timeout View User interface view Parameter minutes: Specifies the minute, ranging from 0 to 35791. seconds: Specifies the second, ranging from 0 to 59. Description Use the idle-timeout command to configure the timeout function.
Logging in to Switch Commands 53 By default, the value is English. Example # Switch from English mode to Chinese mode. language-mode chinese lock Syntax lock View User view Parameter None Description Use the lock command to lock the user interface to prevent unauthorized user from operating it. Example # Lock the current user interface.
54 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH Example # Configure to allow call-in and call-out of Modem on the AUX port. system-view System View: return to User View with Ctrl+Z. [SW8800] user-interface aux 0 [3Com-ui-aux0] modem both modem auto-answer Syntax modem auto-answer undo modem auto-answer View User interface view Parameter None Description Use the modem auto-answer command to configure the answer mode as auto-answer.
Logging in to Switch Commands 55 Description Use the modem timer answer command to configure the timer answer from off-hook to carrier detected when establishing the call in connection. Use the undo modem timer answer command to restore the default timeout value. This command can only be performed in AUX user interface view. Example # Set the timer answer of AUX 0 to 45s. system-view System View: return to User View with Ctrl+Z.
56 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH protocol inbound Syntax protocol inbound { all | telnet | ssh } View User interface view Parameter all: Specifies to support all the protocols including Telnet and SSH. ssh: Specifies to support SSH protocol only. telnet: Specifies to support Telnet protocol only. Description Use the protocol inbound command to set the protocols to be used when logging in.
Logging in to Switch Commands 57 Example # Return to user view from system view. [SW8800] quit return Syntax return View System view or above Parameter None Description Use the return command to return to user view from a view other than user view. Combination key performs the same function with the return command. Related command: quit. Example # Return to user view from system view. system-view System View: return to User View with Ctrl+Z.
58 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH By default, 24 lines (including the multi-screen identifier lines) are displayed in one screen when the multi-screen display function is enabled. The screen-length 0 command is used to disable this function. Example # Configure the lines that can be displayed on a screen as 20 lines. system-view System View: return to User View with Ctrl+Z.
Logging in to Switch Commands 59 Use the undo service-type telnet command to restore the default level of command a user can use after login. Commands are classified into four levels, namely visit level, monitoring level, configuration level and management level.
60 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH Description Use the set authentication password command to configure the password for local authentication. Use the undo set authentication password command to cancel local authentication password. The password in plain text is required when performing authentication, regardless whether the configuration is plain text or encrypted text.
Logging in to Switch Commands 61 system-view System View: return to User View with Ctrl+Z. [SW8800] user-interface vty 0 4 [3Com-ui-vty0-4] undo shell speed Syntax speed speed-value undo speed View User interface view Parameter speed-value: Specifies the transmission rate on the user interface in bps, which can be 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, or 115200. The default rate is 9600 bps.
62 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH Description Use the stopbits command to configure the stop bits on the user interface. Use the undo stopbits command to restore the default stop bits. This command can only be performed in Console and AUX user interface view. By default, the value is 1. Note that setting 1.5 stop bits is not available on 3Com Switch 8800 Family Series Routing Switches at present. Example # Set stop bits to 2. system-view System View: return to User View with Ctrl+Z.
Logging in to Switch Commands 63 View User view Parameter None Description Use the system-view command to enter system view from user view. Related command: quit, return. Example # Enter system view from user view. system-view System View: return to User View with Ctrl+Z.. [SW8800] telnet Syntax telnet [ vpn-instance vpn-instance-name ] { hostname | ip-address } [ service-port ] View User view Parameter vpn-instance vpn-instance-name: Specifies vpn-instance of MPLS VPN.
64 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH user-interface Syntax user-interface [ type ] first-number [ last-number ] View System view Parameter type: Specifies the user interface type, which can be aux, console or vty. first-number: Specifies the number of the first user interface to be configured. It must be an integer in the range of 0 to 6. last-number: Specifies the number of the last user interface to be configured.
Logging in to Switch Commands 65 Example # Configure to use commands level 0 after logging in from VTY 0 user interface. system-view System View: return to User View with Ctrl+Z. [SW8800] user-interface vty 0 [3Com-ui-vty0] user privilege level 0 # After you telnet from VTY 0 user interface to the switch, you will view the terminal only displays commands at level 0.
66 CHAPTER 2: COMMANDS USED TO LOG IN TO SWITCH
3 CONFIGURATION FILE MANAGEMENT COMMANDS Configuration File Management Commands display current-configuration Syntax display current-configuration [ controller | interface interface-type interface-number | configuration [ configuration ] ] [ | { begin | exclude | include } regular-expression ] View Any view Parameter controller: Views the configuration information of controllers. interface: Views the configuration information of interfaces.
68 CHAPTER 3: CONFIGURATION FILE MANAGEMENT COMMANDS Table 6 Special characters in the regular expression Special characters _ Description Restriction Underscore, similar to a wildcard and can stand for these characters: If the first character in the regular expression is not a underscore, then there is no restriction on the (^|$|[,(){} ]) number of the underscore (but it is A space, the beginning of the input restricted by the command length).
Configuration File Management Commands 69 state active idle-cut disable domain default enable system # local-server nas-ip 127.0.0.1 key 3com # router id 2.2.2.2 # stp timer hello 500 # vlan 1 # vlan 2 # interface Vlan-interface1 # interface Vlan-interface2 ip address 10.1.1.2 255.255.255.
70 CHAPTER 3: CONFIGURATION FILE MANAGEMENT COMMANDS display current-configuration | include 10*.110 primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 local-server nas-ip 127.0.0.1 key 3com vlan 1 interface Vlan-interface1 ip address 10.1.1.2 255.255.255.0 interface Ethernet4/1/1 speed 1000 interface Ethernet4/1/2 interface Ethernet4/1/3 interface Ethernet4/1/4 interface Ethernet4/1/5 network 10.1.1.0 0.0.0.255 # View configuration information begin with "user".
Configuration File Management Commands display saved-configuration 71 Syntax display saved-configuration View Any view Parameter None Description Use the display saved-configuration command to view the configuration files in the flash memory or CF card of Switch. If the the switch works abnormally after electrified, execute the display saved-configuration command to view the startup configuration of the Switch. Related command: save, reset saved-configuration and display current-configuration.
72 CHAPTER 3: CONFIGURATION FILE MANAGEMENT COMMANDS display this Syntax display this View Any view Parameter None Description Use the display this command to display the running configuration of the current view. If you need to authenticate whether the configurations is correct after you have finished a set of configurations under a view, you can use the display this command to view the running parameters.
Configuration File Management Commands 73 the system software actually used for the current enabling, the filename of the system software configured for the next enabling, the configuration filename used for the current enabling, the configuration filename configured for the next enabling. Related command: startup saved-configuration. Example # Display the filenames related to the current and the next enabling.
74 CHAPTER 3: CONFIGURATION FILE MANAGEMENT COMMANDS save Syntax save [ file-name ] View User view Parameter file-name: Name of the configuration file with the extension .cfg. It is a character string of 5 to 56 characters. Description Use the save command to save the current configuration files to Flash memory. After finishing a group of configurations and achieving corresponding functions, user should remember to get the current configuration files stored in the flash memory.
Configuration File Management Commands 75 The extension of configuration file must be .cfg, and the startup configuration file must be saved under the directory where the memory resides. The memory is Flash. Related command: display startup. Example # Configure the configuration file for the next start-up startup saved-configuration vrpcfg.
76 CHAPTER 3: CONFIGURATION FILE MANAGEMENT COMMANDS
VLAN CONFIGURATION COMMANDS 4 VLAN Configuration Commands description Syntax description string undo description View VLAN view, VLAN interface view Parameter string: Description character string of current VLAN or VLAN interface. For VLAN, it ranges from 1 to 32 characters. For VLAN interface, it ranges from 1 to 64 characters. The default description character string of current VLAN is VLAN ID of the VLAN, e.g. VLAN 0001.
78 CHAPTER 4: VLAN CONFIGURATION COMMANDS Description Use the display trap-to-cpu command to view the related information about the CPU port. Example # Display related information about the CPU port display trap-to-cpu trap-to-cpu disable vlan 2 10 14 to 15 display interface Vlan-interface Syntax display interface Vlan-interface [ vlan-id ] View Any view Parameter vlan-id: Specifies VLAN ID.
VLAN Configuration Commands 79 Table 7 Description on the fields of the display interface Vlan-interface command Field Description The Maximum Transmit Unit Maximum Transmit Unit (MTU) display vlan Syntax display vlan [ vlan-id to vlan-id | all | static | dynamic ] View Any view Parameter vlan-id: Displays information of the specified VLAN. all: Displays information of all VLANs. static: Displays information of VLANs created statically by the system.
80 CHAPTER 4: VLAN CONFIGURATION COMMANDS Table 8 Description on the fields of the display vlan 2 command interface vlan-interface Field Description ARP proxy disabled The ARP proxy function of the VLAN is disabled Description VLAN description Tagged Ports The ports on which VLAN packets need tag Untagged Ports The ports on which VLAN packets need not tag Syntax interface vlan-interface vlan-id undo interface vlan-interface vlan-id View System view Parameter vlan-id: ID of VLAN interface, rang
VLAN Configuration Commands 81 Example # Name the current VLAN 2 "hello". [3Com-vlan2] name hello shutdown Syntax shutdown undo shutdown View VLAN interface view Parameter None Description Use the shutdown command to disable the VLAN interface. Use the undo shutdown command to enable the VLAN interface. By default, when all the Ethernet ports in a VLAN are in the Down state, this VLAN interface is also Down. When there are one or more Ethernet ports in the Up state, this VLAN interface is also Up.
82 CHAPTER 4: VLAN CONFIGURATION COMMANDS Use the undo trap-to-cpu disable command to move the CPU port into a VLAN. By default, a VLAN contains a CPU port. Example # Move the CPU port out of VLAN 2. [3Com-vlan2] trap-to-cpu disable Warning : CPU port will exit the designated VLAN.
Port-Based VLAN Configuration Commands 83 all: Deletes all VLANs. Description Use the vlan vlan-id-list command to enter VLAN view or to create a range of VLANs. Use the undo vlan command to delete the specified VLAN. If only one VLAN is created, the system will automatically enter the view of the VLAN just created. Related command: display vlan. Example # Create VLANs 5, 20, 21, 22, 23, 24, 400, 1002, 1003, 1004, and 2000.
84 CHAPTER 4: VLAN CONFIGURATION COMMANDS Note that you can add/delete trunk port and hybrid port to/from VLAN by the port and undo port commands in Ethernet port view, but not in VLAN view. Related command: display vlan. Example # Add Ethernet2/1/1 through Ethernet2/1/3 to VLAN 2.
Protocol-Based VLAN Configuration Commands display vlan-protocol-vlan vlan 85 Syntax display protocol-vlan vlan { vlan-list | all } View Any view Parameter vlan-list: Specifies a VLAN list. It is expressed in the form of vlan-list = { vlan-id [ to vlan-id ] }, where the vlan-id after the keyword to must be larger than or equal to the vlan-id before to. all: Displays the protocol information of all VLANs.
86 CHAPTER 4: VLAN CONFIGURATION COMMANDS all: Adds/deletes all protocols to/from a port. Description Use the port hybrid protocol-vlan vlan command to add a protocol VLAN or protocol VLANs to a specified port. Use the undo port hybrid protocol-vlan vlan command to delete a protocol VLAN or protocol VLANs from the port. Use the undo port hybrid protocol-vlan vlan all command to delete all the configured protocol VLANs from the port. n ■ Only Hybrid ports support this feature at present.
IP Subnet-Based VLAN Configuration Commands 87 mode: Specifies the VLAN based on other protocols.
88 CHAPTER 4: VLAN CONFIGURATION COMMANDS Description Use the display vlan-ip vlan command to display the information and index of the IP subnet-based VLAN configured on the specified VLAN. You can refer to this command for using an IP subnet-based VLAN and adding/deleting an IP subnet-based VLAN. Related command: display vlan-ip interface Example # Display the information and indexes of IP subnet-based VLANs configured on VLAN 10 and VLAN 11.
IP Subnet-Based VLAN Configuration Commands 89 Description Use the display vlan-ip interface command to display the information of the IP subnet-based VLAN configured on a specified port. You can refer to this command for using an IP subnet-based VLAN and adding/deleting an IP subnet-based VLAN. Related command: display interface. Example # Display the information of the IP subnet-based VLANs configured on all the ports.
90 CHAPTER 4: VLAN CONFIGURATION COMMANDS Example # Associate the port Ethernet1/1/1 with the IP subnet-based VLAN on VLAN 2. [3Com-Ethernet1/1/1] port hybrid ip-vlan vlan 2 vlan-type ip-subnet Syntax vlan-type ip-subnet ip ip-address { [ net-mask | net-mask-length ] } undo vlan-type ip-subnet { index-begin [ to index-end ] | all } View VLAN view Parameter ip-address: IP address net-mask: Mask of an IP address. If no mask is specified, the default mask is 255.255.255.0.
5 SUPER VLAN CONFIGURATION COMMANDS Super VLAN Configuration Commands display supervlan Syntax display supervlan [ supervlan-id ] View Any view Parameter supervlan-id: VLAN ID of a configured super VLAN. This argument ranges from 1 to 4094. Description Use the display supervlan command to display mapping relationship between a specified super VLAN and sub VLANs, and the ports that identify the mapping relationship. Related command: supervlan, subvlan.
92 CHAPTER 5: SUPER VLAN CONFIGURATION COMMANDS VLAN Type: static It is a Sub VLAN. And the Super VLAN is VLAN 2 ARP proxy enabled. Route Interface: not configured Description: VLAN 0003 Tagged Ports: none Untagged Ports: Ethernet5/1/1 [SW8800]display vlan 4 VLAN ID: 4 VLAN Type: static It is a Sub VLAN. And the Super VLAN is VLAN 2 ARP proxy enabled.
Super VLAN Configuration Commands 93 ■ You can still add/remove ports to/from a VLAN after the mapping relationship is established. ■ The undo subvlan command cancels all mapping relationships between the specified super VLAN and all sub VLANs. If you do not specify the sub-vlan-list argument. Otherwise, this command cancels the mapping relationship between the specified sub VLAN and the specified super VLAN. Related command: display supervlan.
94 CHAPTER 5: SUPER VLAN CONFIGURATION COMMANDS
6 ISOLATE-USER-VLAN CONFIGURATION COMMANDS Isolate-user-vlan Configuration Commands display isolate-user-vlan Syntax display isolate-user-vlan [ isolate-user-vlan-num ] View Any view Parameter isolate-user-vlan-num: VLAN ID of an isolate-user-VLAN. Description Use the display isolate-user-vlan command to view the mapping relationships between isolate-user-VLANs and Secondary VLANs and the ports identifying the mapping relationships between isolate-user-vlan and Secondary VLAN.
96 CHAPTER 6: ISOLATE-USER-VLAN CONFIGURATION COMMANDS Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: Ethernet2/1/3 VLAN ID: 4 VLAN Type: static Isolate-user-VLAN type : secondary ARP proxy disabled.
Isolate-user-vlan Configuration Commands 97 Description Use the isolate-user-vlan command to establish the mapping relationship between isolate-user-vlan and Secondary VLAN. Use the undo isolate-user-vlan command to cancel the mapping relationship. By default, there is no mapping relationship between isolate-user-vlan and Secondary VLAN. Before you execute the isolate-user-vlan command, the VLAN can include hybrid ports, access ports, or no ports.
98 CHAPTER 6: ISOLATE-USER-VLAN CONFIGURATION COMMANDS n n ■ You cannot configure VLAN 1 as an isolate-user-VLAN or Secondary VLAN. ■ You cannot directly configure isolate-user-VLAN as other types of VLAN than common VLAN, such as Secondary VLAN, multicast VLAN, Super VLAN/Sub VLAN, Guest VLAN and VLAN running L2VPN services.
IP ADDRESS CONFIGURATION COMMANDS 7 IP Address Configuration Commands display ip host Syntax display ip host View Any view Parameter None Description Use the display ip host command to display all the host names and the corresponding IP addresses. Example # Display all host names and the corresponding IP addresses of the hosts. display ip host Host Age Flags My 0 static Aa 0 static Address 1.1.1.1 2.2.2.
100 CHAPTER 7: IP ADDRESS CONFIGURATION COMMANDS Parameter interface-type interface-number: interface-type refers to the interface type, and interface-number refers to the interface number. Refer to the interface command in Port Command Manual for more information. Description Use the display ip interface command to display information about an interface. Example # Display the information about interface VLAN-interface 1.
IP Address Configuration Commands 101 Table 11 Description on the fields of the display ip interface command Field Description ICMP packet input number Total received ICMP packets, including: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Echo reply packets, unreachable packets, source quench packets, routing redirect packets, echo request packets, route advertisement packets, route solicitation packets, packets that exceed the time, packets wit
102 CHAPTER 7: IP ADDRESS CONFIGURATION COMMANDS By default, a VLAN interface/loopback interface/console interface does not have an IP address configured. Normally, a VLAN interface/loopback interface/console interface only needs to be configured with one IP address. But you can also assign up to 21 IP addresses to a VLAN interface/loopback interface/console interface to enable it to connect to multiple subnets.
IP Address Configuration Commands 103 Parameter hostname: Name of the host. It is a character string that consists of 1 to 20 characters, including letters, numbers, "_", or ",", and it must contain at least one letter. ip-address: Host IP address (the corresponding IP address to the host name) in dotted decimal notation. Description Use the ip host command to configure the host name and the host IP address. Use the undo ip host command to cancel the host name and the host IP address.
104 CHAPTER 7: IP ADDRESS CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] ip icmp-time-exceed enable ip-protect enable Syntax ip-protect enable undo ip-protect View VLAN interface view Parameter None Description Use the ip-protect enable command to enable IP address protection. Use the undo ip-protect command to disable IP address protection.
IP PERFORMANCE CONFIGURATION COMMANDS 8 IP Performance Configuration Commands display fib Syntax display fib View Any view Parameter None Description Use the display fib command to view the entries of the forwarding information base. Each line outputs indicates a FIB entry. The information includes destination address/mask length, next hop, current flag, timestamp and outbound interface. Example # Display the entries of the Forwarding Information Base. display fib Destination/Mask Nexthop 10.153.
106 CHAPTER 8: IP PERFORMANCE CONFIGURATION COMMANDS Table 12 Description on the fields of the display fib command Field Description Flag The flag options include: B - Blackhole route D - Dynamic route G - Gateway route H - Local host route S - Static route U - Route in UP status R - Unreachable route L - Route generated by ARP or ISIS display fib ip-address Timestamp Timestamp Interface The forwarding interface Syntax display fib [ ip-address1 { mask1 | mask-length1 } [ ip-address2 { mask2 | mas
IP Performance Configuration Commands 107 # Display the FIB entries whose destination addresses are in the range of 169.254.0.0/16 to 169.254.0.6/16. display fib 169.254.0.0 255.255.0.0 169.254.0.6 255.255.0.0 Route Entry Count: 1 Destination/Mask Nexthop Flag TimeStamp Interface 169.254.0.1/16 2.1.1.1 U t[0] Vlan-interface1 For the descriptions of the displayed fields, refer to Table 12.
108 CHAPTER 8: IP PERFORMANCE CONFIGURATION COMMANDS Description Use the display fib | command to view the FIB entries which are output from the buffer according to regular expression and related to the specific character string. Example # Display the lines starting from the first one containing the string 169.254.0.0 display fib | begin 169.254.0.0 Destination/Mask Nexthop Flag 169.254.0.0/16 2.1.1.1 U t[0] 2.0.0.0/16 2.1.1.
IP Performance Configuration Commands 109 Example # Display the total number of FIB entries. display fib statistics Route Entry Count : 30 display icmp statistics Syntax display icmp statistics View Any view Parameter None Description Use the display icmp statistics command to view the statistics information about ICMP packets. Related command: display ip interface, reset ip statistics. Example # View statistics about ICMP packets.
110 CHAPTER 8: IP PERFORMANCE CONFIGURATION COMMANDS Table 13 Description on the fields of the display icmp statistics command display ip socket Field Description mask requests Number of input/output mask request packets mask replies Number of input/output mask reply packets information reply Number of output information reply packets time exceeded Number of packets that exceeds the time Syntax display ip socket [ socktype sock-type ] [ task-id socket-id ] View Any view Parameter sock-type: Th
IP Performance Configuration Commands 111 Table 14 Description on the fields of the display ip socket command display ip statistics Field Description rcvbuf The receiving buffer size of the socket sb_cc The current data size in the sending buffer.
112 CHAPTER 8: IP PERFORMANCE CONFIGURATION COMMANDS Table 15 Description on the fields of the display ip statistics command Field Input: sum Sum of input packets local Number of received packets whose destination is the local device bad protocol Number of packets with wrong protocol number bad format Number of packets in bad format bad checksum Number of packets with wrong checksum bad options Number of packets that have wrong options forwarding Number of forwarded packets local Number o
IP Performance Configuration Commands 113 Example # View statistics about TCP packets.
114 CHAPTER 8: IP PERFORMANCE CONFIGURATION COMMANDS Table 16 Description on the fields of the display tcp statistics command Field Description Sent packets Information followed is about sent packets Total: 665 Total number of sent packets: 665 urgent packets: 0 Number of urgent packets: 0 control packets: 5 (including 1 RST) Number of control packets: 5 (including 1 RST packet) window probe packets: 0, window update packets: 2 data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 byte
IP Performance Configuration Commands 115 Example # Display the state of all TCP connections. display tcp status TCPCB Local Add:port 03e37dc4 0.0.0.0:4001 04217174 100.0.0.204:23 Foreign Add:port 0.0.0.0:0 100.0.0.253:65508 State Listening Established The displayed information indicates that a TCP connection is established. The local IP address of this TCP connection is 100.0.0.204, and the local port number is 23. The remote IP address is 100.0.0.253, and the remote port number is 65508.
116 CHAPTER 8: IP PERFORMANCE CONFIGURATION COMMANDS Table 17 Description on the fields of the display udp statistics command Field Description checksum error: 0 Number of checksum errors: 0 shorter than header: 0, data length larger than packet: 0 Cases that the length of the packets is shorter than the header: 0 Cases that the data length exceeds the packet length: 0 no socket on port: 0 Cases that there is no socket on port: 0 broadcast: 0 Number of broadcast packets: 0 not delivered, input s
IP Performance Configuration Commands 117 Example # Clear the TCP statistics information. reset tcp statistics reset udp statistics Syntax reset udp statistics View User view Parameter None Description Use the reset udp statistics command to can clear the UDP statistics information. Example # Clear the UDP traffic statistics information.
118 CHAPTER 8: IP PERFORMANCE CONFIGURATION COMMANDS tcp timer syn-timeout Syntax tcp timer syn-timeout time-value undo tcp timer syn-timeout View System view Parameter time-value: TCP synwait timer value measured in seconds, whose value ranges from 2 to 600. The default time-value is 75 seconds. Description Use the tcp timer syn-timeout command to configure the TCP synwait timer. Use the undo tcp timer syn-timeout command to restore the default value of the timer.
IP Performance Configuration Commands system-view System View: return to User View with Ctrl+Z.
120 CHAPTER 8: IP PERFORMANCE CONFIGURATION COMMANDS
9 GARP&GVRP CONFIGURATION COMMANDS GARP Configuration Commands display garp statistics Syntax display garp statistics [ interface interface-list ] View Any view Parameter interface-list: List of Ethernet ports to be displayed, expressed as interface-list = { interface-type interface-number [ to interface-type interface-number] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface number after the keyword to must be larger than or equal to that before to.
122 CHAPTER 9: GARP&GVRP CONFIGURATION COMMANDS Parameter interface-list: List of Ethernet ports of which the GRRP timer information is to be displayed, expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface number after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.
GARP Configuration Commands 123 ■ The value of Join timer should be no less than the doubled value of Hold timer. ■ The value of Leave timer should be greater than the doubled value of Join timer and smaller than the Leaveall timer value. ■ The minimal value of Join timer is 10 centiseconds. Description Use the garp timer command to set the value of GARP timer (including Hold timer, Join timer and Leave timer) of the port. Use the undo garp timer command to restore the default value of GARP timer.
124 CHAPTER 9: GARP&GVRP CONFIGURATION COMMANDS After every GARP application entity is started, the LeaveAll timer will be started simultaneously. The GARP application entity will send LeaveAll message after the timer times out to make other application entities re-register all attribute information on the entities themselves. Then, the LeaveAll timer is started and the new cycle begins. Related command: display garp timer. Example # Set GARP LeaveAll timer to 1s.
GVRP Configuration Commands 125 interface-type interface-number] }&<1-10>. interface-type is interface type, and interface-number is interface number. The interface-number after the keyword to must be larger than or equal to that before to. &<1-10> means that the preceding parameter can be repeated up to 10 times.
126 CHAPTER 9: GARP&GVRP CONFIGURATION COMMANDS gvrp Syntax gvrp undo gvrp View System view/Ethernet port view Parameter None Description Use the gvrp command to enable GVRP. Use the undo gvrp command to disable GVRP. By default, GVRP is disabled. This command can be used to enable/disable global GVRP in system view or enable/disable port GVRP in Ethernet port view. Before enabling port GVRP, you must enable global GVRP first. In addition, port GVRP must be enabled/disabled on Trunk ports.
GVRP Configuration Commands Use the undo gvrp registration command to restore the default type. By default, the registration type is normal. This command can be only used on Trunk port. Related command: display gvrp statistics. Example # Set the GVRP registration type of Ethernet2/1/1 as fixed.
128 CHAPTER 9: GARP&GVRP CONFIGURATION COMMANDS
ETHERNET PORT CONFIGURATION COMMANDS 10 Ethernet Port Configuration Commands broadcast-suppression Syntax broadcast-suppression { ratio | bandwidth bandwidth } undo broadcast-suppression View Ethernet port view Parameter ratio: Specifies the maximum wire speed ratio of the broadcast traffic allowed on the port. The value range is 1 to 100, and the default value is 50. The smaller the ratio is, the smaller the broadcast traffic is allowed. bandwidth: Specifies broadcast suppression bandwidth on the port.
130 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS ■ No distinction is made between known multicast and unknown multicast for multicast suppression. Related command: multicast-suppression. Example # Set the broadcast suppression ratio to 40. system-view System View: return to User View with Ctrl+Z. [SW8800] interface Ethernet 2/1/1 [3Com-Ethernet2/1/1] broadcast-suppression 40 # Set the broadcast suppression bandwidth to 40Mbit.
Ethernet Port Configuration Commands description 131 Syntax description text undo description View Ethernet port view Parameter text: Port description character string, with 64 characters at most. Description Use the description command to configure the description character string for Ethernet port. Use the undo description command to cancel the port description character string. By default, the port description character string is null.
132 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS Example # Display the inbound statistics on the GigabitEthernet ports. display counters inbound interface GigabitEthernet Interface Total(pkts) BroadCast(pkts) MultiCast(pkts) Err(pkts) GE3/2/1 12,345,678,912,345 OverFlow 12,345,678,912,345 1,234,567 GE3/2/2 0 0 0 0 GE3/2/3 0 0 0 0 GE3/2/4 0 0 0 0 OverFlow :more than 14 decimal digits(7 digits for column "Err"). :not supported.
Ethernet Port Configuration Commands 133 Allow jumbo frame to pass MixInsert-Port VPN status:not enable MixInsert access PVID: 48 Mdi type: auto Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 48 Last 300 seconds input: 0 packets/sec 61 bits/sec 1% Last 300 seconds output: 0 packets/sec 0 bits/sec 1% Input(total): 54 packets, 7465 bytes 42 broadcasts, 5 multicasts Input(normal): 54 packets, 7465 bytes - broadcasts, - multicasts Input: 0 input errors, 0 runts, 0 giants, 0 throttles, 0 CRC 0
134 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS Table 19 Description on the fields of the display interface command Field Description Input(total): 0 packets, 0 bytes The statistics information of input/output packets and errors on this port. "-" indicates that the item doesn’t supported by the switch.
Ethernet Port Configuration Commands 135 Parameter hybrid: Displays Hybrid port. trunk: Displays Trunk port. Description Use the display port command to view the ports in the current system, whose link type is Hybrid or Trunk. If there is any such port, display the corresponding port name and the information about passing VLANs. Example # Display the Hybrid ports in the current system and the information about passing VLANs.
136 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS Description Use the duplex command to configure the duplex attribute of the Ethernet port. Use the undo duplex command to restore the duplex attribute of the port to default auto-negotiation mode. By default, the duplex attribute is auto. Related command: speed. Example # Configure the Ethernet port Ethernet2/1/1 as auto-negotiation attribute. system-view System View: return to User View with Ctrl+Z.
Ethernet Port Configuration Commands 137 Parameter interval: Interval of performing statistics on ports in seconds. It is 300 seconds by default. Description Use the flow interval command to set the interval of performing statistics on ports. The switch performs the statistics about the average speed during the interval. Use the undo flow-interval to restore the interval to the default value. Related command: display interface.
138 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] link-status hold 5 interface Syntax interface interface-type interface-number View System view Parameter interface-type: Specifies the port type. It can be Aux, Ethernet, Loopback, M-Ethernet, NULL, VLAN-interface, GigabitEthernet or 10-GigabitEthernet. interface-number: Specifies the port number. It adopts slot-number/subslot-number/ port-number format.
Ethernet Port Configuration Commands 139 Description Use the jumboframe enable command to permit jumbo frames to pass the card on the specified slot and set the maximum size of Jumbo frames. Use the jumboframe disable slot command to prohibit jumbo frames from passing the card on the specified slot. By default, jumbo frame is permitted to pass cards. Related command: display jumboframe configuration. n The system supports discrete values of Jumbo frame lengths ranging from 1536 to 10240.
140 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS mdi Syntax mdi { across | auto | normal } undo mdi View Ethernet port view Parameter across: Network cable type is cross-over cable. auto: Network cable will be recognized whether it is straight-through cable or cross-over cable. normal: Network cable of the port is straight-through cable. Description Use the mdi command to configure the network cable type of the Ethernet ports. Use the undo mdi command to restore the default type.
Ethernet Port Configuration Commands 141 Use the undo multicast-suppression command to disable the broadcast suppression function. The default multicast suppression ratio is 100%. You can use the multicast-suppression command repeatedly. The effective multicast suppression ratio value is the one last updated. c CAUTION: ■ You cannot enable both multicast suppression and broadcast suppression simultaneously on the same card.
142 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS Use the undo port access vlan command to cancel the access port from the VLAN. The condition for using this command is that the VLAN indicated in vlan-id must exist. Example # Join Ethernet2/1/1 port to VLAN3 (VLAN3 has existed). system-view System View: return to User View with Ctrl+Z.
Ethernet Port Configuration Commands 143 Parameter vlan-id-list: vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>: Specifies which VLAN the hybrid port will be added to. It can be discrete. The vlan-id ranges from 1 to 4,094. &<1-10> indicates that the former parameter can be input 10 times repeatedly at most. tagged: Packet of specified VLAN will have tag. untagged: Packet of specified VLAN will not have tag.
144 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS Use the undo port link-type command to restore the port as default status, i.e. access port. You can configure three types of ports concurrently on the same switch, but you cannot switch between trunk port and hybrid port. You must turn it first into access port and then set it as other type. For example, you cannot configure a trunk port directly as hybrid port, but first set it as access port and then as hybrid port.
Ethernet Port Configuration Commands port trunk permit vlan 145 Syntax port trunk permit vlan { vlan-id-list | all } undo port trunk permit vlan { vlan-id-list | all } View Ethernet port view Parameter vlan-id-list: vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10> is the VLAN range joined by the trunk port. It can be discrete. The vlan-id ranges from 2 to 4,094. &<1-10> indicates that the former parameter can be input 10 times repeatedly at most. all: Joins the trunk port to all VLANs.
146 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS Description Use the port trunk pvid vlan command to configure the default VLAN ID of trunk port. Use the undo port trunk pvid command to restore the default VLAN ID of the port. The default VLAN ID of local trunk port should be consistent with that of the peer one, otherwise, the packet cannot be properly transmitted. Related command: port link-type. Example # Configure the default VLAN of the trunk port Ethernet2/1/1 to 100.
Ethernet Port Configuration Commands 147 undo shutdown View Ethernet port view Parameter None Description Use the shutdown command to disable the Ethernet port. Use the undo shutdown command to enable the Ethernet port. By default, the Ethernet port is enabled. Example # Enable Ethernet port Ethernet2/1/1. system-view System View: return to User View with Ctrl+Z.
148 CHAPTER 10: ETHERNET PORT CONFIGURATION COMMANDS By default, the speed is auto. Related command: duplex. Example # Configure Ethernet port Ethernet2/1/1 port speed as 100 Mbps. system-view System View: return to User View with Ctrl+Z. [SW8800] interface Ethernet2/1/1 [3Com-Ethernet2/1/1] speed 100 vlan-vpn enable Syntax vlan-vpn enable undo vlan-vpn View Ethernet port view Parameter None Description Use the vlan-vpn enable command to enable port VLAN VPN.
11 ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS Ethernet Link Aggregation Configuration Commands debugging lacp packet Syntax debugging lacp packet [ interface interface-type interface-number [ to interface-type interface-number ] ] undo debugging lacp packet [ interface interface-type interface-number [ to interface-type interface-number ] ] View System view Parameter interface interface-type interface-number [ to interface-type interface-number ]: Specifies a port or ports.
150 CHAPTER 11: ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS undo debugging lacp state [ interface interface-type interface-number [ to interface-type interface-number ] ] { { actor-churn | mux | partner-churn | ptx | rx }* | all } View User view Parameter interface interface-type interface-number [ to interface-type interface-number ]: Specifies a port or ports. The command without the parameter to specifies one port, while the command with the parameter to specifies several contiguous ports.
Ethernet Link Aggregation Configuration Commands 151 Use the undo debugging link-aggregation error command to disable link aggregation error debugging. Example # Enable link aggregation error debugging. debugging link-aggregation error debugging link-aggregation event Syntax debugging link-aggregation event undo debugging link-aggregation event View User view Parameter None Description Use the debugging link-aggregation event command to enable link aggregation event debugging.
152 CHAPTER 11: ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS Table 20 Description on the fields of the display lacp system-id command display link-aggregation summary Field Description Actor System ID The device ID of the local system, including system priority and system MAC address.
Ethernet Link Aggregation Configuration Commands 153 View Any view Parameter agg-id: Aggregation group ID, which must be existing ones, in the range of 1 to 920. IDs 1 through 31 indicate manual or static aggregation groups; IDs 32 through 64 are reserved; IDs 65 through 192 are Routed Trunks; IDs 193 through 920 indicate dynamic aggregation groups.
154 CHAPTER 11: ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS Table 22 Description on the fields of the display link-aggregation verbose command Field Description Port State Port state Local: Other information of the local end, including member ports, port state, port priority, flag bit , operation key and link status.
Ethernet Link Aggregation Configuration Commands 155 Table 23 Description on the fields of the display link-aggregation interface command Field Description Local: Port priority, operation key, LACP state flag of the local end Port-Priority: 32768, Oper key: 1, Flag: 0x00 Remote: System ID: 0x0, 0000-0000-0000 Device ID, port priority, operation key, LACP state flag of the remote end Port Number: 0, Port-Priority: 0, Oper-key: 0, Flag: 0x00 lacp enable Received LACP Packets: 0 packet(s), Illegal: 0
156 CHAPTER 11: ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS Description Use the lacp port-priority command to configure port priority. Use the undo lacp port-priority command to restore the default port priority. Related command: display link-aggregation verbose and display link-aggregation interface. Example # Set port priority to 64. system-view System View: return to User View with Ctrl+Z.
Ethernet Link Aggregation Configuration Commands 157 interface-name2: Last range value of Ethernet port joined the Ethernet link aggregation. both: Specifies the aggregation group to balance load for inbound and outbound packets. Description Use the link-aggregation command to configure a series of ports to aggregation port. Related command: link-aggregation group agg-id mode, port link-aggregation group.
158 CHAPTER 11: ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] link-aggregation group 22 description myal1 link-aggregation group agg-id mode Syntax link-aggregation group agg-id mode { manual | static } undo link-aggregation group agg-id View System view Parameter agg-id: Aggregation group ID, in the range of 1 to 920.
Ethernet Link Aggregation Configuration Commands 159 View Ethernet port view Parameter agg-id: Aggregation group ID, in the range of 1 to 920. IDs 1 though 31 indicate manual or static aggregation groups; IDs 32 through 64 are reserved; IDs 65 though 192 indicate Routed Trunks; IDs 193 through 920 indicate dynamic aggregation groups. Description Use the port link-aggregation group command to add an Ethernet port into a manual or static aggregation group.
160 CHAPTER 11: ETHERNET LINK AGGREGATION CONFIGURATION COMMANDS
12 MAC ADDRESS TABLE MANAGEMENT COMMANDS MAC Address Table Management Commands display mac-address aging-time Syntax display mac-address aging-time View Any view Parameter None Description Use the display mac-address aging-time command to view the aging time of the dynamic entry in the MAC address table. Related command: mac-address, mac-address timer, display mac-address. Example # Display the aging time of the dynamic entry in the MAC address table.
162 CHAPTER 12: MAC ADDRESS TABLE MANAGEMENT COMMANDS dynamic: Dynamic table entry, which will be aged. interface-type: Specifies the interface type. interface-number: Specifies the interface number. count: the display information will only contain the sum number of MAC addresses in the MAC address table if user choice this parameter when using this command. Description Use the display mac-address command to view MAC address table information.
MAC Address Table Management Commands 163 For detailed description on interface-type and interface-number see Port Configuration section of this manual. vlan-id: Specifies the VLAN ID. Description Use the mac-address command to add/modify the MAC address table entry. Use the undo mac-address command to cancel the MAC address table entry If the input address has been existed in the address table, the original entry will be modified.
164 CHAPTER 12: MAC ADDRESS TABLE MANAGEMENT COMMANDS this port will no longer learn any more MAC addresses; and you can use the undo mac-address max-mac-count command to remove the limit on the number. n ■ The maximum number of MAC addresses on an I/O Module ranges from 12 K to 16 K depending on various software versions and module types. ■ The aforementioned number of MAC addresses includes only the MAC addresses learned by the switch dynamically, and excludes those configured by the user.
MAC Address Table Management Commands 165 Use the undo mac-address max-mac-count enable forward command to enable the switch to drop the packets whose source MAC addresses are not learned by the port when the number of MAC addresses automatically learned by the port reaches the threshold value.
166 CHAPTER 12: MAC ADDRESS TABLE MANAGEMENT COMMANDS [SW8800] interface Ethernet3/1/3 [3Com-Ethernet3/1/3] mac-address max-mac-count 600 [3Com-Ethernet3/1/3] undo mac-address max-mac-count enable forward # Cancel the alarm function [3Com-Ethernet3/1/3] undo mac-address max-mac-count enable alarm mac-address max-mac-count max-mac-num Syntax mac-address max-mac-count max-mac-num undo mac-address max-mac-count View VLAN view Parameter max-mac-num: Maximum number of MAC addresses that can be learned in a
MAC Address Table Management Commands 167 undo mac-address timer aging View System view Parameter aging age: Specifies the aging time (measured in seconds) of the Layer-2 dynamic address table entry, ranging from 10 to 630. By default, the aging time is 300 seconds. no-aging : No aging time. Description Use the mac-address timer command to configure the aging time of the Layer-2 dynamic address table entry. Use the undo mac-address timer command to restore the default value.
168 CHAPTER 12: MAC ADDRESS TABLE MANAGEMENT COMMANDS Vlan vlan-id: Clears all of the MAC address entries in the specified VLAN. For the range of the vlan-id argument, see the introduction to the interface command in the port module of the command manual. Description Use the reset mac-address command to clear corresponding MAC address entries. Related commands: mac-address, display mac-address. Example # Clear all MAC address entries.
13 MSTP CONFIGURATION COMMANDS MSTP Configuration Commands active region-configuration Syntax active region-configuration View MST region view Parameter None Description Use the active region-configuration command to activate the configurations of MST region. This command is used for manually activate the configurations of MST region. Configuring the related parameters, especially the VLAN mapping table, of the MST region, will lead to the recalculation of spanning tree and network topology flapping.
170 CHAPTER 13: MSTP CONFIGURATION COMMANDS Parameter None Description Use the check region-configuration command to view the configuration information (including switch region name, revision level, and VLAN mapping table) to be activated. MSTP defines that the user must ensure the correct region configurations, especially the VLAN mapping table configuration.
MSTP Configuration Commands 171 ] | [ ppm | ptx | tcpm] ] | interface interface-type interface-number { lacp-key | packet | event } } View User view Parameter None Description Use the debugging stp { global-error | global-event } command to enable STP global error or event debugging. Use the undo debugging stp { global-error | global-event } command to disable STP global error or event debugging. Use the debugging stp all command to enable global debugging.
172 CHAPTER 13: MSTP CONFIGURATION COMMANDS Use the debugging stp state-machine prs command to enable debugging of the state machine for port role selection. Use the undo debugging stp state-machine prs command to disable debugging of the state machine for port role selection. Use the debugging stp state-machine prt command to enable debugging of the state machine for port role transition.
MSTP Configuration Commands 173 View Any view Parameter instance-id: Specifies the spanning tree instance ID, ranging from 0 to 48. Instance 0 represents CIST. interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface-list = { { interface-type interface-num | interface-name } [ to { interface-type interface-num | interface-name } ] }&<1-10>.
174 CHAPTER 13: MSTP CONFIGURATION COMMANDS Message-age time, and Remaining-hops; Num of VLANs Mapped, number of sent BPDU packets, and number of received BPDU packets. 3 Global MSTIs parameter: MSTI instance ID, bridge priority of the instance, region root, internal path cost, MSTI root port, MASTER bridge, path cost to region root and number of the received TC packets.
MSTP Configuration Commands 175 MST region configuration information includes: region name, region revision level, and associations between VLANs and MSTIs. All these configurations together determine to which MST region a switch belongs. Related command: stp region-configuration. Example # Display the MST region configuration information.
176 CHAPTER 13: MSTP CONFIGURATION COMMANDS Port Ethernet3/1/1 0 Port Ethernet3/1/9 1 ---------- Stp Instance 0 tc or tcn detected count ---------Port Ethernet3/1/1 1 Port Ethernet3/1/9 0 ---------- Stp Instance 0 tc or tcn sent count ---------Port Ethernet3/1/1 1 Port Ethernet3/1/9 0 n instance The topology changes and notification information of Instance 0 will be recorded in the log.
MSTP Configuration Commands 177 Example # Map VLAN 2 to MSTI 1. system-view System View: return to User View with Ctrl+Z. [SW8800]stp region-configuration [3Com-mst-region] instance 1 vlan 2 # Map VLAN5-10 to MSTI 3. [3Com-mst-region] instance 3 vlan 5 6 7 8 9 10 region-name Syntax region-name name undo region-name View MST region view Parameter name: Specifies the MST region name of the switch with a character string not exceeding 32 bytes.
178 CHAPTER 13: MSTP CONFIGURATION COMMANDS Parameter interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface-list = { interface-type interface-number [ to { interface-type interface-number] }&<1-10>. For detail descriptions of interface-type, interface-number parameters, refer to the corresponding descriptions in Port Command Manual. &<1-10> means that the preceding parameters can be entered up to 10 times.
MSTP Configuration Commands 179 system-view System View: return to User View with Ctrl+Z. [SW8800]stp region-configuration [3Com-mst-region] revision-level 5 stp Syntax stp { enable | disable } undo stp View System view, Ethernet port view Parameter enable: Enables global or port MSTP. disable: Disables global or port MSTP. Description Use the stp command to enable or disable MSTP on a device or a port. Use the undo stp command to restore the default MSTP state on a device or a port.
180 CHAPTER 13: MSTP CONFIGURATION COMMANDS stp bpdu-protection Syntax stp bpdu-protection undo stp bpdu-protection View System view Parameter None Description Use the stp bpdu-protection command to enable the BPDU protection on the switch. Use the undo stp bpdu-protection command to restore the default state of BPDU protection. By default, BPDU protection is disabled. Generally, the access ports of the access layer devices are directly connected to user terminals (such as PC) or file servers.
MSTP Configuration Commands 181 Description Use the stp bridge-diameter command to configure the switching network diameter. Use the undo stp bridge-diameter command to restore the default network diameter. The definition of network diameter: Maximum count of switches between the farthest communication ends. The stp bridge-diameter command configures the switching network diameter and determines the three time parameters of MSTP accordingly.
182 CHAPTER 13: MSTP CONFIGURATION COMMANDS Description Use the stp compliance command to set the format of the packets that the current port sends and receives. You can configure the format to legacy, dot1s, or auto. By default, the port sends the packets in the legacy format. Example # Set Ethernet2/1/1 to the auto mode. system-view System View: return to User View with Ctrl+Z.
MSTP Configuration Commands stp edged-port 183 Syntax stp edged-port { enable | disable } undo stp edged-port View Ethernet port view Parameter enable: Configures the current port as an edge port. disable: Configures the current port as a non-edge port. Description Use the stp edged-port enable command to configure the current Ethernet port as an edge port. Use the stp edged-port disable command to configure the current Ethernet port as a non-edge port.
184 CHAPTER 13: MSTP CONFIGURATION COMMANDS stp instance root primary Syntax stp [ instance instance-id ] root primary [ bridge-diameter bridgenum [ hello-time centi-senconds ] ] undo stp [ instance instance-id ] root View System view Parameter instance-id: Specifies the spanning tree instance ID, ranging from 0 to 48. Specify it as 0 to configure the root bridge of CIST. root primary: Configures the current switch as the primary root of the specified MSTI.
MSTP Configuration Commands 185 After a switch is configured as a primary root bridge or a secondary root bridge, users cannot modify the bridge priority of the switch. Example # Designate the current switch as the root bridge of MSTI 0 and specify the diameter of the switching network as 4 and the Hello Time as 500 centiseconds. system-view System View: return to User View with Ctrl+Z.
186 CHAPTER 13: MSTP CONFIGURATION COMMANDS undo stp interface interface-list [ instance instance-id ] cost View System view Parameter interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. For detail descriptions of interface-type and interface-number parameters, refer to the corresponding descriptions in Port Command Manual.
MSTP Configuration Commands 187 Parameter interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. For detail descriptions of interface-type and interface-number parameters, refer to the corresponding descriptions in Port Command Manual. &<1-10> means that the preceding parameters can be entered up to 10 times. enable: Configures the current port as an edge port.
188 CHAPTER 13: MSTP CONFIGURATION COMMANDS View System view Parameter interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. For detail descriptions of interface-type and interface-number parameters, refer to the corresponding descriptions in Port Command Manual.
MSTP Configuration Commands 189 interface-number ] }&<1-10>. For detail descriptions of interface-type and interface-number parameters, refer to the corresponding descriptions in Port Command Manual. &<1-10> means that the preceding parameters can be entered up to 10 times Description Use the stp interface loop-protection command to enable loop protection on the switch in system view. Use the undo stp interface loop-protection command to restore the default loop protection state.
190 CHAPTER 13: MSTP CONFIGURATION COMMANDS Parameter interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. For detail descriptions of interface-type and interface-number parameters, refer to the corresponding descriptions in Port Command Manual.
MSTP Configuration Commands 191 Use the undo stp interface no-agreement-check command to disable port fast transition. By default, port fast transition is disabled. Related command: stp no-agreement-check. n You can configure fast transition only on a root port or an alternate port. Example # Enable fast transition on GigabitEthernet1/1/1. system-view System View: return to User View with Ctrl+Z.
192 CHAPTER 13: MSTP CONFIGURATION COMMANDS This configuration takes effect on the CIST and all the MSTIs. The settings of a port whether to connect the point-to-point link will be applied to all the MSTIs where the port belongs. Note that a temporary loop may be redistributed if you configure a port not physically connected with the point-to-point link as connected to such a link by force. Related command: stp point-to-point. Example # Configure Ethernet2/1/3 to be connected to the point-to-point link.
MSTP Configuration Commands 193 higher-priority BPDU for a certain period of time thereafter, it will resume its original state. Related command: stp root-protection. Example # Enable Root protection on the Ethernet2/1/1 system-view System View: return to User View with Ctrl+Z.
194 CHAPTER 13: MSTP CONFIGURATION COMMANDS stp loop-protection Syntax stp loop-protection undo stp loop-protection View Ethernet port view Parameter none Description Use the stp loop-protection command to enable loop protection function. Use the undo stp loop-protection command to restore the default setting. By default, the loop protection function is not enabled. n The port configured with loop protection can only turn into discarding state on every instance.
MSTP Configuration Commands 195 Use the undo stp max-hops command to restore the default Max Hops. On CIST and MSTIs, the Max Hops configured on the region root determines the max switching network diameter supported by the local MST region. As the BPDU travels from the spanning tree root, each time when it is forwarded by a switch, the max hops will be reduced by 1. The switch discards the configuration BPDU with 0 hops left, thereby limiting the network scale inside the region.
196 CHAPTER 13: MSTP CONFIGURATION COMMANDS [SW8800] interface Ethernet2/1/1 [3Com-Ethernet2/1/1] stp mcheck stp mode Syntax stp mode { stp | mstp } undo stp mode View System view Parameter stp: Configures the MSTP operation mode as STP-compatible. mstp: Configures the MSTP operation mode as MSTP. Description Use the stp mode command to configure MSTP operation mode of the switch. Use the undo stp mode command to restore the default MSTP operation mode.
MSTP Configuration Commands 197 Description Use the stp no-agreement-check command to enable port fast transition. Use the undo stp interface no-agreement-check command to disable port fast transition. By default, port fast transition is disabled. Related command: stp interface no-agreement-check. n You can configure fast transition only on a root port or an alternate port. Example # Enable fast transition on GigabitEthernet1/1/1. system-view System View: return to User View with Ctrl+Z.
198 CHAPTER 13: MSTP CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] interface GigabitEthernet3/1/1 [3Com-GigabitEthernet3/1/1]stp disable [SW8800] stp non-flooding slot 3 # Discard BPDU packets received on all ports when STP is not globally enabled. system-view System View: return to User View with Ctrl+Z.
MSTP Configuration Commands 199 auto: Configures to automatically check if the link to the Ethernet port is a point-to-point link. Description Use the stp point-to-point command to configure the current Ethernet port (not) to connect with point-to-point link. Use undo stp point-to-point command to configure the link state to the default state in which MSTP automatically detects if the link to the Ethernet port is point-to-point link. By default, switch adopts auto mode.
200 CHAPTER 13: MSTP CONFIGURATION COMMANDS Description Use the stp port priority command to configure the priority of a port on a specified MSTI. Use the undo stp port priority command to restore the default priority of the port on the specified MSTI. You may specify the instance-id parameter as 0 to configure CIST priority of the port. The port priority has effect on the port role selection. A port can be configured with different priorities on different MSTIs.
MSTP Configuration Commands 201 Example # Enter MST region view. system-view System View: return to User View with Ctrl+Z. [SW8800] stp region-configuration [3Com-mst-region] stp reset-arp Syntax stp reset-arp { enable | disable } undo stp reset-arp View System view, Ethernet port view Parameter None Description Use the stp reset-arp enable command to enable the function of clearing dynamic ARP entries on the switch or on the port.
202 CHAPTER 13: MSTP CONFIGURATION COMMANDS undo stp [ instance instance-id ] root View System view Parameter instance instance-id: Specifies the spanning tree instance ID, ranging from 0 to 48. Specify it as 0 to configure CIST. root secondary: Configures the current switch as the secondary root of the designated MSTI. bridge-diameter bridgenum: Specifies the network diameter of the spanning tree, ranging from 2 to 7.
MSTP Configuration Commands stp root-protection 203 Syntax stp root-protection undo stp root-protection View Ethernet port view Parameter None Description Use the stp root-protection command to enable on Root protection the switch. Use the undo stp root-protection command to restore the default state of Root protection. By default, Root protection is disabled.
204 CHAPTER 13: MSTP CONFIGURATION COMMANDS Description Use the stp tc-protection enable command to enable the protection function so that the switch is protected against attack from TC-BPDU packets. Use the stp tc-protection disable command to disable the protection function. By default, the protection against TC-BPDU packet attack is enabled. As a general rule, the switch deletes the corresponding entries in the MAC address table and ARP table upon receiving TC-BPDU packets.
MSTP Configuration Commands 205 The Forward Delay configured on the root bridge determines the state transition time. The root bridge will determine the state transition time according to the configured values, while the other switches will apply the forward delay configured on it. When configuring Hello time, Forward Delay and Max Age, guarantee the following equations: 2 x (Forward Delay - 1.0 second) >= Max Age Max Age >= 2 x (Hello Time + 1.
206 CHAPTER 13: MSTP CONFIGURATION COMMANDS timeouts. The root bridge transmits BPDU packets at an interval as you configured, while other switches apply the Hello Time configured on the root bridge. When configuring Hello time, Forward Delay and Max Age, remember to guarantee the following equations: 2 x (Forward Delay -1.0 second) >= Max Age Max Age >= 2 x (Hello Time + 1.0 second) Only if the earlier-mentioned formulas are equal can the MSTP normally operate on the entire network.
MSTP Configuration Commands 207 When you configure Hello time, Forward Delay and Max Age, remember to guarantee the following equations: 2 x (Forward Delay -1.0 second) >= Max Age Max Age >= 2 x (Hello Time + 1.0 second) Only if the earlier-mentioned formulas are equal can the MSTP normally operate on the entire network. Otherwise, the network may flap frequently.
208 CHAPTER 13: MSTP CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] stp timer-factor 7 stp transmit-limit Syntax stp transmit-limit packetnum undo stp transmit-limit View Ethernet port view Parameter packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255 (expressed as a counter value without any units). By default, the value is 3.
g modulo command to disable the function. Use the undo vlan-mappin By default, all the VLANs are mapped to CIST, namely Instance 0. Related command: region-name, revision-level, check region-configuration, active region-configuration Example # Map VLAN to MSTI based on modulo 16. system-view System View: return to User View with Ctrl+Z.
210 CHAPTER 13: MSTP CONFIGURATION COMMANDS
14 DIGEST SNOOPING CONFIGURATION COMMANDS Digest Snooping Configuration Commands stp config-digest-snooping Syntax stp config-digest-snooping undo stp config-digest-snooping View System view, Ethernet port view Parameter None Description Use the stp config-digest-snooping command to enable digest snooping. Use the undo stp config-digest-snooping command to disable digest snooping. Digest snooping is disabled by default. According to IEEE 802.
212 CHAPTER 14: DIGEST SNOOPING CONFIGURATION COMMANDS n ■ You must enable digest snooping on a port first before enabling it globally. ■ Digest snooping is unnecessary if the interconnected switches are from the same manufacturer.
BPDU Tunnel Configuration Commands 213 15 BPDU TUNNEL CONFIGURATION COMMANDS BPDU Tunnel Configuration Commands vlan-vpn enable Syntax vlan-vpn enable undo vlan-vpn View Ethernet port view Parameter None Description Use the command vlan-vpn enable to enable VLAN VPN (QinQ) on the port. Use the undo vlan-vpn command to disable VLAN VPN (QinQ) on the port. By default, VLAN VPN is disabled on all the ports. Example # Enable VLAN VPN on the switch.
214 CHAPTER 15: BPDU TUNNEL CONFIGURATION COMMANDS Parameter None Description Use the vlan-vpn tunnel command to enable bridge protocol data unit (BPDU) Tunnel on the switch. Use the undo vlan-vpn tunnel command to disable BPDU Tunnel on the switch. BPDU Tunnel enables geographically segmented user network to transmit BPDU packets transparently over the specified VLAN VPN on the operator’s network.
ACL COMMANDS 16 ACL Commands acl Syntax acl { number acl-number | name acl-name [ advanced | basic | link ] } [ match-order { config | auto } ] undo acl { number acl-number | name acl-name | all } View System view Parameter number acl-number: ACL number, in the range of: 2000 to 2999: Represents basic ACL. 3000 to 3999: Represents advanced ACL. 4000 to 4999: Represents Layer 2 ACL. name acl-name: Character string, which must be started with an English letter (i.e.
216 CHAPTER 16: ACL COMMANDS Using the acl command, you can create an ACL named "acl-name". And the type of this ACL is decided by keywords: "advanced", "basic" or "link". After entering a corresponding ACL view, no matter the ACL is identified by a number or a name, you can use the rule command to create rules of this named ACL (you can exit ACL view by using the quit command).
ACL Commands 217 The matched times here refer to the software matched times, that is, the matched times of the ACLs that needed to be processed by CPU. You can collect hardware matched times value by using the traffic-statistic command. Example # Display contents of all ACLs. display acl config all Link ACL 4000, 1 rule, rule 0 permit ingress any egress any Basic ACL traffic-of-host, 1 rule, rule 1 deny source 10.1.1.
218 CHAPTER 16: ACL COMMANDS display acl running-packet-filter Syntax display acl running-packet-filter { all | interface interface-type interfacenumber | vlan vlan-id } View Any view Parameter all: Displays all the ACLs that have been applied (including the number-identified ones and name-identified ones) interface interface-type interface-number: The port of the switch. Refer to the description in the Port Module Command Manual for details.
ACL Commands 219 slot slotid: Displays the flow template applied on the specified card. user-defined: Displays the user-defined flow template. Description Use the display flow-template command to view the detailed configuration of flow template. The configuration includes which parameters the flow template defines and which ports/cards is the flow template applied on.
220 CHAPTER 16: ACL COMMANDS Time-range : hhy ( Inactive ) from 08:30 2-5-2005 to 18:00 2-19-2005 Time-range : hhy1 ( Inactive ) from 08:30 2-5-2003 to 18:00 2-19-2003 Table 29 Description of displayed information Field Description Current time is 14:36:36 4-3-2003 Thursday The current time of the system Time-range : hhy ( Inactive ) Time range testhhy.
ACL Commands 221 Related command: display flow-template, flow-template user-defined slot slotid template-info. Example # Apply the user-defined flow template to current port Ethernet4/1/1. system-view System View: return to User View with Ctrl+Z.
222 CHAPTER 16: ACL COMMANDS n ■ Mac-type: MAC-TYPE field of a specified packet, no bytes in the flow template. ■ s-tag-vlan: The VLAN ID in the most external 802.1QTag that the packet carries, in the length of 2 bytes together with cos in the flow template. ■ sip wildcard : Source IP domain in the IP packet header, in the length of 4 bytes. ■ smac wildcard: Source MAC domain in the Ethernet packet header, in the length of 6 bytes. ■ sport: Source port domain, in the length of 2 bytes.
ACL Commands 223 Related command: display flow-template, flow-template user-defined. Example # Define a flow template which classifies traffic by source and destination IP addresses, source and destination TCP/UDP ports, DSCP domain in the IP packet header. system-view System View: return to User View with Ctrl+Z. [SW8800] flow-template user-defined slot 3 sip 0.0.0.0 dip 0.0.0.
224 CHAPTER 16: ACL COMMANDS 3999. acl-name: Name of the ACL, which must be a character string starting with an English letter (a-z or A-Z), and without any space in it. link-group { acl-number | acl-name }: Activates Layer 2 ACLs. acl-number: Sequence number of ACL, ranging from 4000 to 4999. acl-name: Name of ACL, which must be a character string started with an English letter (a-z or A-Z), and without any space in it.
ACL Commands 225 reset acl counter 2000 rule Syntax Define or delete the subrules of a basic ACL rule [ rule-id ] { permit | deny } [ source { source-addr wildcard | any } | fragment | time-range name | vpn-instance instance-name ]* undo rule rule-id [ source | fragment | time-range | vpn-instance instance-name ]* Define or delete the subrules of an advanced ACL rule [ rule-id ] { permit | deny } protocol [ source { source-addr wildcard | any } ] [ destination { dest-addr wildcard | any } ] [ s
226 CHAPTER 16: ACL COMMANDS source { source-addr wildcard | any }: source-addr wildcard specifies the source IP address and wildcard digit of source address represented in dotted decimal notation. any represents all source addresses. fragment: It is only effective to fragmented messages and is ignored by non-fragmented messages. vpn-instance instance-name: VPN instance name. The specified MPLS VPN packets will be identified if this parameter is selected.
ACL Commands 227 Table 31 Relationship of type and code ICMP packet type (TYPE) ICMP packet type (TYPE) ICMP code (CODE) information-request 15 0 net-redirect 5 0 net-tos-redirect 5 2 net-unreachable 3 0 parameter-problem 12 0 port-unreachable 3 3 protocol-unreachable 3 2 reassembly-timeout 11 1 source-quench 4 0 source-route-failed 3 5 timestamp-reply 14 0 timestamp-request 13 0 ttl-exceeded 11 0 established: (Optional) It is effective only to the first SYN packe
228 CHAPTER 16: ACL COMMANDS Table 32 COS priority definition Number Priority name 2 spare 3 excellent-effort 4 controlled-load 5 video 6 voice 7 network-management c-tag-cos c-cos-value: Specified 802.1p priority in the internal 802.1QTag carried by the packet. Specify the same value for the c-cos-value and cos-value parameters. protocol-type: This parameter is used to specify the protocol type carried by the Ethernet frame.
ACL Commands 229 Description Use the rule command to add a rule to the ACL. Use the undo rule command to delete a rule from the ACL. You can define multiple rules for an ACL. Only the specified rules will be deleted if you select parameters in the undo rule command. If you redefine an existing rule, the newly configured option automatically overwrites the corresponding option of the original rule, and the option not being redefined remains.
230 CHAPTER 16: ACL COMMANDS undo time-range { time-name [ start-time to end-time days-of-the-week [ from start-time start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time end-date ] | to end-time end-date ] | all } View System view Parameter time-name: Name of a particular time range, used as an import identifier. start-time: (Optional) Starting time of the particular time range, in the format of hh:mm.
ACL Commands 231 If a time range only defines the absolute time range, the time range is only active within the absolute time range. If a time range only defines the absolute time range and multiple ranges of this time range are available (repeating this time range name can configure multiple absolute time ranges of the same name), the time range is active only within these absolute time ranges.
232 CHAPTER 16: ACL COMMANDS
QOS COMMANDS 17 QoS Commands c CAUTION: After QACL is configured in port view, the QACL configuration of all the member ports in the port group keeps the same all the time. After a port is added to the port group, the port configuration is overwritten by that of the port group. You cannot apply the ACL rule as per port. display port-group Syntax display port-group View Any view Parameter None Description Use the display port-group command to display all the port groups in the current system.
234 CHAPTER 17: QOS COMMANDS Description Use the display port-group index command to display the configuration information of the designated port group, including the description and member information of the port group. Related command: port Example # Display the configured information of port group 1. display port-group 1 Port-group ID : 1 Description: Port group 01 Port-group is unlocked.
QoS Commands 235 dscp-policed-service-map [ dscp-list ]: Displays "DSCP + Conform-level -> Service-parameter" mapping table. dscp-list: DSCP value, which can be a single value or values, for example, you can type single DSCP value "46", or DSCP values "0 8 10 16" (a space is required between two values). If you type value(s) for this parameter, then only the specified DSCP items will be displayed. Otherwise, the system displays the whole mapping connection. DSCP value is in the range of 0 to 63.
236 CHAPTER 17: QOS COMMANDS # Display the "Local-precedence + Conform-level -> Priority" mapping table.
QoS Commands display qos-interface all 237 Syntax display qos-interface [ interface- type interface-number ] all View Any view Parameter interface-type interface-number: Port of the switch, for detailed description, please refer to Command Manual - Port. Description Use the display qos-interface all command to view the QoS configuration of all ports, including drop mode, queue scheduling, traffic shaping etc.
238 CHAPTER 17: QOS COMMANDS Parameter interface-type interface-number: Port of the switch, for detailed description, please refer to Command Manual - Port. Description Use the display qos-interface drop-mode command to view drop mode configuration of outbound queues at a port. If no port is specified, drop mode configuration of all ports will be displayed. Related command: drop-mode. Example # Display drop mode and parameters of the port Ethernet2/1/2.
QoS Commands 239 Description Use the display qos-interface queue-scheduler command to view queue scheduling mode and parameters of a port. If no port is specified, queue scheduling mode and the parameters of all ports will be displayed. Related command: queue-scheduler. Example # Display queue scheduling mode and parameters.
240 CHAPTER 17: QOS COMMANDS Example # Display parameter configuration of traffic rate limitation,.
QoS Commands 241 Example # Display traffic redirection configuration. display qos-interface traffic-redirect GigabitEthernet3/1/1: traffic-redirect Inbound: Matches: Acl 2020 rule 0 running Redirected to: next-hop 1.1.1.1 display qos-interface traffic-shape Syntax display qos-interface [ interface-type interface-number ] traffic-shape View Any view Parameter interface-type interface-number: Port of the switch, for detailed description, please refer to Command Manual - Port.
242 CHAPTER 17: QOS COMMANDS rate: Port rate. This parameter is available only when you select interface-type interface-number. timeinterval: Interval for making statistics of rates, ranging from 1 to 5 seconds. The default value is one second. Description Use the display qos-interface traffic-statistic command to view traffic statistics of a port, including the target ACL, number of calculated packets etc.
QoS Commands 243 Example # Display all the QoS parameter configurations of all the VLANs. display qos-vlan all Vlan 1 traffic-limit Inbound: There is no configuration. Outbound: There is no configuration. Vlan 1 traffic-priority Inbound: There is no configuration. Outbound: There is no configuration Vlan 1 traffic-redirect Inbound: There is no configuration. Outbound: There is no configuration Vlan 1 traffic-statistic Inbound: There is no configuration. Outbound: There is no configuration.
244 CHAPTER 17: QOS COMMANDS Description Use the display qos-vlan traffic-limit command to display the parameter configuration for traffic limit in VLAN, including the configuration information about related ACL and policing actions. Related command: traffic-limit and traffic-params. Example # Display the parameter configuration of traffic limit in VLAN. display qos-vlan traffic-limit Vlan 1 traffic-limit Inbound: There is no configuration.
QoS Commands display qos-vlan traffic-redirect 245 Syntax display qos-vlan [ vlan-id ] traffic-redirect View Any view Parameter vlan-id: ID of a VLAN, in the range of 1 to 4094. Description Use the display qos-vlan traffic-redirect command to display the parameter configuration for traffic redirection in VLAN, including the related ACL and the destination port of the traffic redirection. Related command: traffic-redirect. Example # Display the parameter configuration for a traffic redirection in VLAN.
246 CHAPTER 17: QOS COMMANDS Matches: Acl 3000 rule 0 0 byte display traffic-params running (Action-type: Eacl, Destination slot: 2) Syntax display traffic-params [ traffic-index ] View Any view Parameter traffic-index: Traffic parameter index. The default value is 1. Description Use the display traffic-params command to display the parameter configuration for traffic policing, including cir, cbs, ebs, pir, and so on. Related command: traffic-params.
QoS Commands 247 In the case of network congestion, the switch drops packets to release system resources. And then no packets are put into long-delay queues. The following two drop modes are available: ■ Tail drop mode: different queues (red, yellow and green) are allocated with different drop thresholds. When these thresholds are exceeded respectively, excessive packets will be dropped. ■ WRED drop mode: Drop precedence is taken into account in drop action.
248 CHAPTER 17: QOS COMMANDS After entering conform level view, you can configure the "DSCP + Conform-level -> Service-parameter" mapping table of the corresponding level. For example, you can enter conform level 0 view and configure the "DSCP + Conform-level 0 -> Service-parameter" mapping table. Example # Configure the " DSCP + Conform-level 0 -> Service-parameter " mapping table.
QoS Commands 249 Parameter exp-list: Original EXP value, which can be a single value or several values, in the range of 0 to 7. For example, you can type single EXP value "2", or EXP values "2 3 4" (space is required between values). EXP is MPLS priority of MPLS packets. dscp-value: Modified DSCP value, in the range of 0 to 63. exp-value: Modified EXP value, in the range of 0 to 7. EXP is MPLS priority of MPLS packets. cos-value: Modified 802.1p priority value, in the range of 0 to 7.
250 CHAPTER 17: QOS COMMANDS cos-value2: 802.1p priority value corresponding to Local-precedence 2, in the range of 0 to 7. cos-value3: 802.1p priority value corresponding to Local-precedence 3, in the range of 0 to 7. cos-value4: 802.1p priority value corresponding to Local-precedence 4, in the range of 0 to 7. cos-value5: 802.1p priority value corresponding to Local-precedence 5, in the range of 0 to 7. cos-value6: 802.1p priority value corresponding to Local-precedence 6, in the range of 0 to 7.
QoS Commands mirrored-to 251 Syntax Command Format Which Only Applies IP Group ACL mirrored-to inbound ip-group { acl-number | acl-name } [ rule rule [ system-index index ] ] { cpu | interface interface-type interface-number } cpu undo mirrored-to inbound ip-group { acl-number | acl-name } [ rule rule ] Command Format Which Applies IP Group and Link Group ACL at Same time mirrored-to inbound ip-group { acl-number | acl-name } { rule rule link-group { acl-number | acl-name } [ rule rule [ system-index ind
252 CHAPTER 17: QOS COMMANDS Interface: Mirrors traffic to the designated destination port. Description Use the mirrored-to command to activate an ACL and mirror data streams to the CPU or the designated destination port. Use the undo mirrored-to command to remove traffic mirroring setting. This configuration is only applicable to the packets which match the permitted rules in the ACL. Related command: display qos-interface mirrored-to.
QoS Commands 253 group may contain one monitoring port and several monitored ports. You can also specify the direction of the monitored packets. Switch 8800 Family series support up to 24 mirroring groups at a port. Related command: display mirroring-group. n Switch 8800 Family series support cross-card mirroring, that is, the monitoring and monitored ports can be at different cards.
254 CHAPTER 17: QOS COMMANDS If the mirroring-group has been configured, the system will prompt "The mirroring-group has been configured!" port Syntax port interface-list undo port interface-list View Port group view Parameter interface-list: Ethernet port list to be added to a port group or to be deleted from a port group, in the format of interface-lis t= { interface-type interface-number [ to interface-type interface-number ] }&<1-n>.
QoS Commands port-group 255 Syntax port-group index undo port-group index View System view Parameter index: Port group number. Description Use the port-group command to create a port group and enter port group view. Use the undo port-group index command to delete a port group. The port group number of a common interface card ranges from 1 to 128. c CAUTION: The special port group corresponding to the XP4 card port cannot be deleted. Example # Create port group 1 and enter port group view.
256 CHAPTER 17: QOS COMMANDS After receiving a packet, the switch allocates a set of service parameters to it according to a specific rule. The procedure to obtain local precedence: First obtain it according to the "CoS ->Local-precedence" mapping table. If failed, the system uses the default local precedence of the port as that for the packet. Example # Set the defaulted local precedence value of the port Ethernet3/1/1 as 7. system-view System View: return to User View with Ctrl+Z.
QoS Commands 257 Parameter cos0-map-drop-prec: Mapping value from CoS 0 to drop precedence, in the range of 0 to 2. cos1-map-drop-prec: Mapping value from CoS 1 to drop precedence, in the range of 0 to 2. cos2-map-drop-prec: Mapping value from CoS 2 to drop precedence, in the range of 0 to 2. cos3-map-drop-prec: Mapping value from CoS 3 to drop precedence, in the range of 0 to 2. cos4-map-drop-prec: Mapping value from CoS 4 to drop precedence, in the range of 0 to 2.
258 CHAPTER 17: QOS COMMANDS mapping table and the "CoS -> Drop-precedence" mapping table. You can modify the CoS -> Drop-precedence mapping table using this command. Example # Configure the "CoS -> Drop-precedence" mapping table. system-view System View: return to User View with Ctrl+Z. [SW8800] qos cos-drop-precedence-map 2 2 1 1 1 0 0 0 Modified "CoS -> Drop-precedence" mapping table is shown as follows.
QoS Commands 259 cos6-map-local-prec: Mapping value from CoS 6 to local precedence, in the range of 0 to 7. cos7-map-local-prec: Mapping value from CoS 7 to local precedence, in the range of 0 to 7. Description Use the qos cos-local-precedence-map command to configure the "CoS -> Local-precedence" mapping table. Use the undo qos cos-local-precedence-map command to restore the default values of the "CoS -> Local-precedence" mapping table.
260 CHAPTER 17: QOS COMMANDS Table 38 Configured "CoS - Local-precedence" mapping table queue CoS Value Local Precedence 4 4 5 5 6 6 7 7 Syntax queue queue-id green-min-threshhold green-max-threshhold green-max-prob yellow-min-threshhold yellow-max-threshhold yellow-max-prob red-min-threshhold red-max-threshhold red-max-prob exponent undo queue queue-id View WRED index view Parameter queue-id: Outbound queue ID, in the range of 0 to 7 green-min-threshhold: Minimum queue length to trigger rando
QoS Commands 261 Description Use the queue command to configure parameters for a WRED index. Use the undo queue command to restore the default parameters for the WRED index. The switch provides four sets of default WRED parameters, respectively numbered as 0, 1, 2 and 3. Each set includes 80 parameters, 10 parameters for each of the eight queues.
262 CHAPTER 17: QOS COMMANDS Use the undo queue-scheduler command to restore the default setting, SP algorithm. By default, SP algorithm is selected for all outbound queues at a port. The switch supports eight outbound queues at a port, with different scheduling algorithms for them. You can configure these queues into different scheduling groups: SP group, WRR priority group 1 and group 2.
QoS Commands 263 rule rule: Specifies the subitem of an active ACL, ranging from 0 to 127; if not specified, all subitems of ACL will be activated. Description Use the reset traffic-statistic command to clear statistics of all traffic or traffic of a specific ACL. Table 39 Comparison between two statistics clearing commands Command Description reset acl counter Clears ACL statistics. This command is for the ACLs that perform filtering and traffic classification to the packets processed by software.
264 CHAPTER 17: QOS COMMANDS undo traffic-limit inbound ip-group { acl-number | acl-name } { rule rule link-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } rule rule } Command format which only applies link group ACL traffic-limit inbound link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] [ tc-index index ] cir cbs ebs [ pir ] [ conform { { remark-cos | remark-drop-priority }* | remark-policed-service } ] [ exceed { forward | drop } ] undo traffi
QoS Commands ■ 265 When you configure traffic policing for a port group, all the ports in the port group occupy the same bandwidth, that is, the configured traffic parameter is shared by all the ports. cir: Committed information rate in Kbps. cbs: Committed burst size in bytes. ebs: Excess burst size in bytes. pir: Peak information rate in Kbps. conform: Optional parameter used to set the action to be taken when the traffic does not exceed the set value. remark-cos: Sets new 802.
266 CHAPTER 17: QOS COMMANDS the Local-precedence + Conform-level-> 802.1p priority mapping table. For details about the two mapping tables, see the qos conform-level, dscp and local-precedence commands. Example # Set traffic limitation for the packets match the permitted rules in the ACL 4000: CIR is 200 kbps, CBS is 2000 bytes, EBS is 2500 bytes, drop the excessive packets. system-view System View: return to User View with Ctrl+Z.
QoS Commands 267 3999. acl-name: Name of the ACL, which must be a character string starting with an English letter (a-z or A-Z), and without any space in it. link-group { acl-number | acl-name }: Activates Layer 2 ACLs. acl-number: Sequence number of ACL, ranging from 4000 to 4999. acl-name: Name of ACL, which must be a character string started with an English letter (a-z or A-Z), and without any space in it.
268 CHAPTER 17: QOS COMMANDS The system can set service parameters for the matched traffic in one of following modes: 1 Employ the service parameters automatically allocated by the switch. Upon receiving a packet, the switch allocates a set of service parameters for it according to a specific rule. To choose this mode, you should select the auto keyword in this command.
QoS Commands 269 Command Format Which Applies IP Group and Link Group ACL at Same time traffic-redirect inbound ip-group { acl-number | acl-name } [ rule rule ] link-group { acl-number | acl-name } [ rule rule ] { cpu | interface interface-type interface-number destination-vlan { l2-vpn | l3-vpn } | next-hop ip-addr1 [ ip-addr2 ] [ invalid { forward | drop } ] | slot slotid designated-vlan vlanid [ join-vlan ] } undo traffic-redirect inbound ip-group { acl-number | acl-name } { rule rule link-group { acl-
270 CHAPTER 17: QOS COMMANDS allowed to pass, and l3-vpn means that MPLS l3-vpn packets are allowed to pass. destination-vlan must be the VLAN where the destination port belongs to. next-hop ip-addr1 [ ip-addr2 ]: Redirects packets to the specified IP address. You can define two IP addresses at a stoke, but the first one is with higher priority. That is, the system redirects packets to the second IP address only if the first one is unreachable.
QoS Commands 271 [3Com-Ethernet5/1/2] traffic-redirect inbound link-group 4000 interface ethernet5/1/1 4094 l3-vpn # Configure traffic redirection on a service processor card for packets that match the permit rules in ACL 3000. 1 Redirect the packets of VLAN4 that match the permit rules in ACL 3000 to a service processor card in Ethernet port view. system-view System View: return to User View with Ctrl+Z.
272 CHAPTER 17: QOS COMMANDS [SW8800]interface e thernet3/1/1 [3Com-Ethernet3/1/1] traffic-shape queue 2 500 12 traffic-statistic Syntax Command Format Which Only Applies IP Group ACL traffic-statistic inbound ip-group { acl-number | acl-name } [ rule rule [ system-index index ] ] [ tc-index index ] undo traffic-statistic inbound ip-group { acl-number | acl-name } [ rule rule ] Command Format Which Apply IP Group ACL and Link Group ACL at the Same Time traffic-statistic inbound ip-group { acl-number | a
QoS Commands 273 tc-index index: Index value of traffic conditioner, ranging from 0 to 12288. If you configured the same index value to different traffic rules during traffic statistic configuration, then the statistic of these traffics is performed. Description Use the traffic-statistic command to activate an ACL and run traffic statistics (only available for the permitted rules in the ACL). Use the undo traffic-statistic command to cancel traffic statistics.
274 CHAPTER 17: QOS COMMANDS wred Syntax wred wred-index undo wred wred-index View System view Parameter wred-index: WRED index, in the range of 0 to 3. Description Use the wred command to create a WRED index view and enter it. Use the undo wred command to restore the default WRED parameters. The switch provides four sets of default WRED parameters, respectively numbered as 0, 1, 2 and 3.
ACL CONTROL COMMANDS TO CONTROL LOGIN USERS 18 The ACL Control Commands to Control Login Users acl Syntax acl acl-number1 { inbound | outbound } undo acl acl-number1 { inbound | outbound } acl acl-number2 inbound undo acl acl-number2 inbound View User interface view Parameter acl-number1: Numbers of basic number-based ACLs and advanced ACLs, ranging from 2,000 to 3,999. acl-number2: Number of number-based Layer 2 ACL, ranging from. from 4,000 to 4,999.
276 CHAPTER 18: ACL CONTROL COMMANDS TO CONTROL LOGIN USERS you use the rules of a basic or advanced ACL, only the source IP address and its mask, the destination IP address and its mask, and the time-range parameter in them are valid. Similarly, when you use Layer 2 ACLs to implement the ACL control to the users accessing through Telnet or SSH, incoming/outgoing requests are restricted based on the source MAC addresses.
The ACL Control Commands to Control Login Users 277 Description Use the snmp-agent community command to set the community access name, permit the access to the switch using SNMP, and reference the ACL to perform ACL control to the network management users by acl-number. Use the undo snmp-agent community command to remove the setting of community access name. By default, SNMPV1 and SNMPV2C use community name to perform access.
278 CHAPTER 18: ACL CONTROL COMMANDS TO CONTROL LOGIN USERS write-view: Name of read-write view, ranging from 1 to 32 bytes. notify-view: Sets notify view. notify-view: Name of notify view, ranging from 1 to 32 bytes. acl acl-number: Number identifier of basic number-based ACLs, ranging from 2000 to 2999. Description Use the snmp-agent group command to configure a new SNMP group and reference the ACL to perform ACL control to the network management users by acl acl-number.
The ACL Control Commands to Control Login Users 279 auth-password: Authentication password, character string, ranging from 1 to 64 bytes. privacy: Specifies the security level as encryption. des56: Specifies the DES encryption protocol. priv-password: Encryption password, character string, ranging from 1 to 64 bytes. acl acl-number: Number identifier of basic number-based ACLs, ranging from 2000 to 2999. local: Local entity user. engineid: Specifies the engine ID related to the user.
280 CHAPTER 18: ACL CONTROL COMMANDS TO CONTROL LOGIN USERS
VLAN-ACL CONFIGURATION COMMANDS 19 VLAN-ACL Configuration Commands The VLAN-ACL configuration is subject to the following limitations: 1 Limitations on flow templates: ■ ■ ■ ■ The system only applies VLAN-ACL to ports with the default flow template applied. The applied ACL rule field must be specified by the default flow template.
282 CHAPTER 19: VLAN-ACL CONFIGURATION COMMANDS View VLAN view Parameter inbound: Mirrors inbound packets at the port. ip-group { acl-number | acl-name }: Activates IP ACLs, including basic and advanced ACLs. acl-number: Sequence number of ACL, ranging from 2000 to 3999. acl-name: Name of the ACL, which must be a character string starting with an English letter (a-z or A-Z), and without any space in it.
VLAN-ACL Configuration Commands 283 ip-group { acl-number | acl-name }: Activates IP ACLs, including basic and advanced ACLs. acl-number: Sequence number of ACL, ranging from 2000 to 3999. acl-name: Name of the ACL, which must be a character string starting with an English letter (a-z or A-Z), and without any space in it. rule rule: Specifies the subitem of an active ACL, ranging from 0 to 127; if not specified, all subitems of ACL will be activated.
284 CHAPTER 19: VLAN-ACL CONFIGURATION COMMANDS system-index index: Specifies the system index value of the rule. Normally, an applied rule is assigned a globally unique index value automatically for being indexed. You can also specify the index value for the rule, but this value may change while the system is running. In general, you are not recommended to specify this parameter manually. tc-index index: The traffic control index.
VLAN-ACL Configuration Commands 285 Use the command to perform flow limit on the packets matching the specified ACL (only available to the rules whose action is permit in the ACL). When the parameter is set, it is required that cir<=pir,cbs<=ebs. It is recommended to set the values of cbs and ebs 100-150 times of the value of cir.
286 CHAPTER 19: VLAN-ACL CONFIGURATION COMMANDS system-index index: Specifies the system index value of the rule. Normally, a applied rule is assigned a globally unique index value automatically for being indexed. You can also specify the index value for the rule, but this value may change while the system is running. In general, you are not recommended to specify this parameter manually. auto: Chooses the service parameters allocated automatically by the switch.
VLAN-ACL Configuration Commands 287 DSCP priorities and EXP values of MPLS packets. To choose this mode, specify the remark-policed-service dscp dscp-value when executing this command. 4 Specify a set of service parameters. To choose this mode, specify remark-policed-service untrusted dscp dscp-value cos cos-value local-precedence local-precedence drop-priority drop-level parameter when executing this command.
288 CHAPTER 19: VLAN-ACL CONFIGURATION COMMANDS change while the system is running. In general, you are not recommended to specify this parameter manually. cpu: Redirects packets to the CPU. next-hop ip-addr1 [ ip-addr2 ]: Redirects packets to the specified IP address. You can define two IP addresses at a stoke. The system redirects packets to the first IP address if the fist IP address has higher priority.
VLAN-ACL Configuration Commands 289 3999. acl-name: Name of the ACL, which must be a character string starting with an English letter (a-z or A-Z), and without any space in it. rule rule: Specifies the subitem of an active ACL, ranging from 0 to 127; if not specified, all subitems of ACL will be activated. system-index index: Specifies the system index value of the rule which will be indexed during operation.
290 CHAPTER 19: VLAN-ACL CONFIGURATION COMMANDS Example # Synchronize ACL configuration of VLAN 5 to Ethernet3/1/1 port manually. system-view System View: return to User View with Ctrl+Z. [SW8800] interface Ethernet3/1/1 [3Com-Ethernet3/1/1]port can-access vlan-acl vlan 5 display vlan-acl-member-ports Syntax display vlan-acl-member-ports vlan vlan-id View Any view Parameter vlan-id: VLAN ID, in the range of 1 to 4,094.
292 CHAPTER 19: VLAN-ACL CONFIGURATION COMMANDS
802.1X CONFIGURATION COMMANDS 20 802.1x Configuration Commands anti-attack Syntax anti-attack { arp | dot1x | ip }{ disable | enable } View System view Parameter arp: ARP packet. dot1x :dot1 packet. ip: IP packet. Description Use the anti-attack { arp | dot1x | ip } enable command to enable packet attack prevention. Use the anti-attack { arp | dot1x | ip } disable command to disable packet attack prevention.
294 CHAPTER 20: 802.1X CONFIGURATION COMMANDS View Any view Parameter enabled-interface: Configures to display the Ethernet port that starts 802.1x. guest vlan: Displays Guest VLAN IDs and specifies the port that enables Guest VLAN. interface: Configures to display the 802.1x information on the specified interface. interface-list: Ethernet interface list expressed in the format interface-list =interface-type interface-number [ to interface-type interface-number ] &<1-10>.
802.1x Configuration Commands 295 Total maximum 802.1x user resource number is 2048 Total current used 802.1x resource number is 0 Ethernet3/1/1 is link-down 802.1X protocol is disabled Proxy trap checker is disabled Proxy logoff checker is disabled The port is a(n) authenticator Authenticate Mode is auto Port Control Type is Mac-based Max on-line user number is 1024 ... (Omitted) Table 40 Description of 802.1x configuration information Field Description Equipment 802.1X protocol is enabled 802.
296 CHAPTER 20: 802.1X CONFIGURATION COMMANDS View System view, Ethernet port view Parameter interface-list: Ethernet interface list expressed in the format interface-list =interface-type interface-number [ to interface-type interface-number ] &<1-10>. interface-type means the interface type, interface-number is the interface number. Refer to command parameters in the "Port" section in the manual for the respective meanings and value ranges of them.
802.1x Configuration Commands 297 undo dot1x authentication-method View System view Parameter chap: Uses CHAP authentication method. pap: Uses PAP authentication method. eap: Uses EAP authentication method. By now, only MD5 encryption method is available. md5-challenge: EAP MD5-Challenge authentication method peap: EAP PEAP authentication method tls: EAP TLS authentication method Description Use the dot1x authentication-method command to configure the authentication method for 802.1x user.
298 CHAPTER 20: 802.1X CONFIGURATION COMMANDS View System view Parameter None Description Use the dot1x dhcp-launch command to set 802.1x to disable the switch to trigger the user ID authentication over the users who configure static IP addresses in DHCP environment. Use the undo dot1x dhcp-launch command to set 802.1x to enable the switch to trigger the authentication over them.
802.1x Configuration Commands 299 provide the interface-list argument, Guest VLAN is enabled on the ports specified by this argument. If you execute the dot1x guest-vlan command in Ethernet interface view, this command does not accept the interface-list argument and Guest VLAN is enabled only on the current port. Example # Specify to perform port-based authentications. [SW8800] dot1x port-method portbased # Enable Guest VLAN on all ports.
300 CHAPTER 20: 802.1X CONFIGURATION COMMANDS Example # Configure the interface Ethernet 3/1/1 to hold no more than 32 users. [SW8800] dot1x max-user 32 interface Ethernet 3/1/1 dot1x port-control Syntax dot1x port-control { auto | authorized-force | unauthorized-force } [ interface interface-list ] undo dot1x port-control [ interface interface-list ] View System view, Ethernet interface view Parameter auto: Automatic identification mode, showing that the initial state of the interface is unauthorized.
802.1x Configuration Commands 301 interface-list cannot be input when the command is executed in Ethernet port view and it has effect only on the current interface. Related command: display dot1x. Example # Configure the interface Ethernet 3/1/1 to be in unauthorized-force state.
302 CHAPTER 20: 802.1X CONFIGURATION COMMANDS This command has effect on the interface specified by the parameter interface-list when executed in system view. It has effect on all the interfaces when no interface is specified. The parameter interface-list cannot be input when the command is executed in Ethernet interface view and it has effect only on the current interface. Related command: display dot1x. Example # Authenticate the supplicant based on the interface number on Ethernet 3/1/1.
802.1x Configuration Commands 303 Parameter max-retry-value: Specifies the maximum times an Ethernet switch can retransmit the authentication request frame to the supplicant, ranging from 1 to 10. By default, the value is 2, that is, the switch can retransmit the authentication request frame to the supplicant for 2 times. Description Use the dot1x retry command to configure the maximum times an Ethernet switch can retransmit the authentication request frame to the supplicant.
304 CHAPTER 20: 802.1X CONFIGURATION COMMANDS Description Use the dot1x supp-proxy-check command to configure the control method for 802.1x access users via proxy logon the specified interface. Use the undo dot1x supp-proxy-check command to cancel the control method set for the 802.1x access users via proxy. Note that when performing this function, the user logging on via proxy need to run 3Com 802.1x client program,( 3Com 802.1x client program version V1.29 or above is needed).
802.1x Configuration Commands 305 will consider the user having logged off and set the user as logoff state if system doesn’t receive the response from user for consecutive N times. handshake-period-value: Handshake period. The value ranges from 1 to 1024 in units of second and defaults to 30. quiet-period: Specifies the quiet timer. If an 802.
306 CHAPTER 20: 802.
802.1x Configuration Commands 307 be cleared. If the port type and port number are specified, the 802.1x statistics on the specified port will be cleared. Related command: display dot1x. Example # Clear the 802.1x statistics on Ethernet 3/1/2.
308 CHAPTER 20: 802.
AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS 21 AAA Configuration Commands access-limit Syntax access-limit { disable | enable max-user-number } undo access-limit View ISP domain view Parameter disable: No limit to the supplicant number in the current ISP domain. enable max-user-number: Specifies the maximum supplicant number in the current ISP domain, ranging from 1 to 2312. Description Use the access-limit command to configure a limit to the amount of supplicants in the current ISP domain.
310 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Parameter None Description Use the accounting optional command to enable accounting to be optional. Use the undo accounting optional command to disable accounting to be optional. By default, accounting is not optional. By executing the accounting optional command, you can enable users to utilize the network resources even when no accounting server is available or the switch fails to communicate with the accounting server.
AAA Configuration Commands 311 nas-ip ip-address: IP address of the access server in the event of binding a remote port with a user. The argument ip-address is an IP address in dotted decimal format and defaults to 127.0.0.1 (which represents the local machine). port portnum: Sets the port with which a user is bound. The argument portnum is represented by "SlotNumber SubSlotNumber PortNumber". If the bound port has no SubSlotNumber, the value 0 can be used as the SubSlotNumber.
312 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS domain domain-name: Configures to cut the connection according to ISP domain. domain-name specifies the ISP domain name with a character string not exceeding 24 characters. The specified ISP domain shall have been created. mac mac-address: Configures to cut the connection of the supplicant whose MAC address is mac-address. The argument mac-address is in the hexadecimal format (x-x-x).
AAA Configuration Commands 313 dot1x: Specifies 802.1x access mode. gcm: Specifies GCM access mode. domain domain-name: Configures to display all the users in an ISP domain. domain-name specifies the ISP domain name with a character string not exceeding 24 characters. The specified ISP domain shall have been created. hwtacacs-scheme hwtacacs-scheme-name: Displays all the user connections of the hwtacacs scheme named hwtacacs -scheme-name. hwtacacs -scheme-name is a string of no more than 32 characters.
314 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS View Any view Parameter isp-name: Specifies the ISP domain name, with a character string not exceeding 24 characters. The specified ISP domain shall have been created. Description Use the display domain command to view the configuration of a specified ISP domain or display the summary information of all ISP domains. By default, this command displays the summary information about all the ISP domains in the system.
AAA Configuration Commands 315 means the user enables the function. This parameter only takes effect on the users configured as Lan-access type. For other types of users, the display local-user idle-cut enable and display local-user idle-cut disable commands will not display any information. service-type: Configures to display local user of a specified type. ftp means that the specified user type is FTP.
316 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS IP address: MAC address: Disable Disable Total 1 local user(s) Matched,1 listed.
AAA Configuration Commands 317 The purpose of introducing ISP domain settings is to support the application environment with several ISP domains. In this case, an access device may have supplicants from different ISP domains. Because the attributes of ISP users, such as username and password structures, service types, may be different, it is necessary to separate them by setting ISP domains.
318 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS the user nor the RADIUS server, the user will adopt the Idle-cut state in the template. Because a user template only works in one ISP domain, it is necessary to configure user template attributes for users from different ISP domain respectively. Related command: domain. Example # Enable the user in the current ISP domain, 3com163.
AAA Configuration Commands 319 Example # Create a local IP address pool ranging from 129.102.0.1 to 129.102.0.10. [SW8800] domain 3com163.net [3Com-isp-3com163.net] ip pool 0 129.102.0.1 129.102.0.10 level Syntax level level undo level View Local user view Parameter level: User priority, an integer ranging from 0 to 3. Description Use the level command to set user priority. Use the undo level command to restore the default user priority. By default, the user priority is 0. Related command: local user.
320 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS multicast [ domain domain-name ]: Add or delete multicast addresses according to the domain. ipaddress: IP address of multicast. password-display-mode { auto | cipher-force }: Specifies the password display mode. auto means displaying the password in user-specified mode; cipher-force means displaying password in cipher text by force. all [ service-type { ftp | lan-access | telnet | ppp | ssh | terminal } ]: Deletes all local users.
AAA Configuration Commands 321 Use the undo local-user password-display-mode command to cancel the password display mode that has been set for all the accessing users. If cipher-force has been adopted, the user efforts of specifying to display passwords in simple text will render useless. The default password display mode for all the access users is auto. Related command: display local-user , password. Example # Force all the accessing users to display passwords in cipher text.
322 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Parameter simple: Specifies to display passwords in simple text. cipher: Specifies to display passwords in cipher text. password: Defines a password, which is a character string of up to 16 characters if it is in simple text and of up to 24 characters if it is in cipher text. Description Use the password command to configure a password display mode for local users.
AAA Configuration Commands 323 By default, an AAA scheme specifies to perform local authentications. The scheme command specifies a RADIUS/HWTACACS scheme for the current ISP domain. The specified scheme must be an existing scheme. You can use the radius-scheme radius-scheme-name local or hwtacacs-scheme hwtacacs-scheme-name local command to specify to perform local authentications in case the Radius Server or the Tacacs Server fails to respond properly.
324 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS By default, a switch does not support a VLAN ID delivered by a RADIUS server to be of string type. Dynamic VLAN delivering enables an Ethernet switch to monitor network resources available to users by adding the ports to which the authenticated users connect to different VLANS according to the attributes delivered by RADIUS servers. To work with Guest VLAN, ports are usually configured to perform port-based authentications.
AAA Configuration Commands 325 The "Change user password" option is available only when the user passes the authentication; otherwise, this option is in grey and unavailable. Example # Specify the URL of the Web page used to change password on the self-service server to be http://10.153.89.94/selfservice/modPasswd1x.jsp|userName. [SW8800] domain system [3Com-isp-system] self-service-url enable http://10.153.89.94/selfservice/modP asswd1x.
326 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Use the undo service-type command to cancel the specified service type for the user. Example # Set to provide the Lan-access service for the user 3com1.
AAA Configuration Commands 327 View ISP domain view Parameter integer: Specify the VLAN delivery mode to be integer. string: Specify the VLAN delivery mode to be string. Description Use the vlan-assignment-mode command to specify the VLAN delivery mode (integer or string). By default, the integer mode is used, that is, the switch supports the RADIUS server delivering VLAN IDs in integer form. Dynamic VLAN delivering aims to control the network resources available to a user.
328 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Related command: name, dot1x guest-vlan. Example # Specify the dynamic VLAN delivery mode to be string. [3Com-isp-3com163.net] vlan-assignment-mode string RADIUS Protocol Configuration Commands accounting optional Syntax accounting optional undo accounting optional View RADIUS scheme view Parameter None Description Use the accounting optional command to enable the RADIUS accounting option.
RADIUS Protocol Configuration Commands 329 View RADIUS scheme view Parameter data: Sets data unit. byte: Sets ’byte’ as the unit of data flow. giga-byte: Sets ’giga-byte’ as the unit of data flow. kilo-byte: Sets ’kilo-byte’ as the unit of data flow. mega-byte: Sets ’mega-byte’ as the unit of data flow. packet: Sets data packet unit. giga-packet: Sets ’giga-packet’ as the unit of packet flow. kilo-packet: Sets ’kilo-packet’ as the unit of packet flow.
330 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Description Use the debugging radius command to enable RADIUS packet debugging. Use the undo debugging radius command to disable RADIUS packet debugging. By default, RADIUS packet debugging is disabled. Example: # Enable RADIUS packet debugging.
RADIUS Protocol Configuration Commands 331 Description Use the display radius command to view the configuration information of all RADIUS scheme or a specified one. By default, This command outputs the configuration information about the specified or all the RADIUS scheme. Related command: radius scheme. Example # Display the configuration information of all the RADIUS scheme.
332 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Table 42 Description of output information of the display radius command display radius nas-ip Field Description Packet unit The unit of packets Syntax display radius nas-ip View Any view Parameter None Description Use the display radius nas-ip command to display all the global NAS-IP information configured in system view, including the global NAS-IP information of public network and private network.
RADIUS Protocol Configuration Commands 333 display radius statistics state statistic(total=4120): DEAD=4120 AuthProc=0 AuthSucc=0 AcctStart=0 RLTSend=0 RLTWait=0 AcctStop=0 OnLine=0 Stop=0 StateErr=0 Receive and Send packets statistic: Send PKT total :0 Receive PKT total:0 RADIUS received packets statistic: Code= 2,Num=0 ,Err=0 Code= 3,Num=0 ,Err=0 Code= 5,Num=0 ,Err=0 Code=11,Num=0 ,Err=0 Code=22,Num=0 ,Err=0 Running statistic: RADIUS received messages statistic: Normal auth request ,Num=0 EAP a
334 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Table 43 Description on the fields of the display radius statistics command display stop-accounting-buffer Field Description DEAD Dead state AuthProc Processing authentication AuthSucc Authentication successful AcctStart Starting accounting RLTSend Sending real time accounting RLTWait Waiting for real time accounting AcctStop Stop waiting for accounting OnLine Online Stop Stop StateErr State error Syntax displa
RADIUS Protocol Configuration Commands 335 request packets saved during a specified time range. The displayed packet information can help with diagnosis and troubleshooting. After transmitting the stopping accounting requests, if there is no response from the RADIUS scheme, the switch will save the packet in the buffer and retransmit it for several times, which is set through the retry stop-accounting command.
336 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Example # Set the authentication/authorization key of the RADIUS scheme, 3com, to hello. [3Com-radius-3com] key authentication hello # Set the accounting packet key of the RADIUS scheme, 3com, to ok.
RADIUS Protocol Configuration Commands 337 Description Use the local-server command to configure the parameters of local RADIUS server. Using undo local-server command, you can cancel a local RADIUS server. RADIUS service, which adopts authentication/authorization/accounting servers to manage users, is widely used in 3Com series switches. Besides, local authentication/authorization service is also used in these products and it is called local RADIUS function, i.e.
338 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS By default, the source IP address of packets is the IP address of the VLAN interface to which the port connecting with the server belongs. Related commands: display radius, radius nas-ip Example # Configure the IP address that NAS (switch) uses to send RADIUS packets as 10.1.1.1. [SW8800] radius scheme test1 [3Com-radius-test1] nas-ip 10.1.1.
RADIUS Protocol Configuration Commands primary authentication 339 Syntax primary authentication ip-address [ port-number ] undo primary authentication View RADIUS scheme view Parameter ip-address: IP address, in dotted decimal format. port-number: Specifies UDP port number. ranging from 1 to 65535. Description Use the primary authentication command to configure the IP address and port number for the primary RADIUS authentication/authorization.
340 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Parameter None Description Use the radius client enable command to enable the port 1812. You must use this command to enable ports before using RADIUS authentication. Use the undo radius client to disable the port 1812. You can use this command to disable ports when you do not use RADIUS authentication. The system does not receive (or respond to) UDP packets whose destination port is the port 1812 after the port 1812 is disabled.
RADIUS Protocol Configuration Commands 341 Example # Configure the source IP address that the switch uses to send RADIUS packets as 129.10.10.1. system-view [SW8800] radius nas-ip 129.10.10.1 radius scheme Syntax radius scheme radius-server-name undo radius scheme radius-server-name View System view Parameter radius-server-name: Specifies the RADIUS scheme name with a character string not exceeding 32 characters.
342 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS reset radius statistics Syntax reset radius statistics View User view Parameter None Description Use the reset radius statistics command to clear the statistic information related to the RADIUS protocol. Related command: display radius. Example # Clear the RADIUS protocol statistics.
RADIUS Protocol Configuration Commands 343 Description Use the reset stop-accounting-buffer command to reset the stopping accounting requests, which are saved in the buffer and have not been responded. After transmitting the stopping accounting requests, if there is no response from the RADIUS scheme, the switch will save the packet in the buffer and retransmit it for several times, which is set through the retry stop-accounting command.
344 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Setting a suitable retry-time according to the network situation can speed up the system response. Related command: radius scheme. Example # Set to retransmit the RADIUS request packet no more than 5 times in the RADIUS scheme "3Com".
RADIUS Protocol Configuration Commands retry stop-accounting 345 Syntax retry stop-accounting retry-times undo retry stop-accounting View RADIUS scheme view Parameter retry-times: Maximal retransmission times of a buffered stop-accounting request, ranging from 10 to 65535. By default, the value is 500. Description Use the retry stop-accounting command to configure the maximal retransmission times after a stop-accounting request is saved into the buffer due to getting no response.
346 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Description Use the secondary accounting command to configure the IP address and port number for the secondary RADIUS accounting server. Use the undo secondary accounting command to restore the IP address and port number to default values. For detailed information, read the description of the primary accounting command. Related command: key, radius scheme, state.
RADIUS Protocol Configuration Commands server-type 347 Syntax server-type { 3com | portal| standard } undo server-type View RADIUS scheme view Parameter 3com: Configures the switch system to support the RADIUS scheme of 3Com type, which requires the RADIUS client end (switch system) and RADIUS server to interact according to the private RADIUS protocol regulation and packet format of 3Com Corporation Co., Ltd. portal: RADIUS server cooperating with iTellin Portal system.
348 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS secondary: Configures to set the state of the secondary RADIUS server. accounting: Configures to set the state of RADIUS accounting server. authentication: Configures to set the state of RADIUS authentication/authorization. block: Configures the RADIUS server to be in the state of block. active: Configures the RADIUS server to be active, namely the normal operation state.
RADIUS Protocol Configuration Commands 349 Description Use the stop-accounting-buffer enable command to configure to save the stopping accounting requests without response in the switch system buffer. Use the undo stop-accounting-buffer enable command to cancel the function of saving the stopping accounting requests without response in the switch system buffer. By default, enable to save the stopping accounting requests in the buffer.
350 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Example # Set the quiet timer of the primary server to 10 minutes. [SW8800] radius scheme test1 [3Com-radius-test1] timer quiet 10 timer realtime-accounting Syntax timer realtime-accounting minute undo timer realtime-accounting View RADIUS scheme view Parameter minute: Real-time accounting interval, ranging from 3 to 60 and measured in minutes. It must be a multiple of 3.By default, the value is 12.
RADIUS Protocol Configuration Commands timer response-timeout 351 Syntax timer response-timeout seconds undo timer response-timeout View RADIUS scheme view Parameter seconds: The value range is 1 to 10 in seconds. The default response timeout value of the RADIUS server is 3 seconds. Description Use the timer response-timeout command to set the response-timeout value of RADIUS server. Use the undo timer response-timeout command to restore the default configuration. Related command: display radius.
352 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS servers reject the username including ISP domain name. In this case, the username will be sent to the RADIUS server after its domain name is removed. Accordingly, the switch provides this command to decide whether the username to be sent to RADIUS server carries ISP domain name or not.
HWTACACS Configuration Commands 353 HWTACACS Configuration Commands data-flow-format Syntax data-flow-format { data { byte | giga-byte | kilo-byte | mega-byte } } | { packet { giga-packet | kilo-packet | mega-packet | one-packet } } undo data-flow-format { data | packet } View HWTACACS view Parameter data: Sets data unit. byte: Sets ’byte’ as the unit of data flow. giga-byte: Sets ’giga-byte’ as the unit of data flow. kilo-byte: Sets ’kilo-byte’ as the unit of data flow.
354 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS debugging hwtacacs Syntax debugging hwtacacs { all | error | event | message | receive-packet | send-packet } undo debugging hwtacacs { all | error | event | message | receive-packet | send-packet } View User view Parameter all: Enables all HWTACACS debugging. error: Enables error debugging. event: Enables event debugging. message: Enables message debugging. receive-packet: Enables incoming packet debugging.
HWTACACS Configuration Commands 355 Related command: hwtacacs scheme. Example # Display the configuration information of the HWTACACS scheme gy. display hwtacacs gy -----------------------------------------------------------------HWTACACS-server template name : gy Primary-authentication-server : 172.31.1.11:49 Primary-authorization-server : 172.31.1.11:49 Primary-accounting-server : 172.31.1.11:49 Secondary-authentication-server : 0.0.0.0:0 Secondary-authorization-server : 0.0.0.
356 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS hwtacacs nas-ip Syntax hwtacacs nas-ip ip-address undo hwtacacs nas-ip View System view Parameter ip-address: IP address of a specified source, which is that of the local host and cannot be a broadcast address of class A, B or C, a class D address, an all-zero address, or an address begins with 127. Description Use the hwtacacs nas-ip command to specify the source address of the HWTACACS packet sent from NAS.
HWTACACS Configuration Commands 357 Use the undo hwtacacs scheme command to delete a HWTACACS scheme. Example # Create a HWTACACS scheme named test1 and enter the HWTACACS view. [SW8800] hwtacacs scheme test1 [3Com-hwtacacs-test1] key Syntax key { accounting | authentication | authorization } string undo key { accounting | authentication | authorization } string View HWTACACS view Parameter accounting: Shared key of the accounting server. authentication: Shared key of the authentication server.
358 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS View HWTACACS view Parameter ip-address: Source IP address, in dotted decimal format. Description Use the nas-ip command to set the source IP address for HWTACACS packets sent from the NAS (switch), such that all the packets sent to the TACACS server carry the same source IP address. Use the undo nas-ip command to delete the configuration.
HWTACACS Configuration Commands 359 You are not allowed to assign the same IP address to both primary and secondary accounting servers. If you repeatedly use this command, the latest configuration overwrites the previous one. You can remove a TACACS scheme accounting server only when no Active TCP connection used to send accounting packets is now using the server, and the removal impacts only packets forwarded afterwards. Example # Configure a primary accounting server.
360 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Example # Configure a primary authentication server. [SW8800] hwtacacs scheme test1 [3Com-hwtacacs-test1] primary authentication 10.163.155.13 49 primary authorization Syntax primary authorization ip-address [ port-number ] undo primary authorization View HWTACACS view Parameter ip-address: IP address of the server, a valid unicast address in dotted decimal format.
HWTACACS Configuration Commands 361 Parameter accounting: Clears all the HWTACACS accounting statistics. authentication: Clears all the HWTACACS authentication statistics. authorization: Clears all the HWTACACS authorization statistics. all: Clears all statistics. Description Use the reset hwtacacs statistics command to clear HWTACACS protocol statistics. Related command: display hwtacacs. Example # Clear all HWTACACS protocol statistics.
362 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Parameter retry-times: The maximum number of stop-accounting request attempts. It is in the range 1 to 300 and defaults to 100. Description Use the retry stop-accounting command to enable stop-accounting packet retransmission and configure the maximum number of stop-accounting request attempts. Use the undo retry stop-accounting command to restore the default setting.
HWTACACS Configuration Commands 363 You can remove a TACACS scheme accounting server only when no Active TCP connection used to send accounting packets is now using the server, and the removal impacts only packets forwarded afterwards. Example # Configure a secondary accounting server. [SW8800] hwtacacs scheme test1 [3Com-hwtacacs-test1] secondary accounting 10.163.155.
364 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS secondary authorization Syntax secondary authorization ip-address [ port-number ] undo secondary authorization View HWTACACS view Parameter ip-address: IP address of the server, a legal unicast address in dotted decimal format. port-number: Port number of the server, ranging from 1 to 65535. By default, it is 49. Description Use the secondary authorization command to configure a secondary TACACS authorization server. Use the .
HWTACACS Configuration Commands 365 Parameter minutes: Ranges from 1 to 255 minutes. By default, the primary server must wait five minutes before it resumes the active state. Description Use the timer quiet command to set the waiting time before the primary server resumes the active state. Use the undo timer quiet command to restore the default configuration.
366 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS Table 45 Number of users and recommended interval Number of users Real-time accounting interval ( in minutes) 1 - 99 3 100 - 499 6 500 - 999 12 ≥1000 ≥15 Example # Set the real-time accounting interval of the HWTACACS scheme 3com to 51 minutes.
HWTACACS Configuration Commands 367 Parameter with-domain: Specifies that the domain name is taken along with the username that will be sent to the TACACS server. without-domain: Specifies that no domain name is taken along with the username that will be sent to the TACACS server. Description Use the user-name-format command to set the username format acceptable to the TACACS server. For a HWTACACS scheme, each username sent to a TACACS server contains a domain name by default.
368 CHAPTER 21: AAA AND RADIUS/HWTACACS PROTOCOL CONFIGURATION COMMANDS
22 PORTAL CONFIGURATION COMMANDS Portal Configuration Commands debugging portal Syntax debugging portal { acm | all | arp-handshake | server | tcp-cheat } undo debugging portal { acm | all | arp-handshake | server | tcp-cheat } View User view Parameter acm: Enables the debugging for authentication connection management (ACM), that is to say, enables the debugging for state machines related with authentication, connection and management. all: Enables all the debugging for Portal.
370 CHAPTER 22: PORTAL CONFIGURATION COMMANDS View Any View Parameter acm statistics: Displays the statistics about ACM, that is to say, displays the statistics about the state machines related with authentication, connection and management. auth-network auth-vlan-id: Displays the authentication network section. auth-vlan-id is the ID of the VLAN where the access port (where the authentication users access into the switch across the network) lies in.
Portal Configuration Commands Interval: 60s Retry Times: 5 VLAN Portal Configuration: VLAN 3 : Portal Started Portal Server: pt2 Index State MAC IP ort 371 VLAN P Table 46 Description on the fields of the display portal command Field Description Run Method Portal servers run in one of the three methods: direct, ReDHCP and Layer3 Free IP Free IP addresses.
372 CHAPTER 22: PORTAL CONFIGURATION COMMANDS Table 47 Description on the fields of the display portal acm statistics command portal Field Description ACM Statistics Statistics about state machines WAIT_MAC_ACK Time of waiting for MAC address acknowledgements.
Portal Configuration Commands 373 Parameter server-name: Name of a Portal server. It is a string in the range of 1 to 32 characters. Description Use the portal command to enable the Portal authentication function on a VLAN interface. Use the undo portal command to disable this function. If the Portal runs in the Layer 3 Portal authentication method, you must configure an authentication section before enabling the Portal authentication function on a VLAN interface.
374 CHAPTER 22: PORTAL CONFIGURATION COMMANDS If the user PC still does not respond after the sending times exceed the retry times, the switch will regard the handshakes as abnormal, cut the connection with this user actively and notify the Portal server about this case. This command is ineffective for the Layer 3 Portal authentication method. Example # Set the interval of handshakes between the switch and the host to 120 seconds, and set the maximum retry times to six times.
Portal Configuration Commands 375 View System view Parameter ip-address: Deletes the Portal users using the specified IP address. Description Use the portal delete-user command to delete the Portal users using the specified IP address. Example # Delete users using the IP address 10.153.94.8. system-view System View: return to User View with Ctrl+Z. [SW8800] portal delete-user 10.153.94.
376 CHAPTER 22: PORTAL CONFIGURATION COMMANDS portal free-user Syntax In system view: portal free-user mac mac-address ip ip-address vlan vlan-id interface interface-type interface-number undo portal free-user { mac mac-address | all } In Ethernet port view: portal free-user mac mac-address ip ip-address vlan vlan-id undo portal free-user { mac mac-address | all } View System view, Ethernet port view Parameter mac mac-address: Sets the Mac addresses of authentication-free users.
Portal Configuration Commands 377 ■ The ReDHCP authentication method requires that the IP address of an authentication-free user and the master IP address of the interface belong to the same network section. The Direct authentication method requires that the IP address of an authentication-free user and that of the VLAN interface belong to the same network section. ■ This configuration takes effect after Portal is enabled in the VLAN that the authentication-free users belongs to.
378 CHAPTER 22: PORTAL CONFIGURATION COMMANDS portal server Syntax portal server server-name { ip ip-address | key key-string | port port | url url-string } * undo portal server server-name [ key | port | url ] View System view Parameter server-name: Name of a Portal server. It is a string in the range of 1 to 32 characters. ip-address: IP address of a Portal server. This address cannot be full-zero addresses, loopback addresses, multicast addresses or broadcast addresses.
Portal Configuration Commands portal upload-interface 379 Example portal upload-interface undo portal upload-interface View Ethernet port view Parameter None Description Use the portal upload-interface command to enable the Portal rate limit function on the upload interface. Use the undo portal upload-interface command to disable the Portal rate limit function. By default, the Portal rate limit function is disabled.
380 CHAPTER 22: PORTAL CONFIGURATION COMMANDS server: Clears the statistics about the Portal server. tcp-cheat: Clears the statistics about TCP cheats. Description Use the reset portal command to clear the related statistics about Portal. Example # Clear the statistics about ACM of the Portal client.
STATIC ROUTE CONFIGURATION COMMANDS 23 n When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual. For the configuration of VPN instance, refer to the MPLS module in 3Com Switch 8800 Family Series Routing Switches Operation Manual.
382 CHAPTER 23: STATIC ROUTE CONFIGURATION COMMANDS 4.4.4.1/32 127.0.0.0/8 127.0.0.1/32 DIRECT DIRECT DIRECT 0 0 0 0 0 0 127.0.0.1 127.0.0.1 127.0.0.
Display Commands of the Routing Table 383 For detailed description of the output information, see Table 48. # Display the verbose information of the Active and Inactive routes that are filtered through basic acl 2000. display ip routing-table acl 2000 verbose Routes matched by access-list 2000: + = Active Route, - = Last Active, # = Both * = Next hop in use Summary count: 2 **Destination: 10.1.1.0 Mask: 255.255.255.0 Protocol: #DIRECT Preference: 0 *NextHop: 10.1.1.2 Interface: 10.1.1.
384 CHAPTER 23: STATIC ROUTE CONFIGURATION COMMANDS Table 49 Description of the fields of the display ip routing-table acl verbose command Field Description Route state description: ActiveU Valid unicast route. U stands for unicast.
Display Commands of the Routing Table 385 Table 49 Description of the fields of the display ip routing-table acl verbose command display ip routing-table ip-address Field Description Age Lifetime of a route entry, in hh : mm : ss, where hh is hours, mm is minutes, and ss is seconds. The displayed time should be read from right to left. For example, 7:24 indicates that the lifetime of a route is seven hours and 24 minutes.
386 CHAPTER 23: STATIC ROUTE CONFIGURATION COMMANDS Example # There is a corresponding route in natural mask range. Display the summary. display ip Destination/Mask 169.0.0.0/16 169.0.0.0/8 routing-table Protocol Pre STATIC 60 STATIC 60 169.0.0.0 Cost 0 0 Nexthop 192.168.1.2 192.168.1.2 Interface Vlan-interface10 Vlan-interface10 For detailed description of the output information, see Table 48.
Display Commands of the Routing Table 387 View Any view Parameter ip-address1, ip-address2: Destination IP address in dotted decimal notation. ip-address1, mask1, mask2 and ip-address2 determine one address range together. Anding ip-address1 with mask1 specifies the start of the range while anding ip-address2 with mask2 specifies the end. This command is used to display the routes in this address range. mask1, mask2: IP address mask, length in dotted decimal notation or integer form.
388 CHAPTER 23: STATIC ROUTE CONFIGURATION COMMANDS This command is mainly used to trace the route-policy and display the corresponding route information. If there is no specified address prefix list, this command will display the verbose information of all Active and Inactive routes with the verbose keyword and it will display the summary of all Active routes without the verbose keyword. Example # Configure the ip prefix list abc2, allowing the routes with the prefix as 10.1.1.
Display Commands of the Routing Table 389 View Any view Parameter inactive: With the parameter, this command displays the inactive route information. Without the parameter, this command displays the active and inactive route information. verbose: With the verbose keyword, this command displays the verbose route information. Without the parameter, this command displays the route summary.
390 CHAPTER 23: STATIC ROUTE CONFIGURATION COMMANDS STATIC Routing tables status:: Summary count: 1 For detailed description of the output information, see Table 48. display ip routing-table radix Syntax display ip routing-table radix View Any view Parameter None Description Use the display ip routing-table radix command to view route information in tree format. Example # Display route information in tree format.
Display Commands of the Routing Table 391 The integrated routing information includes total route amount, the route amount added or deleted by protocol, amount of the routes that are labeled "Deleted" but not deleted, and the Active route amount. Example # Display the integrated route information.
392 CHAPTER 23: STATIC ROUTE CONFIGURATION COMMANDS 77.77.77.77/32 195.168.130.0/24 195.168.130.1/32 195.195.0.0/16 195.195.1.1/32 display ip routing-table verbose STATIC DIRECT DIRECT DIRECT DIRECT 60 0 0 0 0 0 0 0 0 0 195.195.1.10 195.168.130.1 127.0.0.1 195.195.1.1 127.0.0.
Static Route Configuration Commands 393 Table 52 Description of the fields of the display ip routing-table verbose command Field Description Holddown Number of held-down routes Delete Number of deleted routes Hidden Number of hidden routes Static Route Configuration Commands delete static-routes all Syntax delete static-routes all View System view Parameter None Description Use the delete static-routes all command to delete all the static routes.
394 CHAPTER 23: STATIC ROUTE CONFIGURATION COMMANDS Description Use the delete vpn-instance command to remove all the static routes of the VPN. When you use this command to remove the static routes, the system will prompt your acknowledgement. The system removes all configured static routes after the acknowledgement. Related commands: ip route-static, display ip routing-table vpn-instance. Example # Remove all static routes of the VPN.
Static Route Configuration Commands 395 reject: Indicates an unreachable route. When a static route to a destination has the "reject" attribute, all the IP packets to this destination will be discarded, and the source host will be informed that the destination is unreachable. blackhole: Indicates a blackhole route.
396 CHAPTER 23: STATIC ROUTE CONFIGURATION COMMANDS
RIP CONFIGURATION COMMANDS 24 n When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual. For the configuration of VPN instance, refer to the MPLS module in 3Com Switch 8800 Family Series Routing Switches Operation Manual.
398 CHAPTER 24: RIP CONFIGURATION COMMANDS default cost Syntax default cost value undo default cost View RIP view Parameter value: The default routing cost to be set, ranging from 1 to 16. The default value is 1. Description Use default cost command to set the default routing cost of an imported route. Use the undo default cost command to restore the default value.
RIP Configuration Commands 399 Period update timer : 30 Timeout timer : 180 Garbage-collection timer : 120 No peer router Network : 202.38.168.
400 CHAPTER 24: RIP CONFIGURATION COMMANDS Related commands: acl, filter-policy import, ip ip-prefix. Example # Filter the advertised route information according to ACL 2000.
RIP Configuration Commands host-route 401 Syntax host-route undo host-route View RIP view Parameter None Description Use the host-route command to control the RIP to accept the host route. Use the undo host-route command to reject the host route. By default, RIP accepts the host route. In some special cases, RIP receives a great number of host routes in the same network segment. These routes cannot help the path searching much but occupy a lot of resources.
402 CHAPTER 24: RIP CONFIGURATION COMMANDS By default, RIP does not import any other route. The import-route command is used to import the route of another protocol by using a certain cost value. RIP regards the imported route as its own route and transmits it with the specified cost value. This command can greatly enhance the RIP capability of obtaining routes, thus increasing the RIP performance.
RIP Configuration Commands 403 network, other interfaces will not forward the routes of the interface using this command and it seems that the interface disappeared. When the network command is used on an address, the effect is that the interface on the network segment at this address is enabled. For example, the results of viewing the network 129.102.1.1 with both the display current-configuration command and the display rip command are shown as the network 129.102.0.0. Related command: rip work.
404 CHAPTER 24: RIP CONFIGURATION COMMANDS Description Use the preference command to configure the route preference of RIP. Use the undo preference command to restore the default preference. Every routing protocol has its own preference. Its default value is determined by the specific routing policy. The preference will finally determine the routing algorithm to obtain the optimal route in the IP routing table. This command can be used to modify the RIP preference manually.
RIP Configuration Commands 405 To enter the RIP view to configure various RIP global parameters, RIP should be enabled first. Whereas the configuration of parameters related to the interfaces is not restricted by enabling/disabling RIP. n Note that the interface parameters configured previously would be invalid when RIP is disabled or reset. Example # Enable the RIP and enter the RIP view.
406 CHAPTER 24: RIP CONFIGURATION COMMANDS cipher text authentication mode is used, there are two types of packet formats. One of them is that described in RFC 1723, which was brought forward earlier. The other format is the one described specially in RFC 2082. The router supports both of the packet formats and the user can select either of them on demands. Related command: rip version. Example # Specify Interface Vlan-interface 10 to use the simple authentication with the key as aaa.
RIP Configuration Commands rip metricin 407 Syntax rip metricin value undo rip metricin View Interface view Parameter value: Additional route metric added when an interface receives a packet, ranging from 0 to 16. By default, the value is 0. Description Use the rip metricin command to configure the additional route metric added to the route when an interface receives RIP packets. Use the undo rip metricin command to restore the default value of this additional route metric.
408 CHAPTER 24: RIP CONFIGURATION COMMANDS [SW8800] interface Vlan-interface 10 [3Com-Vlan-interface10] rip metricout 2 rip output Syntax rip output undo rip output View Interface view Parameter None Description Use the rip output command to allow an interface to transmit RIP packets to the external. Use the undo rip output command to disable an interface to transmit RIP packets to the external. By default, all interfaces except loopback interfaces are enabled to transmit RIP packets to the external.
RIP Configuration Commands 409 Use undo rip split-horizon command to configure an interface not to use split horizon when transmitting RIP packets. By default, an interface is enabled to use split horizon when transmitting RIP packets. Normally, split horizon is necessary for reducing route loop. Only in some special cases, you need to disable split horizon to ensure the correct execution of protocols. When doing that, make sure that it is necessary.
410 CHAPTER 24: RIP CONFIGURATION COMMANDS Example # Configure the interface Vlan-interface 10 as RIP-2 broadcast mode. [SW8800] interface Vlan-interface 10 [3Com-Vlan-interface10] rip version 2 broadcast rip work Syntax rip work undo rip work View Interface view Parameter None Description Use the rip work command to enable the running of RIP on an interface. Use the undo rip work command to disable the running of RIP on an interface. By default, RIP is running on an interface.
RIP Configuration Commands 411 By default, RIP-2 route summarization is used. Automatic route summarization can be performed to reduce the routing traffic on the network as well as to reduce the size of the routing table. If RIP-2 is used, route summarization function can be disabled with the undo summary command, when it is necessary to broadcast the subnet route. RIP-1 does not support subnet mask. Forwarding subnet route may cause ambiguity. Therefore, RIP-1 uses route summarization all the time.
412 CHAPTER 24: RIP CONFIGURATION COMMANDS Example # Set the values of Period Update timer and Timeout timer of RIP to 10 seconds and 30 seconds respectively.
OSPF CONFIGURATION COMMANDS 25 n When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual.
414 CHAPTER 25: OSPF CONFIGURATION COMMANDS Example # Summarize two network segments, 36.42.10.0 and 36.42.110.0, in OSPF area 1 into one summarized route 36.42.0.0 and transmit it to other areas. [3Com-ospf-1] area 1 [3Com-ospf-1-area-0.0.0.1] network 36.42.10.0 0.0.0.255 [3Com-ospf-1-area-0.0.0.1] network 36.42.110.0 0.0.0.255 [3Com-ospf-1-area-0.0.0.1] abr-summary 36.42.0.0 255.255.0.
OSPF Configuration Commands 415 Description Use the asbr-summary command to configure summarization of imported routes by OSPF. Use the undo asbr-summary command to cancel the summarization. By default, summarization of imported routes is disabled. After the summarization of imported routes is configured, if the local router is an autonomous system border router (ASBR), this command summarizes the imported Type-5 LSAs in the summary address range.
416 CHAPTER 25: OSPF CONFIGURATION COMMANDS the ospf authentication-mode md5 command to configure the MD5 cipher text authentication key if the area is configured to support MD5 cipher text authentication mode. Related command: ospf authentication-mode. Example # Enter area 0 view. [3Com-ospf-1] area 0 # Specify the OSPF area 0 to support MD5 cipher text authentication: [3Com-ospf-1-area-0.0.0.
OSPF Configuration Commands 417 Description Use the debugging ospf command to enable OSPF process debugging. Use the undo debugging ospf command to disable OSPF process debugging. In OSPF multiple processes, the debugging command can enable a certain debugging for all the processes, or enable the debugging of one of them. If you do not specify a process ID, the command is applied to all processes. While the router is operating, the debugging state always remains regardless of the existing OSPF process.
418 CHAPTER 25: OSPF CONFIGURATION COMMANDS default interval Syntax default interval seconds undo default interval View OSPF view Parameter seconds: Default interval in seconds for importing external routes. It ranges from 1 to 2,147,483,647 and defaults to 1. Description Use the default interval command to configure the default interval for OSPF to import external routes. Use the undo default interval command to restore the default value of the default interval for importing external routes.
OSPF Configuration Commands 419 Example # Specify the default value of OSPF imported external routes as 200. [3Com-ospf-1] default limit 200 default tag Syntax default tag tag undo default tag View OSPF view Parameter tag: Default tag, ranging from 0 to 4,294,967,295. The default value is 1. Description Use the default tag command to configure the default tag that OSPF assigns to imported routes.
420 CHAPTER 25: OSPF CONFIGURATION COMMANDS Use the undo default type command to restore the default type when OSPF imports external routes. By default, the external routes of type 2 are imported. OSPF specifies the two types of external routing information. The command described in this section can be used to specify the default type when external routes are imported. Related command: default tag. Example # Specify the default type as type 1 when OSPF imports an external route.
OSPF Configuration Commands default-route-advertise 421 Syntax default-route-advertise [ always | cost value | type type-value | route-policy route-policy-name ]* undo default-route-advertise [ always | cost | type | route-policy ]* View OSPF view Parameter always: The parameter will generate an ASE LSA which describes the default route and will advertise it if the local router is not configured with the default route.
422 CHAPTER 25: OSPF CONFIGURATION COMMANDS View Any view Description Use the display debugging ospf command to view the debugging states of global OSPF and all processes. Related command: debugging ospf. Example # Display the debugging states of global OSPF and all processes.
OSPF Configuration Commands 423 Table 54 Description of the fields of the display ospf abr-asbr command display ospf asbr-summary Field Description Nexthop Nexthop address Interface The local output interface Syntax display ospf [ process-id ] asbr-summary [ ip-address mask ] View Any view Parameter process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID. ip-address: Matched IP address in dotted decimal format.
424 CHAPTER 25: OSPF CONFIGURATION COMMANDS Table 55 Description of the fields of the display ospf asbr-summary command Field Description mask Mask tag Tag Status information, including two values: status display ospf brief DoNotAdvertise The summary routing information to the network segment will not be advertised Advertise The summary routing information to the network segment will be advertised Syntax display ospf [ process-id ] brief View Any view Parameter process-id: Process ID of OSPF.
OSPF Configuration Commands 425 Table 56 Description of the fields of the display ospf brief command Field Description Routing preference Routing preference of OSPF. The internal route of OSPF includes intra/inter area route, and its default routing preference is 10.
426 CHAPTER 25: OSPF CONFIGURATION COMMANDS Link-State Req 18 18 Link-State Update 48 53 Link-State Ack 25 21 ASE: 1 Checksum Sum: FCAF LSAs originated by this router Router: 50 SumNet: 40 SumASB: 2 LSAs Originated: 92 LSAs Received: 33 Area 0.0.0.0: Neighbors: 1 Interfaces: 1 Spf: 54 Checksum Sum F020 rtr: 2 net: 0 sumasb: 0 sumnet: 1 Area 0.0.0.
OSPF Configuration Commands 427 Parameter process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID. Description Use the display ospf error command to view the OSPF error information. Example # Display the OSPF error information. display ospf error OSPF Process 1 with Router ID 1.1.1.
428 CHAPTER 25: OSPF CONFIGURATION COMMANDS Table 58 Description of the fields of the display ospf error command display ospf interface Field Description HELLO: router id confusion Hello packet: Router ID confusion HELLO: virtual neighbor unknown Hello packet: unknown virtual neighbor DD: neighbor state low Database description (DD) packet: asynchronous neighbor state DD: unknown LSA type DD packet: unknown LSA type LS ACK: neighbor state low Link state acknowledgment (LS ACK) packet: states
OSPF Configuration Commands 429 Priority: 1 Designated Router: 10.110.10.1 Backup Designated Router: 10.110.10.
430 CHAPTER 25: OSPF CONFIGURATION COMMANDS originate-router ip-address: Views the IP address of the LSA generator. self-originate: Views the database information of self-originated LSA. Description Use the display ospf lsdb command to view the link-state database (LSDB) of OSPF. Example # Display the LSDB of OSPF. display ospf lsdb verbose OSPF Process 1 with Router ID 1.1.1.1 Link State Database Area: 0.0.0.0 Type LinkState ID AdvRouter Age Len Sequence Metric Where Rtr 2.2.2.2 2.2.2.
OSPF Configuration Commands 431 Tos 0 metric: 1 E type : 2 Forwarding Address: 0.0.0.
432 CHAPTER 25: OSPF CONFIGURATION COMMANDS Table 62 Description of the fields of the display ospf nexthop command Field Description Intf Name The outgoing interface to the next hop display ospf peer Syntax display ospf [ process-id ] peer [ brief ] View Any view Parameter process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID. Description Use the display ospf peer command to view information about OSPF peers.
OSPF Configuration Commands 433 Description Use the display ospf request-queue command to view the information about the OSPF request-queue. Example # Display the information of OSPF request-queue. display ospf request-queue The Router’s Neighbors is RouterID: 1.1.1.1 Address: 1.1.1.1 Interface: 1.1.1.3 Area: 0.0.0.0 LSID:1.1.1.3 AdvRouter:1.1.1.
434 CHAPTER 25: OSPF CONFIGURATION COMMANDS Table 65 Description of the fields of the display ospf retrans-queue command Field Description RouterID Router ID of neighbor router Address Address of the interface, through which neighbor routers communicate with the router Interface Address of the interface on the network segment Area Number of an OSPF area Type Type of the LSA LSID Link State ID of the LSA AdvRouter Router ID of the router originating the LSA display ospf routing Syntax displ
OSPF Configuration Commands 435 Table 66 Description of the fields of the display ospf routing command display ospf abr-summary Field Description NSSA Number of NSSA routes Syntax display ospf [ process-id ] abr-summary View Any view Parameter process-id: OSPF process number. If no process number is specified, the command functions on all the currently active OSPF processes. Description Use the display ospf abr-summary command to view the inter-area route summarization information of OSPF.
436 CHAPTER 25: OSPF CONFIGURATION COMMANDS View Any View Parameter process-id: ID of an OSPF process. If the process ID is not specified, the major information about all the OSPF processes will be displayed in the order in which IDs are configured. Description Use the display ospf graceful-restart status command to display the information about OSPF Graceful Restart. . Example # Display the information about OSPF Graceful Restart.
OSPF Configuration Commands 437 Description Use the display ospf vlink command to view the information about OSPF virtual links. Example # View OSPF virtual links information. display ospf vlink OSPF Process 1 with Router ID 1.1.1.1 Virtual Links Virtual-link Neighbor-id -> 2.2.2.2, State: Full Cost: 0 State: Full Type: Virtual Transit Area: 0.0.0.
438 CHAPTER 25: OSPF CONFIGURATION COMMANDS Description Use the filter-policy export command to configure the rule used by OSPF to filter advertised routing information. Use the undo filter-policy export command to cancel the filtering rules that have been set. By default, no filtering of the advertised routing information is performed. In some cases, it may be required that only the routing information meeting some conditions can be advertised.
OSPF Configuration Commands 439 In some situations, it may be required that only some Type-3 LSAs meeting a certain condition be advertised. In this case, you can define a Filter-policy to set the filter condition for advertised Type-3 LSAs so that only the Type-3 LSAs having passed the filtration can be advertised.
440 CHAPTER 25: OSPF CONFIGURATION COMMANDS the filtering conditions for the routing information to be received. Only the routing information passing the filtration can be received. The filter-policy import command is used to filter the routes calculated by OSPF. Only the routes that pass the filter are added into the routing table. The command can filter the routes by next hop or by destination address.
OSPF Configuration Commands 441 Related command: acl, ip ip-prefix. Example # Filter the received routing information as per the condition defined in ACL 2000. [SW8800] acl number 2000 [3Com-acl-basic-2000] rule permit source 20.0.0.0 0.255.255.255 [3Com-acl-basic-2000] rule deny source any [3Com-acl-basic-2000] quit [SW8800] ospf 1 [3Com-ospf-1]area 1 [3Com-ospf-1-area-0.0.0.
442 CHAPTER 25: OSPF CONFIGURATION COMMANDS import-route Syntax import-route protocol [ cost value | type value | tag value | route-policy route-policy-name ]* undo import-route protocol View OSPF view Parameter protocol: Specifies the source routing protocol that can be imported. At present, it includes direct, rip, isis, bgp, ospf-ase, ospf-nssa and static. cost value: Specifies the cost of imported route. type value: Specifies the cost type of imported external routes. The value ranges from 1 to 2.
OSPF Configuration Commands 443 Description Use the import-route-limit command to set the maximum number of exterior routes allowed to be imported. Use the undo import-route command to restore the default value of the maximum of exterior routes allowed to be imported. By default, a maximum of 20K exterior routes are allowed to be imported. Example # Set the maximum number of exterior routes allowed to be imported to 50K.
444 CHAPTER 25: OSPF CONFIGURATION COMMANDS ip-mask: IP address wildcard (similar to the complement of the IP address mask), which also supports IP address mask input. Description Use the network command to configure the interfaces running OSPF. Use the undo network command to cancel the interfaces running OSPF. By default, interfaces do not belong to any OSPF area. With the two parameters, ip-address and ip-mask, one or more interfaces can be configured as an area.
OSPF Configuration Commands 445 route will be generated always. Only when there is route 0.0.0.0 in routing table on ASBR, will type-7 LSA default route be generated. On ASBR, the no-import-route keyword enables the external route imported by OSPF through import-route command not to be advertised to NSSA area. Example # Configure area 1 as a NSSA area. [3Com-ospf-1] area 1 [3Com-ospf-1-area-0.0.0.1] network 36.0.0.0 0.255.255.255 [3Com-ospf-1-area-0.0.0.
446 CHAPTER 25: OSPF CONFIGURATION COMMANDS # Enable the OSPF process 120, bind the VPN instance and run the OSPF protocol. [SW8800] ospf 120 router id 9.9.9.9 vpn-instance vpn9 [3Com-ospf-120] ospf authentication-mode Syntax ospf authentication-mode { simple password | md5 key-id key } undo ospf authentication-mode { simple | md5 } View Interface view Parameter simple password: Enables plain text authentication and specifies a password not exceeding 8 characters.
OSPF Configuration Commands ospf cost 447 Syntax ospf cost value undo ospf cost View Interface view Parameter value: Cost for running OSPF protocol, ranging from 1 to 65,535. Description Use the ospf cost command to configure different message sending costs so as to send messages from different interfaces. Use the undo ospf cost command to restore the default cost. For 3Com Switch 8800 Family Series Routing Switches, the default cost for running OSPF protocol on the VLAN interface is 10.
448 CHAPTER 25: OSPF CONFIGURATION COMMANDS ospf mib-binding Syntax ospf mib-binding process-id undo ospf mib-binding View System view Parameter process-id: ID of an OSPF process, in the range 1 to 65,535. If no OSPF process is specified, the default process ID 1 applies. Description Use the ospf mib-binding command to bind the MIB operation to the specified OSPF process. Use the undo ospf mib-binding command to restore the default.
OSPF Configuration Commands 449 By default, The MTU value is 0 when the interface sends DD packets, i.e. the actual MTU value of the interface is not written. Database Description (DD) packets are used to describe its own LSDB when the router running OSPF protocol is synchronizing the database. The default MTU value of DD packet is 0.
450 CHAPTER 25: OSPF CONFIGURATION COMMANDS View Interface view Parameter seconds: Dead interval of the OSPF neighbor. It is in seconds and ranges from 1 to 65,535. minimal: Specifies the port to run Fast Hello function. multi-hello: Sends multiple hello packets. packets: Number of Hello packets sent within one second. Description Use the ospf timer dead command to configure the dead interval of the OSPF peer.
OSPF Configuration Commands 451 Parameter seconds: Interval in seconds for an interface to transmit hello packet. It ranges from 1 to 255. Description Use the ospf timer hello command to configure the interval for transmitting Hello packets on an interface. Use the undo ospf timer hello command to restore the interval to the default value. By default, the interval is 10 seconds for an interface of broadcast type to transmit Hello packets. Related command: ospf timer dead.
452 CHAPTER 25: OSPF CONFIGURATION COMMANDS Example # Specify the retransmit for LSA transmitting between the interface Vlan-interface 10 and the adjacent routers to 12 seconds. [SW8800] interface Vlan-interface 10 [3Com-Vlan-interface10] ospf timer retransmit 12 ospf trans-delay Syntax ospf trans-delay seconds undo ospf trans-delay View Interface view Parameter seconds: Transmitting delay of LSA on an interface. It ranges from 1 to 3600. By default, the value is 1 second.
OSPF Configuration Commands 453 Description Use the preference command to configure the preference of an OSPF protocol route. Use the undo preference command to restore the default value of the OSPF protocol route. By default, the preference of an OSPF protocol internal route is 10 and the preference of an external route is 150. Because multiple dynamic routing protocols could be running on a router, there is the problem of routing information sharing among routing protocols and selection.
454 CHAPTER 25: OSPF CONFIGURATION COMMANDS reset ospf all # Reset OSPF process 200. reset ospf 200 router id Syntax router id router-id undo router id View System view Parameter router-id: Router ID that is a 32-bit unsigned integer. Description Use the router id command to configure the ID of a router running the OSPF protocol. Use the undo router id command to cancel the router ID that has been set.
OSPF Configuration Commands 455 View OSPF view Parameter Vlan-interface: Specifies the VLAN interface Vlan-interface-number: Specifies the VALAN interface number. default: All interfaces. Description Use the silent-interface command to disable an interface to transmit OSPF packets. Use the undo silent-interface command to restore the default setting. By default, the interface is enabled to transmit OSPF packets.
456 CHAPTER 25: OSPF CONFIGURATION COMMANDS Description Use the sham-link command to run Fast Hello function on the sham-link link, that is, to specify multiple Fast Hello packets to be sent within one second. The default dead interval time is one second. Example # Specify the sham-link link 1.1.1.1 2.2.2.2 to run Fast Hello Function. The dead interval time is one second. Five Hello packets are sent within one second. [3Com-ospf-1] area 0.0.0.0 [3Com-ospf-1-area-0.0.0.0] sham-link 1.1.1.1 2.2.2.
OSPF Configuration Commands 457 Example # Enable the TRAP function for OSPF process 100. [SW8800] snmp-agent trap enable ospf 100 spf-schedule-interval Syntax spf-schedule-interval interval undo spf-schedule-interval View OSPF view Parameter interval: SPF calculation interval of OSPF, which is in the range of 1 to 10 and is measured in seconds. The default value is five seconds. Description Use the spf-schedule-interval command to configure the route calculation interval of OSPF.
458 CHAPTER 25: OSPF CONFIGURATION COMMANDS If the router is an ABR, it will send a default route to the connected Stub area. Using the default-cost command, you can configure the default route cost value. In addition, on an ABR, you can configure the no-summary argument in the stub command to prevent type-3 LSAs from entering the Stub area connected to this ABR. Related command: default-cost. Example # Set the type of OSPF area 1 to the Stub area. [3Com-ospf-1] area 1 [3Com-ospf-1-area-0.0.0.
OSPF Configuration Commands 459 key: Specifies the MD5 authentication key. If it is input in a plain text form, MD5 key is a character string in the range 1 to 16 characters. It will be displayed in a cipher text form in a length of 24 characters when the display current-configuration command is executed. Inputting the MD5 key in a cipher text form with 24 characters is also supported. Description Use the vlink-peer command to create and configure a virtual link.
460 CHAPTER 25: OSPF CONFIGURATION COMMANDS
INTEGRATED IS-IS CONFIGURATION COMMANDS 26 n When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual. For the configuration of VPN instance, refer to the MPLS module in 3Com Switch 8800 Family Series Routing Switches Operation Manual.
462 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS Description Use the area-authentication-mode command to configure ISIS to authenticate the received Level-1 routing information packets (LSP, CSNP and PSNP), according to the pre-defined mode and password. Use the undo area-authentication-mode command to configure ISIS not to authenticate the said packets. In default configuration, the system will not authenticate the received Level-1 routing packets, and there is no password.
Integrated IS-IS Configuration Commands 463 Description Use the cost-style command to set the cost type of an IS-IS packet received/sent by the router. Use the undo cost-style command to restore the default settings. By default, IS-IS only receives/sends packets whose cost type is narrow. Related command: isis cost. Example # Set IS-IS to receive packets whose cost type is narrow or wide, but only send packets whose cost type is narrow.
464 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS interface-information: Information about IS-IS enabled data link layer. memory-allocating: IS-IS memory allocating status. receiving-packet-content: Packets received through IS-IS protocol. restart-events: IS-IS restart events. self-originate-update: Packets locally updated through IS-IS protocol. sending-packet-content: Packets sent through IS-IS protocol. snp-packet: CSNP/PSNP packet of IS-IS. spf-event: IS-IS SPF events.
Integrated IS-IS Configuration Commands 465 by searching the nearest L1/L2 router. The nearest L1/L2 router can be found by searching the ATT bit in the L1 LSP. This command can be set on L1 router or L2 router. By default, the route is generated on L2 LSP. If the apply isis level-1 command is executed in route-policy view, the default route will be generated on L1 LSP. If the apply isis level-2 command is executed in Route-policy view, the default route will be generated on L2 LSP.
466 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS Priority Retransmission interval display isis lsdb : : L1 64 5 L2 64 Syntax display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ [ LSPID | local ] | verbose ]* ]* View Any view Parameter l1 and Level-1: Both refer to the link state database of Level-1. l2 and level-2: Both refer to the link state database of Level-2. LSPID: Specifies the LSPID of the Network-entity-title. local: Displays the LSP information generated locally.
Integrated IS-IS Configuration Commands 467 [3Com-Vlan-interface10] isis mesh-group 100 [SW8800] interface Vlan-interface 20 [3Com-Vlan-interface20] isis mesh-group 100 # Display the information of IS-IS mesh-group.
468 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS View Any view Parameter None Description Use the display isis route command to view IS-IS routing information. . Example # View IS-IS routing information. display isis route ISIS Level - 1 Forwarding Table : Type - D -Direct, C -Connected, I -ISIS, S -Static, O -OSPF B -BGP, R -RIP Flags: R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set Destination/Mask In.Met Ex.
Integrated IS-IS Configuration Commands IS_SPFTRIG_LSPCHANGE IS_SPFTRIG_LSPCHANGE IS_SPFTRIG_ADJDOWN IS_SPFTRIG_NEWADJ IS_SPFTRIG_LSPCHANGE IS_SPFTRIG_LSPCHANGE IS_SPFTRIG_PERIODIC IS_SPFTRIG_LSPEXPIRED IS_SPFTRIG_PERIODIC IS_SPFTRIG_PERIODIC IS_SPFTRIG_LSPCHANGE IS_SPFTRIG_PERIODIC IS_SPFTRIG_LSPCHANGE domain-authenticationmode 2 2 2 2 2 3 3 3 3 3 3 3 2 22 18 19 18 20 19 21 19 19 18 19 19 19 469 0:55:51 0:55:46 0:55:23 0:54:16 0:54:12 0:54:7 0:48:25 0:34:10 0:33:25 0:18:25 0:13:26 0:3:25 1:12:7 Synt
470 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS Use the undo domain-authentication-mode command to configure IS-IS not to authenticate the said packets. By default, the system will not authenticate the received level-2 routing packets, and there is no password. By using this command, all the level-2 routing packets, whose domain authentication passwords do not consist with the one set via this command will not be received.
Integrated IS-IS Configuration Commands filter-policy import 471 Syntax filter-policy acl-number import undo filter-policy acl-number import View IS-IS view Parameter acl-number: Specifies the number of the access control list, ranging from 2000 to 3999. Description Use the filter-policy import command to configure to filter the routes received by IS-IS. Use the undo filter-policy import command to configure not to filter the received routes.
472 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS system-view [SW8800] isis 1 [3Com-isis-1] graceful-restart graceful-restart interval Syntax graceful-restart interval interval-value undo graceful-restart interval View IS-IS view Parameter interval-value: Interval of restart (expected restart time) in seconds, in the range of 30 to 1800. It is 300 seconds by default. Description Use the graceful-restart interval command to specify the restart interval.
Integrated IS-IS Configuration Commands 473 the LSP generated during the last run may still exist in the LSP database of other routers in the network. Because LSP fragment sequence numbers are initialized when a router is reset, the LSP copy stored in the other routers in the network seems newer than the new LSPs generated after this router is restarted.
474 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS import-route Syntax import-route protocol [ cost value | type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ]* undo import-route protocol [ cost value | type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ]* View IS-IS view Parameter protocol: Specifies the source protocol for importing the routing information, which can be direct, static, rip, bgp, ospf, os
Integrated IS-IS Configuration Commands 475 View IS-IS view Parameter acl-number: ACL number. It is in the range of 2000 to 3999, which means basic ACLs and advanced ACLs can be used. Description Use the import-route isis level-2 into level-1 command to enable routing information in a Level-2 area to be imported to a Level-1 area. Use the undo import-route isis level-2 into level-1 command to remove the function.
476 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS used to enable each interface which needs to run an IS-IS process. The IS-IS protocol is actually enabled upon the completion of these configurations. n Only one IS-IS routing process can be started on one router. Related command: isis enable, network-entity. Example # Start an IS-IS routing process, in which the system ID is 0000.0000.0002 and the area ID is 01.0001. [SW8800] isis [3Com-isis] network-entity 01.0001.0000.0000.0002.
Integrated IS-IS Configuration Commands 477 Use the undo isis authentication-mode command to cancel the authentication and delete the password at the same time. By default, the password is not set and no authentication is executed. If the password is set, but no parameter is specified, the default settings are Level-1, plaintext and osi. Related command: area-authentication-mode, domain-authentication-mode.
478 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS Example # When interface Vlan-interface 10 is connected with a non-backbone router in the same area, you can set this interface as level-1, prohibiting the sending and receiving of Level-2 Hello packets.
Integrated IS-IS Configuration Commands 479 Parameter value: The priority when selecting DIS. Its value ranges 0 to 127, and the default priority is 64. level-1: Specifies the priority when selecting Level-1 DIS. level-2: Specifies the priority when selecting Level-2 DIS. If the level is not specified, the default priority level is Level-1. Description Use the isis dis-priority command to configure the priority of an interface for the DIS election.
480 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS used to enable each interface which needs to run the IS-IS process. The IS-IS protocol is actually enabled upon the completion of these configurations. Related command: isis, network-entity. Example # Create an IS-IS routing process named "3com", and activate this routing process on interface Vlan-interface 10. [SW8800] isis 3com [3Com-isis] network-entity 10.0001.1010.1020.1030.
Integrated IS-IS Configuration Commands isis timer csnp 481 Syntax isis timer csnp seconds [ level-1 | level-2 ] undo isis timer csnp [ level-1 | level-2 ] View Interface view Parameter seconds: Specifies the CSNP packet interval on the broadcast network, ranging from 1 to 65535 and measured in seconds. By default, the value is 10 seconds. level-1: Specifies the Level-1 CSNP packet interval. level-2: Specifies the Level-2 CSNP packet interval.
482 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS Description Use the isis timer hello command to configure the interval of sending Hello packet of the corresponding level. Use the undo isis timer hello command to restore the default value. On a broadcast link, level-1 and level-2 Hello packets will be sent respectively and their intervals should also be set respectively. Such settings are unnecessary on point-to-point links.
Integrated IS-IS Configuration Commands isis timer holding-multiplier 483 Syntax isis timer holding-multiplier value [ level-1 | level-2 ] undo isis timer holding-multiplier [ level-1 | level-2 ] View Interface view Parameter value: Number of consecutive Hello packets that haven’t been received from the IS-IS neighbor for it to be considered dead. It ranges from 3 to 1000. level-1: Level-1 IS-IS neighbor. level-2: Level-2 IS-IS neighbor.
484 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS [SW8800] interface Vlan-interface 10 [3Com-Vlan-interface10] isis timer holding-multiplier 5 isis timer lsp Syntax isis timer lsp time undo isis timer lsp View Interface view Parameter time: Specifies the LSP interval, ranging from 1 to 1000 and measured in milliseconds. The default value is 33 milliseconds. Description Use the isis timer lsp command to configure the interval at which IS-IS sends link-state packets on the interface.
Integrated IS-IS Configuration Commands 485 If neither level-1 nor level-2 is specified in this command, this command takes effect on both levels by default. Description Use the timer lsp-generation command to set the time interval to generate LSPs (link state packets). Use the undo timer lsp-generation command to restore the default setting. When an event occurs, a new LSP needs to be generated for the IS-IS protocol.
486 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS is-level Syntax is-level { level-1 | level-1-2 | level-2 } undo is-level View IS-IS view Parameter level-1: Configures the router to operate at Level-1, only calculate the intra-area routes and maintain the LSDB of L1. level-1-2: Configures the router to operate at Level-2, calculate both the L1 and L2 routes and maintain the LSDB of L1 and L2.
Integrated IS-IS Configuration Commands 487 Description Use the log-peer-change command to log the peer changes. Use the undo log-peer-change command to configure not to log the peer changes. By default, peer changes log disabled. After peer changes log is enabled, the IS-IS peer changes will be output on the configuration terminal until the log is disabled. Example # Configure to output the IS-IS peer changes on the current router.
488 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS View IS-IS view Parameter network-entity-title: Specify the network entity title in the X...X.XXXX....XXXX.00 format, in which the first "X...X" is the area address, the twelve Xs in the middle is the System ID of the router, and the 00 in the end is SEL. Description Use the network-entity command to configure the name of Network Entity Title (NET) of the IS-IS routing process. Use the undo network-entity command to delete a NET.
Integrated IS-IS Configuration Commands 489 Several dynamic routing protocols could run simultaneously on a router. In this case, there is an issue of sharing and selecting the routing information among all the routing protocols. The system sets a preference for each routing protocol. When various routing protocols find the route to the same destination, the protocol with the higher preference will take effect. Example # Configure the preference of IS-IS as 25.
490 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS This command is used when you want to reconfigure a certain neighbor. Example # Clear the IS-IS neighbor whose system ID is 0000.0c11.1111. reset isis peer 0000.0c11.1111 set-overload Syntax set-overload undo set-overload View IS-IS view Parameter None Description Use the set-overload command to set overload flag for the current router. Use the undo set-overload command to cancel the overload flag. By default, no overload flag is set.
Integrated IS-IS Configuration Commands 491 Use the undo silent-interface command to enable the interface to transmit IS-IS packet. By default, all the interface are allowed to transmit/receive IS-IS packets. The silent-interface command is only used to suppress the packets to be transmitted on the interface, but the routes of this interface will still be transmitted from other interfaces. Example # Prohibit the IS-IS packets to be transmitted via Interface Vlan-interface 3.
492 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS undo spf-slice-size View IS-IS view Parameter seconds: Duration of one cycle in seconds of SPF calculation in the range from 0 to 120. When the calculation duration time reaches or exceeds the set value, the calculation of this time ends. If seconds is set to 0, it indicates that SPF calculation is not divided into slices and it will operate until the end. By default, the value is 0.
Integrated IS-IS Configuration Commands 493 level-2: Summarizes the routes imported into backbone area. Description Use the summary command to configure to summarize IS-IS routes. Use the undo summary command to cancel the summarization. By default, no routes will be summarized. Similarly, the routes with the same next hops can be summarized into one route. In this way, the sizes of the routing table, LSP packets and LSDB are reduced.
494 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS undo timer lsp-refresh View IS-IS view Parameter seconds: Specifies the LSP refreshment interval, measured in seconds. The range is 1 to 65535. The default value is 900 seconds. Description Use the timer lsp-refresh command to configure the refreshment interval of LSP. Use the undo timer lsp-refresh command to restore the default value, that is, 900 seconds.
command to restore the system default value. Use the undo timer spf In IS-IS, when the LSDB of the corresponding level is changed, SPF calculation is required. However, if the SPF calculation is performed too frequently, the system efficiency will be lowered. By setting a proper interval for performing SPF calculation, you can avoid the above situation. This setting can be made according to actual conditions. Example # Set the SPF calculation interval of the router to 3, 100 and 500 seconds.
496 CHAPTER 26: INTEGRATED IS-IS CONFIGURATION COMMANDS
BGP Configuration Commands 497 27 BGP CONFIGURATION COMMANDS n When a switch runs a routing protocol, it can perform the router functions. A router that is referred to in the following or its icon represents a generalized router or an Switch 8800 Family series routing switch running routing protocols. To improve readability, this will not be described in the other parts of the manual.
498 CHAPTER 27: BGP CONFIGURATION COMMANDS Description Use the aggregate command to establish an aggregated record in the BGP routing table. Use the undo aggregate command to disable the function. By default, there is no route aggregation. The keywords are explained as follows: Table 69 The use of the keywords Keyword Use as-set Used to produce an aggregated route, whose AS path information includes detailed routes.
BGP Configuration Commands 499 Example # Set the number of supported BGP equivalent routes to 3. [3Com-bgp] balance 3 bgp Syntax bgp as-number undo bgp [as-number ] View System view Parameter as-number: The specified local AS number, in the range of 1 to 65535. Description Use the bgp command to enable BGP and enter the BGP view. Use the undo bgp command to disable BGP. By default, the system does not run BGP.
500 CHAPTER 27: BGP CONFIGURATION COMMANDS If there are several routes available to one destination address, the route with smaller MED parameter can be selected as the final route item. Do not use this command unless it is determined that the same IGP and routing selection mode are adopted by different autonomous systems. Example [3Com-bgp] compare-different-as-med confederation id Syntax confederation id as-number undo confederation id View BGP view Parameter as-number: The ID of BGP AS confederation.
BGP Configuration Commands 501 [3Com-bgp] peer Remote98 as-number 98 [3Com-bgp] peer 200.1.1.1 group Remote98 confederation nonstandard Syntax confederation nonstandard undo confederation nonstandard View BGP view. Parameter None Description Use the confederation nonstandard command to configure the router to be compatible with routers not following RFC1965. Use the undo confederation nonstandard command to disable this function. By default, it is in accordance with RFC1965.
502 CHAPTER 27: BGP CONFIGURATION COMMANDS By default, no autonomous system is configured as a member of the confederation. Before this command is performed, the confederation ID should be configured by the confederation id command. Otherwise this configuration is invalid. The configured ASs in this command are inside the confederation and each AS uses fully meshed network. The confederation appears as a single AS to the routers outside it. Related command: confederation nonstandard, confederation id.
BGP Configuration Commands 503 By default, no route attenuation is configured. Related command: reset dampening, reset bgp flap-info, display bgp routing-table dampened, display bgp routing-table flap-info. Example # Modify the BGP route dampening parameters.
504 CHAPTER 27: BGP CONFIGURATION COMMANDS Use the debugging bgp keepalive command to enable the information debugging of BGP Keepalive packets. Use the debugging bgp packet command to enable the information debugging of BGP packets. Use the undo debugging bgp command to disable the debugging functions. Example # Enable the information debugging of BGP packets.
BGP Configuration Commands 505 Description Use the default med command to configure the default system metric. Use the undo default med command to restore the default metric of the system. Multi-Exit Discriminators (MED) attribute is the external metric of a route. Different from local preference, MED is exchanged between ASs. However, this attribute is non-transitive.
506 CHAPTER 27: BGP CONFIGURATION COMMANDS [3Com -bgp]display bgp routing-table Routes total: 0 # Import the default routes of static routing protocols. [3Com-bgp] default-route imported # Query the routing table. [3Com-bgp] Flags: # D B display bgp routing-table - valid ^ - active - damped H - history - balance I - internal S - aggregate suppressed Dest/Mask Next-Hop Med Local-pref Origin Path ------------------------------------------------------------------------#^ 0.0.0.0 0.0.0.
BGP Configuration Commands 507 Table 70 Description of the fields of the display bgp group command display bgp network Field Description type Type of peer group: IBGP or EBGP as-number AS number of peer group members in this group Members in this peer group route-policy Name of configured route policy filter-policy Configured export and import route filter for BGP acl Configured access control list ip-prefix Configured IP address prefix list Syntax display bgp network View Any view Param
508 CHAPTER 27: BGP CONFIGURATION COMMANDS Example # Display the information about the AS paths.
BGP Configuration Commands 509 Description Use the display bgp peer command to view the information about BGP peers. Example # Display the detail information of the peer 201.1.1.2. display bgp peer 201.1.1.2 verbose Peer: 201.1.1.2+179 Local: 200.1.1.1+1195 Type: External State: Established Flags: <> Expiring Time: 00:02:19 Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Options: Peer Version: 4 Peer ID: 201.1.1.2 Local ID: 200.1.1.
510 CHAPTER 27: BGP CONFIGURATION COMMANDS Parameter ip-address: Destination of the network. mask: Mask of the network. Description Use the display bgp routing-table command to view all the BGP routing information. Example # Display all the BGP routing information.
BGP Configuration Commands 511 Table 74 Description of the fields of the display bgp routing-table command Field As-path display bgp routing-table as-path-acl Description AS-path attribute of route, which records all AS areas that the route passes. With it, route loop can be avoided Syntax display bgp routing-table as-path-acl acl-number View Any view Parameter acl-number: Specifies matched AS path list number ranging from 1 to 199.
512 CHAPTER 27: BGP CONFIGURATION COMMANDS Table 75 Description of the fields of the display bgp routing-table as-path-acl command Field Description Origin attribute of route, which indicates that the route updates its origin relative to the route originating it from AS. It has three optional values: Origin As-path display bgp routing-table cidr IGP The route belongs to inside of AS. BGP treats aggregate route and the route defined by the command network as inside of AS, and origin type as IGP.
BGP Configuration Commands 513 no-export-subconfed: Does not send matched route outside AS. no-advertise: Sends matched route to no peers. no-export: Does not advertise the route to outside the AS or the confederation, but can advertise the route to other sub-Ass in the confederation. whole-match: Configures to display the exactly matched routes.
514 CHAPTER 27: BGP CONFIGURATION COMMANDS 1.1.3.0/24 2.2.3.0/24 4.4.4.0/24 9.9.9.0/24 10.10.10.0/24 10.10.10.0/24 256 256 256 256 0 256 10.10.10.1 10.10.10.1 10.10.10.1 10.10.10.1 10.10.10.2 10.10.10.1 0 0 0 0 0 0 IGP INC INC INC IGP IGP 200 200 200 200 200 For detailed description of the output information, see Table 74.
BGP Configuration Commands 515 Table 76 Description of the fields of the display bgp routing-table dampened command Field Description Origin attribute of route, which indicates that the route updates its origin relative to the route originating it from AS. It has three optional values: Origin As-path display bgp routing-table different-origin-as IGP The route belongs to inside of AS. BGP treats aggregate route and the route defined by the command network as inside of AS, and origin type as IGP.
516 CHAPTER 27: BGP CONFIGURATION COMMANDS acl-number: Number of the specified AS path to be matched, ranging from 1 to 199. network-address: Displays the flap information of this IP address. mask: Network mask. longer-match: Shows the route flap-info that is more specific than address, mask. Description Use the display bgp routing-table flap-info command to view BGP flap-info. If the network-address mask arguments are set to 0.0.0.0 0.0.0.0, this command displays the flap statistics of all BGP routes.
BGP Configuration Commands 517 Table 77 Description of the fields of the display bgp routing-table flap-info command Item As-path display bgp routing-table peer Description AS-path attribute of route, which records all AS areas that the route passes. With it, route loop can be avoided Syntax display bgp routing-table peer peer-address { advertised | received } [ network-address [ mask ] | statistic ] View Any view Parameter peer-address: Specifies the peer to be displayed.
518 CHAPTER 27: BGP CONFIGURATION COMMANDS Description Use the display bgp routing-table regular-expression command to view the routing information matching the specified AS regular expression Example # Display the routing information matched with ^600$.
BGP Configuration Commands 519 display bgp routing-table received statistic Peer: 200.1.7.2+1062 Received routes total: 213 Peer: 150.1.1.2+179 Received routes total: 423 Peer: 2 133.1.1.
520 CHAPTER 27: BGP CONFIGURATION COMMANDS View BGP view Parameter acl-number: Number of IP access control list, in the range of 2000 to 3999. ip-prefix-name: Name of an address prefix list. It is used for filtering routing information by destination address. Its length ranges from 1 to 19. gateway ip-prefix-name: Name of a peer-router address prefix list. It is used for filtering routing information by peer-router address. Its length ranges from 1 to 19.
BGP Configuration Commands 521 Description Use the group group-name command to establish a peer group. Use the undo group group-name command to cancel the configured peer group. The default type of BGP peer group is internal. Rather than existing alone, a BGP peer must belong to a peer group. Therefore, when creating a BGP peer, you must create a BGP peer group first and then add the peer into the group.
522 CHAPTER 27: BGP CONFIGURATION COMMANDS network Syntax network ip-address [ address-mask ] [ route-policy route-policy-name ] undo network ip-address [ address-mask ] [ route-policy route-policy-name ] View BGP view Parameter ip-address: Network address that BGP advertises. address-mask: Mask of the network address. route-policy-name: Route-policy applied to advertised routes. Description Use the network command to configure the network routes advertised by the local BGP.
BGP Configuration Commands peer advertise-community 523 Syntax peer group-name advertise-community undo peer group-name advertise-community View BGP view Parameter group-name: Name of a peer group. Description Use the peer advertise-community command to enable the transmission of the community attribute to a peer group. Use the undo peer advertise-community command to cancel the existing configuration. By default, the community attribute is not transmitted to any peer group.
524 CHAPTER 27: BGP CONFIGURATION COMMANDS Example # Specify to configure the repeating times of local AS to 2. [3Com-bgp] peer 1.1.1.1 allow-as-loop 2 peer as-number Syntax peer group-name as-number as-number undo peer group-name as-number View BGP view Parameter group-name: Name of peer group. as-number: Peer AS number of the peer group, the range is 1 to 65535. Description Use the peer as-number command to configure the peer AS number of the specified peer group.
BGP Configuration Commands 525 By default, the peer group has no AS path list. This command can only be configured on the peer group. The acl-number specifies the number of the AS path list. It is configured by the ip as-path-acl command rather than the acl command. Related command: peer as-path-acl import, ip as-path-acl. Example # Configure to filter the routes advertised by the peer group test using the AS path-list 1.
526 CHAPTER 27: BGP CONFIGURATION COMMANDS peer connect-interface Syntax peer { group-name | peer-address } connect-interface interface-type interface-number undo peer { group-name | peer-address } connect-interface interface-type interface-name View BGP view Parameter group-name: Specified peer group. peer-address: IP address of the peer. interface-type: Interface type. interface-number: Interface number.
BGP Configuration Commands 527 Use the undo peer default-route-advertise command to cancel the existing configuration. By default, a peer group does not import the default route. For this command, no default route needs to exist in the routing table. A default route is sent unconditionally to a peer with the next hop as itself. Example # Configure a peer group named test to generate a default route.
528 CHAPTER 27: BGP CONFIGURATION COMMANDS View BGP view Parameter group-name: Specifies the name of the peer group. ttl: Maximum hop value. The range is 1 to 255. By default, the value is 64. Description Use the peer ebgp-max-hop command to allow the router to establish EBGP connection with the peer on indirectly connected network. Use the undo peer ebgp-max-hop command to cancel the existing configuration. By default, this feature is disabled.
BGP Configuration Commands peer filter-policy export 529 Syntax peer group-name filter-policy acl-number export undo peer group-name filter-policy acl-number export View BGP view Parameter group-name: Specifies the name of the peer group. acl-number: Specifies an IP acl number, ranging from 2000 to 3999. export: Egress filter policy. It is only applicable to peer groups. Description Use the peer filter-policy export command to configure the filter-policy list of routes advertised by a peer group.
530 CHAPTER 27: BGP CONFIGURATION COMMANDS Description Use the peer filter-policy import command to configure the filter-policy list of the routes received by a peer/peer group. Use the undo peer filter-policy import command to cancel the existing configuration. By default, a peer/peer group has no access control list (acl). Related command: ip as-path-acl, peer as-path-acl export, peer as-path-acl import.
BGP Configuration Commands 531 [3Com-bgp] peer 10.2.2.2 graceful-restart # Enable Graceful-restart on an EBGP peer group named "TEST", and disable Graceful-restart on Peer 10.1.1.1 in this group. system-view [3Com-bgp] group TEST external [3Com-bgp] peer 10.1.1.1 group TEST as-number 200 [3Com-bgp] peer TEST graceful-restart [3Com-bgp] undo peer 10.1.1.
532 CHAPTER 27: BGP CONFIGURATION COMMANDS View BGP view Parameter group-name: Name of peer group. prefixname: Name of the specified ip-prefix. It is a character string of 1 to 19 characters. export: Applies the filtering policy on the route transmitted to the specified peer/peer group. Description Use the peer ip-prefix export command to configure the route filtering policy of routes advertised by the peer group based on the ip-prefix.
BGP Configuration Commands 533 By default, the route filtering policy of the peer/peer group is not specified. The priority of the inbound filter policy configured for the peer is higher than that configured for the peer group. Related command: peer ip-prefix export. Example # Configure the route filtering policy of the peer group based on the ip-prefix 1.
534 CHAPTER 27: BGP CONFIGURATION COMMANDS simple: Displays the configured password in simple text mode. password: Password in character string form with 1 to 16 characters when parameter simple is configured in the command or in the event of inputting the password in simple text mode but parameter cipher is configured in the command; with 24 characters in the event of inputting the password in cipher text mode when parameter cipher is configured in the command.
BGP Configuration Commands 535 By default, private AS number is carried when transmitting BGP update packets. Generally, BGP transmits BGP update packets with the AS number (either public AS number or private AS number). To enable some outbound routers to ignore the AS number when transmitting update packets, you can configure not to carry the AS number when transmitting BGP update packets. Example # Configure not to carry the private AS number when transmitting BGP update packets to the peer named test.
536 CHAPTER 27: BGP CONFIGURATION COMMANDS View BGP view Parameter group-name: Name of peer group. Description Use the peer reflect-client command to configure a peer group as the route reflector client. Use the undo peer reflect-client command to cancel the existing configuration. By default, there is no route reflector in an AS. This command only applies to IBGP peer groups. Related command: reflect between-clients, reflector cluster-id.
BGP Configuration Commands 537 [3Com-bgp] peer test route-policy test-policy export peer route-policy import Syntax peer { group-name | peer-address } route-policy route-policy-name import undo peer { group-name | peer-address } route-policy route-policy-name import View BGP view Parameter group-name: Name of peer group. peer-address: IP address of the peer. route-policy-name: The specified Route-policy.
538 CHAPTER 27: BGP CONFIGURATION COMMANDS Description Use the peer route-update-interval command to configure the interval for the transmission route of a peer group. Use the undo peer route-update-interval command to restore the interval to the default value. Example # Configure the interval of sending the route update packet of the BGP peer group "test" as 10 seconds.
BGP Configuration Commands 539 undo peer { group-name | peer-address } timer View BGP view Parameter group-name: Name of peer group. peer-address: IP address of the peer. keepalive-interval: Keepalive interval to be specified. The range is 1 to 4294967295. By default, its value is 60 seconds. holdtime-interval: Holdtime interval to be specified. The range is 3 to 4294967295. By default, its value is 180 seconds.
540 CHAPTER 27: BGP CONFIGURATION COMMANDS Three types of routes may be involved in BGP: routes learned from external peers, routes learned from internal peers and local-originated routes. You can set preference values for the three types of route. Example # Set the preference of EBGP routes, IBGP routes and local-originated routes all to 170.
BGP Configuration Commands 541 address: Used as the interface address of the route reflector’s cluster ID. Description Use the reflector cluster-id command to configure the cluster ID of the route reflector. Use the undo reflector cluster-id command to delete the cluster ID of the route reflector. By default, each route reflector uses its Router ID as the cluster ID. Usually, there is only one route reflector in a cluster. In this case, the cluster is identified by the router ID of the route reflector.
542 CHAPTER 27: BGP CONFIGURATION COMMANDS After the BGP connection is established, only incremental routes are sent. However, some special cases exist. For example, when the routing policy changes, the routes advertised to the peer or the advertised routes from the peer need refreshing so that they can be filtered according to the new policy. Example # Request all peers to re-send the routes.
flap-info of a record at this IP address. network-addre ss: Resets the mask: Network mask. Description Use the reset bgp flap-info command to reset the flap-info of a route. Related command: dampening. Example # Reset the flap-info of all the routes that go through filter list 1. reset bgp flap-info as-path-acl 1 reset bgp group Syntax reset bgp group group-name View User view Parameter group-name: Specifies the name of the peer group. It is a character string of 1 to 47 characters.
544 CHAPTER 27: BGP CONFIGURATION COMMANDS Description Use the reset dampening command to reset route attenuation information and release suppressed routes. Related command: dampening, display bgp routing-table dampened. Example # Reset the route attenuation information of the specified route 20.1.0.0, and release the suppression of a suppressed route. reset dampening 20.1.0.0 255.255.0.
BGP Configuration Commands 545 holdtime-interval: Sets the interval time value for hold time which ranges from 3 to 65535. By default, its value is 180 seconds. Description Use the timer command to configure the Keep-alive and Hold-time timer of BGP. Use the undo timer command to restore the default value of the Keep-alive and Hold-time of the timer. Example # Configure the Keep-alive timer as 120 seconds and Hold-time timer as 360 seconds.
546 CHAPTER 27: BGP CONFIGURATION COMMANDS
IP Routing Policy Configuration Commands 547 28 IP ROUTING POLICY CONFIGURATION COMMANDS n IP Routing Policy Configuration Commands In this chapter, a router refers to a general router or an Ethernet switch. To improve readability, such a description of a router will not be given in the other parts of the manual. In some situations, it may be required that only some routing information meeting a certain condition be received.
548 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS [3Com-route-policy] apply as-path 200 apply community Syntax apply community [ aa:nn ]* [ [ no-export-subconfed | no-export | no-advertise ] * [ additive ] | additive | none ] undo apply community View Route policy view Parameter none: Deletes the community attribute of the route. This keyword can be input up to 13 times. aa:nn: Community number. no-export-subconfed: Does not send matched route outside the sub-AS.
IP Routing Policy Configuration Commands 549 undo apply cost View Route policy view Parameter value: Specifies the route cost value of route information. Description Use the apply cost command to configure the route cost value of route information. Use the undo apply cost command to cancel the Apply sub-statement. By default, no Apply sub-statement is defined. This command is one Apply sub-statement of Route-policy. It configures the route cost value of the routing information that passes the filtration.
550 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS [3Com-route-policy] apply cost-type internal apply ip next-hop Syntax apply ip next-hop ip-address undo apply ip next-hop View Route policy view Parameter ip-address: The next-hop address. Description Use the apply ip next-hop command to configure the next hop address in the route information. Use the undo apply ip next-hop command to cancel the Apply sub-statement. By default, no Apply sub-statement is defined.
IP Routing Policy Configuration Commands 551 Description Use the apply isis command to configure to apply the level of a matched route to be imported to Level-1, Level-2 or Level-1-2. Use the undo apply isis command to cancel the Apply sub-statement. By default, no apply clause is defined. Related command: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply origin, apply tag.
552 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS View Route policy view Parameter igp: Sets the BGP route information source as internal route. egp: Sets the BGP route information source as external route as-number: Specifies AS number of external route. incomplete: Sets the BGP route information source as unknown source. Description Use the apply origin command to configure to apply the route source. Use the undo apply origin command to cancel the Apply sub-statement.
IP Routing Policy Configuration Commands display ip ip-prefix 553 Syntax display ip ip-prefix [ ip-prefix-name ] View Any view Parameter ip-prefix-name: Specifies displayed address prefix list name. Description Use the display ip ip-prefix command to view the address prefix list. If no ip-prefix-name is specified, all configured address prefix lists are displayed. Related command: ip ip-prefix. Example # Display the information of the address prefix list named as p1.
554 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS Example # Display the information of Route-policy named as policy1.
IP Routing Policy Configuration Commands 555 the filtering conditions for the routing information to be advertised. Only the routing information passing the filtration can be advertised. Related command: filter-policy import. Example # Define the filtering rules for advertising the routing information of RIP. Only the routing information passing the filtering of address prefix list p1 will be advertised by RIP.
556 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS Related command: filter-policy export. Example # Define the filtering rule for receiving routing information of RIP. Only the routing information filtered through the address prefix list p1 can be received by RIP.
IP Routing Policy Configuration Commands 557 Description Use the if-match as-path command to match the AS path domain of the BGP routing information. Use the undo if-match as-path command to cancel the match of AS path domain. By default, AS path list number is not matched. This command is an if-match sub-statement of route-policy, used to filter BGP routing information and specify the match condition according to the AS path attribute of the routing information.
558 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS Related command: route-policy, ip community-list. Example # First define a community-list numbered 1, allowing it to contain the routing information of AS 100 and AS 200. Then, define a route-policy named "test". An if-match sub-statement is defined for Node 10 of the route-policy, which quotes the definition of the community-list.
IP Routing Policy Configuration Commands 559 Parameter interface-type: Specifies interface type. interface-number: Specifies interface number. Description Use the if-match interface command to configure to match the route whose next hop is designated interface. Use the undo if-match interface command to cancel the setting of matching condition. By default, no if-match sub-statement is defined.
560 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS By default, no if-match sub-statement is defined. This command is an if-match sub-statement of route-policy used to filter the routing information based on next hop address by referencing an ACL or an address prefix list. Related command: if-match interface, if-match acl, if-match ip-prefix, if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply local-preference, apply origin, apply tag.
Number of AS path list, ranging from 1 to 199. Parameter acl-number: as-regular-expression: AS regular expression. Description Use the ip as-path-acl command to configure an AS path regular express. Use the undo ip as-path-acl command to disable the defined regular expression. The configured AS path list can be used on BGP policy. Related command: peer as-path-acl, display bgp routing-table as-path-acl. Example # Configure an AS path list.
562 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS no-export: Does not advertise routes beyond the AS or the confederation, but can advertise routes to other sub-ASs within the confederation. comm-regular-expression: Community attribute in regular expression format. Description Use the ip community-list command to configure a BGP community list. Use the undo ip community-list command to cancel the configured BGP community list. The configured community list can be used in BGP policy.
greater-equal, less-equal: The address prefix range [greater-equal, less-equal] to be matched after the address prefix network len has been matched. The meaning of greater-equal is "larger than or equal to", and the meaning of less-equal is "less than or equal to". The range is len <= greater-equal <= less-equal <= 32. When only greater-equal is used, it denotes the prefix range [greater-equal, 32]. When only less-equal is used, it denotes the prefix range [len, less-equal].
564 CHAPTER 28: IP ROUTING POLICY CONFIGURATION COMMANDS deny: Specifies the match mode of the defined Route-policy node as deny mode. When a route satisfy all if-match sub-statements of this node and fails to pass the filtration, it will not tested by the next node. node: Node of the route policy. node-number: Index of the node in the route-policy. When this route-policy is used for routing information filtration, the node with a smaller node-number will be tested first.
Route Capacity Configuration Commands 565 29 ROUTE CAPACITY CONFIGURATION COMMANDS Route Capacity Configuration Commands router route-limit Syntax router route-limit { 128K | 256K | 512K } View System view Parameter 128K: Sets the maximum number of route entries supported by current system to 128 K. 256K: Sets the maximum number of route entries supported by current system to 256 K. 512K: Sets the maximum number of route entries supported by current system to 512 K.
566 CHAPTER 29: ROUTE CAPACITY CONFIGURATION COMMANDS View System view Parameter 256: Sets the maximum number of VPN routing & forwarding instances (VRFs) supported by current system to 256. 512: Sets the maximum number of VRFs supported by current system to 512. 1024: Sets the maximum number of VRFs supported by current system to 1024. Description Use the router VRF-limit command to set the maximum number of VPN routing and forwarding instances (VRFs) supported by current system.
Recursive Routing Configuration Commands 567 30 RECURSIVE ROUTING CONFIGURATION Recursive Routing Configuration Commands route-rely Syntax route-rely [ bgp | static ] undo route-rely [ bgp | static ] View System view Parameter bgp: Specifies routes learned by the BGP as the type of routes to be controlled. static: Specifies static routes as the type of routes to be controlled. Description Use the route-rely command to enable recursive routing.
568 CHAPTER 30: RECURSIVE ROUTING CONFIGURATION
31 IGMP SNOOPING CONFIGURATION COMMANDS IGMP Snooping Configuration Commands debugging mpm Syntax debugging mpm { abnormal | all | event | forward | groups | packets | timer } undo debugging mpm { abnormal | all | event | forward | groups | packets | timer } View User view Parameter abnormal: Enables IGMP snooping abnormal debugging all: Turns on all IGMP snooping debugging switches events: Enables IGMP snooping events debugging forward: Enables IGMP snooping forwarding debugging groups: Enables IGMP sno
570 CHAPTER 31: IGMP SNOOPING CONFIGURATION COMMANDS View Any view Parameter None Description Use the display igmp-snooping configuration command to view the IGMP Snooping configuration information. When IGMP Snooping is enabled, the information displayed includes whether IGMP Snooping is enabled, router port aging time, maximum response time of a query, multicast group port aging time, and whether unknown multicast packets are disabled from flooding within VLANs. Related command: igmp-snooping.
IGMP Snooping Configuration Commands 571 IP multicast group address, member ports in the IP multicast group, MAC multicast group, MAC multicast group address, and the member ports in the MAC multicast group. Example # Display the multicast group information about VLAN2. display igmp-snooping group vlan 2 ***************Multicast group table*************** Vlan(id):2. Router port(s):Ethernet3/1/1 IP group(s):the following ip group(s) match to one mac group. IP group address:230.45.45.
572 CHAPTER 31: IGMP SNOOPING CONFIGURATION COMMANDS Received IGMP specific query packet(s) number:2. Received IGMP V1 report packet(s) number:2. Received IGMP V2 report packet(s) number:0. Received IGMP leave packet(s) number:3. Received error IGMP packet(s) number:0. Sent IGMP specific query packet(s) number:5.
IGMP Snooping Configuration Commands 573 ■ Isolate-user-VLAN supports the IGMP-Snooping function. After IGMP-Snooping is enabled under isolate-user-VLAN, all secondary VLANs are IGMP-Snooping enabled. It makes no sense to enable IGMP-Snooping for a secondary VLAN. ■ In a secondary VLAN, IGMP packets will be directly converted and processed in isolate-user-VLAN, namely all the multicast services are implemented within isolate-user-VLAN.
574 CHAPTER 31: IGMP SNOOPING CONFIGURATION COMMANDS n c ■ Fast leaves that are configured in system view and Ethernet port view operate separately. ■ Fast leave works on all ports of the specified VLANs if you configure it in system view. However, it only works on the current port (e.g., a port operates as a trunk of multiple VLANs) in the specified VLANs if you configure it in Ethernet port view.
IGMP Snooping Configuration Commands 575 # Enable IGMP Snooping fast leave on the Ethernet2/1/1 port in all VLANs. Then disable the feature in VLAN 3. system-view System View: return to User View with Ctrl+Z. [SW8800] interface Ethernet2/1/1 [3Com-Ethernet2/1/1] igmp-snooping fast-leave [3Com-Ethernet2/1/1] undo igmp-snooping fast-leave vlan 3 # Disable IGMP Snooping fast leave on the Ethernet2/1/1 port in all VLANs. system-view System View: return to User View with Ctrl+Z.
576 CHAPTER 31: IGMP SNOOPING CONFIGURATION COMMANDS groups. You can configure only one ACL rule for each VLAN, and the new configured rule will replace the old one. Use the undo igmp-snooping group-policy command to cancel the configuration. By default, no filtering rule is set in a VLAN. In this case, a host can join any multicast group. Example # Create ACL2001 and configure the flow rule for basic ACL, using the source IP address serves as the destination multicast address.
IGMP Snooping Configuration Commands 577 This command is used to set the aging time of the multicast group member so that the refresh frequency can be controlled. When the group members change frequently, the aging time should be comparatively short, and vice versa. Related command: igmp-snooping. Example # Set the aging time to 300 seconds. system-view System View: return to User View with Ctrl+Z.
578 CHAPTER 31: IGMP SNOOPING CONFIGURATION COMMANDS Parameter None Description Use the igmp-snooping nonflooding-enable command to enable unknown multicast data packets not to be broadcasted within a VLAN. Use the undo igmp-snooping nonflooding-enable command to disable unknown multicast data packets not to be broadcasted within a VLAN.
Multicast Static Routing Port Configuration Commands 579 Example # Set the aging time of the IGMP Snooping router port to 500 seconds. system-view System View: return to User View with Ctrl+Z. [SW8800] igmp-snooping router-aging-time 500 reset igmp-snooping statistics Syntax reset igmp-snooping statistics View User view Parameter None Description Use the reset igmp-snooping statistics command to reset the IGMP Snooping statistic information. Related command: igmp-snooping.
580 CHAPTER 31: IGMP SNOOPING CONFIGURATION COMMANDS Parameter port-number: Port number of the port to be configured as a static routing port. Provide this argument in the format of interface-type interface-number, where the interface-type argument can only be Ethernet port type. vlan-id: ID of the VLAN where the port belongs to.
MULTICAST VLAN CONFIGURATION COMMANDS 32 Multicast VLAN Configuration Commands service-type multicast Syntax service-type multicast undo service-type multicast View VLAN view Parameter None Description Use the service-type multicast command to configure the current VLAN as multicast VLAN. Use the undo service-type multicast command to remove the configuration. By default, all VLANs are not multicast VLANs.
582 CHAPTER 32: MULTICAST VLAN CONFIGURATION COMMANDS
MULTICAST COMMON CONFIGURATION COMMANDS 33 Multicast Common Configuration Commands broadcast-suppression Syntax broadcast-suppression { ratio | bandwidth bandwidth } undo broadcast-suppression View Ethernet port view Parameter ratio: Maximum wire speed ratio of the broadcast traffic allowed on the port. The value range is 1 to 100, and the default value is 50. The smaller the ratio is, the smaller the broadcast traffic is allowed to pass. bandwidth: Broadcast suppression bandwidth on the port.
584 CHAPTER 33: MULTICAST COMMON CONFIGURATION COMMANDS No distinction is made between known multicast and unknown multicast for multicast suppression. Related command: multicast-suppression. Example # Set the broadcast suppression ratio to 40%. system-view System View: return to User View with Ctrl+Z. [SW8800] interface Ethernet 2/1/1 [3Com-Ethernet2/1/1] broadcast-suppression 40 # Set the broadcast suppression bandwidth to 40Mbit.
Multicast Common Configuration Commands 585 Parameter None Description Use the debugging multicast kernel-routing command to enable multicast kernel routing debugging functions. Use the undo debugging multicast kernel-routing command to disable the debugging functions. By default, the multicast kernel routing debugging is disabled. Example # Enable multicast kernel routing debugging functions.
586 CHAPTER 33: MULTICAST COMMON CONFIGURATION COMMANDS source-address: IP address of the multicast source. Description Use the display mpm forwarding-table command to view the port-carrying multicast forwarding table information. When a group address or a source address is specified, this command shows only the matched (S, G) entry; otherwise, this command shows all entries. Related command: display multicast forwarding-table Example # View the port-carrying multicast forwarding table information.
Multicast Common Configuration Commands 587 Parameter vlan vlan-id: Specifies the VLAN the desired multicast group information resides in. If this key word and argument combination is not provided the command displays the information of all the multicast groups in the VLAN. ip-address: IP address of the desired multicast group. Description Use the display mpm group command to display the information about the IP multicast groups or MAC multicast groups in a specified VLAN.
588 CHAPTER 33: MULTICAST COMMON CONFIGURATION COMMANDS Table 81 Description on the fields of the display mpm group command display multicast forwarding-table Field Description Vlan(id):2. The output information is about VLAN 2. Router port(s):Ethernet2/1/1 The router port concerned is Ethernet2/1/1. IP group(s):the following ip group(s) match to one mac group. Lists the IP multicast groups matching the same MAC multicast group. IP group address:230.45.45.
Multicast Common Configuration Commands 589 Example # View the multicast forwarding table information. display multicast forwarding-table Multicast Forwarding Cache Table Total 2 entries 00001. (4.4.4.4, 224.2.254.84), iif Vlan-interface1, 0 oifs Matched 240 pkts(11288 bytes), Wrong If 0 pkts Forwarded 232 pkts(11288 bytes) 00002. (4.4.4.4, 224.2.149.
590 CHAPTER 33: MULTICAST COMMON CONFIGURATION COMMANDS vlan-interface interface-number: VLAN interface number. register: Register interface of PIM-SM. Description Use the display multicast routing-table command to view the information of IP multicast routing table. c CAUTION: You must use multicast routing-enable command in system view to enable IP multicast routing before you can view the multicast routing table information.
Multicast Common Configuration Commands 591 Table 83 Description on the fields of the display multicast routing-table command ip managed-multicast Field Description Matched 3 entries 3 entries in total meeting the requirement Syntax ip managed-multicast undo ip managed-multicast View System view Parameter None Description Use the ip managed-multicast command to enable the managed multicast function of the system. Use the undo ip managed-multicast to disable the managed multicast function.
592 CHAPTER 33: MULTICAST COMMON CONFIGURATION COMMANDS Related command: display local-user, service-type lan-access, multicast. Example # Grant users permission to join the multicast group with the IP address of 225.10.10.10. system-view System View: return to User View with Ctrl+Z. [SW8800] local-user multicast 225.10.10.10.
Multicast Common Configuration Commands 593 Example # Allow users to join the multicast group with the IP address of 225.10.10.10. system-view System View: return to User View with Ctrl+Z. [SW8800]local-user test [3Com-luser-test] multicast 225.10.10.10. multicast route-limit Syntax multicast route-limit limit undo multicast route-limit View System view Parameter limit: Capacity of multicast routing table.
594 CHAPTER 33: MULTICAST COMMON CONFIGURATION COMMANDS multicast routing-enable Syntax multicast routing-enable undo multicast routing-enable View System view Parameter None Description Use the multicast routing-enable command to enable multicast routing. Use the undo multicast routing-enable command to disable multicast routing. By default, multicast routing is disabled. Related commands: pim dm, pim sm, igmp enable. Example # Enable multicast routing.
Multicast Common Configuration Commands 595 You can use the multicast-suppression command repeatedly. The effective multicast suppression ratio value is the one last updated. c CAUTION: ■ You cannot enable both broadcast suppression and multicast suppression simultaneously on the same card. Namely, once you have enabled broadcast suppression on some ports of a card, you cannot enable multicast suppression on the other ports of the card, and vice versa.
596 CHAPTER 33: MULTICAST COMMON CONFIGURATION COMMANDS group-mask-length: Mask length of multicast group address. source-address: Source address. source-mask: Mask of source address. source-mask-length: Mask length of source address. incoming-interface: Specifies incoming interface for the multicast forward entry. null: Incoming-interface is null. NULL-interface-number: The only number is 0. interface-type interface-number: Interface type and interface number.
Multicast Common Configuration Commands 597 source-address: Source address. source-mask: Mask of source address. source-mask-length: Mask length of source address. incoming-interface: Specifies incoming interface for the multicast forward entry. vlan-interface interface-number: VLAN virtual interface number. Description Use the reset multicast routing-table command to clear route entries from the core multicast routing table, as well as MFC forwarding entries.
598 CHAPTER 33: MULTICAST COMMON CONFIGURATION COMMANDS
34 STATIC MULTICAST MAC ADDRESS CONFIGURATION COMMAND Static Multicast MAC Address Configuration Command mac-address multicast Syntax mac-address multicast mac-addr interface { { interface-type interface-number } [ to { interface-type interface-number } ] } &<1-10> vlan vlan-id undo mac-address multicast [ [mac-addr] vlan vlan-id ] undo mac-address multicast mac-addr interface { { interface-type interface-number } [ to { interface-type interface-number } ] } &<1-10> vlan vlan-id View System view Paramete
600 CHAPTER 34: STATIC MULTICAST MAC ADDRESS CONFIGURATION COMMAND The PIM protocol must not be enabled on the corresponding virtual interface of the specified VLAN. Related command: display mac-address multicast static. Example # Add a new multicast MAC address. The MAC address is 0100-1000-1000.
Static Multicast MAC Address Configuration Command reset mac-address multicast 601 Syntax reset mac-address multicast View User view Parameter None Description Use the reset mac-address multicast command to delete all static multicast MAC groups. Related command: mac-address multicast Example # Delete all the static multicast MAC groups.
602 CHAPTER 34: STATIC MULTICAST MAC ADDRESS CONFIGURATION COMMAND
35 IGMP CONFIGURATION COMMANDS IGMP Configuration Commands debugging igmp Syntax debugging igmp { all | event | host | packet | timer } undo debugging igmp { all | event | host | packet | timer } View User view Parameter all: All the debugging information of IGMP. event: Debugging information of IGMP event. host: Debugging information of IGMP host. packet: Debugging information of IGMP packets. timer: Debugging information of IGMP timers.
604 CHAPTER 35: IGMP CONFIGURATION COMMANDS Parameter group-address: Address of the multicast group. vlan-interface interface-number: VLAN interface number. Description Use the display igmp group command to view the member information of the IGMP multicast group. You can specify to show the information of a group or the member information of the multicast group on a VLAN interface. The information displayed contains the multicast groups which the downstream hosts join through IGMP or through command line.
IGMP Configuration Commands 605 display igmp interface Vlan-interface1 (10.153.17.
606 CHAPTER 35: IGMP CONFIGURATION COMMANDS By default, IGMP is disabled on an interface. You must enable the multicast function before this command can work, you must use this command first before you can configure other IGMP features. Related command: multicast routing-enable. c CAUTION: ■ If the VLAN VPN is enabled on a port, the IGMP Snooping feature cannot be enabled on the VLAN to which the port belongs, and the IGMP feature cannot be enabled on the corresponding interface.
IGMP Configuration Commands n c 607 ■ Fast leaves that are configured in system view and Ethernet port view operate separately. ■ Fast leave works on all ports of the specified VLANs if you configure it in system view. However, it only works on the current port (e.g., when a Trunk port belong to multiple VLANs) in the specified VLANs if you configure it in Ethernet port view. CAUTION: ■ Fast leave configured for a port takes effect only when the VLAN it belongs to is IGMP-enabled.
608 CHAPTER 35: IGMP CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] igmp fast-leave [SW8800] undo igmp fast-leave vlan 5 # Disable IGMP fast leave in all VLANs. system-view System View: return to User View with Ctrl+Z. [SW8800] undo igmp fast-leave igmp group-limit Syntax igmp group-limit limit undo igmp group-limit View Interface view Parameter limit: Quantity of multicast groups, in the range of 0 to 512.
IGMP Configuration Commands 609 Description Use the igmp group-policy command to configure the filtering rule of multicast groups on a specified VLAN so as to control the access to IP multicast groups. You can configure only one ACL rule for each VLAN, and the new configured rule will replace the old one. Use the undo igmp group-policy command to cancel the configuration. By default, no filtering rule is set in a VLAN. In this case, a host can join any multicast group.
610 CHAPTER 35: IGMP CONFIGURATION COMMANDS Use the undo igmp host-join command to disable the configuration. By default, an interface does not join any multicast group. Related command: igmp group-policy. Example # Add port Ethernet 2/1/1 under VLAN-interface10 to the multicast group 225.0.0.1. system-view System View: return to User View with Ctrl+Z. [SW8800]interface vlan-interface 10 [3Com-Vlan-interface10] igmp host-join 225.0.0.
IGMP Configuration Commands 611 View Interface view Parameter seconds: Time interval before IGMP query router sends the IGMP group query message after it receives the IGMP Leave message from the host. It is in the range of 1 to 5 seconds. By default, it is 1 second. Description Use the igmp lastmember-queryinterval command to set the time interval at which IGMP query router sends the IGMP group query message after it receives the IGMP Leave message from the host.
612 CHAPTER 35: IGMP CONFIGURATION COMMANDS Example # Set the maximum response time carried in host-query message to 8 seconds. system-view System View: return to User View with Ctrl+Z.
IGMP Configuration Commands 613 Parameter robust-value: IGMP robust value, number of times the IGMP query router sends IGMP group query message after it receives the IGMP Leave message from the host. the value range is 2 to 5. The default value is 2. Description Use the igmp robust-count command to set the number of times the IGMP query router sends IGMP group query message after it receives the IGMP Leave message from the host. Use the undo igmp robust-count command to restore the default value.
614 CHAPTER 35: IGMP CONFIGURATION COMMANDS Example # Set querier to expire after 300 seconds. system-view System View: return to User View with Ctrl+Z. [SW8800]interface vlan-interface 10 [3Com-Vlan-interface10] igmp timer other-querier-present 300 igmp timer query Syntax igmp timer query seconds undo igmp timer query View Interface view Parameter seconds: Interval at which a router transmits IGMP query messages in second in the range from 1 to 65535. By default, the value is 60 seconds.
IGMP Configuration Commands 615 Description Use the igmp version command to specify the version of IGMP that a router uses. Use the undo igmp version command to restore the default value. The system does not automatic switching between different IGMP versions. Therefore, all routers on a subnet must be configured to run the same IGMP version. Example # Run IGMP Version 1 on VLAN-interface10. system-view System View: return to User View with Ctrl+Z.
616 CHAPTER 35: IGMP CONFIGURATION COMMANDS reset igmp group interface Vlan-interface10 225.1.1.0 255.2 55.255.0 IGMP Proxy Configuration Commands igmp proxy Syntax igmp proxy interface-type interface-number undo igmp proxy View Interface view Parameter interface-type: Proxy interface type. interface-number: Proxy interface number. Description Use the igmp proxy command to enable IGMP proxy for the VLAN interface and specify the IGMP proxy interface of the VLAN interface.
PIM CONFIGURATION COMMANDS 36 PIM Configuration Commands bsr-policy Syntax bsr-policy acl-number undo bsr-policy View PIM view Parameter acl-number: ACL number imported in BSR filtering policy, in the range of 2000 to 2999. Description Use the bsr-policy command to limit the range of legal BSRs to prevent BSR proofing. Use the undo bsr-policy command to restore the default setting, that is, no range limit is set and all received messages are taken as legal.
618 CHAPTER 36: PIM CONFIGURATION COMMANDS be BSR, thus the routers cannot receive or forward BSR messages other than these two. Even legal BSRs cannot contest with them. Problems may still exist if a legal BSR is attacked, though these two measures can effectively guarantee high BSR security. The source parameter in the rule command is translated as BSR address in the bsr-policy command. Related command: acl and rule. Example # Configure BSR filtering policy on routers, only 101.1.1.
PIM Configuration Commands 619 Related command: pim sm. Example # Configure the Ethernet switch as C-BSR with priority 2 (the C-BSR address is designated as the IP address of VLAN-interface10 and the PIM SM protocol is enabled on VLAN-interface 10). system-view System View: return to User View with Ctrl+Z.
620 CHAPTER 36: PIM CONFIGURATION COMMANDS [3Com-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255 [3Com-acl-basic-2000]quit [SW8800] multicast routing-enable [SW8800] pim [3Com-pim] c-rp vlan-interface 10 group-policy 2000 crp-policy Syntax crp-policy acl-number undo crp-policy View PIM view Parameter acl-number: ACL number imported in C-RP filtering policy, ranging from 3000 to 3999.
PIM Configuration Commands 621 [3Com-pim] crp-policy 3000 [3Com-pim] quit [SW8800] acl number 3000 [3Com-acl-adv-3000] rule 0 permit source 1.1.1.1 0 destination 225.1 .0.0 0.0.255.255 debugging pim common Syntax debugging pim common { all | event | packet | timer } undo debugging pim common { all | event | packet | timer } View User view Parameter all: All the common debugging information of PIM. event: Debugging information of common PIM event. packet: Debugging information of PIM hello packet.
622 CHAPTER 36: PIM CONFIGURATION COMMANDS timer: Debugging information of PIM-DM timer. warning: Debugging information of PIM-DM warning message. recv: Debugging information of PIM-DM receiving packets. send: Debugging information of PIM-DM sending packets. assert | graft | graft-ack | join | prune: Packets type. Description Use the debugging pim dm command to enable PIM-DM debugging functions. Use the undo debugging pim dm command to disable the debugging functions.
PIM Configuration Commands 623 send: Debugging information of PIM-SM sending packets. assert | bootstrap | crpadv | jp | reg | regstop: Packets type. Description Use the debugging pim sm command to enable PIM-SM debugging functions. Use the undo debugging pim sm command to disable the debugging functions. By default, PIM-SM debugging functions are disabled.
624 CHAPTER 36: PIM CONFIGURATION COMMANDS display pim interface Syntax display pim interface [interface-type interface-number ] View Any view Parameter interface-type interface-number: Interface type and interface number, used to specify the interface. Description Use the display pim interface command to view the PIM interface configuration information. If no interface type or interface number is specified, this command displays the PIM configurations on all interfaces.
PIM Configuration Commands 625 Parameter interface interface-type interface-number: Interface type and interface number, used to specify the interface. Description Use the display pim neighbor command to view the PIM neighbor information discovered by the switch interface. If the interface type and interface number are specified, this command only displays the PIM neighbor information on the specified interface. Example # Display PIM neighbor information discovered by the switch interface.
626 CHAPTER 36: PIM CONFIGURATION COMMANDS null: Specifies the incoming interface type as Null. dense-mode: Specifies the multicast routing protocol as PIM-DM. sparse-mode: Specifies the multicast routing protocol as PIM-SM. Description Use the display pim routing-table command to view the contents of the PIM multicast routing table. The displayed information of the PIM multicast routing table includes the SPT and RPF information.
PIM Configuration Commands 627 In addition, this command can also display the BSR and static RP information. Example # View the RP information of multicast group. display pim rp-info PIM-SM RP-SET information: BSR is: 20.20.20.20 Group/MaskLen: 224.0.0.0/4 RP 20.20.20.20 Version: 2 Priority: 0 Uptime: 00:00:05 Expires: 00:02:25 Adv-Period: 60 seconds Holdtime: 150 seconds The following table details the display information.
628 CHAPTER 36: PIM CONFIGURATION COMMANDS Example # Enter the PIM view. system-view System View: return to User View with Ctrl+Z. [SW8800] multicast routing-enable [SW8800] pim [3Com-pim] pim bsr-boundary Syntax pim bsr-boundary undo pim bsr-boundary View Interface view Parameter None Description Use the pim bsr-boundary command to configure an interface to be the PIM domain border. Use the undo pim bsr-boundary command to remove the border. By default, no domain border is set.
PIM Configuration Commands 629 View VLAN interface view Parameter None Description Use the pim dm command to enable PIM-DM. Use the undo pim dm command to disable PIM-DM. By default, PIM-DM is disabled. Before enabling PIM-DM, you must execute the multicast routing-enable command in system view to enable the multicast routing first. Example # Enable PIM-DM on VLAN-interface10 of the Ethernet switch. system-view System View: return to User View with Ctrl+Z.
630 CHAPTER 36: PIM CONFIGURATION COMMANDS [SW8800]interface vlan-interface 10 [3Com-Vlan-interface10] pim neighbor-limit 50 pim neighbor-policy Syntax pim neighbor-policy acl-number undo pim neighbor-policy View Interface view Parameter acl-number: Basic ACL number, in the range of 2000 to 2999. Description Use the pim neighbor-policy command to set to filter the PIM neighbors on the current interface. Use the undo pim neighbor-policy command to remove the setting.
PIM Configuration Commands 631 Use the undo pim sm command to disable the PIM-SM protocol. By default, PIM-SM is disabled. Users need to configure the PIM-SM protocol on each interface. Generally, the PIM-SM protocol needs to be enabled on each interface. Related command: multicast routing-enable. Example # Enable PIM-SM on VLAN-interface10. system-view System View: return to User View with Ctrl+Z.
632 CHAPTER 36: PIM CONFIGURATION COMMANDS Example # Set the time interval to send Hello packets for VLAN-interface10 to 40 seconds. system-view System View: return to User View with Ctrl+Z. [SW8800]interface vlan-interface 10 [3Com-Vlan-interface10] pim timer hello 40 register-policy Syntax register-policy acl-number undo register-policy View PIM view Parameter acl-number: Number of IP advanced ACL, defining the rule of filtering the source and group addresses.
PIM Configuration Commands 633 neighbor-address: Neighbor address. interface interface-type interface-number: Specifies interface. Description Use the reset pim neighbor command to clear a PIM neighbor. Related command: display pim neighbor. Example # Clear the PIM neighbor 25.5.4.3. reset pim neighbor 25.5.4.
634 CHAPTER 36: PIM CONFIGURATION COMMANDS must be 224.0.0.0, and source address has no mask), then it means only the (*, *, RP) item will be cleared. If in this command, the group-address is any a group address, and source-address is 0 (where group address can have a mask, and source address has no mask), then only the (*, G) item will be cleared.
PIM Configuration Commands 635 system-view System View: return to User View with Ctrl+Z. [SW8800] multicast routing-enable [SW8800] pim [3Com-pim] source-policy 2000 [3Com-pim] quit [SW8800] acl number 2000 [3Com-acl-basic-2000] rule permit source 10.10.1.2 0 [3Com-acl-basic-2000] rule deny source 10.10.1.1 0 static-rp Syntax static-rp rp-address [ acl-number ] undo static-rp View PIM view Parameter rp-address: Static RP address, only being legal unicast IP address.
636 CHAPTER 36: PIM CONFIGURATION COMMANDS Example # Configure 10.110.0.6 as a static RP. system-view System View: return to User View with Ctrl+Z. [SW8800] multicast routing-enable [SW8800] pim [3Com-pim] static-rp 10.110.0.6 # Remove the static RP with the IP address of 10.110.0.6. system-view System View: return to User View with Ctrl+Z. [SW8800] multicast routing-enable [SW8800] pim [3Com-pim] undo static-rp 10.110.0.
MSDP CONFIGURATION COMMANDS 37 n An Ethernet switch functions as a router when it supports the layer 3 protocols. A router that is referred to in the following represents a generalized router or a layer 3 Ethernet switch running related protocols. MSDP Configuration Commands cache-sa-enable Syntax cache-sa-enable undo cache-sa-enable View MSDP view Parameter None Description Use the cache-sa-enable command to enable the router to cache SA state.
638 CHAPTER 37: MSDP CONFIGURATION COMMANDS View User view Parameter all: All the debugging information of MSDP. connect: Debugging information of MSDP peer connection reset. event: Debugging information of MSDP event. packet: Debugging information of MSDP packet. source-active: Debugging information of active MSDP source. Description Use the debugging msdp command to enable MSDP debugging functions. Use the undo debugging msdp command to disable MSDP debugging functions.
MSDP Configuration Commands 639 Parameter peer-address: Address of MSDP peer. Description Use the display msdp peer-status command to view the detailed information of MSDP peer. Related command: peer. Example # Display the detailed information of the MSDP peer 10.110.11.11. display msdp peer-status 10.110.11.11 MSDP Peer 20.20.20.20, AS 100 Description: Information about connection status: State: Up Up/down time: 14:41:08 Resets: 0 Connection interface: LoopBack0 (20.20.20.
640 CHAPTER 37: MSDP CONFIGURATION COMMANDS autonomous-system-number: Autonomous system number. Displays (S, G) entries from specified autonomous system. Description Use the display msdp sa-cache command to view (S, G) state learnt from MSDP peer. Only cache-sa-enable command is configured, can cache state be displayed. Example # Display the (S, G) state learned from MSDP peer. display msdp sa-cache MSDP Total Source-Active Cache - 5 entries (Source, Group) (10.10.1.2, 225.1.1.1) (10.10.1.3, 225.
MSDP Configuration Commands import-source 641 Syntax import-source [ acl acl-number ] undo import-source View MSDP view Parameter acl-number: Number of basic or advanced IP ACL, ranging from 2000 to 3999, controlling which sources SA messages will advertise and to which groups it will be sent in the domain. Basic ACL performs filtering to source and advanced ACL performs filtering to source/group. If no ACL is specified, no multicast source will be advertised.
642 CHAPTER 37: MSDP CONFIGURATION COMMANDS Description Use the msdp command to enable MSDP and enter the MSDP view. Use the undo msdp command to clear all configurations of MSDP, release all resources that MSDP occupies, and restore the initial state. Related command: peer. Example # Clear all configurations of MSDP. system-view System View: return to User View with Ctrl+Z.
MSDP Configuration Commands 643 msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20 max-hops 10 sainfo peer-info MSDP tracert: press CTRL_C to break D-bit: set if have this (S,G) in cache but with a different RP RP-bit: set if this router is an RP NC-bit: set if this router is not caching SA’s C-bit: set if this (S,G,RP) tuple is in the cache MSDP Traceroute path information: Router Address: 20.20.1.
644 CHAPTER 37: MSDP CONFIGURATION COMMANDS undo originating-rp View MSDP view Parameter interface-type: Interface type. interface-number: Interface number. Description Use the originating-rp command to allow a MSDP to use the IP address of specified interface as the RP address when the SA message originated. Use the undo originating-rp command to remove the configuration. By default, the RP address in the SA message is the RP address configured by PIM. Configure logical RP by using this command.
MSDP Configuration Commands 645 Example # Configure the router using IP address 125.10.7.6 as an MSDP peer of the local router. system-view System View: return to User View with Ctrl+Z. [SW8800] msdp [3Com-msdp] peer 125.10.7.6 connect-interface Vlan-interface 10 peer description Syntax peer peer-address description text undo peer peer-address description View MSDP view Parameter peer-address: Address of MSDP peer. text: Descriptive text, being case sensitive.
646 CHAPTER 37: MSDP CONFIGURATION COMMANDS Parameter name: Name of a Mesh Group, being case sensitive. The maximum length is 32 characters. peer-address: Address of an MSDP peer to be a member of the Mesh Group. Description Use the peer mesh-group command to configure an MSDP peer to join an Mesh Group. Use the undo peer mesh-group command to remove the configuration. By default, an MSDP peer is not a member of any Mesh Group. Example # Configure the MSDP peer with address 125.10.7.
MSDP Configuration Commands 647 [SW8800] msdp [3Com-msdp] peer 110.10.10.1 minimum-ttl 10 peer request-sa-enable Syntax peer peer-address request-sa-enable undo peer peer-address request-sa-enable View MSDP view Parameter peer-address: Address of MSDP peer. Description Use the peer request-sa-enable command to enable the router to send SA request message to the specified MSDP peer when receiving a new group join message. Use the undo peer request-sa-enable command to remove the configuration.
648 CHAPTER 37: MSDP CONFIGURATION COMMANDS Use the undo peer sa-cache-maximum command to restore the default configuration. By default, the maximum number of SA caches is 2048. This configuration is recommended for all MSDP peers in the networks possibly attacked by DoS. Related command: display msdp, sa-count, display msdp peer-status, display msdp brief. Example # Limit the number of caches originated to 100 when the router receives SA messages from the MSDP peer 125.10.7.6.
MSDP Configuration Commands 649 [3Com-acl-adv-3000] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.255 [3Com-acl-adv-3000] quit [SW8800] msdp [3Com-msdp] peer 125.10.7.6 connect-interface Vlan-interface 10 [3Com-msdp] peer 125.10.7.
650 CHAPTER 37: MSDP CONFIGURATION COMMANDS View User view Parameter peer-address: Address of MSDP peer. Description Use the reset msdp peer command to reset TCP connection with the specified MSDP peer, and clear all the statistics of the specified MSDP peer. Related command: peer. Example # Clear TCP connection and statistics of the MSDP peer 125.10.7.6. reset msdp peer 125.10.7.
MSDP Configuration Commands 651 Description Use the reset msdp statistics command to clear statistics of one or more MSDP peers without resetting the MSDP peer. Example # Clear the statistics of the MSDP peer 25.10.7.6. reset msdp statistics 125.10.7.6 shutdown Syntax shutdown peer-address undo shutdown peer-address View MSDP view Parameter peer-address: IP address of MSDP peer. Description Use the shutdown command to disable the MSDP peer specified.
652 CHAPTER 37: MSDP CONFIGURATION COMMANDS which passes filtering. If no filter policy is configured, the router will still accept all SA messages from the static RPF peer. Description Use the static-rpf-peer command to configure static RPF peer. Use the undo static-rpf-peer command to remove the static RPF peer. By default, no static RPF peer is configured. n ■ You must configure the peer command before using the static-rpf-peer command.
peer. Related command: Example # Configure the connection request re-try period to 60 seconds. system-view System View: return to User View with Ctrl+Z.
654 CHAPTER 37: MSDP CONFIGURATION COMMANDS
MBGP Multicast Extension Configuration Commands 655 38 MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS MBGP Multicast Extension Configuration Commands aggregate Syntax aggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]* undo aggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]* View IPv4 m
656 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS Use the undo aggregate command to disable this function. By default, no route is aggregated. Use the aggregate command without parameters to create one local aggregated route and set atomic aggregation attributes. Example # Create an aggregation entry in the MBGP routing table, with aggregated route address as 192.213.0.0. system-view System View: return to User View with Ctrl+Z.
MBGP Multicast Extension Configuration Commands 657 undo debugging bgp mp-update View User view Parameter receive: Debugs the MBGP Update messages received. send: Debugs the MBGP Update messages sent. verbose: Debugs detailed information. Description Use the debugging bgp mp-update command to enable to debug MBGP Update messages. Use the undo debugging bgp mp-update command to disable the debugging. By default, the debugging function is disabled. Example # Enable MBGP Update message debugging.
658 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS [3Com-bgp] ipv4-family multicast [3Com-bgp-af-mul] default local-preference 180 default med Syntax default med med-value undo default med View IPv4 multicast sub-address family view Parameter med-value: MED value, in the range of 0 to 4294967295. By default, it is 0. Description Use the default med command to configure system MED value. Use the display bgp multicast group command to restore the default value.
MBGP Multicast Extension Configuration Commands Example # View the information about the peer group named my_peer. display bgp multicast group my_peer display bgp multicast network Syntax display bgp multicast network View Any view Parameter None Description Use the display bgp multicast network command to view the routing information that MBGP advertises. Example # View the network segment routing information MBGP advertises.
660 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS Parameter ip-address: IP address of the network segment whose MBGP routing information with specified IP address. Description Use the display bgp multicast routing-table command to view MBGP routing information. Example # Display MBGP routing information of network segment 14.1.0.0. display bgp multicast routing-table 14.1.0.
MBGP Multicast Extension Configuration Commands display bgp multicast routing-table community 661 Syntax display bgp multicast routing-table community [ aa:nn | no-export-subconfed | no-advertise | no-export ]* [ whole-match ] View Any view Parameter aa:nn: Community number. no-export-subconfed: Does not send matched routes outside the local autonomous system. no-advertise: Does not advertise matched routes to any peer.
662 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS display bgp multicast routing-table different-origin-as Syntax display bgp multicast routing-table different-origin-as View Any view Parameter None Description Use the display bgp multicast routing-table different-origin-as command to view AS routes of different origins. Example # Display AS routes of different origins.
MBGP Multicast Extension Configuration Commands 663 View Any view Parameter as-regular-expression: AS regular expression matched. Description Use the display bgp multicast routing-table regular-expression command to view the routing information matching the specified AS regular expression. Example # Display routing information matching AS regular expression ^600$.
664 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS [SW8800] bgp 100 [3Com-bgp] ipv4-family multicast [3Com-bgp-af-mul] filter-policy 2000 export filter-policy import Syntax filter-policy gateway ip-prefix-name import undo filter-policy gateway ip-prefix-name import filter-policy { acl-number | ip-prefix ip-prefix-name } import undo filter-policy { acl-number | ip-prefix ip-prefix-name } import View IPv4 multicast sub-address family view Parameter acl-number: Number of ACL used in matching t
MBGP Multicast Extension Configuration Commands 665 undo import-route protocol View IPv4 multicast sub-address family view Parameter protocol: Source routing protocols that can be imported, which can be direct, ospf, ospf-ase, ospf-nssa, rip, isis and static. med-value: Metric value loaded by an imported route, ranging from 0 to 4,294,967,295. route-policy-name: Route policy used for importing routes. Description Use the import-route command to import routing information of other protocols into MBGP.
666 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] bgp 100 [3Com-bgp] ipv4-family multicast [3Com-bgp-af-mul] network Syntax network ip-address [ address-mask ] [ route-policy route-policy-name ] undo network ip-address [ address-mask ] [ route-policy route-policy-name ] View IPv4 multicast sub-address family view Parameter ip-address: Network address that BGP advertises. address-mask: Mask of the network address.
MBGP Multicast Extension Configuration Commands 667 Use the undo peer advertise-community command to remove the configuration. By default, no community attribute is sent to any peer group. Example # Set to send community attributes to peer group "test". system-view System View: return to User View with Ctrl+Z.
668 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS View IPv4 multicast sub-address family view Parameter group-name: Name of the peer group. peer-address: IP address of the peer; uses dotted decimal notation. acl-number: Filter list number of an AS regular expression, In the range of 1 to 199. export: Uses the AS path list to filter the advertised routes. Description Use the peer as-path-acl export command to configure filtering Policy of MBGP advertised routes based on AS path list.
MBGP Multicast Extension Configuration Commands 669 Description Use the peer as-path-acl import command to configure filtering Policy of MBGP received routes based on AS path list. Use the undo peer as-path-acl import command to cancel the existing configuration. By default, the peer/peer group has no AS path list. The inbound filter policy configured for the peer takes precedence over the configurations for the peer group.
670 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS peer filter-policy export Syntax peer group-name filter-policy acl-number export undo peer group-name filter-policy acl-number export View IPv4 multicast sub-address family view Parameter group-name: Name of the peer group. acl-number: Number of IP ACL ranging from 2000 to 3999. That is, you can use basic ACLs or advanced ACLs. export: Applies the filter policy to the advertised routes. This keyword is only valid for the peer groups.
MBGP Multicast Extension Configuration Commands 671 acl-number: Number of IP ACL, ranging from 2000 to 3999. That is, you can use basic ACLs or advanced ACLs. Description Use the peer filter-policy import command to configure the peer to apply the ACL-based filter policy to the received routes. Use the undo peer filter-policy import command to cancel the existing configuration. By default, no ACL-based filter policy is configured. Related command: peer filter-policy export, acl.
672 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS [3Com-bgp] group TEST external. [3Com-bgp] peer TEST as-number 2004 [3Com-bgp] peer 10.1.1.1 group TEST [3Com-bgp] ipv4-family multicast [3Com-bgp-af-mul] peer TEST enable [3Com-bgp-af-mul] peer 10.1.1.1 group TEST peer ip-prefix export Syntax peer group-name ip-prefix prefixname export undo peer group-name ip-prefix prefixname export View IPv4 multicast sub-address family view Parameter group-name: Name of peer group.
MBGP Multicast Extension Configuration Commands 673 peer-address: IP address of the peer, in dotted decimal format. prefixname: Name of the specified ip-prefix, a character string of 1 to 19 characters. Description Use the peer ip-prefix import command to configure the route filtering policy of routes received by the peer based on the ip-prefix. Use the undo peer ip-prefix import command to cancel the route filtering policy of the peer based on the ip-prefix.
674 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS [3Com-bgp] ipv4-family multicast [3Com-bgp-af-mul] peer test next-hop-local peer public-as-only Syntax peer group-name public-as-only undo peer group-name public-as-only View IPv4 multicast sub-address family view Parameter group-name: Name of the peer group. Description Use the peer public-as-only command to set to contain only public AS IDs in the MBGP Update message, but not private AS IDs.
MBGP Multicast Extension Configuration Commands 675 Description Use the peer reflect-client command to configure a peer (group) as a client of the route reflector. Use the undo peer reflect-client command to remove the configuration. By default, there is no route reflector in the autonomous system. Example # Configure peer group "test" as the client of the route reflector. system-view System View: return to User View with Ctrl+Z.
676 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS undo peer { group-name | peer-address } route-policy policy-name import View IPv4 multicast sub-address family view Parameter group-name: Name of peer group. peer-address: IP address of the peer. policy-name: Name of the applied route policy. Description Use the peer route-policy import command to assign the Route-policy to the route coming from the peer. Use the undo peer route-policy import command to delete the specified Route-policy.
MBGP Multicast Extension Configuration Commands 677 Use the undo preference command to restore the default priority. You can configure different priority values for different types of MBGP routes. Example # Set the priority of EBGP, IBGP and local routes all to 170. system-view System View: return to User View with Ctrl+Z.
678 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS View User view Parameter all: Refreshes multicast sub-address family router of all peer . peer-address: Multicast sub-address family router of the specified address peer. group-name: Multicast sub-address family router of all members of the specified peer group. import: Sends ROUTE-REFRESH packets, request the peer to send all multicast sub-address family router again . export: Sends all multicast sub-address family router again .
MBGP Multicast Extension Configuration Commands Example # Specify cluster ID for local router, one of the router reflectors. system-view System View: return to User View with Ctrl+Z. [SW8800] bgp 100 [3Com-bgp] ipv4-family multicast [3Com-bgp-af-mul] reflector cluster-id 80 [3Com-bgp-af-mul] peer test reflect-client summary Syntax summary undo summary View IPv4 multicast sub-address family view Parameter None Description Use the summary command to set to auto-aggregate subnet routes.
680 CHAPTER 38: MBGP MULTICAST EXTENSION CONFIGURATION COMMANDS
39 MPLS BASIC CONFIGURATION COMMANDS MPLS Basic Configuration Commands debugging mpls lspm Syntax debugging mpls lspm { agent | all | event | ftn | interface | packet | policy | process | vpn } undo debugging mpls lspm { agent | all | event | ftn | interface | packet | policy | process | vpn } View User view Parameter agent: Enables all MPLS Agent debugging. all: Enables all MPLS-related debugging. event: Enables debugging for various MPLS events. ftn: Enables MPLS FTN debugging.
682 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS This command is used to the debug MPLS LSPM. As running the debugging will affect the performance of the 3Com Switch 8800 Family Series Routing Switches, you are recommended to use the command with caution. Example # Enable all MPLS VPN debugging.
MPLS Basic Configuration Commands 683 Description Use the display mpls lsp command to display LSP information. By default, the display mpls lsp command displays all LSP information. Related command: display mpls interface, display mpls statistics and display static-lsp. Example # Display all the LSPs including "-----------". display mpls lsp include ----------------------------------------------------------------------LSP Information: Ldp Lsp NO FEC NEXTHOP I/O-LABEL OUT-INTERFACE 1 10.110.1.
684 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS NO FEC NEXTHOP 1 1.1.1.1/32 200.5.5.4 TOTAL: 1 Record(s) Found. display mpls statistics I/O-LABEL OUT-INTERFACE -----/1000 Vlan2000 Syntax display mpls statistics { interface { Vlan-interface | all } | lsp { lsp-Index | all | lsp-name }} View Any view Parameter interface { Vlan-interface | all }: Specifies one interface or all interfaces. lsp { lsp-Index | all | lsp-name }: Specifies one label switching path or all label switching paths.
MPLS Basic Configuration Commands 685 Description Use the lsp-trigger command to configure topology-triggered LSP creation policy. Use the undo lsp-trigger command to remove the filtering conditions specified by parameters and disable LSP trigger creation at any route. By default, all kinds of routing protocols are filtered out. n If no route-triggered policy is configured, LSPs can be triggered at all host routes with 32-bit masks.
686 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS system-view [SW8800] mpls [3Com-mpls] # Execute the mpls command in interface view. [SW8800] vlan 201 [3Com-Vlan201] port gigabitethernet 2/1/1 [3Com-Vlan201] quit [SW8800] interface vlan-interface 201 [3Com-vlan-interface201] mpls % Info: MPLS in the interface is starting, please wait...
MPLS Basic Configuration Commands 687 Parameter None Description Use the snmp-agent trap enable ldp command to enable Trap function in MPLS LDP creation. Use the undo snmp-agent trap enable ldp command to disable Trap function in MPLS LDP creation. By default, Trap function is not enabled during MPLS LDP creation. Example # Enable the Trap function during MPLS LDP creation.
688 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS Parameter lsp-name: LSP name interface-type Interface-number: Interface type, interface number. in-label-value: Value of inbound label, ranging 3 (implicit empty label) and from 16 to 1023. Description Use the static-lsp egress command to configure a static LSP for an egress LSR. Use the undo static-lsp egress command to delete an LSP for an egress LSR. Related command: static-lsp ingress, static-lsp transit and debugging mpls.
MPLS Basic Configuration Commands 689 Example # Configure a static LSP for the ingress LSR heading for the destination address 202.25.38.1. system-view [SW8800] mpls [3Com-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.
690 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS LDP Configuration Commands debugging mpls ldp Syntax debugging mpls ldp { all | main | advertisement | session | pdu | notification | remote | filter } [ interface interface-type interface-number ] undo debugging mpls ldp { all | main | advertisement | session | pdu | notification | remote | filter } [ interface interface-type interface-number ] View User view Parameter all: Displays all debugging information related to LDP.
LDP Configuration Commands 691 Description Use the display mpls ldp command to display LDP and LSR information. By default, it displays information of LDP and LSR. Related command: mpls ldp, mpls ldp hops-count, mpls ldp loop-detection and mpls ldp path-vectors. Example # Display LDP and LSR information. display mpls ldp Label Distribution Protocol: V1 LSR ID: 10.10.10.10 LSR Status: Active Loop Detection: Disabled.
692 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS ----------------------------------------------------------------Buffer no error. display mpls ldp interface Syntax display mpls ldp interface [ | begin text | exclude text | include text ] View Any view Parameter |: Displays matched outputs. begin: Displays the outputs matching the regular expression from the first line. exclude: Displays the outputs excluding those lines matching the regular expression.
LDP Configuration Commands 693 Interface Vlan-interface23(address=23.23.23.2): Label distributing enabled,bound to entity:2.2.2.2:0 Generic label range configured:16 - 44800 Label Advertisement Mode: Downstream-Unsolicited Configured KeepAlive hold time:60, Configured Hello hold time:15 Negotiated Hello hold time:15 Hello packets sent/rcv:20970/20949 Interface Vlan-interface194(address=192.4.1.1): Label distributing enabled,bound to entity:2.2.2.
694 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS 7 8 9 10 11 12 13 display mpls ldp peer PREFIX PREFIX PREFIX Liberal PREFIX PREFIX Liberal PREFIX PREFIX 16.16.16.0/24 16.16.16.0/24 22.22.22.0/24 1.1.0.5/32 1.1.0.5 1.1.0.5 85.12.0.1/32 85.12.0.1 85.12.0.1 3 3 3 ---1024 ------1025 ---- ---------1024 3 3 1025 3 3 0 0 0 --0 1 --0 1 1 1 1 2 1 1 2 1 1 16.16.16.16 16.16.16.16 22.22.22.2 -------23.23.23.3 23.23.23.3 -------23.23.23.3 23.23.23.
LDP Configuration Commands 695 Peer Type: Remote Peer RowStatus: Active Local LDP ID: 2.2.2.2:0 Peer LDP ID: 1.1.1.1:0 Internetwork Address Type: IPv4 Internetwork Address: 1.1.1.1 Maximum Peer PDU length: 4096 Peer KeepAlive hold time: 60 Peer Distribution Method: Downstream Unsolicited Peer Type: Local Peer RowStatus: Active Local LDP ID: 2.2.2.2:0 Peer LDP ID: 1.1.1.1:0 Internetwork Address Type: IPv4 Internetwork Address: 1.1.1.
696 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS By default, you can view all the Remote-peer configurations. Related command: mpls ldp remote-peer and remote-ip. Example # Display the Remote-peer configuration. display mpls ldp remote Displaying information about all Ldp Remote Peers: Remote Index: 1 Peer Address: 1.1.1.1 Transport Address: 2.2.2.
LDP Configuration Commands By default, it displays the session between peer entities. Related command: mpls ldp enable. Example # Display the session between peer entities. display mpls ldp session Displaying information about all sessions Local LDP ID: 1.1.1.9:5; Peer LDP ID: 4.4.4.9:0 TCP Connection: 1.1.1.9 <- 4.4.4.
698 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS View VLAN interface view Parameter None Description Use the mpls ldp enable command to enable LDP on a VLAN interface. Use the mpls ldp disable command to disable LDP on a VLAN interface. By default, LDP is disabled on an interface. To enable an interface, you must enable LDP first. After LDP is enabled on an interface, peer discovery and session creation proceed. Example # Enable LDP on a VLAN interface.
LDP Configuration Commands Example # Set the maximum hop count of loop detection to 22. system-view [SW8800] mpls ldp hops-count 22 # Set the maximum hop count of loop detection to its default value 32. [SW8800] undo mpls ldp hops-count mpls ldp loop-detect Syntax mpls ldp loop-detect undo mpls ldp loop-detect View System view Parameter None Description Use the mpls ldp loop-detect command to enable loop detection. Use the undo mpls ldp loop-detect command to disable loop detection.
700 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS ip-prefix-name: Name of IP address prefix list. Description Use the mpls ldp label-accept command to control the acceptance of label binding through the IP address prefix filtering policy when a Label Mapping event is received. Use the undo mpls ldp label-accept command to cancel the configuration. Example # Configure to deny the Label Mapping information of 1.1.1.1 through 1.1.1.3. First, configure the corresponding IP Prefix.
LDP Configuration Commands 701 Example # First, configure the IP Prefix corresponding to the FEC address prefix. system-view [SW8800]ip ip-prefix fec1 index 1 permit 1.1.1.1 32 [SW8800]ip ip-prefix fec1 index 2 permit 1.1.1.2 32 # Then, configure the IP Prefix for the peer address used for advertisement. system-view [SW8800]ip [SW8800]ip [SW8800]ip [SW8800]ip [SW8800]ip [SW8800]ip ip-prefix ip-prefix ip-prefix ip-prefix ip-prefix ip-prefix peer1 index 1 permit 2.1.1.
702 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS Example # Configure the LDP authentication mode as MD5, plain-text password 123. system-view [SW8800] interface vlan-interface 201 [3Com-vlan-interface201] mpls ldp password simple 123 mpls ldp path-vectors Syntax mpls ldp path-vectors pv-number undo mpls ldp path-vectors View System view Parameter pv-number: Maximum value of path vector, ranging from 1 to 32.
LDP Configuration Commands 703 Description Use the mpls ldp remote-peer command to create a Remote-peer entity and enter remote-peer view. Use the undo mpls ldp remote-peer command to delete a Remote-peer entity. You can use this command to create a Remote-peer and accordingly create a Remote-session. Related command: remote-ip. Example # Create a Remote-peer. system-view [SW8800] mpls ldp remote-peer 22 [3Com-mpls-remote22] # Delete a Remote-peer.
704 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS undo mpls ldp timer { session-hold | hello } In remote-peer view: mpls ldp timer { targeted-session-hold | targeted-hello } { holdtime holdtime | interval interval } undo mpls ldp timer { targeted-session-hold | targeted-hello } { holdtime | interval } View VLAN interface view, remote-peer view Parameter hello hello-holdtime: Specifies the hold time (i.e. timeout time) of the Hello hold timer, in the range of 6 to 65535 (seconds).
LDP Configuration Commands 705 You can usually use the default values if not in special cases, Note that you must reset the session to validate new values if you do modify these timer parameters. Related command: mpls ldp and mpls ldp enable. Example # Modify the hold time of the Hello timer to 30 seconds.
706 CHAPTER 39: MPLS BASIC CONFIGURATION COMMANDS [3Com-Vlan-interface201] mpls ldp transport-ip 10.1.11.2 remote-ip Syntax remote-ip remoteip View remote-peer view Parameter remoteip: IP address of the Remote-peer. Description Use the remote-ip command to configure a Remote-IP address. The address should be the lsr-id of the remote LSR. As Remote Peers adopt LSR ID as their transport addresses, the last two Remote Peers use the lsr-id as their transport addresses for creating TCP connection.
BGP/MPLS VPN CONFIGURATION COMMANDS 40 n aggregate Refer to the 05-Routing Protocol Commands Module of the 3Com Switch 8800 Family Command Manual for the details about the if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, apply ip next-hop, apply local-preference, apply origin, apply tag commands and the related commands.
708 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS The function of the keywords involved in the above commands is shown in the following table. Table 93 Keywords function Keyword Function as-set By setting this keyword, you can create an aggregated route whose AS path contains the information of all the aggregation routes. This keyword is not recommended when aggregating many AS paths because frequent changes of the specific route may result in routing oscillation.
LDP Configuration Commands debugging bgp 709 Syntax debugging bgp { all | event | normal | { keepalive | mp-update | open | packet | route-refresh | update } [ receive | send ] [ verbose ] } undo debugging bgp { all | event | normal | keepalive | mp-update | open | packet | route-refresh | update } View User view Parameter all: Enables all types of BGP debugging. event: Enables BGP event debugging. normal: Enables BGP common function debugging. keepalive: Enables BGP Keepalive packet debugging.
710 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS View VPNv4 sub-address family view Parameter value: Value of the local precedence, ranging from 0 to 4294967295. A greater value enjoys higher precedence. The default local precedence is 100. Description Use the default local-preference command to configure the local precedence for BGP routing in VPN. Use the undo default local-preference command to restore the default configuration.
LDP Configuration Commands description 711 Syntax description vpn-instance-description undo description View VPN-instance view Parameter vpn-instance-description: Specifies the description of a specified VPN instance. Description Use the description command to configure description for a specified VPN instance. Use the undo description command to remove the description of this VPN instance. Example # Display the VPN description.
712 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Description Use the display bgp vpnv4 command to view the VPN address in BGP table. Example # Display all the BGP VPNv4 routing tables. display bgp vpnv4 all routing-table Flags: # - valid ^ - active I - internal D - damped H - history S - aggregate suppressed In/out As Dest/mask Next-hop Med Local-pref label path ---------------------------------------------------------------Route Distinguisher:1.1.1.1:1 (VPN instance:v1) #^ 1.0.0.0 0.0.0.
LDP Configuration Commands 713 Med : 1563 In/Out label : 1024/- display ip routing-table vpn-instance Syntax display ip routing-table vpn-instance vpn-instance-name [ [ ip-address ] | [ verbose ] statistics ] View Any view Parameter vpn-instance-name: Name assigned to VPN-instance. ip-address: Displays information of the specified address statistics: Displays statistics of routes. verbose: Displays detailed information.
714 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Description Use the display ip vpn-instance command to view the information related to VPN-instance, such as RD, description, and interfaces of the VPN instance. Example # Display the information about VPN-instance VPN 1.
LDP Configuration Commands 715 Table 94 Description on the fields of the command Field Description I/O-LABEL Incoming/Outgoing label. VPN labels (labels advertised with VPNV4 routes) will be displayed in case of uni-hop EBGP cross-AS MPLS L3 VPN networking, and tunneling labels (labels advertised with unicast routes and labels advertised by LDP protocol) will be displayed in case of multi-hop EBGP cross-AS MPLS L3 VPN networking.
716 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS display rip vpn-instance Syntax display rip vpn-instance vpn-instance-name View Any view Parameter vpn-instance vpn-instance-name: Specifies a VPN instance name. Description Use the display rip vpn-instance command to view the configuration related to VPN instance of RIP. Example # View the specified VPN instance configuration of RIP.
LDP Configuration Commands 717 from OSPF internal routes, it is required to restore the attributes of BGP routes when they are imported to OSPF at the remote end. To achieve this goal, we can configure a Domain-id for each OSPF domain. A Domain-id is attached to a BGP/VPN route when an OSPF route is imported into BGP/VPN for transmission over BGP/VPN routes. Then when BGP routes are imported to the peer PE, LAS values are filled in according to the extended community attributes.
718 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS filter-policy import Syntax filter-policy [ ip-prefix ip-prefix-name ] gateway ip-prefix-name import undo filter-policy [ ip-prefix ip-prefix-name ] gateway ip-prefix-name import filter-policy { acl-number | ip-prefix ip-prefix-name } import undo filter-policy { acl-number | ip-prefix ip-prefix-name } import View VPNv4 sub-address family view, VPN instance sub-address family view Parameter acl-number: ACL number, ranging from 2000 to 3999 to match the d
LDP Configuration Commands 719 Parameter group-name: Name of a neighbor peer group. It can be expressed in string of letters and numbers from 1 to 47 in length. internal: Creates an internal peer group. external: Creates an external peer group including other sub-AS groups in federation. Description Use the group command to create a BGP peer group in VPN-instance. Use the undo group command to delete a specified BGP peer group. By default, the MP-IBGP peer is created.
720 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS undo if-match vpn-target View Route-policy view Parameter vpn-target: Route VPN-target attribute values used for matching, in ASN:nn or IP-address:nn format. count: Number of the route VPN-target values used for matching, in the range of 2 to 65535. Description Use the if-match vpn-target command to match the route’s vpn-target attribute.
LDP Configuration Commands import-route 721 syntax import-route { { ospf | ospf-ase | ospf-nssa } [ process-id ] | direct | rip | static } [med value | route-policy route-policyname ] undo import-route { { ospf | ospf-ase | ospf-nssa } [ process-id ] | direct | rip | static } View VPN-instance sub-address family view Parameter process-id: OSPF process ID, ranging from 1 to 65535. By default, it is 1.
722 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Description Use the ip binding vpn-instance command to bind a VLAN interface to a VPN-instance. Use the undo ip binding vpn-instance command to delete the binding. By default, global routing table is used. You need to reconfigure the IP address for an interface since this command deletes the original IP address. Example # Bind the VLAN201 interface to the VPN-instance VPN 1.
LDP Configuration Commands 723 preference-value: Specifies preference value, ranging from 1 to 255, By default it is 60. public: Configures a route as public network route. reject: Configures a route as unreachable. blackhole: Configures a route as blackhole. Description Use the ip route-static vpn-instance command to configure a static route by specifying an interface of a private network as an egress interface.
724 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS ipv4-family Syntax BGP view, VPN-instance sub-address family view or VPNv4 sub-address family view: ipv4-family { vpn-instance vpn-instance-name | vpnv4 [ unicast ] } undo ipv4-family { vpn-instance vpn-instance-name | vpnv4 [ unicast ] } RIP view: ipv4-family [ unicast ] vpn-instance vpn-instance-name undo ipv4-family [ unicast ] vpn-instance vpn-instance-name View BGP view, VPN-instance sub-address family view or VPNv4 sub-address family view, and RIP
LDP Configuration Commands 725 [SW8800] bgp 100 [3Com-bgp] ipv4-family vpn-instance abc [3Com-bgp-af-vpn-instance] # Enter VPNv4 sub-address family view. [SW8800] bgp 100 [3Com-bgp] ipv4-family vpnv4 unicast [3Com-bgp-af-vpn] nesting-vpn Syntax nesting-vpn undo nesting-vpn View BGP-VPNv4 sub-address family view Parameter None Description Use the nesting-vpn command to enable the nested VPN function. Use the undo nesting-vpn command to disable this function.
726 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Description Use the network command to configure the network route advertised to the outside by local BGP. Use the undo network command to cancel the configuration. By default, local BGP does not advertise any route to the outside. Example # Configure local router to advertise the routing with the destination network segment 10.0.0.0/16. [3Com-bgp-af-vpn-instance] network 10.0.0.1 255.255.0.
LDP Configuration Commands 727 If you enable an OSPF process without specifying a Router ID, and the process is to be bound to a VPN instance, the VPN instance should have an interface that is configured with an IP address. If you want to bind a process to a VPN instance, you must specify the VPN instance name. One VPN instance may include several processes. For example, for VPN1, you can configure the commands OSPF 1 VPN-instance VPN1, OSPF2 VPN-instance VPN1, and OSPF3 VPN-instance VPN1.
728 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS [SW8800] ospf 100 router-id 2.2.2.2 vpn-instance vpn1 [3Com-ospf-100] peer advertise-community Syntax peer group-name advertise-community undo peer group-name advertise-community View VPNv4 sub-address family view, VPN-instance sub-address family view Parameter group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
LDP Configuration Commands 729 Description Use the peer allow-as-loop command to allow loop in the route updates in the Hub & Spoke networking mode. Use the undo peer allow-as-loop command to prohibit loop in the route updates. By default, loop is prohibited in the received routing updates; by using the peer allow-as-loop command, loop is allowed in the received routing updates. The default value of asn-limit argument is 3. Standard BGP tests loop using AS number.
730 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Example # Set the opposite AS number of a specified peer (group) to 100.
LDP Configuration Commands 731 acl-number: AS regular expression ACL number, ranging 1 to 199. import: Filters the received routes with AS path list. Description Use the peer as-path-acl import command to configure peers from filter received routing information with routing filtering policy based on AS path list. Use the undo peer as-path-acl import command to cancel the configuration. By default, there is no filtering policy based on AS path list.
732 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Example # Allow the internal BGP session to use any operable interface for a TCP connection. [3Com-bgp] ipv4-family vpn-instance test [3Com-bgp-af-vpn-instance] peer 1.1.1.
LDP Configuration Commands 733 Description Use the peer default-route-advertise vpn-instance command to enable a peer to import a default route. Use the undo peer default-route-advertise vpn-instance to restore the configuration. By default, a peer does not import a default route. This command does not require any default route in the routing table but transmits a default route whose next hop address is itself to the peer unconditionally. Example # Enable the peer test to import a default route.
734 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS peer ebgp-max-hop Syntax peer group-name ebgp-max-hop [ ttl ] undo peer group-name ebgp-max-hop View VPN-instance sub-address family view Parameter group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. peer-address: Peer IP address. ttl: Maximum hops, in the rang of 1 to 255 and is 64 by default.
LDP Configuration Commands 735 Example # Enable the peer group 168. [3Com-bgp] ipv4-family vpnv4 [3Com-bgp-af-vpn] peer 168 enable peer filter-policy export Syntax peer group-name filter-policy acl-number export undo peer group-name filter-policy acl-number export View VPNv4 sub-address family view, VPN-instance sub-address family view Parameter group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. acl-number: IP ACL number ranging from 2000 to 3999.
736 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Parameter group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. peer-address: Peer IP address, in dotted decimal notation. acl-number: IP ACL number from 2000 to 3999, that is, you can use basic or advanced ACL. import: Performs the filtering policy on the received routes. Description Use the peer filter-policy import command to apply the ACL-based filtering policy to the received routing information for peers.
LDP Configuration Commands 737 In BGP view and VPN-instance sub-address family view, when adding a peer to an external group out of an AS, you need to specify an AS number. When adding a peer to an internal group or an external group in an AS, the AS number is not needed. A peer must have been added in a group in BGP view before it can be added to another group in multicast sub-address family view or VPNv4 sub-address family view.
738 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS peer ip-prefix import Syntax peer { group-name | peer-addess } ip-prefix prefixname import undo peer { group-name | peer-addess } ip-prefix prefixname import View VPNv4 sub-address family view, VPN-instance sub-address family view Parameter group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. peer-address: Peer IP address in dotted decimal notation.
LDP Configuration Commands 739 Use the undo peer label-route-capability command to disable a peer group from handling the label-carried IPv4 routes. By default, a BGP peer group cannot handle label-carried IPv4 routes. Example # Enable IBGP peer group and EBGP peer group to handle the label-carried IPv4 routes.
740 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS peer-address: Peer IP address in dotted decimal notation. cipher: Displays the password in cipher text. simple: Displays the password in plain text. password: Password string. When you provide the cipher argument but input the password in plain text, or if you provide the simple argument, the password is one to 16 characters in length. When you provide the cipher argument and input the password in cipher text, the password must be 24 in length.
LDP Configuration Commands 741 Use the undo peer public-as-only command to configure BGP to carry private AS numbers when transmitting update packets. By default, private AS numbers are carried when BGP transmits update packets. Generally, BGP carries AS number (either public or private AS number) when transmitting BGP update packets. BGP can be configured not to carry private AS number so that some egress routers may ignore private AS number when transmitting BGP update packets.
742 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS View VPNv4 sub-address family view, VPN-instance sub-address family view Parameter group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. policy-name: Name of a routing policy. Description Use the peer route-policy export command to apply the routing policy to peer group for advertised routing information. Use the undo peer route-policy export command to cancel the configuration. By default, there is no routing policy.
LDP Configuration Commands 743 The incoming filtering policy configured for peers take precedence over the configuration for peer groups. Related command: peer route-policy export. Example # Apply the routing policy test-policy to the incoming routes of the peer group test.
744 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Parameter group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters. peer-address: Peer IP address in dotted decimal notation. keepalive-interval: Interval, in seconds, of sending the Keepalive message. It ranges from 1 to 65535 and defaults to 60. holdtime-interval: Holdtime, in seconds. It ranges from 3 to 65535 and defaults to 180.
LDP Configuration Commands 745 undo peer group-name vpn-instance vpn-instance-name enable View BGP-VPNv4 sub-address family view Parameter group-name: Name of a peer group. vpn-instance-name: Name of the VPN instance the CE peer belongs to. enable: Enables VPNv4 function for the CE. Description Use the peer vpn-instance enable command to enable the VPNv4 function for the BGP peer group of a CE. Use the undo peer vpn-instance enable command to disable the function.
746 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Example # Add a CE neighbor to a peer group. [3Com-bgp] ipv4-family vpn-instance vrf1 [3Com-bgp-af-vpn-instance] peer 1.1.1.1 group ebgp as-number 600 [3Com-bgp-af-vpn-instance] quit [3Com-bgp] ipv4-family vpnv4 [3Com-bgp-af-vpn] peer 1.1.1.
LDP Configuration Commands 747 Parameter None Description Use the policy vpn-target command to configure to filter the VPN-target extended community attributes of received routing information. Use the undo policy vpn-target command to cancel the setting. By default, the filtering of VPN-target extended community attribute is conducted. Example # Filter the VPN-target extended community attributes of the received routing information.
748 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS View Fast Ethernet port view Parameter None Description Use the port vpn-range share-mode command to set the range of MPLS/VPN VLAN vlan-id on the interface to 4K. Use the undo port vpn-range share-mode command to restore the default MPLS/VPN VLAN vlan-id range, which is 0 to 1023. n ■ Ports supporting this function stop supporting the application of ACL rules.
LDP Configuration Commands 749 Example # Set the preference of the preference of the routes learned from the EBGP peer to 2, the preference of the routes learned from the IBGP peer to 3 and the preference of the local routes to 4.
750 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Use the undo reflector cluster-id command to delete the configuration. By default, each router reflector uses his own ID as a cluster ID. Usually, one cluster has one router reflector. And it is the router ID of the reflector to identify this cluster. Several router reflectors make the network more stable. If one cluster has several router reflectors, set the same cluster to all the reflectors ID with this command.
LDP Configuration Commands route-tag 751 Syntax route-tag tag-number undo route-tag View OSPF protocol view Parameter tag-number: Tag value to identify VPN import route, in the range of 0 to 4294967295. By default, its first two bytes are fixed to 0xD000, while the last two bytes are the ASN of local BGP. For example, if the local BGP ASN is 100, then the default tag value in decimal is 3489661028. The value is an integer from 0 to 4294967295.
752 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS OSPF: Reboot the system or use the ’reset ospf ID’ command for this to take effect timer Syntax timer keep-alive keepalive-interval hold holdtime-interval undo timer View VPN-instance sub-address family view Parameter keepalive-interval: Time interval, in seconds, of sending Keepalive messages. It ranges from 1 to 65535 and defaults to 60. holdtime-interval: Hold time, in seconds. It ranges from 3 to 65535 and defaults to 180.
LDP Configuration Commands 753 ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL. acl-number is in the range of 2000 to 3999. acl-name is a string beginning with English letters (a to z and A to Z) with no spaces or quotation marks between. rule rule: Optional, ACL matching statement, in the range of 0 to 127. All matching statements will be selected if you skip this keyword.
754 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS Description Use the routing-table limit command to limit the route maximum in a VPN-instance. Use the undo routing-table limit command to cancel the limitation. It is necessary to enter a VPN-instance sub-view before using the routing-table command. Create a VPN-instance routing table in this view and allocate a route distinguisher (RD) in either of the following formats: 16-bit ASN: A 32-bit user-defined number, for example, 100:1.
LDP Configuration Commands 755 key: Authentication on the interface. keyid is from 1 to 255 and key is a string up to 16 characters. It must be consistent with the authentication of a Sham-link peer. When the display current-configuration command is executed, the system displays the 24-character MD5 authentication in cipher text. You can also input a 24-character authentication in cipher text. dead seconds: Specifies the interval, in seconds, for the dead timer.
756 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS ■ The source and destination addresses of a sham link cannot be the same. ■ The same sham link cannot be configured for different OSPF processes. ■ 50 sham links can be configured for an OSPF process at most. Example # Configure a Sham-link, with its source address 1.1.1.1 and destination address 2.2.2.2. [3Com-ospf-100-area-0.0.0.1] sham-link 1.1.1.1 2.2.2.
LDP Configuration Commands 757 Use the undo vlan vpn-range command to restore the default MPLS label range for the card. After vpn-range is enabled on the card, the range of MPLS/VPN VLAN vlan-id that can be configured on the 12 interfaces on the card is 4K, but not the default value of 1K. Related command: port trunk mpls vlan. n ■ This command is actually effective for only the first 12 ports on the card.
758 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS they both support multi-VPN-instance, Multi-VPN-Instance CE does not necessarily support BGP/OSPF interoperability. When an OSPF process is bound to a VPN instance, the default OSPF router is PE router. This command will remove the default setting and change a router into a Multi-VPN-Instance CE. . After the configuration, OSPF processes will reestablish all its neighbors. DN bits and Route-tag will not be checked in routing calculation.
LDP Configuration Commands 759 Description Use the vpn-target command to create a VPN-target extended community for VPN-instance. Use the undo vpn-target command to remove the VPN-target extended community attributes. By default, the default value is both. Use the vpn-target command to create ingress and egress route target extended community lists for a specified VPN-instance. Execute this command once for each target community.
760 CHAPTER 40: BGP/MPLS VPN CONFIGURATION COMMANDS
MPLS VLL CONFIGURATION COMMANDS 41 n L2VPN mentioned below refers to VLL L2VPN. CCC Configuration Commands ccc Syntax ccc ccc-connection-name interface vlan-interface vlan-id { transmit-lsp transmit-lsp-name receive-lsp receive-lsp-name | out-interface outinterface-type outinterface-number } undo ccc ccc-connection-name View System view Parameter ccc-connection-name: Name of the CCC (circuit cross connect) connection, which is used to uniquely identify the CCC connection in the PE (provider edge).
762 CHAPTER 41: MPLS VLL CONFIGURATION COMMANDS Example # Create a remote CCC connection, with the name of clink, the transmitting LSP of tlsp, and the receiving LSP of rlsp. [SW8800] ccc clink interface vlan-interface 201 transmit-lsp tlsp receive-lsp rlsp # Create a local CCC connection, with the name of clink, and the interfaces connecting to the two CEs being the interfaces of VLAN 201 and VLAN 301 respectively.
CCC Configuration Commands 763 View Any view Parameter ccc-name: Name of the CCC connection whose information is to be displayed. type local: Displays information about the local CCC connections only. type remote: Displays information about the remote CCC connections only. Description Use the display ccc command to display the information about specified CCC connections. Example # Display information about the CCC connection named c-link.
764 CHAPTER 41: MPLS VLL CONFIGURATION COMMANDS [3Com-mpls] static-lsp egress bj-sh l2vpn incoming-interface vlaninterface 201 in-label 233 static-lsp ingress Syntax static-lsp ingress lsp-name l2vpn nexthop next-hop-addr out-label out-label undo static-lsp ingress lsp-name View MPLS view Parameter lsp-name: Name of the LSP. next-hop-addr: Address of the next hop. out-label: Value of the out-label, ranging from 16 to 1,023.
Martini MPLS L2VPN Configuration Commands 765 out-label: Value of the out-label, ranging from 16 to 1,023. Description Use the static-lsp transit command to create a static L2VPN LSP for the midway transmitting LSR. Use the undo static-lsp transit command to remove the static L2VPN LSP created for the midway transmitting LSR. You need to create two LSPs (for transmitting and receiving) before creating a remote CCC connection.
766 CHAPTER 41: MPLS VLL CONFIGURATION COMMANDS Interface: Vlan-interface1001State: down, Encapsulation: ethernet, Service: VLL VC-ID: 10001, VC State: down, Destination: 1.1.1.1 Group ID: Local 0, Remote 0, VC Label: Local 32771, Remote 0, Tunnel Type: LSP, Tunnel Index: 23 mpls l2vc Syntax mpls l2vc ip-address vc-id undo mpls l2vc View VLAN interface view Parameter ip-address: IP address of LSR-ID on the peer PE. vc-id: ID of the VC, ranging from 1 to 4,294,967,295.
Kompella MPLS L2VPN Configuration Commands 767 id: CE ID, which is used to uniquely identify a CE in the VPN. This argument ranges from 0 to 499. offset: Specifies the default original CE offset. range: CE Range, the maximum number of CEs that can be connected to the CE. This argument ranges from 1 to 500. Description Use the ce command to create a CE or modify the CE Range. Use the undo ce command to remove a CE. The corresponding CE view is created when you create a CE.
768 CHAPTER 41: MPLS VLL CONFIGURATION COMMANDS You need to configure the route distinguisher (RD) for the MPLS L2VPN before creating a CE connection. Related command: mpls l2vpn encapsulation. Example # Create a CE connection.
Kompella MPLS L2VPN Configuration Commands 769 Parameter vsi-name: Name of the VPN instance. local-ce: Displays the state and configuration of the local CE of a specified VPN instance. remote-ce: Displays the state and configuration of the remote CE of a specified VPN instance. down: Displays the information about L2VPN whose CE interfaces are Down. remote-ce: Displays the state and configuration of the remote CE. up: Displays the information L2VPN whose CE interfaces are Up.
770 CHAPTER 41: MPLS VLL CONFIGURATION COMMANDS View BGP view Parameter None Description Use the l2vpn-family command to create L2VPN address family view. Use the undo l2vpn-family command to remove L2VPN address family view. Example # Create L2VPN address family view. [SW8800] bgp 100 [3Com-bgp] l2vpn-family [3Com-bgp-af-l2vpn] mpls l2vpn Syntax mpls l2vpn undo mpls l2vpn View System view Parameter None Description Use the mpls l2vpn command to enable L2VPN.
Kompella MPLS L2VPN Configuration Commands 771 View System view Parameter vpn-name: Name of the VPN, which must be unique in the PE. This argument is 1 to 20 characters in length. encapsulation: User access encapsulation type. Two types are supported currently: Ethernet access and VLAN access. Description Use the mpls l2vpn encapsulation command to create a Kompella MPLS L2VPN, specify the encapsulation type, and enter MPLS L2VPN view. Use the undo mpls l2vpn command to remove a Kompella MPLS L2VPN.
772 CHAPTER 41: MPLS VLL CONFIGURATION COMMANDS peer enable Syntax peer { group-name | peer-address } enable undo peer { group-name | peer-address } enable View L2VPN address family view Parameter group-name: Name of the peer group. This argument specifies the entire peer group. peer-address: IP address of a peer. This argument specifies a specific peer. Description Use the peer enable command to activate a specified peer or peer group in L2VPN address family view.
VPLS CONFIGURATION COMMANDS 42 n The VPLS commands require the 3C17548 VPLS Application Module. VPLS Configuration Commands bandwidth Syntax bandwidth bw-limit View VSI view Parameter bw-limit: Limit on Virtual Switching Instance (VSI) rate, which is in kbit/s. The system automatically takes the smallest number that can be exactly divided by 64. By default, VSI rate is limited at 102,400 kbit/s.. Description Use the bandwidth command to configure a limit on VSI bandwidth.
774 CHAPTER 42: VPLS CONFIGURATION COMMANDS Description Use the broadcast-restrain command to configure the percentage of VSI broadcast suppression. In the VSI, the part of broadcast traffic (including broadcast, multicast, unknown unicast) beyond the suppression percentage is discarded. Example # Set the broadcast suppression percentage of VSI 3Com to 10%.
VPLS Configuration Commands 775 You can also customize the mapping relationship between user priority and PSN COS and directly specify the COS for user data transmitted over PSN for each of the user priorities 0 to 7 by configuring p-p-p-p-p-p-p-p. Example # Set the COS of VSI 3Com to 8.
776 CHAPTER 42: VPLS CONFIGURATION COMMANDS event: Enables debugging for event notification among modules. Loadshare: Enables debugging for load sharing. Description Use the debugging mpls l2vpn command to enable individual kinds of L2VPN debugging. Use the undo debugging mpls l2vpn command to disable the corresponding debugging. By default, all L2VPN debugging is disabled. Example # Enable debugging for L2VPN errors.
VPLS Configuration Commands 777 Example # Display the MAC forwarding entries of VSI 3Com. display mac-address vsi 3Com MAC ADDR STATE VPN ID 0004-0000-005b dynamic 150 --- 1 mac address(es) found --- display vpls connection PEER Vlan-interface10 AGING TIME AGING Syntax display vpls connection [ vsi vsi-name ] [ peer peer-ip ] [ up | down | block ] [ verbose | statistics ] View Any view Parameter vsi: Specifies a VSI. vsi-name: VSI name. peer: Specifies a peer PE.
778 CHAPTER 42: VPLS CONFIGURATION COMMANDS Table 98 Brief description on the fields of a VC display vsi Field Description MTU Specifies the MTU of the VSI Status VSI service status: open (enabled) or shutdown (closed) VCID Virtual circuit ID EncapType Encapsulation type PeerAddr IP address of peer PE Lcl-Label Local label, namely, label that the local device assigns the peer PE. Rmt-Label Remote label, namely, label that the remote PE assigns the local device.
VPLS Configuration Commands 779 Table 99 Detailed description on the fields of a VC Field Description Bandwidth VSI bandwidth limit Broadcast-restrain Percentage of VSI broadcast suppression encapsulation CoS Class of Service CoS-table Service registration mapping table of user priority on the PSN Mac-table limit Limit on the number of MAC forwarding entries of the VSI Command encapsulation { vlan | ethernet } View VSI view Parameter encapsulation: Specifies the VC encapsulation type of the VS
780 CHAPTER 42: VPLS CONFIGURATION COMMANDS Example # Configure the label range ID corresponding to the VSI as 2. system-view view [SW8800] vsi 3Com static [3Com-vsi-3Com] label-range 2 l2 binding vsi Syntax l2 binding vsi vsi-name [ access-mode { vlan | ethernet } ] undo l2 binding vsi vsi-name [ encapsulation { vlan | ethernet } ] View VLAN interface view Parameter vsi-name: VSI name. access-mode: Specifies the user access encapsulation type. The default access encapsulation type is Ethernet.
VPLS Configuration Commands 781 [3Com-GigabitEthernet3/1/4] interface vlan-interface 100 [3Com-Vlan-interface100] undo ip address [3Com-Vlan-interface100] L2 binding vsi 3Com c mac-address CAUTION: ■ If you have enabled GVRP, STP or 802.1x protocol for a port, you are prohibited from enabling VLAN VPN feature for the port. ■ If you have enabled IGMP Snooping or IGMP for the VLAN which the port belongs to, you are prohibited to enable VLAN VPN feature for the port.
782 CHAPTER 42: VPLS CONFIGURATION COMMANDS Description Use the mac-address command to configure a static MAC address for a VSI. The address you configured can be either a MAC address on a local VSI or a MAC address on a remote peer. Use the undo mac-address command to disable the configuration. Note that when you configure a MAC address for a remote peer with the peer keyword provided, if you specify the VLAN-interface, the command configures the MAC address for a local peer.
VPLS Configuration Commands 783 Parameter mtu: Value of the access maximum transmission unit (MTU) of a VSI, in the range of 128 bytes to 8,192 bytes. By default, MTU is 1,500 bytes. Description Use the mtu command to specify the MTU value for user access packets of this VSI. This mtu value is also that for PW. MTU value is an integral characteristic of a VSI, and all MTU values of the peer PEs of the instance must be consistent. Use the undo mtu command to restore the default MTU value.
784 CHAPTER 42: VPLS CONFIGURATION COMMANDS Description Use the peer command to create a VPLS peer PE contained in an instance. When you create a VPLS peer PE, you must specify an IP address and peer type for the peer PE. Use the undo peer command to remove the specified VPLS peer PE.
VPLS Configuration Commands 785 Description Use the rule permit mpls l2label-range command to add a rule for the Link ACL. The MPLS label range ID corresponding to the rule is range-id. In this case, the corresponding label range is 128K + range-id Ðó 16K ~ 128K + (range-id + 1) Ðó 16K - 1. If no range-id is provided, by default, the label range corresponding to the rule is 128K ~ 256K - 1. Example # Create a rule of the Link ACL. The label range corresponding to the rule is 128K ~ 256K - 1.
786 CHAPTER 42: VPLS CONFIGURATION COMMANDS Description Use the pwsignal command to specify a PW signaling protocol for a VSI and enter VSI-LDP view. Specifying LDP as the PW signaling protocol for the VSI takes you to the VSI-LDP view. By default, the VSI uses LDP as the PW signaling protocol. Example # Set LDP as the PW signaling protocol for VSI 3Com and enter the VSI-LDP view.
VPLS Configuration Commands 787 Parameter None Description Use the shutdown command to shut down the service of the VSI. When the service of the VSI is shut down, the system does not process any traffic for this VSI. Use the undo shutdown command to restore the service for the VSI. Example # Shut down the service of VSI 3Com. system-view [SW8800] vsi 3com static [3Com-vsi-3Com] shutdown # Restore the service of VSI 3Com.
788 CHAPTER 42: VPLS CONFIGURATION COMMANDS View System view Parameter vsi: Creates a VSI or enter the VSI view. vsi-name: VSI name, a locally unique string of 1 to 20 alphanumeric characters. static: Indicates that the peer discovery mechanism is static manual configuration. When you create a VSI, you must specify to manually configure the mechanism, but you do not need to specify the configuration mode after the VSI is created and you are in the VSI view.
VRRP CONFIGURATION COMMANDS 43 VRRP Configuration Commands debugging vrrp Syntax debugging vrrp { state | packet | error } undo debugging vrrp { state | packet | error } View User view Parameter state: Debugs VRRP state. packet: Debugs VRRP packets. error: Debugs VRRP errors. Description Use the debugging vrrp command to enable the VRRP debugging. Use the undo debugging vrrp command to disable the VRRP debugging. By default, the VRRP debugging is disabled. Example # Enable VRRP state debugging.
790 CHAPTER 43: VRRP CONFIGURATION COMMANDS Description Use the display vrrp command to view the information about the VRRP state. If the interface name and virtual router ID are not specified, the state information about all the virtual routers on the switch will be displayed. If only the interface name is specified, the state information about all the virtual routers on the interface will be displayed.
VRRP Configuration Commands 791 Parameter None Description Use the display vrrp ifm command to display the configuration information of the VRRP-enabled IFM device. Example # Display the configuration information of the VRRP-enabled IFM device.
792 CHAPTER 43: VRRP CONFIGURATION COMMANDS Become Master Advertise Rcvd Advertise Sent display vrrp summary : 0 : 0 : 0 Priority Zero Pkts Rcvd Priority Zero Pkts Sent Invalid Type Pkts Rcvd : 0 : 0 : 0 Syntax display vrrp summary View Any view Parameter None Description Use the display vrrp summary command to view the VRRP summary information on the switch. Example # Display the VRRP summary information on the switch.
VRRP Configuration Commands reset vrrp statistics 793 Syntax reset vrrp statistics [ vlan-interface interface-number [ virtual-router-ID ] ] View User view Parameter statistics: VRRP statistics. vlan-interface interface-number: Interface name. virtual-router-ID: VRRP virtual router ID, ranging from 1 to 255. Description Use the reset vrrp statistics command to clear the statistics information about VRRP.
794 CHAPTER 43: VRRP CONFIGURATION COMMANDS If the simple or md5 authentication is configured, it is required to set the authentication key. This command is used to configure the authentication type and key for all the VRRP virtual routers on an interface. As defined in the protocol, all the virtual routers on an interface shall use the same authentication type and key. And all the members joining the same virtual router shall also use the same authentication type and key.
VRRP Configuration Commands 795 View System view Parameter real-mac: Uses the real MAC address of the interface to match the virtual IP address of the virtual router in VRRP backup. virtual-mac: Uses the virtual MAC address of the interface to match the virtual IP address of the virtual router in VRRP backup.
796 CHAPTER 43: VRRP CONFIGURATION COMMANDS Use the undo vrrp ping-enable command to disable the function. By default, the ping function is enabled. You can only use the commands before configuring any virtual router. If a virtual router is already established on the switch, it is not allowed to use the vrrp ping-enable command the undo vrrp ping-enable command to modify the configuration any more. Example # Enable to ping the virtual IP address of the virtual router.
VRRP Configuration Commands 797 Description Use the vrrp vrid preempt-mode command to configure the preemption and delay of the virtual router. Use the undo vrrp vrid preempt-mode command to cancel the preemption. By default, virtual router is in preempt mode and delay-value is 0 second. If a higher-priority switch is required to preempt the Master, you need to configure it as preemption. You can also set a delay for the preemption.
798 CHAPTER 43: VRRP CONFIGURATION COMMANDS vrrp vrid timer Syntax vrrp vrid virtual-router-ID timer advertise adver-interval undo vrrp vrid virtual-router-ID timer advertise View VLAN interface view Parameter virtual-router-ID: VRRP virtual router ID, ranging from 1 to 255. adver-interval: VRRP packet interval of the Master in the virtual router in seconds, ranging from 1 to 255; By default, the value is 1s.
VRRP Configuration Commands 799 Description Use the vrrp vrid track command to configure the switch to track the interface. Use the undo vrrp vrid track command to stop tracking the interface. VRRP interface track expends the backup function, which thereby can be implemented not only when the switch fails, but also when the state of a network interface is Down. The user can use this command to track or stop tracking an interface or all the interfaces.
800 CHAPTER 43: VRRP CONFIGURATION COMMANDS # Add a virtual IP address to an existing virtual router. [3Com-vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11 # Delete a virtual IP address. [3Com-vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10 # Delete a virtual router.
44 HA CONFIGURATION COMMANDS_HA_CONFIGURATION HA Configuration Commands debugging ha Syntax debugging ha { all | event | message | state } undo debugging ha { all | event | message | state } View User view Parameter all: All HA debugging switches. event: HA batch backup or tamed event debugging switch. message: Debugging switch for messages received or sent by HA. state: HA state machine state information debugging switch. Description Use the debugging ha command to enable HA debugging.
802 CHAPTER 44: HA CONFIGURATION COMMANDS_HA_CONFIGURATION Description Use the display switchover state command to view the switchover state of master or slave fabric. This command is used to display the switchover state of the master or slave fabric according to the specified slot number. If slot-id is not specified, the status of the fabric will be displayed. Example # Display the switchover state of master fabric. display switchover state HA FSM State(master): Slave is absent.
HA Configuration Commands 803 Description Use the slave auto-update config command to enable automatic synchronization between the master and slave systems. Use the undo slave auto-update config command to disable automatic synchronization between the master and slave systems. By default, automatic synchronization is enabled. Related command: slave update config. Example # Enable automatic synchronous switch between master/slave systems.
804 CHAPTER 44: HA CONFIGURATION COMMANDS_HA_CONFIGURATION using a command if he expects the slave fabric to operate in place of the master fabric. After the switchover, the slave fabric will control the system and the original master fabric will be forced to reset. Example # Enable master-slave switchover manually. slave switchover Caution!!! Confirm switch slave to master[Y/N]?y Starting..... RAM Line....
HA Configuration Commands Example # Configure the system Xbar load mode.
806 CHAPTER 44: HA CONFIGURATION COMMANDS_HA_CONFIGURATION
45 ARP CONFIGURATION COMMANDS ARP Configuration Commands arp non-flooding Syntax arp non-flooding enable undo arp non-flooding enable View Ethernet port view Parameter None Description Use the arp non-flooding enable command to enable the feature that the ARP packets of a port are not broadcast in the VLAN where this port lies. Use the undo arp non-flooding command to disable this feature. By default, ARP request packets are broadcast in the VLAN where the port lies.
808 CHAPTER 45: ARP CONFIGURATION COMMANDS View VLAN view Parameter None Description Use the arp proxy enable command to enable ARP proxy function. Use the undo arp proxy enable command to disable ARP proxy function. By default, ARP proxy function is disabled. You can configure these commands for a VLAN and sub-VLAN. If you enable ARP proxy for a VLAN, the device with ARP proxy function directly forwards received ARP requests in the VLAN.
ARP Configuration Commands 809 Description Use the arp static command to configure the static ARP mapping entries in an ARP mapping table. Use the undo arp static command to delete a static ARP mapping entry from the ARP table. By default, the mapping table of the system ARP is empty and the switch can obtain its address mapping by means of dynamic ARP. The arp static command can be used to configure auto filling of ARP entries.
810 CHAPTER 45: ARP CONFIGURATION COMMANDS arp static multi-port Syntax arp static ip-address mac-address vlan-id multi-port interface-type interface-number [ vpn-instance vpn-instance-name ] ] undo arp ip-address multi-port interface-type interface-number [ vpn-instance vpn-instance-name ] View System view Parameter ip-address: IP address of the ARP mapping entry. mac-address: MAC address of the ARP mapping entry, in the format of H-H-H.
ARP Configuration Commands 811 You can add multiple ports one by one by setting the multicast static ARP entry. To view the configuration, use the display arp multi-port command. Related commands: reset arp, display arp, debugging arp, arp static. Example # In an ARP entry, the IP address is 10.10.10.98, and the MAC address is 0150-0098-0098. Add the outgoing ports Ethernet 6/1/1, Ethernet 6/1/2 and Ethernet 6/1/3 to the ARP entry. [SW8800] arp static 10.10.10.
812 CHAPTER 45: ARP CONFIGURATION COMMANDS packet: ARP packet debugging. Description Use the debugging arp command to enable ARP debugging. Use the undo debugging arp command to disable the corresponding ARP debugging. By default, no ARP debugging is enabled. Related command: arp static, display arp. Example # Enable ARP packet debugging. debugging arp packet *0.771346-ARP-8-S1-arp_send:Send an ARP Packet, operation : 1, sender_eth_addr : 00e0-fc00-3500,sender_ip_addr : 10.110.91.
ARP Configuration Commands 813 smac-address: Source MAC address of all the permitted ARP packets, expressed in dotted decimal format. It can be combined with other restrictive conditions at discretion. If it is set to all zeros, ARP packets of all source MAC addresses are permitted by default. dmac-address: Destination MAC address of all the permitted ARP packets, expressed in dotted decimal format. It can be combined with other restrictive conditions at discretion.
814 CHAPTER 45: ARP CONFIGURATION COMMANDS Description Use the display arp command to view the ARP mapping table. Related command: arp static, reset arp, debugging arp. Example # Display all the ARP entries. display arp | inc 2.2.1 Type: S-Static D-Dynamic IP Address MAC Address VLAN ID Port Name 2.2.2.231 0001-0001-0001 N/A 2.2.1.2 0002-0002-0002 N/A -2 entries found --- n Aging N/A N/A Type N/A N/A S S Character of "." in a regular expression is a wildcard. So, as for "2.2.2.231", "2.2.
ARP Configuration Commands 815 VLAN ID :20 ARP Port-List : Ethernet6/1/2 Ethernet6/1/3 Ethernet6/1/4 *Ethernet6/1/5 Ethernet6/1/6 Ethernet6/1/7 Ethernet6/1/8 Ethernet6/1/9 Ethernet6/1/1 VPN-Name :Public-ARP When a "*" precedes a port, the port is in the Up state; otherwise, the port is in the Down state. display arp proxy Syntax display arp proxy [ vlan vlan-id ] View Any view Parameter vlan-id: Specifies the VLAN ID.
816 CHAPTER 45: ARP CONFIGURATION COMMANDS display arp timer aging Current ARP aging time is 10 minute(s) You can see that the ARP aging time is 10 minutes. display debugging arp Syntax display debugging arp View Any view Parameter None Description Use the display debugging arp command to display the ARP packet debugging information. Example # Display the ARP packet debugging information. display debugging arp ARP packet debugging switch is on, Source IP Address is 8.8.8.
ARP Configuration Commands 817 By default, the gratuitous ARP packet learning function is enabled. By sending gratuitous ARP packets, a network device can: ■ Determine whether or not IP address conflicts exist between it and other network devices. ■ Trigger other network devices to update its hardware address stored in their caches. Example # Enable the gratuitous ARP packet learning function on the switch. system-view System View: return to User View with Ctrl+Z.
818 CHAPTER 45: ARP CONFIGURATION COMMANDS
46 ARP TABLE SIZE CONFIGURATION COMMANDS ARP Table Size Configuration Commands arp max-entry Syntax arp max-entry slot-num max-num undo arp max-entry slot-num View System view Parameter slot-num: Slot number of the card. max-num: Maximum number of ARP entries that can be supported by the specified card. This argument counts in K (1K = 1024) and ranges from 4K to 8K.
820 CHAPTER 46: ARP TABLE SIZE CONFIGURATION COMMANDS undo arp max-aggregation-entry View System view Parameter max-aggnum: Maximum number of ARP entries for aggregation port (that is, aggregation ARP entries) supported by each card. This argument counts in K (1K = 1024). Description Use the arp max-aggregation-entry command to configure the maximum number of aggregation ARP entries that can be supported by each card of the switch.
ARP Table Size Configuration Commands 821 Use the undo arp enable size command to restore the default maximum number of ARP entries supported by the whole switch. By default, the whole switch supports up to 4K ARP entries, each card supports up to 4K ARP entries, and each card supports up to 1K aggregation ARP entries. Example # Configure the maximum number of ARP entries of the whole switch to 64K. system-view System View: return to User View with Ctrl+Z.
822 CHAPTER 46: ARP TABLE SIZE CONFIGURATION COMMANDS .............
DHCP CONFIGURATION COMMANDS 47 General DHCP Configuration Commands dhcp enable Syntax dhcp enable undo dhcp enable View System view Parameter None Description Use the dhcp enable command to enable DHCP service. Use the undo dhcp enable command to disable the DHCP service. For both DHCP server and DHCP relay, you must enable DHCP service first before performing other DHCP configurations. The other related DHCP configurations take effect only after DHCP service is enabled. Example # Enable DHCP service.
824 CHAPTER 47: DHCP CONFIGURATION COMMANDS undo dhcp select { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } View VLAN interface view, system view Parameter global: Specifies to forward DHCP packets to local DHCP server and let the local server assign IP addresses in global address pools to DHCP clients. interface: Specifies to forward DHCP packets to local DHCP server and let the local server assign IP addresses in VLAN interface address pool to DHCP clients.
DHCP Server Configuration Commands 825 View System view Parameter None Description Use the dhcp server detect command to enable fake DHCP server detection. Use the undo dhcp server detect command to disable fake DHCP server detection. Fake DHCP server detection is disabled by default. Example # Enable fake DHCP server detection. system-view System View: return to User View with Ctrl+Z.
826 CHAPTER 47: DHCP CONFIGURATION COMMANDS Each type of debugging concerning DHCP servers is disabled by default. Example # Enable debugging for DHCP server events. debugging dhcp server event display dhcp server forbidden-ip Syntax display dhcp server forbidden-ip View Any view Parameter None Description Use the display dhcp server forbidden-ip command to display forbidden IP addresses in the DHCP address pool. Example # Display forbidden IP addresses in the DHCP address pool.
DHCP Server Configuration Commands 827 interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one VLAN interface, or a range of VLAN interfaces. all: Specifies all VLAN interfaces or all configured IP addresses. Description Use the dhcp server dns-list command to configure one or more DNS server addresses for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
828 CHAPTER 47: DHCP CONFIGURATION COMMANDS interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one VLAN interface, or a range of VLAN interfaces. all: Specifies all VLAN interfaces. Description Use the dhcp server domain-name command to configure a DHCP client domain name for the DHCP address pool of the current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
DHCP Server Configuration Commands 829 interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one VLAN interface, or a range of VLAN interfaces. all: Specifies all VLAN interfaces. Description Use the dhcp server expired command to set the IP address lease time for the DHCP address pool of current VLAN interface, or for the DHCP address pool(s) of the specified VLAN interface(s).
830 CHAPTER 47: DHCP CONFIGURATION COMMANDS Related command: dhcp server ip-pool, network, static-bind ip-address, and dhcp server static-bind. Example # Forbid the IP addresses from 10.110.1.1 to 10.110.1.63 to be automatically assigned. system-view System View: return to User View with Ctrl+Z. [SW8800] dhcp server forbidden-ip 10.110.1.1 10.110.1.
DHCP Server Configuration Commands 831 undo dhcp server nbns-list { ip-address | all } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } View VLAN interface view, system view Parameter ip-address: NetBIOS server IP address. You can specify up to eight IP addresses (separated by spaces) in one command. interface vlan-interface vlan-id [ to vlan-interface vlan-id ]: Specifies one VLAN interface, or a range of VLAN interfaces.
832 CHAPTER 47: DHCP CONFIGURATION COMMANDS undo dhcp server netbios-type { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } View VLAN interface view, system view Parameter b-node: Specifies b-node to be the NetBIOS node type. DHCP clients of this node type establish host name-to-IP address mapping by broadcasting. (b stands for broadcast.) p-node: Specifies p-node to be the NetBIOS node type.
DHCP Server Configuration Commands 833 dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address [ ip-address ] } { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } undo dhcp server option code { interface vlan-interface vlan-id [ to vlan-interface vlan-id ] | all } View VLAN interface view, system view Parameter code: Option code customized by user. This argument ranges from 2 to 254. ascii ascii-string: Specifies a string comprising ASCII characters.
834 CHAPTER 47: DHCP CONFIGURATION COMMANDS View System view Parameter packets number: Sets the maximum times to send ping packets. The number argument ranges from 0 to 10 and defaults to 2. Value of 0 specifies not to send any ping packet. timeout milliseconds: Sets the maximum time to wait for a response to a ping packet. The milliseconds argument is in the unit of milliseconds; it ranges from 0 to 10000 and defaults to 500.
DHCP Server Configuration Commands 835 Parameter ip-address: IP address to be bound statically. Note that the IP address must be a valid IP address in the address pool of the current VLAN interface. mac-address: MAC address for the IP address to be bound to. Description Use the dhcp server static-bind command to statically bind an IP address in the address pool of the current VLAN interface to a MAC address. Use the undo dhcp server static-bind command to remove a statically bound IP address entry.
836 CHAPTER 47: DHCP CONFIGURATION COMMANDS Table 105 Description on the fields of the display dhcp server conflict command display dhcp server expired Field Description Address The IP address that causes the conflict Discover Time The time when the conflict is discovered Syntax display dhcp server expired { ip ip-address | pool [ pool-name ] | interface [ vlan-interface vlan-id ] | all } View Any view Parameter ip ip-address: Specifies an IP address.
DHCP Server Configuration Commands display dhcp server free-ip 837 Syntax display dhcp server free-ip View Any view Parameter None Description Use the display dhcp server free-ip command to display the ranges of available (unassigned) IP addresses in DHCP address pools. Example # Display the ranges of available (unassigned) IP addresses in DHCP address pools. IP Range IP Range IP Range IP Range IP Range display dhcp server ip-in-use display dhcp server free-ip from 1.0.0.0 to from 2.2.2.
838 CHAPTER 47: DHCP CONFIGURATION COMMANDS 2.2.2.2 44444-4444-4444 NOT Used Manual Interface pool: IP address Hardware address Lease expiration 5.5.5.
DHCP Server Configuration Commands Dhcp Inform: Boot Reply: Dhcp Offer: Dhcp Ack: Dhcp Nak: Bad Messages: 839 0 4 1 3 0 0 Table 108 Description on the fields of the display dhcp server statistics command Field Description Global Pool The information followed is about the statistics of the global address pools Interface Pool The information followed is about the statistics of the address pools of VLAN interfaces Pool Number Number of address pools Auto Number of automatically bound IP addresses
840 CHAPTER 47: DHCP CONFIGURATION COMMANDS Example # Display information about DHCP address pool hierarchy. display dhcp server tree all Global pool: Pool name: 5 network 10.10.1.0 mask 255.255.255.0 Child node:6 Sibling node:7 option 1 ip-address 255.0.0.0 expired 1 0 0 option 58 hex 00 00 A8 C0 option 59 hex 00 00 00 3C Pool name: 6 static-bind ip-address 10.10.1.2 mask 255.0.0.0 static-bind mac-address 00e0-00fc-0001 Parent node:5 option 1 ip-address 255.255.0.
DHCP Server Configuration Commands 841 Table 109 Description on the fields of the display dhcp server tree command Field Description The address pool named 6 is a child node of the one named 5 Based on the node position of the address pool named 5, the node type displayed here includes the following: Child node: Indicates the node to which the address pool named 6 corresponds is a child node of that of the address pool named 5.
842 CHAPTER 47: DHCP CONFIGURATION COMMANDS Related command: dhcp server dns-list, dhcp server ip-pool. Example # Configure a DNS server with an IP address of 1.1.1.254 for the global DHCP address pool 0. system-view System View: return to User View with Ctrl+Z. [SW8800] dhcp server ip-pool 0 [3Com-dhcp-0] dns-list 1.1.1.
DHCP Server Configuration Commands 843 hour hour: Specifies the number of hours. The hour argument ranges from 0 to 23. minute minute: Specifies the number of minutes. The minute argument ranges from 0 to 59. unlimited: Specifies an unlimited lease time. Description Use the expired command to set the valid period for a global DHCP address pool. Use the undo expired command to revert to the default valid period. The default valid period is 1 day. Related command: dhcp server ip-pool, dhcp server expired.
844 CHAPTER 47: DHCP CONFIGURATION COMMANDS Example # Configure an outbound gateway with an IP address of 10.110.1.99 for DHCP clients of global DHCP address pool 0. system-view System View: return to User View with Ctrl+Z. [SW8800] dhcp server ip-pool 0 [3Com-dhcp-0] gateway-list 10.110.1.99 nbns-list Syntax nbns-list ip-address [ ip-address ] undo nbns-list { ip-address | all } View DHCP address pool view Parameter ip-address: IP address of a NetBIOS server.
DHCP Server Configuration Commands 845 View DHCP address pool view Parameter b-node: Specifies the NetBIOS node type of DHCP clients to be b-node (b stands for broadcast). Nodes of this type establish their host name-to-IP address mappings by broadcasting. p-node: Specifies the NetBIOS node type of DHCP clients to be p-node (p stands for peer-to-peer). Nodes of this type establish their host name-to-IP address mappings by communicating with NetBIOS server.
846 CHAPTER 47: DHCP CONFIGURATION COMMANDS mask-length: Length of the network mask of an IP address pool. It is an integer in the range of 0 to 32. Description Use the network command to configure an address range for dynamic IP address assignment. Use the undo network command to remove the address range configured for dynamic IP address assignment. By default, no IP address range is configured for dynamic IP address assignment. Each DHCP address pool can be configured with only one address range.
DHCP Server Configuration Commands 847 Use the undo option command to remove a custom DHCP option configured for the global DHCP address pool. If you execute the option command multiple times, the new configurations overwrite the corresponding old ones Related command: dhcp server ip-pool, dhcp server option. Example # Configure a custom option for the global DHCP address pool, with an option value of 100 and two hexadecimal numbers of 0x11 and 0x22.
848 CHAPTER 47: DHCP CONFIGURATION COMMANDS pool-name: Specifies a global DHCP address pool. If you do not provide this argument, then all global DHCP address pools are included. vlan-id: Specifies a VLAN interface DHCP address pool. If you do not provide this argument, then all VLAN interface DHCP address pools are included. Description Use the reset dhcp server ip-in-use command to clear configuration about dynamically bound DHCP addresses. Related command: display dhcp server ip-in-use.
DHCP Server Configuration Commands 849 mask netmask: Specifies the subnet mask of the IP address to be bound. If you do not provide the argument, the default subnet mask is used. Description Use the static-bind ip-address command to specify the IP address to be statically bound. Use the undo static-bind ip-address command to free a statically bound IP address. By default, no IP address is statically bound.
850 CHAPTER 47: DHCP CONFIGURATION COMMANDS Related command: dhcp server ip-pool and static-bind ip-address. Example # Bind the PC with a MAC address of 0000-e03f-0305 to 10.1.1.1, whose subnet mask is 255.255.255.0. system-view System View: return to User View with Ctrl+Z. [SW8800] dhcp server ip-pool 0 [3Com-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.
DHCP Relay Configuration Commands 851 From server to client: Interface: VLAN-Interface 1 ServerGroupNo: 0 Type: dhcp-ack ClientHardAddress: 0010-dc19-695d your ip address: 10.1.1.1 *0.7200580-DHCP-8-largehop: Discard DHCP request packet because of too large hop count! *0.
852 CHAPTER 47: DHCP CONFIGURATION COMMANDS dhcp relay security address-check Syntax dhcp relay security address-check { enable | disable } View VLAN interface view Parameter None Description Use the dhcp relay security address-check enable command to enable security address checking on a VLAN interface. Use the dhcp relay security address-check disable command to disable security address checking on a VLAN interface. The DHCP security feature is disabled on the VLAN interface by default. .
DHCP Relay Configuration Commands 853 system-view System View: return to User View with Ctrl+Z. [SW8800] dhcp server detect display dhcp relay address Syntax display dhcp relay address { interface vlan-interface vlan-id | all } View Any view Parameter vlan-id: VLAN number. interface vlan-interface: Specifies to display information about the DHCP servers configured for the VLAN interface. all: Specifies to display information about the DHCP servers configured for all VLAN interfaces.
854 CHAPTER 47: DHCP CONFIGURATION COMMANDS Example # Display information about all user address entries that the DHCP server maintains. display dhcprelay-security IP Address MAC Address IP Address Type 2.2.2.2 0005-5d02-f2b2 Static 3.3.3.
DHCP Option 82 Configuration Commands 855 [SW8800]interface vlan1 [3Com-Vlan-interface1] ip relay address 10.9.0.
856 CHAPTER 47: DHCP CONFIGURATION COMMANDS [SW8800] interface vlan1 [3Com-Vlan-interface1] undo dhcp raly information enable dhcp relay information format Syntax dhcp relay information format { normal | verbose } undo dhcp relay information format View VLAN interface view Parameter normal: Normal mode of DHCP relay option 82. verbose: 3Com fixed network mode of DHCP relay option 82. Description Use the dhcp relay information format command to configure the mode of the DHCP Relay option 82.
DHCP Option 82 Configuration Commands 857 replace: Indicates that the DHCP relay replaces Option 82 carried by the packets with its own Option 82. Description Use the dhcp relay information strategy command to configure the strategy for the DHCP relay to process the packets carrying Option 82. Use the undo dhcp relay information strategy command to restore the default strategy. By default, the replace strategy is adopted.
858 CHAPTER 47: DHCP CONFIGURATION COMMANDS Example # Set the system name as the node identifier when the mode of the relay option 82 on VLAN interface 1 is 3Com fixed network mode. system-view System View: return to User View with Ctrl+Z [SW8800]interface vlan1 [3Com-Vlan-interface1] dhcp relay information format verbose node-identifier sysname # Restore the default node identifier of the user when the mode of relay option 82 on VLAN interface 1 is 3Com fixed network mode.
DHCP Option 82 Configuration Commands 859 system-view System View: return to User View with Ctrl+Z [SW8800] dhcp server relay information enable # Disable the DHCP server from returning Option 82 carried in the request packets to the DHCP relay.
860 CHAPTER 47: DHCP CONFIGURATION COMMANDS
48 DNS CONFIGURATION COMMANDS Static DNS Configuration Commands ip host Syntax ip host hostname ip-address undo ip host hostname [ ip-address ] View System view Parameter hostname: Name of the host. It is a character string that consists of 1 to 20 characters, including letters, numbers, "_" or ",", and it must contain at least one letter. ip-address: Host IP address (the corresponding IP address to the host name) in dotted decimal notation.
862 CHAPTER 48: DNS CONFIGURATION COMMANDS display ip host Syntax display ip host View Any view Parameter None Description Use the display ip host command to view all the host names and the corresponding IP addresses. Example # Display all host names and the corresponding IP addresses of the hosts. <3Com< display ip host Host Age Flags My 0 static Aa 0 static Address 1.1.1.1 2.2.2.
Dynamic DNS Configuration Commands 863 Example # Enable DNS debugging <3Com< debugging dns make DNS packet for name adcd.com succeed The information above indicates that the query packet for the domain name "abcd.com" is generated. send the packet to 172.16.1.1 DNS server for 1 time The information above indicates that the first query is performed to the domain name with the IP address of "172.16.1.1".
864 CHAPTER 48: DNS CONFIGURATION COMMANDS View Any view Parameter None Description Use the display dns dynamic-host command to view the dynamic domain name buffer. Example # View the dynamic domain name buffer. <3Com< display dns dynamic-host No Domain-name Ipaddress 0 www.baidu.com 202.108.249.134 1 www.yahoo.akadns.net 66.94.230.39 2 www.hotmail.com 207.68.172.239 3 www.eyou.com 61.136.62.
Dynamic DNS Configuration Commands 865 Table 115 Description on the fields of the display dns server command Field Description Domain-server Domain name server Ipaddress dns domain Corresponding IP address of the domain name server Syntax dns domain domain-name undo dns domain [ domain-name ] View System view Parameter domain-name: Domain name suffix. Description Use the dns domain command to add the domain name suffix. Use the undo dns domain command to delete the domain name suffix.
866 CHAPTER 48: DNS CONFIGURATION COMMANDS Use the undo dns resolve command to disable the dynamic domain name resolution function. By default, the dynamic domain name resolution function is disabled. Example # Enable dynamic domain name resolution. <3Com< system-view System View: return to User View with Ctrl+Z. [SW8800] dns resolve dns server Syntax dns server ip-address undo dns server [ ip-address ] View System view Parameter ip-address: IP address of the domain name server.
Dynamic DNS Configuration Commands 867 Description Use the reset dns dynamic-host command to clear the dynamic domain name buffer. Related command: display dns dynamic-host. Example # Clear the dynamic domain name buffer.
868 CHAPTER 48: DNS CONFIGURATION COMMANDS
49 NETSTREAM CONFIGURATION COMMANDS Netstream Configuration Commands display ip netstream cache Syntax display ip netstream cache slot slot-no View Any view Parameter slot-no: Number of the slot where the NMM Application Module resides. Description Use the display netstream cache command to query the configuration and status information about the Netstream cache on the NMM Application Module. Example # Query the information about the Netstream cache.
870 CHAPTER 49: NETSTREAM CONFIGURATION COMMANDS Table 116 Description on the fields of the display Netstream cache command display ip netstream export Field Description Active IP stream entry : 0 0 active IP stream entry is in the Netstream cache Active MPLS stream entry : 0 0 active MPLS stream entry is in the Netstream cache IP Stream entry been statistics : 0 0 IP stream entry has been aged by Netstream MPLS Stream entry been statistics: 0 0 MPLS stream entry has been aged by Netstream Las
Netstream Configuration Commands 871 Table 117 Description on the fields of the display ip Netstream export command enable Field Description Stream destination IP(UDP) Destination address and destination port number of the export packet Exported stream number Number of exported streams Exported UDP datagram number(failed number) Number of exported UDP packets (times of sending failures) Version 9 MPLS export information Version 9 MPLS stream statistics export information Version 8 tos-source-p
872 CHAPTER 49: NETSTREAM CONFIGURATION COMMANDS Description Use the ip netstream enable command to enable the Netstream statistics function. Use the undo ip netstream enable command to disable the Netstream statistics function. The Netstream statistics function is disabled by default Example # Mirror the inbound packets of GigabitEthernet6/1/2 to the NMM module on slot 2, and enable the Netstream statistics function.
Netstream Configuration Commands 873 tos-destination-prefix: ToS-destination-prefix aggregation which classifies the stream according to the Netstream’s destination AS number, destination mask length, destination prefix and outbound interface index keywords. tos-prefix: ToS-prefix aggregation which classifies the stream according to the Netstream’s ToS, source AS number, source prefix, source mask length, destination AS number, destination mask length and destination prefix keywords.
874 CHAPTER 49: NETSTREAM CONFIGURATION COMMANDS Use the undo ip netstream export host command to disable the configured destination host IP address of the Netstream statistics export packet. If the destination host IP address is not configured currently, the default setting is adopted. By default, the destination address and destination port number are 0 in system view, and in aggregation view the destination address and destination port number are what they are set in system view.
Netstream Configuration Commands 875 system-view [SW8800] ip netstream export source 192.168.1.5 ip netstream export version Syntax ip netstream export version versionNo [ origin-as | peer-as ] undo ip netstream export version View System view Parameter versionNo: Version number of the Netstream statistics export packets. Version 5 and version 9 are currently supported. n To use version 8, use the following command: ip netstream aggregation.
876 CHAPTER 49: NETSTREAM CONFIGURATION COMMANDS Description Use the ip netstream timeout active command to configure the active aging time of the streams on all the NMM modules in the system. Use the undo ip netstream timeout active command to restore the default value of the active aging time of the streams on all the NMM modules in the system. By default, the active aging time of the stream is 30 minutes.
Netstream Configuration Commands reset ip netstream statistics 877 Syntax reset ip netstream statistics slot slot-no View User view Parameter slot-no: Number of the slot where the NMM Application Module resides. Description Use the reset ip netstream statistics command to clear the Netstream statistics information and export statistics information of the specified NMM Application Module and age all the streams in the stream cache.
878 CHAPTER 49: NETSTREAM CONFIGURATION COMMANDS View System view Parameter minutes: Aging time of the template in minutes. Description Use the ip stream template timeout command to set the aging time of the template. Use the undo ip stream template timeout command to restore the aging time of the template to the default value. By default, the aging time of the template is 30 minutes. Example # Set the aging time of the template to 60 minutes.
50 POE CONFIGURATION COMMANDS PoE Configuration Commands display poe interface Syntax display poe interface [ interface-type interface-num ] View Any view Parameter interface-type interface-num: Port type and port number; refer to Command Manual - Port for details. Description Use the display poe interface interface-type interface-num command to display the PoE status of a specific port on the switch.
880 CHAPTER 50: POE CONFIGURATION COMMANDS Table 118 Description on the fields of the display poe interface command Field Description PoE status of the port: 1 disabled: PoE is disabled on the port. 2 searching: the port is searching for a PD. Port power status 3 delivering: the port is supplying power to the PD. 4 PD disconnected: the port is not connected with a PD. 5 testing: the port is in testing. 6 fault: the port detected an nonstandard or fault PD.
PoE Configuration Commands 881 the display poe interface power command without any argument, the PoE power information about all PoE-capable ports on the switch will be displayed. Example # Display the power information of the port GigabitEthernet3/1/1.
882 CHAPTER 50: POE CONFIGURATION COMMANDS View Any view Parameter slotnum: Slot number of a PoE card Description Use the display poe slot slotnum command to display the information of a PoE card in the switch. Example # Display the information of the PoE card in slot 8 of the switch.
PoE Configuration Commands 883 undo poe enable slot slot-num View System view Parameter slot-num: Number of the slot where the module resides. Description Use the poe enable slot command to enable PoE on a module. Use the undo poe enable slot command to disable PoE on a module. By default, PoE is disabled on a module. The switch checks that the total power of the current system is sufficient before allowing you to enable PoE on the module by using this command.
884 CHAPTER 50: POE CONFIGURATION COMMANDS Example # Enable the module in slot 2 to detect the compatibility of the PD connected to it. [SW8800] poe legacy enable slot 2 # Disable the detection of the compatibility of the PD connected to the module in slot 2. [SW8800] undo poe legacy enable slot 2 poe max-power Syntax poe max-power max-power undo poe max-power View Ethernet port view Parameter max-power: Maximum power distributed to the port, ranging from 3000 mW to 16800 mW.
PoE Configuration Commands 885 Parameter max-power: Maximum power distributed to the card, ranging from 37 W to 806 W. slot-num: Slot number of a card. Description Use the poe max-power command to set the maximum power on a card. Use the undo poe max-power command to restore the default maximum power on the card. By default, the maximum power on a card is 806 W. Example # Set the maximum power on the card in slot 3 to 400 W.
886 CHAPTER 50: POE CONFIGURATION COMMANDS poe power-management Syntax poe power-management { auto | manual } slot slot-num View System view Parameter slot-num: Number of the slot where the module resides. auto: The switch automatically manages the PoE mode on a module. manual: You need to manually manage the PoE mode on a module on the switch. Description Use the poe power-management command to configure the PoE power management mode for a module on the switch.
PoE Configuration Commands poe power max-value 887 Syntax poe power max-value max-value undo poe power max-value View System view Parameter max-value: Configures the maximum power of the switch, in Watts. Description Use the poe power max-value command to configure the maximum PoE power of switch. By default, the maximum PoE power of the switch is 4,500 W. Example # Configure the maximum PoE power of the switch as 2,300 W. [SW8800]poe power max-value 2300 # Restore the default PoE power of switch.
888 CHAPTER 50: POE CONFIGURATION COMMANDS Example # Set the PoE priority of current port to critical. [3Com-GigabitEthernet3/1/1] poe priority critical # Restore the default priority.
51 POE PSU SUPERVISION COMMANDS PoE PSU Supervision Display Commands display poe-power ac-input state Syntax display poe-power ac-input state View Any view Parameter None Description Use the display poe-power ac-input state command to display the AC input state of each power supply unit (PSU). Example # Display the AC input state of each PSU.
890 CHAPTER 51: POE PSU SUPERVISION COMMANDS Parameter None Description Use the display poe-power alarm command to display detailed alarm information about the PoE PSUs. Example # Display detailed alarm information about the PoE PSUs.
PoE PSU Supervision Display Commands display poe-power dc-output value 891 Syntax display poe-power dc-output value View Any view Parameter None Description Use the display poe-power dc-output value command to display the DC output voltage/current value of the PoE PSUs. Example # Display the DC output voltage/current value of the PoE PSUs. display poe-power dc-output value DC Output Voltage : 53.997 V DC Output Current : 0.
892 CHAPTER 51: POE PSU SUPERVISION COMMANDS View Any view Parameter None Description Use the display supervision-module information command to display the name of the supervision module, power supply model, specifications and output power, and other information. Example # Display current information about the power system display supervision-module information Supervision Module Version : 2.
PoE PSU Supervision Configuration Commands 893 PoE PSU Supervision Configuration Commands poe-power input-thresh lower Syntax poe-power input-thresh lower string View System view Parameter string: Undervoltage alarm threshold. It ranges from 90.00 V to 264.00 V in the format of X.X and within the accuracy of the second decimal.
894 CHAPTER 51: POE PSU SUPERVISION COMMANDS poe-power output-thresh lower Syntax poe-power output-thresh lower string View System view Parameter string: Undervoltage alarm threshold. It ranges from 45.00 V to 47.00 V in the format of x.x. Description Use the poe-power output-thresh lower command to set the undervoltage alarm threshold of DC output (lower threshold): For both 220 VAC and 110 VAC input, it is recommended to set the threshold to 45.00 V.
52 UDP HELPER CONFIGURATION COMMANDS UDP Helper Configuration Commands debugging udp-helper Syntax debugging udp-helper { event | packet [ receive | send ] } undo debugging udp-helper { event | packet [ receive | send ] } View User view Parameter event: Enables event debugging for UDP Helper. packet: Enables packet debugging for UDP Helper. receive: Enables incoming packet debugging for UDP Helper. send: Enables outgoing packet debugging for UDP Helper.
896 CHAPTER 52: UDP HELPER CONFIGURATION COMMANDS Description Use the display udp-helper server command to display the information of the destination server corresponding to the VLAN interface. Use the display udp-helper port command to display the configuration of the global UDP ports. Example # Display the information of the destination server corresponding to VLAN interface 1. display udp-helper server interface vlan-interface 1 interface name server address packets sent Vlan-interface1 192.1.
UDP Helper Configuration Commands udp-helper port 897 Syntax udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs | tftp | time } undo udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs | tftp | time } View System view Parameter port: Number of the port whose UDP packets are to be forwarded, in the range 1 to 65,535. Up to 250 ports are supported besides the default ports. Port 67 and port 68 are the ports of known protocols, so they cannot be specifies as UDP ports.
898 CHAPTER 52: UDP HELPER CONFIGURATION COMMANDS Parameter ip-address: IP address of the destination server, in dotted decimal notation. This argument can be the address of a host or the broadcast address of a subnet. Up to 20 destination servers can be configured on a VLAN virtual interface. Description Use the udp-helper server command to specify the destination server for the UDP packets to be forwarded. No destination server is configured by default. Related command: display udp-helper server.
53 SNMP CONFIGURATION COMMANDS SNMP Configuration Commands display snmp-agent Syntax display snmp-agent local-engineid View Any view Parameter local-engineid: Local engine ID. remote-engineid: Remote engine ID. Description Use the display snmp-agent command to view engine ID of current device. SNMP engine is the core of SNMP entity. It performs the function of sending, receiving and authenticating SNMP message, extracting PDU, packet encapsulation and the communication with SNMP application, and so on.
900 CHAPTER 53: SNMP CONFIGURATION COMMANDS Description Use the display snmp-agent community command to view the currently configured community names. Example # Display the currently configured community names.
SNMP Configuration Commands 901 Table 125 Description on the fields of the display snmp-agent group command Field Description Security model The security mode adopted by SNMP display snmp-agent mib-view readview Read-only MIB view name corresponding to that group writeview Writable MIB view corresponding to that group notifyview The name of the notify MIB view corresponding to that group storage-type Storage mode Syntax display snmp-agent mib-view [ exclude | include | { viewname mib-view } ]
902 CHAPTER 53: SNMP CONFIGURATION COMMANDS Table 126 Description on the fields of the display snmp-agent mib-view command c display snmp-agent statistics Field Description View name View name MIB Subtree MIB subtree Subtree mask Subtree mask storage-type Storage type View Type Permit or forbid access to an MIB object View status Indicate the line state in the table CAUTION: If the SNMP Agent is disabled, "Snmp Agent disabled" will be displayed after you execute the above display commands.
SNMP Configuration Commands 903 Table 127 Description on the fields of the display snmp-agent statistics command display snmp-agent sys-info Field Description 9 Get-next PDUs accepted and processed Total number of the input SNMP packets 0 GetBulkRequest-PDU accepted and processed Number of packets with version information error 0 GetResponse PDUs accepted and processed Number of packets with community name error 0 Set-request PDU accepted and processed Number of packets with authority error cor
904 CHAPTER 53: SNMP CONFIGURATION COMMANDS Description Use the display snmp-agent sys-info command to view the character string sysContact (system contact), character string describing the system location and the version information about the running SMNMP in the system. Example # Display the character string sysContact. display snmp-agent sys-info contact The contact person for this managed node: R&D Beijing, 3Com Corporation co.,Ltd.
SNMP Configuration Commands 905 Example # Display the information of all the current users. display snmp-agent usm-user User name: NotifyV3 Group name: NotifyGroup Authencation Mode: sha Privacy Mode: des Engine ID: 800007DB00E0FC2085026877 active User name: publicV3 Group name: groupV3 Authencation Mode: no Privacy Mode: no Engine ID: 800007DB00E0FC2085026877 active Acl:2000 The following table describes the output fields.
906 CHAPTER 53: SNMP CONFIGURATION COMMANDS Example # Enable current port Ethernet6/1/1 to transmit the LINK UP and LINK DOWN trap information with the community name public system-view System View: return to User View with Ctrl+Z. [3Com-Ethernet6/1/1] snmp trap updown enable [SW8800] snmp-agent target-host trap address udp-domain 10.1.1.
SNMP Configuration Commands snmp-agent group 907 Syntax snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-list ] undo snmp-agent group { v1 | v2c } group-name snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [notify-view notify-view ] [ acl acl-list ] undo snmp-agent group v3 group-name [ authentication | privacy ] View System view Parameter v1: V1 security mode.
908 CHAPTER 53: SNMP CONFIGURATION COMMANDS Example # Create an SNMP group named test. system-view System View: return to User View with Ctrl+Z. [SW8800] snmp-agent group v3 test. snmp-agent local-engineid Syntax snmp-agent local-engineid engineid undo snmp-agent local-engineid View System view Parameter engineid: Specifies the engine ID with a character string, only composed of hexadecimal numbers between 5 and 32 including.
SNMP Configuration Commands 909 view-name: Specifies the view name, with a character string, ranging from 1 to 32 characters. oid-tree: MIB object subtree. It can be a character string of the variable OID, or a variable name, ranging from 1 to 255 characters. By default, OID is 1.3.6.1. Description Use the snmp-agent mib-view command to create or update the view information. Use the undo snmp-agent mib-view command to cancel the view information By default, the view name is ViewDefault. OID is 1.3.6.1.
910 CHAPTER 53: SNMP CONFIGURATION COMMANDS snmp-agent sys-info Syntax snmp-agent sys-info { contact sysContact | location syslocation | version { { v1 | v2c | v3 } * | all } } undo snmp-agent sys-info { { contact | location }* | version { { v1 | v2c | v3 } * | all } } View System view Parameter contact: The contact information for system maintenance. sysContact: Characters describe the contact information for system maintenance. location: Sets the geographical location of the device.
SNMP Configuration Commands 911 system-view System View: return to User View with Ctrl+Z.
912 CHAPTER 53: SNMP CONFIGURATION COMMANDS Example # Enable sending Trap message to 10.1.1.1 with community name public. system-view System View: return to User View with Ctrl+Z. [SW8800] snmp-agent trap enable [SW8800] snmp-agent target-host trap address udp-domain 10.1.1.
SNMP Configuration Commands 913 Description Use the snmp-agent trap enable command to enable the sending of Trap messages. Use the undo snmp-agent trap enable command to disable the sending of Trap messages. By default, Trap message sending is disabled. The snmp-agent trap enable command and snmp-agent target-host command should be used at the same time. The snmp-agent target-host command specifies which hosts can receive Trap message.
914 CHAPTER 53: SNMP CONFIGURATION COMMANDS snmp-agent trap queue-size Syntax snmp-agent trap queue-size length undo snmp-agent trap queue-size View System view Parameter length: Length of queue, ranging from 1 to 1,000. By default, the length is 100. Description Use the snmp-agent trap queue-size command to configure the information queue length of Trap packet sent to Destination Host. Use the undo snmp-agent trap queue-size command to restore the default value.
SNMP Configuration Commands 915 system-view System View: return to User View with Ctrl+Z.
916 CHAPTER 53: SNMP CONFIGURATION COMMANDS Description Use the snmp-agent usm-user command to add a new user to an SNMP group. Use the undo snmp-agent usm-user command to cancel a user from SNMP group. SNMP engineID (for authentication) is required when configuring remote user for an agent. This command will not be effective without engineID configured. For V1 and V2C, this command will add a new community name. For V3, it will add a new user for an SNMP group.
54 RMON CONFIGURATION COMMANDS RMON Configuration Commands display rmon alarm Syntax display rmon alarm [ alarm-table-entry ] View Any view Parameter alarm-table-entry: Alarm table entry index. Description Use the display rmon alarm command to view RMON alarm information. Related command: rmon alarm. Example # Display the RMON alarm information. display rmon alarm Alarm table 1 owned by monitor is VALID. Samples type : delta Variable formula : 1.3.6.1.2.1.16.1.1.1.3.1
918 CHAPTER 54: RMON CONFIGURATION COMMANDS Table 129 Description on the fields of the display rmon alarm command display rmon event Field Description startup First triggering When startup enables : risingOrFallingAlarm Type of the first alarm. The startup may trigger rising threshold alarm, falling threshold alarm, or both. Latest value Last sample value Syntax display rmon event [ event-table-entry ] View Any view Parameter event-table-entry: Entry index of event table.
RMON Configuration Commands 919 Description Use the display rmon eventlog command to view RMON event log. The display includes event index in the event table, the status of the event, the time at which the event log is generated (this time starts from the system initialization or booting and counted in milliseconds), and event description. Example # Show event log of RMON. display rmon eventlog 1 Event table 1 owned by null is VALID. Generates eventLog 1.1 at 0days 00h:01m:39s.
920 CHAPTER 54: RMON CONFIGURATION COMMANDS packets multicast packets undersize packets fragments collisions :0 :0 :0 :0 :0 , , , , , broadcast packets CRC alignment errors oversize packets jabbers utilization :0 :0 :0 :0 :0 Table 132 Description on the fields of the display rmon history command Field Description Samples interface The sampled interface History control entry Index number in history control table VALID The entry corresponding to the index is valid Sampling interval Sampling in
RMON Configuration Commands 921 .201326601)*8*100/.1.3.6.1.2.1.2.2.1.5.201326601 Description : ifUtilization.Ethernet5/1/1 Sampling interval : 10(sec) Rising threshold : 50(linked with event 1) Falling threshold : 5(linked with event 1) When startup enables : risingOrFallingAlarm This entry will exist : forever. Latest value : 0 Table 133 Description on the fields of the display rmon prialarm command display rmon statistics Field Description Prialarm table 1 Index of extended alarm entry.
922 CHAPTER 54: RMON CONFIGURATION COMMANDS display rmon statistics Ethernet 2/1/1 Statistics entry 1 owned by aaa is VALID. Interface : Ethernet2/1/1
RMON Configuration Commands 923 Use the undo rmon alarm command to cancel an entry from this table. In this way, the alarm event can be triggered in the abnormal situations and then decides to log and send trap to the NM station. n Before adding an alarm entry, you need first to define the event to be referenced in the alarm entry using the rmon event command. The system takes these actions on the defined alarm entries: ■ Sampling the defined alarm variables at a specified time interval.
924 CHAPTER 54: RMON CONFIGURATION COMMANDS View System view Parameter event-entry: Number of the entry to be added/deleted, ranging from 1 to 65535. description string: Event description. Length of the character string ranges from 1 to 127. log-trap log-trapcommunity: Defines the event as log and trap event, and specifies the community name of the NMS which receives the messages triggered by the event. log: Log event.
RMON Configuration Commands 925 Parameter entry-number: Number of the entry to be added/deleted, ranging from 1 to 65,535. buckets number: Capacity of the history table corresponding to the control line. interval sampling-interval: Sampling interval, ranging from 5 to 3600 (measured in seconds). owner text-string: Creator of this entry. Length of the character string ranges from 1 to127. Description Use the rmon history command to add an entry to the history control table.
926 CHAPTER 54: RMON CONFIGURATION COMMANDS sampling-timer: Sets the sampling interval, ranging from 10 to 65535 and measured in seconds. delta | absolute | changeratio: Specifies the sampling type as delta ratio, absolute ratio or change ratio. threshold-value1: Rising threshold value, specified with a number greater than 0. event-entry1: Corresponding event number to the upper limit threshold value, ranging from 0 to 65535.
RMON Configuration Commands 927 Example # Add an extended alarm entry in the fifth line of the extended alarm table. Perform operation on the corresponding variant by means of the formular ((.1.3.6.1.4.1.43.45.1.6.1.2.1.1.2.1-.1.3.6.1.4.1.43.45.1.6.1.2.1.1.3.1)*100/.1.3. 6.1.4.1.43.45.1.6.1.2.1.1.2.1) to get the port utilization of Gigabit Ethernet interface 1/1/1. Monitor the operation results at the sampling interval of 10 seconds.
928 CHAPTER 54: RMON CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z.
55 NTP CONFIGURATION COMMANDS NTP Configuration Commands debugging ntp-service Syntax debugging ntp-service { access | adjustment | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity | all } undo debugging ntp-service { access | adjustment | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity | all } View User view Parameter access: Enables NTP access control debugging.
930 CHAPTER 55: NTP CONFIGURATION COMMANDS Use the undo debugging ntp-service command to disable corresponding debugging function. By default, no debugging function is enabled. Example # Enable NTP access control debugging. debugging ntp-service access display ntp-service sessions Syntax display ntp-service sessions [ verbose ] View Any view Parameter verbose: Specifies to display the detail information about the SESSIONS.
NTP Configuration Commands 931 Example # Display the NTP service status. display ntp-service status Clock status: synchronized Clock stratum: 8 Reference clock ID: 127.127.1.0 Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^18 Clock offset: 0.0000 ms Root delay: 0.00 ms Root dispersion: 0.00 ms Peer dispersion: 10.00 ms Reference time: 09:13:32.953 UTC Feb 13 2006(C79ACC3C.
932 CHAPTER 55: NTP CONFIGURATION COMMANDS With this command, the system synchronizes the NTP server link from the local device along time till the reference clock source, and displays brief information about every NTP server. Example # Display brief information about every NTP server on the way from the local device to the reference clock source. display ntp-service trace server 127.0.0.1,stratum 8, offset 0.000000, synch distance 0.00000 refid 127.127.1.
NTP Configuration Commands 933 # Give the authority of time request and query control of the local equipment to the peer in ACL 2000. [SW8800] ntp-service access synchronization 2000 ntp-service authentication enable Syntax ntp-service authentication enable undo ntp-service authentication enable View System view Parameter None Description Use the ntp-service authentication enable command to enable the NTP-service authentication function.
934 CHAPTER 55: NTP CONFIGURATION COMMANDS By default, there is no authentication key. Only MD5 authentication is supported for the NTP authentication key settings. Example # Set MD5 authentication key 10 as 3com. system-view System View: return to User View with Ctrl+Z.
NTP Configuration Commands 935 View VLAN interface view Parameter authentication-keyid: Specifies the authentication key. keyid: Key ID used in broadcast, ranging from 0 to 4294967295. version: Defines NTP version number. number: NTP version number, ranging from 1 to 3. Description Use the ntp-service broadcast-server command to configure NTP broadcast server mode. Use the undo ntp-service broadcast-server command to disable the NTP broadcast server mode.
936 CHAPTER 55: NTP CONFIGURATION COMMANDS By default, a local device allows up to 100 SESSIONS. Example # Set the local equipment to allow up to 50 SESSIONS. system-view System View: return to User View with Ctrl+Z. [SW8800] ntp-service max-dynamic-sessions 50 ntp-service multicast-client Syntax ntp-service multicast-client [ ip-address ] undo ntp-service multicast-client [ ip-address ] View VLAN interface view Parameter ip-address: Multicast IP address of Class D.
NTP Configuration Commands 937 View VLAN interface view Parameter ip-address: Multicast IP address of Class D. It defaults to 224.0.1.1. Actually, for the Switch 8800 Family series, you can set 224.0.1.1 as the multicast IP address only. authentication-keyid: Specifies authentication key. keyid: Key ID used in multicast, ranging from 1 to 4294967295. ttl: Time to live of a multicast packet. ttl-number: ttl of a multicast packet, ranging from 1 to 255. version: Specifies the NTP version number.
938 CHAPTER 55: NTP CONFIGURATION COMMANDS Parameter ip-address: Specifies the reference clock IP address as 127.127.u, where u ranges from 0 to 3. stratum: Specifies which stratum the local clock is located at and range from 1 to 15. Description Use the ntp-service refclock-master command to configure an external reference clock or the local clock as an NTP master clock. Use the undo ntp-service refclock-master command to cancel the NTP master clock settings. By default, ip-address is 127.127.1.
NTP Configuration Commands 939 Example # Enable NTP authentication, adopt MD5 encryption, and designate Key 37 BetterKey and configure it as reliable. system-view System View: return to User View with Ctrl+Z.
940 CHAPTER 55: NTP CONFIGURATION COMMANDS View System view Parameter ip-address: IP address of a remote server. version: Defines NTP version number. number: NTP version number, ranging from 1 to 3. authentication-keyid: Defines authentication key. keyid: Key ID used for transmitting messages to a remote server, ranging from 1 to 4294967295. source-interface: Specifies the name of an interface, the interface can be VLAN interface and Loopback interface currently.
NTP Configuration Commands ntp-service unicast-server 941 Syntax ntp-service unicast-server ip-address [ version number ] [ authentication-keyid keyid ] [ source-interface interface-type interface-number ] [ priority ]* undo ntp-service unicast-server ip-address View System view Parameter ip-address: IP address of a remote server. version: Defines NTP version number. number: NTP version number, ranging from 1 to 3. authentication-keyid: Defines authentication key.
942 CHAPTER 55: NTP CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] ntp-service unicast-server 128.108.22.
56 SSH TERMINAL SERVICE CONFIGURATION COMMANDS SSH Server Configuration Commands debugging ssh server Syntax debugging ssh server { VTY index | all } undo debugging ssh server { VTY index | all } View User view Parameter index: SSH channel to be debugged, whose value is dictated by VTY numbers. The default VTY numbers are 0 to 4. all: Specifies all the SSH channels. Description Use the debugging ssh server command to send information regulated by the SSH2.
944 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS *0.1426299 8505A SSH/8/msg_rcv_vty:SSH_VERSION_RECEIVE message received on VTY 0 *0.1426995 8505A SSH/8/SSH2 debug:debug info:Now the server version is ssh2 *0.1427088 8505A SSH/8/SSH2 debug:debug info: The algorithm negotiation begins *0.1427190 8505A SSH/8/SSH2 debug:debug info:SSH2_MSG_KEXINIT sent *0.1427269 8505A SSH/8/SSH2 debug:debug info: SSH2_MSG_KEXINIT received *0.
SSH Server Configuration Commands 945 Example # Display the public key of the server’s host key pair and server key pair.
946 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS ===================================== Key Code: 308188 028180 CFC6A68B 39F742A2 76E55B07 39D60B73 53829FF5 C0489BD9 559CC425 CAF37E6F E6417337 38741295 D74B2336 A5F28FE8 00E0429F FCF47A7F 39C8867D FAE8C2A1 EAC4CB42 A64982C9 4BA1DD63 DFAB8CB5 0203 010001 display ssh server D7B4040D 515B2516 17CE9380 693DF5CD 02F12469 420BBD5C AEF0A1B9 740FC2BE 99F26F35 49619762 E46F17DF ED1C1ACC Syntax display ssh server { status | session } View Any view Param
SSH Server Configuration Commands 947 View Any view Parameter username: Valid SSH username. Description Use the display ssh user-information command to display information about the current SSH user, including username, peer key name, authentication mode and the types of authorized services. If you specify the argument username in the command, the user information about the specified username will be displayed.
948 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS Example # Exit the public key view and save the configuration. system-view System View: return to User View with Ctrl+Z. [SW8800] rsa peer-public-key sw8800003 RSA public key view: return to System View with "peer-public-key end".
SSH Server Configuration Commands 949 system-view System View: return to User View with Ctrl+Z. [SW8800] user-interface vty 0 [3Com-ui-vty0] protocol inbound ssh public-key-code begin Syntax public-key-code begin View Public key view Parameter None Description Use the public-key-code begin command to enter the public key edit view and input the public key of the client. Note that you must use the rsa peer-public-key command to specify a client key name before performing this command.
950 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS Description Use the public-key-code end command to return from the public key edit view to the public key view and save the public key entered. After this command is performed to end the public key edit procedure, the system will check the validity of the key before saving the input public key.
SSH Server Configuration Commands 951 Example # Generate the local RSA key pair. system-view System View: return to User View with Ctrl+Z. [SW8800] rsa local-key-pair create The name for the keys will be: rtvrp_Host % You already have RSA keys defined for rtvrp_Host % Do you really want to replace them? [yes/no]:y Choose the size of the key modulus in the range of 512 to 2048 for your Keys. Choosing a key modulus greater than 512 may take a few minutes.
952 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS Performing this command, you can enter the public key view. Then you can use the public-key-code begin command to configure the client public key on the server. The client public key is generated randomly by the SSH 2.0-enabled client software. Related command: public-key-code begin, public-key-code end. Example # Enter the public key view named sw8800002. system-view System View: return to User View with Ctrl+Z.
SSH Server Configuration Commands 953 Parameter None Description Use the ssh server compatible_ssh1x enable command to make the server compatible with the SSH 1.x client. Use the undo ssh server compatible_ssh1x command to make the server not compatible with an SSH 1.x client. By default, the server is compatible with the SSH 1.x client. Example # Set the server to be compatible with the SSH 1.x client. system-view System View: return to User View with Ctrl+Z.
954 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS View System view Parameter seconds: Login timeout (in seconds), in the range from 1 to 120. By default, the value is 60. Description Use the ssh server timeout command to set the authentication timeout of SSH connections. Use the undo ssh server timeout command to restore the default SSH authentication timeout. The configuration takes effect at the next login. Related command: display ssh server. Example # Set the login timeout to 80 seconds.
SSH Server Configuration Commands 955 Example # Assign public key1 for user zhangsan. system-view System View: return to User View with Ctrl+Z. [SW8800] ssh user zhangsan assign rsa-key key1 ssh user authentication-type Syntax ssh user username authentication-type { password | rsa | password-publickey | all } undo ssh user username authentication-type View System view Parameter password: Forces the user’s authentication mode to password authentication.
956 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS undo ssh authentication-type default View System view Parameter password: Configures the default user authentication mode as password authentication. rsa: Configures the default user authentication mode as RSA public key authentication. all: Specifies that the default user authentication mode can be either password authentication or public key authentication.
SSH Client Configuration Commands 957 Example # Display the corresponding relationship between the client’s servers and public keys. display ssh server-info ServerIP public-key-name 192.168.0.1 3com_key01 192.168.0.2 3com_key02 quit Syntax quit View User view Parameter None Description Use the quit command to terminate the connection with the remote SSH server. Example # Terminate the connection with the remote SSH server.
958 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS ssh client first-time enable Syntax ssh client first-time enable undo client ssh first-time View System view Parameter None Description Use the ssh client first-time enable command to set the SSH client to perform the first-time authentication of the SSH server to be accessed. Use the undo ssh client first-time command to cancel the first-time authentication.
SSH Client Configuration Commands 959 host-name: Server name, a string with 1 to 30 characters. port-num: Server port number, ranges from 0 to 65535, and defaults to 22. prefer_kex: Preferred key exchange algorithm, which can be one of the two algorithms. dh_group1: Key exchange algorithm diffie-hellman-group1-sha1, which is the default algorithm. dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1. prefer_ctos_cipher: Preferred encryption algorithm from the client to the server.
960 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS The command is as follows: system-view System View: return to User View with Ctrl+Z. [SW8800] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_ctos_ cipher 3des prefer_ctos_hmac md5 SFTP Server Configuration Commands sftp server enable Syntax sftp server enable undo sftp server View System view Parameter None Description Use the sftp server enable command to start the SFTP server.
SFTP Server Configuration Commands 961 sftp: Configures the default service type as SFTP. stelnet: Configures the default service type as Stelnet. sftp-directory directory: Configures the default directory an SFTP user logs in to. Description Use the ssh service-type default command to configure the default service type and the default directory for SFTP users. Use the undo ssh service-type default command to cancel the default service type and the default directory for SFTP users.
962 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] ssh service-type default sftp sftp-directory cf: SFTP Client Configuration Commands bye Syntax bye View SFTP Client view Parameter None Description Use the bye command to terminate the connection with the remote SFTP server and return to the user view. This command has the same functionality as the exit and quit commands.
SFTP Client Configuration Commands cdup 963 Syntax cdup View SFTP Client view Parameter None Description Use the cdup command to change the current path to its upper directory. Example # Change the current path to its upper directory. sftp-client> cdup delete Syntax delete remote-file View SFTP Client view Parameter remote-file: Name of a file on the server. Description Use the delete command to delete the specified file from the server. This command has the same functionality as the remove command.
964 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS This command has the same functionality as the ls command. Example # View directory flash:/ sftp-client> -rwxrwxrwx -rwxrwxrwx -rwxrwxrwx -rwxrwxrwx drwxrwxrwx drwxrwxrwx -rwxrwxrwx exit dir flash:/ 1 noone nogroup 1 noone nogroup 1 noone nogroup 1 noone nogroup 1 noone nogroup 1 noone nogroup 1 noone nogroup 1759 225 283 225 0 0 225 Aug Aug Aug Sep Sep Sep Sep 23 24 24 28 28 28 28 06:52 08:01 07:39 08:28 08:24 08:18 08:30 vrpcfg.
SFTP Client Configuration Commands 965 Example # Download file temp1.c and save it with name temp.c. sftp-client> get temp1.c temp.c help Syntax help [ command ] View SFTP Client view Parameter command: Name of a command. Description Use the help command to view the help information for SFTP client commands. If the command argument is not specified, all command names will be displayed. Example # View the help information for the get command.
966 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS drwxrwxrwx -rwxrwxrwx mkdir 1 noone 1 noone nogroup nogroup 0 Sep 28 08:18 new2 225 Sep 28 08:30 pub2 Syntax mkdir remote-path View SFTP Client view Parameter remote-path: Name of a directory on the remote SFTP server. Description Use the mkdir command to create a directory on the remote SFTP server. Example # Create directory test on the remote SFTP server.
SFTP Client Configuration Commands 967 Description Use the pwd command to display the current directory on the SFTP server. Example # Display the current directory on the SFTP server. sftp-client> pwd flash: quit Syntax quit View SFTP Client view Parameter None Description Use the quit command to terminate the connection with the remote SFTP server and return to the user view. This command has the same functionality as the bye and exit commands.
968 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS View SFTP Client view Parameter oldname: Original file name. newname: New file name. Description Use the rename command to change the name of the specified file on the SFTP server. Example # Change the name of the file temp1 on the SFTP server to temp2. sftp-client> rename temp1 temp2 rmdir Syntax rmdir remote-path View SFTP Client view Parameter remote-path: Name of a directory on the remote SFTP server.
SFTP Client Configuration Commands 969 dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1. prefer_ctos_cipher: Preferred encryption algorithm from the client to the server. The default algorithm is aes128. prefer_stoc_cipher: Preferred encryption algorithm from the server to the client. The default algorithm is aes128. des: Encryption algorithm des_cbc. 3des: Encryption algorithm 3des_cbc. aes128: Encryption algorithm aes_128.
970 CHAPTER 56: SSH TERMINAL SERVICE CONFIGURATION COMMANDS
FILE SYSTEM MANAGEMENT COMMANDS 57 File System n cd The limitation on the names of directories and files on switch are as follows: ■ It is recommended that the name of a directory or file should not contain more than 64 characters; otherwise you will not be able to delete such a directory or file, even though the system supports directory or file names containing more than 64 characters.
972 CHAPTER 57: FILE SYSTEM MANAGEMENT COMMANDS fileurl-dest: Destination file name. Description Use the copy command to copy a file. You can use this command to copy a file from current directory to another directory, or vise versa. Where, the source filename must be the name of a file that has already existed in the specified directory, and the destination filename can be changed as required.
File System 973 View User view Parameter /all: Display all the files (including the deleted ones). file-url: File or directory name to be displayed. The file-url parameter supports "*" matching. For example, using dir *.txt will display all the files with the extension txt in the current directory. Description Use the dir command to view the information about the specified file or directory in the storage device of the switch. This command supports "*" wildcard characters.
974 CHAPTER 57: FILE SYSTEM MANAGEMENT COMMANDS The batch command executes the command lines in the batch file one by one. There should be no invisible character in the batch file. If invisible characters are found, the batch command will quit the current execution without back off operation. The batch command does not guarantee the execution of each command, nor does it perform hot backup itself. The forms and contents of the commands are not restricted in the batch file.
File System 975 Description Use the fixdisk command to restore the space of a storage device. Some of the space of a storage device may be unavailable due to some reason (such as abnormal operations). In this case, you can use this command to restore the space. Currently, the switch does not support this command on the compact flash (CF) card. Example # Restore the space of the storage device flash. fixdisk flash: format Syntax format filesystem View User view Parameter filesystem: Device name.
976 CHAPTER 57: FILE SYSTEM MANAGEMENT COMMANDS The directory to be created cannot have the same name as that of other directory or file in the specified directory. Example # Create the directory dd. mkdir dd Created dir flash:/dd more Syntax more file-url View User view Parameter file-url: File name. Description Use the more command to view the contents of a specific file. At present, the file system can display files in text format.
File System 977 When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it. Example # Move flash:/test/sample.txt to flash:/sample.txt. move flash:/test/sample.txt flash:/sample.txt Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y %Moved file flash:/test/sample.txt to flash:/sample.
978 CHAPTER 57: FILE SYSTEM MANAGEMENT COMMANDS If the destination file name is identical with that of an already existent directory or file, the rename operation fails and the system prompts that name has already been used or the file is being used. Example # Rename the file sample.txt to sample.bak. rename sample.txt sample.bak Rename flash:/sample.txt to flash:/sample.bak ?[Y/N]:y %Renamed file flash:/sample.txt to flash:/sample.
File System 979 Example # Delete the directory 3com. rmdir 3com Rmdir 3com?[Y/N]:y % Removed directory 3com umount Syntax umount device View User view Parameter device: Device name. Now, it can only be CF. Description Use the umount command to unload the CF card from the file system. Example # Unload the CF card from the file system. umount cf: undelete Syntax undelete file-url View User view Parameter file-url: Name of the file to be recovered.
980 CHAPTER 57: FILE SYSTEM MANAGEMENT COMMANDS
DEVICE MANAGEMENT COMMANDS 58 boot boot-loader Syntax boot boot-loader { primary | backup } file-url [ slot slot-number ] View User view Parameter file-url: ARP program path + program name slot-number: Slot number of the active or standby SRPC. primary: Specifies this program to be the primary bootstrap program. backup: Specifies this program to be the backup bootstrap program. Description Use the boot boot-loader primary command to set a specified program as the primary bootstrap program.
982 CHAPTER 58: DEVICE MANAGEMENT COMMANDS boot boot-loader primary slot1#flash:/s8500-vrp310-r1262.app slot 1 The specified file will be booted next time!. boot bootrom Syntax boot bootrom file-url slot slot-num-list View User view Parameter file-url: Path and name of Bootrom file in the storage device. slot slot-num-list: Specifies the slot number list of switch. The formula is slot-num-list={ slot-num [ to slot-num ] }&<1-n>.
983 display cpu Syntax display cpu [slot slot-no ] View Any view Parameter slot slot-no: Specifies the module number. Description Use the display cpu command to display CPU occupancy. Example # Display CPU occupancy on slot 0.
984 CHAPTER 58: DEVICE MANAGEMENT COMMANDS Example # Show device information. display device Slot No.
985 display fan Fan 1 State: Normal display memory Syntax display memory [ slot slot-no ] View Any view Parameter slot-no: Specifies slot number Description Use the display memory command to display memory situation. Example # Display memory situation.
986 CHAPTER 58: DEVICE MANAGEMENT COMMANDS display schedule reboot Syntax display schedule reboot View Any view Parameter None Description Use the display schedule reboot command to check the configuration of related parameters of the switch schedule reboot terminal service. Related command: reboot, schedule reboot at. Example # Display the configuration of the schedule reboot terminal service parameters of the current switch.
987 yyyy/mm/dd: Reboot date of the switch, in the format of "year/month/day. The yyyy ranges from 2000 to 2099, the mm ranges from 1 to 12, and the value of dd is related to the specific month. Description Use the schedule reboot at command to enable the timing reboot function of the switch and set the specific reboot time and date. Use the undo schedule reboot command to disable the timing reboot function. By default, the timing reboot switch function is disabled.
988 CHAPTER 58: DEVICE MANAGEMENT COMMANDS Parameter hhh:mm: Waiting time for rebooting a switch, in the format of "hour: minute" The hhh ranges from 0 to 720, and the mm ranges from 0 to 59. mmm: Waiting delay for rebooting a switch, in the format of "absolute minutes" . Ranging from 0 to 43200, Description Use the schedule reboot delay command to enable the timing reboot switch function and set the waiting time. Use the undo schedule reboot command to disable the timing reboot function.
989 up-value: Upper temperature limit, in the range 20 to 90 °C. Description Use the temperature-limit command to configure temperature limit. Use the undo temperature-limit command to restore temperature limit to default value. Example # Set the lower and upper temperature limit of card 0.
990 CHAPTER 58: DEVICE MANAGEMENT COMMANDS Example # Update the service processing module in slot 2. The file to be downloaded is place in the host with the IP address 192.168.1.100, and its name is L3PLUS.app. The user name and password for FTP login are 654321 and 123456 respectively. system-view System View: return to User View with Ctrl+Z. [SW8800] update l3plus slot 2 filename L3PLUS.app ftpserver 192.168. 1.
FTP&TFTP CONFIGURATION COMMANDS 59 FTP Client Commands ascii Syntax ascii View FTP Client view Parameter None Description Use the ascii command to configure data transmission mode as ASCII mode. By default, the file transmission mode is ASCII mode. Perform this command if the user needs to change the file transmission mode to default mode. Example # Configure to transmit data in the ASCII mode. ftp [ftp] ascii 200 Type set to A.
992 CHAPTER 59: FTP&TFTP CONFIGURATION COMMANDS ftp [ftp] binary 200 Type set to I. bye Syntax bye View FTP Client view Parameter None Description Use the bye command to disconnect with the remote FTP Server and return to user view. After performing this command, you can terminate the control connection and data connection with the remote FTP Server. Example # Terminate connection with the remote FTP Server and return to user view.
FTP Client Commands 993 View FTP Client view Parameter None Description Use the cdup command to change working path to the upper level directory. This command is used to exit the current directory and return to the upper level directory. Example # Change working path to the upper level directory. ftp [ftp] cdup close Syntax close View FTP Client view Parameter None Description Use the close command to disconnect FTP client side from FTP server side without exiting FTP client side view.
994 CHAPTER 59: FTP&TFTP CONFIGURATION COMMANDS Use the undo debugging command to disable the debugging for FTP Client commands. By default, the debugging for FTP Client commands is disabled. Example # Enable the debugging for FTP Client commands. ftp [ftp] debugging delete Syntax delete remotefile View FTP Client view Parameter remotefile: File name. Description Use the delete command to cancel the specified file. Example # Delete the file temp.c ftp [ftp] delete temp.
FTP Client Commands disconnect 995 Syntax disconnect View FTP Client view Parameter None Description Use the disconnect command to disconnect FTP Client side from FTP server side without exiting FTP client side view. This command terminates the control connection and data connection with the remote FTP Server at the same time. Example # Terminate connection with the remote FTP Server and stays in FTP Client view.
996 CHAPTER 59: FTP&TFTP CONFIGURATION COMMANDS Parameter localfile: Local file name. remotefile: Name of a file on the remote FTP Server. Description Use the get command to download a remote file and save it locally. If no local file name is specified, it will be considered the same as that on the remote FTP Server. Example # Download the file temp1.c and saves it as temp.c ftp [ftp] get temp1.c temp.
FTP Client Commands 997 Note that, the ls command only displays the file names, while the dir command also displays other file-related information such as the file size and creation date. Example # Query file temp.c ftp [ftp] ls temp.c mkdir Syntax mkdir pathname View FTP Client view Parameter pathname: Directory name. Description Use the mkdir command to create a directory on the remote FTP Server. User can perform this operation as long as the remote FTP server has authorized.
998 CHAPTER 59: FTP&TFTP CONFIGURATION COMMANDS undo passive View FTP Client view Parameter None Description Use the passive command to configure the data transmission mode as passive mode. Use the undo passive command to configure the data transmission mode as active mode. By default, the data transmission mode is passive mode Example # Set the data transmission to passive mode. ftp [ftp] passive put Syntax put localfile [ remotefile ] View FTP Client view Parameter localfile: Local file name.
FTP Client Commands 999 Parameter None Description Use the pwd command to view the current directory on the remote FTP Server. Example # Show the current directory on the remote FTP Server. ftp [ftp] pwd "flash:/temp" is current directory. quit Syntax quit View FTP Client view Parameter None Description Use the quit command to terminate the connection with the remote FTP Server and return to user view. Example # Terminate connection with the remote FTP Server and returns to user view.
1000 CHAPTER 59: FTP&TFTP CONFIGURATION COMMANDS ftp [ftp] remotehelp user 214 Syntax: USER rmdir Syntax rmdir pathname View FTP Client view Parameter pathname: Directory name of remote FTP Server. Description Use the rmdir command to remove the specified directory from FTP Server. Note that, this command can be successfully executed only when the specified directory contains no files. Example # Delete the directory flash:/temp1 from FTP Server.
TFTP Configuration Commands 1001 View FTP Client view Parameter None Description Use the verbose command to enable the client to display the commands received from/sent to the server. Use the undo verbose command to disable the client from display the commands received from/sent to the server By default, the VERBOSE is enabled and the client displays the commands received from/sent to the server. Example # Enable VERBOSE.
1002 CHAPTER 59: FTP&TFTP CONFIGURATION COMMANDS tftp put Syntax tftp tftp-server put source-file [ dest-file ] View User view Parameter tftp-server: IP address or hostname of the TFTP server. The name of the TFTP server should be a string ranging from 1 to 20 characters. source-file: Filename of the source file which is saved on the switch. dest-file: Name of the saved-as file uploaded to the specified directory on the TFTP server.
60 INFORMATION CENTER Information Center Configuration Commands display channel Syntax display channel [ channel-number | channel-name ] View Any view Parameter channel-number: Channel number, ranging from 0 to 9, that is, the system has ten channels. channel-name: Specifies the channel name. the name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile. Description Use the display channel command to view the details about the information channel.
1004 CHAPTER 60: INFORMATION CENTER Description Use the display info-center command to view the configuration of system log and the information recorded in the memory buffer. If the information in the current log/trap buffer is less than the size of buffer, display the actual log/trap information. Related command: info-center enable,info-center loghost,info-center logbuffer,info-center console channel,info-center monitor channel. Example # Show the system log information.
Information Center Configuration Commands 1005 Table 140 Description on the fields of the display info-center command display logbuffer Field Description Log file The status of the log file, including enable status, maximum file buffer size, channel number, channel name, maximum number of log files, maximum size of the log file, storage path of log files.
1006 CHAPTER 60: INFORMATION CENTER begin: Optioanl parameter, displays all items beginning friom the matching item. exclude: Optional parameter, only displays the matching items. include: Optional parameter, only displays the non-matching items.. text: Defines the regular expression.
Information Center Configuration Commands 1007 Channel number : 4 , Channel name : logbuffer Dropped messages : 0 Overwritten messages : 0 Current messages : 91 display logbuffer summary Syntax display logbuffer summary [ level severity ] View Any view Parameter level: Information level. severity: Information level, do not output information below this level.
1008 CHAPTER 60: INFORMATION CENTER Parameter size: Configures the size of buffer. summary: Number of statistical logs. sizenum: Size of buffer (number of messages which can be kept), ranging from 1 to 1024. By default, the size of the buffer is 256. level: level. levelnum: Information level value, ranging from 1 to 8. emergencies, alerts, critical, debugging, errors, informational, notifications, warnings are the names of the eight log severity levels.
Information Center Configuration Commands 1009 channel-name: Specifies the channel name with a character string not exceeding 30 characters, excluding digit, "-", "/" or "". . Description Use the info-center channel name command to rename a channel specified by the channel-number as channel-name. Use the undo info-center channel command to restore the channel name. The system assigns a channel in each output direction by default. See the table below.
1010 CHAPTER 60: INFORMATION CENTER By default, Ethernet switches do not output log information to the console. This command takes effect only after system logging is started. Related command: info-center enable, display info-center. Example # Configure to output log information to the console through channel 0. system-view System View: return to User View with Ctrl+Z.
Information Center Configuration Commands 1011 Parameter channel: Configures the channel to output information to buffer. channel-number: Channel number, ranging from 0 to 9, that is, system has ten channels. channel-name: Specifies the channel name. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile. size: Configures the size of buffer. buffersize: Size of buffer (number of messages which can be kept).
1012 CHAPTER 60: INFORMATION CENTER This command takes effect only after the system logging is enabled. Related command: info-center enable, display info-center. Example # Send log information to logfile. system-view System View: return to User View with Ctrl+Z.
Information Center Configuration Commands 1013 This command takes effect only after the system logging is enabled. Related command: info-center enable, display info-center. Example # Configure to send log information to the UNIX workstation at 202.38.160.1. system-view System View: return to User View with Ctrl+Z. [SW8800] info-center loghost 202.38.160.
1014 CHAPTER 60: INFORMATION CENTER channel-name: Channel name. The name can be channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer, logfile. Description Use the info-center monitor channel command to configure the channel to output the log information to the user terminal. Use the undo info-center monitor channel command to restore the channel to output the log information to the user terminal to default value.
Information Center Configuration Commands 1015 system-view System View: return to User View with Ctrl+Z.
1016 CHAPTER 60: INFORMATION CENTER Table 145 The module name field Module name Description IFNET Interface management module IGSP IGMP snooping module IP IP (internet protocol) module ISIS IS-IS (intermediate system-to-intermediate system intradomain routing protocol) module L2INF L2 interface management module L2V L2 VPN module LACL LAN switch ACL module LDP LDP (label distribution protocol) module LINKAGG LINKAGG module LQOS LAN switch QoS module LS Local server module LSPAGENT
Information Center Configuration Commands 1017 Table 145 The module name field Module name Description VTY VTY (virtual type terminal) module default: All the modules. log: Log information. trap: Trap information. all: Clears all the information filtering configuration on the channelnum channel except the default one. debugging: Debugging information. level: Level. severity: Information level, do not output information below this level.
1018 CHAPTER 60: INFORMATION CENTER By default, the information switch state of each channel is shown in Table 148: Table 148 Default information switch state of each channel n Channel Log information switch Trap information switch Debug information switch Console Enable Disable Enable Terminal Enable Disable Enable Log host Enable Enable Disable Trapbuffer Disable Enable Disable Logbuffer Enable Disable Disable SNMPagent Disable Enable Disable Logfile Enable Disable Disab
Information Center Configuration Commands 1019 At present, the system distributes an information channel in each output direction by default, shown as follows: Table 149 Default information channel in each output direction Output direction Information channel name Console console Monitor monitor Info-center loghost loghost Log buffer logbuffer Trap buffer trapbuffer snmp snmpagent Log file logfile In addition, each information channel has a default record with the module name "default" and
1020 CHAPTER 60: INFORMATION CENTER Description Use the info-center timestamp command to configure the timestamp output format in debugging/trap information. Use the undo info-center timestamp command to disable the output of timestamp field. By default, date stamp is used. Example # Configure the debugging information timestamp format as boot. system-view System View: return to User View with Ctrl+Z.
Information Center Configuration Commands Related command: info-center enable, display info-center. Example # Send information to the trap buffer and sets the size of the buffer to 30. system-view System View: return to User View with Ctrl+Z. [SW8800] info-center trapbuffer size 30 reset logbuffer Syntax reset logbuffer View User view Parameter None Description Use the reset logbuffer command to reset information in log buffer. Example # Clear information in log buffer.
1022 CHAPTER 60: INFORMATION CENTER Parameter None Description Use the terminal debugging command to configure to display the debugging information on the terminal. Use the undo terminal debugging command to configure not to display the debugging information on the terminal. By default, the terminal display function of debugging information is disabled. Related command: debugging. Example # Enable the terminal display debugging.
Information Center Configuration Commands 1023 Parameter None Description Use the terminal monitor command to enable the terminal display functions. Use the undo terminal monitor command to disable the terminal display functions. By default, the system enables the functions of debugging/log/trap information on the console and disable them on the terminal. This command only takes effect on the current terminal where the commands are input.
1024 CHAPTER 60: INFORMATION CENTER
61 SYSTEM MAINTENANCE COMMANDS Basic System Configuration and Management Commands clock datetime Syntax clock datetime HH:MM:SS YYYY/MM/DD View User view Parameter HH:MM:SS: Current time. HH ranges from 0 to 23. MM and SS range from 0 to 59. YYYY/MM/DD: Year, month and date. YYYY ranges from 2000 to 2100. MM ranges from 1 to 12 and DD ranges from 1 to 31. Description Use the clock datetime command to configure the current date and clock of the switch.
1026 CHAPTER 61: SYSTEM MAINTENANCE COMMANDS Parameter zone-name: Name of the summer time, which is a string of 1 to 32 characters. one-off: Sets the summer time of a certain year. repeating: Sets the summer time of every year starting from a certain year. start-time: Sets start time of the summer time, in the form of HH:MM:SS (hour/minute/second). start-date: Sets start date of the summer time, in the form of YYYY/MM/DD (year/month/day).
Basic System Configuration and Management Commands 1027 View User view Parameter zone-name: Name of the time zone, which is a character with the length ranging from 1 to 32. add: Tme is adding compared with the UTC. minus: Time is minus compared with the UTC. HH:MM:SS: Time (hour/minute/second). Description Use the clock timezone command to set the information of the local time zone. Use the undo clock timezone command to restore to the default Universal Time Coordinated (UTC) time zone.
1028 CHAPTER 61: SYSTEM MAINTENANCE COMMANDS system-view System View: return to User View with Ctrl+Z. [SW8800] quick-ping enable sysname Syntax sysname sys-name undo sysname View System view Parameter sys-name: Hostname of the switch. A string of 1 to 30 characters. The default hostname of the switch is 3Com. Description Use the sysname command to configure the system name of the switch. Changing the hostname name of the switch will affect the prompt of command line interface.
System Status and System Information Query Commands 1029 The maximum time value supported by this command is 23:59:59 9999/12/31. Related command: clock datetime. Example # View the current system date and time.
1030 CHAPTER 61: SYSTEM MAINTENANCE COMMANDS View Any view Parameter interface-type: Interface type supported by switch, including Ethernet and GigabitEthernet. interface-number: Interface number.
System Status and System Information Query Commands 1031 Pos4/1/3: Card info: 2.5G-SFP Fiber connect: LC VendorName: FIBERXON INC PartNumber: FTM-3125C-L2 Mode: SingleMode WaveLength: 1310nm Length for 9um: 2km Pos4/1/4: Card info: 1000BASE-SFP Fiber connect: LC VendorName: AGILENT PartNumber: HFBR-5710L Mode: MultiMode WaveLength: 850nm Length for 50/125um: 550m Length for 62.
1032 CHAPTER 61: SYSTEM MAINTENANCE COMMANDS display users Syntax display users [ all ] View Any view Parameter all: Displays all users connected to the switch. Description Use the display users command to view information about users connected to the switch. Example # Display the information about all the active users on the console. display users UI Delay + 0 CON 0 00:00:00 130 VTY 0 00:00:05 Type Ipaddress TEL 192.168.1.
System Debug Commands 1033 Parameter None Description Use the display version command to view such information as software version, issue date and the basic hardware configurations. Example # Display the information about the system version. display version Copyright Notice: All rights reserved (Sep 15 2005). Without the owner’s prior written consent, no decompiling nor reverse-engineering shall be allowed.
1034 CHAPTER 61: SYSTEM MAINTENANCE COMMANDS View User view Parameter all: Enables or disables all the debugging. timeout interval: Specifies the interval (in minutes) during which the debugging all switch is on. The value ranges from 1 to 1440. With this configuration, all debugging takes the time at which it is enabled as the start time, and takes effect during the predefined time. And after that, all debugging is disabled. module-name: Module name. debugging-option: Debugging option.
Network Connection Test Commands 1035 Description Use the display diagnostic-information command to view the current configuration information about all running modules. You can use all the information to help diagnose and troubleshoot the switch. When the switch does not run well, you can collect all sorts of information about the switch to locate the source of fault. However, each module has many corresponding display commands, which makes it difficult for you to collect all the information needed.
1036 CHAPTER 61: SYSTEM MAINTENANCE COMMANDS -h ttl: Configures the TTL value for echo requests to be sent. The TTL value ranges from 1 to 255. The default value is 255. -i: Specifies an interface to send packets. interface-type: Specifies the interface type. interface-number: Specifies the interface number. -n: Configures to take the host parameter as IP address without domain name resolution.
Network Connection Test Commands ■ 1037 The final statistics, including number of sent packets, number of response packets received, percentage of non-response packets and minimal/maximum/average value of response time. If the network transmission rate is too low, you can increase the response message timeout. n At present, the ping -i command only supports the direct route and is used to test the the connectivity of the direct route. Related command: tracert. Example # Check whether the host 202.38.
1038 CHAPTER 61: SYSTEM MAINTENANCE COMMANDS string: IP address of the destination host or the hostname of the remote system. Description Use the command to Using tracert command, you can check the reachability of network connection and troubleshoot the network. User can test gateways passed by the packets transmitted from the host to the destination.
PROTOCOL PORT SECURITY CONFIGURATION COMMANDS 62 Protocol Port security Configuration Commands ip portsafe Syntax ip portsafe enable undo ip portsafe enable View System view Parameter None Description Use the ip portsafe enable command to enable the protocol port security function to check all IP packets on the interface module. If the destination IP is the virtual interface IP of the switch, and the corresponding destination protocol port is not open, the packet will be dropped.
1040 CHAPTER 62: PROTOCOL PORT SECURITY CONFIGURATION COMMANDS Table 153 State of the protocol port n Protocol Port Default State DHCP UDP:67,68 Close NTP UDP:123 Close SNMP-AGENT UDP:161 Close RIP UDP:520 Close MPLS LDP UDP:646 Close RADIUS CLIENT UDP:1812 Close RADIUS LOCAL SERVER UDP:1645,1646 Open PORTAL SERVER UDP:2000 Close The protocol port security function is short for TCP, UDP protocol port close checking function.
Port Packet Statistics Commands 1041 63 PORT PACKET STATISTICS COMMANDS Port Packet Statistics Commands set egress Syntax set egress { counter0 | counter1 } slot slot-num [ interface interface-type interface-number ] [ vlan vlan-id ] [ tc traffic-class ] [ dp drop-precedence ] undo set egress { counter0 | counter1 } slot slot-num View System view Parameter counter0: Counter 0, used for packet statistics monitoring. counter1: Counter 1, used for packet statistics monitoring. slot-num: Card slot number.
1042 CHAPTER 63: PORT PACKET STATISTICS COMMANDS (DP) can also be monitored. When monitoring a card, the counters can monitor all TCs and all DPs. After you user the set egress counter command to set the monitoring mode of a card, the counters will be automatically reset. By default, a card does not implement egress packet statistics. Related command: display egress.
Port Packet Statistics Commands Drop Precedence: all The outgoing packets: Unicast: 0 packets Multicast: 0 packets Broadcast: 0 packets Bridege egress filtered packets: 0 packets TxQ filtered packets(Due to TxQ congestion ): 0 packets 1043
1044 CHAPTER 63: PORT PACKET STATISTICS COMMANDS
Ethernet Port Detection Configuration Commands 1045 64 PORT LOOPBACK DETECTION COMMANDS Ethernet Port Detection Configuration Commands loopback-detection enable Syntax loopback-detection enable undo loopback-detection enable View System view Parameter None Description Use the loopback-detection enable command to enable the global port loopback detection function, so that the system can detecte whether there is an external loop on each port in a VLAN which is enabled with the loopback detection function.
1046 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS undo loopback-detection enable vlan { vlanlist | all } View System view Parameter None Description Use the loopback-detection enable vlan command to enable the loopback detection function on a VLAN to perform the loopback detection on all ports in the VLAN. Use the undo loopback-detection enable vlan command to disable the loopback detection on a VLAN.You can perform such configuration on up to 800 VLANs.
Ethernet Port Detection Configuration Commands loopback-detection control 1047 Syntax loopback-detection control undo loopback-detection control View Ethernet port view Parameter None Description Use the loopback-detection control command to enable the control function of port loopback detection, that is, when finding a loop exist on a port of a VLAN, the system will report the trap information and shutdown the port as well.
1048 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS system-view [SW8800] interface Ethernet 2/1/1 [3Com-GigabitEthernet2/1/1] loopback-detection disable display loopback-detection Syntax display loopback-detection View Ethernet port view Parameter None Description Use the display loopback-detection command to display whether the port loopback detection function is enabled or not.
Ethernet Port Detection Configuration Commands 1049
1050 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS
Ethernet Port Detection Configuration Commands 1051
1052 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS
1054 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS
1056 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS
Ethernet Port Detection Configuration Commands 1057
1058 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS
1060 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS
Ethernet Port Detection Configuration Commands 1061
1062 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS
1064 CHAPTER 64: PORT LOOPBACK DETECTION COMMANDS
65 QINQ CONFIGURATION COMMANDS QinQ Configuration Commands display port vlan-vpn Syntax display port vlan-vpn View Any view Parameter None Description Use the display port vlan-vpn command to display VLAN VPN-related information of the current system by port number, including current TPID, the information about VLAN-VPN ports, and the information about VLAN-VPN uplink ports. Example # Display the VLAN VPN-related configuration of the current system.
1066 CHAPTER 65: QINQ CONFIGURATION COMMANDS Use the following command to deliver Layer 2 and Layer 3 traffic classification rules simultaneously.
QinQ Configuration Commands 1067 Description Use the traffic-redirect { nested-vlan | modified-vlan } command to enable ACL-based traffic classification on the ports and set/modify the outer VLAN tags to be inserted in the packets that match the specified ACL rules. (Note that this command only applies to packets that match ACL rules with the permit keyword specified.) Use the undo traffic-redirect command to remove the configuration.
1068 CHAPTER 65: QINQ CONFIGURATION COMMANDS c CAUTION: ■ VLAN VPN cannot be enabled if the port has any of GVRP, STP, and 802.1x protocols enabled. ■ VLAN VPN cannot be enabled on a port if the VLAN which the port belongs to has IGMP Snooping enabled or its VLAN interface has IGMP enabled. Similarly, if a port is VLAN VPN-enabled, you cannot enable IGMP Snooping in the VLAN to which the port belongs or enable IGMP on the VLAN interface of the VLAN.
QinQ Configuration Commands 1069 Table 155 Common protocol type values of an Ethernet frame Protocol type Value LACP 0x8809 802.1x 0x888E Example # Set the TPID value to 0x9100. [SW8800] vlan-vpn tpid 9100 # Restore the default TPID value (0x8100). [SW8800] undo vlan-vpn tpid vlan-vpn tunnel Syntax vlan-vpn tunnel undo vlan-vpn tunnel View System view Parameter None Description Use the vlan-vpn tunnel command to enable VLAN-VPN tunnel.
1070 CHAPTER 65: QINQ CONFIGURATION COMMANDS Description Use the vlan-vpn uplink enable command to set a port to be a VLAN-VPN uplink port. Use the undo vlan-vpn uplink command to remove the configuration. When sending a packet, a VLAN-VPN uplink port replaces the TPID value in the outer VLAN tag with the configured TPID value. You can use the vlan-vpn tpid command to set the TPID value used by the VLAN-VPN uplink port. c CAUTION: ■ At present, 3C17512 and LSBM1TGX1 cards do not support this command.
NQA CONFIGURATION COMMANDS 66 NQA Configuration Commands count This section describes the Network Quality Assurance(NQA) commands. Syntax count times undo count View NQA test group view Parameter times: Number of probe packets to send. Description Use the count command to configure the number of probe packets to send. Use the undo count command to restore the number of probe packets to send to the default value. By default, one probe packet is sent.
1072 CHAPTER 66: NQA CONFIGURATION COMMANDS View NQA test group view Parameter text: Filler data of the test packet. It can be a string under 230 bytes in length. Description Use the datafill command to configure the filler data of the test packet. Use the undo datafill command to restore the filler data of the test packet to the default value. By default, no filler data of the test packet is configured, that is, the test packet is empty. Related command: datasize.
NQA Configuration Commands n 1073 The filler data refers to the area that can be freely filled in the packet, that is, the area outside the ICMP packet header. If the filler data is big in size, when sending the packet, the system fragments the packet to pieces on demand. Example # Set the filler data size of the test packet to 50 bytes. system-view System View: return to User View with Ctrl+Z.
1074 CHAPTER 66: NQA CONFIGURATION COMMANDS Use the undo description command to delete the configured description information. By default, there is no description information of the operation. Example # Describes the test group as "Cary’s icmp test". system-view System View: return to User View with Ctrl+Z.
NQA Configuration Commands 1075 administrator-name: Name of the administrator who creates the operation. test-tag: Tag of the test operation. Description Use the display nqa command to display the result of the test. If you do not specify the administrator-name and the test-operation-tag arguments, results of all test groups are displayed. Otherwise, only the result of the specified test group is displayed. Example # Display the test results.
1076 CHAPTER 66: NQA CONFIGURATION COMMANDS Table 157 Description on the fields of the display nqa history command Field Description Response Round trip test time in milliseconds, or the timeout time. 0 means the test fails. Status Test result value LastRC Receive the last response code based on the implementation ways. With ICMP echo enabled, if the system receives ICMP response which includes ICMP_ECHOREPLY(0), the probe has succeeds.
NQA Configuration Commands 1077 [SW8800] nqa administrator icmp [3Com-administrator-icmp] frequency 10 history-records Syntax history-records number undo history-records View NQA test group view Parameter number: Number of test results which can be stored in the history record. Description Use the history-records command to configure the Number of test results that can be stored in the history record.
1078 CHAPTER 66: NQA CONFIGURATION COMMANDS Description Use the nqa command to create a NQA test group (if there is no NQA test group before). You will enter the NQA test group view after this command is executed. Use the undo nqa command to delete an NQA test group. At the same time, the test will be stopped, and the history record will be deleted. Note that: ■ You can perform the test operation only after creating a test group. ■ You can create a maximum of 30 test groups.
NQA Configuration Commands 1079 Parameter max-number: Maximum Number of test operations enabled simultaneously. Description Use the nqa-agent max-requests command to set the maximum number of test operations that can be enabled simultaneously. Use the undo nqa-agent max-requests command to restore the number of test operations that can be enabled simultaneously to the default value. By default, a maximum of 5 test operations can be enabled simultaneously.
1080 CHAPTER 66: NQA CONFIGURATION COMMANDS ■ When probing, the system sends one packet every time. While the test process is not always so. ■ One test may include many probes. The test succeeds as long as there is one successful probe. ■ The current "probe failure times" will be reset to zero after a test is finished, that is, the "times" is only valid for a single test and can not cross two tests for constant statistics. If the probe succeeds, this statistic value is reset to zero too.
NQA Configuration Commands 1081 Example # Set that the system assumes the connection mode as direct connection when sending the ICMP packet. system-view System View: return to User View with Ctrl+Z.
1082 CHAPTER 66: NQA CONFIGURATION COMMANDS source-interface Syntax source-interface { interface-type interface-number } undo source-interface View NQA test group view Parameter interface-type: Type of interface. interface-number: Number of interface. Description Use the source-interface command to configure the source interface for sending test packet. Use the undo source-interface command to disable the configured source interface. By default, no source interface for sending test packet is configured.
NQA Configuration Commands 1083 By default, no source IP address is configured. The system uses the IP address of the source interface as the source IP address. Example # Set the source IP address of this test to 192.168.60.60. system-view System View: return to User View with Ctrl+Z. [SW8800] nqa-agent enable [SW8800] nqa administrator icmp [3Com-administrator-icmp] source-ip 192.168.60.
1084 CHAPTER 66: NQA CONFIGURATION COMMANDS Parameter times: Number of constant test failures. Description Use the test-failtimes command to set the number of constant test failures after which the system will send the Trap information to the network management system. Use the undo test-failtimes command to restore the number of constant test failures to the default value. By default, the system sends the Trap information to the network management system after one NQA test fails.
NQA Configuration Commands 1085 Example # Specify the test type as icmp. system-view System View: return to User View with Ctrl+Z. [SW8800] nqa-agent enable [SW8800] nqa administrator icmp [3Com-administrator-icmp] test-type icmp timeout Syntax timeout time undo timeout View NQA test group view Parameter time: Timeout time. Its unit is second. Description Use the timeout command to configure the timeout time of the test operation.
1086 CHAPTER 66: NQA CONFIGURATION COMMANDS By default, the TOS value in the NQA test packet header is 0, that is, no special service is specified This parameter equals to the "-v" parameter in the ping command of the Windows operation system. n See the "RFC 1349" for detailed explanations of the service types. Example # Configure the TOS value in the NQA test packet header to 4 (representing the highest reliability). system-view System View: return to User View with Ctrl+Z.
NQA Configuration Commands vpn-instance 1087 Syntax vpn-instance name undo vpn-instance View NQA test group view Parameter name: Name of the specified VPN instance, a string of up to 19 characters. Description Use the vpn-instance command to set the name of the VPN instance for the test. Use the undo vpn-instance command to cancel the name of the VPN instance for the test. By default, no information of the VPN instance is set. n You must set the name for VPN instance.
1088 CHAPTER 66: NQA CONFIGURATION COMMANDS
67 PASSWORD CONTROL CONFIGURATION COMMANDS Password Control Configuration Commands display password-control Syntax display password-control View Any view Parameter None Description The display password-control command is used to view the password control information for all users, including the enabled/disabled state of password aging, the aging time, the enabled/disabled state of the minimum password length limitation and the configured minimum password length, the enabled/disabled state of history pass
1090 CHAPTER 67: PASSWORD CONTROL CONFIGURATION COMMANDS View Any view Parameter username:user name added into the blacklist. ipaddress:user IP address added into the blacklist. Description Use the display password-control blacklist command to view the user information added into the backlist based on the user name or IP address after failed attempts of entering passwords. Example # Display the information of all users added into the blacklist after failed attempts of entering passwords.
Password Control Configuration Commands Parameter simple: Plain text, a string containing 1 to 63 characters. cipher: Cipher text, a string containing 1 to 88 characters. password: Login password. Description Use the password command to configure the password for a local user. Use the undo password command to delete the user password. By default, no password is set for local users. To access the FTP server through FTP, you must perform this configuration.
1092 CHAPTER 67: PASSWORD CONTROL CONFIGURATION COMMANDS Parameter aging-time: Configures the system password aging time. Value range 1 to 365 days, and the default value is 90 days. Length: Configures the minimum password length. The value range is 4 to 32 characters, and the default value is 10. login-times: Configures the maximum number of login attempts for each user. The value range is 2 to 10, and the default value is 3.
Password Control Configuration Commands 1093 Use the password-control login-attempt attempt-time exceed command to configure the processing mode used after password attempt fails. Example # Configure the aging time of the system login passwords to 100 days. system-view System View: return to User View with Ctrl+Z. [SW8800] password-control aging 100 # Configure the minimum length of the system login passwords to 8 characters.
1094 CHAPTER 67: PASSWORD CONTROL CONFIGURATION COMMANDS Use the password-control aging enable command to enable password aging. By default, the password aging time is 90 days. Use the password-control length enable command to enable the limitation of the minimum password length. By default, the minimum password length is 10 characters. Use the password-control history enable command to enable history password recording.
Password Control Configuration Commands 1095 Parameter aging-time: Specifies the aging time for super passwords. The value range is 1 to 365 days and the default value is 90 days. min-length: Specifies the minimum length for super passwords. It ranges from 4 to 16 characters, and the default value is 10 characters. Description Use the password-control super command to configure some password control parameters for super commands, including the password aging time and the minimum password length.
1096 CHAPTER 67: PASSWORD CONTROL CONFIGURATION COMMANDS reset password-control history-record user-name test Are you sure to delete all the history record of user test ?[Y/N] If you type "Y", the system will delete all the history password records of the specified user and gives the following prompt: Updating the password file, please wait... All historical passwords of this user have been cleared.
Password Control Configuration Commands 1097 Use the reset password-control blacklist username username command to remove the specified user from the blacklist. Example # Check the user information in the blacklist. Suppose the blacklist contains three users: test, tes, and test2. display password-control blacklist USERNAME IP test 192.168.30.25 tes 192.168.30.24 test2 192.168.30.23 # Remove user "test" from the blacklist.
