HP VPN Firewall Appliances Network Management Command Reference Part number: 5998-4174 Software version: F1000-A-EI/F1000-S-EI (Feature 3726) F1000-E (Release 3177) F5000 (Feature 3211) F5000-S/F5000-C (Release 3808) VPN firewall modules (Release 3177) 20-Gbps VPN firewall modules (Release 3817) Document version: 6PW101-20130923
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Ethernet interface commands ······································································································································ 1 General Ethernet interface and subinterface commands ······························································································ 1 combo enable ··························································································································································· 1 default ·········
display vlan ···························································································································································· 51 interface vlan-interface ·········································································································································· 53 ip address ······························································································································································ 54
stp port priority ···················································································································································· 105 stp priority ···························································································································································· 106 stp region-configuration ······································································································································ 106 stp
Inline forwarding commands ······································································································································ 146 display inline-interfaces ······································································································································ 146 inline-interfaces ···················································································································································· 147 port inlin
dhcp relay information enable ··························································································································· 186 dhcp relay information format ··························································································································· 187 dhcp relay information remote-id format-type ·································································································· 188 dhcp relay information remote-id string ········
display arp vpn-instance ····································································································································· 230 naturemask-arp enable ······································································································································· 231 reset arp ······························································································································································· 231 Gratuitous A
RIP commands ························································································································································· 276 checkzero ····························································································································································· 276 default cost (RIP view) ········································································································································· 276 def
display ospf lsdb ················································································································································· 326 display ospf nexthop ··········································································································································· 329 display ospf peer ················································································································································· 330 display osp
IS-IS commands ······················································································································································· 376 area-authentication-mode ··································································································································· 376 auto-cost enable··················································································································································· 377 bandwidth-re
priority high·························································································································································· 434 reset isis all ··························································································································································· 435 reset isis peer ·····················································································································································
network short-cut (BGP/BGP-VPN instance view) ···························································································· 485 peer advertise-community (BGP/BGP-VPN instance view) ············································································· 485 peer advertise-ext-community (BGP/BGP-VPN instance view)········································································ 486 peer allow-as-loop (BGP/BGP-VPN instance view) ······················································
reset ip routing-table statistics protocol ············································································································· 539 reset ipv6 routing-table statistics ························································································································ 540 Policy-based routing commands····························································································································· 541 apply default output-interface····
igmp max-response-time ····································································································································· 589 igmp proxying enable ········································································································································ 590 igmp proxying forwarding ································································································································· 590 igmp require-router-alert ····
hello-option neighbor-tracking (PIM view) ········································································································ 636 hello-option override-interval (PIM view) ··········································································································· 637 holdtime assert (PIM view) ·································································································································· 638 holdtime join-prune (PIM view)···············
peer password ····················································································································································· 675 peer request-sa-enable ········································································································································ 676 peer sa-cache-maximum ····································································································································· 677 peer sa-policy ·····
ipv6 prefix ···························································································································································· 723 ipv6 redirects enable ·········································································································································· 724 ipv6 unreachables enable ·································································································································· 724 local-proxy-nd
display ipv6 dhcp client ····································································································································· 769 display ipv6 dhcp client statistics ······················································································································ 771 ipv6 address dhcp-alloc ····································································································································· 773 ipv6 dhcp client pd ········
display ospfv3 request-list ··································································································································· 818 display ospfv3 retrans-list ··································································································································· 820 display ospfv3 routing ········································································································································ 821 display ospfv3 stati
default local-preference (IPv6 address family view/IPv6 BGP-VPN instance view) ····································· 866 default med (IPv6 address family view/IPv6 BGP-VPN instance view) ························································· 867 default-route imported (IPv6 address family view/IPv6 BGP-VPN instance view) ········································ 867 display bgp ipv6 group ······················································································································
peer preferred-value (IPv6 address family view) ······························································································ 915 peer preferred-value (IPv6 BGP-VPN instance view) ······················································································· 916 peer public-as-only (IPv6 address family view) ································································································ 916 peer reflect-client (IPv6 address family view) ····························
multicast ipv6 longest-match······························································································································· 963 multicast ipv6 routing-enable ····························································································································· 963 reset multicast ipv6 forwarding-table ················································································································ 964 reset multicast ipv6 routing-table ··
pim ipv6 triggered-hello-delay ························································································································ 1007 probe-interval (IPv6 PIM view) ························································································································ 1008 prune delay (IPv6 PIM view) ··························································································································· 1009 register-policy (IPv6 PIM view) ·········
send-router-alert (MLD view) ···························································································································· 1050 ssm-mapping (MLD view) ································································································································· 1051 startup-query-count (MLD view) ······················································································································· 1052 startup-query-interval (MLD view) ·····
SSL commands······················································································································································· 1089 ciphersuite ························································································································································· 1089 client-verify enable ··········································································································································· 1090 client
Ethernet interface commands General Ethernet interface and subinterface commands combo enable Use combo enable to activate the copper or fiber combo port. Syntax combo enable { copper | fiber } Default The copper combo port is activated. Views Ethernet interface view (combo interface) Default command level 2: System level Parameters copper: Activates the copper(electrical) combo port. fiber: Activates the fiber (optical) combo port. Usage guidelines Combo interfaces are logical interfaces.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] combo enable copper # Activate the fiber combo port of combo interface GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] combo enable fiber default Use default to restore the default settings for an Ethernet interface or subinterface.
Syntax description text undo description Default The default description of an interface is the interface name plus Interface. For example, GigabitEthernet0/1 Interface. Views Ethernet interface view, Ethernet subinterface view Default command level 2: System level Parameters text: Specifies the interface description, a string of 1 to 80 characters.
display interface interface-type { interface-number | interface-number.subnumber } [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type: Specifies an interface type. interface-number: Specifies an interface number. interface-number.subnumber: Specifies a subinterface number, where interface-number is an interface number, and subnumber is the number of a subinterface created under the interface.
Last clearing of counters: Never Peak value of input: 52859736 bytes/sec, at 2013-1-23 17:11:42 Peak value of output: 236108 bytes/sec, at 2013-1-23 17:11:42 Last 300 seconds input rate 0.00 bytes/sec, 0 bits/sec, 0.00 packets/sec Last 300 seconds output rate 0.00 bytes/sec, 0 bits/sec, 0.
Field Description The loopback testing function is disabled. loopback not set For an interface configured with the loopback external or loopback internal command, this field changes to loopback is set. promiscuous mode not set The interface is operating in non-promiscuous mode. Output queue (Urgent queue: Size/Length/Discards) Output queue (current message number in the urgent queue, maximum number of messages allowed in the urgent queue, and number of discarded messages).
Table 2 Command output Field Description State of the Ethernet subinterface: • DOWN ( Administratively )—The Ethernet subinterface was shut down with the shutdown command. The interface is administratively down. • DOWN ( Link-Aggregation interface down )—The Ethernet GigabitEthernet0/1.1 current state subinterface is physically down because the aggregate interface corresponding to the aggregation group to which the subinterface belongs was shut down with the shutdown command.
Flow-control is not enabled The Maximum Frame Length is 1536 Broadcast MAX-ratio: 100% Multicast MAX-ratio: 100% PVID: 999 Mdi type: auto Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 999 Port priority: 0 Last clearing of counters: Last 300 seconds input: Last 300 seconds output: Input (total): Never 0 packets/sec 74 bytes/sec 0% 0 packets/sec 12 bytes/sec 0% 21322 packets, 1748554 bytes - unicasts, - broadcasts, - multicasts, - pauses Input (normal): 21322 packets, - bytes 1268 un
Field Description Broadcast MAX-ratio Broadcast suppression threshold as a percentage of the maximum interface rate. When the threshold is exceeded, the interface drops broadcast packets. Unicast MAX-ratio Unknown unicast suppression threshold as a percentage of the maximum interface rate. When the threshold is exceeded, the interface drops unknown unicast packets. Multicast MAX-ratio Multicast suppression threshold as a percentage of the maximum interface rate.
Field Description Inbound frames larger than the maximum frame length supported on the interface. • For an Ethernet interface that does not permit jumbo frames, giants giants refer to frames larger than 1536 bytes (without VLAN tags) or 1540 bytes (with VLAN tags). • For an Ethernet interface that permits jumbo frames, giants refer to frames larger than the maximum size of Ethernet frames that are allowed to pass through.
Field Description - underruns Number of packets dropped because the output rate of the interface exceeded the output queuing capability. This is a low-probability hardware anomaly. - buffer failures Number of packets dropped because the transmit buffer of the interface ran low. aborts Number of packets that failed to be transmitted, for example, because of Ethernet collisions. deferred Number of frames that the interface deferred to transmit because of detected collisions.
display interface gigabitethernet 0/1.1 GigabitEthernet0/1.1 current state: DOWN IP Sending Frames' Format: PKTFMT_ETHNT_2, Hardware Address: 000f-e245-7911 Description: GigabitEthernet0/1.1 Interface Broadcast MAX-ratio: 100% PVID: 1 Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes, 0 drops Table 5 Command output Field Description State of the Ethernet subinterface: GigabitEthernet0/1.
Speed or Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE0/2 DOWN auto A A 1 # Filter the brief interface information to display the line starting with the (s) string and all subsequent lines. The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Loop1 UP UP(s) 172.17.17.
VT0 UP UP(s) -- The brief information of interface(s) under bridge mode: Link: ADM - administratively down; Stby - standby Speed or Duplex: (a)/A - auto; H - half; F - full Type: A - access; T - trunk; H - hybrid Interface Link Speed Duplex Type PVID Description GE0/2 DOWN auto A A 1 # Display information about interfaces in the down state and the relevant causes.
Field Description Protocol connection state of the interface: Protocol • UP. • DOWN. • UP(s). Interface description. Description The brief information of interface(s) under bridge mode: Information displayed in this field is restricted by space. To view the complete interface description, use the display interface command without specifying the brief keyword. Brief information about Layer 2 interfaces.
Field Description OAM connection failure The OAM connection failed (possibly because the connection failed to be established or the connection is disconnected). DLDP connection failure The DLDP connection failed (possibly because the connection failed to be established or the connection is disconnected). Loopback detection-protected The interface is shut down because a loop was detected on it. BPDU-protected The interface is shut down by the BPDU guard function.
Hardware Compatibility F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules Yes Examples # Display the current jumboframe support status of the device and the support status after a reboot. display jumboframe jumboframe mode is disable. jumboframe mode will be enable after reboot. Related commands jumboframe enable duplex Use duplex to set the duplex mode for an Ethernet interface. Use undo duplex to restore the default duplex mode of the Ethernet interface.
Syntax flow-control undo flow-control Default Generic flow control on an Ethernet interface is disabled. Views Ethernet interface view Default command level 2: System level Usage guidelines TxRx mode flow control allows an Ethernet interface to receive common pause frames from its peer, and send common pause frames to notify its peer of congestion.
Examples # Enter GigabitEthernet 0/1 interface view (assuming that the interface is a Layer 2 Ethernet interface). system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] # Create Ethernet subinterface GigabitEthernet 0/1.1 and enter GigabitEthernet 0/1.1 subinterface view (assuming that GigabitEthernet 0/1 is a Layer 2 Ethernet interface and the subinterface does not exist). system-view [Sysname] interface gigabitethernet 0/1.1 [Sysname-GigabitEthernet0/1.
The following matrix shows the jumboframe enable command and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI No F1000-E No F5000 No F5000-S/F5000-C No VPN firewall modules You can directly configure jumboframe enable in Ten-GigabitEthernet interface view. The value range for the value argument is 1550 to 9216. 20-Gbps VPN firewall modules Configure jumboframe enable in system view first.
Default command level 2: System level Parameters external: Enables external loopback testing for all on-chip functions related to Ethernet interfaces. internal: Enables internal loopback testing for the hardware of Ethernet interfaces. Usage guidelines Enable loopback testing for troubleshooting purposes, such as identifying an Ethernet problem. You cannot perform internal or external loopback testing on an administratively down (ADM DOWN) port.
Examples # Configure GigabitEthernet 0/1 to operate in Layer 2 mode. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] display this # interface GigabitEthernet0/1 port link-mode route # Return The output shows that GigabitEthernet 0/1 operates in route mode.
Usage guidelines Depending on the hardware structure of interface cards, some interfaces can operate only as Layer 2 Ethernet interfaces (in bridge mode), some can operate only as Layer 3 Ethernet interfaces (in route mode), and others can operate as either Layer 2 or Layer 3 Ethernet interfaces (you can set the link mode to bridge or route). Configuring the port link-mode interface-list command in system view and configuring the port link-mode command in Ethernet interface view lead to the same result.
• If both the interface type and number are specified, this command only clears statistics for the specified interface or subinterface. Examples # Clear the statistics of GigabitEthernet 0/1. reset counters interface gigabitethernet 0/1 # Clear the statistics of subinterface GigabitEthernet 0/1.1. reset counters interface gigabitethernet 0/1.1 shutdown Use shutdown to shut down an Ethernet interface or subinterface. Use undo shutdown to bring up an Ethernet interface or subinterface.
Syntax speed { 10 | 100 | 1000 | auto } undo speed Views Ethernet interface view Default command level 2: System level Parameters 10: Sets the interface speed to 10 Mbps. 100: Sets the interface speed to 100 Mbps. 1000: Sets the interface speed to 1000 Mbps. auto: Enables the interface to negotiate a speed with its peer. Usage guidelines For an Ethernet copper port, use the speed command to set its speed to match the speed of the peer interface.
Views Layer 2 Ethernet interface view, Layer 2 Ethernet subinterface view Default command level 2: System level Parameters ratio: Sets the broadcast suppression threshold as a percentage of the maximum interface rate. The smaller the percentage, the less broadcast traffic is allowed to be received. The value range for the ratio argument is 1 to 100. Usage guidelines In Ethernet interface or subinterface view, the configuration takes effect only on the interface or subinterface.
Parameters across: Sets the MDI mode to across. In this mode, pins 1 and 2 are receive pins, and pins 3 and 6 are transmit pins. auto: Sets the MDI mode to auto. In this mode, the port negotiates pin roles with its peer. normal: Sets the MDI mode to normal. In normal mode, pins 1 and 2 are transmit pins, and pins 3 and 6 are receive pins. Examples # Set GigabitEthernet 0/1 to operate in across MDI mode.
# Set the multicast threshold to 20% on Ethernet subinterface GigabitEthernet 0/1.1. system-view [Sysname] interface gigabitethernet 0/1.1 [Sysname-GigabitEthernet0/1.1] multicast-suppression 20 unicast-suppression Use unicast-suppression to set the unknown unicast suppression threshold on an Ethernet interface or subinterface. Use undo unicast-suppression to restore the default.
Layer 3 Ethernet interface and subinterface commands mtu Use mtu to set the MTU for an Ethernet interface or subinterface. Use undo mtu to restore the default. Syntax mtu size undo mtu Default The MTU of a GigabitEthernet interface or subinterface is 1500 bytes and of a Ten-GigabitEthernet interface is 9216 bytes. Views Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view Default command level 2: System level Parameters size: Sets the maximum transmission unit (MTU) in bytes.
Views Layer 3 Ethernet interface view Examples # Configure GigabitEthernet 0/1 to operate in promiscuous mode. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] promiscuous Loopback and null interface commands default Use default to restore the default settings for the loopback or null interface.
Syntax description text undo description Default The description of a loopback or null interface is interface name Interface, for example, Loopback1 interface. Views Loopback interface view, null interface view Default command level 2: System level Parameters text: Specifies an interface description, a case-sensitive string of 1 to 80 characters. The description can include letters, digits, special characters, spaces, and other Unicode characters and symbols.
Parameters interface-number: Specifies a loopback interface by its number, which can be the number of any existing loopback interface. With this argument, this command displays information about a specified loopback interface. brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information. down: Displays information about interfaces in DOWN state and the causes.
Interface Link Cause Loop1 ADM Administratively Table 8 Command output Field Description Physical state of the interface: current state • up. • administratively down. Line protocol current state State of the data link layer protocol: up (spoofing). Spoofing refers to the spoofing attribute of the interface. When the network layer protocol state of the interface is displayed as up, the corresponding link might not exist, or the corresponding link is non-permanent and established on demand.
Field Description Protocol connection state of the interface: Protocol • UP. • DOWN. • UP(s). Main IP Main IP address of the interface. Description Description of the interface. Cause Cause of a DOWN physical link. If the port has been shut down with the shutdown command, this field displays Administratively. To restore the physical state of the interface, use the undo shutdown command.
Usage guidelines If you do not specify the null keyword, this command displays information about all interfaces on the device. If you specify the null keyword, this command displays information about interface Null 0 with or without the 0 keyword, because the device supports only one null interface. Examples # Display detailed information about interface Null 0.
Parameters interface-number: Specifies a loopback interface by its number, ranging from 0 to 1023. Examples # Create interface loopback 5. system-view [Sysname] interface loopback 5 [Sysname-LoopBack5] Related commands display interface loopback interface null Use interface null to enter null interface view. Syntax interface null 0 Views System view Default command level 2: System level Parameters 0: Specifies interface Null 0. The null interface number is fixed to 0.
Default command level 2: System level Parameters interface-number: Specifies a loopback interface by its number, which can be the number of any existing loopback interface. With this argument, the command clears statistics on a specified loopback interface. Usage guidelines Clear the existing statistics on the interface before starting to collect new traffic statistics. If you do not specify the loopback keyword, this command clears the statistics on all interfaces in the system.
Syntax shutdown undo shutdown Default A loopback interface is up. Views Loopback interface view Default command level 2: System level Examples # Shut down loopback interface loopback 1.
Bulk interface commands interface range Use interface range to create an interface range and enter interface range view. Syntax interface range interface-list Views System view Default command level 2: System level Parameters interface-list: Specifies an interface list in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-5>. The interface-type interface-number argument specifies an interface by its type and number.
interface range name Use interface range name name interface interface-list to create an interface range, configure a name for the interface range, add interfaces to the interface range, and enter the interface range view. Use interface range name without the interface keyword to enter the view of an interface range with the specified name. Use undo interface range name to delete the interface range with the specified name.
• No limit is set on the maximum number of interfaces in an interface range. The more interfaces in an interface range, the longer the command execution time. • The maximum number of interface range names is only limited by the system resources. To guarantee bulk interface configuration performance, configure fewer than 1000 interface range names. Examples # Add GigabitEthernet 0/1 and GigabitEthernet 0/2 to interface range named myEthPort, and enter the interface range view.
IPv4 addressing commands display ip interface Use display ip interface to display IP configuration information for a specific Layer 3 interface or for all Layer 3 interfaces. Syntax display ip interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression.
Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0 Table 9 Command output Field Description Current physical state of the interface: • Administrative DOWN—The interface is shut down with the shutdown current state command.
Field Description TTL invalid packet number Number of TTL-invalid packets received on the interface (statistics start at device startup).
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines When the interface type and interface number are specified, the brief IP configuration information for all Layer 3 interfaces is displayed. When only the interface type is specified, the brief IP configuration information for all Layer 3 interfaces of the specified type is displayed.
Related commands display ip interface ip address Use ip address to assign an IP address and mask to the interface. Use undo ip address to remove all IP addresses from the interface. Use undo ip address ip-address { mask | mask-length } to remove the primary IP address. Use undo ip address ip-address { mask | mask-length } sub to remove a secondary IP address.
VLAN commands Basic VLAN commands default Use default to restore the default settings for a VLAN interface. Syntax default Views VLAN interface view Default command level 2: System level Usage guidelines CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it on a live network.
Default The description for a VLAN is VLAN vlan-id, which is the ID of the VLAN. For example, the default description of VLAN 100 is VLAN 0100. The default description for a VLAN interface is the name of the interface. For example, the default description of VLAN-interface 1 is Vlan-interface1 Interface. Views VLAN view, VLAN interface view Default command level 2: System level Parameters text: Specifies a description for a VLAN or VLAN interface.
display interface vlan-interface Use display interface vlan-interface to display information about a specified or all VLAN interfaces. Syntax display interface [ vlan-interface ] [ brief [ down ] ] [ | { begin | exclude | include } regular-expression ] display interface vlan-interface vlan-interface-id [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vlan-interface-id: Specifies a VLAN interface number.
0 packets output, 0 bytes, 0 drops # Display brief information for VLAN-interface 2. display interface vlan-interface 2 brief The brief information of interface(s) under route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Main IP Vlan2 DOWN DOWN Description -- # Display brief information for VLAN interfaces in DOWN state.
Field Description Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Average rate of input packets in the last 300 seconds. Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Average rate of output packets in the last 300 seconds. 0 packets input, 0 bytes, 0 drops Total number and size (in bytes) of the received packets of the interface and the number of the dropped packets.
Views Any view Default command level 1: Monitor level Parameters vlan-id1: Displays information about a VLAN specified by its VLAN ID in the range of 1 to 4094. vlan-id1 to vlan-id2: Displays information about VLANs specified by a VLAN ID in the range of 1 to 4094. vlan-id2 must be no smaller than vlan-id1. all: Displays all VLAN information but the reserved VLANs. dynamic: Displays the number of dynamic VLANs and the ID for each dynamic VLAN. The dynamic VLANs are distributed by a RADIUS server.
Tagged Ports: none Untagged Ports: none Table 12 Command output Field Description VLAN Type VLAN type, static or dynamic. Route interface Whether the VLAN interface is configured or not. Description Description of the VLAN. Name Name configured for the VLAN. IP Address Primary IP address of the VLAN interface. This is available only when an IP address is configured for the VLAN interface.
system-view [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] Related commands display interface vlan-interface ip address Use ip address to assign an IP address and subnet mask to a VLAN interface. Use undo ip address to remove the IP address and subnet mask for a VLAN interface.
Examples # Specify the IP address as 1.1.0.1, the subnet mask as 255.255.255.0 for VLAN-interface 1. system-view [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ip address 1.1.0.1 255.255.255.0 Related commands display ip interface (Network Management Command Reference) mtu Use mtu to set the MTU for a VLAN interface. Use undo mtu to restore the default. Syntax mtu size undo mtu Default The MTU of a VLAN interface is 1500 bytes.
Default The name of a VLAN is VLAN vlan-id, which is its VLAN ID. For example, the default name of VLAN 100 is VLAN 0100. Views VLAN view Default command level 2: System level Parameters text: Specifies a VLAN name, a string of 1 to 32 characters.
If the vlan-interface-id argument is not specified, this command clears the statistics of all VLAN interfaces. If the vlan-interface-id argument is specified, this command clears the statistics of the specified VLAN interface. Examples # Clear the statistics on VLAN-interface 2. reset counters interface vlan-interface 2 Related commands display interface vlan-interface shutdown Use shutdown to manually shut down a VLAN interface.
vlan Use vlan vlan-id to create a VLAN and enter its view or enter the view of an existing VLAN. Use vlan vlan-id1 to vlan-id2 to create VLANs in the range of vlan-id1 to vlan-id2, except reserved VLANs. Use vlan all to create VLANs 1 through 4094. Use undo vlan to remove the specified VLANs. Syntax vlan { vlan-id1 [ to vlan-id2 ] | all } undo vlan { vlan-id1 [ to vlan-id2 ] | all } Default Only the default VLAN (VLAN 1) exists in the system.
Port-based VLAN commands display port Use display port to display information about the hybrid or trunk ports on the device, including the port names, PVIDs, and allowed VLAN IDs. Syntax display port { hybrid | trunk } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters hybrid: Displays hybrid ports. trunk: Displays trunk ports. |: Filters command output by specifying a regular expression.
Field Description Tagged VLANs for which the port sends packets without removing VLAN tags. Untagged VLANs for which the port sends packets after removing VLAN tags. port Use port to assign the specified access ports to the VLAN. Use undo port to remove the specified access ports from the VLAN. Syntax port interface-list undo port interface-list Default All ports are in VLAN 1. All ports are access ports. However, you can manually configure the port type. For more information, see "port link-type.
Syntax port access vlan vlan-id undo port access vlan Default All access ports belong to VLAN 1. Views Ethernet interface view, Ethernet subinterface view, Layer 2 aggregate interface view Default command level 2: System level Parameters vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Make sure the VLAN specified by the VLAN ID already exists. Usage guidelines The configuration made in Ethernet interface view or Ethernet subinterface view applies only to the port.
Default The PVID of a hybrid port is VLAN 1. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Usage guidelines You can use a nonexistent VLAN as the PVID for a hybrid port. If you use the undo vlan command to remove the PVID of a hybrid port, it does not affect the setting of the PVID on the port. HP recommends that you set the same PVID for the local and remote hybrid ports.
Use undo port hybrid vlan to remove the hybrid ports from the specified VLANs. Syntax port hybrid vlan vlan-list { tagged | untagged } undo port hybrid vlan vlan-list Default A hybrid port only allows packets from VLAN 1 to pass through untagged.
Configuring GigabitEthernet0/2... Done. Configuring GigabitEthernet0/3... Done. The output shows that GigabitEthernet 0/1, GigabitEthernet 0/2, and GigabitEthernet 0/3 are the member ports of the aggregation group corresponding to Bridge-Aggregation 1. Related commands port link-type port link-type Use port link-type to configure the link type of a port. Use undo port link-type to restore the default link type of a port.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] port link-type trunk # Configure Layer 2 aggregate interface Bridge-Aggregation 1 and its member ports as hybrid ports. system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port link-type hybrid port trunk permit vlan Use port trunk permit vlan to assign the trunk ports to the specified VLANs. Use undo port trunk permit vlan to remove the trunk ports from the specified VLANs.
Examples # Assign the trunk port GigabitEthernet 0/1 to VLAN 2, VLAN 4, and VLAN 50 through VLAN 100. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] port link-type trunk [Sysname-GigabitEthernet0/1] port trunk permit vlan 2 4 50 to 100 Please wait........... Done. # Assign the trunk Layer 2 aggregate interface Bridge-Aggregation 1 to VLAN 2.
You must use the port trunk permit vlan command to configure the trunk port to allow and forward packets from the PVID. The configuration made in Ethernet interface view applies only to the port. The configuration made in Layer 2 aggregate interface view applies to the aggregate interface and its aggregation member ports. • If the system fails to apply the configuration to the aggregate interface, it stops applying the configuration to aggregation member ports.
MAC address table commands The MAC address table contains only Layer 2 Ethernet ports (excluding Layer 2 subinterfaces) and Layer 2 aggregate interfaces. This document covers only the configuration of unicast MAC address entries, including static, dynamic, and destination blackhole MAC address entries. display mac-address Use display mac-address to display MAC address entries.
Usage guidelines If you execute this command without specifying any parameters, it displays all MAC address entries on the device. Examples # Display the MAC address entry for MAC address 000f-e201-0101. display mac-address 000f-e201-0101 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s) 000f-e201-0101 1 Learned GigabitEthernet0/1 AGING --- 1 mac address(es) found --- Table 14 Command output Field Description MAC ADDR MAC address.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Usage guidelines The MAC address entries configuration cannot survive a reboot unless you save it. However, the dynamic MAC address entries are lost at next reboot regardless of whether you save the configuration or not. Examples # Add a static entry for MAC address 000f-e201-0101 on port GigabitEthernet 0/1 that belongs to VLAN 2.
mac-address: Specifies a MAC address in the format of H-H-H, where 0s at the beginning of each H (16-bit hexadecimal digit) can be omitted. For example, entering "f-e2-1" indicates that the MAC address is "000f-00e2-0001." vlan vlan-id: Specifies an existing VLAN to which the Ethernet interface belongs, where vlan-id is the specified VLAN ID in the range of 1 to 4094. dynamic: Specifies dynamic MAC address entries, which can be aged. static: Specifies static MAC address entries.
Default The maximum number of MAC addresses that can be learned on a port varies with device models, and frames received are forwarded when the upper limit is reached. Views Layer 2 Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters count: Sets the maximum number of MAC addresses that can be learned on a port. When the argument takes 0, the port is not allowed to learn MAC addresses. The value range varies with device models.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mac-address max-mac-count 600 [Sysname-GigabitEthernet0/1] mac-address max-mac-count disable-forwarding Related commands • mac-address timer • mac-address (interface view) • mac-address (system view) mac-address timer Use mac-address timer to configure the aging timer for dynamic MAC address entries. Use undo mac-address timer to restore the default.
Spanning tree commands active region-configuration Use active region-configuration to activate your MST region configuration. Syntax active region-configuration Views MST region view Default command level 2: System level Usage guidelines When you configure MST region–related parameters, MSTP launches a new spanning tree calculation process that might cause network topology instability. This is most likely to occur when you configure the VLAN-to-instance mapping table.
Views MST region view Default command level 2: System level Usage guidelines Two or more spanning tree devices belong to the same MST region only if they are configured with the same format selector (0, which is not configurable), MST region name, MST region revision level, and the same VLAN-to-instance mapping entries in the MST region, and if they are connected through a physical link. HP recommends that you use this command to determine whether the MST region configurations to be activated are correct.
Syntax display stp [ instance instance-id ] [ interface interface-list ] [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters instance instance-id: Displays the status and statistics information of a specific MSTI. For the value range for instance-id, see "instance." 0 represents the common internal spanning tree (CIST).
Examples # In MSTP mode, display the brief spanning tree status and statistics information of MSTI 0 on ports GigabitEthernet 0/1 through GigabitEthernet 0/4.
TC or TCN received :2 Time since last TC :0 days 0h:5m:42s ----[Port1(GigabitEthernet0/1)][FORWARDING]---Port Protocol :enabled Port Role :CIST Designated Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200 Desg. Bridge/Port :32768.000f-e200-2200 / 128.
Table 17 Command output Field Description CIST Bridge CIST bridge ID, which comprises the device's priority in the CIST and its MAC address. For example, in output "32768.000f-e200-2200," the value preceding the dot is the device's priority in the CIST, and the value following the dot is the device's MAC address. Bridge ID Bridge ID, which comprises the device's priority in VLAN 1 and its MAC address. For example, in output "32768.
Field Description Designated bridge ID and port ID of the port. Desg. Bridge/Port The port ID displayed is insignificant for a port which does not support port priority. The port is an edge port or non-edge port. Port Edged • Config—Configured value. • Active—Actual value. The port is connected to a point-to-point link or not. Point-to-point • Config—Configured value. • Active—Actual value. Transmit Limit Maximum number of packets sent within each hello time.
Field Description Bridge-Prio. In MSTP mode, this field indicates the device's priority in the CIST. Max age(s) Aging timer (in seconds) for BPDUs. Forward delay(s) Port state transition delay (in seconds). Hello time(s) Interval (in seconds) for the root bridge to send BPDUs. Max hops Maximum hops in the MSTI. Related commands reset stp display stp abnormal-port Use display stp abnormal-port to display information about ports blocked by spanning tree protection functions.
Field Description Reason the port was blocked: Reason • ROOT-Protected—Root guard function. • LOOP-Protected—Loop guard function. • Formatcompatibility-Protected—MSTP BPDU format incompatibility protection function. • InconsistentPortType-Protected—Port type inconsistent protection function. • InconsistentPvid-Protected—PVID inconsistent protection function. display stp bpdu-statistics Use display stp bpdu-statistics to display the BPDU statistics on ports.
• If you do not specify any port, this command displays the BPDU statistics of on all ports. The displayed information is sorted by port name. • If you specify a port, this command displays the BPDU statistics on the port. Examples # In MSTP mode, display the BPDU statistics of all MSTIs on GigabitEthernet 0/1.
Type Count Last Updated --------------------------- ---------- ----------------Timeout BPDUs 0 MAX-hoped BPDUs 0 TC detected 0 TC sent 0 TC received 0 Table 19 Command output Field Description Port Port name. Instance-independent Statistics not related to any particular MSTI. Type Statistical item. Looped-back BPDUs BPDUs sent and then received by the same port. Max-Aged BPDUs BPDUs whose max age was exceeded. TCN Sent TCN BPDUs sent. TCN Received TCN BPDUs received.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines In STP or RSTP mode, the displayed information is sorted by port role calculation time. In MSTP mode: • If you do not specify any MSTI, this command displays the historical port role calculation information for all MSTIs. The displayed information is sorted by MSTI ID and by port role calculation time in each MSTI.
Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Parameters instance-id: Specifies an MSTI ID in the range of 0 to 15. 0 represents the CIST. vlan vlan-list: Specifies a VLAN list in the format of vlan-list = { vlan-id [ to vlan-id ] }&<1-10>, where the vlan-id argument represents the VLAN ID in the range of 1 to 4094, and &<1-10> indicates that you can specify up to 10 vlan-id [ to vlan-id ] parameters. Usage guidelines If you specify no VLAN in the undo instance command, all VLANs mapped to the specified MSTI will be remapped to the CIST.
After configuring this command, run the active region-configuration command to activate the configured MST region name. Examples # Set the MST region name of the device to hello.
revision-level Use revision-level to configure the MSTP revision level. Use undo revision-level to restore the default MSTP revision level. Syntax revision-level level undo revision-level Default The MSTP revision level is 0. Views MST region view Default command level 2: System level Parameters level: Specifies an MSTP revision level, ranging from 0 to 65535.
Syntax stp bpdu-protection undo stp bpdu-protection Default The BPDU guard function is disabled. Views System view Default command level 2: System level Examples # Enable the BPDU guard function. system-view [Sysname] stp bpdu-protection stp bridge-diameter Use stp bridge-diameter to specify the network diameter, the maximum possible number of stations between any two terminal devices on the switched network. Use undo stp bridge-diameter to restore the default.
Examples # In MSTP mode, set the network diameter of the switched network to 5. system-view [Sysname] stp bridge-diameter 5 Related commands • stp timer forward-delay • stp timer hello • stp timer max-age stp compliance Use stp compliance to configure the mode the specified ports will use to recognize and send MSTP BPDUs. Use undo stp compliance to restore the default.
stp config-digest-snooping Use stp config-digest-snooping to enable Digest Snooping. Use undo stp config-digest-snooping to disable Digest Snooping. Syntax stp config-digest-snooping undo stp config-digest-snooping Default The feature is disabled by default. Views System view, Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Usage guidelines Configured in system view, the setting takes effect globally.
Syntax stp [ instance instance-id ] cost cost undo stp [ instance instance-id ] cost Default The device automatically calculates the path costs of ports in each spanning tree based on the corresponding standard. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters instance instance-id: Sets the path cost of the ports in a particular MSTI. For the value range for instance-id, see "instance." 0 represents the CIST.
• stp pathcost-standard stp edged-port Use stp edged-port enable to configure one or more ports as edge ports. Use stp edged-port disable to configure one or more ports as non-edge ports. Use undo stp edged-port to restore the default. Syntax stp edged-port { enable | disable } undo stp edged-port Default All ports are non-edge ports. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Parameters enable: Configures one or more ports as edge ports.
stp enable Use stp enable to enable the spanning tree feature. Use undo stp enable to disable the spanning tree feature. Syntax stp enable undo stp enable Default The spanning tree feature is enabled on all ports and disabled globally. Views System view, Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Usage guidelines Configured in system view, the setting takes effect globally.
Syntax stp loop-protection undo stp loop-protection Default The loop guard function is disabled. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Usage guidelines Configured in Ethernet interface view, the setting takes effect only on the interface. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface.
Parameters hops: Sets the maximum hops, ranging from 1 to 40. Usage guidelines The maximum hops limit the size of the MST region. Examples # Set the maximum hops of the MST region to 35. system-view [Sysname] stp max-hops 35 Related commands display stp stp mcheck Use stp mcheck to perform the mCheck operation globally or on a port.
Examples # Perform mCheck on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] stp mcheck Related commands stp mode stp mode Use stp mode to configure the spanning tree operating mode. Use undo stp mode to restore the default. Syntax stp mode { mstp | rstp | stp } undo stp mode Default A spanning tree device operates in MSTP mode.
Syntax stp no-agreement-check undo stp no-agreement-check Default No Agreement Check is disabled. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Usage guidelines Configured in Ethernet interface view, the setting takes effect only on the interface. Configured in Layer 2 aggregate interface view, the setting takes effect only on the aggregate interface.
legacy: Configures the device to calculate the default path cost for ports based on a private standard. Usage guidelines If you change the standard that the device uses in calculating the default path costs, you restore the path costs to the default. Examples # Configure the device to calculate the default path cost for ports based on IEEE 802.1d-1998.
The stp point-to-point force-false or stp point-to-point force-true command configured on a port in MSTP mode takes effect on all MSTIs. If the physical link to which the port connects is not a point-to-point link but you set it to be one, the configuration might bring a temporary loop. Examples # Configure the link connecting GigabitEthernet 0/3 as a point-to-point link.
Examples # In MSTP mode, set the priority of port GigabitEthernet 0/3 to 16 in MSTI 2. system-view [Sysname] interface gigabitethernet 0/3 [Sysname-GigabitEthernet0/3] stp instance 2 port priority 16 Related commands display stp stp priority Use stp priority to set the priority of the device. Use undo stp priority to restore the default priority. Syntax stp [ instance instance-id ] priority priority undo stp [ instance instance-id ] priority Default The device priority is 32768.
Syntax stp region-configuration undo stp region-configuration Views System view Default command level 2: System level Usage guidelines These are the default settings for the MST region: • The MST region name of the device is the MAC address of the device. • All VLANs are mapped to the CIST. • The MSTP revision level is 0. After you enter MST region view, you can configure the MST region-related parameters, including the region name, VLAN-to-instance mappings, and revision level.
Usage guidelines To set an MSTP device as the root bridge in a specific MSTI, use this command with the MSTI specified. To set an MSTP device in the CIST or an STP or RSTP device as the root bridge, use this command without specifying any MSTI. Once you specify the device as the root bridge, you cannot change the priority of the device. Examples # In MSTP mode, specify the device as the root bridge of MSTI 1.
• stp root primary stp root-protection Use stp root-protection to enable the root guard function on the ports. Use undo stp root-protection to disable the root guard function on the ports. Syntax stp root-protection undo stp root-protection Default The root guard function is disabled. Views Ethernet interface view, Layer 2 aggregate interface view Default command level 2: System level Usage guidelines Configured in Ethernet interface view, the setting takes effect only on the interface.
Views System view Default command level 2: System level Usage guidelines With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the device can perform every a certain period of time (10 seconds). For TC-BPDUs received in excess of the limit, the device performs a forwarding address entry flush when the time period expires. This prevents frequent flushing of forwarding address entries.
stp timer forward-delay Use stp timer forward-delay to set the forward delay timer of the device. Use undo stp timer forward-delay to restore the default. Syntax stp timer forward-delay time undo stp timer forward-delay Default The forward delay timer is 15 seconds. Views System view Default command level 2: System level Parameters time: Sets the forward delay (in 0.01 seconds), ranging from 400 to 3000 in increments of 100 (as indicated by 400, 500, 600).
undo stp timer hello Default The hello time is 2 seconds. Views System view Default command level 2: System level Parameters time: Sets the hello time (in 0.01 seconds), ranging from 100 to 1000 in increments of 100 (as indicated by 100, 200, 300). Usage guidelines Hello time is the time interval at which spanning tree devices send configuration BPDUs to maintain spanning tree.
Parameters time: Sets the max age (in 0.01 seconds), ranging from 600 to 4000 in increments of 100 (as indicated by 600, 700, 800). Usage guidelines In the CIST of an MSTP network, the device determines whether a configuration BPDU received on a port has expired based on the max age timer. If yes, a new spanning tree calculation process starts. The max age timer does not take effect on other MSTIs except MSTI 0 (or the CIST). HP recommends not setting the max age timer with this command.
not receive a BPDU from the upstream device within nine times the hello time, it will assume that the upstream device has failed and start a new spanning tree calculation process. In a stable network, this kind of spanning tree calculation might occur because the upstream device is busy. You can avoid such unwanted spanning tree calculations by lengthening the timeout time (by setting the timeout factor to 4 or more), saving the network resources.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] stp transmit-limit 5 vlan-mapping modulo Use vlan-mapping modulo to map VLANs in the MST region to MSTIs according to the specified modulo value, quickly creating a VLAN-to-instance mapping table. Syntax vlan-mapping modulo modulo Default All VLANs are mapped to the CIST (MSTI 0). Views MST region view Default command level 2: System level Parameters modulo: Sets the modulo value.
Related commands • active region-configuration • check region-configuration • display stp region-configuration • region-name • revision-level 116
PPP commands PPP commands The following matrix shows the feature and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI Yes only in dialer interface view and virtual template (VT) interface view F1000-E Yes only in VT interface view F5000 Yes only in VT interface view F5000-S/F5000-C Yes only in VT interface view VPN firewall modules Yes only in VT interface view 20-Gbps VPN firewall modules Yes only in VT interface view display ppp user bind Use display ppp user bind to disp
Userindex ChannelIf UserbindIf 148 Virtual-Template1:0 Virtual-Template10:0 135 Virtual-Template1:1 Virtual-Template3:0 136 Virtual-Template1:2 Virtual-Template4:0 Table 25 Command output Field Description Userindex Assigned user index during authentication. ChannelIf User binding member interface. UserbindIf User binding interface, used for protocol negotiation and packet transmission at the network layer.
Use undo ip pool to remove an address pool. Syntax ip pool pool-number low-ip-address [ high-ip-address ] undo ip pool pool-number Default No IP address pool is configured for PPP users. Views System view, ISP domain view Default command level 2: System level Parameters pool-number: Number of the address pool, in the range of 0 to 99. low-ip-address: Start address of the address pool. high-ip-address: End IP address of the address pool. An address pool can contain up to 1024 IP addresses.
Views Interface view Default command level 2: System level Usage guidelines Only dialer interfaces support this command. By default, dialer interfaces use PPP as the link layer protocol. The following matrix shows the link-protocol ppp command and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI Yes F1000-E No F5000 No F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules No Examples # Enable PPP encapsulation on Dialer 1.
acl-number: ACL number, in the range of 2000 to 3999, where: • 2000 to 2999 are numbers for basic IPv4 ACLs. • 3000 to 3999 are numbers for advanced IPv4 ACLs. name acl-name: Specifies an ACL by its name. The acl-name represents the name of an IPv4 ACL, a case-sensitive string that starts with an English letter and contains 1 to 63 characters. To avoid confusion, do not use the English word all as an IPv4 ACL name. Examples # Enable PPP traffic statistics collection on interface Virtual-Template 1.
Syntax ppp authentication-mode { chap | ms-chap | ms-chap-v2 | pap } * [ [ call-in ] domain isp-name ] undo ppp authentication-mode Default PPP authentication is disabled. Views Interface view Default command level 2: System level Parameters chap: Uses CHAP authentication. ms-chap: Uses MS-CHAP authentication. ms-chap-v2: Uses MS-CHAP-V2 authentication. pap: Uses PAP authentication. call-in: Authenticates the call-in users only.
Examples # Configure interface Virtual-Template 1 to authenticate the peer device by using PAP. system-view [Sysname] interface Virtual-Template 1 [Sysname-Virtual-Template1] ppp authentication-mode pap domain system # Configure interface Virtual-Template 1 to authenticate the peer device by using PAP, CHAP, and MS-CHAP.
Related commands ppp authentication-mode chap ppp chap user Use ppp chap user to set the username for CHAP authentication. Use undo ppp chap user to cancel the configuration. Syntax ppp chap user username undo ppp chap user Default The username for CHAP authentication is null. Views Interface view Default command level 2: System level Parameters username: Username for CHAP authentication, a case-sensitive string of 1 to 80 characters.
Views Interface view Default command level 2: System level Parameters primary-dns-address: Primary DNS server IP address to be set. secondary-dns-address: Secondary DNS server IP address to be set. Usage guidelines When connected through PPP, a device can assign DNS server IP addresses to its peer during PPP negotiation (if the peer requests) for the peer to access the network by domain names.
Examples # Configure interface Virtual-Template 1 of the local device to accept the DNS server IP addresses allocated by the peer. system-view [Sysname] interface Virtual-Template 1 [Sysname-Virtual-Template1] ppp ipcp dns admit-any ppp ipcp dns request Use ppp ipcp dns request to enable a device to request its peer for the DNS server IP address actively through a port. Use undo ppp ipcp dns request to restore the default.
Default The peer is allowed to use its locally configured IP address. A device assigns an IP address to the peer only when being explicitly requested to do so. When the peer already has an IP address, the device will not assign one to the peer. Views Interface view Default command level 2: System level Usage guidelines To disable the peer from using a locally configured IP address, configure the ppp ipcp remote-address forced command. Examples # Configure an optional IP address 10.0.0.
Parameters username: Username of the local device for PAP authentication, a case-sensitive string of 1 to 80 characters. cipher: Sets a ciphertext password. simple: Sets a plaintext password. password: Specifies the password string for PAP authentication. If simple is specified, it must be a string of 1 to 48 characters. If cipher is specified, it must be a ciphertext string of 1 to 97 characters.
Examples # Set the PPP negotiation timeout time to five seconds. system-view [Sysname] interface Virtual-Template 1 [Sysname-Virtual-Template1] ppp timer negotiate 5 ppp user bind enable Use ppp user bind enable to enable PPP user binding. Use undo ppp user bind enable to restore the default. Syntax ppp user bind enable undo ppp user bind enable Default PPP user binding is disabled. Views VT interface view Default command level 2: System level Examples # Enable PPP user binding.
Default command level 2: System level Parameters number: Number of the VT interface, in the range of 0 to 1023. domain isp-name: Specifies the ISP domain name, a case-insensitive string of 1 to 24 characters. The characters cannot include forward slash (/), backslash (\), colon (:), asterisk (*), question mark (?), left angle bracket (<), right angle bracket (>), or at sign (@). Examples # Configure a PPP user binding rule.
make the IP address assigned by the local device mandatory, you must configure the ppp ipcp remote-address forced command. After you use the remote address command to assign an IP address for the peer device, you cannot configure the remote address/undo remote address command for the peer again unless the peer releases the assigned IP address. Shut down the port to release the assigned IP address before you configure the remote address/undo remote address command for the peer.
Examples # Set the interval for sending keepalive packets to 20 seconds on interface Virtual-Template 1. system-view [Sysname] interface Virtual-Template 1 [Sysname-Virtual-Template1] timer hold 20 VT interface commands broadcast-limit link Use broadcast-limit link to set the maximum number of links that can be used for transmitting multicast packets or broadcast packets for the VT interface. Use undo broadcast-limit link to restore the default.
Syntax default Views VT interface view Default command level 2: System level Usage guidelines CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you execute it on a live network. This command might fail to restore the default settings for some commands for reasons such as command dependencies or system restrictions.
Examples # Set the description for interface VT 10 to virtual-interface. system-view [Sysname] interface Virtual-Template 10 [Sysname-Virtual-Template10] description virtual-interface display interface virtual-template Use display interface virtual-template to display information about a VT interface.
Internet Address is 6.1.1.
Field Last 300 seconds input: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output: 0 bytes/sec, 0 bits/sec, 0 packets/sec Description Average rate of input packets and output packets in the last 300 seconds. 0 packets input, 0 bytes, 0 drops Total number of inbound packets of the interface (in the number of packets and in bytes), and the number of packets dropped among the inbound packets.
Views Any view Default command level 1: Monitor level Parameters va-number: VA interface number in the range of 0 to 65535. dialer dialer-number: Specifies a dialer interface number in the range of 0 to 1023.
Physical is MP, baudrate: 64000 bps Output queue : (Urgent queuing : Size/Length/Discards) 0/100/0 Output queue : (Protocol queuing : Size/Length/Discards) Output queue : (FIFO queuing : Size/Length/Discards) Last 300 seconds input: 0/500/0 0/75/0 0 bytes/sec 0 packets/sec Last 300 seconds output: 0 bytes/sec 0 packets/sec 520 packets input, 44132 bytes, 0 drops 527 packets output, 44566 bytes, 4 drops interface virtual-template Use interface virtual-template to create a VT interface and enter its
Views VT interface view Default command level 2: System level Parameters size: MTU in bytes, in the range of 128 to 1500. Examples # Set the MTU of VT 10 to 1200 bytes. system-view [Sysname] interface Virtual-Template 10 [Sysname-Virtual-Template10] mtu 1200 reset counters interface virtual-template Use reset counters interface virtual-template to clear statistics on VT interfaces.
PPPoE commands The following matrix shows the feature and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI Yes F1000-E No F5000 No F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules No PPPoE client commands display pppoe-client session Use display pppoe-client session to display information about a PPPoE session.
Examples # Display PPPoE session summary. display pppoe-client session summary PPPoE Client Session: ID Bundle Dialer Intf 1 1 1 GE0/1 00e014004300 RemMAC 00e015004100 LocMAC PPPUP State 1 2 2 GE0/2 00e015004300 00e016004100 PPPUP Table 27 Command output Field Description ID PPPoE session ID. Bundle Dialer bundle to which a PPPoE session belongs. Dialer Dialer interface corresponding to a PPPoE session. Intf Ethernet interface where the PPPoE session is present.
pppoe-client Use pppoe-client to establish a PPPoE session and specify the dialer bundle corresponding to the session. Use undo pppoe-client to remove a PPPoE session. Syntax pppoe-client dial-bundle-number number [ no-hostuniq ] | idle-timeout seconds [ queue-length packets ] ] undo pppoe-client dial-bundle-number number Default The Host-Uniq field is carried. Default No PPPoE session is established.
a PPPoE session operating in this mode, if no data is transmitted across it within the period specified by the seconds argument, the PPPoE session is terminated automatically. The difference between the reset pppoe-client command and the undo pppoe-client command is that the former only temporarily terminates a PPPoE session, but the latter permanently removes a PPPoE session.
Layer 2 forwarding commands Normal Layer 2 forwarding commands display mac-forwarding statistics Use display mac-forwarding statistics to display Layer 2 forwarding statistics. Syntax display mac-forwarding statistics [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface interface-type interface-number: Displays the statistics of an interface specified by its type and number.
Filtered:0 STP discarded:0 # Display forwarding statistics of GigabitEthernet 0/1. display mac-forwarding statistics interface gigabitethernet 0/1 GigabitEthernet 0/1: Input frames:100 Input bytes:23 Output frames:100 Output bytes:23 Filtered:0 Invalid Tag:0 Table 29 Command output Field Description Total received Total number of received Ethernet frames. Filtered Number of frames filtered out by 802.1Q Tagged VLAN inbound filtering rules.
Default command level 1: Monitor level Examples # Clear all Layer 2 forwarding statistics. reset mac-forwarding statistics Inline forwarding commands display inline-interfaces Use display inline-interfaces to display inline forwarding information. Syntax display inline-interfaces [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
inline-interfaces Use inline-interfaces to create an inline forwarding entry. Use undo inline-interfaces to remove an inline forwarding entry. Syntax inline-interfaces id [ blackhole | reflect ] undo inline-interfaces id Views System view Default command level 2: System level Parameters id: Specifies the ID for an inline forwarding entry, in the range of 1 to 100. blackhole: Configures a blackhole-type inline forwarding entry. reflect: Configures a reflect-type inline forwarding entry.
Parameters id: Specifies the ID of an existing inline forwarding entry. Usage guidelines A forward-type inline forwarding entry must contain two interfaces. Otherwise, it does not take effect. If only one interface is assigned, the interface performs normal Layer 2 forwarding. A reflect-type or blackhole-type inline forwarding entry can contain only one interface. Examples # Assign GigabitEthernet 0/1 and GigabitEthernet 0/2 to the forward-type inline forwarding entry 2.
DHCP commands DHCP server commands bims-server Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool. Use undo bims-server to remove the specified BIMS server information. Syntax bims-server ip ip-address [ port port-number ] sharekey [ cipher | simple ] key undo bims-server Default No BIMS server information is specified.
Related commands • dhcp server ip-pool • display dhcp server tree bootfile-name Use bootfile-name to specify a bootfile name in a DHCP address pool. Use undo bootfile-name to remove the specified bootfile name. Syntax bootfile-name bootfile-name undo bootfile-name Default No bootfile name is specified. Views DHCP address pool view Default command level 2: System level Parameters bootfile-name: Boot file name, a string of 1 to 63 characters.
Views System view Default command level 2: System level Usage guidelines Enable DHCP before performing DHCP server or relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp server apply ip-pool Use dhcp server apply ip-pool to apply an address pool on an interface. Use undo dhcp server apply ip-pool to remove the configuration.
dhcp select server global-pool Use dhcp select server global-pool to enable the DHCP server on an interface. After the interface receives a DHCP request from a client, the DHCP server allocates an IP address from the address pool. Use undo dhcp select server global-pool to remove the configuration. Upon receiving a DHCP request from a client, the interface neither assigns an IP address to the client, nor serves as a DHCP relay agent to forward the request.
Syntax dhcp server client-detect enable undo dhcp server client-detect enable Default The function is disabled. Views Interface view Default command level 2: System level Usage guidelines With this feature enabled, the DHCP server considers that a DHCP client goes offline when the ARP entry for the client ages out. In addition, it removes the client entry and releases the IP address of the client. Examples # Enable client offline detection on the DHCP server.
dhcp server forbidden-ip Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation. Use undo dhcp server forbidden-ip to remove the configuration. Syntax dhcp server forbidden-ip low-ip-address [ high-ip-address ] undo dhcp server forbidden-ip low-ip-address [ high-ip-address ] Default All IP addresses in a DHCP address pool are assignable except IP addresses of the DHCP server interfaces.
Use undo dhcp server ip-pool to remove the specified DHCP address pool. Syntax dhcp server ip-pool pool-name [ extended ] undo dhcp server ip-pool pool-name Default No DHCP address pool is created. Views System view Default command level 2: System level Parameters pool-name: Specifies the name for the global address pool, a string of 1 to 35 characters used to uniquely identify this pool. extended: Specifies the address pool as an extended address pool.
Parameters number: Specifies the maximum number of ping packets, in the range of 0 to 10. The value of 0 means that the DHCP server does not perform address conflict detection. Usage guidelines To avoid IP address conflicts, the DHCP server checks whether an IP address is in use before assigning it to a DHCP client. The DHCP server pings the IP address. If the server gets a response within the specified period, the server believes that the IP address is in use, selects and pings another IP address.
[Sysname] dhcp server ping timeout 1000 dhcp server relay information enable Use dhcp server relay information enable to enable the DHCP server to handle Option 82. Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82. Syntax dhcp server relay information enable undo dhcp server relay information enable Default The DHCP server handles Option 82. Views System view Default command level 2: System level Examples # Configure the DHCP server to ignore Option 82.
average-ip-use threshold-value: Enables the DHCP server to send trap messages to the network management server when the average IP address utilization of an address pool within five minutes reaches the threshold specified by the threshold-value argument. The threshold is a percentage value in the range of 1 to 100.
Examples # Display information about all IP address conflicts. display dhcp server conflict all Address Discover time 4.4.4.1 Apr 25 2007 16:57:20 4.4.4.2 Apr 25 2007 17:00:10 --- total 2 entry --- Table 31 Command output Field Description Address Conflicted IP address. Discover Time Time when the conflict was discovered. Related commands reset dhcp server conflict display dhcp server expired Use display dhcp server expired to display the lease expiration information.
Examples # Display all lease expiration information. display dhcp server expired all IP address Client-identifier/ Lease expiration 4.4.4.6 3030-3066-2e65-3230- Type Hardware address Apr 25 2007 17:10:47 Release 302e-3130-3234-2d457468-6572-6e65-74302f31 --- total 1 entry --- Table 32 Command output Field Description IP address Expired IP address. Client-identifier/Hardware address Client ID or MAC address. Lease expiration Time when the lease expired.
display dhcp server forbidden-ip Use display dhcp server forbidden-ip to display IP addresses excluded from dynamic allocation in DHCP address pool. Syntax display dhcp server forbidden-ip [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Views Any view Default command level 1: Monitor level Parameters all: Displays the binding information for all DHCP address pools. ip ip-address: Displays the binding information for the specified IP address. pool [ pool-name ]: Displays the binding information for the specified IP address pool. The pool name is a string of 1 to 35 characters. If you do not specify any pool name, this command displays the binding information about all address pools.
Table 34 Command output Field Description Utilization rate of IP addresses in a DHCP address pool, which is the ratio of assigned IP addresses to assignable IP addresses in the DHCP address pool. • When the binding information about all DHCP address pools is displayed, this field displays the total utilization rate of IP addresses in all DHCP address pools.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the statistics on the DHCP server.
Field Description DHCP packets sent to clients: BOOTP Reply Bad Messages • • • • DHCPOFFER. DHCPACK. DHCPNAK. BOOTPREPLY. Number of bad messages. Related commands reset dhcp server statistics display dhcp server tree Use display dhcp server tree to display information about DHCP address pools.
expired 1 0 0 0 Pool name: 1 static-bind ip-address 10.10.1.2 mask 255.0.0.0 static-bind mac-address 00e0-00fc-0001 PrevSibling node:0 expired unlimited Extended pool: Pool name: 2 network ip range 1.1.1.0 1.1.1.255 network mask 255.255.255.0 expired 0 0 2 0 Table 36 Command output Field Description Global pool Information about a common address pool. Pool name Address pool name. network Subnet for address allocation. static-bind ip-address 10.10.1.2 mask 255.0.0.
Syntax dns-list ip-address&<1-8> undo dns-list { ip-address | all } Default No DNS server address is specified. Views DHCP address pool view Default command level 2: System level Parameters ip-address&<1-8>: Specifies DNS servers. &<1-8> means you can specify up to eight DNS server addresses separated by spaces. all: Specifies all DNS server addresses to be removed. Usage guidelines If you execute the dns-list command multiple times, the most recent configuration takes effect.
Parameters domain-name: Specifies the domain name, a string of 1 to 50 characters. Examples # Specify the domain name mydomain.com in address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] domain-name mydomain.com Related commands • dhcp server ip-pool • display dhcp server tree expired Use expired to specify the lease duration in a DHCP address pool. Use undo expired to restore the default lease duration for a DHCP address pool.
[Sysname-dhcp-pool-0] expired day 1 hour 2 minute 3 second 4 Related commands • dhcp server ip-pool • display dhcp server tree forbidden-ip Use forbidden-ip to exclude IP addresses from dynamic allocation in an extended address pool. Use undo forbidden-ip to cancel specified or all excluded IP addresses.
gateway-list Use gateway-list to specify gateway addresses in a DHCP address pool. Use undo gateway-list to remove specified gateway addresses specified for the DHCP client from a DHCP address pool. Syntax gateway-list ip-address&<1-8> undo gateway-list { ip-address | all } Default No gateway address is specified. Views DHCP address pool view Default command level 2: System level Parameters ip-address&<1-8>: Gateway IP address.
Views DHCP address pool view Default command level 2: System level Parameters ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> means you can specify up to eight WINS server addresses separated by spaces. all: Specifies all WINS server addresses to be removed. Usage guidelines If you use the nbns-list command multiple times, the most recent configuration takes effect. Examples # Specify WINS server address 10.12.1.99 in DHCP address pool 0.
m-node: Specifies the mixed node. An m-node client broadcasts the destination name, and if receiving no response, then unicasts the destination name to the WINS server to get the mapping. p-node: Specifies the peer-to-peer node. A p-node client sends the destination name in a unicast message to get the mapping from the WINS server. Examples # Specify the NetBIOS node type as b-node in DHCP address pool 0.
Related commands • dhcp server ip-pool • display dhcp server tree network ip range Use network ip range to specify the IP address range for dynamic allocation in an address pool. Use undo network ip range to remove the specified address range. Syntax network ip range min-address max-address undo network ip range Default No IP address range is specified. Views DHCP address pool view Default command level 2: System level Parameters min-address: Lowest IP address for dynamic allocation.
• display dhcp server tree network mask Use network mask to specify the IP address mask for dynamic allocation in an extended address pool. Use undo network mask to remove the specified IP address mask. Syntax network mask mask undo network mask Default No IP address mask is specified. Views DHCP extended address pool view Default command level 2: System level Parameters mask: Network mask in dotted decimal notation. Usage guidelines Only the extended address pools support this command.
Default No server's IP address is specified in an address pool. Views DHCP address pool view Default command level 2: System level Parameters ip-address: Specifies the IP address of a server. Usage guidelines If you execute this command multiple times, the most recent configuration takes effect. Examples # Specify a server's IP address 1.1.1.1 in DHCP address pool 0. system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] next-server 1.1.1.
ip-address ip-address&<1-8>: Specifies the IP addresses as the option content. &<1-8> indicates that you can specify up to eight IP addresses separated by spaces. Usage guidelines If you use the option command multiple times, the most recent configuration takes effect. Examples # Configure the hex digits 0x11 and 0x22 for the self-defined DHCP Option 100 in DHCP address pool 0.
Default command level 2: System level Parameters all: Clears the IP address dynamic binding information about all DHCP address pools. ip ip-address: Clears the dynamic binding information about a specific IP address. pool [ pool-name ]: Clears the dynamic binding information about a specific address pool. The pool name is a string of 1 to 35 characters. If you do not specify any pool name, this command clears the dynamic binding information about all address pools.
Views DHCP address pool view Default command level 2: System level Parameters client-identifier: The client ID of a static binding, a string with 4 to 160 characters in the format of H-H-H…, each H indicates 4 hex digits except the last H indicates 2 or 4 hex digits. For example, aabb-cccc-dd is a valid ID, but aabb-c-dddd and aabb-cc-dddd are both invalid.
Default command level 2: System level Parameters ip-address: Specifies the IP address of a static binding. If no mask and mask length is specified, the natural mask is used. mask-length: Specifies the mask length of the IP address, in the range of 1 to 30. mask mask: Specifies the IP address mask, in dotted decimal format. Usage guidelines Use the static-bind ip-address command together with the static-bind mac-address or static-bind client-identifier command to accomplish a static binding configuration.
Parameters mac-address: The MAC address of a static binding, in the format of H-H-H. Usage guidelines Use the static-bind mac-address command together with the static-bind ip-address command to complete a static binding configuration. If you use the static-bind mac-address or static-bind client-identifier command multiple times, the most recent configuration takes effect. Examples # Bind the client MAC address 0000-e03f-0305 to the IP address 10.1.1.1 with the mask 255.255.255.0 in DHCP address pool 0.
system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] tftp-server domain-name aaa Related commands • dhcp server ip-pool • display dhcp server tree tftp-server ip-address Use tftp-server ip-address to specify the TFTP server IP address in a DHCP address pool. Use undo tftp-server ip-address to remove the TFTP server IP address from a DHCP address pool. Syntax tftp-server ip-address ip-address undo tftp-server ip-address Default No TFTP server address is specified.
undo vendor-class-identifier hex-string&<1-255> Default No IP address range is specified for the DHCP clients of any vendor. Views DHCP extended address pool view Default command level 2: System level Parameters hex-string&<1-255>: A character string, used to match against Option 60 (vendor class identifier option). The hex-string argument is a hexadecimal number in the range of 0 to FF. &<1-255> indicates that you can type up to 255 hexadecimal numbers, which are separated by spaces.
Syntax dhcp enable undo dhcp enable Default DHCP is disabled. Views System view Default command level 2: System level Usage guidelines Enable DHCP before performing DHCP server and relay agent configurations. Examples # Enable DHCP. system-view [Sysname] dhcp enable dhcp relay address-check enable Use dhcp relay address-check enable to enable address check on the relay agent. Use undo dhcp relay address-check enable to disable address check on the relay agent.
Examples # Enable address check on the DHCP relay agent. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] dhcp relay address-check enable dhcp relay check mac-address Use dhcp relay check mac-address to enable MAC address check on the DHCP relay agent. Use undo dhcp relay check mac-address to disable MAC address check on the DHCP relay agent. Syntax dhcp relay check mac-address undo dhcp relay check mac-address Default This function is disabled.
Views Interface view Default command level 2: System level Usage guidelines With this feature enabled, the DHCP relay agent considers that a DHCP client goes offline when the ARP entry for the client ages out. In addition, it removes the client entry and sends a DHCP-RELEASE message to the DHCP server to release the IP address of the client. Examples # Enable offline detection on the DHCP relay agent.
[Sysname-GigabitEthernet0/1] dhcp relay information circuit-id format-type hex Related commands display dhcp relay information dhcp relay information circuit-id string Use dhcp relay information circuit-id string to configure the padding content for the user-defined circuit ID sub-option. Use undo dhcp relay information circuit-id string to restore the default.
Default Option 82 support is disabled on DHCP relay agent. Views Interface view Default command level 2: System level Examples # Enable Option 82 support on the relay agent. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] dhcp relay information enable Related commands display dhcp relay information dhcp relay information format Use dhcp relay information format to specify a padding format for Option 82.
Usage guidelines If configuring the handling strategy of the DHCP relay agent as replace, you need to configure a padding format of Option 82. If the handling strategy is keep or drop, you need not configure any padding format. If sub-option 1 (node identifier) of Option 82 is padded with the device name (sysname) of a node, the device name must contain no spaces. Otherwise, the DHCP relay agent drop the message. Examples # Specify the verbose padding format for Option 82.
[Sysname-GigabitEthernet0/1] dhcp relay information remote-id format-type hex Related commands display dhcp relay information dhcp relay information remote-id string Use dhcp relay information remote-id string to configure the padding content for the user-defined remote ID sub-option. Use undo dhcp relay information remote-id string to restore the default.
dhcp relay information strategy Use dhcp relay information strategy to configure DHCP relay agent handling strategy for messages containing Option 82. Use undo dhcp relay information strategy to restore the default handling strategy. Syntax dhcp relay information strategy { drop | keep | replace } undo dhcp relay information strategy Default The handling strategy for messages containing Option 82 is replace.
Examples # Request the DHCP server to release the IP address 1.1.1.1. system-view [Sysname] dhcp relay release ip 1.1.1.1 dhcp relay security static Use dhcp relay security static to configure a static client entry, which is the binding between IP address, MAC address, and Layer 3 interface on the relay agent. Use undo dhcp relay security to remove specified client entries from the relay agent.
Related commands display dhcp relay security dhcp relay security refresh enable Use dhcp relay security refresh enable to enable the DHCP relay agent to periodically refresh dynamic client entries. Use undo dhcp relay security refresh enable to disable periodic refresh of dynamic client entries. Syntax dhcp relay security refresh enable undo dhcp relay security refresh enable Default The DHCP relay agent is enabled to periodically refresh dynamic client entries.
Views System view Default command level 2: System level Parameters interval: Refreshing interval in seconds in the range of 1 to 120. auto: Specifies the auto refreshing interval, which is the value of 60 seconds divided by the number of binding entries. The more entries there are, the shorter the interval. The shortest interval is no less than 500 ms. Examples # Set the refreshing interval as 100 seconds.
dhcp relay server-group Use dhcp relay server-group to specify a DHCP server for a DHCP server group. Use undo dhcp relay server-group to remove a DHCP server from a DHCP server group, if no ip ip-address is specified, all servers in the DHCP server group and the server group itself are removed. Syntax dhcp relay server-group group-id ip ip-address undo dhcp relay server-group group-id [ ip ip-address ] Default No DHCP server is specified for a DHCP server group.
Views Interface view Default command level 2: System level Parameters group-id: DHCP server group number to be correlated, in the range of 0 to 19. Usage guidelines A DHCP server group can correlate with one or multiple DHCP relay agent interfaces. A relay agent interface can only correlate with one DHCP server group, and a newly configured correlation overwrites the previous one. If the server group in the new correlation does not exist, the new configuration does not work.
When the working mode of the interface is changed from DHCP server to DHCP relay agent, neither the IP address leases nor the authorized ARP entries are deleted. However, these ARP entries might conflict with new ARP entries generated on the DHCP relay agent. To avoid this, delete the existing IP address leases when changing the interface operating mode to DHCP relay agent. Examples # Enable the DHCP relay agent on the interface GigabitEthernet 0/1.
display dhcp relay information Use display dhcp relay information to display Option 82 configuration information on the DHCP relay agent. Syntax display dhcp relay information { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays the Option 82 configuration information about all interfaces.
Table 38 Command output Field Description Interface Interface name. Status Option 82 state: Enable or Disable. Strategy Handling strategy for requesting messages containing Option 82, Drop, Keep, or Replace. Format Padding format of Option 82, Normal or Verbose. Circuit ID format-type Non-user-defined code type of the circuit ID sub-option, ASCII or HEX. Remote ID format-type Non-user-defined code type of the remote ID sub-option, ASCII or HEX. Node identifier Access node identifier.
Examples # Display information about all bindings. display dhcp relay security IP Address MAC Address Type Interface 10.1.1.1 00e0-0000-0001 Static GE0/1 10.1.1.5 00e0-0000-0000 Static GE0/2 --- 2 dhcp-security item(s) found --- Table 39 Command output Field Description IP Address Client IP address. MAC Address Client MAC address. Type Type of binding, including dynamic, static, and temporary. Interface Layer 3 interface connecting to the DHCP client.
Temporary Items :0 All Items :1 Table 40 Command output Field Description Static Items Static binding items. Dynamic Items Dynamic binding items. Temporary Items Temporary binding items. All Items All binding items. display dhcp relay security tracker Use display dhcp relay security tracker to display the interval for refreshing dynamic bindings on the relay agent.
Views Any view Default command level 1: Monitor level Parameters group-id: Displays information about the specified DHCP server group numbered from 0 to 19. all: Displays information about all DHCP server groups. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
all: Specifies all server groups about which to display DHCP packet statistics. Information for each group is displayed. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
BOOTPREQUEST packets sent: 0 DHCP packets sent to clients: 0 DHCPOFFER packets sent: 0 DHCPACK packets sent: 0 DHCPNAK packets sent: 0 BOOTPREPLY packets sent: 0 # Display DHCP packet statistics related to every server group on the relay agent.
Related commands display dhcp relay statistics DHCP client commands The DHCP client configuration is supported only on Layer 3 Ethernet interfaces (or subinterfaces), VLAN interfaces, and Layer 3 aggregate interfaces. When multiple VLAN interfaces having the same MAC address use DHCP for IP address acquisition through a relay agent, the DHCP server cannot be the Windows 2000 Server or Windows 2003 Server. You cannot configure an interface of an aggregation group as a DHCP client.
Vlan-interface1 DHCP client information: Current machine state: BOUND Allocated IP: 40.1.1.20 255.255.255.0 Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds Lease from 2005.08.13 15:37:59 to 2005.08.16 15:37:59 DHCP server: 40.1.1.2 Transaction ID: 0x1c09322d Default router: 40.1.1.2 Classless static route: Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16 Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16 DNS server: 44.1.1.11 DNS server: 44.1.1.
Field Description Classless static route Classless static routes assigned to the client. Static route Classful static routes assigned to the client. DNS server DNS server address assigned to the client. Domain name Domain name suffix assigned to the client. Boot server PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43. Client ID DHCP client ID. T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.
BOOTP client configuration commands BOOTP client configuration can only be used on Layer 3 Ethernet interfaces (including subinterfaces), Layer 3 aggregate interfaces, and VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server. You cannot configure an interface of an aggregation group as a BOOTP client.
Table 43 Command output Field Description GigabitEthernet0/1 BOOTP client information or Vlan-interface1 BOOTP client information Information about the interface that serves as a BOOTP client. Allocated IP BOOTP client's IP address allocated by the BOOTP server. Transaction ID Value of the XID field in a BOOTP message, a random number chosen when the BOOTP client sends a BOOTP request to the BOOTP server. It is used to match a response message from the BOOTP server.
IPv4 DNS commands display dns domain Use display dns domain to display the domain name suffixes. Syntax display dns domain [ dynamic ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
display dns host Use display dns host to display the dynamic DNS cache information. Syntax display dns host [ ip | ipv6 | naptr | srv ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip: Displays the dynamic cache information for type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Displays the dynamic cache information for type AAAA queries.
Field Description Host Domain name for query. TTL Time that a mapping can be stored in the cache (in seconds). Type Query type, IP, IPv6, NAPTR, and SRV. Reply data concerning the query type: • For an IP query, the reply data is an IPv4 address. • For an IPv6 query, the reply data is an IPv6 address. • For a NAPTR query, the reply data comprises order, preference, flags, Reply Data services, regular expression, and replacement.
Table 46 Command output Field Description DNS Server Sequence number of the DNS server, configured automatically by the device, starting from 1. Type of domain name server: Type • S—A manually configured DNS server. • D—A DNS server obtained dynamically through DHCP. IP Address IPv4 address of the DNS server. Related commands dns server display ip host Use display ip host to display the host names and corresponding IPv4 addresses in the static domain name resolution table.
Field Description Time to live. The value of 0 means that the static mapping never ages out. Age Flags Address You can only manually remove the static mappings between host names and IPv4 addresses. Indicates the mapping type. Static represents static IPv4 domain name resolution. Host IPv4 address. dns domain Use dns domain to configure a domain name suffix. The system can automatically add the suffix to part of the domain name you entered for resolution.
dns proxy enable Use dns proxy enable to enable DNS proxy. Use undo dns proxy enable to disable DNS proxy. Syntax dns proxy enable undo dns proxy enable Default DNS proxy is disabled. Views System view Default command level 2: System level Examples # Enable DNS proxy. system-view [Sysname] dns proxy enable dns resolve Use dns resolve to enable dynamic domain name resolution. Use undo dns resolve to disable dynamic domain name resolution.
dns server Use dns server to specify a DNS server. Use undo dns server to remove DNS servers. Syntax In system view: dns server ip-address undo dns server [ ip-address ] In interface view: dns server ip-address undo dns server ip-address Default No DNS server is specified. Views System view, interface view Default command level 2: System level Parameters ip-address: IPv4 address of the DNS server.
Syntax dns source-interface interface-type interface-number undo dns source-interface Default No source interface for DNS packets is specified. The device uses the primary IP address of the output interface of the matching route as the source IP address of a DNS request. Views System view Default command level 2. System level Parameters interface-type interface-number: Specifies the interface type and number.
to spoof a reply with the configured IP address. Once a DNS server is reachable, the device sends DNS requests to the server and return replies to the requesting DNS clients. If you execute the dns spoofing command with different IP addresses specified multiple times, the latest configuration overwrites the previous one. Examples # Enable DNS spoofing and specify the IP address as 1.1.1.1. system-view [Sysname] dns spoofing 1.1.1.
Syntax reset dns host [ ip | ipv6 | naptr | srv ] Views User view Default command level 2: System level Parameters ip: Clears the dynamic cache information for type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Clears the dynamic cache information for type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. For more information, see Network Management Configuration Guide. naptr: Clears the dynamic cache information for NAPTR queries.
DDNS commands ddns apply policy Use ddns apply policy to apply the specified DDNS policy to the interface, update the mapping between the specified FQDN and the primary IP address of the interface, and enable DDNS update. Use undo ddns apply policy to remove the DDNS policy applied to the interface and stop DDNS update.
Syntax ddns policy policy-name undo ddns policy policy-name Default No DDNS policy is created. Views System view Default command level 2: System level Parameters policy-name: DDNS policy name, a case-insensitive string of 1 to 32 characters. Examples # Create a DDNS policy named steven_policy and enter its view.
Examples # Display information about the DDNS policy named steven_policy. display ddns policy steven_policy DDNS policy: steven_policy URL : http://steven:nevets@members.3322.org/dyndns/update? system=dyndns&hostname=&myip= SSL client policy: Interval : 1 days 0 hours 1 minutes Table 48 Command output Field Description DDNS policy DDNS policy name. URL URL address for the DDNS service. This field is blank if no URL address is configured.
If you repeatedly execute the interval command with different time intervals specified, only the latest configuration takes effect. Examples # Set the interval for sending DDNS update requests to one day and one minute for the DDNS policy named steven_policy. system-view [Sysname] ddns policy steven_policy [Sysname-ddns-policy-steven_policy] interval 1 0 1 Related commands display ddns policy ssl client policy Use ssl client policy to associate a specific SSL client policy with a DDNS policy.
url Use url to specify the URL address for DDNS update requests. Use undo url to delete the URL address. Syntax url request-url undo url Default No URL address is specified for DDNS update requests. Views DDNS policy view Default command level 2: System level Parameters request-url: URL address for DDNS update requests, a case-sensitive string of 1 to 240 characters containing the login ID, password, and other information.
• To avoid ambiguity, it is better that your login ID and password not include colons (:), at signs (@), or question marks (?). • If you repeatedly execute the url command with different URL addresses specified, the latest configuration overwrites the previous one. Examples # Specify the URL address for DDNS policy steven_policy with login ID steven and password nevets. The device contacts www.3322.org for DDNS update.
ARP commands arp max-learning-num Use arp max-learning-num to configure the maximum number of dynamic ARP entries that an interface can learn. Use undo arp max-learning-num to restore the default. Syntax arp max-learning-num number undo arp max-learning-num Default A Layer 2 interface does not limit the number of dynamic ARP entries. A Layer 3 interface can learn a maximum of 4096 dynamic ARP entries.
# Specify Layer 3 aggregate interface route-aggregation 1 to learn a maximum of 1000 dynamic ARP entries. system-view [Sysname] interface route-aggregation 1 [Sysname-Route-Aggregation1] arp max-learning-num 1000 arp static Use arp static to configure a static ARP entry. Use undo arp to remove an ARP entry.
Related commands • reset arp • display arp arp timer aging Use arp timer aging to set the aging timer for dynamic ARP entries. Use undo arp timer aging to restore the default. Syntax arp timer aging aging-time undo arp timer aging Default The aging timer for dynamic ARP entries is 20 minutes. Views System view Default command level 2: System level Parameters aging-time: Specifies the aging time for dynamic ARP entries in minutes. The value range is 1 to 1440.
static: Displays static ARP entries. vlan vlan-id: Displays the ARP entries of the specified VLAN. The value range for the vlan-id argument is 1 to 4094. interface interface-type interface-number: Displays the ARP entries of the interface specified by the argument interface-type interface-number. count: Displays the number of ARP entries. verbose: Displays detailed information about ARP entries. |: Filters command output by specifying a regular expression.
Field Description ARP entry type: • • • • Type D—Dynamic. S—Static. A—Authorized. M—Multiport. Name of VPN instance. [No Vrf] indicates that no VPN instance is configured for the corresponding ARP entry. Vpn-instance Name # Display the number of all ARP entries. display arp all count Total Entry(ies): 5 Related commands • arp static • reset arp display arp ip-address Use display arp ip-address to display the ARP entry for a specific IP address.
Related commands • arp static • reset arp display arp timer aging Use display arp timer aging to display the aging timer for dynamic ARP entries. Syntax display arp timer aging [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
count: Displays the number of ARP entries. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Views User view Default command level 2: System level Parameters all: Clears all ARP entries except authorized ARP entries. dynamic: Clears all dynamic ARP entries. static: Clears all static ARP entries. interface interface-type interface-number: Clears the ARP entries for the interface specified by the argument interface-type interface-number. Usage guidelines The command clears only the dynamic ARP entries of the interface. Examples # Clear all static ARP entries.
Gratuitous ARP commands arp send-gratuitous-arp Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets and set the sending interval on an interface. Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets. Syntax arp send-gratuitous-arp [ interval milliseconds ] undo arp send-gratuitous-arp Default An interface is disabled from sending gratuitous ARP packets periodically.
gratuitous-arp-learning enable Use gratuitous-arp-learning enable to enable the gratuitous ARP packet learning function. Use undo gratuitous-arp-learning enable to disable the function. Syntax gratuitous-arp-learning enable undo gratuitous-arp-learning enable Default The function is enabled.
Examples # Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet.
Proxy ARP commands display local-proxy-arp Use display local-proxy-arp to display the status of the local proxy ARP. Syntax display local-proxy-arp [ interface interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays the local proxy ARP status of the interface specified by the argument interface-type interface-number.
Views Any view Default command level 2: System level Parameters interface interface-type interface-number: Displays the proxy ARP status of the interface specified by the argument interface-type interface-number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters ip-range startIP to endIP: Specifies the IP address range for which local proxy ARP is enabled. The start IP address must be lower than or equal to the end IP address. Usage guidelines Only one IP address range can be specified by using the ip-range keyword on an interface. Examples # Enable local proxy ARP on GigabitEthernet 0/1.
Flow classification commands display forwarding policy Use display forwarding policy to display the current flow classification policy. Syntax display forwarding policy [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 2: System level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Usage guidelines Flow classification consumes many system resources. You can enable or disable this function to improve device performance. Examples # Disable flow classification.
QoS policy commands Class commands display traffic classifier Use display traffic classifier to display class information. Syntax display traffic classifier { system-defined | user-defined } [ classifier-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters system-defined: Specifies system-defined classes.
Examples # Display information about all user-defined classes. display traffic classifier user-defined User Defined Classifier Information: Classifier: USER1 Operator: AND Rule(s) : If-match ip-precedence 5 Classifier: database Operator: AND Rule(s) : If-match acl 3131 If-match inbound-interface GigabitEthernet0/1 Table 50 Command output Field Description Classifier Class name and its match criteria. Operator Match operator you set for the class.
update acl [ ipv6 ] { acl-number | name acl-name }: Specifies a new ACL by its number or name to replace the ACL already referenced by the class. Table 51 The value range for the match-criteria argument Keyword and argument combination Description Matches an ACL. acl [ ipv6 ] { acl-number | name acl-name } The acl-number argument is in the range of 2000 to 4999 for an IPv4 ACL, and 2000 to 3999 or 10000 to 42767 for an IPv6 ACL.
{ { 5. { { You can configure multiple 802.1p priority match criteria for a class. All the defined 802.1p values are automatically arranged in ascending order. You can configure up to eight 802.1p priority values in one command line. If the same 802.1p priority value is specified multiple times, the system considers them as one. If a packet matches one of the defined 802.1p priority values, it matches the if-match clause. To delete a criterion that matches 802.1p priority values, the specified 802.
system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match customer-dot1p 3 # Define a match criterion for class class1 to match the packets with a service provider network 802.1p priority of 5. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match service-dot1p 5 # Define a match criterion for class class1 to match the advanced ACL 3101.
# Change the match criterion of class class1 from ACL 2008 to ACL 2009. system-view [Sysname] traffic classifier class1 [Sysname-classifier-class1] if-match acl 2008 [Sysname-classifier-class1] undo if-match acl 2008 update acl 2009 Related commands traffic classifier traffic classifier Use traffic classifier to create a class and enter class view. Use undo traffic classifier to delete a class.
[Sysname-classifier-class1] Related commands • classifier behavior • qos apply policy • qos policy Traffic behavior commands car Use car to configure a CAR action in a traffic behavior. Use undo car to delete the CAR action in a traffic behavior. Syntax car cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ green action ] [ red action ] undo car Default CBS is the amount of traffic transmitted at the rate of CIR over 500 ms.
Usage guidelines A QoS policy that has a CAR action can be applied to inbound or outbound direction of an interface. If a QoS policy that has a CAR action and the qos car command are both configured on the interface, only the CAR action in the policy takes effect. A traffic behavior can contain only one CAR action. If you configure the car command multiple times in the same traffic behavior, the most recent configuration takes effect.
user-defined: Displays user-defined traffic behaviors. behavior-name: Specifies a behavior by its name, a string of 1 to 31 characters. If no traffic behavior is specified, this command displays information about all the user-defined behaviors. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
undo traffic behavior behavior-name Views System view Default command level 2: System level Parameters behavior-name: Sets a behavior name, a string of 1 to 31 characters. Usage guidelines A traffic behavior is a set of actions, such as priority marking, dropping, rate limiting, and accounting. You provide QoS for a class of traffic by associating a traffic behavior with the class of traffic.
undo classifier classifier-name Views Policy view Default command level 2: System level Parameters classifier-name: Specifies a class by its name, a string of 1 to 31 characters. behavior-name: Specifies a behavior by its name, a string of 1 to 31 characters. Usage guidelines You cannot remove a default class. You can perform a set of QoS actions on a traffic class by associating a traffic behavior with the traffic class.
Hardware Compatibility F1000-A-EI/F1000-S-EI No F1000-E Yes F5000 Yes F5000-S/F5000-C Yes VPN firewall modules Yes 20-Gbps VPN firewall modules Yes user-defined: Displays user-defined QoS policies. policy-name: Specifies a QoS policy by its name, a string of 1 to 31 characters. If no policy is specified, this command displays configuration information of all the policies. classifier-name: Specifies a class by its name, a string of 1 to 31 characters.
display qos policy interface Use display qos policy interface to display information about the QoS policy or policies applied to an interface or all interfaces.
If-match dscp 1 6 9 Behavior: behavior1 Committed Access Rate: CIR 200 (kbps), CBS 50000 (byte), EBS 0 (byte) Green Action: pass Red Action: remark ip-precedence 0 and pass Green : 0(Packets) 0(Bytes) Red : 0(Packets) 0(Bytes) Table 54 Command output Field Description Interface Interface type and interface number. Direction Direction in which the policy is applied to the interface. Policy Name of the policy applied to the interface. Classifier Class name and configuration information.
Usage guidelines To use the undo qos policy command to delete a policy that has been applied to a certain object, you must first remove it from the object. Examples # Define QoS policy user1.
Traffic policing commands display qos car interface Use display qos car interface to display the CAR settings and operational statistics on a specified interface. Syntax display qos car interface [ interface-type interface-number ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression.
Red Action : discard Green : 0(Packets) 0(Bytes) Red : 0(Packets) 0(Bytes) Table 55 Command output Field Description Interface Interface name, including interface type and interface number. Direction Direction in which traffic policing is applied. Rule(s) Match criteria. CIR CIR in kbps. CBS CBS in bytes, which specifies the depth of the token bucket for holding bursty traffic. EBS EBS in bytes, which specifies the traffic exceeding CBS when two token buckets are used.
display qos carl 1 Current CARL Configuration: List Params -----------------------------------------------------1 MAC Address 0001-0001-0001 Table 56 Command output Field Description List CAR list number. Params Match object. qos car Use qos car to configure a CAR policy on an interface or port group. Use undo qos car to delete a CAR policy on an interface or port group.
• continue: Continues to process the packet using the next CAR policy. • discard: Drops the packet. • pass: Permits the packet to pass through. • remark-dscp-continue new-dscp: Remarks the packet with a new DSCP value and hands it over to the next CAR policy. The value range is 0 to 63. Alternatively, you can specify the new-dscp argument with af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, default, or ef.
Default command level 2: System level Parameters carl-index: CAR list number, in the range of 1 to 199. destination-ip-address: Configures a destination IP address-based CAR list. source-ip-address: Configures a source IP address-based CAR list. subnet ip-address mask-length: Specifies a subnet by the IP subnet address and IP subnet address mask length. range start-ip-address to end-ip-address: Specifies an IP address range by the start address and end address.
[Sysname] qos carl 2 source-ip-address range 1.1.2.100 to 1.1.2.
IP forwarding basics commands display fib Use display fib to display FIB entries. If you do not specify any parameters, this command displays all FIB entries. Syntax display fib [ vpn-instance vpn-instance-name ] [ acl acl-number | ip-prefix ip-prefix-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the FIB entries of the specified VPN.
127.0.0.0/8 127.0.0.1 U InLoop0 Null Invalid 127.0.0.1/32 127.0.0.1 UH InLoop0 Null Invalid # Display FIB entries matching ACL 2000. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule permit source 10.2.0.0 0.0.255.255 [Sysname-acl-basic-2000] display fib acl 2000 Destination count: 2 FIB entry count: 2 Flag: U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Relay Destination/Mask Nexthop Flag OutInterface 10.2.0.0/16 10.2.1.1 U GE0/1 10.2.1.
Field Description Flags of routes: Flag • • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Blackhole route. D—Dynamic route. S—Static route. R—Recursive route. OutInterface Outbound interface. InnerLabel Inner label. Token Label switched path index number. display fib ip-address Use display fib ip-address to display FIB entries that match the specified destination IP address.
Usage guidelines If you do not specify any mask or mask length, this command displays the FIB entry that matches the destination IP address and has the longest mask. If you specify the mask or mask length, this command displays the FIB entries that exactly match the specified destination IP address and mask. Examples # Display the FIB entry that matches the destination IP address of 10.2.1.1 and has the longest mask. display fib 10.2.1.
Fast forwarding magic number update commands The following matrix shows the feature and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 No F5000-S/F5000-C Yes VPN firewall modules Yes 20-Gbps VPN firewall modules Yes ipffmagicnumber update Use ipffmagicnumber update to enable updating magic numbers for fast forwarding. Use undo ipffmagicnumber update to disable updating magic numbers for fast forwarding.
• If a fast forwarding entry exists, and the magic numbers change, the driver configures the earlier entry as invalid, and recreates a forwarding entry. Examples # Disable updating IP forwarding magic numbers.
IP forwarding mode commands The following matrix shows the feature and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI Yes F1000-E Yes F5000 No F5000-S/F5000-C Yes VPN firewall modules Yes 20-Gbps VPN firewall modules Yes ip forwarding Use ip forwarding per-flow to specify the flow-based mode. Use undo ip forwarding per-flow to restore the default. Syntax ip forwarding per-flow undo ip forwarding per-flow Default The packet-based mode is used.
Examples # Specify the IP forwarding mode as flow-based. System-view [Sysname] ip forwarding per-flow The operation succeeds, please reboot to take effect. display ip forwarding mode Use display ip forwarding mode to display forwarding modes being used and to be used after reboot. Syntax display ip forwarding mode [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Unicast IP packet with multicast MAC address forwarding commands ip forwarding ethernet multicast enable Use ip forwarding ethernet multicast enable to enable forwarding a packet with a unicast destination IP but a multicast or broadcast destination MAC at Layer 3. Use undo ip forwarding ethernet multicast to restore the default.
Static routing commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. delete static-routes all Use delete static-routes all to delete all static routes. Syntax delete [ vpn-instance vpn-instance-name ] static-routes all Views System view Default command level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters.
Syntax ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ] undo ip route-static dest-address { mask | mask-length }
permanent: Specifies the route as a permanent static route. If the output interface is down, the permanent static route is still active. description description-text: Configures a description for the static route, which comprises 1 to 60 characters, including special characters like space, but excluding question marks (?). bfd: Enables BFD to detect reachability of the static route's next hop. Once the next hop is unreachable, the system immediately switches to a backup route.
• Enabling BFD for a flapping route could worsen the situation. Therefore, use it with caution. For more information about BFD, see High Availability Configuration Guide. • If the Track module uses NQA to detect the reachability of the private network static route's next hop, the VPN instance number of the static route's next hop must be identical to that configured in the NQA test group.
Usage guidelines If no preference is specified for a static route, the default preference applies. When the default preference is reconfigured, it applies to only newly added static routes. Examples # Set a default preference of 120 for static routes.
RIP commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. checkzero Use checkzero to enable zero field check on RIPv1 messages. Use undo checkzero to disable zero field check. Syntax checkzero undo checkzero Default The zero field check function is enabled.
Views RIP view Default command level 2: System level Parameters value: Specifies a default metric for redistributed routes, in the range of 0 to 16. Usage guidelines When you use the import-route command to redistribute routes from another routing protocol without specifying a metric, the metric specified by the default cost command applies. Examples # Configure a default metric of 3 for redistributed routes.
Examples # Configure all the interfaces running RIP process 100 to send only a default route with a metric of 2 to RIP neighbors. system-view [Sysname] rip 100 [Sysname-rip-100] default-route only cost 2 Related commands rip default-route display rip Use display rip to display state and configuration information for a RIP process.
Maximum number of balanced paths : 8 Update time : 30 sec(s) Suppress time : 120 sec(s) update output delay : Timeout time : 180 sec(s) Garbage-collect time : 120 sec(s) 20(ms) TRIP retransmit time : output count : 3 5 sec(s) TRIP response packets retransmit count : 36 Silent interfaces : None Default routes : Only Default route cost : 3 Verify-source : Enabled Networks : 192.168.1.
Field Description Indicates whether a default route is sent to RIP neighbors: • only—Only a default route is advertised. • originate—A default route is advertised along with Default routes other routes. • disable—No default route is advertised. Default route cost Cost of the default route. Verify-source Indicates whether the source IP address is checked on the received RIP routing updates. Networks Networks enabled with RIP. Configured peers Configured neighbors.
11.0.0.0/24, cost 1, nexthop 10.0.0.1, Imported Table 59 Command output Field Description X.X.X.X/X Destination address and subnet mask. cost Cost of the route. classful-summ Indicates that the route is a RIP summary route. Nexthop Address of the next hop. Rip-interface Routes learned from a RIP-enabled interface. imported Routes redistributed from other routing protocols. display rip interface Use display rip interface to display the RIP interface information for a RIP process.
MetricOut:5 MetricOut route policy:234 Split-horizon/Poison-reverse:on/off Input/Output:on/on Default route:off Current packets number/Maximum packets number:234/2000 Table 60 Command output Field Description Interface-name Name of an interface running RIP. Address/Mask IP address and mask of the interface. Version RIP version running on the interface. MetricIn Additional routing metric added to the incoming routes.
Default command level 1: Monitor level Parameters process-id: Specifies a RIP process by its ID in the range of 1 to 65535. ip-address { mask | mask-length }: Displays route information for the specified IP address. peer ip-address: Displays all routing information learned from a specified neighbor. statistics: Displays the route statistics, including total number of routes and number of routes of each neighbor. |: Filters command output by specifying a regular expression.
# Display the routing statistics for RIP process 1. display rip 1 route statistics Peer Aging Permanent Garbage 111.1.1.2 1 0 0 Total 1 0 0 Table 62 Command output Field Description Peer IP address of a neighbor. Aging Total number of aging routes learned from the specified neighbor. Permanent Total number of permanent routes learned from the specified neighbor. Garbage Total number of routes in the Garbage-collection state learned from the specified neighbor.
Hardware Protocol keywords F1000-E bgp, direct, ospf, rip, and static F5000 bgp, direct, isis, ospf, rip, and static F5000-S/F5000-C bgp, direct, ospf, rip, and static VPN firewall modules bgp, direct, ospf, rip, and static 20-Gbps VPN firewall modules bgp, direct, ospf, rip, and static process-id: Specifies the process ID of the specified routing protocol, in the range of 1 to 65535. You need to specify a process ID when the routing protocol is rip, isis, or ospf.
Related commands • acl (ACL and QoS Command Reference) • import-route • ip ip-prefix filter-policy import (RIP view) Use filter-policy import to configure RIP to filter the inbound routes. Use undo filter-policy import to restore the default.
[Sysname-acl-basic-2000] quit [Sysname] rip 1 [Sysname-rip-1] filter-policy 2000 import # Use IP prefix list abc on GigabitEthernet 0/1 to filter all inbound RIP routes. [Sysname-rip-1] filter-policy ip-prefix abc import gigabitethernet 0/1 # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass. Use ACL 3000 to filter inbound routes. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
import-route (RIP view) Use import-route to enable route redistribution from another routing protocol. Use undo import-route to disable route redistribution. Syntax import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost | route-policy route-policy-name | tag tag ] * undo import-route protocol [ process-id | all-processes ] Default RIP does not redistribute routes from any other routing protocol.
Usage guidelines The import-route bgp command only redistributes EBGP routes. The import-route bgp allow-ibgp command additionally redistributes IBGP routes and might cause routing loops. Therefore, use it with caution. This command redistributes only active routes. To view route state information, use the display ip routing-table protocol command.
Hardware Value range Default value F1000-A-EI/F1000-S-EI 1 to 8 8 F1000-E 1 to 8 8 F5000 1 to 16 16 F5000-S/F5000-C 1 to 8 8 VPN firewall modules 1 to 8 8 20-Gbps VPN firewall modules 1 to 8 8 Examples # Specify the maximum number of ECMP routes as 2. system-view [Sysname] rip [Sysname-rip-1] maximum load-balancing 2 network Use network to enable RIP on an interface attached to a specified network.
[Sysname-rip-100] network 129.102.0.0 output-delay Use output-delay to configure the rate at which an interface sends RIP packets. Use undo output-delay to restore the default. Syntax output-delay time count count undo output-delay Default An interface sends up to three RIP packets every 20 milliseconds. Views RIP view Default command level 2: System level Parameters time: Specifies the sending interval, in the range of 10 to 100 milliseconds.
Parameters ip-address: Specifies the IP address of a RIP neighbor, in dotted decimal notation. Usage guidelines Do not use the peer ip-address command when the neighbor is directly connected. Otherwise the neighbor might receive the same routing information in both unicast and multicast (or broadcast) mode. Examples # Specify RIP to unicast updates to peer 202.38.165.1. system-view [Sysname] rip 1 [Sysname-rip-1] peer 202.38.165.
reset rip process Use reset rip process to reset a RIP process. Syntax reset rip process-id process Views User view Default command level 1: Monitor level Parameters process-id: Specifies a RIP process by its ID in the range of 1 to 65535. Usage guidelines After you execute the command, you are prompted to confirm the operation. Examples # Reset RIP process 100.
undo rip [ process-id ] [ vpn-instance vpn-instance-name ] Default No RIP process runs. Views System view Default command level 2: System level Parameters process-id: Specifies a RIP process by its ID in the range of 1 to 65535. The default is 1. vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters. If no VPN is specified, the RIP process will run under the public network.
key-string: Specifies the MD5 key string. This argument is case sensitive. It must be a plaintext string of 1 to 16 characters, or a ciphertext string of 33 to 53 characters. key-id: Specifies the MD5 key number, in the range of 1 to 255. rfc2453: Uses the message format defined in RFC 2453 (IETF standard). simple: Specifies the simple authentication mode. password: Sets the password in simple authentication mode. This argument is case sensitive.
The rip bfd enable command and the rip bfd enable destination command are mutually exclusive and cannot be configured on a device at the same time. The following matrix shows the rip bfd enable command and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI No F1000-E No F5000 Yes F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules No Examples # Enable BFD for RIP on GigabitEthernet 1/1.
The following matrix shows the rip bfd enable destination command and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI No F1000-E No F5000 Yes F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules No Examples # Enable BFD on GigabitEthernet 1/1 for a specific destination 202.38.165.1. system-view [Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] rip bfd enable destination 202.38.165.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rip default-route only cost 2 Related commands default-route rip input Use rip input to enable an interface to receive RIP messages. Use undo rip input to disable an interface from receiving RIP messages. Syntax rip input undo rip input Default An interface is enabled to receive RIP messages. Views Interface view Default command level 2: System level Examples # Enable GigabitEthernet 0/1 to receive RIP messages.
Parameters route-policy route-policy-name: Uses the specified routing policy used to add an additional metric for the routes matching it. The route-policy-name argument is a string of 1 to 63 case-sensitive characters. value: Add an additional metric to inbound routes, in the range of 0 to 16. Usage guidelines When a valid RIP route is received, the system adds a metric to it and then installs it into the routing table. The metric of the route received on the configured interface is then increased.
Usage guidelines With the command configured on an interface, the metric of RIP routes sent on the interface is increased. If a routing policy is referenced with the route-policy keyword, the following operations can be performed: • Routes matching the policy are added with the metric specified in the apply cost command configured in the policy. Routes not matching it are added with the metric specified in the rip metricout command.
[Sysname] undo rip mib-binding rip output Use rip output to enable the interface to send RIP messages. Use undo rip output to disable the interface from sending RIP messages. Syntax rip output undo rip output Default Sending RIP messages is enabled on an interface. Views Interface view Default command level 2: System level Examples # Enable GigabitEthernet 0/1 to receive RIP messages.
rip split-horizon Use rip split-horizon to enable the split horizon function. Use undo rip split-horizon to disable the split horizon function. Syntax rip split-horizon undo rip split-horizon Default The split horizon function is enabled. Views Interface view Default command level 2: System level Usage guidelines The split horizon function prevents routing loops. If you want to disable the function, make sure the operation is dispensable.
Usage guidelines The summary address takes effect only when the automatic summarization is disabled. Examples # Advertise a local summary address on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rip summary-address 10.0.0.0 255.255.255.0 Related commands summary rip version Use rip version to specify a RIP version for the interface. Use undo rip version to remove the specified RIP version.
When RIPv2 runs on the interface in multicast mode, the interface can perform the following operations: • Sends RIPv2 multicast messages. • Receives RIPv2 broadcast, multicast, and unicast messages. Examples # Configure GigabitEthernet 0/1 to broadcast RIPv2 messages. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] rip version 2 broadcast silent-interface (RIP view) Use silent-interface to disable an interface from sending routing updates.
undo summary Default Automatic RIPv2 summarization is enabled. Views RIP view Default command level 2: System level Usage guidelines Automatic RIPv2 summarization can reduce the routing table size to enhance the scalability and efficiency of large networks. Examples # Disable RIPv2 automatic summarization. system-view [Sysname] rip [Sysname-rip-1] undo summary Related commands rip version timers Use timers to configure RIP timers. Use undo timers to restore the default.
Usage guidelines RIP is controlled by the following timers: • Update timer—Specifies the interval between routing updates. • Timeout timer—Specifies the route aging time. If no update for a route is received before the time expires, the metric of the route is set to 16. • Suppress timer—Specifies how long a RIP route stays in suppressed state. When the metric of a route becomes 16, the route enters the suppressed state.
version Use version to specify a global RIP version. Use undo version to remove the configuration. Syntax version { 1 | 2 } undo version Default If an interface has a RIP version specified, the RIP version takes effect. If it has no RIP version specified, it can send RIPv1 broadcasts, and receive RIPv1 broadcasts and unicasts, and RIPv2 broadcasts, multicasts, and unicasts. Views RIP view Default command level 2: System level Parameters 1: Specifies the RIP version as RIPv1.
OSPF commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. abr-summary (OSPF area view) Use abr-summary to configure a summary route on an area border router (ABR). Use undo abr-summary to remove a summary route. Syntax abr-summary ip-address { mask | mask-length } [ advertise | not-advertise ] [ cost cost ] undo abr-summary ip-address { mask | mask-length } Default No route summarization is configured on an ABR.
area (OSPF view) Use area to create an area and enter area view. Use undo area to remove an area. Syntax area area-id undo area area-id Default No OSPF area is created. Views OSPF view Default command level 2: System level Parameters area-id: Specifies an area by its ID, an IP address or a decimal integer in the range of 0 to 4294967295 that is translated into the IP address format by the system.
mask: Specifies the mask in dotted decimal notation. mask-length: Specifies the mask length in the range of 0 to 32 bits. cost cost: Specifies the cost of the summary route, in the range of 1 to 16777214. For Type-1 external routes, the cost defaults to the largest cost among routes that are summarized. For Type-2 external routes, the cost defaults to the largest cost among routes that are summarized plus 1. not-advertise: Disables advertising the summary route.
Default command level 2: System level Parameters md5: Specifies the MD5 authentication mode. simple: Specifies the simple authentication mode. Usage guidelines Routers that reside in the same area must have the same authentication mode: non-authentication, simple, or MD5. Examples # Configure OSPF area 0 to use the MD5 authentication mode. system-view [Sysname] ospf 100 [Sysname-ospf-100] area 0 [Sysname-ospf-100-area-0.0.0.
[Sysname] ospf 100 [Sysname-ospf-100] bandwidth-reference 1000 default Use default to configure default parameters for redistributed routes. Use undo default to restore default values. Syntax default { cost cost | limit limit | tag tag | type type } * undo default { cost | limit | tag | type } * Default The cost, route type, tag, and the upper limit are 1, 2, 1, and 1000.
Views OSPF area view Default command level 2: System level Parameters cost: Specifies a cost for the default route advertised to the Stub or NSSA area, in the range of 0 to 16777214. Usage guidelines This command takes effect only on the ABR of a stub area or the ABR/ASBR of an NSSA area. Examples # Configure Area 1 as a stub area, and specify the cost of the default route advertised to the stub area as 20. system-view [Sysname] ospf 100 [Sysname-ospf-100] area 1 [Sysname-ospf-100-area-0.0.0.
permit-calculate-other: Calculates default routes from other routers with this keyword specified or does not calculate default routes from other routers without this keyword specified when the router generates a default route in a Type-5 LSA into the OSPF routing domain. If the router generates no default route in a Type-5 LSA into the OSPF routing domain, the router calculates default routes from other routers regardless of whether this keyword is specified.
Views OSPF view, OSPF area view Default command level 2: System level Parameters description: Configures a description for the OSPF process in OSPF view, or for the OSPF area in OSPF area view. The description argument is a string of up to 80 characters. Usage guidelines The description specified by this command is used to identify an OSPF process or area. Examples # Describe OSPF process 100 as abc.
Examples # Display information about the routes to the OSPF ABR and ASBR. display ospf abr-asbr OSPF Process 1 with Router ID 192.168.1.2 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Inter 3.3.3.3 0.0.0.0 3124 10.1.1.2 ASBR Intra 2.2.2.2 0.0.0.0 1562 10.1.1.2 ABR Table 63 Command output Field Description Type of the route to the ABR or ASBR: Type • Intra—Intra-area route. • Inter—Inter-area route. Destination Router ID of an ABR/ASBR.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no OSPF process is specified, this command displays the summarized redistributed routes for all OSPF processes. If no IP address is specified, the command displays all summarized redistributed routes.
Field Description Process Process ID of the routing protocol. Type Type of a summarized route. Metric Metric of a summarized route. Related commands asbr-summary display ospf brief Use display ospf brief to display OSPF brief information. Syntax display ospf [ process-id ] brief [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535.
Default ASE parameters: Metric: 1 Tag: 1 Type: 2 Route Preference: 10 ASE Route Preference: 150 SPF Computation Count: 22 RFC 1583 Compatible Area Count: 1 Nssa Area Count: 1 7/5 translator state: Disabled 7/5 translate stability timer interval: 0 ExChange/Loading Neighbors: 0 Area: 0.0.0.1 (MPLS TE not enabled) Authtype: None Area flag: NSSA SPF Scheduled Count: 5 ExChange/Loading Neighbors: 0 Interface: 192.168.1.
Field Description ASE Route Preference External route priority. SPF Computation count SPF computation count of the OSPF process. RFC1583 Compatible Compatible with routing rules defined in RFC 1583. Area Count Area number of the current process. Nssa Area Count NSSA area number of the current process. State of the translator that translates Type-7 LSAs to Type-5 LSAs.
Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Input Packets received. Output Packets sent. Hello Hell packet. DB Description Database Description packet. Link-State Req Link-State Request packet. Link-State Update Link-State Update packet. Link-State Ack Link-State Acknowledge packet. LSAs originated by this router LSAs originated by this router. Router Number of Type-1 LSAs originated. Network Number of Type-2 LSAs originated. Sum-Net Number of Type-3 LSAs originated.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description OSPF packet too small Packets too small in length. OSPF Neighbor state low Packets received in low neighbor state. OSPF transmit error Packets with error when being transmitted. OSPF interface down Shutdown times of the interface. OSPF unknown neighbor Packets received from unknown neighbors. HELLO: Netmask mismatch Hello packets with mismatched mask. HELLO: Hello timer mismatch Hello packets with mismatched hello timer.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description Interface state defined by interface state machine: • Down—No protocol traffic is sent or received on the interface. • Loopback—The interface is in loopback state. A loopback interface can only collect interface information. • Waiting—The interface starts sending and receiving Hello packets and the State router is trying to determine the identity of the (Backup) designated router for the network.
Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. brief: Displays brief LSDB information. asbr: Displays Type-4 LSA (ASBR Summary LSA) information in the LSDB. ase: Displays Type-5 LSA (AS External LSA) information in the LSDB. network: Displays Type-2 LSA (Network LSA) information in the LSDB. nssa: Displays Type-7 LSA (NSSA External LSA) information in the LSDB. opaque-area: Displays Type-10 LSA (Opaque-area LSA) information in the LSDB.
Sum-Net 192.168.0.0 192.168.0.1 321 28 80000002 Table 69 Command output Field Description Area LSDB information of the area. Type LSA type. LinkState ID Link state ID. AdvRouter Advertising router. Age Age of the LSA. Len Length of the LSA. Sequence Sequence number of the LSA. Metric Cost of the LSA. # Display Type-2 LSA (Network LSA) information in the LSDB. display ospf 1 lsdb network OSPF Process 1 with Router ID 192.168.1.1 Area: 0.0.0.
Table 70 Command output Field Description Type LSA type. LS ID DR IP address. Adv Rtr Router that advertised the LSA. LS Age LSA age time. Len LSA length. LSA options: Options • • • • • • O—Opaque LSA advertisement capability. E—AS External LSA reception capability. EA—External extended LSA reception capability. DC—On-demand link support. N—NSSA external LSA support. P—Capability of an NSSA ABR to translate Type-7 LSAs into Type-5 LSAs. Seq# LSA sequence number. Checksum LSA checksum.
Examples # Display OSPF next hop information. display ospf nexthop OSPF Process 1 with Router ID 192.168.0.1 Routing Nexthop Information Next Hops: Address Refcount IntfAddr Intf Name ---------------------------------------------------------------192.168.0.1 1 192.168.0.1 GigabitEthernet0/1 192.168.0.2 1 192.168.0.1 GigabitEthernet0/1 192.168.1.1 1 192.168.1.1 GigabitEthernet0/2 Table 71 Command output Field Description Next Hops Information about next hops.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no OSPF process is specified, this command displays OSPF neighbor information for all OSPF processes. If an interface is specified, this command displays the neighbor on the interface. If a neighbor ID is specified, this command displays detailed information about the neighbor.
Field Description Neighbor state: • Down—Initial state of a neighbor conversation. • Init—The router has seen a Hello packet from the neighbor. However, the router has not established. bidirectional communication with the neighbor (the router itself did not appear in the neighbor's hello packet).
1.1.1.2 1.1.1.2 1 40 GE0/1 Full/DR Table 73 Command output Field Description Area Neighbor area. Router ID Neighbor router ID. Address Neighbor interface address. Pri Neighboring router priority. Dead-Time Dead interval remained. Interface Interface connected to the neighbor. State Neighbor state: Down, Init, Attempt, 2-Way, Exstart, Exchange, Loading, Full. display ospf peer statistics Use display ospf peer statistics to display OSPF neighbor statistics.
Total 0 0 0 0 0 0 0 2 2 Table 74 Command output Field Description Area ID The state statistics of all the routers in the area to which the router belongs is displayed. Down Number of neighboring routers in Down state in the same area. Attempt Number of neighboring routers in Attempt state in the same area. Init Number of neighboring routers in Init state in the same area. 2-Way Number of neighboring routers in 2-Way state in the same area.
Examples # Display OSPF request queue information. display ospf request-queue The Router's Neighbor is Router ID 2.2.2.2 Interface 10.1.1.1 Address 10.1.1.2 Area 0.0.0.0 Request list: Type LinkState ID AdvRouter Sequence Age Router 2.2.2.2 1.1.1.1 80000004 1 Network 192.168.0.1 1.1.1.1 80000003 1 Sum-Net 192.168.1.0 1.1.1.1 80000002 2 Table 75 Command output Field Description The Router's Neighbor is Router ID Neighbor router ID. Address Neighbor interface IP address.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views Any view Default command level 1: Monitor level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. interface interface-type interface-number: Displays routes passing the specified output interface. nexthop nexthop-address: Displays routes passing the specified next hop. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Intra Area Total intra-area routes. Inter Area Total inter-area routes. ASE Total ASE routes. NSSA Total NSSA routes. display ospf vlink Use display ospf vlink to display OSPF virtual link information. Syntax display ospf [ process-id ] vlink [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535.
Table 78 Command output Field Description Virtual-link Neighbor-ID ID of the neighbor on the virtual link. Neighbor-State Neighbor state: Down, Init, 2-Way, ExStart, Exchange, Loading, or Full. Interface IP address and name of the local interface on the virtual link. Cost Interface route cost. State Interface state. Type Type: virtual link. Transit Area Transit area ID. Timers Timers: Hello, dead, retransmit, and interface transmission delay.
undo enable link-local-signaling Default OSPF link-local signaling capability is disabled. Views OSPF view Default command level 2: System level Examples # Enable link-local signaling for OSPF process 1. system-view [Sysname] ospf 1 [Sysname-ospf-1] enable link-local-signaling enable log Use enable log to enable specified OSPF logging. Use undo enable log to disable specified OSPF logging.
enable out-of-band-resynchronization Use enable out-of-band-resynchronization to enable the OSPF out-of-band resynchronization (OOB-Resynch) capability. Use undo enable out-of-band-resynchronization to disable the OSPF out-of-band resynchronization capability. Syntax enable out-of-band-resynchronization undo enable out-of-band-resynchronization Default The capability is disabled.
Views OSPF area view Default command level 2: System level Parameters acl-number: Specifies an ACL by its number, in the range of 2000 to 3999. ip-prefix-name: Specifies an IP prefix list by its name, a string of 1 to 19 characters, to filter inbound/outbound Type-3 LSAs. For more information about IP prefix lists, see Network Management Configuration Guide. export: Filters Type-3 LSAs advertised to other areas. import: Filters Type-3 LSAs advertised into the local area.
The following matrix shows the values for the protocol argument on different firewalls and firewall modules: Hardware Protocol keywords F1000-A-EI/F1000-S-EI bgp, direct, ospf, rip, and static F1000-E bgp, direct, ospf, rip, and static F5000 bgp, direct, isis, ospf, rip, and static F5000-S/F5000-C bgp, direct, ospf, rip, and static VPN firewall modules direct, ospf, rip, and static 20-Gbps VPN firewall modules direct, ospf, rip, and static process-id: Specifies a process by its ID in the range
filter-policy import (OSPF view) Use filter-policy import to configure OSPF to filter routes calculated using received LSAs. Use undo filter-policy import to disable the filtering. Syntax filter-policy { acl-number [ gateway ip-prefix-name ] | gateway ip-prefix-name | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] | route-policy route-policy-name } import undo filter-policy import Default Routes calculated using received LSAs are not filtered.
[Sysname-acl-basic-2000] quit [Sysname] ospf 100 [Sysname-ospf-100] filter-policy 2000 import # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass. Use ACL 3000 to filter inbound routes. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
Syntax import-route protocol [ process-id | all-processes | allow-ibgp ] [ cost cost | type type | tag tag | route-policy route-policy-name ] * undo import-route protocol [ process-id | all-processes ] Default OSPF does not redistribute AS-external routes from any other routing protocol. Views OSPF view Default command level 2: System level Parameters protocol: Redistributes routes from the specified protocol, which can be bgp, direct, isis, ospf, rip, or static.
• Type-2 external route An intra-area route is a route in an OSPF area. An inter-area route is between any two OSPF areas. Both of them are internal routes. An external route is a route to a destination outside the OSPF AS. A Type-1 external route has high reliability. Its cost is comparable with the cost of OSPF internal routes. The cost from an OSPF router to a Type-1 external route's destination equals the cost from the router to the ASBR plus the cost from the ASBR to the external route's destination.
Usage guidelines Upon topology changes, ISPF recomputes only the affected part of the SPT, instead of the entire SPT. Examples # Enable OSPF ISPF. system-view [Sysname] ospf 100 [Sysname-ospf-100] ispf enable log-peer-change Use log-peer-change to enable the logging of OSPF neighbor state changes. Use undo log-peer-change to disable the logging. Syntax log-peer-change undo log-peer-change Default The logging is enabled.
Views OSPF view Default command level 2: System level Parameters interval: Specifies the LSA arrival interval in milliseconds, in the range of 0 to 60000. Usage guidelines If an LSA that has the same LSA type, LS ID, originating router ID with the previous LSA is received within the interval, the LSA is discarded. This feature helps protect resources from being over consumed due to frequent network changes.
incremental-interval: Specifies the LSA generation incremental interval in the range of 10 to 60000 milliseconds. The default is 5000 milliseconds. Usage guidelines When network changes are not frequent, LSAs are generated at the minimum-interval. If network changes become frequent, the LSA generation interval is incremented by incremental-interval × 2n-2 (n is the number of generation times) each time a LSA generation occurs until the maximum-interval is reached.
Use undo maximum load-balancing to restore the default. Syntax maximum load-balancing maximum undo maximum load-balancing Views OSPF view Default command level 2: System level Parameters maximum: Specifies the maximum number of ECMP routes. No ECMP load balancing is available when the number is set to 1.
Default command level 2: System level Parameters ip-address: Specifies the IP address of a network. wildcard-mask: Specifies the wildcard mask of the IP address. For example, the wildcard mask of mask 255.0.0.0 is 0.255.255.255. Usage guidelines This command enables OSPF on the interface attached to the specified network. The interface's primary IP address must be in the specified network segment. If only the interface's secondary IP address is in the network segment, the interface cannot run OSPF.
no-summary: Usable only on an NSSA ABR to advertise a default route in a Type-3 summary LSA into the NSSA area and to not advertise other summary LSAs into the area. Such an area is a totally NSSA area. translate-always: Specifies the NSSA ABR as a translator to translate Type-7 LSAs to Type-5 LSAs.
ospf Use ospf to enable an OSPF process. Use undo ospf to disable an OSPF process. Syntax ospf [ process-id | router-id router-id | vpn-instance vpn- instance-name ] * undo ospf [ process-id ] Default No OSPF process is enabled. Views System view Default command level 2: System level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535. router-id router-id: Specifies an OSPF router ID in dotted decimal format.
Default No authentication is available on an interface. Views Interface view Default command level 2: System level Parameters hmac-md5: Enables HMAC-MD5 authentication. md5: Enables MD5 authentication. simple: Enables simple authentication. key-id: Specifies a key ID in the range of 1 to 255. cipher: Specifies a ciphertext password. plain: Specifies a plaintext password. password: Specifies a password.
[Sysname-ospf-100-area-0.0.0.1] authentication-mode simple [Sysname-ospf-100-area-0.0.0.1] quit [Sysname-ospf-100] quit [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospf authentication-mode simple plain abc Related commands authentication-mode ospf bfd enable Use ospf bfd enable to enable BFD for link failure detection on an OSPF interface. Use undo ospf bfd enable to disable BFD on an OSPF interface.
[Sysname-ospf-1-area-0.0.0.0] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] ospf bfd enable ospf cost Use ospf cost to set an OSPF cost for an interface. Use undo ospf cost to restore the default.
Views Interface view Default command level 2: System level Parameters priority: Specify the router priority for the interface, in the range of 0 to 255. Usage guidelines The greater the value, the higher the priority for DR/BDR election. If a device has a priority of 0, it will not be elected as a DR or BDR. Examples # Set the router priority on GigabitEthernet 0/1 to 8.
ospf mtu-enable Use ospf mtu-enable to enable an interface to add the interface MTU into DD packets. Use undo ospf mtu-enable to restore the default. Syntax ospf mtu-enable undo ospf mtu-enable Default The MTU in DD packets is 0. Views Interface view Default command level 2: System level Usage guidelines After a virtual link is established via a Virtual-Template or Tunnel, two devices on the link from different vendors might have different MTU values.
Default command level 2: System level Parameters broadcast: Specifies the network type as broadcast. nbma: Specifies the network type as NBMA. p2mp: Specifies the network type as P2MP. unicast: Specifies the P2MP interface to unicast OSPF packets. By default, a P2MP interface multicasts OSPF packets. p2p: Specifies the network type as P2P. Usage guidelines If a router on a broadcast network does not support multicast, configure the network type for the connected interfaces as NBMA.
Views System view Default command level 2: System level Examples # Enable OSPF to give priority to receiving and processing hello packets. system-view [Sysname] ospf packet-process prioritized-treatment ospf timer dead Use ospf timer dead to set the neighbor dead interval. Use undo ospf timer dead to restore the default. Syntax ospf timer dead seconds undo ospf timer dead Default The dead interval is 40 seconds for broadcast and P2P interfaces and is 120 seconds for P2MP and NBMA interfaces.
Use undo ospf timer hello to restore the default. Syntax ospf timer hello seconds undo ospf timer hello Default The hello interval is 10 seconds for P2P and broadcast interfaces, and is 30 seconds for P2MP and NBMA interfaces. Views Interface view Default command level 2: System level Parameters seconds: Specifies the hello interval in seconds, in the range of 1 to 65535. Usage guidelines The shorter the hello interval is, the faster the topology converges and the more resources are consumed.
Usage guidelines When an NBMA interface finds its neighbor is down, it sends hello packets at the poll interval. The poll interval must be at least four times the hello interval. Examples # Set the poll timer interval on GigabitEthernet 0/1 to 130 seconds. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospf timer poll 130 Related commands ospf timer hello ospf timer retransmit Use ospf timer retransmit to set the LSA retransmission interval on an interface.
Syntax ospf trans-delay seconds undo ospf trans-delay Default The LSA transmission delay defaults to 1 second. Views Interface view Default command level 2: System level Parameters seconds: Specifies the LSA transmission delay in seconds, in the range of 1 to 3600. Usage guidelines Each LSA in the LSDB has an age that is incremented by 1 every second, but the age does not change during transmission. It is necessary to add a transmission delay into its age time on low speed networks.
The cost set with the peer command applies only to P2MP neighbors. If no cost is specified, the cost to the neighbor equals the local interface's cost. A router uses the priority set with the peer command to determine whether to send a hello packet to the neighbor rather than for DR election. The DR priority set with the ospf dr-priority command is used for DR election. Examples # Specify the neighbor 1.1.1.1. system-view [Sysname] ospf 100 [Sysname-ospf-100] peer 1.1.1.
system-view [Sysname] ospf 100 [Sysname-ospf-100] preference ase 200 reset ospf counters Use reset ospf counters to clear OSPF statistics. Syntax reset ospf [ process-id ] counters [ neighbor [ interface-type interface-number ] [ router-id ] ] Views User view Default command level 1: Monitor level Parameters process-id: Clears the statistics for an OSPF process specified by its ID in the range of 1 to 65535. neighbor: Clears neighbor statistics.
• Does not remove previous OSPF configurations. The system prompts you to select whether to reset OSPF process upon execution of this command. Examples # Reset all OSPF processes. reset ospf process Warning : Reset OSPF process? [Y/N]:Y reset ospf redistribution Use reset ospf redistribution to restart route redistribution.
Usage guidelines RFC 1583 specifies a different method than RFC 2328 for selecting the best route from multiple AS external routes destined for the same network. Using this command can make them compatible. If RFC 2328 is compatible with RFC 1583, the intra-area route in the backbone area is preferred, if not, the intra-area route in the non-backbone area is preferred to reduce the burden of the backbone area. Examples # Disable compatibility with RFC 1583.
Examples # Configure a global router ID as 1.1.1.1. system-view [Sysname] router id 1.1.1.1 silent-interface (OSPF view) Use silent-interface to disable an interface or all interfaces from r sending OSPF packets. Use undo silent-interface to restore the default. Syntax silent-interface { interface-type interface-number | all } undo silent-interface { interface-type interface-number | all } Default An interface can send OSPF packets.
undo snmp-agent trap enable ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa | nbrstatechange | originatelsa | vifcfgerror | virifauthfail | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ] * Default This feature is enabled. Views System view Default command level 3: Manage level Parameters process-id: Specifies an OSPF process by its ID in the range of 1 to 65535.
spf-schedule-interval Use spf-schedule-interval to set the OSPF SPF calculation interval. Use undo spf-schedule-interval to restore the default. Syntax spf-schedule-interval maximum-interval [ minimum-interval [ incremental-interval ] ] undo spf-schedule-interval Default The interval defaults to 5 seconds. Views OSPF view Default command level 2: System level Parameters maximum-interval: Specifies the maximum OSPF route calculation interval in seconds, in the range of 1 to 60.
undo stub Default No area is stub area. Views OSPF area view Default command level 2: System level Parameters default-route-advertise-always: Usable only on a stub ABR. With this keyword, the ABR advertises a default route in a Type-3 LSA into the stub area regardless of whether FULL-state neighbors exist in the backbone area. Without this keyword, the ABR advertises a default route in a Type-3 LSA into the stub area only when at least one FULL-state neighbor exists in the backbone area.
Usage guidelines The router LSAs sent by the stub router over different links contain different link type values. A value of 3 represents a link to a stub network, and the cost of the link is not changed. A value of 1, 2 or 4 represents a point-to-point link, a link to a transit network, or a virtual link, and the cost of such links is set to 65535. Neighbors on such links will not send packets to the stub router as long as they have a route with a smaller cost.
vlink-peer (OSPF area view) Use vlink-peer to configure a virtual link. Use undo vlink-peer to remove a virtual link.
• A retransmission interval that is too small can cause unnecessary retransmissions. A large value is appropriate for a low speed link. • Specify an appropriate transmission delay with the trans-delay keyword. The authentication mode at the non-backbone virtual link end follows the one at the backbone virtual link end. The two authentication modes (MD5 or Simple) are independent, and you can specify neither of them.
IS-IS commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. The following matrix shows the feature and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI No F1000-E No F5000 Yes F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules No area-authentication-mode Use area-authentication-mode to specify the area authentication mode and a password.
Usage guidelines The password in the specified mode is inserted into all outgoing Level-1 packets (LSP, CSNP, and PSNP) and is used for authenticating the incoming Level-1 packets. With area authentication configured, IS-IS discards incoming routes from untrusted routers. Routers in a common area must have the same authentication mode and password. If neither ip nor osi is specified, OSI related fields are checked. Whether a password should use ip or osi is not affected by the actual network environment.
Table 79 Automatic cost calculation scheme for cost styles other than wide and wide-compatible Interface bandwidth Cost ≤10 Mbps 60 ≤100 Mbps 50 ≤155 Mbps 40 ≤622 Mbps 30 ≤2500 Mbps 20 >2500 Mbps 10 Examples # Enable automatic link cost calculation.
Related commands auto-cost enable circuit-cost Use circuit-cost to set a global IS-IS link cost. Use undo circuit-cost to restore the default. Syntax circuit-cost value [ level-1 | level-2 ] undo circuit-cost [ level-1 | level-2 ] Default No global link cost is configured. Views IS-IS view Default command level 2: System level Parameters value: Link cost value. The value range varies with cost styles. • For styles narrow, narrow-compatible, and compatible, the cost value ranges from 0 to 63.
Syntax cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] } undo cost-style Default Only narrow cost style packets can be received and sent. Views IS-IS view Default command level 2: System level Parameters narrow: Receives and sends only narrow cost style packets. The narrow cost ranges from 0 to 63. wide: Receives and sends only wide cost style packets. The wide cost ranges from 0 to 16777215.
Views IS-IS view Default command level 2: System level Parameters ipv4-unicast: Specifies an IPv4 unicast topology. topology-name: Topology name, a case-sensitive character string of 1 to 31 characters. route-policy-name: Specifies the name of a routing policy, a case-sensitive string of 1 to 63 characters. level-1: Advertises a Level-1 default route. level-1-2: Advertises both Level-1 and Level-2 default routes. level-2: Advertises a Level-2 default route.
vpn-instance vpn-instance-name: Displays IS-IS brief configuration information for the VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the IS-IS brief configuration information of the public network is displayed. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Timers: • lsp-max-age—Maximum life period of LSP. • lsp-refresh—Refresh interval of LSP. • Interval between SPFs—Interval between SPF Timers calculations. IPv4-Unicast Voice and video refer to the topology names. voice(4000): Enable 4000 and 500 refer to the topology numbers. video(500): Disable IPv6-Unicast IPv6 unicast topology. display isis debug-switches Use display isis debug-switches to display IS-IS debugging switch state.
display isis graceful-restart status Use display isis graceful-restart status to display IS-IS Graceful Restart status. Syntax display isis graceful-restart status [ level-1 | level-2 ] [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters level-1: Displays the IS-IS Level-1 Graceful Restart state. level-2: Displays the IS-IS Level-2 Graceful Restart state.
Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 Table 81 Command output Field Description Restart Interval Graceful Restart interval. SA Bit Supported SA bit is set. Total Number of Interfaces = 1 Current IS-IS interface number. Restart Status Graceful Restart status. Number of LSPs Awaited Number of LSPs not obtained by the GR Restarter from GR Helpers during LSDB synchronization.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display brief IS-IS interface information. display isis interface Interface information for ISIS(1) --------------------------------Interface: GigabitEthernet1/1 Id IPV4.State 001 Up IPV6.
Table 82 Command output Field Description Interface Interface type and number. Id Circuit ID. IPV4.State IPv4 state. IPV6.State IPv6 state. MTU Interface MTU. Type Interface link adjacency type. DIS Whether the interface is elected as the DIS or not. SNPA Address Subnet access point address. IP Address Primary IP address. Secondary IP Address(es) Secondary IP addresses. IPV6 Link Local Address IPv6 link local address. IPV6 Global Address(es) IPv6 global address.
Field Description Interval that IS-IS advertises the maximum cost in LSAs, in seconds. Max Cost Time If infinite is displayed for this field, IS-IS advertises the maximum cost in LSAs until the LDP session converges. Status of LDP and IS-IS synchronization: • Achieved—Indicates that LDP and IS-IS has synchronized. • Hold Down—Indicates that the interface waits for the LDP session convergence rather than establishing neighbor relationship.
Parameters l1, level-1: Displays the level-1 LSDB. l2, level-2: Displays the level-2 LSDB. lspid: LSP ID, in the form of sysID.Pseudo ID-fragment num, where sysID represents the originating node or pseudo node, and Pseudo ID is separated by a dot from sysID and by a hyphen from fragment num. lspname: LSP name, in the form of Symbolic name.Pseudo ID-fragment num, where Pseudo ID is separated by a dot from Symbolic name and by a hyphen from fragment num.
Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------1000.0000.0001.00-00* 0x00000016 SOURCE 1000.0000.0001.00 NLPID IPV4 NLPID IPV6 AREA ADDR 10 INTF ADDR 3.1.1.20 0x314e 1130 112 0/0/0 INTF ADDR V6 3::20 MTR ID 00 0/0/0 MTR ID 02 0/0/0 MTR ID 10 0/0/0 MTR ID 4000 0/0/0 +NBR ID 1000.0000.0002.01 COST: 63 IPV4 UNICAST NBR ID 1000.0000.0002.
3.1.1.0 255.255.255.0 COST: 10 255.255.255.0 COST: 10 IPV4 UNICAST 3.1.1.0 MTR ID: 10 IPV6 UNICAST 3::/64 COST: 10 1000.0000.0002.01-00 0x00000003 SOURCE 1000.0000.0002.01 NLPID IPV4 NLPID +NBR MTR ID: 2 878 55 0/0/0 IPV6 ID 1000.0000.0002.00 +NBR 0x1d9b COST: 0 ID 1000.0000.0001.00 COST: 0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload Table 84 Command output Field Description LSPID Link state packet ID. Seq Num LSP sequence number.
Field Description Topology number supported by the originating router: MTR ID 00 0/0/0 MTR ID 10 0/0/0 MTR ID 02 0/0/0 • • • • 00—Means base topology. 02—Means IPv6 unicast topology. 10—Means IPv4 unicast topology. 0/0/0—Indicates ATT/P/OL. IPV4 UNICAST NBR ID IPv4 unicast neighbor information of the originating router. IPV6 UNICAST NBR ID IPv6 unicast neighbor information of the originating router.
[Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] isis enable [Sysname-GigabitEthernet1/1] isis mesh-group 100 [Sysname-GigabitEthernet1/1] quit [Sysname] interface gigabitethernet 1/2 [Sysname-GigabitEthernet1/1] isis enable [Sysname-GigabitEthernet1/2] isis mesh-group 100 # Display the configuration information of IS-IS mesh-group.
Examples # Configure a name for the local IS system. system-view [Sysname] isis 1 [Sysname-isis-1] is-name RUTA # Configure a static mapping for the remote IS system (system ID 0000.0000.0041, host name RUTB). [Sysname-isis-1] is-name map 0000.0000.0041 RUTB # Display the IS-IS host name-to-system ID mapping table. [Sysname-isis-1] display isis name-table Name table information for ISIS(1) --------------------------------------------------------------System ID Hostname Type 6789.0000.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Local Topology 2 4000 Peer Topology 2 4000 Table 87 Command output Field Description System Id System ID of the neighbor. Interface Interface connecting to the neighbor. Circuit Id Circuit ID. State Circuit state. Holdtime. Within the holdtime if no hellos are received from the neighbor, the neighbor is considered down. If a hello is received, the holdtime is reset to the initial value. HoldTime Circuit type: • • • • Type L1—The circuit type is Level-1 and the neighbor is a Level-1 router.
Table 88 Command output Field Description Neighbor type: Type • LAN Level-1—Number of Level-1 neighbors whose network type is broadcast. • LAN Level-2—Number of Level-2 neighbors whose network type is broadcast. • P2P—Number of neighbors whose network type is P2P. IPv4 Up Number of IPv4 neighbors in up state. IPv4 Init Number of IPv4 neighbors in init state. IPv6 Up Number of IPv6 neighbors in up state. IPv6 Init Number of IPv6 neighbors in init state.
Usage guidelines If no level is specified, both Level-1 and Level-2 routing information is displayed. If no topology is specified, the routing information of the base topology is displayed. Examples # Display IS-IS IPv4 routing information of the base topology.
---------------------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------------3.1.1.0/24 63 NULL GE1/1 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set Table 89 Command output Field Description Route information for ISIS(1) Route information for IS-IS process 1.
NextHop : Interface : Direct GE1/1 ExitIndex : 0x00000000 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------IPV4 Dest : 1.1.0.0/16 Int. Cost : 20 Ext. Cost : NULL Admin Tag : - Src Count : 2 Flag IPV4 Dest : 1.2.0.0/16 Int. Cost : 10 Ext.
Field Description ISIS(1) IPv4 Level-1 Forwarding Table IS-IS IPv4 routing information for Level-1. ISIS(1) IPv4 Level-2 Forwarding Table IS-IS IPv4 routing information for Level-2. ISIS(1) IPv4 MT(voice-4000) Level-1 Forwarding Table IS-IS IPv4 routing information for Level-1 of topology voice. ISIS(1) IPv4 MT(voice-4000) Level-2 Forwarding Table IS-IS IPv4 routing information for Level-2 of topology voice. IPV4 Dest IPv4 destination. Int. Cost Internal route cost. Ext.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display IS-IS SPF log information. display isis spf-log SPF Log information for ISIS(1) ------------------------------Level Trig.Event No.
Syntax display isis statistics [ level-1 | level-1-2 | level-2 ] [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters level-1: Displays IS-IS Level-1 statistics. level-1-2: Displays IS-IS Level-1-2 statistics. level-2: Displays IS-IS Level-2 statistics. process-id: Displays IS-IS statistics for the IS-IS process. The ID is in the range of 1 to 65535.
-----------------Learnt routes information: Total IPv6 Learnt Routes in IPv6 Routing Table: 0 IPv6 Imported Routes: Static: 0 Direct: 0 ISISv6: 0 BGP4+: RIPng: OSPFv3: 0 0 Total Number: 0 0 MTR(voice): -------------------Learnt routes information: Total IPv4 Learnt Routes in IPv4 Routing Table: 0 Imported routes information: IPv4 Imported Routes: Static: 0 Direct: 0 ISIS: 0 BGP: 0 RIP: 0 OSPF: 0 Total Number: 0 Lsp information: LSP Source ID: No.
ISISv6: 0 BGP4+: RIPng: OSPFv3: 0 0 Total Number: 0 0 MTR(voice): -------------------Learnt routes information: Total IPv4 Learnt Routes in IPv4 Routing Table: 0 Imported routes information: IPv4 Imported Routes: Static: 0 Direct: 0 ISIS: 0 BGP: 0 RIP: 0 OSPF: 0 Total Number: 0 Lsp information: LSP Source ID: No. of used LSPs Table 92 Command output Field Description Statistics information for ISIS(processid) Statistics for the IS-IS process. Level-1 Statistics Level-1 statistics.
undo domain-authentication-mode Default No routing domain authentication is configured. Views IS-IS view Default command level 2: System level Parameters md5: Specifies the MD5 authentication mode. simple: Specifies the simple authentication mode. cipher: Sets a ciphertext password. If this keyword is not specified, you set a plaintext password. password: Set the password. This argument is case sensitive. It must be a plaintext string of 1 to 16 characters, or a ciphertext string of 33 to 53 characters.
undo filter-policy export [ protocol [ process-id ] ] Default IS-IS does not filter redistributed routes. Views IS-IS view Default command level 2: System level Parameters acl-number: Specifies the number of an ACL that is used to filter redistributed routes, ranging from 2000 to 3999. For ACL configuration information, see Access Control Command Reference.
[Sysname-acl-adv-3000] quit [Sysname] isis 1 [Sysname-isis 1] filter-policy 3000 export Related commands filter-policy import filter-policy import (IS-IS view) Use filter-policy import to configure IS-IS to filter routes calculated from received LSPs. Use undo filter-policy import to disable IS-IS from filtering routes calculated from received LSPs.
Examples # Reference ACL 2000 to filter routes calculated from received LSPs. system-view [Sysname] acl number 2000 [Sysname-acl-basic-2000] rule deny source 192.168.10.0 0.0.0.255 [Sysname-acl-basic-2000] quit [Sysname] isis 1 [Sysname-isis-1] filter-policy 2000 import # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter routes calculated from received LSPs.
Usage guidelines If no level is specified, the command enables IS-IS LSP flash flooding for both Level-1 and Level-2. Examples # Enable fast flooding and specify the maximum LSPs to be sent as 10 and the delay time as 100 milliseconds. system-view [Sysname] isis 1 [Sysname-isis-1] flash-flood flood-count 10 max-timer-interval 100 import-route (IS-IS view) Use import-route to redistribute routes from another routing protocol or another IS-IS process.
level-1-2: Redistributes routes into both Level-1 and Level-2 routing tables. level-2: Redistributes routes into the Level-2 routing table. If no level is specified, the routes are redistributed into the Level-2 routing table by default. route-policy route-policy-name: Redistributes only routes matching the criteria of a routing policy. The routing policy name is a case-sensitive string of 1 to 63 characters. tag tag: Specifies a tag value for redistributed routes from 1 to 4294967295.
Parameters acl-number: Specifies the number of an ACL that is used to filter routes from Level-2 to Level-1, ranging from 2000 to 3999. For ACL configuration information, see Access Control Command Reference. ip-prefix ip-prefix-name: Specifies the name of an IP prefix list that is used to filter routes from Level-2 to Level-1, a case-sensitive string of 1 to 19 characters.
[Sysname] isis 1 [Sysname-isis-1] import-route limit 1000 isis Use isis to enable an IS-IS process and specify an associated VPN instance, enter IS-IS view, or both. Use undo isis to disable an IS-IS process. Syntax isis [ process-id ] [ vpn-instance vpn-instance-name ] undo isis [ process-id ] Views System view Default command level 2: System level Parameters process-id: Process ID, ranging from 1 to 65535. The default is 1. vpn-instance vpn-instance-name: Specifies a VPN.
Views Interface view Default command level 2: System level Parameters md5: Specifies the MD5 authentication mode. simple: Specifies the simple authentication mode. cipher: Sets a ciphertext password. If this keyword is not specified, you set a plaintext password. password: Set the password. This argument is case sensitive. It must be a plaintext string of 1 to 16 characters, or a ciphertext string of 33 to 53 characters. level-1: Configures the password for Level-1.
Use undo isis circuit-level to restore the default. Syntax isis circuit-level [ level-1 | level-1-2 | level-2 ] undo isis circuit-level Default An interface can establish either the Level-1 or Level-2 adjacency. Views Interface view Default command level 2: System level Parameters level-1: Sets the circuit level to Level-1. level-1-2: Sets the circuit level to Level-1-2. level-2: Sets the circuit level to Level-2.
Default The network type of an interface depends on the physical media. (The network type of a VLAN interface is broadcast.) Views Interface view Default command level 2: System level Usage guidelines Interfaces with different network types operate differently. For example, broadcast interfaces on a network need to elect a DIS and flood CSNP packets to synchronize the LSDBs, and P2P interfaces on a network need not elect a DIS and have a different LSDB synchronization mechanism.
• For cost styles wide and wide-compatible, the cost ranges from 1 to 16777215. When the cost value is 16777215, the neighbor TLV generated on the link can only be used to transmit relevant TE information, but cannot be used to calculate routes. level-1: Applies the cost to Level-1. level-2: Applies the cost to Level-2. Usage guidelines If neither level-1 nor level-2 is included, the cost applies to both level-1 and level-2.
Examples # Configure the DIS name as LOCALAREA. system-view [Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] isis dis-name LOCALAREA isis dis-priority NOTE: This command is not available in loopback interface view. Use isis dis-priority to specify a DIS priority at a specified level for an interface. Use undo isis dis-priority to restore the default priority of 64 for Level-1 and Level-2.
isis enable Use isis enable to enable an IS-IS process on the interface. Use undo isis enable to disable IS-IS. Syntax isis enable [ process-id ] undo isis enable Default No IS-IS routing process is enabled on an interface. Views Interface view Default command level 2: System level Parameters process-id: Specifies a IS-IS process ID, ranging from 1 to 65535. The default is 1. Examples # Create IS-IS routing process 1, and enable it on the GigabitEthernet 1/1 interface.
Views Interface view Default command level 2: System level Parameters mesh-group-number: Mesh group number, ranging from 1 to 4294967295. mesh-blocked: Blocks the interface, which sends LSPs only after receiving LSP requests. Usage guidelines For an interface not in a mesh group, it follows the normal process to flood the received LSPs to other interfaces. For the NBMA network with high connectivity and multiple point-to-point links, this will cause repeated LSP flooding and bandwidth waste.
[Sysname] isis mib-binding 100 isis peer-ip-ignore Use isis peer-ip-ignore to configure the PPP interface not to check the peer's IP address in received hello packets. Use undo isis peer-ip-ignore to restore the default. Syntax isis peer-ip-ignore undo isis peer-ip-ignore Default The PPP interface checks the peer's IP address upon receiving a hello packet.
Usage guidelines The feature is not supported on the loopback interface. Examples # Disable GigabitEthernet 1/1 from sending and receiving IS-IS packets. system-view [Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] isis silent isis small-hello NOTE: This command is not available in loopback interface view. Use isis small-hello to configure the interface to send small hello packets without CLVs. Use undo isis small-hello to restore the default.
Default The default CSNP interval is 10 seconds. Views Interface view Default command level 2: System level Parameters seconds: Specifies on the DIS of a broadcast network the interval in seconds for sending CSNP packets, ranging from 1 to 600. level-1: Applies the interval to Level-1. level-2: Applies the interval to Level-2. Usage guidelines This command only applies to the DIS of a broadcast network, which sends CSNP packets periodically for LSDB synchronization.
level-1: Specifies the interval for sending Level-1 hello packets. level-2: Specifies the interval for sending Level-2 hello packets. Usage guidelines Level-1 and Level-2 hello packets are sent independently on a broadcast network, so you need to specify an interval for each of the two levels. On a P2P link, Level-1 and Level-2 packets are both sent in P2P hello packets, and you need not specify an interval for each of the two levels.
Usage guidelines With the IS-IS hello multiplier configured, a router can uses hello packets to notify its neighbor router of the adjacency hold time (hello multiplier times hello interval). If the neighbor router receives no hello packets from this router within the hold time, it declares the adjacency down. You can adjust the adjacency hold time by changing the hello multiplier or the hello interval on an interface.
Examples # Configure the interval as 500 milliseconds for sending LSPs on interface GigabitEthernet 1/1. system-view [Sysname] interface gigabitethernet 1/1 [Sysname-GigabitEthernet1/1] isis timer lsp 500 Related commands isis timer retransmit isis timer retransmit NOTE: This command is not available in loopback interface view. Use isis timer retransmit to configure the interval for retransmitting LSP packets over a point-to-point link. Use undo isis timer retransmit to restore the default.
is-level Use is-level to specify the IS level. Use undo is-level to restore the default. Syntax is-level { level-1 | level-1-2 | level-2 } undo is-level Default The default IS level is level-1-2. Views IS-IS view Default command level 2: System level Parameters level-1: Configures the router to work on Level-1, which means it only calculates routes within the area, and maintains the L1 LSDB.
Default Dynamic system ID to hostname mapping is not enabled. Views IS-IS view Default command level 2: System level Parameters symbolic-name: Specifies a host name for the local IS, a string of 1 to 64 characters. Examples # Configure a host name for the local IS. system-view [Sysname] isis 1 [Sysname-isis-1] is-name RUTA is-name map Use is-name map to configure a system ID to host name mapping for a remote IS. Use undo is-name map to remove the mapping.
Use undo is-snmp-traps to disable this function. Syntax is-snmp-traps enable undo is-snmp-traps Default SNMP Trap is enabled. Views IS-IS view Default command level 2: System level Examples # Enable SNMP Trap. system-view [Sysname] isis 1 [Sysname-isis-1] is-snmp-traps enable log-peer-change (IS-IS view) Use log-peer-change to enable the logging of IS-IS neighbor state changes. Use undo log-peer-change to disable the logging.
lsp-fragments-extend Use lsp-fragments–extend to enable an LSP fragment extension mode for a level. Use undo lsp-fragments–extend to disable LSP fragment extension for a level. Syntax lsp-fragments-extend [ [ level-1 | level-1-2 | level-2 ] | [ mode-1 | mode-2 ] ] * undo lsp-fragments-extend Default LSP fragment extension is disabled. Views IS-IS view Default command level 2: System level Parameters level-1: Applies the fragment extension mode to Level-1 LSPs.
Default The maximum size of generated Level-1 and Level-2 LSPs is 1497 bytes. Views IS-IS view Default command level 2: System level Parameters size: Specifies the maximum size in bytes of LSP packets, ranging from 512 to 16384. level-1: Applies the size to Level-1 LSP packets. level-2: Applies the size to Level-2 LSP packets. Usage guidelines If neither Level-1 nor Level-2 is specified in the command, the configured maximum size applies to the current IS-IS level.
maximum load-balancing (IS-IS view) Use maximum load-balancing to configure the maximum number of equal-cost multi-path (ECMP) routes for load balancing. Use undo maximum load-balancing to restore the default. Syntax maximum load-balancing number undo maximum load-balancing Default The maximum number of ECMP routes is 8. Views IS-IS view Default command level 2: System level Parameters ipv4-unicast topology-name: Specifies an IPv4 unicast topology.
Default command level 2: System level Parameters net: Network Entity Title (NET) in the format of X…X.XXXX....XXXX.00 in hexadecimal notation, with the first part X…X being the area address, the middle part XXXX....XXXX (a total of 12 "X") being the router's system ID, and the last part 00 being SEL. Usage guidelines A NET is a special NSAP address with the SEL being 0. The length of the NET is in the range of 8 bytes to 20 bytes.
Parameters preference: Specifies the preference for IS-IS protocol, ranging from 1 to 255. route-policy route-policy-name: Routing policy name, a case-sensitive string of 1 to 63 characters. The preference applies to routes passing the routing policy. Usage guidelines If a routing policy is specified in this command, the preference (if any) set by the routing policy applies to those matched routes. Other routes use the preference set by the preference command.
[Sysname-isis-1] priority high ip-prefix standtest reset isis all Use reset isis all to clear all IS-IS data structure information. Syntax reset isis all [ process-id | vpn-instance vpn-instance-name ] Default No data structure information is cleared. Views User view Default command level 2: System level Parameters process-id: Clears the data structure information of an IS-IS process numbered from 1 to 65535. vpn-instance vpn-instance-name: Clears the data structure information of the VPN.
process-id: Clears the data structure information of an IS-IS process with an ID from 1 to 65535. vpn-instance vpn-instance-name: Clears the data structure information of the VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the data structure information of the public network is cleared. Usage guidelines This command is used when you need to re-establish an IS-IS neighbor relationship.
interlevel: Allows advertising IP address prefixes learned from different IS-IS levels with the allow keyword specified. Usage guidelines If the on-startup keyword is not specified, the command sets the overload bit immediately until the undo set-overload command is executed. If the on-startup keyword is specified, IS-IS sets the overload bit upon system startup and keeps it set within the timeout2 interval. Examples # Set overload flag on the current router.
Usage guidelines If no level is specified, only the level-2 routes are summarized by default. You can summarize multiple contiguous networks into a single network to reduce the size of the routing table, as well as that of LSP and LSDB generated by the router. It is allowed to summarize native IS-IS routes and redistributed routes. After summarization, the cost of the summary route is the smallest cost of those summarized routes. The router summarizes only routes in local LSPs.
{ • If the network topology is unstable—triggers occur at intervals shorter than the maximum interval, IS-IS waits the maximum interval before generating the first LSP until the network topology is stable. If the maximum, initial, and second wait intervals are specified: { { { IS-IS waits the initial interval before generating the first LSP.
timer lsp-refresh Use timer lsp-refresh to configure the LSP refresh interval. Use undo timer lsp-refresh to restore the default. Syntax timer lsp-refresh seconds undo timer lsp-refresh Default The default LSP refresh interval is 900 seconds. Views IS-IS view Default command level 2: System level Parameters seconds: LSP refresh interval in seconds, ranging from 1 to 65534.
Default command level 2: System level Parameters maximum-interval: Maximum SPF calculation interval in seconds, ranging from 1 to 120. initial-interval: Wait interval before the first SPF calculation, in milliseconds, ranging from 10 to 60000. second-wait-interval: Wait interval before the second SPF calculation, in milliseconds, ranging from 10 to 60000. Usage guidelines • If only the maximum interval is specified, IS-IS waits the maximum interval before performing the SPF calculation.
Views IS-IS view Default command level 2: System level Parameters virtual-system-id: Virtual system ID of the IS-IS process. Usage guidelines Up to 50 virtual system IDs can be configured for the IS-IS process. Examples # Set a virtual system ID of 2222.2222.2222 for IS-IS process 1. system-view [Sysname] isis 1 [Sysname-isis-1] virtual-system 2222.2222.
BGP commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. aggregate Use aggregate to create a summary route in the BGP routing table. Use undo aggregate to remove a summary route.
Keywords Function detail-suppressed This keyword does not suppress the summary route, but it suppresses the advertisement of all the more specific routes. To summarize only some specific routes, use the peer filter-policy command. suppress-policy Used to create a summary route and suppress the advertisement of some summarized routes. If you want to suppress some routes selectively and leave other routes still advertised, use the if-match clause of the route-policy command.
Parameters ebgp: Configures load balancing for EBGP routes. ibgp: Configures load balancing for IBGP routes. number: Specifies the number of BGP ECMP routes, in the range of 1 to 8. When it is set to 1, load balancing is disabled.
# In BGP-VPN instance view, set the number of IBGP ECMP routes to 2. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] balance ibgp 2 # In BGP-VPN instance view, set the number of EBGP ECMP routes to 2. (The VPN has been created.
Syntax bestroute compare-med undo bestroute compare-med Default This comparison is not enabled. Views BGP view, BGP-VPN instance view Default command level 2: System level Examples # In BGP view, enable the comparison of MEDs for routes on a per-AS basis when selecting the best route. system-view [Sysname] bgp 100 [Sysname-bgp] bestroute compare-med # In BGP-VPN instance view, enable the comparison of MEDs for routes on a per-AS basis when selecting the best route. (The VPN has been created.
Examples # In BGP view, enable the comparison of the MED for paths from peers within the confederation. system-view [Sysname] bgp 100 [Sysname-bgp] bestroute med-confederation # In BGP-VPN instance view, enable the comparison of the MED for paths from peers within the confederation. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] bestroute med-confederation bgp Use bgp to enable BGP and enter the BGP view.
Default The comparison is disabled. Views BGP view, BGP-VPN instance view Default command level 2: System level Usage guidelines If several paths to one destination are available, the path with the smallest MED is selected. Do not use this command unless associated ASs adopt the same IGP protocol and routing selection method. Examples # In BGP view, enable the comparison of the MED for paths from peers in different ASs.
Usage guidelines Configuring a confederation can reduce IBGP connections in a large AS. You can split the AS into several sub-ASs, and each sub-AS remains fully meshed. These sub-ASs form a confederation. Key IGP attributes of a route, such as the next hop, MED, or local preference, are not discarded when crossing each sub-AS. The sub-ASs still look like a whole from the perspective of other ASs. This can ensure the integrity of the former AS, and solve the problem of too many IBGP connections in the AS.
Examples # AS 100 contains routers not compliant with RFC 3065 and comprises two sub-ASs, 64000 and 65000. system-view [Sysname] bgp 64000 [Sysname-bgp] confederation id 100 [Sysname-bgp] confederation peer-as 65000 [Sysname-bgp] confederation nonstandard Related commands • confederation id • confederation peer-as confederation peer-as Use confederation peer-as to specify confederation peer sub-ASs. Use undo confederation peer-as to remove specified confederation peer sub-ASs.
Related commands • confederation id • confederation nonstandard dampening (BGP/BGP-VPN instance view) Use dampening to enable BGP route dampening, configure dampening parameters, or both. Use undo dampening to disable route dampening. Syntax dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] * undo dampening Default No route dampening is configured.
system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] dampening 15 15 1000 2000 10000 Related commands • display bgp routing-table dampened • display bgp routing-table dampening parameter • display bgp routing-table flap-info • reset bgp dampening • reset bgp flap-info default ipv4-unicast Use default ipv4-unicast to enable the default use of IPv4 unicast address family for the peers that are established using the peer as-number command.
default local-preference (BGP/BGP-VPN instance view) Use default local-preference to configure the default local preference. Use undo default local-preference to restore the default value. Syntax default local-preference value undo default local-preference Default The default local preference is 100. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters value: Specifies the default local preference, in the range of 0 to 4294967295.
Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters med-value: Specifies the default MED value, in the range of 0 to 4294967295. Usage guidelines Multi-exit discriminator (MED) is an external metric for routes. Different from local preference, MED is exchanged between ASs and stays in the AS once it enters the AS. The route with a lower MED is preferred.
Examples # In BGP view, allow default route redistribution from OSPF into BGP. system-view [Sysname] bgp 100 [Sysname-bgp] default-route imported [Sysname-bgp] import-route ospf 1 # In BGP-VPN instance view, enable redistributing default route from OSPF into BGP. (The VPN has been created.
Configured hold timer value: 180 Keepalive timer value: 60 Minimum time between advertisement runs is 30 seconds Peer Preferred Value: 0 No routing policy is configured Members: Peer AS 2.2.2.1 200 MsgRcvd MsgSent 0 OutQ PrefRcv Up/Down 0 0 State 0 00:00:35 Active Table 94 Command output Field Description BGP peer-group Name of the BGP peer group. Remote AS AS number of peer group. Type of the BGP peer group: • IBGP. • EBGP.
display bgp network Use display bgp network to display routing information advertised with the network command. Syntax display bgp network [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Syntax display bgp paths [ as-regular-expression | | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters as-regular-expression: Specifies an AS path regular expression, a string of 1 to 80 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Syntax display bgp peer [ ip-address { log-info | verbose } | group-name log-info | verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip-address: Specifies an IP address of an peer to be displayed, in dotted decimal notation. group-name: Specifies the name of a peer group to be displayed, a string of 1 to 47 characters. log-info: Displays the log information of the specified peer.
Route refresh capability has been enabled ORF advertise capability based on prefix (type 64): Local: both Negotiated: send Peer Preferred Value: 0 BFD: Enabled Routing policy configured: No routing policy is configured Table 97 Command output Field Description Peer IP address of the peer. Local Local router ID. Type Peer type. BGP version BGP version. remote router ID Router ID of the peer. BGP current state Current state of the peer. BGP current event Current event of the peer.
Field Description Local: both The local BGP router supports both the ORF sending and receiving capabilities. Negotiated: send Negotiation result: The local BGP router can send Router-refresh messages carrying the ORF information, and the peer can receive Router-refresh messages carrying the ORF information. (This field is not displayed if neither the send nor the receive capability is supported.) Peer Preferred Value Preferred value specified for the routes from the peer. BFD status: BFD • Enabled.
display bgp peer received ip-prefix Use display bgp peer received ip-prefix to display the prefix information in the ORF message from the specified BGP peer. Syntax display bgp peer ip-address received ip-prefix [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip-address: Specifies a BGP peer by its IP address. |: Filters command output by specifying a regular expression.
display bgp routing-table Use display bgp routing-table to display specified BGP routing information in the BGP routing table. Syntax display bgp routing-table [ ip-address [ { mask | mask-length } [ longer-prefixes ] ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip-address: Specifies a destination IP address. mask: Specifies a network mask, in dotted decimal notation.
Table 100 Command output Field Description Total Number of Routes Total Number of Routes. BGP Local router ID BGP local router ID. Status codes: Status codes • • • • • • • • * – valid—Valid route. ^ - VPNv4 best—Best VPNv4 route. > – best—Best route. d – damped—Dampened route. h – history—History route. i – internal—Internal route. s – suppressed—Suppressed route. S – Stale—Stale route. Origin attributes: Origin • i – IGP—Originated in the AS. • e – EGP—Learned through EGP.
Default command level 1: Monitor level Parameters as-path-acl-number: Displays routing information permitted by the AS path list, which is specifies with a number from 1 to 256. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display BGP CIDR routing information. display bgp routing-table cidr Total Number of Routes: 1 BGP Local router ID is 20.20.20.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? – incomplete *> Network NextHop MED 40.40.40.0/24 30.30.30.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display BGP routing information with the specified BGP community. display bgp routing-table community 11:22 BGP Local router ID is 10.10.10.
display bgp routing-table community-list 100 BGP Local router ID is 1.2.3.4 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, Origin codes: i - IGP, e - EGP, ? – incomplete Network NextHop Metric LocPrf PrefVal Path *> 3.3.3.0/30 1.2.3.4 0 ? *> 4.4.0.0/20 1.2.3.4 0 ? *> 4.5.6.0/26 1.2.3.4 0 ? For description of the fields, see Table 100.
Table 101 Command output Field Description From IP address from which the route was received. Reuse Reuse time of the route. For description of the other fields, see Table 100. display bgp routing-table dampening parameter Use display bgp routing-table dampening parameter to display BGP route dampening parameters.
Field Description Suppress-Limit Limit for a route to be suppressed. Related commands dampening display bgp routing-table different-origin-as Use display bgp routing-table different-origin-as to display BGP routes originating from different autonomous systems. Syntax display bgp routing-table different-origin-as [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
Syntax display bgp routing-table flap-info [ regular-expression as-regular-expression | [ as-path-acl as-path-acl-number | ip-address [ { mask | mask-length } [ longer-match ] ] ] [ | { begin | exclude | include } regular-expression ] ] Views Any view Default command level 1: Monitor level Parameters as-regular-expression: Displays route flap information that matches the AS path regular expression, which is a string of 1 to 80 characters.
Field Description Duration Duration time of the flap route. Reuse Reuse time of the route. For description of the other fields, see Table 100. display bgp routing-table label Use display bgp routing-table label to display labeled BGP routing information. Syntax display bgp routing-table label [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression.
display bgp routing-table peer Use display bgp routing-table peer to display BGP routing information advertised to or received from the specified BGP peer. Syntax display bgp routing-table peer ip-address { advertised-routes | received-routes } [ network-address [ mask | mask-length ] | statistic ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ip-address: Specifies an IP address of a peer.
Related commands display bgp peer display bgp routing-table regular-expression Use display bgp routing-table regular-expression to display BGP routing information matching the specified AS path regular expression. Syntax display bgp routing-table regular-expression as-regular-expression Views Any view Default command level 1: Monitor level Parameters as-regular-expression: AS path regular expression, a string of 1 to 80 characters.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display BGP routing statistics.
Default This function is enabled. Views BGP view, BGP-VPN instance view Default command level 2: System level Usage guidelines When the link to a directly connected EBGP peer is down, the router, with quick EBGP session reestablishment enabled, tears down the session to the peer, and then immediately reestablishes a session. If the function is not enabled, the router does not tear down the session until the holdtime times out.
ip-prefix-name: Name of an IP prefix list used to filter outgoing routing information, a string of 1 to 19 characters. direct: Filters direct routes. isis process-id: Filters routes redistributed from an IS-IS process. The ID is in the range of 1 to 65535. ospf process-id: Filters outgoing routes redistributed from the OSPF process with an ID from 1 to 65535. rip process-id: Filters outgoing routes redistributed from a RIP process. The ID is in the range of 1 to 65535. static: Filters static routes.
[Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0 [Sysname-acl-adv-3000] rule 100 deny ip [Sysname-acl-adv-3000] quit [Sysname] bgp 100 [Sysname-bgp] filter-policy 3000 export filter-policy import (BGP/BGP-VPN instance view) Use filter-policy import to configure the filtering of incoming routing information. Use undo filter-policy import to disable the filtering.
[Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] filter-policy 2000 import # Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter incoming route information. system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.
[Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] group test external [Sysname-bgp-ipv4-vpn1] peer test as-number 200 [Sysname-bgp-ipv4-vpn1] peer 10.1.1.1 group test [Sysname-bgp-ipv4-vpn1] peer 10.1.2.1 group test ignore-first-as Use ignore-first-as to configure BGP to ignore the first AS number of EBGP route updates. Use undo ignore-first-as to configure BGP to check the first AS number of EBGP route updates.
Parameters protocol: Redistributes routes from the specified routing protocol, which can be direct, isis, ospf, rip, or static.
[Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] import-route rip ipv4-family vpn-instance Use ipv4-family vpn-instance to associate the specified VPN instance with the IPv4 address family, and enter BGP-VPN instance view. Use undo ipv4-family vpn-instance to remove all configurations in BGP-VPN instance view.
Default command level 2: System level Examples # Enable BGP logging on peers going up and down. system-view [Sysname] bgp 100 [Sysname-bgp] log-peer-change network (BGP/BGP-VPN instance view) Use network to inject a network to the local BGP routing table. Use undo network to remove the configuration. Syntax network ip-address [ mask | mask-length ] [ route-policy route-policy-name ] undo network ip-address [ mask | mask-length ] Default No network route is injected.
[Sysname-bgp-ipv4-vpn1] network 10.0.0.0 255.255.0.0 network short-cut (BGP/BGP-VPN instance view) Use network short-cut to increase the preference of a received EBGP route. Use undo network short-cut to cancel the configuration. Syntax network ip-address [ mask | mask-length ] short-cut undo network ip-address [ mask | mask-length ] short-cut Default A received EBGP route has a preference of 255.
Syntax peer { group-name | ip-address } advertise-community undo peer { group-name | ip-address } advertise-community Default No community attribute is advertised to any peer group/peer. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ip-address: IP address of a peer. Examples # In BGP view, advertise the community attribute to peer group test.
Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies an IP address of a peer. Examples # In BGP view, advertise the extended community attribute to the peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] peer test advertise-ext-community # In BGP-VPN view, advertise the extended community attribute to the peer group test. (The VPN has been created.
Examples # In BGP view, configure the number of times the local AS number can appear in AS-path attribute of routes from peer 1.1.1.1 as 2. system-view [Sysname] bgp 100 [Sysname-bgp] peer 1.1.1.1 allow-as-loop 2 # In BGP-VPN instance view, configure the number of times for which the local AS number can appear in AS-path attribute of routes from peer 1.1.1.1 as 2. (The VPN has been created.
• Specify the AS number of the peer when adding it to the specified peer group by using the peer ip-address group group-name as-number as-number command. As an alternative, use the peer as-number command to specify the AS number of a peer group so that a newly added peer belongs to the AS. The AS number of a peer/peer group cannot be modified directly. To do so, you have to delete the peer/peer group and configure it again. Examples # In BGP view, specify peer group test in AS 100.
[Sysname-bgp] peer test as-path-acl 1 export # In BGP-VPN instance view, reference the AS path list 1 to filter routes outgoing to the peer group test. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer test as-path-acl 1 export Related commands • apply as-path • if-match as-path • ip as-path peer bfd Use peer bfd to enable BFD for a BGP peer. Use undo peer bfd to disable BFD for a BGP peer.
The following matrix shows the peer bfd command and hardware compatibility: Hardware Compatibility F1000-A-EI/F1000-S-EI No F1000-E No F5000 Yes F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules No Examples # Enable BFD for BGP peer 1.1.1.1. system-view [Sysname] bgp 100 [Sysname-bgp] peer 1.1.1.1 bfd peer capability-advertise conventional Use peer capability-advertise conventional to disable BGP multi-protocol extension and route refresh for a peer/peer group.
peer capability-advertise orf Use peer capability-advertise orf to enable the ORF capability for a BGP peer or peer group. Use undo peer capability-advertise orf to disable the ORF capability for the BGP peer or peer group. Syntax peer { group-name | ip-address } capability-advertise orf ip-prefix { both | receive | send } undo peer { group-name | ip-address } capability-advertise orf ip-prefix { both | receive | send } Default The ORF capability is not enabled for a BGP peer or peer group.
[Sysname-bgp] peer 18.10.0.9 as-number 100 [Sysname-bgp] peer 18.10.0.9 capability-advertise orf ip-prefix both The related configuration needs to be made on the peer. # In BGP-VPN instance view, enable the ORF capability for the BGP peer 18.10.0.9. Then, after negotiation, the local router can exchange ORF information with the peer 18.10.0.9. (vpn1 must have been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer 18.10.0.
# In BGP-VPN instance view, enable the non-standard ORF capability for the BGP peer 18.10.0.9 (suppose the BGP peer 18.10.0.9 can only send non-standard ORF messages). (vpn1 must have been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer 18.10.0.9 as-number 200 [Sysname-bgp-ipv4-vpn1] peer 18.10.0.9 capability-advertise orf non-standard [Sysname-bgp-ipv4-vpn1] peer 18.10.0.
peer capability-advertise suppress-4-byte-as Use peer capability-advertise suppress-4-byte-as to enable 4-byte AS number suppression. Use undo peer capability-advertise suppress-4-byte-as to disable the function. Syntax peer { group-name | ip-address } capability-advertise suppress-4-byte-as undo peer { group-name | ip-address } capability-advertise suppress-4-byte-as Default The 4-byte AS number suppression function is disabled.
undo peer { group-name | ip-address } connect-interface Default BGP uses the outbound interface of the best route to the BGP peer/peer group as the source interface for establishing a TCP connection to the peer/peer group. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string 1 to 47 characters. ip-address: IP address of a peer. interface-type interface-number: Specifies an interface by its type and number.
Default No default route is advertised to a peer/peer group. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. route-policy-name: Specifies the routing policy name, a case-sensitive string of 1 to 63 characters.
ip-address: Specifies the IP address of a peer. description-text: Specifies the description information for the peer/peer group, a string of 1 to 79 characters. Usage guidelines Create a peer/peer group before configuring a description for it. Examples # In BGP view, configure the description information of the peer group test as ISP1.
Examples # In BGP view, allow establishing the EBGP session with the peer group test that is on an indirectly connected network. system-view [Sysname] bgp 100 [Sysname-bgp] peer test ebgp-max-hop # In BGP-VPN instance view, allow establishing the EBGP session with the peer group test that is on an indirectly connected network. (The VPN has been created.
Use peer fake-as to configure a fake local AS number for a peer or peer group. Use undo peer fake-as to restore the default. Syntax peer { group-name | ip-address } fake-as as-number undo peer { group-name | ip-address } fake-as Default No fake local AS number is configured for a peer or peer group. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters.
Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. acl-number: Specifies the ACL number, in the range of 2000 to 3999. export: Applies the filter-policy to routes advertised to the peer/peer group. import: Applies the filter-policy to routes received from the peer/peer group. Examples # In BGP view, apply the ACL 2000 to filter routes advertised to the peer group test.
Usage guidelines If you have specified an AS number for the peer to be added, make sure that the as-number argument is consistent with the specified peer AS number. If you have not created the peer to be added, the system automatically creates the peer when you execute the command. Examples # In BGP view, add the peer 10.1.1.1 to the EBGP peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] group test external [Sysname-bgp] peer test as-number 2004 [Sysname-bgp] peer 10.1.1.
Examples # In BGP view, disable session establishment with peer 10.10.10.10. system-view [Sysname] bgp 100 [Sysname-bgp] peer 10.10.10.10 ignore # In BGP-VPN instance view, disable session establishment with peer 10.10.10.10. (The VPN has been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer 10.10.10.
[Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer test ip-prefix list1 export peer keep-all-routes (BGP/BGP-VPN instance view) Use peer keep-all-routes to save all route updates from a peer or peer group, regardless of whether the routes have passed the configured routing policy. Use undo peer keep-all-routes to disable this function. Syntax peer { group-name | ip-address } keep-all-routes undo peer { group-name | ip-address } keep-all-routes Default The function is not enabled.
Default The logging is enabled. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a string of 1 to 47 characters. ip-address: Specifies the IP address of a peer. Examples # In BGP view, enable the logging of session state and event information for peer group test.
Examples # In BGP view, set the next hop of routes advertised to peer group test to the router itself. system-view [Sysname] bgp 100 [Sysname-bgp] peer test next-hop-local # In BGP-VPN instance view, set the next hop of routes advertised to peer group test to the router itself.
Examples # In BGP view, perform MD5 authentication on the TCP connection set up between the local router 10.1.100.1 and the peer router 10.1.100.2. system-view [Sysname] bgp 100 [Sysname-bgp] peer 10.1.100.2 password simple aabbcc # Perform the similar configuration on the peer. system-view [Sysname] bgp 100 [Sysname-bgp] peer 10.1.100.1 password simple aabbcc # In BGP-VPN instance view, perform MD5 authentication on the TCP connection set up between the local router 10.1.100.
Usage guidelines Routes learned from a peer have an initial preferred value. Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the route to the destination. If you both reference a routing policy and use the peer { group-name | ip-address } preferred-value value command to set a preferred value for routes from a peer, the routing policy sets the specified preferred value for routes matching it.
Examples # In BGP view, carry no private AS number in BGP updates sent to the peer group test. system-view [Sysname] bgp 100 [Sysname-bgp] peer test public-as-only # In BGP-VPN instance view, carry no private AS number in BGP updates sent to the peer group test. (The VPN has been created.
Related commands • reflect between-clients • reflect cluster-id peer route-limit (BGP/BGP-VPN instance view) Use peer route-limit to specify the maximum number of routes that can be received from a peer or peer group. Use undo peer route-limit to cancel the configuration.
# In BGP-VPN instance view, specify the maximum number of routes that can be received from peer 129.140.6.6 to 10000, and configure the router to tear down the connection to the peer if the number is exceeded. (The VPN has been created.) system-view [Sysname] bgp 109 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer 129.140.6.6 as-number 110 [Sysname-bgp-ipv4-vpn1] peer 129.140.6.
[Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] peer test route-policy test-policy export peer route-update-interval (BGP/BGP-VPN instance view) Use peer route-update-interval to specify the interval for sending the same update to a peer or peer group. Use undo peer route-update-interval to restore the default value.
Syntax peer { group-name | ip-address } substitute-as undo peer { group-name | ip-address } substitute-as Default No AS number is replaced. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters group-name: Specifies the name of a peer group, a sting of 1 to 47 characters. ip-address: Specifies the IP address of a peer. Examples # In BGP view, substitute local AS number for AS number of peer 1.1.1.1. system-view [Sysname] bgp 100 [Sysname-bgp] peer 1.1.1.
ip-address: Specifies the IP address of a peer. keepalive: Specifies the keepalive interval in seconds, ranging from 0 to 21845. holdtime: Specifies the holdtime interval in seconds, whose value is 0 or in the range of 3 to 65535. Usage guidelines The timers configured with this command are preferred to the timers configured with the timer command. If the holdtime is configured as 0, no keepalive message is sent to the peer, and the peer connection never times out.
Syntax preference { external-preference internal-preference local-preference | route-policy route-policy-name } undo preference Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters external-preference: Preference of EBGP routes, in the range of 1 to 255. internal-preference: Preference of IBGP routes, in the range of 1 to 255. local-preference: Preference of local routes, in the range of 1 to 255.
Default command level 2: System level Usage guidelines After a route reflector is configured, it reflects the routes of a client to other clients. If the clients of a route reflector are fully meshed, disable route reflection between clients to reduce routing costs. Examples # Disable route reflection between clients. system-view [Sysname] bgp 100 [Sysname-bgp] undo reflect between-clients # In BGP-VPN instance view, disable route reflection between clients. (vpn1 must have been created.
Examples # Set the cluster ID to 80. system-view [Sysname] bgp 100 [Sysname-bgp] reflector cluster-id 80 # In BGP-VPN instance view, set the cluster ID to 80. (vpn1 must have been created.) system-view [Sysname] bgp 100 [Sysname-bgp] ipv4-family vpn-instance vpn1 [Sysname-bgp-ipv4-vpn1] reflector cluster-id 80 Related commands • peer reflect-client • reflect between-clients refresh bgp Use refresh bgp to perform soft reset on specified BGP sessions.
Examples # Perform inbound BGP soft reset. refresh bgp all import reset bgp Use reset bgp to reset specified BGP sessions. Syntax reset bgp { as-number | ip-address | all | external | group group-name | internal } Views User view Default command level 2: System level Parameters as-number: Resets BGP sessions to peers in the AS. ip-address: Specifies the IP address of a peer with which to reset the session. all: Resets all BGP sessions. external: Resets all the EBGP sessions.
Examples # Clear damping information of route 20.1.0.0/16 and release the suppressed route. reset bgp dampening 20.1.0.0 255.255.0.0 Related commands • dampening • display bgp routing-table dampened reset bgp flap-info Use reset bgp flap-info to clear the flap statistics of routes matching the specified filter.
Default command level 2: System level Examples # Reset all the BGP sessions of IPv4 unicast address family. reset bgp ipv4 all router id Use router id to configure a global router ID. Use undo router id to remove the global router ID. Syntax router id router-id undo router id Default No global router ID is configured. Views System view Default command level 2: System level Parameters router-id: Router ID, in the form of a dotted decimal IPv4 address.
Use undo router-id to remove the router ID. Syntax router-id router-id undo router-id Default A BGP router uses the global router ID. You can execute the router id command in system view to configure the global router ID. Views BGP view Default command level 2: System level Parameters router-id: Router ID in IP address format. Usage guidelines To run BGP protocol, a router must have a router ID, which is an unsigned 32-bit integer, the unique ID of the router in the AS.
Usage guidelines Neither the default route nor the routes imported using the network command can be summarized automatically. The summary automatic command helps BGP limit the number of routes redistributed from IGP to reduce the size of the routing table. Examples # In BGP view, enable automatic route summarization. system-view [Sysname] bgp 100 [Sysname-bgp] summary automatic # In BGP-VPN instance view, enable automatic summarization (the VPN has been created).
timer (BGP/BGP-VPN instance view) Use timer to configure the global keepalive interval and holdtime. Use undo timer to restore the default. Syntax timer keepalive keepalive hold holdtime undo timer Default The BGP keepalive interval and the holdtime are 60 seconds and 180 seconds, respectively. Views BGP view, BGP-VPN instance view Default command level 2: System level Parameters keepalive: Keepalive interval in seconds, ranging from 0 to 21845.
# In BGP view, configure both the BGP keepalive interval and holdtime as 0 seconds, indicating no peer connection will time out. system-view [Sysname] bgp 100 [Sysname-bgp] timer keepalive 0 hold 0 # In BGP-VPN instance view, configure both the keepalive interval and holdtime for all BGP sessions in vpn1 as 0 seconds, indicating no peer connection will time out. (vpn1 must have been created.
Basic IP routing commands display ip routing-table Use display ip routing-table to display brief information about active routes in the routing table. Use display ip routing-table verbose to display detailed information about all routes in the routing table.
1.1.2.0/24 Direct 0 0 1.1.2.1 GE0/1 1.1.2.1/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.0/24 OSPF 2 1.1.2.2 GE0/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.0.0/24 Direct 0 0 192.168.0.1 VT1 192.168.0.1/32 Direct 0 0 127.0.0.1 InLoop0 10 Table 105 Command output Field Description Destinations Number of destination addresses. Routes Number of routes. Destination/Mask Destination address/mask length.
Tag: 0 Destination: 2.2.2.0/24 Protocol: OSPF Preference: 10 IpPrecedence: NextHop: 1.1.2.2 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Process ID: 1 Cost: 2 QosLcId: Interface: GigabitEthernet0/2 BkInterface: Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h00m53s Tag: 0 Destination: 127.0.0.0/8 Protocol: Direct Preference: 0 IpPrecedence: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.
Tag: 0 Destination: 192.168.0.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 IpPrecedence: QosLcId: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 Interface: InLoopBack0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active NoAdv Age: 06h46m35s Tag: 0 Displayed first are statistics for the whole routing table, followed by detailed description of each route (in sequence).
Field Description Route status: • • • • • Active—This is an active unicast route. Adv—This route can be advertised. Delete—This route is deleted. Gateway—This is an indirect route. Holddown—Number of holddown routes. Holddown is a route advertisement policy used in some routing protocols, such as RIP, to avoid the propagation of some incorrect routes. It distributes a Holddown route during a period regardless of whether a new route to the same destination is found.
acl-number: Specifies a basic ACL by its number in the range of 2000 to 2999. verbose: Displays detailed information about all routes permitted by the basic ACL. Without this argument, the command displays only brief information about active routes permitted by the basic ACL. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
RelyNextHop: 0.0.0.0 Neighbor: 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h25m32s Tag: 0 Destination: 10.1.1.2/32 Protocol: Direct Preference: 0 IpPrecedence: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Process ID: 0 Cost: 0 QosLcId: Interface: InLoopBack0 BkInterface: Neighbor: 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active NoAdv Age: 1d00h41m34s Tag: 0 Destination: 10.1.2.
RelyNextHop: 0.0.0.0 Neighbor: 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h05m31s Tag: 0 Destination: 10.1.3.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 IpPrecedence: QosLcId: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 Interface: InLoopBack0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor: 0.0.0.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Summary Count : 3 Destination/Mask Proto 11.0.0.0/8 11.1.0.0/16 Pre Cost NextHop Interface Static 60 0 0.0.0.0 NULL0 Static 60 0 0.0.0.0 NULL0 # Display brief information about the routes with destination IP address 11.0.0.1 and the longest mask length. display ip routing-table 11.0.0.1 longer-match Routing Table : Public Summary Count : 1 Destination/Mask Proto Pre 11.0.0.0/24 Static 60 Cost NextHop Interface 0 0.0.0.
Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters. Without this option, the command displays routing information for the public network. ip-prefix-name: Specifies an IP prefix list by its name, a string of 1 to 19 characters. verbose: Displays detailed information about all routes permitted by the IP prefix list.
NextHop: 2.2.2.1 BkNextHop: 0.0.0.0 Interface: Vlan-interface2 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 1d00h20m52s Tag: 0 Destination: 2.2.2.1/32 Protocol: Direct Process ID: 0 Preference: 0 Cost: 0 IpPrecedence: QosLcId: NextHop: 127.0.0.1 BkNextHop: 0.0.0.0 Interface: InLoopBack0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.
Hardware Protocol keywords VPN firewall modules bgp, direct, ospf, rip, static, and guard 20-Gbps VPN firewall modules bgp, direct, ospf, rip, static, and guard inactive: Displays information about only inactive routes. Without this argument, the command displays information about all routes. verbose: Displays detailed routing table information. Without this argument, the command displays brief routing table information. |: Filters command output by specifying a regular expression.
Summary Count : 2 Destination/Mask Proto Pre Cost NextHop Interface 1.2.3.0/24 Static 60 0 1.2.4.5 Vlan10 3.0.0.0/8 Static 60 0 2.2.2.2 GE0/1 For command output, see Table 105. display ip routing-table statistics Use display ip routing-table statistics to display IPv4 route statistics.
Field Description active Number of active routes from the origin. added Number of routes added into the routing table since the router started up or the routing table was last cleared. deleted Number of routes marked as deleted, which will be cleared after a period. freed Number of routes that got freed (removed permanently) Total Total number of routes. reset ip routing-table statistics protocol Use reset ip routing-table statistics protocol to clear IPv4 route statistics.
reset ipv6 routing-table statistics Use reset ipv6 routing-table statistics to clear IPv6 route statistics. Syntax reset ipv6 routing-table statistics protocol [ vpn-instance vpn-instance-name ] { protocol | all } Views User view Default command level 2: System level Parameters vpn-instance vpn-instance-name: Clears route statistics for a VPN specified by its name, a case-sensitive string of 1 to 31 characters. Without this option, the command clears routing statistics for the public network.
Policy-based routing commands apply default output-interface Use apply default output-interface to set a default output interface. Use undo apply default output-interface to remove the configuration.
Syntax apply ip-address default next-hop ip-address [ track track-entry-number ] [ ip-address [ track track-entry-number ] ] undo apply ip-address default next-hop [ ip-address [ ip-address ] ] Views Policy node view Default command level 2: System level Parameters ip-address: Specifies the default next hop IP address. track track-entry-number: Specifies a track entry by its number, in the range of 1 to 1024.
Usage guidelines You can specify up to two next hops by performing this command once or twice. With a next hop specified, the undo apply ip-address next-hop command removes the specified next hop. Without any next hop specified, the undo apply ip-address next-hop command removes all next hops. Examples # Set a directly-connected next hop of 1.1.1.1. system-view [Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] apply ip-address next-hop 1.1.1.
system-view [Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] apply ip-precedence critical apply output-interface Use apply output-interface to set output interfaces for packets. Use undo apply output-interface to remove the configuration.
Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
interface interface-type interface-number: Displays the PBR configuration on the specified interface. local: Displays the local PBR information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
display ip policy-based-route statistics Use display ip policy-based-route statistics to display PBR statistics. Syntax display ip policy-based-route statistics { interface interface-type interface-number | local } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface interface-type interface-number: Displays the statistics of PBR on the specified interface. local: Displays the statistics of local PBR.
Field Description apply output-interface Output interface. matched Matching packets on the node. Total matched Total matching packets on all nodes. display policy-based-route Use display policy-based-route to display PBR policy information. Syntax display policy-based-route [ policy-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters policy-name: Displays information about the specified policy.
Field Description apply output-interface Specify the output interface. if-match acl Use if-match acl to configure an ACL match criterion. Use undo if-match acl to remove the ACL match criterion. Syntax if-match acl acl-number undo if-match acl Views Policy node view Default command level 2: System level Parameters acl-number: Specifies the ACL number, in the range of 2000 to 3999. The number of a basic ACL ranges from 2000 to 2999 and that of an advanced ACL ranges from 3000 to 3999.
Examples # Match the packets with a length from 100 to 200 bytes. system-view [Sysname] policy-based-route aa permit node 11 [Sysname-pbr-aa-11] if-match packet-length 100 200 ip local policy-based-route Use ip local policy-based-route to configure local PBR based on a specified policy. Use undo ip local policy-based-route to remove the configuration. Syntax ip local policy-based-route policy-name undo ip local policy-based-route policy-name Default No policy is referenced for local PBR.
Views Interface view Default command level 2: System level Parameters policy-name: Specifies a policy by its name, a string of 1 to 19 characters. Usage guidelines You can apply only one policy on an interface PBR. If you perform this command multiple times, only the last specified policy takes effect. Examples # Apply policy aaa on GigabitEthernet 0/1.
reset policy-based-route statistics Use reset policy-based-route statistics to clear PBR statistics. Syntax reset policy-based-route statistics [ policy-name ] Views User view Default command level 1: Monitor level Parameters policy-name: Specifies a policy by its name, a string of 1 to 19 characters. Usage guidelines If no policy is specified, this command clears all the PBR statistics. Examples # Clear all PBR statistics.
Multicast routing and forwarding commands The term "router" in this document refers to both routers and routing-capable firewalls. delete ip rpf-route-static Use delete ip rpf-route-static to delete all static multicast routes. Syntax delete ip rpf-route-static Views System view Default command level 2: System level Examples # Delete all static multicast routes on the public network.
interface-type interface-number: Specifies an interface by its type and number. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
mask: Specifies the mask of the multicast group address or multicast source address, 255.255.255.255 by default. mask-length: Specifies the mask length of the multicast group address or multicast source address. For a multicast group address, this argument has an effective value range of 4 to 32. For a multicast source address, this argument has an effective value range of 0 to 32. The system default is 32 in both cases.
Forwarded 19648 packets(20512512 bytes) Table 114 Command output Field Description Multicast Forwarding Table of VPN-Instance: public net Multicast forwarding table for the public network. Total 1 entry Total number of (S, G) entries in the multicast forwarding table. Total 1 entry matched Total number of matched (S, G) entries in the multicast forwarding table. 00001 Sequence number of the (S, G) entry. (172.168.0.2,227.0.0.1) An (S, G) entry of the multicast forwarding table.
Table 116 Major values of the flags field (after the colon) Value Meaning 0 Indicates that the entry does not belong to the main board, or the main board has synchronized the entry to other cards. 1 Indicates that the main board will synchronize the incoming interface information of the entry to other cards. 2 Indicates that the main board will synchronize the outgoing interface information of the entry to other cards.
incoming-interface: Displays the multicast routing entries, where the incoming interface is the specified one. interface-type interface-number: Specifies an interface by its type and number. register: Displays the multicast routing entries, where the incoming interface is the specified register interface of PIM-SM. outgoing-interface: Displays the multicast routing entries, where the outgoing interface is the specified one.
Field Description Uptime Length of time for which the (S, G) entry has been up, in the format hh:mm:ss. Upstream interface Upstream interface the (S, G) entry: multicast packets should arrive at this interface. List of 2 downstream interfaces Downstream interface list: these interfaces need to forward multicast packets.
Running Configuration = ip rpf-route-static 10.10.0.0 16 2.2.2.2 order 1 Table 118 Command output Field Description Multicast Routing Table of VPN-Instance: public net Multicast routing table for the public network. Mroute Multicast route source address and its mask length. Interface Outgoing interface to the multicast source. RPF Neighbor IP address of the RPF neighbor through which the multicast source is reachable. Route-policy Routing policy.
RPF interface: GigabitEthernet0/1, RPF neighbor: 10.1.1.1 Referenced route/mask: 192.168.1.0/24 Referenced route type: igp Route selection rule: preference-preferred Load splitting rule: disable Table 119 Command output Field Description RPF information about source 192.168.1.55 Information of the RPF path to multicast source 192.168.1.55. RPF interface RPF interface. If the RPF interface is an interface in another VPN, the VPN name is displayed. RPF neighbor IP address of the RPF neighbor.
Views System view Default command level 2: System level Parameters source-address: Specifies a multicast source address. mask: Specifies the mask of the multicast source address. mask-length: Specifies the mask length of the multicast source address, in the range of 0 to 32. protocol: Routing protocol, which can have any of the following values: • bgp: Specifies the BGP protocol. • isis: Specifies the IS-IS protocol. • ospf: Specifies the OSPF protocol. • rip: Specifies the RIP protocol.
When you configure a static multicast route, the system first examines whether any of these argument exists. If the system finds a match, you must modify the corresponding fields without changing the configuration sequence. Otherwise, the system adds a static multicast route.
Type Ctrl+C to quit mtrace facility Tracing reverse path of (6.6.6.6, 225.2.1.1) from last-hop router (5.5.5.8) to source via multicast routing-table -1 5.5.5.8 Incoming interface address: 4.4.4.8 Previous-hop router address: 4.4.4.7 Input packet count on incoming interface: 17837 Output packet count on outgoing interface: 0 Total number of packets for this source-group pair: 8000 Protocol: PIM Forwarding TTL: 0 Forwarding code: No error -2 4.4.4.7 Incoming interface address: 6.6.6.
Use undo multicast boundary to remove a multicast forwarding boundary. Syntax multicast boundary group-address { mask | mask-length } undo multicast boundary { group-address { mask | mask-length } | all } Default No multicast forwarding boundary is configured. Views Interface view Default command level 2: System level Parameters group-address: Specifies a multicast group address, in the range of 224.0.0.0 to 239.255.255.255. mask: Specifies the mask of the multicast group address.
Default The maximum number of downstream nodes for a single multicast forwarding entry is 128. Views System view Default command level 2: System level Parameters limit: Specifies the maximum number of downstream nodes (namely, the maximum number of outgoing interfaces) for a single multicast forwarding entry. The value ranges from 0 to 128. Examples # Set the maximum number of downstream nodes for a single multicast forwarding entry on the public network to 120.
Related commands display multicast forwarding-table multicast load-splitting Use multicast load-splitting to enable load splitting of multicast traffic. Use undo multicast load-splitting to disable load splitting of multicast traffic. Syntax multicast load-splitting { source | source-group } undo multicast load-splitting Default Load splitting of multicast traffic is disabled. Views System view Default command level 2: System level Parameters source: Specifies load splitting on a per-source basis.
Default command level 2: System level Examples # Configure the device to select the RPF route based on the longest match principle on the public network. system-view [Sysname] multicast longest-match multicast routing-enable Use multicast routing-enable to enable IP multicast routing. Use undo multicast routing-enable to disable IP multicast routing. Syntax multicast routing-enable undo multicast routing-enable Default IP multicast routing is disabled.
Parameters source-address: Specifies a multicast source address. group-address: Specifies a multicast group address, in the range of 224.0.0.0 to 239.255.255.255. mask: Specifies the mask of the multicast group address or multicast source address, 255.255.255.255 by default. mask-length: Specifies the mask length of the multicast group address or multicast source address. For a multicast group address, this argument has an effective value range of 4 to 32.
mask: Specifies the mask of the multicast group address or multicast source address, 255.255.255.255 by default. mask-length: Specifies the mask length of the multicast group address or multicast source address. For a multicast group address, this argument has an effective value range of 4 to 32. For a multicast source address, this argument has an effective value range of 0 to 32. The system default is 32 in both cases.
IGMP commands The term "router" in this document refers to both routers and routing-capable firewalls. display igmp group Use display igmp group to display IGMP group information. Syntax display igmp group [ group-address | interface interface-type interface-number ] [ static | verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters group-address: Specifies a multicast group address, in the range of 224.0.1.0 to 239.255.255.255.
225.1.1.2 10.10.1.10 00:02:04 00:01:17 # Display detailed information about the IGMP group 225.1.1.1 that the interfaces statically joined on the public network. display igmp group 225.1.1.1 verbose Interface group report information of VPN-Instance: public net GigabitEthernet0/1(10.10.1.20): Total 3 IGMP Groups reported Group: 225.1.1.1 Uptime: 00:00:34 Expires: 00:00:40 Last reporter: 10.10.1.
display igmp host interface Use display igmp host interface to display information about the hosts tracked by IGMP on the specified interface. Syntax display igmp host interface interface-type interface-number group group-address [ source source-address ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. group group-address: Specifies an IGMP group.
Field Description Uptime Host running duration. Expires Host expiration time, where "timeout" means that the host has expired. display igmp interface Use display igmp interface to display IGMP configuration and operation information of the specified interface or all IGMP-enabled interfaces.
IGMP activity: 1 joins, 0 leaves Multicast routing on this interface: enabled Robustness: 2 Require-router-alert: disabled Fast-leave: disabled Ssm-mapping: disabled Startup-query-timer-expiry: off Other-querier-present-timer-expiry: off Proxying interface: GigabitEthernet0/2(20.10.1.20) Total 1 IGMP Group reported # Display detailed IGMP configuration and operation information on GigabitEthernet 0/2 (upstream interface) on the public network.
Field Description Ssm-mapping IGMP SSM mapping status (enabled/disabled). Startup-query-timer-expiry Remaining time of the startup query timer, where "off" means that the timer never expires. Other-querier-present-timer-expiry Remaining time of the other querier present timer, where "off" means that the timer never expires. Proxying interface IGMP proxy interface, where "none" means that no proxy interface exists.
Proxying group record(s) information of VPN-Instance: public net Total 1 IGMP-Proxying group record(s) Group Address Member state Expires 225.1.1.1 Delay 00:01:15 # Display the detailed information of IGMP proxying group 225.1.1.1 on the public network. display igmp proxying group 225.1.1.1 verbose Proxying group record(s) information of VPN-Instance: public net Total 1 IGMP-Proxying group record(s) Group: 225.1.1.
Parameters source-address: Specifies a multicast source address. group-address: Specifies a multicast group address, in the range of 224.0.1.0 to 239.255.255.255. mask: Specifies the mask of the multicast group address or multicast source address, 255.255.255.255 by default. mask-length: Specifies the mask length of the multicast group address or multicast source address. For a multicast source address, this argument has an effective value range of 0 to 32.
Field Description (*, 225.1.1.1) A (*, G) entry of the IGMP routing table. IGMP route flags: • ACT—Indicates IGMP routing entries that have been used for forwarding data packets but have the multicast group address out of the SSM group range. Flag • SUC—Indicates IGMP routing entries that have been added to the forwarding table and have the multicast group address within the SSM group range.
1.2.3.4 5.5.5.5 10.1.1.1 100.1.1.10 Table 126 Command output Field Description VPN-Instance: public net Public network. Group Multicast group address. Source list List of multicast source addresses. Related commands ssm-mapping display igmp ssm-mapping group Use display igmp ssm-mapping group to display the multicast group information created based on the configured IGMP SSM mappings.
Examples # Display detailed information about multicast group 232.1.1.1 created based on the configured IGMP SSM mappings on the public network. display igmp ssm-mapping group 232.1.1.1 verbose Interface group report information of VPN-Instance: public net GigabitEthernet0/1(10.10.10.10): Total 1 IGMP SSM-mapping Group reported Group: 232.1.1.1 Uptime: 00:00:31 Expires: off Last reporter: 1.1.1.1 Version1-host-present-timer-expiry: off Source list(Total 1 source): Source: 1.1.1.
Syntax display igmp ssm-mapping host interface interface-type interface-number group group-address source source-address [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type interface-number: Specifies an interface by its type and number. group group-address: Specifies a multicast group. The value of group-address ranges from 224.0.1.0 to 239.255.255.255. source source-address: Specifies a multicast source.
fast-leave (IGMP view) Use fast-leave to enable fast-leave processing globally. Use undo fast-leave to disable fast-leave processing globally. Syntax fast-leave [ group-policy acl-number ] undo fast-leave Default Fast-leave processing is disabled, and the IGMP querier sends IGMP group-specific queries or IGMP group-and-source-specific queries after receiving an IGMP leave message from a host, instead of sending a leave notification directly to the upstream.
Default command level 2: System level Usage guidelines Related command: igmp host-tracking. Examples # Enable the IGMP host tracking function globally on the public network. system-view [Sysname] igmp [Sysname-igmp] host-tracking igmp Use igmp to enter public network IGMP view. Use undo igmp to remove configurations in public network IGMP view.
Default IGMP is disabled on all interfaces. Views Interface view Default command level 2: System level Usage guidelines IP multicast routing must be enabled before this command can take effect. IGMP must be enabled on an interface before any other IGMP feature configured on the interface can take effect. Examples # Enable IP multicast routing on the public network, and enable IGMP on GigabitEthernet 0/1.
Related commands • fast-leave (IGMP view) • fast-leave (IGMP-snooping view) • igmp last-member-query-interval • igmp-snooping fast-leave Examples # Enable fast-leave processing on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp fast-leave igmp group-limit Use igmp group-limit to configure the maximum number of multicast groups that an interface can join. Use undo igmp group-limit to restore the default.
If the configured limit value is smaller than the number of the existing multicast groups on the current interface, the system does not automatically remove the multicast groups in excess. To bring this configuration into effect in this case, you need to use the reset igmp group command to clear the IGMP group information manually. Examples # Allow GigabitEthernet 0/1 to join up to 128 multicast groups.
[Sysname-acl-basic-2005] quit [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp group-policy 2005 Related commands group-policy (IGMP-snooping view) igmp host-tracking Use igmp host-tracking to enable the IGMP host tracking function on an interface. Use undo igmp host-tracking to disable the IGMP host tracking function on an interface Syntax igmp host-tracking undo igmp host-tracking Default This function is disabled.
Default command level 2: System level Parameters interval: Specifies an IGMP last-member query interval in seconds, in the range of 1 to 5. Examples # Set the IGMP last-member query interval to 3 seconds on GigabitEthernet 0/1.
igmp proxying enable Use igmp proxying enable to enable IGMP proxying on an interface. Use undo igmp proxying enable to disable IGMP proxying on the interface. Syntax igmp proxying enable undo igmp proxying enable Default IGMP proxying is disabled. Views Interface view Default command level 2: System level Usage guidelines This command takes effect only after IP multicast routing is enabled.
Default command level 2: System level Examples # Enable the multicast forwarding capability on GigabitEthernet 0/1, a non-querier downstream interface on the IGMP proxy device. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp proxying forwarding igmp require-router-alert Use igmp require-router-alert to configure the interface to discard IGMP messages that do not carry the Router-Alert option. Use undo igmp require-router-alert to restore the default.
Default The IGMP querier's robustness variable is 2. Views Interface view Default command level 2: System level Parameters robust-value: IGMP querier's robustness variable, in the range of 2 to 5. Usage guidelines The IGMP querier's robustness variable defines the maximum number of attempts for transmitting IGMP general queries, group-specific queries or group-and-source-specific queries in case of packet loss due to network problems.
undo igmp send-router-alert Default IGMP messages are sent with the Router-Alert option. Views Interface view Default command level 2: System level Examples # Disable insertion of the Router-Alert option into IGMP messages that leave GigabitEthernet 0/1.
Syntax igmp startup-query-count value undo igmp startup-query-count Default The startup query count is set to the IGMP querier's robustness variable. Views Interface view Default command level 2: System level Parameters value: Startup query count, namely, the number of queries the IGMP querier sends on startup, in the range of 2 to 5. Examples # Set the startup query count to 3 on GigabitEthernet 0/1.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] igmp startup-query-interval 5 Related commands • igmp timer query • startup-query-interval igmp static-group Use igmp static-group to configure the current interface as a static member of the specified multicast group or the specified multicast source and group. Use undo igmp static-group to restore the default.
Related commands igmp-snooping static-group igmp timer other-querier-present Use igmp timer other-querier-present to configure the IGMP other querier present interval on the current interface. Use undo igmp timer other-querier-present to restore the default.
Default The IGMP general query interval is 60 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies an IGMP general query interval in seconds, namely, the interval between IGMP general queries. The value ranges from 1 to 18000. Examples # Set the IGMP general query interval to 125 seconds on GigabitEthernet 0/1.
Related commands version last-member-query-interval (IGMP view) Use last-member-query-interval to configure the global IGMP last-member query interval. Use undo last-member-query-interval to restore the default. Syntax last-member-query-interval interval undo last-member-query-interval Default The IGMP last-member query interval is 1 second. Views Public network IGMP view Default command level 2: System level Parameters interval: Last-member query interval in seconds, in the range of 1 to 5.
Default command level 2: System level Parameters interval: Specifies the maximum response time for IGMP general queries in seconds, in the range of 1 to 25. Examples # Set the maximum response time for IGMP general queries to 8 seconds globally on the public network.
reset igmp group Use reset igmp group to remove the dynamic group entries of a specified IGMP group or all IGMP groups. Syntax reset igmp group { all | interface interface-type interface-number { all | group-address [ mask { mask | mask-length } ] [ source-address [ mask { mask | mask-length } ] ] } } Views User view Default command level 2: System level Parameters all: Specifies all interfaces (the first all) or all IGMP groups (the second all).
Views User view Default command level 2: System level Parameters all: Specifies all interfaces (the first all) or all IGMP groups created based on the configured IGMP SSM mappings (the second all). interface-type interface-number: Specifies an interface by its type and number. group-address: Specifies a multicast group by its IP address, in the range of 224.0.0.0 to 239.255.255.255. source-address: Specifies a multicast source by its IP address.
Usage guidelines The IGMP querier's robustness variable defines the maximum number of attempts for transmitting IGMP general queries, group-specific queries or group-and-source-specific queries in case of packet loss due to network problems. A higher robustness variable makes the IGMP querier more robust, but results in longer multicast group timeout time.
Examples # Globally disable the insertion of the Router-Alert option in IGMP messages to be sent on the public network. system-view [Sysname] igmp [Sysname-igmp] undo send-router-alert Related commands • igmp send-router-alert • require-router-alert ssm-mapping (IGMP view) Use ssm-mapping to configure an IGMP SSM mapping. Use undo ssm-mapping to remove one or all IGMP SSM mappings.
startup-query-count (IGMP view) Use startup-query-count to configure the startup query count globally. Use undo startup-query-count to restore the default. Syntax startup-query-count value undo startup-query-count Default The startup query count is set to the IGMP querier's robustness variable. Views Public network IGMP view Default command level 2: System level Parameters value: Specifies a startup query count, namely, the number of queries that the IGMP querier sends on startup.
Parameters interval: Specifies a startup query interval in seconds, namely, the interval between general queries that the IGMP querier sends on startup. The value ranges from 1 to 18000. Examples # Set the startup query interval to 5 seconds globally on the public network.
timer query (IGMP view) Use timer query to configure the IGMP general query interval globally. Use undo timer query to restore the default. Syntax timer query interval undo timer query Default The IGMP general query interval is 60 seconds. Views Public network IGMP view Default command level 2: System level Parameters interval: Specifies an IGMP general query interval in seconds, namely, interval between IGMP general queries. The value ranges from 1 to 18000.
Default command level 2: System level Parameters version-number: Specifies an IGMP version, in the range of 1 to 3. Examples # Set the global IGMP version to IGMPv1 on the public network.
PIM commands The term "router" in this document refers to both routers and routing-capable firewalls. auto-rp enable Use auto-rp enable to enable auto-RP. Use undo auto-rp enable to disable auto-RP. Syntax auto-rp enable undo auto-rp enable Default Auto-RP is disabled. Views Public network PIM view Default command level 2: System level Examples # Enable auto-RP on the public network.
Default command level 2: System level Usage guidelines Disable the BSM semantic fragmentation function if a device that does not support this function exists in the PIM-SM domain. Examples # Disable BSM semantic fragmentation on the public network. system-view [Sysname] pim [Sysname-pim] undo bsm-fragment enable Related commands c-bsr admin-scope bsr-policy (PIM view) Use bsr-policy to configure a legal BSR address range to guard against BSR spoofing.
c-bsr (PIM view) Use c-bsr to configure the specified interface as a C-BSR. Use undo c-bsr to remove the related C-BSR configuration. Syntax c-bsr interface-type interface-number [ hash-length [ priority ] ] undo c-bsr Default No C-BSR is configured. Views Public network PIM view Default command level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. hash-length: Specifies a hash mask length, in the range of 0 to 32.
Default BSR administrative scoping is disabled. Namely, only one BSR exists in a PIM-SM domain. Views Public network PIM view Default command level 2: System level Examples # Enable administrative scoping on the public network. system-view [Sysname] pim [Sysname-pim] c-bsr admin-scope Related commands • c-bsr • c-bsr global • c-bsr group c-bsr global Use c-bsr global to configure a C-BSR for the global-scoped zone.
[Sysname-pim] c-bsr global priority 1 Related commands • c-bsr group • c-bsr hash-length • c-bsr priority c-bsr group Use c-bsr group to configure a C-BSR for the admin-scoped zone associated with the specified group. Use undo c-bsr group to remove the C-BSR configuration for the admin-scoped zone associated with the specified group.
• c-bsr priority c-bsr hash-length (PIM view) Use c-bsr hash-length to configure the global hash mask length. Use undo c-bsr hash-length to restore the default. Syntax c-bsr hash-length hash-length undo c-bsr hash-length Default The hash mask length is 30. Views Public network PIM view Default command level 2: System level Parameters hash-length: Hash mask length, in the range of 0 to 32. Examples # Set the global hash mask length to 16 on the public network.
Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a BS timeout timer in seconds. The value ranges from 1 to 2147483647. Examples # Set the BS timeout timer to 150 seconds on the public network. system-view [Sysname] pim [Sysname-pim] c-bsr holdtime 150 Related commands • c-bsr • c-bsr interval c-bsr interval (PIM view) Use c-bsr interval to configure the BS period, namely, the interval at which the BSR sends bootstrap messages.
• c-bsr holdtime c-bsr priority (PIM view) Use c-bsr priority to configure the global C-BSR priority. Use undo c-bsr priority to restore the default. Syntax c-bsr priority priority undo c-bsr priority Default The C-BSR priority is 64. Views Public network PIM view Default command level 2: System level Parameters priority: Specifies the priority of the C-BSR, in the range of 0 to 255. A larger value indicates a higher priority. Examples # Set the global C-BSR priority to 5 on the public network.
Views Public network PIM view Default command level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. acl-number: Specifies a basic ACL, in the range of 2000 to 2999. This ACL defines a range of multicast groups the C-RP is going to serve, rather than defining a filtering rule.
undo c-rp advertisement-interval Default The C-RP-Adv interval is 60 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a C-RP-Adv interval in seconds. The value ranges from 1 to 65535. Examples # Set the global C-RP-Adv interval to 30 seconds on the public network.
Examples # Set the global C-RP timeout timer to 200 seconds on the public network. system-view [Sysname] pim [Sysname-pim] c-rp holdtime 200 Related commands • c-bsr interval • c-rp crp-policy (PIM view) Use crp-policy to configure a legal C-RP address range and the range of served multicast groups, in order to guard against C-RP spoofing. Use undo crp-policy to remove the restrictions in C-RP address ranges and the ranges of served multicast groups.
[Sysname] pim [Sysname-pim] crp-policy 3000 Related commands c-rp display pim bsr-info Use display pim bsr-info to display BSR information in the PIM domain and the local effective C-RP information. Syntax display pim bsr-info [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Advertisement Interval: 60 Next advertisement scheduled at: 00:00:48 Candidate RP: 3.3.3.3(GigabitEthernet0/1) Priority: 200 HoldTime: 90 Advertisement Interval: 50 Next advertisement scheduled at: 00:00:28 Candidate RP: 5.5.5.5(GigabitEthernet0/2) Priority: 192 HoldTime: 80 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:48 Table 129 Command output Field Description VPN-Instance: public net Public network. Elected BSR Address Address of the elected BSR.
Default command level 1: Monitor level Parameters source-address: Specifies a multicast source. If you do not provide this argument, this command displays information about all unicast routes that PIM uses. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description The (S,G) or (*,G) list dependent on this route entry (S,G) or (*, G) entry list dependent on this RPF route. display pim control-message counters Use display pim control-message counters to display the statistics for PIM control messages.
PIM global control-message counters: Received Sent Invalid Register 20 37 2 Register-Stop 25 20 1 Probe 10 5 0 PIM control-message counters for interface: GigabitEthernet0/1 Received Sent Invalid Assert 10 5 0 Graft 20 37 2 Graft-Ack 25 20 1 Hello 1232 453 0 Join/Prune 15 30 21 State-Refresh 8 7 1 BSR 3243 589 1 C-RP 53 32 0 Table 131 Command output Field Description VPN-Instance: public net Public network.
Syntax display pim grafts [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters interface-type interface-number: Specifies an interface by its type and number. verbose: Displays the detailed PIM information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
PIM neighbor tracking (configured): disabled PIM generation ID: 0xF5712241 PIM require generation ID: disabled PIM hello hold interval: 105 s PIM assert hold interval: 180 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PIM J/P hold interval: 210 s PIM BSR domain border: disabled Number of routers on network not using DR priority: 0 Number of routers on network not using LAN delay: 0 Number of routers on network not using neighbor tracking: 2 Table 134 Command output Field Description VPN-Instanc
Field Description Number of routers on network not using LAN delay Number of routers not using the LAN delay field on the subnet where the interface resides. Number of routers on network not using neighbor tracking Number of routers not using neighbor tracking on the subnet where the interface resides. display pim join-prune Use display pim join-prune to display information about the join/prune messages to send.
------------------------------------------------------------------------Total (*, G) join(s): 1, (S, G) join(s): 0, (S, G, rpt) prune(s): 1 Table 135 Command output Field Description VPN-Instance: public net Public network. Expiry Time: Expiry time of sending join/prune messages. Upstream nbr: IP address of the upstream PIM neighbor and the interface that connects to it. (*, G) join(s) Number of (*, G) joins to send. (S, G) join(s) Number of (S, G) joins to send.
10.1.1.2 GE0/1 02:50:49 00:01:31 1 B 20.1.1.2 GE0/2 02:49:39 00:01:42 1 B # On the public network, display detailed information about the PIM neighbor whose IP address is 11.110.0.20. display pim neighbor 11.110.0.20 verbose VPN-Instance: public net Neighbor: 11.110.0.
Syntax display pim routing-table [ group-address [ mask { mask-length | mask } ] | source-address [ mask { mask-length | mask } ] | incoming-interface [ interface-type interface-number | register ] | outgoing-interface { include | exclude | match } { interface-type interface-number | register } | mode mode-type | flags flag-value | fsm ] * [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters group-address: Specifies a multicast group addr
• nonbr: Specifies PIM routing entries with PIM neighbor searching failure. • rpt: Specifies PIM routing entries on RPT branches where (S, G) prunes have been sent to the RP. • spt: Specifies PIM routing entries on the SPT. • sq: Specifies PIM routing entries of the originator side of switch-MDT switchover. • swt: Specifies PIM routing entries in the process of RPT-to-SPT switchover. • wc: Specifies wildcard routing entries. fsm: Displays the information of the state machine.
UpTime: 02:54:43 Upstream interface: GigabitEthernet0/1 Upstream neighbor: NULL RPF prime neighbor: NULL Join/Prune FSM: [SPT: J] [RPT: NP] Downstream interface(s) information: Total number of downstreams: 1 1: GigabitEthernet0/2 Protocol: pim-sm, UpTime: 02:54:43, Expires: 00:02:47 DR state: [DR] Join/Prune FSM: [NI] Assert FSM: [NI] FSM information for non-downstream interfaces: None Table 137 Command output Field Description VPN-Instance: public net Public network.
Field Description RPF neighbor of the (S, G) or (*, G) entry: RPF prime neighbor • For a (*, G) entry, if this router is the RP, the RPF neighbor of this (*, G) entry is NULL. • For a (S, G) entry, if this router directly connects to the multicast source, the RPF neighbor of this (S, G) entry is NULL. Information of the downstream interfaces, including the following: Downstream interface(s) information • • • • • Number of downstream interfaces. Downstream interface name.
display pim rp-info 224.0.1.1 VPN-Instance: public net BSR RP Address is: 2.2.2.2 Priority: 192 HoldTime: 150 Uptime: 03:01:10 Expires: 00:02:30 RP mapping for this group is: 2.2.2.2 # Display information about the RP that corresponds to all multicast groups on the public network. display pim rp-info VPN-Instance: public net PIM-SM BSR RP information: Group/MaskLen: 224.0.0.0/4 [B] RP: 2.2.2.
Views Public network PIM view Default command level 2: System level Parameters priority: Specifies a router priority for DR election, in the range of 0 to 4294967295. A larger value indicates a higher priority. Examples # Set the router priority for DR election to 3 on the public network.
hello-option lan-delay (PIM view) Use hello-option lan-delay to configure the global value of the LAN-delay time, namely, the period of time that the device waits before it forwards a received prune message. Use undo hello-option lan-delay to restore the default. Syntax hello-option lan-delay interval undo hello-option lan-delay Default The LAN-delay time is 500 milliseconds.
Views Public network PIM view Default command level 2: System level Usage guidelines This command is effective for both PIM-DM and PIM-SM. Examples # Disable join suppression globally on the public network. system-view [Sysname] pim [Sysname-pim] hello-option neighbor-tracking Related commands pim hello-option neighbor-tracking hello-option override-interval (PIM view) Use hello-option override-interval to configure the global value of the prune override interval.
• pim hello-option override-interval holdtime assert (PIM view) Use holdtime assert to configure the global value of the assert timeout timer. Use undo holdtime assert to restore the default. Syntax holdtime assert interval undo holdtime assert Default The assert timeout timer is 180 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies an assert timeout timer in seconds. The value ranges from 7 to 2147483647.
Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a join/prune timeout timer in seconds. The value ranges from 1 to 65535. Examples # Set the global value of the join/prune timeout timer to 280 seconds on the public network.
jp-queue-size (PIM view) Use jp-queue-size to configure the maximum number of (S, G) entries in each join/prune message. Use undo jp-queue-size to restore the default. Syntax jp-queue-size queue-size undo jp-queue-size Default A join/prune messages contains a maximum of 1020 (S, G) entries. Views Public network PIM view Default command level 2: System level Parameters queue-size: Specifies the maximum number of (S, G) entries in each join/prune message, in the range of 1 to 4096.
Syntax pim undo pim Views System view Default command level 2: System level Usage guidelines IP multicast routing must be enabled before this command can take effect. Examples # Enable IP multicast routing on the public network and enter public network PIM view. system-view [Sysname] multicast routing-enable [Sysname] pim [Sysname-pim] Related commands multicast routing-enable pim bsr-boundary Use pim bsr-boundary to configure a PIM domain border, namely, a bootstrap message boundary.
pim dm Use pim dm to enable PIM-DM. Use undo pim dm to disable PIM-DM. Syntax pim dm undo pim dm Default PIM-DM is disabled. Views Interface view Default command level 2: System level Usage guidelines This command can take effect only after IP multicast routing is enabled. PIM-DM cannot be used for multicast groups in the SSM group range. Examples # Enable IP multicast routing on the public network, and enable PIM-DM on GigabitEthernet 0/1.
Default command level 2: System level Parameters priority: Specifies a router priority for DR election, in the range of 0 to 4294967295. A larger value indicates a higher priority. Examples # Set the router priority for DR election to 3 on GigabitEthernet 0/1.
pim hello-option lan-delay Use pim hello-option lan-delay to configure the LAN-delay time (namely, the length of time that the device waits before forwarding a received prune message) on the current interface. Use undo pim hello-option lan-delay to restore the default. Syntax pim hello-option lan-delay interval undo pim hello-option lan-delay Default The LAN-delay time to 500 milliseconds.
Default command level 2: System level Examples # Disable join suppression on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0//1 [Sysname-GigabitEthernet0/1] pim hello-option neighbor-tracking Related commands hello-option neighbor-tracking pim hello-option override-interval Use pim hello-option override-interval to configure the prune override interval on the current interface. Use undo pim hello-option override-interval to restore the default.
Syntax pim holdtime assert interval undo pim holdtime assert Default The assert timeout timer is 180 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies an assert timeout timer in seconds. The value ranges from 7 to 2147483647. Examples # Set the assert timeout timer to 100 seconds on GigabitEthernet 0/1.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim holdtime join-prune 280 Related commands • holdtime assert • holdtime join-prune • pim holdtime assert pim neighbor-policy Use pim neighbor-policy to configure a legal source address range for hello messages to guard against hello message spoofing. Use undo pim neighbor-policy to restore the default.
Syntax pim require-genid undo pim require-genid Default Hello messages without Generation_ID are accepted. Views Interface view Default command level 2: System level Examples # Enable GigabitEthernet 0/1 to reject hello messages without Generation_ID. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim require-genid pim sm Use pim sm to enable PIM-SM. Use undo pim sm to disable PIM-SM. Syntax pim sm undo pim sm Default PIM-SM is disabled.
pim state-refresh-capable Use pim state-refresh-capable to enable the state refresh feature on the interface. Use undo pim state-refresh-capable to disable the state refresh feature. Syntax pim state-refresh-capable undo pim state-refresh-capable Default The state refresh feature is enabled. Views Interface view Default command level 2: System level Examples # Disable state refresh on GigabitEthernet 0/1.
Examples # Set the graft retry period to 80 seconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim timer graft-retry 80 pim timer hello Use pim timer hello to configure the interval at which hello messages are sent on the current interface. Use undo pim timer hello to restore the default. Syntax pim timer hello interval undo pim timer hello Default Hello messages are sent at the interval of 30 seconds.
Views Interface view Default command level 2: System level Parameters interval: Specifies a join/prune interval in seconds. The value ranges from 1 to 2147483647. Examples # Set the join/prune interval to 80 seconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim timer join-prune 80 Related commands timer join-prune pim triggered-hello-delay Use pim triggered-hello-delay to configure the maximum delay between hello messages.
Syntax probe-interval interval undo probe-interval Default The register probe time is 5 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a register probe time in seconds. The value ranges from 1 to 1799. Examples # Set the register probe time to 6 seconds on the public network.
[Sysname-pim] prune delay 75 register-policy (PIM view) Use register-policy to configure an ACL rule to filter register messages. Use undo register-policy to remove the configured register filtering rule. Syntax register-policy acl-number undo register-policy Default No register filtering rule is configured. Views Public network PIM view Default command level 2: System level Parameters acl-number: Specifies an advanced ACL, in the range of 3000 to 3999.
Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a register suppression time in seconds, in the range of 1 to 65535. Examples # Set the register suppression time to 70 seconds on the public network.
reset pim control-message counters Use reset pim control-message counters to reset PIM control message counters. Syntax reset pim control-message counters [ interface interface-type interface-number ] Views User view Default command level 1: Monitor level Parameters interface interface-type interface-number: Specifies an interface by its type and number. If no interface is specified, this command clears the statistics for PIM control messages on all interfaces.
source-policy (PIM view) Use source-policy to configure a multicast data filter. Use undo source-policy to remove the configured multicast data filter. Syntax source-policy acl-number undo source-policy Default No multicast data filter is configured. Views Public network PIM view Default command level 2: System level Parameters acl-number: Specifies a basic or advanced ACL, in the range of 2000 to 3999.
Default The device switches to the SPT immediately after it receives the first multicast packet. Views Public network PIM view Default command level 2: System level Parameters infinity: Disables switchover to SPT. group-policy acl-number: Specifies a basic ACL, in the range of 2000 to 2999. If you do not include this option in your command, the configuration applies to all multicast groups.
Views Public network PIM view Default command level 2: System level Parameters acl-number: Specifies a basic ACL, in the range of 2000 to 2999. Usage guidelines You can use this command to define an address range of permitted or denied multicast groups. If the match succeeds, the multicast mode is PIM-SSM. Otherwise, the multicast mode is PIM-SM. Examples # Configure the SSM group range to be 232.1.0.0/16 on the public network.
• state-refresh-rate-limit • state-refresh-ttl state-refresh-rate-limit (PIM view) Use state-refresh-rate-limit to configure the time that the router waits before receiving a new state refresh message. Use undo state-refresh-rate-limit to restore the default. Syntax state-refresh-rate-limit interval undo state-refresh-rate-limit Default The device waits 30 seconds before it receives a new state refresh message.
Views Public network PIM view Default command level 2: System level Parameters ttl-value: Specifies a TTL value for state refresh messages, in the range of 1 to 255. Examples # On the public network, configure the device to send PIM state refresh messages with a TTL of 45. system-view [Sysname] pim [Sysname-pim] state-refresh-ttl 45 Related commands • pim state-refresh-capable • state-refresh-interval • state-refresh-rate-limit static-rp (PIM view) Use static-rp to configure a static RP.
When the ACL rule applied on a static RP changes, a new RP must be elected for all the multicast groups. You can configure multiple static RPs by using this command repeatedly. However, if you execute this command multiple times and specify the same static RP address or reference the same ACL rule, the last configuration overrides the previous one. If you have configured multiple static RPs for the same multicast group, the one that has the highest IP address serves the multicast group.
Related commands pim timer hello timer join-prune (PIM view) Use timer join-prune to configure the join/prune interval globally. Use undo timer join-prune to restore the default. Syntax timer join-prune interval undo timer join-prune Default The join/prune interval is 60 seconds. Views Public network PIM view Default command level 2: System level Parameters interval: Specifies a join/prune interval in seconds. The value ranges from 1 to 2147483647.
MSDP commands The term "router" in this document refers to both routers and routing-capable firewalls. cache-sa-enable Use cache-sa-enable to enable the SA cache mechanism to cache the (S, G) entries contained in SA messages. Use undo cache-sa-enable to disable the SA cache mechanism. Syntax cache-sa-enable undo cache-sa-enable Default The SA cache mechanism is enabled. That is, the device caches the (S, G) entries that the received SA messages contain.
connect: Specifies the connecting state. down: Specifies the down state. listen: Specifies the listening state. shutdown: Specifies the terminated state. up: Specifies the in-session state. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description Up/Down time Length of time since the MSDP peer connection was established or failed. AS Number of the AS where the MSDP peer is located. A question mark indicates that the system could not obtain the AS number. SA Count Number of (S, G) entries. Reset Count MSDP peer connection reset times. display msdp peer-status Use display msdp peer-status to display detailed MSDP peer status information.
Information about (Source, Group)-based SA filtering policy: Import policy: none Export policy: none Information about SA-Requests: Policy to accept SA-Request messages: none Sending SA-Requests status: disable Minimum TTL to forward SA with encapsulated data: 0 SAs learned from this peer: 0, SA-cache maximum for the peer: none Input queue size: 0, Output queue size: 0 Counters for MSDP message: Count of RPF check failure: 0 Incoming/outgoing SA messages: 0/0 Incoming/outgoing SA requests: 0/0 Incoming/outg
Field Description SA request information: • Policy to accept SA request messages: Filtering rule for receiving or Information about SA-Requests forwarding SA messages from the specified MSDP peer. • Sending SA requests status: Whether enabled to send an SA request message to the designated MSDP peer after receiving a new join message. Minimum TTL to forward SA with encapsulated data Minimum TTL of multicast packet encapsulated in SA messages.
Default command level 1: Monitor level Parameters group-address: Specifies a multicast group, in the range of 224.0.1.0 to 239.255.255.255. If you do not provide any group address, this command displays the (S, G) entry information for all multicast groups. source-address: Specifies a multicast source address. If you do not provide any source address, this command displays the (S, G) entry information for all sources. as-number: Specifies an AS number, in the range of 1 to 4294967295.
Field Description Pro Type of protocol from which the AS number originates. A question mark indicates that the system could not obtain the protocol type. AS AS number of the origin RP. A question mark indicates that the system could not obtain the AS number. Uptime Length of time for which the cached (S, G) entry has existed, in the format hh:mm:ss. Expires Length of time in which the cached (S, G) entry will expire, in the format hh:mm:ss.
10.10.10.10 5 Number of source and group, counted by AS AS Number of source Number of group ? 3 3 Total 5 Source-Active entries Table 142 Command output Field Description MSDP Source-Active Count Information of VPN-Instance: public net Number of SA messages for the public network cache. Number of cached Source-Active entries, counted by Peer Number of (S, G) entries that the peer counted. Peer's Address Address of the MSDP peer that sent SA messages.
import-source Use import-source to configure a rule of creating (S, G) entries. Use undo import-source to remove any rule of creating (S, G) entries. Syntax import-source [ acl acl-number ] undo import-source Default When an SA message is created, no restrictions are defined for the (S, G) entries to be advertised in it. Namely, all the (S, G) entries within the domain are advertised in the SA message.
Use undo msdp to disable MSDP on the public network and remove the configurations in public network MSDP view to free the resources that MSDP occupies. Syntax msdp undo msdp Default MSDP is disabled. Views System view Default command level 2: System level Usage guidelines You must enable IP multicast before you use this command. Examples # Enable IP multicast routing on the public network, and enable MSDP on the public network to enter public network MSDP view.
Examples # Specify the IP address of GigabitEthernet 0/1 as the RP address of SA messages on the public network. system-view [Sysname] msdp [Sysname-msdp] originating-rp gigabitethernet 0/1 peer connect-interface Use peer connect-interface to create an MSDP peer connection. Use undo peer connect-interface to remove an MSDP peer connection. Syntax peer peer-address connect-interface interface-type interface-number undo peer peer-address Default No MSDP peer connection is created.
Syntax peer peer-address description text undo peer peer-address description Default An MSDP peer has no description information. Views Public network MSDP view Default command level 2: System level Parameters peer-address: Specifies an MSDP peer. text: Specifies a description, a case-sensitive string of 1 to 80 characters, including spaces. Examples # On the public network, add the descriptive text "CustomerA" for the router with the IP address of 125.10.7.6 to indicate that this router is Customer A.
Examples # On the public network, configure the MSDP peer with the IP address of 125.10.7.6 as a member of the mesh group "Group1". system-view [Sysname] msdp [Sysname-msdp] peer 125.10.7.6 mesh-group Group1 peer minimum-ttl Use peer minimum-ttl to configure the TTL threshold for multicast data packet encapsulation in SA messages. Use undo peer minimum-ttl to restore the default.
undo peer peer-address password Default No MD5 authentication is performed for MSDP peers to establish TCP connections. Views Public network MSDP view Default command level 2: System level Parameters peer-address: Specifies an MSDP peer. cipher cipher-password: Sets a ciphertext MD5 authentication password, a case-sensitive string of 1 to 137 characters. simple simple-password: Sets a plaintext MD5 authentication password, a case-sensitive string of 1 to 80 characters.
Default command level 2: System level Parameters peer-address: Specifies an MSDP peer. Usage guidelines Before you can enable the device to send SA requests, you must disable the SA message cache mechanism. Examples # Disable the SA message cache mechanism on the public network, and enable the router to send an SA request message to the MSDP peer 125.10.7.6 after receiving a new join message. system-view [Sysname] msdp [Sysname-msdp] undo cache-sa-enable [Sysname-msdp] peer 125.10.7.
Hardware Value range Default value F5000 1 to 8192 8192 F5000-S/F5000-C 1 to 8192 8192 VPN firewall modules 1 to 8192 8192 20-Gbps VPN firewall modules 1 to 2048 2048 Examples # On the public network, enable the device to cache a maximum of 100 (S, G) entries learned from its MSDP peer 125.10.7.6. system-view [Sysname] msdp [Sysname-msdp] peer 125.10.7.
Usage guidelines In addition to controlling SA message receiving and forwarding by using this command, you can also configure a filtering rule for creating SA messages using the import-source command. Examples # Configure a filtering rule on the public network so that SA messages are forwarded to MSDP peer 125.10.7.6 only if they match advanced ACL 3100. system-view [Sysname] acl number 3100 [Sysname-acl-adv-3100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0 0.0.255.
[Sysname-acl-basic-2001] rule permit source 225.1.1.0 0.0.0.255 [Sysname-acl-basic-2001] quit [Sysname] msdp [Sysname-msdp] peer 175.58.6.5 sa-request-policy acl 2001 Related commands display msdp peer-status reset msdp peer Use reset msdp peer to reset the TCP connection with the specified MSDP peer and clear statistics for the MSDP peer. Syntax reset msdp peer [ peer-address ] Views User view Default command level 2: System level Parameters peer-address: Specifies an MSDP peer.
Examples # Clear the (S, G) entries for multicast group 225.5.4.3 from the SA cache on the public network. reset msdp sa-cache 225.5.4.3 Related commands • cache-sa-enable • display msdp sa-cache reset msdp statistics Use reset msdp statistics to clear statistics for the specified MSDP peer without resetting the connections with the MSDP peer.
Examples # Terminate the connection with the MSDP peer 125.10.7.6 on the public network. system-view [Sysname] msdp [Sysname-msdp] shutdown 125.10.7.6 Related commands display msdp peer-status static-rpf-peer Use static-rpf-peer to configure a static RPF peer. Use undo static-rpf-peer to remove a static RPF peer. Syntax static-rpf-peer peer-address [ rp-policy ip-prefix-name ] undo static-rpf-peer peer-address Default No static RPF peer is configured.
[Sysname] msdp [Sysname-msdp] peer 130.10.7.6 connect-interface gigabitethernet 0/1 [Sysname-msdp] static-rpf-peer 130.10.7.6 rp-policy list1 Related commands • display msdp peer-status • ip prefix-list timer retry Use timer retry to configure the interval between MSDP peer connection retries. Use undo timer retry to restore the default. Syntax timer retry interval undo timer retry Default The interval between MSDP peer connection retries is 30 seconds.
IPv6 basics commands display ipv6 fib Use display ipv6 fib to display IPv6 FIB entries. If no parameter is specified, all IPv6 FIB entries are displayed. Syntax display ipv6 fib [ vpn-instance vpn-instance-name ] [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Displays the IPv6 FIB entries of the specified VPN.
Destination: ::1 PrefixLength : NextHop ::1 Flag : UH Token : 0 Label Interface : : : NULL 128 InLoopBack0 Table 143 Command output Field Description Total number of Routes Total number of routes in the FIB. Destination Destination address. PrefixLength Prefix length of the destination address. NextHop Next hop. Route flag: Flag • • • • • • U—Usable route. G—Gateway route. H—Host route. B—Black hole route. D—Dynamic route. S—Static route. Label Label.
exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If you do not specify the prefix-length argument, this command displays the IPv6 FIB entry maximally matching the destination IPv6 address.
Syntax display ipv6 interface [ interface-type [ interface-number ] ] [ brief ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters interface-type: Interface type. interface-number: Interface number. brief: Displays brief IPv6 information about an interface. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: 0 InTooShorts: 0 InTruncatedPkts: 0 InHopLimitExceeds: 0 InBadHeaders: 0 InBadOptions: 0 ReasmReqds: 0 ReasmOKs: 0 InFragDrops: 0 InFragTimeouts: 0 OutFragFails: 0 InUnknownProtos: 0 InDelivers: 0 OutRequests: 0 OutForwDatagrams: 0 InNoRoutes: 0 InTooBigErrors: 0 OutFragOKs: 0 OutFragCreates: 0 InMcastPkts:
Field Description preferred lifetime Preferred lifetime of the global unicast address. Joined group address(es) Addresses of the multicast groups that the interface has joined. MTU Maximum transmission unit of the interface. Number of DAD attempts, with DAD enabled. ND DAD is enabled, number of DAD attempts • If DAD is enabled, the number of neighbor request messages is also displayed (configured by using the ipv6 nd dad attempts command) • If DAD is disabled, "ND DAD is disabled" is displayed.
display ipv6 neighbors Use display ipv6 neighbors to display neighbor information. Syntax display ipv6 neighbors { ipv6-address | all | dynamic | interface interface-type interface-number | static | vlan vlan-id } [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters ipv6-address: IPv6 address whose neighbor information is to be displayed.
Link-layer State Vpn-instance : 0000-5e32-b800 VID : N/A : REACH Type: S Interface : GE0/1 Age : - : vpn1 Table 147 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link-layer Link layer address (MAC address) of a neighbor. VID VLAN to which the interface connected with a neighbor belongs. Interface Interface connected with a neighbor. State of a neighbor: • INCMP—The address is being resolved. The link layer address of the neighbor is unknown.
Parameters all: Displays the total number of all neighbor entries, including neighbor entries acquired dynamically and configured statically. dynamic: Displays the total number of neighbor entries acquired dynamically. static: Displays the total number of neighbor entries configured statically. interface interface-type interface-number: Displays the total number of neighbor entries of a specific interface.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the neighbor information for the VPN vpn1. display ipv6 neighbors vpn-instance vpn1 Type: S-Static IPv6 Address D-Dynamic Link-layer FE80::200:5EFF:FE32:B800 0000-5e32-b800 VID Interface State T Age N/A GE0/1 REACH S - Table 148 Command output Field Description IPv6 Address IPv6 address of a neighbor. Link-layer Link layer address (MAC address) of a neighbor.
Parameters vpn-instance vpn-instance-name: Displays the IPv6 path MTU information for the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Without this option specified, the display ipv6 pathmtu command displays the IPv6 path MTU information for the public network. ipv6-address: Destination IPv6 address for which the path MTU information is to be displayed. all: Displays all path MTU information on the public network.
Parameters prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024. If this argument is not specified, the command displays information about all IPv6 prefixes. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Syntax display ipv6 socket [ socktype socket-type ] [ task-id socket-id ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters socktype socket-type: Displays the socket information for this type. The socket type is in the range of 1 to 3. The value 1 represents a TCP socket, 2 a UDP socket, and 3 a raw socket. task-id: Displays the socket information for the task. The value range for the task ID is 1 to 150.
sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0, socket option = SO_REUSEPORT, socket state = SS_PRIV SS_NBIO SS_ASYNC Task = TRAP(52), socketid = 2, Proto = 17, LA = ::->1024, FA = ::->0, sndbuf = 9216, rcvbuf = 42080, sb_cc = 0, rb_cc = 0, socket option =, socket state = SS_PRIV SOCK_RAW: Task = ROUT(86), socketid = 5, Proto = 89, LA = ::, FA = ::, sndbuf = 262144, rcvbuf = 262144, sb_cc = 0, rb_cc = 0, socket option = SO_REUSEADDR, socket state = SS_PRIV SS_ASYNC Table 151 Command output Field De
Syntax display ipv6 statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert: 0 redirected: 0 router renumbering: 0 Send failed: ratelimited: 0 other errors: 0 Received packets: Total: 0 checksum error: 0 bad code: 0 too short: 0 unreached: hopcount exceeded: 0 too big: 0 0 reassembly timeout: 0 parameter problem: 0 unknown error type: 0 echo request: 0 echo replied: 0 neighbor solicit: 0 neighbor advert: 0 router solicit: 0 router advert: 0 redirected: 0 router re
Field Description Statistics of sent ICMPv6 packets: Sent packets • • • • • Total—Total number of sent packets. • • • • • • • • • • • • parameter problem—Number of Parameter Problem packets. unreached—Number of Destination Unreachable packets. too big—Number of Packet Too Big packets. hopcount exceeded—Number of Hop Limit Exceeded packets. reassembly timeout—Number of Fragment Reassembly Time Exceeded packets. echo request—Number of Echo Request packets. echo replied—Number of Echo Reply packets.
display tcp ipv6 statistics Use display tcp ipv6 statistics to display IPv6 TCP connection statistics. Syntax display tcp ipv6 statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
ACK only packets: 0 (0 delayed) Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disconnected : 0 Initiated connections: 0, accepted connections: 0, established connections: 0 Closed connections: 0 (dropped: 0, initiated dropped: 0) Packets dropped with MD5 authentication: 0 Packets permitted with MD5 authentication: 0 Table 153 Command output Field Description Statistics of received packets: Received pa
Field Description Keepalive timeout, so connections disconnected Number of connections dropped because of keepalive response timeout. Initiated connections Number of initiated connections. accepted connections Number of accepted connections. established connections Number of established connections. Closed connections Number of closed connections. dropped Number of dropped connections (after SYN is received from the peer).
Table 154 Command output Field Description *: TCP6 MD5 Connection The asterisk (*) indicates that the TCP6 connection is secured with MD5 authentication. TCP6CB IPv6 TCP control block address (hexadecimal). Local Address Local IPv6 address. Foreign Address Remote IPv6 address. IPv6 TCP connection status: State • • • • • • • • • • • Closed. Listening. Syn_Sent. Syn_Rcvd. Established. Close_Wait. Fin_Wait1. Closing. Last_Ack. Fin_Wait2. Time_Wait.
display udp ipv6 statistics Received packets: Total: 0 checksum error: 0 shorter than header: 0, data length larger than packet: 0 unicast(no socket on port): 0 broadcast/multicast(no socket on port): 0 not delivered, input socket full: 0 input packets missing pcb cache: 0 Sent packets: Total: 0 Table 155 Command output Field Description Total Total number of received/sent packets. checksum error Total number of packets with a checksum error.
Examples # Enable IPv6. system-view [Sysname] ipv6 ipv6 address Use ipv6 address to configure an IPv6 global unicast address for an interface. Use undo ipv6 address to remove the IPv6 address from the interface. Syntax ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] Default No global unicast address is configured for an interface.
Syntax ipv6 address prefix-number sub-prefix/prefix-length undo ipv6 address prefix-number Default No prefix is applied for IPv6 address generation on an interface. Views Interface view Default command level 2: System level Parameters prefix-number: Specifies an IPv6 prefix by its ID in the range of 1 to 1024. sub-prefix/prefix-length: Specifies the sub-prefix bit and host bit for an IPv6 address, and specifies the prefix length. The value range for the prefix length is 1 to 128.
Parameters ipv6-address/prefix-length: Specifies an IPv6 anycast address and its prefix length. The prefix length ranges 1 to 128. Examples # Set the IPv6 anycast address of GigabitEthernet 0/1 to 2001::1 with prefix length 64. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 address 2001::1/64 anycast ipv6 address auto Use ipv6 address auto to enable the stateless address autoconfiguration function on the interface.
Default No link-local address is configured on an interface, and a link-local address is automatically generated after an IPv6 global unicast address is configured for the interface. Views Interface view Default command level 2: System level Usage guidelines After an IPv6 global unicast address is configured for an interface, a link-local address is generated automatically. The automatically generated link-local address is the same as the one generated by using the ipv6 address auto link-local command.
Parameters ipv6-address/prefix-length: IPv6 address and IPv6 prefix length. The ipv6-address and prefix-length arguments jointly specify the prefix of an EUI-64 IPv6 address. Usage guidelines An EUI-64 IPv6 address is generated based on the specified prefix and the automatically generated interface identifier and is displayed by using the display ipv6 interface command. The prefix length of an EUI-64 IPv6 address cannot be greater than 64.
ipv6 fib-loadbalance-type hash-based Use ipv6 fib-loadbalance-type hash-based to enable load sharing based on the HASH algorithm for packet forwarding. Use undo ipv6 fib-loadbalance-type hash-based to restore the default. Syntax ipv6 fib-loadbalance-type hash-based undo ipv6 fib-loadbalance-type hash-based Default Load sharing based on polling is adopted. ECMP routes are used in turn to forward packets.
ipv6 icmp-error Use ipv6 icmp-error to configure the size and update period of the token bucket. Use undo ipv6 icmp-error to restore the defaults. Syntax ipv6 icmp-error { bucket bucket-size | ratelimit interval } * undo ipv6 icmp-error Default The size is 10 and the update period is 100 milliseconds. A maximum of 10 ICMPv6 error packets can be sent within 100 milliseconds.
[Sysname] ipv6 icmpv6 multicast-echo-reply enable ipv6 mtu Use ipv6 mtu to set the MTU of IPv6 packets sent over an interface. Use undo ipv6 mtu to restore the default MTU. Syntax ipv6 mtu mtu-size undo ipv6 mtu Default The default MTU is 1500. Views Interface view Default command level 2: System level Parameters mtu-size: Size of the maximum transmission units (MTUs) of an interface in bytes.
Examples # Configure the host to acquire an IPv6 address through stateful autoconfiguration. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 nd autoconfig managed-address-flag ipv6 nd autoconfig other-flag Use ipv6 nd autoconfig other-flag to set the other stateful configuration flag (O) to 1 so that the host can acquire information other than IPv6 address through stateful autoconfiguration (for example, from a DHCP server).
Parameters value: Number of attempts to send an NS message for DAD, in the range of 0 to 600. The default value is 1. To disable DAD, set the value to 0. Examples # Set the number of attempts to send an NS message for DAD to 20. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 nd dad attempts 20 Related commands display ipv6 interface ipv6 nd hop-limit Use ipv6 nd hop-limit to configure the hop limit advertised by the device.
undo ipv6 nd ns retrans-timer Default The local interface sends NS messages at an interval of 1000 millisecond and the Retrans Timer field in the RA messages sent is 0, so that the interval for retransmitting an NS message is determined by the receiving device. Views Interface view Default command level 2: System level Parameters value: Interval for retransmitting an NS message in milliseconds, in the range of 1000 to 4294967295.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ipv6 nd nud reachable-time 10000 Related commands display ipv6 interface ipv6 nd ra halt Use ipv6 nd ra halt to enable RA message suppression. Use undo ipv6 nd ra halt to disable RA message suppression. Syntax ipv6 nd ra halt undo ipv6 nd ra halt Default RA messages are suppressed. Views Interface view Default command level 2: System level Examples # Suppress RA messages on GigabitEthernet 0/1.
Parameters max-interval-value: Maximum interval for advertising RA messages in seconds, in the range of 4 to 1800. min-interval-value: Minimum interval for advertising RA messages in seconds, in the range of 3 to 1350. Usage guidelines The minimum interval should be three-fourths of the maximum interval or less. The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.
undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length } Default No prefix information is configured in RA messages and the IPv6 address of the interface sending RA messages is used as the prefix information with valid lifetime 2592000 seconds (30 days) and preferred lifetime 604800 seconds (7 days). Views Interface view Default command level 2: System level Parameters ipv6-prefix: IPv6 prefix. prefix-length: Prefix length of the IPv6 address.
Parameters value: Router lifetime in seconds, in the range of 0 to 9000. When it is set to 0, the device does not serve as the default router. Usage guidelines The router lifetime in RA messages should be greater than or equal to the advertising interval. Examples # Set the router lifetime in RA messages on GigabitEthernet 0/1 to 1000 seconds.
• If the second method is used, the corresponding VLAN interface must exist and the port specified by port-type port-number must belong to the VLAN specified by vlan-id. After the static neighbor entry is configured, the device associates the VLAN interface with the IPv6 address to uniquely identify the static neighbor entry and the entry is in REACH state. To remove a static neighbor entry, you only need to specify the corresponding VLAN interface and the neighbor address.
undo ipv6 neighbors max-learning-num Default A Layer 2 interface does not limit the number of neighbors dynamically learned. A Layer 3 interface can learn a maximum of 1024 neighbors. Views Interface view Default command level 2: System level Parameters number: Maximum number of neighbors that can be dynamically learned by the interface, in the range of 1 to 4096. Examples # Set the maximum number of neighbors that can be dynamically learned on GigabitEthernet 0/1 to 10.
[Sysname] ipv6 pathmtu fe80::12 1300 ipv6 pathmtu age Use ipv6 pathmtu age to configure the aging time for a dynamic path MTU. Use undo ipv6 pathmtu age to restore the default. Syntax ipv6 pathmtu age age-time undo ipv6 pathmtu age Default The aging time is 10 minutes. Views System view Default command level 2: System level Parameters age-time: Aging time for path MTU in minutes, in the range of 10 to 100. Usage guidelines The aging time is invalid for a static path MTU.
Default command level 2: System level Parameters prefix-number: Specifies a prefix ID in the range of 1 to 1024. ipv6-prefix/prefix-length: Specifies a prefix and the prefix length. The value range for the prefix-length argument is from 1 to 128. Usage guidelines You cannot execute the ipv6 prefix command to modify an existing static prefix. When a DHCPv6 client obtains an IPv6 prefix from a DHCP server, the IPv6 prefix is dynamically generated.
Use undo ipv6 unreachables to disable sending ICMPv6 destination unreachable packets. Syntax ipv6 unreachables enable undo ipv6 unreachables Default Sending ICMPv6 destination unreachable packets is disabled. Views System view Default command level 2: System level Examples # Enable sending ICMPv6 destination unreachable packets. system-view [Sysname] ipv6 unreachables enable local-proxy-nd enable Use local-proxy-nd enable to enable local ND proxy.
Syntax proxy-nd enable undo proxy-nd enable Default ND proxy is disabled. Views VLAN interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view Default command level 2: System level Examples # Enable ND proxy on interface GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] proxy-nd enable reset ipv6 neighbors Use reset ipv6 neighbors to clear IPv6 neighbor information.
reset ipv6 pathmtu Use reset ipv6 pathmtu to clear the path MTU information. Syntax reset ipv6 pathmtu { all | static | dynamic } Views User view Default command level 2: System level Parameters all: Clears all path MTUs. static: Clears all static path MTUs. dynamic: Clears all dynamic path MTUs. Examples # Clear all path MTUs. reset ipv6 pathmtu all reset ipv6 statistics Use reset ipv6 statistics to clear the statistics of IPv6 packets and ICMPv6 packets.
Views User view Default command level 1: Monitor level Usage guidelines You can use the display tcp ipv6 statistics command to display the statistics of IPv6 TCP connections. Examples # Clear the statistics of all IPv6 TCP connections. reset tcp ipv6 statistics reset udp ipv6 statistics Use reset udp ipv6 statistics to clear the statistics of all IPv6 UDP packets.
Parameters wait-time: Sets the finwait timer for IPv6 TCP connections in seconds, in the range of 76 to 3600. Examples # Set the finwait timer of IPv6 TCP connections to 800 seconds. system-view [Sysname] tcp ipv6 timer fin-timeout 800 tcp ipv6 timer syn-timeout Use tcp ipv6 timer syn-timeout to set the synwait timer for IPv6 TCP connections. Use undo tcp ipv6 timer syn-timeout to restore the default.
Default command level 2: System level Parameters size: Size of the IPv6 TCP send/receive buffer in KB, in the range of 1 to 32. Examples # Set the size of the IPv6 TCP send/receive buffer to 4 KB.
DHCPv6 commands DHCPv6 common commands display ipv6 dhcp duid Use display ipv6 dhcp duid to display the DHCP unique identifier (DUID) of the local device. Syntax display ipv6 dhcp duid [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Parameters option-group-number: Specifies a DHCPv6 option group by its ID in the range of 1 to 100. If no option group is specified, the command displays information about all DHCPv6 option groups. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Field Description Domain names Domain name suffix. SIP server addresses IP address of the SIP server. SIP server domain names Domain name of the SIP server. DS-Lite addresses IP address of AFTR. Options User-defined options. Code Code of the self-defined option. Length Self-defined option string length in bytes. Hex Self-defined option content represented by a hexadecimal string.
Usage guidelines When no non-temporary IPv6 address range is specified, all unicast addresses on the subnet specified by the network command in address pool view are assignable. If a non-temporary IPv6 address range is specified, only the IPv6 addresses in the IPv6 address range are assignable. You can specify only one non-temporary IPv6 address range in an address pool. If you execute the address range command multiple times, the most recent configuration takes effect.
Examples # Display all DHCPv6 address pool information.
Table 157 Command output Field Description Pool DHCPv6 address pool number. Network IPv6 subnet for dynamic IPv6 address assignment. If the subnet is not valid, Not-available is displayed. Preferred lifetime Preferred lifetime in seconds. valid lifetime Valid lifetime in seconds. Static bindings Static IPv6 address or prefix information configured in the address pool. If no static prefix is configured, this field is not displayed. Prefix IPv6 address prefix in the binding.
display ipv6 dhcp prefix-pool Use display ipv6 dhcp prefix-pool to display prefix pool information. Syntax display ipv6 dhcp prefix-pool [ all | [ vpn-instance vpn-instance-name ] [ prefix-pool-number ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Display prefix pool information for the public network and all VPNs. vpn-instance vpn-instance-name: Displays prefix pool information for the VPN.
Table 158 Command output Field Description VPN instance Name of the VPN instance. Public network is displayed if the prefix pool is on the public network. Prefix-pool Prefix pool number. Prefix contained in the prefix pool. Prefix If the prefix pool is not valid, Not-available is displayed. Available Number of idle prefixes. In-use Number of assigned prefixes. Static Number of static prefixes. Assigned length Length of prefixes to be assigned. Total prefix number Total number of prefixes.
GigabitEthernet0/2 2 # Display the DHCPv6 server information for the specified interface. display ipv6 dhcp server interface gigabitethernet 0/1 Using pool: 1 Preference value: 0 Allow-hint: Enabled Rapid-commit: Disabled Table 159 Command output Field Description DHCPv6 server status DHCPv6 server status, Enabled or Disabled. Interface Interface on which the DHCPv6 server is enabled. Address pool applied to the interface.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
vpn-instance vpn-instance-name: Displays information about expired IPv6 addresses for the MPLS L3VPN. The vpn-instance-name argument represents a VPN by its name, a case-sensitive string of 1 to 31 characters. To display prefix information for the public network, do not specify this parameter. address ipv6-address: Displays information about an expired IPv6 address. pool pool-number: Displays information about expired IPv6 addresses in the address pool specified by the pool number in the range of 1 to 128.
Syntax display ipv6 dhcp server ip-in-use [ all | [ vpn-instance vpn-instance-name ] [ address ipv6-address | pool pool-number ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays IPv6 address binding information for the public network and all VPNs. vpn-instance vpn-instance-name: Displays IPv6 address binding information for the VPN.
Type: Auto(O) DUID: 00030001CA000C180000 IAID: 0x30001 Address: 2:1::1 Preferred lifetime 400 sec, valid lifetime 500 sec Will expire at Jul 10 2008 09:45:01 (288 seconds left) Table 162 Command output Field Description Total number Total number of IPv6 address bindings. VPN instance Name of the VPN instance. Public network is displayed if the binding is on the public network. Address Assigned IPv6 address.
Syntax display ipv6 dhcp server pd-in-use [ all | [ vpn-instance vpn-instance-name ] [ pool pool-number | prefix prefix/prefix-len | prefix-pool prefix-pool-number ] ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays prefix binding information for the public network and all VPNs. vpn-instance vpn-instance-name: Displays prefix binding information for the DHCPv6 address pool of the VPN.
2:1::/24 Auto(O) 3:1::/64 Static(C) 1 1 Jul 10 2011 22:22:22 Jan 1 2011 11:11:11 # Display the prefix binding information for the specified prefix pool. display ipv6 dhcp server pd-in-use prefix-pool 1 Total number: 1 VPN instance: Public network Prefix Type Pool Expiration time 2:1:1:2::/64 Auto(C) 2 Jan 1 2011 14:45:56 # Display the prefix binding information for the specified prefix.
Field Description Client IPv6 address of the DHCPv6 client. For a free static binding, this field displays null. DUID Client DUID. IAID Client IAID. For a free static binding without IAID configured, this field displays null. Preferred lifetime Preferred lifetime of the prefix, in seconds. valid lifetime Valid lifetime of the prefix, in seconds. Will expire at Time when the prefix lease will expire. If the lease expires after the year 2100, this field displays Will expire after 2100.
Packets sent : 0 ADVERTISE : 0 RECONFIGURE : 0 REPLY : 0 RELAY-REPLY : 0 Table 164 Command output Field Description Number of messages received by the DHCPv6 server. The message types include: Packets received Packets dropped • • • • • • • • • SOLICIT. REQUEST. CONFIRM. RENEW. REBIND. RELEASE. DECLINE. INFORMATION-REQUEST. RELAY-FORWARD. Number of packets discarded. Number of messages sent out from the DHCPv6 server. The message types include: Packets sent • • • • ADVERTISE.
Usage guidelines You can configure multiple DNS server addresses by using the dns-server command repeatedly. You can configure up to eight DNS servers in an address pool. The precedence of the specified DNS servers depends on the configuration sequence. The formerly specified DNS server takes precedence over the latter one. Examples # Specify the DNS server address to be assigned to the client as 2:2::3.
Syntax ds-lite address ipv6-address undo ds-lite address Default The address of the AFTR is not specified. Views DHCPv6 address pool view, DHCPv6 option group view Default command level 2: System level Parameters ipv6-address: IPv6 address of the AFTR. Usage guidelines When you configure a DS-Lite tunnel, the Customer Premises Equipment (CPE) sends a DHCPv6 request to obtain the address of the AFTR. Upon receiving the request, the DHCPv6 server sends the address of the AFTR to the CPE.
Parameters network-address/prefix-length: IPv6 subnet for dynamic assignment. The network-address argument is the IPv6 address and the prefix-length argument is the prefix length. The value range for the prefix length is 1 to 128. prefix: Specifies a prefix for dynamic prefix assignment. prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024. sub-prefix/sub-prefix-length: Specifies the IPv6 sub-prefix and sub-prefix length. The value range for sub-prefix-length is 1 to 128.
[Sysname] ipv6 dhcp pool 1 [Sysname-dhcp6-pool-1] network prefix 3 3ffe:501:ffff:100::/64 Related commands • display ipv6 dhcp pool • ipv6 dhcp client pd • ipv6 prefix ipv6 dhcp option-group Use ipv6 dhcp option-group to create a static DHCPv6 option group, and enter its view. Use undo ipv6 dhcp option-group to delete the specified static DHCPv6 option group.
Syntax ipv6 dhcp pool pool-number [ vpn-instance vpn-instance-name ] undo ipv6 dhcp pool pool-number Default No DHCPv6 address pool is configured. Views System view Default command level 2: System level Parameters pool-number: Address pool number in the range of 1 to 128. vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters. If no VPN is specified, the command creates an address pool for the public network.
prefix: Specifies a prefix by specifying its ID or the prefix. prefix-number: Specifies the ID of the IPv6 prefix, in the range of 1 to 1024. prefix/prefix-len: Specifies the IPv6 prefix and prefix length. The value for the prefix-len argument is in the range of 1 to 128. assign-len assign-len: Specifies the length of the prefix assigned. The value range is 1 to 128. The assign-len must be higher than or equal to the prefix-len, and the difference between them must be less than or equal to 16.
Views Interface view Default command level 2: System level Parameters allow-hint: Enables desired address and prefix assignment. apply pool pool-number: Applies an address pool to the interface. The value range for the pool number is 1 to 128. If this option is specified, the DHCPv6 server assigns an IPv6 address or prefix from the address pool applied on the interface to the client. If not, the server searches all DHCPv6 address pools to assign an appropriate one to the client.
Syntax ipv6 dhcp server enable undo ipv6 dhcp server enable Default The DHCPv6 server is disabled. Views System view Default command level 2: System level Usage guidelines Other DHCPv6 server related configuration is effective only when the DHCPv6 server is enabled. Examples # Enable the DHCPv6 server. system-view [Sysname] ipv6 dhcp server enable option Use option to configure a self-defined DHCPv6 option. Use to undo option delete a self-defined DHCPv6 option.
Some DHCPv6 options can be specified by the option command or other dedicated commands. For example, to specify the DNS server address, you can use the dns-server command or the option 23 command. If both commands are configured, the dns-server command takes precedence. Examples # Configure the hexadecimal string 020202 for the self-defined DHCP Option 23 in DHCPv6 address pool 1. The DHCPv6 server assigns the DNS server address 2.2.2.2 to clients.
Syntax prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ] undo prefix-pool Default No prefix pool is referenced by an address pool. Views DHCPv6 address pool view Default command level 2: System level Parameters prefix-pool-number: Prefix pool number in the range of 1 to 128. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime of prefixes to be assigned.
Views User view Default command level 2: System level Parameters all: Clears all IPv6 address conflict information for the public network and all VPNs. vpn-instance vpn-instance-name: Clears IPv6 address conflict information for the VPN. The vpn-instance-name argument represents a VPN by its name, a case-sensitive string of 1 to 31 characters. If no VPN is specified, the command clears IPv6 address conflict information for the public network.
Related commands display ipv6 dhcp server expired reset ipv6 dhcp server ip-in-use Use reset ipv6 dhcp server ip-in-use to clear IPv6 address binding information. Syntax reset ipv6 dhcp server ip-in-use [ all | [ vpn-instance vpn-instance-name ] [ address ipv6-address | pool pool-number ] ] Views User view Default command level 2: System level Parameters all: Clears IPv6 address binding information for the public network and all VPNs.
Views User view Default command level 2: System level Parameters all: Clears IPv6 prefix binding information for public network and all VPNs. vpn-instance vpn-instance-name: Clears IPv6 prefix binding information for the VPN. The vpn-instance-name argument represents a VPN by its name, a case-sensitive string of 1 to 31 characters. To display prefix information for the public network, do not specify this parameter.
sip-server Use sip-server to configure the IPv6 address or domain name of a SIP server for the client. Use undo sip-server to remove the configuration. Syntax sip-server { address ipv6-address | domain-name domain-name } undo sip-server { address ipv6-address | domain-name domain-name } Default No SIP server address or domain name is specified.
Default No static IPv6 address binding is configured in an address pool. Views DHCPv6 address pool view Default command level 2: System level Parameters ipv6-address/addr-prefix-length: Static IPv6 address and prefix length. The value range for the prefix length is 1 to 128. duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to 256. iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF.
undo static-bind prefix prefix/prefix-len Default No static prefix is configured. Views DHCPv6 address pool view Default command level 2: System level Parameters prefix/prefix-len: Static prefix and prefix length. The value range for the prefix length is 1 to 128. duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to 256. iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF.
Default No temporary IPv6 address range is configured in an address pool. Views DHCPv6 address pool view Default command level 2: System level Parameters start-ipv6-address: Specifies the start IPv6 address. end-ipv6-address: Specifies the end IPv6 address. preferred-lifetime preferred-lifetime: Specifies the preferred lifetime. The value range is 60 to 4294967295 seconds and the default is 604800 seconds (7 days). valid-lifetime valid-lifetime: Specifies the valid lifetime.
Syntax display ipv6 dhcp relay server-address { all | interface interface-type interface-number } [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters all: Displays all DHCPv6 server address information. interface interface-type interface-number: Displays DHCPv6 server address information for the specified interface. |: Filters command output by specifying a regular expression.
display ipv6 dhcp relay statistics Use display ipv6 dhcp relay statistics to display packet statistics on the DHCPv6 relay agent. Syntax display ipv6 dhcp relay statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Table 166 Command output Field Description Packets dropped Number of discarded packets. Error Number of discarded error packets. Excess of rate limit Number of packets discarded due to excess of rate limit. Packets received Number of received packets. SOLICIT Number of received solicit packets. REQUEST Number of received request packets. CONFIRM Number of received confirm packets. RENEW Number of received renew packets. REBIND Number of received rebind packets.
Default command level 2: System level Parameters ipv6-address: IPv6 address of the DHCPv6 server. interface interface-type interface-number: Specifies an outgoing interface for DHCPv6 packets.
reset ipv6 dhcp relay statistics Related commands display ipv6 dhcp relay statistics DHCPv6 client commands display ipv6 dhcp client Use display ipv6 dhcp client to display DHCPv6 client information.
DNS server addresses: 2:2::3 Domain names: aaa.com SIP server addresses: 2:2::4 SIP server domain names: bbbu.icom DS-Lite addresses: 2::3 Options: Code: 88 Length: 3 bytes Hex: AABBCC Table 167 Command output Field Description DHCPv6 client type: • Stateful client requested for address—The DHCPv6 client that has Type requested an IPv6 address. • Stateful client requested for prefix—The DHCPv6 client that has requested an IPv6 prefix. • Stateless client—The stateless DHCPv6 client.
Field Description Prefix The requested IPv6 prefix. This field is displayed when the client is of the Stateful client requested for prefix type. Preferred lifetime Preferred lifetime in seconds. valid lifetime Valid lifetime in seconds. T1 1/2 lease time (in seconds) of the DHCP client IP address. T2 7/8 lease time (in seconds) of the DHCP client IP address. Will expire at Time when the lease of an IPv6 address will expire.
Usage guidelines If you do not specify any parameters, the command displays DHCPv6 client statistics of all interfaces. Examples # Display DHCPv6 client statistics of GigabitEthernet 0/1.
ipv6 address dhcp-alloc Use the ipv6 address dhcp-alloc command to configure an interface to use DHCPv6 for IP address acquisition. Use the undo ipv6 address dhcp-alloc command to cancel an interface from using DHCPv6. Syntax ipv6 address dhcp-alloc [ option-group group-number | rapid-commit ] * undo ipv6 address dhcp-alloc Default An interface does not use DHCPv6 for IP address acquisition.
Default command level 2: System level Parameters prefix-number: Specifies an IPv6 prefix ID in the range of 1 to 1024. The client, after obtaining an IPv6 prefix, automatically assigns it the specified ID. option-group option-group-number: Enables the DHCPv6 client to create a dynamic DHCPv6 option group for saving the network parameters, and assigns an ID to the dynamic DHCPv6 option group, in the range of 1 to 100.
IPv6 DNS commands display dns ipv6 server Use display dns ipv6 server to display IPv6 DNS server information. Syntax display dns ipv6 server [ dynamic ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters dynamic: Displays IPv6 DNS server information acquired dynamically through DHCP or other protocols. |: Filters command output by specifying a regular expression.
display ipv6 host Use display ipv6 host to display the mappings between host names and IPv6 addresses in the static domain name resolution table. Syntax display ipv6 host [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Syntax dns server ipv6 ipv6-address [ interface-type interface-number ] undo dns server ipv6 ipv6-address [ interface-type interface-number ] Default No DNS server is configured. Views System view Default command level 2: System level Parameters ipv6-address: IPv6 address of a DNS server. interface-type interface-number: Specifies an interface. When the IPv6 address of the DNS server is a link-local address, the two arguments must be specified.
Usage guidelines Each host name can correspond to only one IPv6 address. The IPv6 address you last assign to the host name overwrites the previous one if there is any. Examples # Configure the mapping between a host name and an IPv6 address.
IPv6 static routing commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. delete ipv6 static-routes all Use delete ipv6 static-routes all to delete all IPv6 static routes. Syntax delete ipv6 [ vpn-instance vpn-instance-name ] static-routes all Views System view Default command level 2: System level Parameters vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters.
Syntax ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name next-hop-address } [ preference preference-value ] undo ipv6 route-static ipv6-address prefix-length [ interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name next-hop-address ] [ preference preference-value ] ipv6 route-static vpn-instance s-vpn-instance-name&<1-6> ipv6-address prefix-length { inte
Examples # Configure an IPv6 static route, with the destination address 1:1:2::/64 and next hop 1:1:3::1.
RIPng commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. checkzero Use checkzero to enable the zero field check on RIPng packets. Use undo checkzero to disable the zero field check. Syntax checkzero undo checkzero Default The zero field check is enabled. Views RIPng view Default command level 2: System level Usage guidelines Some fields in RIPng packet headers must be zero. These fields are called "zero fields.
Views RIPng view Default command level 2: System level Parameters cost: Default metric of redistributed routes, in the range of 0 to 16. Usage guidelines The specified default metric applies to the routes redistributed by the import-route command with no metric specified. Examples # Set the default metric of redistributed routes to 2.
Usage guidelines If no process-id is specified, information about all RIPng processes is displayed. If a VPN is specified, information about all the RIPng processes of the VPN is displayed. Examples # Display the running status and configuration information of all configured RIPng processes.
Views Any view Default command level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description via Next hop IPv6 address. cost Route metric value. Imported Route redistributed from another routing protocol. RIPng-interface Route learned from the interface. display ripng interface Use display ripng interface to display the interface information of the RIPng process.
Table 173 Command output Field Description Interface-name Name of an interface running RIPng. Link Local Address Link-local address of an interface running RIPng. Indicates whether the split horizon function is enabled: Split-horizon • on—Enabled. • off—Disabled. Indicates whether the poison reverse function is enabled: Poison-reverse • on—Enabled. • off—Disabled. MetricIn/MetricOut Additional metric to incoming and outgoing routes.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the routing information of RIPng process 100.
enable ipsec-policy (RIPng view) Use enable ipsec-policy to apply an IPsec policy in a RIPng process. Use undo enable ipsec-policy to remove the IPsec policy from the RIPng process. Syntax enable ipsec-policy policy-name undo enable ipsec-policy Default No IPsec policy is configured for the RIPng process. Views RIPng view Default command level 2: System level Parameters policy-name: IPsec policy name, a string of 1 to 15 characters.
Parameters acl6-number: Specifies the number of an ACL to filter advertised routing information, in the range of 2000 to 3999. ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list used to filter routing information, a string of 1 to 19 characters. protocol: Filters routes redistributed from a routing protocol, including bgp4+, direct, isisv6, ospfv3, ripng, and static.
[Sysname-acl6-adv-3000] quit [Sysname] ripng 100 [Sysname-ripng-100] filter-policy 3000 export filter-policy import (RIPng view) Use filter-policy import to define an inbound route filtering policy. Only routes that match the filtering policy can be received. Use undo filter-policy import to disable inbound route filtering. Syntax filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import undo filter-policy import Default RIPng does not filter incoming routing information.
[Sysname-acl6-adv-3000] rule 10 permit ipv6 source 2001::1 128 destination ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 128 [Sysname-acl6-adv-3000] rule 100 deny ipv6 [Sysname-acl6-adv-3000] quit [Sysname] ripng 100 [Sysname-ripng-100] filter-policy 3000 import import-route Use import-route to redistribute routes from another routing protocol. Use undo import-route to disable redistributing routes from another routing protocol.
Usage guidelines The import-route bgp4+ command redistributes only EBGP routes. The import-route bgp4+ allow-ibgp command redistributes additional IBGP routes. Examples # Redistribute all OSPFv3 routes. system-view [Sysname] ripng 100 [Sysname-ripng-100] import-route ospfv3 Related commands default cost maximum load-balancing (RIPng view) Use maximum load-balancing to specify the maximum number of equal-cost multi-path (ECMP) routes for load balancing.
Syntax preference [ route-policy route-policy-name ] preference undo preference [ route-policy ] Default The preference of RIPng routes is 100. Views RIPng view Default command level 2: System level Parameters route-policy-name: Routing policy name with 1 to 63 case-sensitive characters. value: Preference for RIPng routes, in the range of 1 to 255. Usage guidelines You can specify a routing policy by using the keyword route-policy to set a preference for the matching RIPng routes.
Usage guidelines After executing the command, you are prompted whether you want to reset the RIPng process. Examples # Reset RIPng process 100. reset ripng 100 process Warning : Reset RIPng process? [Y/N]:Y reset ripng statistics Use reset ripng statistics to clear the statistics of the specified RIPng process. Syntax reset ripng process-id statistics Views User view Default command level 1: Monitor level Parameters process-id: RIPng process ID, in the range of 1 to 65535.
Usage guidelines If no VPN is specified, the RIPng process is enabled for the public network. The specified VPN instance must have been created with the ip vpn-instance command. Before configuring global RIPng parameters, you must create a RIPng process. This requirement does not apply to interface RIPng parameter configuration. After you disable a RIPng process, the RIPng parameters on interface running the process also become ineffective. Examples # Create RIPng process 100 and enter its view.
Examples # Advertise only the default route through GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ripng default-route only # Advertise the default route together with other routes through GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ripng default-route originate ripng enable Use ripng enable to enable RIPng on the specified interface.
Views Interface view Default command level 2: System level Parameters policy-name: IPsec policy name, a string of 1 to 15 characters. Usage guidelines The IPsec policy to be applied must have been configured. Examples # Apply IPsec policy policy001 to interface GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ripng ipsec-policy policy001 ripng metricin Use ripng metricin to specify an additional metric for received RIPng routes.
ripng metricout Use ripng metricout to configure an additional metric for RIPng routes advertised by an interface. Use undo ripng metricout to restore the default. Syntax ripng metricout value undo ripng metricout Default The default additional routing metric is 1. Views Interface view Default command level 2: System level Parameters value: Additional metric to advertised routes, in the range of 1 to 16. Examples # Set the additional metric to 12 for routes advertised by GigabitEthernet 0/1.
system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ripng poison-reverse ripng split-horizon Use ripng split-horizon to enable the split horizon function. Use undo ripng split-horizon to disable the split horizon function. Syntax ripng split-horizon undo ripng split-horizon Default The split horizon function is enabled. Views Interface view Default command level 2: System level Usage guidelines The split horizon function is necessary for preventing routing loops.
Parameters ipv6-address: Destination IPv6 address of the summary route. prefix-length: Prefix length of the destination IPv6 address of the summary route, in the range of 0 to 128. It indicates the number of consecutive 1s of the prefix, which defines the network ID. Usage guidelines Networks of the summary network will not be advertised. The cost of the summary route is the lowest cost among summarized routes.
• Suppress timer—Defines for how long a RIPng route stays in suppressed state. When the metric of a route is 16, the route enters the suppressed state. In suppressed state, only routes which come from the same neighbor and whose metric is less than 16 will be received by the router to replace unreachable routes. • Garbage-collect timer—Defines the interval from when the metric of a route becomes 16 to when it is deleted from the routing table.
OSPFv3 commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. abr-summary (OSPFv3 area view) Use abr-summary to configure an IPv6 summary route on an area border router. Use undo abr-summary to remove an IPv6 summary route. Then the summarized routes are advertised. Syntax abr-summary ipv6-address prefix-length [ not-advertise ] undo abr-summary ipv6-address prefix-length Default No route summarization is available on an ABR.
Syntax area area-id Views OSPFv3 view Default command level 2: System level Parameters area-id: ID of an area, a decimal integer (in the range of 0 to 4294967295 and changed to IPv4 address format by the system) or an IPv4 address. Usage guidelines The undo form of the command is not available. An area is removed automatically if no configuration is made and no interface is up in the area. Examples # Enter OSPFv3 Area 0 view.
If no cost value is configured for an interface, OSPFv3 computes the interface cost value automatically: Examples # Specify the reference bandwidth value as 1000 Mbps. system-view [Sysname] ospfv3 1 [Sysname-ospfv3-1] bandwidth-reference 1000 default cost Use default cost to configure a default cost for redistributed routes. Use undo default cost to restore the default. Syntax default cost value undo default cost Default The default cost is 1.
Views OSPFv3 area view Default command level 2: System level Parameters value: Specifies a cost for the default route advertised to the stub area, in the range of 0 to 65535. The default is 1. Usage guidelines Use of this command is only available on the ABR that is connected to a stub area. You have two commands to configure a stub area: stub, defaulted-cost. Use the stub command on routers connected to a stub area to configure the area as stub.
route in a Type-5 LSA into the OSPFv3 routing domain only when the default route exists in the routing table. cost value: Specifies a cost for the default route, in the range of 1 to 16777214. The default is 1. route-policy route-policy-name: Specifies a routing policy, the name of which is a case-sensitive string of 1 to 63 characters. type type: Specifies a type for the ASE LSA: 1 or 2. The default is 2. Usage guidelines Using the import-route command cannot redistribute a default route.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description SPF algorithm executed 1 times SPF algorithm is executed 1 time. Number of LSA Number of LSAs. These LSAs' checksum Sum Sum of all LSAs' checksum. Number of Unknown LSA Number of unknown LSAs. IPsec policy name IPsec policy used. SPI SPI defined in the IPsec policy. display ospfv3 interface Use display ospfv3 interface to display OSPFv3 interface information.
Timer interval configured, Hello: 10, Dead: 40, Wait: 40, Retransmit: 5 Hello due in 00:00:02 Neighbor Count is 1, Adjacent neighbor count is 1 IPsec policy name: policy001, SPI: 300 BFD: Enabled Table 176 Command output Field Description Interface ID Interface ID. IPv6 Prefixes IPv6 Prefix. OSPFv3 Process OSPFv3 Process. Area Area ID. Instance ID Instance ID. Router ID Router ID. Network Type Network type of the interface. Cost Cost value of the interface.
Syntax display ospfv3 [ process-id ] lsdb [ { external | inter-prefix | inter-router | intra-prefix | link | network | router } [ link-state-id ] [ originate-router router-id ] | total ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies ID of an OSPFv3 process, ranging from 1 to 65535. external: Displays information about AS-external LSAs. inter-prefix: Displays information about Inter-area-prefix LSAs.
0.0.0.0 1.1.1.1 0050 0x80000002 0x12d1 1 0.0.0.0 2.2.2.2 0048 0x80000002 0xa142 1 Table 177 Command output Field Description Link-LSA Type 8 LSA. Link State ID Link State ID. Origin Router Originating Router. Age Age of LSAs. Seq# LSA sequence number. CkSum LSA Checksum. Prefix Number of Prefixes. Router-LSA Router-LSA. Link Number of links. Network-LSA Network-LSA. Intra-Area-Prefix-LSA Type 9 LSA. Reference Type of referenced LSA.
Field Description Checksum LSA checksum. Length LSA length. Priority Router priority. Prefix Address prefix. # Display LSA statistics in the LSDB.
Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Views Any view Default command level 1: Monitor level Parameters process-id: Specifies ID of an OSPFv3 process, ranging from 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. area: Specifies to display neighbor information of the specified area. area-id: The ID of an area, a decimal integer that is translated into IPv4 address format by the system (in the range of 0 to 4294967295) or an IPv4 address. interface-type interface-number: Specifies an interface by its type and number. verbose: Display detailed neighbor information. peer-router-id: Router-ID of the specified neighbor.
Neighbor 1.1.1.1 is Full, interface address FE80::20F:E2FF:FE49:8050 In the area 0.0.0.1 via interface GigabitEthernet0/1 DR is 1.1.1.1 BDR is 2.2.2.2 Options is 0x000013 (-|R|-|-|E|V6) Dead timer due in 00:00:39 Neighbor is up for 00:25:31 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Table 183 Command output Field Description Neighbor Neighbor ID. interface address Interface address. In the area 0.0.0.
Examples # Display information about all OSPFv3 neighbors. display ospfv3 peer statistic OSPFv3 Router with ID (1.1.1.1) (Process 1) Neighbor Statistics ---------------------------------------------------------------------Area ID Down Init 2-way ExStar Exchange Loading Full 0.0.0.0 0 0 0 0 0 0 1 Total 0 0 0 0 0 0 1 Table 184 Command output Field Description Area ID Area ID.
inter-router: Displays the Inter-area-router LSA information of the OSPFv3 link state request list. intra-prefix: Displays the Intra-area-prefix LSA information of the OSPFv3 link state request list. link: Displays the Link LSA information of the OSPFv3 link state request list. network: Displays the Network-LSA information of the OSPFv3 link state request list. router: Displays the Router-LSA information of the OSPFv3 link state request list. link-state-id: Link state ID, in the format of an IPv4 address.
OSPFv3 Router with ID (11.1.1.1) (Process 1) Interface GE0/1 Neighbor 10.1.1.1 LSA-Count 0 Table 186 Command output Field Description Interface Interface name. Neighbor Neighbor router ID. LSA-Count Number of LSAs in the request list. display ospfv3 retrans-list Use display ospfv3 retrans-list to display the OSPFv3 link state retransmission list.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no process is specified, the link state retransmission list information of all OSPFv3 processes is displayed. Examples # Display the information of the OSPFv3 link state retransmission list. display ospfv3 retrans-list OSPFv3 Router with ID (11.1.1.1) (Process 1) Interface GE0/1 Area-ID 0.0.0.
Syntax display ospfv3 [ process-id ] routing [ ipv6-address prefix-length | ipv6-address/prefix-length | abr-routes | asbr-routes | all | statistics ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. ipv6-address: IPv6 address prefix. prefix-length: Prefix length, in the range of 0 to 128. abr-routes: Displays routes to ABR.
Field Description Cost Route cost value. Next-hop Next hop address. Interface Outbound interface. # Display the statistics of OSPFv3 routing table. display ospfv3 routing statistics OSPFv3 Router with ID (1.1.1.1) (Process 1) OSPFv3 Routing Statistics Intra-area-routes : 1 Inter-area-routes : 0 External-routes : 0 Table 190 Command output Field Description Intra-area-routes Number of Intra-area-routes. Inter-area-routes Number of inter-area routes.
OSPFv3 Statistics Interface GigabitEthernet0/1 Instance 0 Type Input Output Hello 189 63 DB Description 10 8 Ls Req 2 1 Ls Upd 16 6 Ls Ack 10 6 Discarded 0 0 Table 191 Command output Field Description Interface Interface name. Instance Instance number. Type Type of packet. Input Number of packets received by the interface. Output Number of packets sent by the interface. Hello Hello packet. DB Description Database description packet. Ls Req Link state request packet.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Parameters process-id: Specifies the ID of an OSPFv3 process, ranging from 1 to 65535. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description SPI SPI defined in the IPsec policy. enable ipsec-policy (OSPFv3 area view) Use enable ipsec-policy to apply an IPsec policy in the OSPFv3 area. Use undo enable ipsec-policy to remove the IPsec policy from the OSPFv3 area. Syntax enable ipsec-policy policy-name undo enable ipsec-policy Default No IPsec policy is applied in an area. Views OSPFv3 area view Default command level 2: System level Parameters policy-name: IPsec policy name, a string of 1 to 15 characters.
Views OSPFv3 view Default command level 2: System level Parameters acl6-number: Specifies the ACL6 number, ranging from 2000 to 3999. ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list, a string of up to 19 characters. bgp4+: Filters IPv6 BGP routes. direct: Filters direct routes. isisv6 process-id: Filters routes of an IPv6 IS-IS process. The process-id argument is in the range of 1 to 65535. ospfv3 process-id: Filters routes of an OSPFv3 process.
Examples # Filter all redistributed routes using IPv6 ACL 2001. system-view [Sysname] acl ipv6 number 2001 [Sysname-acl6-basic-2001] rule permit source 2002:1:: 64 [Sysname-acl6-basic-2001] quit [Sysname] ospfv3 [Sysname-ospfv3-1] filter-policy 2001 export # Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter redistributed routes.
The source keyword specifies the destination address of a route, and the destination keyword specifies the prefix of the route. (The prefix must be valid; otherwise, the configuration is ineffective.) Using the filter-policy import command only filters routes computed by OSPFv3. The routes that fail to pass are not added to the routing table. Examples # Filter received routes using the IPv6 prefix list abc.
Hardware Protocol keywords F1000-A-EI/F1000-S-EI bgp4+, direct, ospfv3, ripng, and static F1000-E bgp4+, direct, ospfv3, ripng, and static F5000 bgp4+, direct, isisv6, ospfv3, ripng, and static F5000-S/F5000-C bgp4+, direct, ospfv3, ripng, and static VPN firewall modules bgp4+, direct, ospfv3, ripng, and static 20-Gbps VPN firewall modules bgp4+, direct, ospfv3, ripng, and static process-id: Process ID of the routing protocol, in the range of 1 to 65536. It defaults to 1.
Usage guidelines With this feature enabled, information about neighbor state changes of the current OSPFv3 process will display on the configuration terminal. Examples # Disable the logging on neighbor state changes of OSPFv3 process 100. system-view [Sysname] ospfv3 100 [Sysname-ospfv3-100] undo log-peer-change maximum load-balancing (OSPFv3 view) Use maximum load-balancing to configure the maximum number of equal-cost multi-path (ECMP) routes for load balancing.
Views System view Default command level 2: System level Parameters process-id: OSPFv3 process ID, ranging from 1 to 65535. The process ID defaults to 1. vpn-instance vpn-instance-name: Specifies a VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the OSPFv3 process belongs to the public network. Usage guidelines An OSPFv3 process can run correctly only when router ID is configured in OSPFv3 view.
Examples # Enable OSPFv3 process 1 on an interface that belongs to instance 1 and specify area 1 for GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospfv3 1 area 1 instance 1 ospfv3 bfd enable Use ospfv3 bfd enable to enable BFD for link failure detection on an OSPFv3 interface. Use undo ospfv3 bfd enable to disable BFD on the OSPFv3 interface.
ospfv3 cost Use ospfv3 cost to configure the OSPFv3 cost of the interface in an instance. Use undo ospfv3 cost to restore the default OSPFv3 cost of the interface in an instance.
Default command level 2: System level Parameters priority: DR priority, in the range of 0 to 255. instance-id: ID of the instance an interface belongs to, in the range of 0 to 255, which defaults to 0. Usage guidelines An interface's DR priority determines its privilege in DR/BDR selection, and the interface with the highest priority is preferred. Examples # Set the DR priority for GigabitEthernet 0/1 in instance 1 to 8.
ospfv3 mtu-ignore Use ospfv3 mtu-ignore to configure an interface to ignore MTU check during DD packet exchange. Use undo ospfv3 mtu-ignore to restore the default. Syntax ospfv3 mtu-ignore [ instance instance-id ] undo ospfv3 mtu-ignore [ instance instance-id ] Default An interface performs MTU check during DD packet exchange. A neighbor relationship can be established only if the interface's MTU is the same as that of the peer.
Parameters broadcast: Specifies the network type as Broadcast. nbma: Specifies the network type as NBMA. p2mp: Specifies the network type as P2MP. p2p: Specifies the network type as P2P. non-broadcast: Specifies the interface to send packets in unicast mode. By default, an OSPFv3 interface whose network type is P2MP sends packets in multicast mode. instance-id: The instance ID of an interface, in the range of 0 to 255, which defaults to 0. Examples # Configure the NBMA network type for GigabitEthernet 0/1.
ospfv3 timer dead Use ospfv3 timer dead to configure the OSPFv3 neighbor dead time for an interface that belongs to a specified instance. Use undo ospfv3 timer dead to restore the default. Syntax ospfv3 timer dead seconds [ instance instance-id ] undo ospfv3 timer dead [ seconds ] [ instance instance-id ] Default The OSPFv3 neighbor dead time is 40 seconds for P2P and Broadcast interfaces, and is not supported on P2MP and NBMA interfaces.
Default The hello interval is 10 seconds for P2P and Broadcast interfaces and is not supported on the P2MP or NBMA interfaces. Views Interface view Default command level 2: System level Parameters seconds: Interval between hello packets, ranging from 1 to 65535. instance-id: Instance ID of an interface, in the range of 0 to 255, which defaults to 0. Examples # Configure the hello interval as 20 seconds for GigabitEthernet 0/1 in instance 1.
Examples # Configure the LSA retransmission interval on GigabitEthernet 0/1 in instance 1 as 12 seconds. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] ospfv3 timer retransmit 12 instance 1 ospfv3 timer poll Use ospfv3 timer poll to set the poll interval on an NBMA interface. Use undo ospfv3 timer poll to restore the default value.
Default command level 2: System level Parameters seconds: Transmission delay in seconds, ranging from 1 to 3600. instance-id: Instance ID of an interface, in the range of 0 to 255, with the default as 0. Usage guidelines As LSAs are aged in the LSDB (incremented by 1 every second) but not aged on transmission, it is necessary to add a delay time to the age time before sending a LSA. This configuration is important for low-speed networks.
Examples # Set a preference of 150 for OSPFv3 routes. system-view [Sysname] ospfv3 1 [Sysname-OSPFv3-1] preference 150 router-id Use router-id to configure the OSPFv3 router ID. Use undo router-id to remove a configured router ID. Syntax router-id router-id undo router-id Views OSPFv3 view Default command level 2: System level Parameters router-id: 32-bit router ID, in IPv4 address format. Usage guidelines Router ID is the unique identifier of a device running an OSPFv3 process in the AS.
Default An interface is able to receive and send OSPFv3 packets. Views OSPFv3 view Default command level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. all: Specifies all interfaces. Usage guidelines Multiple processes can disable the same interface from receiving and sending OSPFv3 packets, but use of the silent-interface command takes effect only on interfaces enabled with the current process.
hold-interval: Hold interval in seconds between two consecutive SPF calculations, in the range of 0 to 65535. Usage guidelines An OSPFv3 router works out a shortest path tree with itself as root based on the LSDB and decides on the next hop to a destination network according the tree. Adjusting the SPF calculation interval can restrain bandwidth and router resource from over consumption due to frequent network changes.
Related commands default-cost vlink-peer (OSPFv3 area view) Use vlink-peer to create and configure a virtual link. Use undo vlink-peer to remove a virtual link.
IPv6 IS-IS commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information. This document describes only IPv6 IS-IS exclusive commands.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no level is specified, this command displays both Level-1 and Level-2 routing information. Examples # Display IPv6 IS-IS routing information.
Field Description Routing information status flags: • • • • Flag/Flags D—This is a direct route. R—The route has been added into the routing table. L—The route has been advertised in an LSP. U—Route leaking flag, indicating that the Level-1 route is from Level-2. U means the route will not be returned to Level-2. Cost Route cost. Next Hop Next hop. Interface Outbound interface. # Display detailed IPv6 IS-IS routing information of VPN instance 1.
Table 195 Command output Field Description IPV6 Dest IPv6 destination address and prefix. Cost Route cost. Routing information status flags: Flag/Flags • • • • D—This is a direct route. R—The route has been added into the routing table. L—The route has been advertised in an LSP. U—Route leaking flag, indicating the Level-1 route is from Level-2. U means the route will not be returned to Level-2. Admin Tag Administrative tag. Src Count Number of advertisement sources. Next Hop Next hop.
in L2 LSPs, and use the apply isis level-1-2 in routing policy view to generate a default route in L1 and L2 LSPs. If no level is specified, this command generates a default route for Level-2. Examples # Configure the router to generate a default route in a Level-2 LSP. system-view [Sysname] isis 1 [Sysname-isis-1] ipv6 default-route-advertise Related commands apply isis ipv6 enable Use ipv6 enable to enable IPv6 for an IS-IS process. Use undo ipv6 enable to disable IPv6.
Default The filtering is disabled. Views IS-IS view Default command level 2: System level Parameters acl6-number: Number of a basic or advanced IPv6 ACL used to filter redistributed routes before advertisement, in the range of 2000 to 3999. For ACL information, see Access Control Configuration Guide. ipv6-prefix-name: Name of an IPv6 prefix list used to filter the redistributed routes before advertisement, a case-sensitive string of 1 to 19 characters.
system-view [Sysname] acl ipv6 number 3000 [Sysname-acl6-adv-3000] rule 10 permit ipv6 source 2001::1 128 destination ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 128 [Sysname-acl6-adv-3000] rule 100 deny ipv6 [Sysname-acl6-adv-3000] quit [Sysname] isis 1 [Sysname-isis-1] ipv6 filter-policy 3000 export Related commands ipv6 filter-policy import ipv6 filter-policy import Use ipv6 filter-policy import to configure IPv6 IS-IS to filter the received routes.
The source keyword specifies the destination address of a route, and the destination keyword specifies the prefix of the route. (The prefix must be valid; otherwise, the configuration is ineffective.) Examples # Reference the IPv6 ACL 2003 to filter the received routes. system-view [Sysname] isis 1 [Sysname-isis-1] ipv6 filter-policy 2003 import # Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter the received routes.
level-1-2: Redistributes routes into Level-1 and Level-2 routing tables. level-2: Redistributes routes into the Level-2 routing table. route-policy-name: Name of a routing policy used to filter routes when they are being redistributed, a case-sensitive string of 1 to 63 characters. tag: Specifies a administrative tag number for the redistributed routes, in the range of 1 to 4294967295. allow-ibgp: Allows redistributing IBGP routes. This keyword is available only when the protocol is bgp4+.
Usage guidelines The route leaking feature enables a Level-1-2 router to advertise routes destined to other Level-2 areas to the Level-1 and Level-1-2 routers in the local area. Examples # Enable IPv6 IS-IS route leaking from Level-2 to Level-1. system-view [Sysname] isis 1 [Sysname-isis-1] ipv6 import-route isisv6 level-2 into level-1 ipv6 import-route limit Use ipv6 import-route limit to configure the maximum number of redistributed Level 1/Level 2 IPv6 routes.
Default The maximum number of ECMP routes is 8. Views IS-IS view Default command level 2: System level Parameters number: Maximum number of ECMP routes, in the range of 1 to 8. Usage guidelines Configure the maximum number of ECMP routes according to the memory capacity. Examples # Configure the maximum number of ECMP routes as 2. system-view [Sysname] isis 100 [Sysname-isis-100] ipv6 maximum load-balancing 2 ipv6 preference Use ipv6 preference to configure the preference for IPv6 IS-IS.
[Sysname] isis 1 [Sysname-isis-1] ipv6 preference 20 ipv6 summary Use ipv6 summary to configure an IPv6 IS-IS summary route. Use undo ipv6 summary to remove the summary route. Syntax ipv6 summary ipv6-prefix prefix-length [ avoid-feedback | generate_null0_route | [ level-1 | level-1-2 | level-2 ] | tag tag ] * undo ipv6 summary ipv6-prefix prefix-length [ level-1 | level-1-2 | level-2 ] Default Route summarization is disabled.
Use undo isis ipv6 enable to disable the configuration. Syntax isis ipv6 enable [ process-id ] undo isis ipv6 enable Default IPv6 is disabled for an IS-IS process. Views Interface view Default command level 2: System level Parameters process-id: Specifies an IS-IS process by its ID, in the range of 1 to 65535. The default is 1. Examples # Enable global IPv6, create IS-IS routing process 1, enable IPv6 for the process, and enable IPv6 for the process on GigabitEthernet 1/1.
IPv6 BGP commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. aggregate (IPv6 address family view) Use aggregate to create an IPv6 summary route in the IPv6 BGP routing table. Use undo aggregate to remove an IPv6 summary route.
Keywords Function detail-suppressed This keyword does not suppress the summary route, but it suppresses the advertisement of all the more specific routes. To summarize only some specific routes, use the peer filter-policy command. suppress-policy Used to create a summary route and suppress the advertisement of some summarized routes. If you want to suppress some routes selectively and leave other routes still advertised, use the if-match clause of the route-policy command.
Hardware Value range F1000-A-EI/F1000-S-EI 1 to 8 F1000-E 1 to 8 F5000 1 to 16 F5000-S/F5000-C 1 to 8 VPN firewall modules 1 to 8 20-Gbps VPN firewall modules 1 to 8 Usage guidelines Unlike IGP, BGP has no explicit metric for making load balancing decision. Instead, it implements load balancing by defining its routing rule. If you do not provide the ibgp or the ebgp keyword, this command configures load balancing for all IPv6 BGP routes.
Syntax bestroute as-path-neglect undo bestroute as-path-neglect Default The router takes AS_PATH as a factor when selecting the best route. Views IPv6 address family view Default command level 2: System level Examples # Ignore AS_PATH in route selection. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] bestroute as-path-neglect bestroute compare-med (IPv6 address family view) Use bestroute compare-med to enable the comparison of the MED for paths from each AS.
bestroute med-confederation (IPv6 address family view) Use bestroute med-confederation to enable the comparison of the MED for paths from confederation peers for best route selection. Use undo bestroute med-confederation to disable the configuration. Syntax bestroute med-confederation undo bestroute med-confederation Default This comparison is not enabled.
Usage guidelines If several paths are available for one destination, the path with the smallest MED value is selected. Do not use this command unless associated ASs adopt the same IGP protocol and routing selection method. Examples # Enable to compare the MED for paths from peers in different ASs.
Examples # Enable IPv6 BGP route dampening and configure route dampening parameters.
default med (IPv6 address family view/IPv6 BGP-VPN instance view) Use default med to specify the default MED value. Use undo default med to restore the default. Syntax default med med-value undo default med Default The default med-value is 0. Views IPv6 address family view, IPv6 BGP-VPN instance view Default command level 2: System level Parameters med-value: MED value, in the range of 0 to 4294967295. Usage guidelines The multi-exit discriminator (MED) is an external metric of a route.
Default The redistribution is not enabled. Views IPv6 address family view, IPv6 BGP-VPN instance view Default command level 2: System level Examples # Enable the redistribution of default route from OSPFv3 into IPv6 BGP. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] default-route imported [Sysname-bgp-af-ipv6] import-route ospfv3 1 display bgp ipv6 group Use display bgp ipv6 group to display IPv6 peer group information.
Maximum allowed prefix number: 4294967295 Threshold: 75% Configured hold timer value: 180 Keepalive timer value: 60 Minimum time between advertisement runs is 15 seconds Peer Preferred Value: 0 No routing policy is configured BFD: Enabled Members: Peer 2001::1 AS MsgRcvd 100 0 MsgSent OutQ PrefRcv Up/Down 0 0 State 0 00:00:07 Idle Table 197 Command output Field Description BGP peer-group Name of the peer group. AS number of the peer group.
Field Description Routing policy configured A routing policy is configured. No routing policy is configured No routing policy is configured. Members Group members. Peer IPv6 address of the peer. AS AS number. MsgRcvd Number of messages received. MsgSent Number of messages sent. OutQ Number of messages to be sent. PrefRcv Number of prefixes received. Up/Down Lasting time of a session/lasting time of present state (when no session is established). State State machine state of peer.
2001:: 64 Short-cut Table 198 Command output Field Description Network Network address. Prefix Prefix length. Route-policy Routing policy. (A null value indicates that no routing policy is configured.) Short-cut Shortcut route. (A null value indicates that the route is not a shortcut route.) display bgp ipv6 paths Use display bgp ipv6 paths to display IPv6 BGP path information.
Field Description Hash Hash index. Refcount Count of routes that used the path. MED MED of the path. Path AS_PATH attribute of the path, recording the ASs it has passed, for avoiding routing loops. Origin attribute of the route, which can take on one of the following values: • i—Indicates that the route is interior to the AS. Summary routes and routes defined using the network command are considered IGP routes.
display bgp ipv6 peer BGP local router ID : 192.168.1.40 Local AS number : 100 Total number of peers : 1 Peer 2001::1 Peers in established state : 0 AS MsgRcvd 100 0 MsgSent OutQ PrefRcv Up/Down 0 0 State 0 00:02:02 Active Table 200 Command output Field Description BGP local router ID Local router ID. Local AS number Local AS number. Total number of peers Total number of BGP peers. Peers in established state Number of established BGP peers. Peer IPv6 address of the peer.
Forwarding State preserved by Peer for following Address families: Address family IPv6 Unicast: advertised and received Received: Total 4 messages, Update messages 1 Sent: Total 6 messages, Update messages 3 Maximum allowed prefix number: 4294967295 Threshold: 75% Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled Peer Preferred Value: 0 Routing policy configured: No routing policy is configured # Display the detailed information of IPv6 B
Field Description Peer optional capabilities: Peer support bgp multi-protocol extended Peer support bgp route refresh capability Optional capabilities supported by the BGP peer: • Multi-protocol extension for BGP. • Route-refresh feature. • 4-byte AS number.
Error/SubError 10-Jul-2008 15:46:17 Down Send Notification with Error 1/1 Message Header Error/Connection Not Synchronized 10-Jul-2008 09:23:00 Up 10-Jul-2008 07:46:17 Down Receive Notification with Error 3/2 UPDATE Message Error/Unsupported optional Parameter 10-Jul-2008 06:23:00 Up 10-Jul-2008 05:46:17 Down Send Notification with Error 6/4 Administrative Reset Table 202 Command output Field Description Peer IPv6 address of the peer. Date Date on which the Notification was sent or received.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the prefix information in the ORF packet from the BGP peer 4::4.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the IPv6 BGP routing table. display bgp ipv6 routing-table Total Number of Routes: 2 BGP Local router ID is 30.30.30.
Field Description Path AS_PATH attribute, recording the ASs the packet has passed to avoid routing loops. PrefVal Preferred value. Origin attribute of the route: • i—Indicates that a route is interior to the AS. Summary routes and the routes configured using the network command are considered IGP routes. Ogn • e—Indicates that a route is learned from the exterior gateway protocol (EGP). • ?—Short for INCOMPLETE.
MED : 0 Path/Ogn: i For command output, see Table 204. display bgp ipv6 routing-table community Use display bgp ipv6 routing-table community to display the routing information with the specified community attribute.
PrefVal : 0 MED Label : NULL : 0 Path/Ogn: i For command output, see Table 204. display bgp ipv6 routing-table community-list Use display bgp ipv6 routing-table community-list to view the routing information matching the specified IPv6 BGP community list.
display bgp ipv6 routing-table dampened Use display bgp ipv6 routing-table dampened to display the IPv6 BGP dampened routes. Syntax display bgp ipv6 routing-table dampened [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Syntax display bgp ipv6 routing-table dampening parameter [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Syntax display bgp ipv6 routing-table different-origin-as [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Parameters as-regular-expression: AS path regular expression to be matched, a string of 1 to 80 characters. as-path-acl-number: Number of the specified AS path list to be matched, ranging from 1 to 256. ipv6-address: IPv6 address of a route to be displayed. prefix-length: Prefix length of the IPv6 address, in the range of 0 to 128. longer-match: Matches the longest prefix. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
advertised-routes: Routing information advertised to the specified peer. received-routes: Routing information received from the specified peer. network-address prefix-length: IPv6 address and prefix length. The prefix length ranges from 0 to 128. statistic: Displays route statistics. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Default command level 1: Monitor level Parameters as-regular-expression: AS regular expression, a string of 1 to 80 characters. Examples # Display routing information matching the specified AS regular expression. display bgp ipv6 routing-table regular-expression ^100 BGP Local router ID is 20.20.20.
filter-policy export (IPv6 address family view/IPv6 BGP-VPN instance view) Use filter-policy export to filter outbound routes using a specified filter. Use undo filter-policy export to cancel filtering outbound routes. Syntax filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ protocol process-id ] undo filter-policy export [ protocol process-id ] Default No outbound routing information is filtered.
• To deny/permit a route with the specified destination, use rule [ rule-id ] { deny | permit } ipv6 source sour sour-prefix. • To deny/permit a route with the specified destination and prefix, use rule [ rule-id ] { deny | permit } ipv6 source sour sour-prefix destination dest dest-prefix. The source keyword specifies the destination address of a route, and the destination keyword specifies the prefix of the route. (The prefix must be valid; otherwise, the configuration is ineffective.
ipv6-prefix-name: Name of an IPv6 prefix list used to match against the destination address field of routing information, a string of 1 to 19 characters. Usage guidelines To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL in one of the following ways: • To deny/permit a route with the specified destination, use rule [ rule-id ] { deny | permit } ipv6 source sour sour-prefix.
internal: Creates an IBGP peer group. external: Creates an EBGP peer group, which can be a group of another sub AS in the confederation. Usage guidelines An IBGP peer group will be created if neither internal nor external is selected. Examples # Create an IBGP peer group named test.
[Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] import-route ripng 1 ipv6-family Use ipv6-family to enter IPv6 address family view. Use undo ipv6-family to remove all configurations from the IPv6 address family view. Use ipv6-family vpn-instance vpn-instance-name to enter IPv6 BGP-VPN instance view. Use undo ipv6-family vpn-instance vpn-instance-name to remove all configurations from the IPv6 BGP-VPN instance view.
Syntax network ipv6-address prefix-length [ route-policy route-policy-name | short-cut ] undo network ipv6-address prefix-length [ short-cut ] Default No route is advertised. Views IPv6 address family view, IPv6 BGP-VPN instance view Default command level 2: System level Parameters ipv6-address: IPv6 address. prefix-length: Prefix length of the address, in the range of 0 to 128. route-policy-name: Name of a routing policy, a string of 1 to 63 characters.
Parameters group-name: Name of an IPv4 or IPv6 peer group, a string of 1 to 47 characters. ipv4-address: IPv4 address of a peer. ipv6-address: IPv6 address of a peer. Examples # Advertise the community attribute to the peer 1:2::3:4.
Syntax peer { group-name | ipv4-address | ipv6-address } allow-as-loop [ number ] undo peer { group-name | ipv4-address | ipv6-address } allow-as-loop Default The local AS number is not allowed to exist in the AS PATH attribute of routes. Views IPv6 address family view Default command level 2: System level Parameters group-name: Name of an IPv4 or IPv6 peer group, a string of 1 to 47 characters. ipv4-address: IPv4 address of a peer. ipv6-address: IPv6 address of a peer.
as-number: AS number of the peer/peer group, in the range of 1 to 4294967295. Examples # Configure peer group test in AS 200. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] group test external [Sysname-bgp-af-ipv6] peer test as-number 200 peer as-number (IPv6 BGP-VPN instance view) Use peer as-number to configure an IPv6 peer/peer group. Use undo peer ipv6-address to delete a peer.
Views IPv6 address family view Default command level 2: System level Parameters group-name: Name of an IPv4 or IPv6 peer group, a string of 1 to 47 characters. ipv4-address: IPv4 address of a peer. ipv6-address: IPv6 address of a peer. as-path-acl-number: Number of an AS path list, in the range of 1 to 256. import: Filters incoming routes. export: Filters outgoing routes. Examples # Specify the AS path list 3 to filter routes outgoing to the peer 1:2::3:4.
Hardware Compatibility F1000-A-EI/F1000-S-EI No F1000-E No F5000 Yes F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules No Examples # Enable BFD over the link to BGP peer 100::1. system-view [Sysname] bgp 100 [Sysname] ipv6-family [Sysname-bgp-af-ipv6] peer 100::1 bfd peer capability-advertise orf Use peer capability-advertise orf to enable the ORF capability for a BGP peer or peer group.
Usage guidelines After you enable the ORF capability, the local BGP router negotiates the ORF capability with the BGP peer through Open messages. After that, the BGP router can process route-refresh messages carrying the standard ORF information from the peer or send route-refresh messages carrying the standard ORF information to the peer. For non-standard ORF capability negotiation, you need also to configure the peer capability-advertise orf non-standard command.
Parameters group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. Parameters This command needs to be configured when the peer supports only non-standard ORF. Examples # Enable the non-standard ORF capability for the BGP peer 1:2::3:4 (suppose the BGP peer 1:2::3:4 can only send non-standard ORF packets).
peer capability-advertise suppress-4-byte-as (IPv6 address family view) Use peer capability-advertise suppress-4-byte-as to enable 4-byte AS number suppression. Use undo peer capability-advertise suppress-4-byte-as to disable the function. Syntax peer { group-name | ipv6-address } capability-advertise suppress-4-byte-as undo peer { group-name | ipv6-address } capability-advertise suppress-4-byte-as Default The 4-byte AS number suppression function is disabled.
Views IPv6 BGP-VPN instance view Default command level 2: System level Parameters ipv6-address: IPv6 address of a peer. Usage guidelines The device supports 4-byte AS numbers and uses 4-byte AS numbers by default. If the peer devices support only 2-byte AS numbers, you must enable the 4-byte AS number suppression function on the device. If the peer device supports 4-byte AS numbers, do not enable the suppression function. Otherwise, the BGP peer relationship cannot be established.
Usage guidelines To enhance stability of IPv6 BGP connections, HP recommends using a loopback interface as the source interface for establishing a TCP connection. To establish multiple BGP connections to a BGP router, specify on the local router the respective source interfaces for establishing TCP connections to the peers on the peering BGP router.
[Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 default-route-advertise peer description (IPv6 address family view) Use peer description to configure the description information for a peer/peer group. Use undo peer description to remove the description information of a peer/peer group. Syntax peer { ipv6-group-name | ipv6-address } description description-text undo peer { ipv6-group-name | ipv6-address } description Default No description information is configured for a peer (group).
Default This feature is disabled. Views IPv6 address family view Default command level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. hop-count: Maximum hop count, in the range of 1 to 255. Usage guidelines You can use the argument hop-count to specify the maximum router hops of the EBGP connection. Examples # Allow establishing the EBGP connection with the peer group test on an indirectly connected network.
Usage guidelines If an IPv4 peer or peer group is disabled, the router does not exchange routing information with it. Examples # Enable peer 1.1.1.1. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1.1.1.1 enable # Enable peer 1::1.
peer filter-policy (IPv6 address family view) Use peer filter-policy to configure an ACL-based filter policy for a peer or peer group. Use undo peer filter-policy to remove the configuration. Syntax peer { group-name | ipv4-address | ipv6-address } filter-policy acl6-number { import | export } undo peer { group-name | ipv4-address | ipv6-address } filter-policy [ acl6-number ] { import | export } Default No ACL-based filter policy is configured for a peer or peer group.
Views IPv6 address family view Default command level 2: System level Parameters group-name: Name of an IPv4 or IPv6 peer group, a string of 1 to 47 characters. ipv4-address: IPv4 address of a peer. ipv6-address: IPv6 address of a peer. as-number: Specifies the AS number of the peer/peer group, in the range of 1 to 4294967295. Examples # Create a peer group named test and add the peer 1:2::3:4 to the peer group.
Examples # Terminate the session with peer 1:2::3:4. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 ignore peer ipv6-prefix Use peer ipv6-prefix to specify an IPv6 prefix list to filter routes incoming from or outgoing to a peer or peer group. Use undo peer ipv6-prefix to remove the configuration.
Syntax peer { group-name | ipv6-address } ipsec-policy policy-name undo peer { group-name | ipv6-address } ipsec-policy Default No IPsec policy is applied to any peer or peer group. Views IPv6 address family view Default command level 2: System level Parameters group-name: Name of an IPv6 peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. policy-name: IPsec policy name, a string of 1 to 15 characters.
Parameters group-name: Name of an IPv4 or IPv6 peer group, a string of 1 to 47 characters. ipv4-address: IPv4 address of a peer. ipv6-address: IPv6 address of a peer. Examples # Save routing information from peer 1:2::3:4. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 keep-all-routes peer label-route-capability (IPv6 address family view) Use peer label-route-capability to enable exchange of labeled IPv6 routes with the peer/peer group.
Syntax peer { ipv6-group-name | ipv6-address } log-change undo peer { ipv6-group-name | ipv6-address } log-change Default The logging is enabled. Views IPv6 address family view Default command level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. Examples # Enable the logging of session state and event information of peer 1:2::3:4.
system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] group test internal [Sysname-bgp-af-ipv6] peer test next-hop-local peer password Use peer password to configure BGP to perform MD5 authentication when a TCP connection is being established with a peer/peer group. Use undo peer password to restore the default.
• On the peer device: system-view [Sysname] bgp 4 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:3 password cipher aabbcc peer preferred-value (IPv6 address family view) Use peer preferred-value to assign a preferred value to routes received from a peer or peer group. Use undo peer preferred-value to restore the default.
peer preferred-value (IPv6 BGP-VPN instance view) Use peer preferred-value to assign a preferred value to routes received from a peer or peer group. Use undo peer preferred-value to restore the default. Syntax peer ipv6-address preferred-value value undo peer ipv6-address [ preferred-value ] Default Routes received from a peer or peer group have a preferred value of 0. Views IPv6 BGP-VPN instance view Default command level 2: System level Parameters ipv6-address: IPv6 address of a peer.
Default BGP updates carry the private AS number. Views IPv6 address family view Default command level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer. Usage guidelines The command does not take effect if the BGP update has both the public AS number and private AS number. The range of private AS number is from 64512 to 65535. Examples # Configure BGP updates sent to the peer 1:2::3:4 to not carry private AS numbers.
system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] group test [Sysname-bgp-af-ipv6] peer test reflect-client Related commands • reflect between-clients • reflector cluster-id peer route-limit (IPv6 address family view) Use peer route-limit to set the maximum number of prefixes that can be received from a peer/peer group. Use undo peer route-limit to restore the default.
Examples # Set the number of prefixes allowed to receive from the peer 1:2::3:4 to 100. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 route-limit 100 peer route-policy (IPv6 address family view) Use peer route-policy to apply a routing policy to routes incoming from or outgoing to a peer or peer group. Use undo peer route-policy to remove the configuration.
[Sysname-bgp-af-ipv6] peer test route-policy test-policy import peer route-policy (IPv6 BGP-VPN instance view) Use peer route-policy to apply a routing policy to routes incoming from or outgoing to a peer or peer group. Use undo peer route-policy to remove the configuration. Syntax peer ipv6-address route-policy route-policy-name { export | import } undo peer ipv6-address [ route-policy route-policy-name { export | import } ] Default No routing policy is specified for the peer (group).
Syntax peer { ipv6-group-name | ipv6-address } route-update-interval interval undo peer { ipv6-group-name | ipv6-address } route-update-interval Default The interval is 15 seconds for the IBGP peer, and 30 seconds for the EBGP peer. Views IPv6 address family view Default command level 2: System level Parameters ipv6-group-name: Name of a peer group, a string of 1 to 47 characters. ipv6-address: IPv6 address of a peer.
Examples # Substitute the local AS number for the AS number of peer 1:2::3:4. system-view [Sysname] bgp 100 [Sysname-bgp] ipv6-family [Sysname-bgp-af-ipv6] peer 1:2::3:4 substitute-as peer timer (IPv6 address family view) Use peer timer to configure the keepalive interval and the holdtime interval for a peer or peer group. Use undo peer timer to restore the default.
[Sysname-bgp-af-ipv6] peer test timer keepalive 60 hold 180 # Configure both the keepalive interval and holdtime interval for peer group test as 0 seconds, indicating the peer group will never time out.
reflect between-clients (IPv6 address family view) Use reflect between-clients to enable route reflection between clients. Use undo reflect between-clients to disable this function. Syntax reflect between-clients undo reflect between-clients Default Route reflection between clients is enabled. Views IPv6 address family view Default command level 2: System level Usage guidelines After a route reflector is configured, it reflects routes between clients.
Parameters cluster-id: Specifies the cluster ID of the route reflector, an integer from 1 to 4294967295 (the system translates it into an IPv4 address) or an IPv4 address. Usage guidelines Typically, a cluster has only one route reflector, so the router ID of the route reflector identifies the cluster. If multiple route reflectors are configured to improve the stability of the network, use this command to configure the identical cluster ID for all the reflectors to avoid routing loops.
To perform IPv4/IPv6 BGP soft reset, all routers in the network should support route-refresh. If a router not supporting route refresh exists in the network, use the peer keep-all-routes command on the local router to save all route updates before performing soft reset. Examples # Soft reset inbound IPv6 BGP connections. refresh bgp ipv6 all import reset bgp ipv6 Use reset bgp ipv6 to reset specified IPv4/IPv6 BGP connections.
Parameters ipv6-address: IPv6 address prefix-length: Prefix length of the address, in the range of 0 to 128. Usage guidelines If no ipv6-address prefix-length is specified, all dampened IPv6 BGP route information is cleared. Examples # Clear the dampened information of routes to 2345::/64 and release suppressed routes. reset bgp ipv6 dampening 2345:: 64 reset bgp ipv6 flap-info Use reset bgp ipv6 flap-info to clear IPv6 routing flap statistics.
Use undo router-id to remove a router ID. Syntax router-id router-id undo router-id Views BGP view Default command level 2: System level Parameters router-id: Router ID in IP address format. Usage guidelines To run IPv6 BGP protocol, a router must have a router ID, an unsigned 32-bit integer and the unique ID of the router in the AS. Specify a router ID manually, or the system selects the highest IPv4 address among loopback interface addresses as the router ID.
Parameters None Usage guidelines With this feature enabled and when a non-BGP router is responsible for forwarding packets in an AS, IPv6 BGP speakers in the AS cannot advertise routing information to other ASs unless all routers in the AS know the latest routing information. Examples # Enable the route synchronization between IPv6 BGP and IGP.
If neither the holdtime interval nor the keepalive interval is configured as 0, the holdtime interval must be at least three times the keepalive interval. The configured timers apply to all IPv6 BGP peers, but they become valid for an IPv6 BGP peer only after the relevant IPv6 BGP connection is reset. After this command is executed, no peer connection is closed at once. The configured hold time is used for negotiation when a peer relationship is reestablished.
IPv6 routing table displaying commands The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. display ipv6 routing-table Use display ipv6 routing-table to display brief IPv6 routing table information, including destination IP address and prefix, protocol type, priority, metric, next hop and output interface. Use display ipv6 routing-table verbose to display detailed information about all IPv6 routes, including both active and inactive routes.
Destination: ::1/128 Protocol NextHop : ::1 Preference: 0 : Direct Interface : InLoop0 Cost : 0 Table 210 Command output Field Description Destination IPv6 address of the destination network/host. NextHop Next hop address of the route. Preference Preference of the route. Interface Output interface. Protocol Protocol that installed the route. Cost Cost of the route. # Display detailed routing table information.
Field Description State of the route: • • • • State Active. Inactive. Adv (advertised) NoAdv (not advertised) Cost Cost of the route. Age Time that has elapsed since the route was generated. display ipv6 routing-table acl Use display ipv6 routing-table acl to display routing information permitted by a specific IPv6 basic ACL.
Interface : InLoop0 Cost : 0 Destination : 1:1::/64 Protocol : Static NextHop : :: Preference: 60 Interface : NULL0 Cost : 0 For command output, see Table 210. display ipv6 routing-table ipv6-address Use display ipv6 routing-table ipv6-address to display information about routes to an IPv6 destination address. Use display ipv6 routing-table ipv6-address1 ipv6-address2 to display information about routes to a range of IPv6 destination addresses.
• display ipv6 routing-table ipv6-address: { { The system ANDs the input destination IPv6 address with the prefix length in each route entry. The system ANDs the destination IPv6 address in each route entry with the prefix length in each entry. If the two operations yield the same result for an entry and this entry is active, it is displayed. • display ipv6 routing-table ipv6-address prefix-length: { The system ANDs the input destination IPv6 address with the input prefix length.
Destination: 10::/64 Protocol NextHop : :: Preference: 60 : Static Interface : NULL0 Cost : 0 Destination: 10::/68 Protocol : Static NextHop : :: Preference: 60 Interface : NULL0 Cost : 0 # Display brief information about the routes with destination IPv6 address 10::1 and the longest prefix length.
Syntax display ipv6 routing-table [ vpn-instance vpn-instance-name ] ipv6-prefix ipv6-prefix-name [ verbose ] [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters. Without this option, the command displays routing information for the public network.
Parameters vpn-instance vpn-instance-name: Specifies an VPN by its name, a case-sensitive string of 1 to 31 characters. Without this option, the command displays routing information for the public network. protocol: Specifies a routing protocol. It can be bgp4+, direct, isisv6, ospfv3, ripng, and static.
display ipv6 routing-table statistics Use display ipv6 routing-table statistics to display IPv6 route statistics. Syntax display ipv6 routing-table [ vpn-instance vpn-instance-name ] statistics [ | { begin | exclude | include } regular-expression ] Views Any view Default command level 1: Monitor level Parameters vpn-instance vpn-instance-name: Specifies a VPN by its name, a case-sensitive string of 1 to 31 characters. Without this option, the command displays routing information for the public network.
reset ipv6 routing-table statistics Use reset ipv6 routing-table statistics to clear IPv6 route statistics. Syntax reset ipv6 routing-table statistics protocol [ vpn-instance vpn-instance-name ] { protocol | all } Views User view Default command level 2: System level Parameters vpn-instance vpn-instance-name: Clears route statistics for a VPN specified by its name, a case-sensitive string of 1 to 31 characters. Without this option, the command clears routing statistics for the public network.
IPv6 policy-based routing commands apply default output-interface Use apply default output-interface to set a default output interface. Use undo apply default output-interface to remove the configuration. Syntax apply default output-interface interface-type interface-number undo apply default output-interface [ interface-type interface-number ] Views IPv6 policy node view Default command level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number.
Default command level 2: System level Parameters ipv6-address: Specifies the default next hop IPv6 address. Usage guidelines This command only applies to packets not finding a match in the routing table. You can specify up to five default next hops for per-flow load balancing. With a next hop specified, the undo apply ipv6-address default next-hop command removes the specified default next hop.
[Sysname] ipv6 policy-based-route aa permit node 11 [Sysname-pbr6-aa-11] apply ipv6-address next-hop 1::1 apply ipv6-precedence Use apply ipv6-precedence to set a preference or preference type for IPv6 packets. Use undo apply ipv6-precedence to remove the configuration. Syntax apply ipv6-precedence { type | value } undo apply ipv6-precedence Views IPv6 policy node view Default command level 2: System level Parameters type: Sets a preference type. value: Sets a preference value from 0 to 7 (inclusive).
Syntax apply output-interface interface-type interface-number undo apply output-interface [ interface-type interface-number ] Views IPv6 policy node view Default command level 2: System level Parameters interface-type interface-number: Specifies an interface by its type and number. Usage guidelines Five output interfaces at most can be specified for per-flow load sharing. A specified output interface must be P2P type.
include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If no policy name is specified, this command displays information about all policies. If a policy name is specified, this command displays information about the specified policy. Examples # Display all IPv6 policy information.
display ipv6 policy-based-route Policy Name interface pr02 local pr01 GigabitEthernet0/1 Table 215 Command output Field Description Policy Name Routing policy name. Local Local PBR. GigabitEthernet0/1 The policy is applied to GigabitEthernet 0/1 to implement IPv6 PBR. display ipv6 policy-based-route setup Use display ipv6 policy-based-route setup to display PBR configuration.
permit node 6: if-match acl6 2000 apply ipv6-address next-hop 1::1 # Display IPv6 local PBR configuration. display ipv6 policy-based-route setup local Local policy based routing configuration information: policy-based-route: test permit node 6: if-match acl6 2000 apply ipv6-address next-hop 1::1 Table 216 Command output Field Description policy Name Policy name. interface Interface where the policy is applied. Local means the policy is applied locally.
begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines Packets matching a deny-mode node are forwarded according to the routing table. Therefore, no statistics are available for such packets.
Parameters acl6-number: Specifies the IPv6 ACL number, in the range of 2000 to 3999. The number of a basic IPv6 ACL ranges from 2000 to 2999 and that of an advanced IPv6 ACL ranges from 3000 to 3999. Examples # Permit the packets matching ACL 2000. system-view [Sysname] ipv6 policy-based-route aa permit node 10 [Sysname-pbr6-aa-10] if-match acl6 2000 if-match packet-length Use if-match packet-length to define a packet length match criterion.
Views System view Default command level 2: System level Parameters policy-name: Specifies the policy name, a string of 1 to 19 characters. Usage guidelines You can configure only one IPv6 policy for local PBR. If you perform this command multiple times, only the last specified policy takes effect. Local PBR is used to route locally generated packets. Do not configure IPv6 local PBR unless required. Examples # Configure IPv6 local PBR based on policy AAA.
ipv6 policy-based-route (system view) Use ipv6 policy-based-route to create an IPv6 policy node, and enter IPv6 policy node view. If the specified IPv6 policy node already exists, the command directly places you into IPv6 policy node view. Use undo ipv6 policy-based-route to remove an IPv6 policy, an IPv6 policy node, or both.
reset ipv6 policy-based-route statistics 952
IPv6 multicast routing and forwarding commands The term "router" in this document refers to both routers and routing-capable firewalls. display multicast ipv6 boundary Use display multicast ipv6 boundary to display IPv6 multicast boundary information on the specified interfaces.
FF03::/16 GE0/1 Table 218 Command output Field Description IPv6 multicast boundary information IPv6 multicast boundary. Boundary IPv6 multicast group that corresponds to the IPv6 multicast boundary. Interface Boundary interface that corresponds to the IPv6 multicast boundary. Related commands multicast ipv6 boundary display multicast ipv6 forwarding-table Use display multicast ipv6 forwarding-table to display information about the IPv6 multicast forwarding table.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Field Description List of 1 outgoing interfaces: Outgoing interface list. 1: GigabitEthernet0/2 Interface type and number. Matched 146754 packets(10272780 bytes), Wrong If 0 packets (S, G)-matched packets (bytes), packets with incoming interface errors. Forwarded 139571 packets(9769970 bytes) (S, G) forwarded IPv6 multicast packets (bytes). Table 220 Major values of the Flags field (before the colon) Value Meaning 0x1 Indicates that a register-stop message must be sent.
• multicast ipv6 forwarding-table downstream-limit • multicast ipv6 forwarding-table route-limit display multicast ipv6 routing-table Use display multicast ipv6 routing-table to display information about the IPv6 multicast routing table.
Examples # Display information about the IPv6 multicast routing table. display multicast ipv6 routing-table IPv6 multicast routing table Total 1 entry 00001. (2001::2, FFE3::101) Uptime: 00:00:14 Upstream Interface: GigabitEthernet0/1 List of 1 downstream interface 1: GigabitEthernet0/2 Table 222 Command output Field Description IPv6 multicast routing table IPv6 multicast routing table. Total 1 entry Total number of (S, G) entries in the IPv6 multicast routing table.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Use undo multicast ipv6 boundary to delete the specified IPv6 multicast forwarding boundary or all IPv6 multicast forwarding boundaries. Syntax multicast ipv6 boundary { ipv6-group-address prefix-length | scope { scope-id | admin-local | global | organization-local | site-local } } undo multicast ipv6 boundary { ipv6-group-address prefix-length | scope { scope-id | admin-local | global | organization-local | site-local } | all } Default No multicast forwarding boundary is configured.
# Configure GigabitEthernet 0/1 to be the forwarding boundary of the IPv6 multicast groups in the admin-local scope. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] multicast ipv6 boundary scope 4 Related commands display multicast ipv6 boundary multicast ipv6 forwarding-table downstream-limit Use multicast ipv6 forwarding-table downstream-limit to configure the maximum number of downstream nodes for a single entry in the IPv6 multicast forwarding table.
undo multicast ipv6 forwarding-table route-limit Default The maximum number of entries in the IPv6 multicast forwarding table is 4096. Views System view Default command level 2: System level Parameters limit: Specifies the maximum number of entries in the IPv6 multicast forwarding table. The value ranges from 0 to 4096. Examples # Set the maximum number of entries in the IPv6 multicast forwarding table to 200.
multicast ipv6 longest-match Use multicast ipv6 longest-match to configure RPF route selection based on the longest match principle, namely, to select the route with the longest prefix as the RPF route. Use undo multicast ipv6 longest-match to restore the default. Syntax multicast ipv6 longest-match undo multicast ipv6 longest-match Default The route with the highest priority is selected as the RPF route.
[Sysname] multicast ipv6 routing-enable reset multicast ipv6 forwarding-table Use reset multicast ipv6 forwarding-table to clear forwarding entries from the IPv6 multicast forwarding table.
Syntax reset multicast ipv6 routing-table { { ipv6-source-address [ prefix-length ] | ipv6-group-address [ prefix-length ] | incoming-interface { interface-type interface-number | register } } * | all } Views User view Default command level 2: System level Parameters ipv6-source-address: Specifies an IPv6 multicast source address. ipv6-group-address: Specifies an IPv6 multicast group address, in the range of FFxy::/16, where x and y represent any hexadecimal number from 0 to F.
IPv6 PIM commands The term "router" in this document refers to both routers and routing-capable firewalls. bsm-fragment enable (IPv6 PIM view) Use bsm-fragment enable to enable bootstrap message (BSM) semantic fragmentation. Use undo bsm-fragment enable to disable BSM semantic fragmentation. Syntax bsm-fragment enable undo bsm-fragment enable Default BSM semantic fragmentation is enabled.
Default No restrictions exist for the BSR address range, and the BSR messages from any source are considered eligible. Views IPv6 PIM view Default command level 2: System level Parameters acl6-number: Specifies a basic IPv6 ACL number, in the range of 2000 to 2999. When an IPv6 ACL is defined, the source keyword in the rule command specifies a legal BSR source IPv6 address range. Examples # Configure a legal BSR address range so that only devices on the segment 2001::2/64 can become the BSR.
Usage guidelines IPv6 PIM-SM must be enabled on the interface that you want to configure as a C-BSR. Examples # Configure the interface with an IPv6 address of 1101::1 as a C-BSR. system-view [Sysname] pim ipv6 [Sysname-pim6] c-bsr 1101::1 Related commands • c-bsr hash-length • c-bsr priority • c-rp • pim ipv6 sm c-bsr admin-scope (IPv6 PIM view) Use c-bsr admin-scope to enable IPv6 administrative scoping. Use undo c-bsr admin-scope to disable IPv6 administrative scoping.
Syntax c-bsr hash-length hash-length undo c-bsr hash-length Default The Hash mask length is 126. Views IPv6 PIM view Default command level 2: System level Parameters hash-length: Specifies a hash mask length, in the range of 0 to 128. Examples # Set the global Hash mask length to 16.
[Sysname] pim ipv6 [Sysname-pim6] c-bsr holdtime 150 Related commands • c-bsr • c-bsr interval c-bsr interval (IPv6 PIM view) Use c-bsr interval to configure the BS period, namely, the interval at which the BSR sends bootstrap messages. Use undo c-bsr interval to restore the default. Syntax c-bsr interval interval undo c-bsr interval Default This formula determines the BS period value: BS period = (BS timeout – 10) / 2.
Default The C-BSR priority is 64. Views IPv6 PIM view Default command level 2: System level Parameters priority: Specifies the priority of the C-BSR, in the range of 0 to 255. A larger value indicates a higher priority. Examples # Set the global C-BSR priority to 5. system-view [Sysname] pim ipv6 [Sysname-pim6] c-bsr priority 5 Related commands c-bsr c-bsr scope Use c-bsr scope to configure the C-BSR in the IPv6 admin-scoped zone. Use undo c-bsr scope to remove the C-BSR configuration.
priority: Priority of the C-BSR in the IPv6 admin-scoped zone indicated by the Scope value, in the range of 0 to 255. A larger value indicates a higher priority. If you do not specify this argument, the corresponding global setting is used. Examples # Configure local device as the C-BSR of the IPv6 admin-scoped zone with the Scope value being 14 and set the C-BSR priority to 10.
Usage guidelines You must enable IPv6 PIM-SM on the interface that you want to configure as a C-RP. If you do not specify an IPv6 multicast group range for the C-RP, the C-RP serves all IPv6 multicast groups in the IPv6 non-scoped zone, or it serves IPv6 multicast groups in the IPv6 global-scoped zone if IPv6 administrative scoping is configured.
Related commands c-rp c-rp holdtime (IPv6 PIM view) Use c-rp holdtime to configure the global C-RP timeout timer, namely, the time that the BSR waits for a C-RP-Adv message from C-RPs. Use undo c-rp holdtime to restore the default. Syntax c-rp holdtime interval undo c-rp holdtime Default The C-RP timeout timer is 150 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a C-RP timeout timer in seconds. The value ranges from 1 to 65535.
undo crp-policy Default No restrictions are defined for C-RP address ranges and the address ranges of served groups. Namely, all received C-RP messages are regarded legal. Views IPv6 PIM view Default command level 2: System level Parameters acl6-number: Advanced IPv6 ACL number, in the range of 3000 to 3999.
Default command level 1: Monitor level Parameters |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
Field Description Candidate BSR Address Address of the candidate BSR. Priority BSR priority. Hash mask length Hash mask length. State BSR state. Scope Scope of the BSR. Uptime Length of time since this BSR was elected. Next BSR message scheduled at Remaining time of this BSR. Candidate RP Address of the C-RP. Priority Priority of the C-RP. HoldTime Timeout time of the C-RP. Advertisement Interval Interval between C-RP-Adv messages.
Usage guidelines If an (S, G) is marked SPT, this (S, G) entry uses an IPv6 unicast route. Examples # Display information about all IPv6 unicast routes that IPv6 PIM uses.
Parameters probe: Displays the number of null register messages. register: Specifies register messages. register-stop: Specifies register-stop messages. interface-type interface-number: Specifies an interface by its type and number. assert: Specifies assert messages. bsr: Specifies bootstrap messages. crp: Specifies C-RP-Adv messages. graft: Specifies graft messages. graft-ack: Specifies graft-ack messages. hello: Specifies hello messages. join-prune: Specifies join/prune messages.
Table 226 Command output Field Description PIM global control-message counters Statistics of IPv6 PIM global control messages. PIM control-message counters for interface Interface for which IPv6 PIM control messages were counted. Received Number of messages received. Sent Number of messages sent. Invalid Number of invalid messages. Register Register messages. Register-Stop Register-stop messages. Probe Null register messages. Assert Assert messages. Graft Graft messages.
Examples # Display information about unacknowledged IPv6 PIM-DM graft messages. display pim ipv6 grafts Source Group Age RetransmitIn 1004::2 ff03::101 00:00:24 00:00:02 Table 227 Command output Field Description Source IPv6 multicast source address in the graft message. Group IPv6 multicast group address in the graft message. Age Time in which the graft message will get aged out, in the format hh:mm:ss.
PIM DR Priority (configured): 1 PIM neighbor count: 1 PIM hello interval: 30 s PIM LAN delay (negotiated): 500 ms PIM LAN delay (configured): 500 ms PIM override interval (negotiated): 2500 ms PIM override interval (configured): 2500 ms PIM neighbor tracking (negotiated): disabled PIM neighbor tracking (configured): disabled PIM generation ID: 0xF5712241 PIM require generation ID: disabled PIM hello hold interval: 105 s PIM assert hold interval: 180 s PIM triggered hello delay: 5 s PIM J/P interval: 60 s PI
Field Description PIM J/P interval Join/prune interval. PIM J/P hold interval Join/prune timeout timer. PIM BSR domain border Whether PIM domain border is enabled. Number of routers on network not using DR priority Number of routers not using the DR priority field on the subnet where the interface resides. Number of routers on network not using LAN delay Number of routers not using the LAN delay field on the subnet where the interface resides.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Examples # Display the information of join/prune messages to send in the IPv6 PIM-SM mode.
Examples # Display information about all IPv6 PIM neighbors. display pim ipv6 neighbor Total Number of Neighbors = 2 Neighbor Interface Uptime Expires Dr-Priority Mode FE80::A01:101:1 GE0/1 02:50:49 00:01:31 1 B FE80::A01:102:1 GE0/2 02:49:39 00:01:42 1 B # Display the detailed information of the IPv6 PIM neighbor whose IPv6 address is FE80::A01:101:1.
Field Description Neighbor Secondary Address(es) Secondary IPv6 address of the PIM neighbor (non-link-local address). display pim ipv6 routing-table Use display pim ipv6 routing-table to display IPv6 PIM routing table information.
• ext: Specifies IPv6 routing entries containing outgoing interfaces provided by other IPv6 multicast routing protocols. • loc: Specifies IPv6 multicast routing entries on that devices that directly connect to the same subnet as the IPv6 multicast source. • niif: Specifies IPv6 multicast routing entries containing unknown incoming interfaces. • nonbr: Specifies routing entries with IPv6 PIM neighbor searching failure.
RP: FE80::A01:100:1 Protocol: pim-sm, Flag: SPT LOC ACT UpTime: 02:54:43 Upstream interface: GigabitEthernet0/1 Upstream neighbor: NULL RPF prime neighbor: NULL Join/Prune FSM: [SPT: J] [RPT: NP] Downstream interface(s) information: Total number of downstreams: 1 1: GigabitEthernet0/2 Protocol: pim-sm, UpTime: 02:54:43, Expires: 00:02:47 DR state: [DR] Join/Prune FSM: [NI] Assert FSM: [NI] FSM information for non-downstream interfaces: None Table 231 Command output Field Description Total 0 (*, G) entry;
Field Description RPF neighbor of the (S, G) or (*, G) entry: RPF prime neighbor • For a (*, G) entry, if this router is the RP, the RPF neighbor of this (*, G) entry is NULL. • For a (S, G) entry, if this router directly connects to the IPv6 multicast source, the RPF neighbor of this (S, G) entry is NULL. Information of the downstream interfaces, including: Downstream interface(s) information • • • • • Number of downstream interfaces. Downstream interface name.
display pim ipv6 rp-info ff0e::101 PIM-SM BSR RP information: prefix/prefix length: FF0E::101/64 [B] RP: 2004::2 Priority: 192 HoldTime: 130 Uptime: 00:05:19 Expires: 00:02:11 Table 232 Command output Field Description prefix/prefix length IPv6 multicast group served by the RP. RP IPv6 address of the RP. Priority RP priority. HoldTime Timeout time of the RP. Uptime Length of time since the RP was elected. Expires Remaining time of the RP.
When you use the undo embedded-rp command without specifying acl6-number, the embedded RP feature is disabled for all the IPv6 multicast groups. If you specify acl6-number, this command will restore the default. Examples # Enable embedded RP for only those IPv6 multicast groups in the address scope FF7E:140:20::101/64.
Syntax hello-option holdtime interval undo hello-option holdtime Default The IPv6 PIM neighbor timeout timer is 105 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies an IPv6 PIM neighbor timeout timer in seconds. The value ranges from 1 to 65535. A value of 65535 makes the IPv6 PIM neighbor always reachable. Examples # Set the IPv6 PIM neighbor timeout timer to 120 seconds globally.
[Sysname] pim ipv6 [Sysname-pim6] hello-option lan-delay 200 Related commands • hello-option override-interval • pim ipv6 hello-option lan-delay • pim ipv6 hello-option override-interval hello-option neighbor-tracking (IPv6 PIM view) Use hello-option neighbor-tracking to globally disable join suppression (namely, enable neighbor tracking). Use undo hello-option neighbor-tracking to enable join suppression.
Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a prune override interval in milliseconds. The value ranges from 1 to 65535. Examples # Set the prune override interval to 2000 milliseconds globally.
• pim ipv6 holdtime join-prune holdtime join-prune (IPv6 PIM view) Use holdtime join-prune to configure the global value of the join/prune timeout timer. Use undo holdtime join-prune to restore the default. Syntax holdtime join-prune interval undo holdtime join-prune Default The join/prune timeout timer is 210 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a join/prune timeout timer in seconds. The value ranges from 1 to 65535.
Default command level 2: System level Parameters packet-size: Specifies the maximum size of each join/prune message in bytes. The value ranges from 100 to 64000. Examples # Set the maximum size of each join/prune message to 1500 bytes. system-view [Sysname] pim ipv6 [Sysname-pim6] jp-pkt-size 1500 Related commands jp-queue-size jp-queue-size (IPv6 PIM view) Use jp-queue-size to configure the maximum number of (S, G) entries in each join/prune message.
system-view [Sysname] pim ipv6 [Sysname-pim6] jp-queue-size 2000 Related commands • holdtime join-prune • jp-pkt-size • pim ipv6 holdtime join-prune pim ipv6 Use pim ipv6 to enter IPv6 PIM view. Use undo pim ipv6 to remove all configurations in IPv6 PIM view. Syntax pim ipv6 undo pim ipv6 Views System view Default command level 2: System level Usage guidelines IPv6 multicast routing must be enabled on the device before this command can take effect.
Views Interface view Default command level 2: System level Examples # Configure GigabitEthernet 0/1 as a PIM domain border. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim ipv6 bsr-boundary Related commands • c-bsr • multicast ipv6 boundary pim ipv6 dm Use pim ipv6 dm to enable IPv6 PIM-DM. Use undo pim ipv6 dm to disable IPv6 PIM-DM. Syntax pim ipv6 dm undo pim ipv6 dm Default IPv6 PIM-DM is disabled.
pim ipv6 hello-option dr-priority Use pim ipv6 hello-option dr-priority to configure the router priority for DR election on the current interface. Use undo pim ipv6 hello-option dr-priority to restore the default. Syntax pim ipv6 hello-option dr-priority priority undo pim ipv6 hello-option dr-priority Default The router priority for DR election is 1.
Parameters interval: Specifies an IPv6 PIM neighbor timeout timer in seconds. The value ranges from 1 to 65535. A value of 65535 makes the PIM neighbor always reachable. Examples # Set the IPv6 PIM neighbor timeout timer to 120 seconds on GigabitEthernet 0/1.
pim ipv6 hello-option neighbor-tracking Use pim ipv6 hello-option neighbor-tracking to disable join suppression (namely, enable neighbor tracking) on the current interface. Use undo pim ipv6 hello-option neighbor-tracking to enable join suppression. Syntax pim ipv6 hello-option neighbor-tracking undo pim ipv6 hello-option neighbor-tracking Default Join suppression is enabled. Namely, neighbor tracking is disabled.
Examples # Set the prune override interval to 2000 milliseconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0//1 [Sysname-GigabitEthernet0/1] pim ipv6 hello-option override-interval 2000 Related commands • hello-option lan-delay • hello-option override-interval • pim ipv6 hello-option lan-delay pim ipv6 holdtime assert Use pim ipv6 holdtime assert to configure the assert timeout timer on the current interface.
Syntax pim ipv6 holdtime join-prune interval undo pim ipv6 holdtime join-prune Default The join/prune timeout timer is 210 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies a join/prune timeout timer in seconds. The value ranges from 1 to 65535. Examples # Set the join/prune timeout timer to 280 seconds on GigabitEthernet 0/1.
Parameters acl6-number: Specifies a basic IPv6 ACL number, in the range of 2000 to 2999. When the IPv6 ACL is defined, the source keyword in the rule command specifies a legal source address range for hello messages. Examples # Configure a legal source address range for hello messages on GigabitEthernet 0/1 so that only the devices on the FE80:101::101/64 subnet can become PIM neighbors of this router.
Default IPv6 PIM-SM is disabled. Views Interface view Default command level 2: System level Usage guidelines This command can take effect only after IPv6 multicast routing is enabled on the device. Examples # Enable IPv6 multicast routing, and enable IPv6 PIM-SM on GigabitEthernet 0/1.
• state-refresh-rate-limit pim ipv6 timer graft-retry Use pim ipv6 timer graft-retry to configure the graft retry period. Use undo pim ipv6 timer graft-retry to restore the default. Syntax pim ipv6 timer graft-retry interval undo pim ipv6 timer graft-retry Default The graft retry period is 3 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies a graft retry period in seconds. The value ranges from 1 to 65535.
Examples # Set the hello interval to 40 seconds on GigabitEthernet 0/1. system-view [Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] pim ipv6 timer hello 40 Related commands timer hello pim ipv6 timer join-prune Use pim ipv6 timer join-prune to configure the interval at which join/prune messages are sent on the current interface. Use undo pim ipv6 timer join-prune to restore the default.
Default The maximum delay between hello messages is 5 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies the maximum delay in seconds between hello messages. The value ranges from 1 to 60. Examples # Set the maximum delay between hello messages to 3 seconds on GigabitEthernet 0/1.
prune delay (IPv6 PIM view) Use prune delay to set the prune delay timer (namely, the time that the device waits between receiving a prune message and taking a prune action). Use undo prune delay to restore the default. Syntax prune delay interval undo prune delay Default No prune delay timer is set. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a prune delay timer in seconds, in the range 1 to 128.
Examples # Configure a register filtering policy on the RP so that the RP can accept only those register messages from IPv6 multicast sources on the 3:1::/64 subnet for IPv6 multicast groups on the FF0E:13::/64 subnet.
Syntax register-whole-checksum undo register-whole-checksum Default The checksum is calculated based only on the header in the register message. Views IPv6 PIM view Default command level 2: System level Examples # Configure the router to calculate the checksum based on the entire register message.
Syntax source-lifetime interval undo source-lifetime Default The lifetime of an IPv6 multicast source is 210 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies an IPv6 multicast source lifetime in seconds. The value ranges from 1 to 31536000. Examples # Set the IPv6 multicast source lifetime to 200 seconds.
Examples # Configure the router to accept IPv6 multicast packets originated from 3121::1 and discard IPv6 multicast packets originated from 3121::2.
group-policy list. If you do not include the order order-value option in your command, the ACL is appended to the end of the group-policy list. If you use this command multiple times on the same IPv6 multicast group, the first traffic rate configuration matched in sequence takes effect. Examples # Disable the switchover to SPT. system-view [Sysname] pim ipv6 [Sysname-pim6] spt-switch-threshold infinity ssm-policy (IPv6 PIM view) Use ssm-policy to configure the IPv6 SSM group range.
Syntax state-refresh-hoplimit hoplimit-value undo state-refresh-hoplimit Default The hop limit for state refresh messages is 255. Views IPv6 PIM view Default command level 2: System level Parameters hoplimit-value: Specifies a hop limit for state refresh messages, in the range of 1 to 255. Examples # Set the hop limit for state refresh messages to 45.
system-view [Sysname] pim ipv6 [Sysname-pim6] state-refresh-interval 70 Related commands • pim ipv6 state-refresh-capable • state-refresh-hoplimit • state-refresh-rate-limit state-refresh-rate-limit (IPv6 PIM view) Use state-refresh-rate-limit to configure the time that the device waits before receiving a new state refresh message. Use undo state-refresh-rate-limit to restore the default.
Syntax static-rp ipv6-rp-address [ acl6-number ] [ preferred ] undo static-rp ipv6-rp-address Default No static RP is configured. Views IPv6 PIM view Default command level 2: System level Parameters ipv6-rp-address: Specifies the IPv6 address of the static RP to be configured. This address must be a real, valid, globally scoped IPv6 unicast address. acl6-number: Specifies a basic IPv6 ACL number, in the range of 2000 to 2999.
timer hello (IPv6 PIM view) Use timer hello to configure the hello interval globally. Use undo timer hello to restore the default. Syntax timer hello interval undo timer hello Default Hello messages are sent at the interval of 30 seconds. Views IPv6 PIM view Default command level 2: System level Parameters interval: Specifies a hello interval in seconds. The value ranges from 1 to 2147483647. Examples # Set the global hello interval to 40 seconds.
Examples # Set the global join/prune interval to 80 seconds.
MLD commands The term "router" in this document refers to both routers and routing-capable firewalls. display mld group Use display mld group to display MLD group information.
Expires: 00:01:30 Last reporter: FE80::10 Last-listener-query-counter: 0 Last-listener-query-timer-expiry: off Group mode: include Version1-host-present-timer-expiry: off Table 233 Command output Field Description Interface group report information MLD group information on the interface. Total 1 MLD Groups reported One MLD group was reported. Group IPv6 multicast group address. Uptime Length of time since the IPV6 multicast group was joined.
group ipv6-group-address: Specifies an IPv6 multicast group. The value of ipv6-group-address is in the range of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16, and FF0y::), where x and y represent any hexadecimal number in the range of 0 to F. source ipv6-source-address: Specifies an IPv6 multicast source. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Parameters interface-type interface-number: Specifies an interface by its type and number. If you do not specify any interface, this command displays information about all interfaces that runs MLD. verbose: Displays detailed MLD configuration and operation information. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Table 235 Command output Field Description GigabitEthernet0/1(FE80::200:AFF:FE01:101) Interface and IPv6 link-local address. Current MLD version MLD version running on the interface. Value of query interval for MLD (in seconds) MLD query interval, in seconds. Value of other querier present interval for MLD (in seconds) MLD other querier present interval, in seconds. Value of maximum query response time for MLD (in seconds) Maximum response delay for general query messages (in seconds).
Views Any view Default command level 1: Monitor level Parameters ipv6-group-address: Specifies an MLD proxying group. The group address is in the form of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16, through FF0y::), where x and y represent any hexadecimal number in the range of 0 to F. If this argument is not specified, this command displays information about all MLD proxying groups. verbose: Displays the detailed MLD proxying group information.
Field Description IPv6 multicast source filtering modes: Group mode Source list • Include. • Exclude. A list of IPv6 multicast sources that the hosts want to receive information from. display mld routing-table Use display mld routing-table to display information about the MLD routing table.
List of 1 downstream interface GigabitEthernet0/1 (FE80::200:5EFF:FE71:3800), Protocol: MLD 00002. (100::1, FF1E::101), Flag: ACT List of 1 downstream interface in include mode GigabitEthernet0/2 (FE80::100:5E16:FEC0:1010), Protocol: MLD Table 237 Command output Field Description Routing table MLD routing table. 00001 Sequence number of this (*, G) entry. (*, FF1E::101) An (*, G) entry in the MLD routing table.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
interface-type interface-number: Specifies an interface by its type and number. If you do not specify any interface, this command displays the multicast group information created based on the configured MLD SSM mappings on all interfaces. verbose: Displays the detailed multicast group information created based on the configured MLD SSM mappings. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide.
Field Description Source IPv6 multicast source address. Last-listener-query-counter Number of MLD last listener queries sent. Last-listener-query-timer-expiry Remaining time of the MLD last listener query timer, where "off" means that the timer never expires. display mld ssm-mapping host interface Use display mld ssm-mapping host interface to display information about the hosts that join based on the MLD SSM mappings on the specified interface.
Table 240 Command output Field Description GigabitEthernet0/1(1::1) Interface and IPv6 address. (10::1, FF1E::101) (S, G) entry. Host Host IPv6 address. Uptime Host running duration. Expires Host expiration time, where timeout means that the host has expired. fast-leave (MLD view) Use fast-leave to configure MLD fast-leave processing globally. Use undo fast-leave to disable MLD fast-leave processing globally.
Use undo host-tracking to disable the MLD host tracking function globally. Syntax host-tracking undo host-tracking Default This function is disabled. Views MLD view Default command level 2: System level Examples # Enable the MLD host tracking function globally. system-view [Sysname] mld [Sysname-mld] host-tracking Related commands mld host-tracking. last-listener-query-interval (MLD view) Use last-listener-query-interval to configure the MLD last listener query interval globally.
Related commands • display mld interface • mld last-listener-query-interval • robust-count max-response-time (MLD view) Use max-response-time to configure the maximum response time for MLD general queries globally. Use undo max-response-time to restore the default. Syntax max-response-time interval undo max-response-time Default The maximum response delay for MLD general queries is 10 seconds.
Views System view Default command level 2: System level Usage guidelines This command can take effect only after IPv6 multicast routing is enabled on the device. Examples # Enable IPv6 multicast routing and enter MLD view. system-view [Sysname] multicast ipv6 routing-enable [Sysname] mld [Sysname-mld] Related commands • mld enable • multicast ipv6 routing-enable mld enable Use mld enable to enable MLD on the current interface. Use undo mld enable to disable MLD on the current interface.
Related commands • mld • multicast ipv6 routing-enable mld fast-leave Use mld fast-leave to configure MLD fast-leave processing on the current interface. Use undo mld fast-leave to disable MLD fast-leave processing on the current interface. Syntax mld fast-leave [ group-policy acl6-number ] undo mld fast-leave Default MLD fast-leave processing is disabled.
Syntax mld group-limit limit undo mld group-limit Default The maximum number of IPv6 multicast groups that an interface can join is 4096. Views Interface view Default command level 2: System level Parameters limit: Specifies the maximum number of IPv6 multicast groups that an interface can join. The value ranges from 1 to 4096. Usage guidelines This command is effective only for dynamically joined IPv6 multicast groups but not statically joined IPv6 multicast groups.
Views Interface view Default command level 2: System level Parameters acl6-number: Specifies a basic or advanced IPv6 ACL, in the range of 2000 to 3999. A host can join only the IPv6 multicast groups that match the permit statement in the ACL. The source address or address range specified in the advanced IPv6 ACL rule is the IPv6 multicast source address or addresses specified in MLDv2 reports, rather than the source address in the IPv6 packets.
[Sysname] interface gigabitethernet 0/1 [Sysname-GigabitEthernet0/1] mld host-tracking Related commands host-tracking mld last-listener-query-interval Use mld last-listener-query-interval to configure the MLD last listener query interval on the current interface. Use undo mld last-listener-query-interval to restore the default. Syntax mld last-listener-query-interval interval undo mld last-listener-query-interval Default The MLD last listener query interval is 1 second.
Default The maximum response delay for MLD general query messages is 10 seconds. Views Interface view Default command level 2: System level Parameters interval: Specifies the maximum response time for MLD general query messages in seconds, in the range of 1 to 25. Usage guidelines The maximum response time determines the time which the device takes to detect directly attached group members in the LAN.
If MLD proxying is enabled on a loopback interface, the proxy device maintains only the MLD routing table without adding the MLD routes to the multicast routing table and forwarding table. Examples # Enable IPv6 multicast routing and enable MLD proxying on GigabitEthernet 0/1.
Default The device does not check the Router-Alert option. That is, it forwards all received MLD messages to the upper layer protocol for processing. Views Interface view Default command level 2: System level Examples # Configure GigabitEthernet 0/1 to discard MLD messages without the Router-Alert option.
• The number of multicast-address-and-source-specific queries the MLDv2 querier sends after receiving an MLD report that indicates relation changes between IPv6 multicast groups and IPv6 multicast sources. Examples # Set the MLD querier's robustness variable to 3 on GigabitEthernet 0/1.
mld ssm-mapping enable Use mld ssm-mapping enable to enable the MLD SSM mapping feature on the current interface. Use undo mld ssm-mapping enable to disable the MLD SSM mapping feature on the current interface. Syntax mld ssm-mapping enable undo mld ssm-mapping enable Default The MLD SSM mapping feature is disabled on all interfaces. Views Interface view Default command level 2: System level Examples # Enable the MLD SSM mapping feature on GigabitEthernet 0/1.
[Sysname-GigabitEthernet0/1] mld startup-query-count 3 Related commands • mld robust-count • startup-query-count mld startup-query-interval Use mld startup-query-interval to configure the startup query interval on the current interface. Use undo mld startup-query-interval to restore the default. Syntax mld startup-query-interval interval undo mld startup-query-interval Default The startup query interval is 1/4 of the MLD query interval.
Default An interface is not a static member of any IPv6 multicast group or IPv6 multicast source and group. Views Interface view Default command level 2: System level Parameters ipv6-group-address: Specifies an IPv6 multicast group, in the range of FFxy::/16 (excluding FFx0::/16, FFx1::/16, FFx2::/16, and FF0y::), where x and y represent any hexadecimal number in the range of 0 to F. ipv6-source-address: Specifies an IPv6 multicast source.
Views Interface view Default command level 2: System level Parameters interval: Specifies an MLD other querier present interval in seconds, in the range of 60 to 300. Examples # Set the MLD other querier present interval to 200 seconds on GigabitEthernet 0/1.
Related commands • display mld interface • mld timer other-querier-present • timer query mld version Use mld version to configure the MLD version on the current interface. Use undo mld version to restore the default MLD version. Syntax mld version version-number undo mld version Default The MLD version is MLDv1. Views Interface view Default command level 2: System level Parameters version-number: Specifies an MLD version, 1 or 2. Examples # Set the MLD version to MLDv2 on GigabitEthernet 0/1.
Views MLD view Default command level 2: System level Examples # Configure the device to discard MLD messages without the Router-Alert option. system-view [Sysname] mld [Sysname-mld] require-router-alert Related commands • mld require-router-alert • send-router-alert reset mld group Use reset mld group to remove the dynamic group entries of a specified MLD group or all MLD groups.
reset mld group interface gigabitethernet 0/1 ff03::101:10 Related commands display mld group reset mld ssm-mapping group Use reset mld ssm-mapping group to clear IPv6 multicast group information created based on the configured MLD SSM mappings.
Default The MLD querier's robustness variable is 2. Views MLD view Default command level 2: System level Parameters robust-value: Specifies an MLD querier's robustness variable, in the range of 2 to 5. Usage guidelines The MLD querier's robustness variable defines the maximum number of attempts for transmitting MLD general queries, multicast-address-specific queries, or multicast-address-and-source-specific queries in case of packet loss due to network problems.
undo send-router-alert Default MLD messages carry the Router-Alert option. Views MLD view Default command level 2: System level Examples # Disable insertion of the Router-Alert option into MLD messages to be sent. system-view [Sysname] mld [Sysname-mld] undo send-router-alert Related commands • mld send-router-alert • require-router-alert ssm-mapping (MLD view) Use ssm-mapping to configure an MLD SSM mapping. Use undo ssm-mapping to remove one or all MLD SSM mappings.
[Sysname] mld [Sysname-mld] ssm-mapping ff1e:: 64 1::1 Related commands • display mld ssm-mapping • mld ssm-mapping enable startup-query-count (MLD view) Use startup-query-count to configure the startup query count globally. Use undo startup-query-count to restore the default. Syntax startup-query-count value undo startup-query-count Default The startup query count is set to the MLD querier's robustness variable.
Default The startup query interval is 1/4 of the "MLD query interval". Views MLD view Default command level 2: System level Parameters interval: Specifies a startup query interval in seconds, namely, the interval between general queries that the MLD querier sends on startup, in the range of 1 to 18000. Examples # Set the startup query interval to 5 seconds globally.
Related commands • display mld interface • max-response-time • mld timer other-querier-present • robust-count • timer query timer query (MLD view) Use timer query to configure the MLD query interval globally. Use undo timer query to restore the default. Syntax timer query interval undo timer query Default The MLD query interval is 125 seconds.
undo version Default The MLD version is MLDv1. Views MLD view Default command level 2: System level Parameters version-number: Specifies an MLD version number, 1 or 2. Examples # Set the MLD version to MLDv2 globally.
Routing policy commands The common routing policy configuration commands are applicable to both IPv4 and IPv6. The term "router" in this document refers to both routers and routing-capable firewalls and firewall modules. Common routing policy commands apply as-path Use apply as-path to apply the specified AS numbers to BGP routes. Use undo apply as-path to remove the clause configuration. Syntax apply as-path as-number&<1-10> [ replace ] undo apply as-path Default No AS_PATH attribute is set.
apply comm-list delete Use apply comm-list delete to delete the COMMUNITY attributes specified by a community list from BGP routes. Use undo apply comm-list to remove the clause configuration. Syntax apply comm-list { comm-list-number | comm-list-name } delete undo apply comm-list Default No COMMUNITY attributes are removed from BGP routes.
Default command level 2: System level Parameters none: Removes the COMMUNITY attributes of BGP routes. community-number: Community sequence number, in the range of 1 to 4294967295. aa:nn: Community number. Both aa and nn are in the range of 0 to 65535. &<1-16>: Indicates that the argument before it can be entered up to 16 times. internet: Sets the INTERNET community attribute for BGP routes. Routes with this attribute can be advertised to all BGP peers.
Default command level 2: System level Parameters +: Increases a cost value. -: Decreases a cost value. value: Cost in the range of 0 to 4294967295. Examples # Configure node 10 in permit mode of routing policy policy1. Set a cost of 120 for routing information whose outbound interface is GigabitEthernet 0/1.
Hardware Compatibility 20-Gbps VPN firewall modules No type-1: Sets the cost type to Type-1 external route of OSPF. type-2: Sets the cost type to Type-2 external route of OSPF. Usage guidelines When used for IS-IS, the apply cost-type internal command sets the cost type of a matching IS-IS route to IS-IS internal route.
32-bit AS number: 16-bit self-defined number, for example, 70000:3. The AS number must be no less than 65536. • &<1-16>: Indicates that the argument before it can be entered up to 16 times. additive: Adds the specified attribute to the original RT community attribute. Examples # Configure node 10 in permit mode of routing policy policy1. If a BGP route matches AS path list 1, add the RT extended community attribute 100:2 to the route.
Hardware Compatibility F1000-E No F5000 Yes F5000-S/F5000-C No VPN firewall modules No 20-Gbps VPN firewall modules No Examples # Configure node 10 in permit mode of routing policy policy1. If a route has a tag of 8, redistribute the route to IS-IS level-2. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match tag 8 [Sysname-route-policy] apply isis level-2 apply ip-precedence Use apply ip-precedence to set an IP precedence for matching routes.
apply local-preference Use apply local-preference to configure the specified local preference for BGP routes. Use undo apply local-preference to remove the clause configuration. Syntax apply local-preference preference undo apply local-preference Default No local preference is configured for BGP routing information. Views Routing policy view Default command level 2: System level Parameters preference: Local preference for BGP routes, in the range of 0 to 4294967295.
as-number: Specifies an AS number for EGP routes, in the range of 1 to 4294967295. igp: Sets the ORIGIN attribute of BGP routing information to IGP. incomplete: Sets the ORIGIN attribute of BGP routing information to unknown. Examples # Configure node 10 in permit mode of routing policy policy1. If BGP routing information matches AS path list 1, set the ORIGIN attribute of the routing information to IGP.
Use undo apply preferred-value to remove the clause configuration. Syntax apply preferred-value preferred-value undo apply preferred-value Default No preferred value is set for BGP routes. Views Routing policy view Default command level 2: System level Parameters preferred-value: Preferred value, in the range of 0 to 65535. Examples # Configure node 10 in permit mode of routing policy policy1. Set a preferred value of 66 for BGP routing information matching AS path list 1.
Examples # Configure node 10 in permit mode of routing policy policy1. Set a tag of 100 for OSPF external routes. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match route-type external-type1 [Sysname-route-policy] apply tag 100 continue Use continue to specify the next node to be matched. Use undo continue to remove the configuration. Syntax continue [ node-number ] undo continue Default No next node is specified.
Parameters as-path-number: Specifies an AS path list by its number, in the range of 1 to 256. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
adv-community-list-number: Specifies an advanced community list by its number, in the range of 100 to 199. comm-list-name: Specifies a community list by its name, a string of 1 to 31 characters, which can contain letters, numbers, and signs. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters. Usage guidelines If the ext-comm-list-number argument is not specified, this command displays all BGP extended community list information. Examples # Display the information of BGP extended community list 1.
Table 242 Command output. Field Description Route-policy Routing policy name. Permit Match mode: permit or deny. if-match ip-prefix abc Match criterion. apply cost 120 If the criterion is matched, set a cost of 120 for routing information. Related commands route-policy if-match as-path Use if-match as-path to specify AS path lists for matching against the AS_PATH attribute of BGP routing information. Use undo if-match as-path to remove the match criterion.
if-match community Use if-match community to match BGP routes whose COMMUNITY attributes matches a specified community list. Use undo if-match community to remove the match criterion. Syntax if-match community { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number }&<1-16> undo if-match community [ { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number ]&<1-16> Default No community list match criterion is configured.
undo if-match cost Default No cost match criterion is configured. Views Routing policy view Default command level 2: System level Parameters value: Specifies a cost in the range of 0 to 4294967295. Examples # Configure node 10 in permit mode of routing policy policy1 to permit routing information with a cost of 8.
if-match interface Use if-match interface to specify interfaces for matching against the outbound interface of routing information. Use undo if-match interface to remove the match criterion. Syntax if-match interface { interface-type interface-number }&<1-16> undo if-match interface [ interface-type interface-number ]&<1-16> Default No match criterion is configured.
Default command level 2: System level Parameters external-type1: Matches OSPF Type 1 external routes. external-type1or2: Matches OSPF Type 1 or 2 external routes. external-type2: Matches OSPF Type 2 external routes. internal: Matches internal routes (OSPF intra-area and inter-area routes). is-is-level-1: Matches IS-IS Level-1 routes. is-is-level-2: Matches IS-IS Level-2 routes.
Default command level 2: System level Parameters value: Specifies a tag in the range of 0 to 4294967295. Usage guidelines Only F5000 firewalls support this command. Examples # Configure node 10 in permit mode of routing policy policy1 to match RIP and OSPF routing information having a tag of 8. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy-policy1-10] if-match tag 8 ip as-path Use ip as-path to create an AS path list.
ip community-list Use ip community-list to configure a community list entry. Use undo ip community-list to remove a community list or entry.
no-export-subconfed: Specifies the NO_EXPORT_SUBCONFED community attribute. Routes with this attribute cannot be advertised out of the local AS, or to other sub ASs in the confederation. Examples # Configure basic community list 1 to permit routing information with the INTERNET community attribute. system-view [Sysname] ip community-list 1 permit internet # Configure advanced community list 100 to permit routing information with the COMMUNITY attribute starting with 10.
# Define extended community list 2 to permit routing information with SoO 100:100. system-view [Sysname] ip extcommunity-list 2 permit soo 100:100 route-policy Use route-policy to create a routing policy and a node for it, and enter routing policy view. Use undo route-policy to remove a routing policy or a node for it.
IPv4 routing policy commands apply ip-address next-hop Use apply ip-address next-hop to set a next hop for IPv4 routing information. Use undo apply ip-address next-hop to remove the clause configuration. Syntax apply ip-address next-hop ip-address undo apply ip-address next-hop Default No next hop is set for IPv4 routing information. Views Routing policy view Default command level 2: System level Parameters ip-address: IP address of the next hop.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Views Routing policy view Default command level 2: System level Parameters acl-number: ACL number from 2000 to 3999. Examples # Configure node 10 of routing policy policy1 to permit routes matching ACL 2000. system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match acl 2000 if-match ip Use if-match ip to configure a next hop or source address match criterion for IPv4 routes. Use undo if-match ip to remove the match criterion.
Use undo if-match ip-prefix to remove the match criterion. Syntax if-match ip-prefix ip-prefix-name undo if-match ip-prefix Default No IP prefix list based match criterion is configured. Views Routing policy view Default command level 2: System level Parameters ip-prefix-name: Matches an IP prefix list with a name being a string of 1 to 19 characters. Examples # Configure node 10 of routing policy policy2 to permit routes whose destination address matches IP prefix list p1.
deny: Specifies the deny mode. If a route matches the item, the route is denied without matching against the next item; if not, the route matches against the next item (suppose the IPv4 prefix list has multiple items). permit: Specifies the permit mode. If a route matches the item, it passes the IPv4 prefix list. If not, it matches against the next item (suppose the IPv4 prefix list has multiple items). ip-address mask-length: Specifies an IPv4 prefix and mask length.
Examples # Clear the statistics for IPv4 prefix list abc. reset ip ip-prefix abc IPv6 routing policy commands apply ipv6 next-hop Use apply ipv6 next-hop to configure a next hop for IPv6 routes. Use undo apply ipv6 next-hop to remove the clause configuration. Syntax apply ipv6 next-hop ipv6-address undo apply ipv6 next-hop Default No next hop address is configured for IPv6 routing information.
Default command level 1: Monitor level Parameters ipv6-prefix-name: Specifies an IPv6 prefix list by its name, a string of 1 to 19 characters. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
undo if-match ipv6 { address | next-hop | route-source } [ acl | prefix-list ] Default No IPv6 prefix list match criterion is configured. Views Routing policy view Default command level 2: System level Parameters address: Matches the destination address of IPv6 routing information. next-hop: Matches the next hop of IPv6 routing information. route-source: Matches the source address of IPv6 routing information.
index-number: Specifies an index number for the item, in the range of 1 to 65535. An item with a smaller index-number will be matched first. deny: Specifies the deny mode. If a route matches the item, the route is denied without matching against the next item. If not, the route matches against the next item (suppose the IPv6 prefix list has multiple items). permit: Specifies the permit mode. If a route matches the item, it passes the IPv4 prefix list.
Parameters ipv6-prefix-name: Specifies an IPv6 prefix list by its name, a string of 1 to 19 characters. Usage guidelines If no name is specified, this command clears the statistics for all IPv6 prefix lists. Examples # Clear the statistics for IPv6 prefix list abc.
SSL commands The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide. ciphersuite Use ciphersuite to specify the cipher suites for an SSL server policy to support.
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit RC4, and the MAC algorithm of SHA.
Usage guidelines If you configure the client-verify enable command and enable the SSL client weak authentication function, whether the client must be authenticated is up to the client. If the client chooses to be authenticated, the client must pass authentication before accessing the SSL server; otherwise, the client can access the SSL server without authentication.
Examples # Enable SSL client weak authentication. system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] client-verify enable [Sysname-ssl-server-policy-policy1] client-verify weaken Related commands • client-verify enable • display ssl server-policy close-mode wait Use close-mode wait to set the SSL connection close mode to wait mode.
Default command level 1: Monitor level Parameters policy-name: SSL client policy name, a case-insensitive string of 1 to 16 characters. all: Displays information about all SSL client policies. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow.
Parameters policy-name: SSL server policy name, a case-insensitive string of 1 to 16 characters. all: Displays information about all SSL server policies. |: Filters command output by specifying a regular expression. For more information about regular expressions, see Getting Started Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression.
Field Description Session Timeout Session timeout time of the SSL server policy, in seconds. Session Cachesize Maximum number of buffered sessions of the SSL server policy. Client-verify Whether the SSL server policy requires the client to be authenticated. handshake timeout Use handshake timeout to set the handshake timeout time for an SSL server policy. Use undo handshake timeout to restore the default.
Default No PKI domain is configured for an SSL server policy or SSL client policy. Views SSL server policy view, SSL client policy view Default command level 2: System level Parameters domain-name: Name of a PKI domain, a case-insensitive string of 1 to 15 characters. Usage guidelines If you do not specify a PKI domain for an SSL server policy, the SSL server generates and signs a certificate for itself rather than obtaining one from a CA server.
Views SSL client policy view Default command level 2: System level Parameters dhe_rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of DH_RSA, the data encryption algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA. dhe_rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of DH_RSA, the data encryption algorithm of 256-bit AES_CBC, and the MAC algorithm of SHA.
server-verify enable Use server-verify enable to enable certificate-based SSL server authentication so that the SSL client authenticates the server by the server’s certificate during the SSL handshake process. Use undo server-verify enable to disable certificate-based SSL server authentication. When certificate-based SSL server authentication is disabled, it is assumed that the SSL server is valid.
Usage guidelines It is a complicated process to use the SSL handshake protocol to negotiate session parameters and establish sessions. To simplify the process, SSL allows reusing negotiated session parameters to establish sessions. This feature requires that the SSL server maintain information about existing sessions. The number of cached sessions and the session information caching time are limited: • If the number of sessions in the cache reaches the maximum, SSL rejects to cache new sessions.
ssl server-policy Use ssl server-policy to create an SSL server policy and enter its view. Use undo ssl server-policy to delete a specified SSL server policy or all SSL server policies. Syntax ssl server-policy policy-name undo ssl server-policy { policy-name | all } Views System view Default command level 2: System level Parameters policy-name: SSL server policy name, a case-insensitive string of 1 to 16 characters. It cannot be "a", "al", or "all". all: Specifies all SSL server policies.
Default The SSL protocol version for an SSL client policy is TLS 1.0. Views SSL client policy view Default command level 2: System level Parameters ssl3.0: Specifies SSL 3.0. tls1.0: Specifies TLS 1.0. Examples # Specify the SSL protocol version for SSL client policy policy1 as SSL 3.0. system-view [Sysname] ssl client-policy policy1 [Sysname-ssl-client-policy-policy1] version ssl3.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents a security product, such as a firewall, a UTM, or a load-balancing or security card that is installed in a device.
Index ABCDEFGHIJLMNOPQRSTUVW A abr-summary (OSPF area view),308 abr-summary (OSPFv3 area view),803 active region-configuration,75 address range,733 arp timer aging,227 asbr-summary,309 authentication-mode,310 auto-cost enable,377 auto-rp enable,608 aggregate,443 B aggregate (IPv6 address family view),860 balance (BGP/BGP-VPN instance view),444 apply as-path,1056 apply comm-list delete,1057 balance (IPv6 address family view/IPv6 BGP-VPN instance view),861 apply community,1057 bandwidth-reference,804
c-bsr admin-scope (IPv6 PIM view),968 ddns policy,219 c-bsr admin-scope (PIM view),610 default,47 c-bsr global,611 default,30 c-bsr group,612 default,312 c-bsr hash-length (IPv6 PIM view),968 default,2 c-bsr hash-length (PIM view),613 default,132 c-bsr holdtime (IPv6 PIM view),969 default cost,805 c-bsr holdtime (PIM view),613 default cost (RIP view),276 c-bsr interval (IPv6 PIM view),970 default cost (RIPng view),782 c-bsr interval (PIM view),614 default ipv4-unicast,453 c-bsr priority
dhcp relay information remote-id string,189 display bgp peer,459 dhcp relay information strategy,190 display bgp peer received ip-prefix,463 dhcp relay release ip,190 display bgp routing-table,464 dhcp relay security refresh enable,192 display bgp routing-table as-path-acl,465 dhcp relay security static,191 display bgp routing-table cidr,466 dhcp relay security tracker,192 display bgp routing-table community,467 dhcp relay server-detect,193 display bgp routing-table community-list,468 dhcp rel
display inline-interfaces,146 display ipv6 pathmtu,693 display interface,3 display ipv6 policy-based-route,945 display interface loopback,31 display ipv6 policy-based-route setup,946 display interface null,34 display ipv6 policy-based-route statistics,947 display interface virtual-template,134 display ipv6 prefix,694 display interface vlan-interface,49 display ipv6 routing-table,931 display ip as-path,1066 display ipv6 routing-table acl,933 display ip community-list,1067 display ipv6 routing-
display multicast ipv6 forwarding-table,954 display pim ipv6 routing-table,986 display multicast ipv6 routing-table,957 display pim ipv6 rp-info,989 display multicast ipv6 rpf-info,958 display pim join-prune,627 display multicast routing-table,557 display pim neighbor,628 display multicast routing-table static,559 display pim routing-table,629 display multicast rpf-info,560 display pim rp-info,633 display ospf abr-asbr,315 display policy-based-route,548 display ospf asbr-summary,316 display p
flow-classification enable,239 dns resolve,214 dns server,215 flow-control,17 dns server ipv6,776 forbidden-ip,169 dns source-interface,215 G dns spoofing,216 gateway-list,170 dns-list,166 gratuitous-arp-learning enable,234 dns-server,747 gratuitous-arp-sending enable,234 Documents,1102 group (BGP/BGP-VPN instance view),480 domain-authentication-mode,405 group (IPv6 address family view),891 domain-name,167 H domain-name,748 ds-lite address,748 handshake timeout,1095 duplex,17 hello-opt
if-match packet-length,549 ip address,54 if-match route-type,1073 ip address,46 if-match tag,1074 ip address bootp-alloc,208 igmp,584 ip address dhcp-alloc,206 igmp enable,584 ip address ppp-negotiate,118 igmp fast-leave,585 ip as-path,1075 igmp group-limit,586 ip community-list,1076 igmp group-policy,587 ip extcommunity-list,1077 igmp host-tracking,588 ip host,217 igmp last-member-query-interval,588 ip ip-prefix,1082 igmp max-response-time,589 ip ipv6-prefix,1086 igmp proxying enable,
ipv6 import-route limit,856 isis timer holding-multiplier,424 ipv6 local policy-based-route,949 isis timer lsp,425 ipv6 maximum load-balancing,856 isis timer retransmit,426 ipv6 mtu,713 is-level,427 ipv6 nd autoconfig managed-address-flag,713 is-name,427 ipv6 nd autoconfig other-flag,714 is-name map,428 ipv6 nd dad attempts,714 ispf enable,347 ipv6 nd hop-limit,715 is-snmp-traps enable,428 ipv6 nd ns retrans-timer,715 J ipv6 nd nud reachable-time,716 ipv6 nd ra halt,717 ipv6 nd ra interval
mdi,26 network,290 mld,1033 network,172 mld enable,1034 network,749 mld fast-leave,1035 network (BGP/BGP-VPN instance view),484 mld group-limit,1035 network (IPv6 address family view/IPv6 BGP-VPN instance view),893 mld group-policy,1036 mld host-tracking,1037 mld last-listener-query-interval,1038 mld max-response-time,1038 network (OSPF area view),351 network ip range,173 network mask,174 mld proxying enable,1039 network short-cut (BGP/BGP-VPN instance view),485 mld proxying forwarding,1040 n
ospfv3 timer poll,841 peer description (BGP/BGP-VPN instance view),497 ospfv3 timer retransmit,840 peer description (IPv6 address family view),905 ospfv3 trans-delay,841 peer ebgp-max-hop (BGP/BGP-VPN instance view),498 output-delay,291 peer ebgp-max-hop (IPv6 address family view),905 P peer enable (BGP/BGP-VPN instance view),499 peer,291 peer enable (IPv6 address family view),906 peer,364 peer fake-as (BGP/BGP-VPN instance view),499 peer advertise-community (BGP/BGP-VPN instance view),485 pe
peer route-policy (BGP/BGP-VPN instance view),511 pim state-refresh-capable,649 peer route-policy (IPv6 address family view),919 pim timer graft-retry,649 peer route-policy (IPv6 BGP-VPN instance view),920 pim timer hello,650 peer route-update-interval (BGP/BGP-VPN instance view),512 pim timer join-prune,650 pim triggered-hello-delay,651 peer route-update-interval (IPv6 address family view),920 policy-based-route,551 peer sa-cache-maximum,677 peer sa-policy,678 peer sa-request-policy,679 peer subs
proxy-arp enable,238 reset dns host,217 proxy-nd enable,725 reset igmp group,600 prune delay (IPv6 PIM view),1009 reset igmp ssm-mapping group,600 prune delay (PIM view),652 reset ip ip-prefix,1083 Q reset ip ipv6-prefix,1087 qos car,258 qos carl,259 qos policy,254 R reset ip routing-table statistics protocol,539 reset ipv6 dhcp client statistics,774 reset ipv6 dhcp relay statistics,768 reset ipv6 dhcp server conflict,757 reset ipv6 dhcp server expired,758 reflect between-clients (BGP view/BGP-V
revision-level,93 silent-interface (RIP view),304 rfc1583 compatible,367 silent-interface(OSPFv3 view),843 rip,293 sip-server,761 rip authentication-mode,294 snmp-agent trap enable ospf,369 rip bfd enable,295 source-lifetime (IPv6 PIM view),1011 rip bfd enable destination,296 source-lifetime (PIM view),655 rip default-route,297 source-policy (IPv6 PIM view),1012 rip input,298 source-policy (PIM view),656 rip metricin,298 speed,24 rip metricout,299 spf timers,844 rip mib-binding,300 spf-
stp loop-protection,99 timer hello (IPv6 PIM view),1018 stp max-hops,100 timer hello (PIM view),661 stp mcheck,101 timer hold,131 stp mode,102 timer join-prune (IPv6 PIM view),1018 stp no-agreement-check,102 timer join-prune (PIM view),662 stp pathcost-standard,103 timer lsp-generation,438 stp point-to-point,104 timer lsp-max-age,439 stp port priority,105 timer lsp-refresh,440 stp priority,106 timer other-querier-present (IGMP view),605 stp region-configuration,106 timer other-querier-pre
