S2350&S5300&S6300 V200R003(C00&C02) Compatible Commands Reference 02

S2350&S5300&S6300 Series Ethernet Switches V200R003(C00&C02) Compatible Commands Reference Issue 02 Date 2013-11-06 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com Email: support@huawei.com Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. i S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference About This Document About This Document Intended Audience This document is intended for: l Data configuration engineers l Commissioning engineers l Network monitoring engineers l System maintenance engineers Symbol Conventions The symbols that may be found in this document are defined as follows. Symbol Description Indicates an imminently hazardous situation which, if not avoided, will result in death or serious injury. Indicates a potentially hazardous situation which, if not avoided, could result in death or serious injury. Indicates a potentially hazardous situation which, if not avoided, may result in minor or moderate injury. Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results. NOTICE is used to address practices not related to personal injury. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. ii S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference About This Document Symbol Description Calls attention to important information, best practices and tips. NOTE NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration. Command Conventions The command conventions that may be found in this document are defined as follows. Convention Description Boldface The keywords of a command line are in boldface. Italic Command arguments are in italics. [] Items (keywords or arguments) in brackets [ ] are optional. { x | y | ... } Optional items are grouped in braces and separated by vertical bars. One item is selected. [ x | y | ... ] Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. { x | y | ... }* Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. [ x | y | ... ]* Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected. &<1-n> The parameter before the & sign can be repeated 1 to n times. # A line starting with the # sign is comments. Interface Numbering Conventions Interface numbers used in this manual are examples. In device configuration, use the existing interface numbers on devices. Security Conventions l Issue 02 (2013-11-06) Password setting Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. iii S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference About This Document – When configuring a password in plain text, the password is saved in the configuration file in plain text. The plain text has high security risks. The cipher text is recommended. To ensure device security, change the password periodically. – When you configure a password in cipher text that starts and ends with %@%@ (the password can be decrypted by the device), the password is displayed in the same manner as the configured one in the configuration file. Do not use this setting. l Encryption algorithm Currently, the device uses the following encryption algorithms: DES, AES, SHA-1, SHA-2, and MD5. DES and AES are reversible, and SHA-1, SHA-2, and MD5 are irreversible. The encryption algorithm depends on actual networking. If protocols are used for interconnection, the locally stored password must be reversible. It is recommended that the irreversible encryption algorithm be used for the administrator password. l Personal data Some personal data may be obtained or used during operation or fault location of your purchased products, services, features, so you have an obligation to make privacy policies and take measures according to the applicable law of the country to protect personal data. Mappings between Product Software Versions and NMS Versions The mappings between product software versions and NMS versions are as follows. Product Software Version iManager U2000 V200R003C00 V100R009C00 V200R003C02 V100R009C10 Change History Changes between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues. Changes in Issue 02 (2013-11-06) V200R003(C00&C02) Some contents are modified according to updates in the product. Changes in Issue 01 (2013-09-29) V200R003C00 Initial commercial release. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. iv S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Contents Contents About This Document.....................................................................................................................ii 1 Basic Configuration Compatible Commands..........................................................................1 1.1 set save-configuration backup-to-server server..............................................................................................................2 1.2 set save-configuration.....................................................................................................................................................3 1.3 super................................................................................................................................................................................4 2 LAN Compatible Commands .....................................................................................................6 2.1 Link Aggregation Compatible Commands ....................................................................................................................7 2.1.1 load-balance.................................................................................................................................................................7 2.1.2 service-type tunnel.......................................................................................................................................................9 2.1.3 l2 field dport..............................................................................................................................................................10 2.1.4 ipv4 field dport..........................................................................................................................................................10 2.1.5 ipv6 field dport..........................................................................................................................................................11 2.1.6 mpls field dport..........................................................................................................................................................12 2.2 MAC Compatible Commands .....................................................................................................................................13 2.2.1 mac-address blackhole(interface view).....................................................................................................................13 2.2.2 mac-address static......................................................................................................................................................14 2.2.3 port-security mac-address sticky enable....................................................................................................................16 2.2.4 port-security maximum..............................................................................................................................................17 2.3 VLAN Compatible Commands ...................................................................................................................................18 2.3.1 port mux-vlan enable.................................................................................................................................................18 2.3.2 port vlan-stacking......................................................................................................................................................19 2.4 L2PT Compatible Commands .....................................................................................................................................21 2.4.1 bpdu-tunnel enable....................................................................................................................................................21 2.4.2 bpdu-tunnel vlan........................................................................................................................................................22 2.5 STP Compatible Commands .......................................................................................................................................23 2.5.1 bpdu filter..................................................................................................................................................................24 2.5.2 stp-snooping enable...................................................................................................................................................25 3 Interface Compatible Commands............................................................................................27 3.1 Ethernet Interface Compatible Commands...................................................................................................................28 3.1.1 port-down holdoff-time.............................................................................................................................................28 3.1.2 port media type..........................................................................................................................................................29 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. v S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Contents 3.1.3 display control-flap....................................................................................................................................................30 3.1.4 reset control-flap........................................................................................................................................................31 3.1.5 display ifnet controller-tree.......................................................................................................................................32 3.1.6 control-flap................................................................................................................................................................35 4 IP Service Compatible Commands..........................................................................................38 4.1 DHCP Compatible Commands.....................................................................................................................................39 4.1.1 expired.......................................................................................................................................................................39 4.1.2 dhcp server expired....................................................................................................................................................40 4.1.3 dhcp server forbidden-ip............................................................................................................................................42 4.1.4 dhcp server ip-pool....................................................................................................................................................43 4.1.5 dns-suffix...................................................................................................................................................................44 4.1.6 ip relay address .........................................................................................................................................................45 4.1.7 lease...........................................................................................................................................................................46 4.1.8 policy-vlan dhcp-generic...........................................................................................................................................48 4.1.9 policy-vlan dhcp-mac................................................................................................................................................49 4.1.10 policy-vlan dhcp-port..............................................................................................................................................51 5 IP Routing Compatible Commands.........................................................................................54 5.1 display bgp group.........................................................................................................................................................55 5.2 display bgp network......................................................................................................................................................56 5.3 display bgp paths..........................................................................................................................................................57 5.4 display bgp peer............................................................................................................................................................58 5.5 display bgp routing-table dampened.............................................................................................................................59 5.6 display bgp routing-table dampening parameter..........................................................................................................60 5.7 display bgp routing-table flap-info...............................................................................................................................60 5.8 display bgp routing-table label.....................................................................................................................................62 5.9 display bgp update-peer-group.....................................................................................................................................63 5.10 display ipv6 nexthop-indirection................................................................................................................................63 5.11 display ipv6 routing-table statistics............................................................................................................................64 5.12 display ipv6 routing-table time-range.........................................................................................................................66 5.13 display rm ipv6 interface............................................................................................................................................68 5.14 ipv6 route-static vpn6-instance...................................................................................................................................69 5.15 ipv6-family vpn6-instance..........................................................................................................................................71 5.16 isis vpn6-instance.......................................................................................................................................................72 5.17 reset ipv6 routing-table statistics protocol..................................................................................................................73 6 Multicast Compatible Commands...........................................................................................75 6.1 Layer 2 Multicast Compatible Commands...................................................................................................................76 6.1.1 display igmp-proxy configuration.............................................................................................................................76 6.1.2 display igmp-proxy....................................................................................................................................................77 6.1.3 display igmp-proxy port-info.....................................................................................................................................79 6.1.4 display igmp-proxy router-port.................................................................................................................................81 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. vi S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Contents 6.1.5 igmp-proxy enable.....................................................................................................................................................82 6.1.6 igmp-proxy group-limit.............................................................................................................................................83 6.1.7 igmp-proxy group-policy (interface view)................................................................................................................84 6.1.8 igmp-proxy group-policy (VLAN view)...................................................................................................................86 6.1.9 igmp-proxy lastmember-queryinterval......................................................................................................................87 6.1.10 igmp-proxy max-response-time...............................................................................................................................88 6.1.11 igmp-proxy prompt-leave........................................................................................................................................89 6.1.12 igmp-proxy query-interval.......................................................................................................................................91 6.1.13 igmp-proxy require-router-alert...............................................................................................................................92 6.1.14 igmp-proxy robust-count.........................................................................................................................................93 6.1.15 igmp-proxy router-aging-time.................................................................................................................................94 6.1.16 igmp-proxy send-query enable................................................................................................................................95 6.1.17 igmp-proxy send-query source-address...................................................................................................................96 6.1.18 igmp-proxy ssm-policy............................................................................................................................................97 6.1.19 igmp-proxy static-group..........................................................................................................................................98 6.1.20 igmp-proxy static-router-port..................................................................................................................................99 6.1.21 igmp-proxy table limit...........................................................................................................................................100 6.1.22 igmp-proxy version................................................................................................................................................101 6.1.23 igmp-snooping group-policy (interface view).......................................................................................................102 6.1.24 igmp-snooping group-policy (VLAN view)..........................................................................................................103 6.1.25 igmp-snooping proxy enable.................................................................................................................................104 6.1.26 igmp-snooping ssm-policy....................................................................................................................................105 6.1.27 igmp-snooping static-group...................................................................................................................................106 6.1.28 igmp-snooping suppression-time...........................................................................................................................107 6.1.29 igmp-snooping table limit......................................................................................................................................108 6.1.30 mld-snooping group-policy (interface view).........................................................................................................109 6.1.31 mld-snooping group-policy (VLAN view)............................................................................................................111 6.1.32 multicast user-vlan.................................................................................................................................................113 6.1.33 multicast-source-deny interface.............................................................................................................................114 6.1.34 reset igmp-proxy group.........................................................................................................................................115 6.1.35 undo igmp-proxy router-learning..........................................................................................................................116 6.1.36 undo igmp-proxy send-router-alert........................................................................................................................117 7 QoS compatible command.......................................................................................................118 7.1 cpu queue bpdu...........................................................................................................................................................119 7.2 port queue statistics enable.........................................................................................................................................120 7.3 qos drr (scheduling template view)............................................................................................................................121 7.4 qos local-precedence-queue-map................................................................................................................................122 7.5 qos queue....................................................................................................................................................................124 7.6 qos queue max-buffer.................................................................................................................................................126 7.7 qos queue max-length (tail drop template view)........................................................................................................127 7.8 qos queue statistics enable..........................................................................................................................................129 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. vii S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Contents 7.9 qos sred.......................................................................................................................................................................131 7.10 qos wrr (scheduling template view)..........................................................................................................................132 8 Security Compatible Commands............................................................................................135 8.1 AAA Compatible Commands.....................................................................................................................................136 8.1.1 adminuser-priority...................................................................................................................................................136 8.1.2 local-user level.........................................................................................................................................................136 8.1.3 local-user password old-password...........................................................................................................................137 8.1.4 radius-server test-user detect interval......................................................................................................................139 8.2 DHCP Snooping Compatible Commands..................................................................................................................140 8.2.1 dhcp option82 format...............................................................................................................................................140 8.2.2 dhcp snooping bind-table.........................................................................................................................................141 8.2.3 dhcp snooping information circuit-id......................................................................................................................142 8.2.4 dhcp snooping information remote-id.....................................................................................................................143 8.2.5 dhcp snooping information format..........................................................................................................................144 8.2.6 dhcp snooping check dhcp-rate enable....................................................................................................................145 8.2.7 dhcp snooping global max-user-number.................................................................................................................146 8.2.8 dhcp snooping sticky-mac.......................................................................................................................................147 8.2.9 dhcp snooping trust..................................................................................................................................................149 8.3 NAC Compatible Commands.....................................................................................................................................150 8.3.1 mac-authen username fixed password.....................................................................................................................150 8.3.2 web-auth-server (system view)................................................................................................................................151 8.4 Local Attack Defense Compatible Commands..........................................................................................................152 8.4.1 blacklist....................................................................................................................................................................152 8.4.2 car............................................................................................................................................................................153 8.4.3 car cpu-port..............................................................................................................................................................154 8.4.4 cpu-defend linkup-car bgp enable...........................................................................................................................155 8.4.5 deny.........................................................................................................................................................................156 8.5 IP Source Guard Compatible Commands...................................................................................................................157 8.5.1 ip anti-attack source-ip equals destinetion-ip drop..................................................................................................157 8.5.2 ip source check........................................................................................................................................................158 8.6 URPF Compatible Commands...................................................................................................................................159 8.6.1 urpf (interface view)................................................................................................................................................159 8.7 Traffic Suppression Compatible Commands..............................................................................................................160 8.7.1 broadcast-suppression..............................................................................................................................................161 8.7.2 multicast-suppression..............................................................................................................................................162 8.7.3 unicast-suppression..................................................................................................................................................163 8.8 ACL Compatible Commands.....................................................................................................................................164 8.8.1 acl ipv6....................................................................................................................................................................164 8.8.2 acl (system view).....................................................................................................................................................165 8.8.3 rule (ACL6).............................................................................................................................................................167 9 Reliability Compatible Commands.......................................................................................170 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. viii S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Contents 9.1 VRRP Compatible Commands...................................................................................................................................171 9.1.1 clear vrrp-config......................................................................................................................................................171 9.2 Smart Link Compatible Commands...........................................................................................................................171 9.2.1 load-balance reference-instance...............................................................................................................................172 9.3 Ethernet OAM Compatible Commands.....................................................................................................................173 9.3.1 efm trigger if-net......................................................................................................................................................173 9.3.2 error-shutdown auto-recovery cause efm-threshold-event......................................................................................174 9.3.3 error-shutdown auto-recovery interval....................................................................................................................175 10 Device Management Compatible Commands...................................................................177 10.1 vrbd...........................................................................................................................................................................179 10.2 _shell.........................................................................................................................................................................179 10.3 backup elabel............................................................................................................................................................181 10.4 cpu-usage threshold..................................................................................................................................................182 10.5 display autosave config............................................................................................................................................183 10.6 display environment.................................................................................................................................................184 10.7 display elabel unit.....................................................................................................................................................185 10.8 display fault-management.........................................................................................................................................188 10.9 display fault-management alarm information...........................................................................................................189 10.10 display reboot-info..................................................................................................................................................191 10.11 fault-management alarm.........................................................................................................................................192 10.12 reset reboot-info......................................................................................................................................................195 10.13 display alarm urgent...............................................................................................................................................196 10.14 reset alarm urgent...................................................................................................................................................197 10.15 temperature threshold unit......................................................................................................................................198 10.16 port-mirroring to observe-port................................................................................................................................199 10.17 poe power...............................................................................................................................................................201 10.18 port-mirroring.........................................................................................................................................................202 10.19 reset fault-management...........................................................................................................................................203 11 Network Management Compatible Commands............................................................... 205 11.1 Ping and Tracert Compatible Commands.................................................................................................................206 11.1.1 ping ipv6................................................................................................................................................................206 11.1.2 tracert ipv6.............................................................................................................................................................211 11.2 NTP Compatible Commands....................................................................................................................................216 11.2.1 ntp-service authentication-keyid............................................................................................................................216 11.3 SNMP Compatible Commands................................................................................................................................219 11.3.1 snmp-agent usm-user.............................................................................................................................................219 12 MPLS compatible command................................................................................................. 226 12.1 explicit-path..............................................................................................................................................................227 12.2 mpls te bypass-tunnel bandwidth.............................................................................................................................228 12.3 snmp-agent trap enable feature-name ldp.................................................................................................................229 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. ix S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Contents 12.4 static-cr-lsp ingress bandwidth.................................................................................................................................230 12.5 static-cr-lsp transit bandwidth..................................................................................................................................231 12.6 bandwidth (LSP attribute view)................................................................................................................................233 12.7 mpls te bandwidth.....................................................................................................................................................234 13 VPN compatible command....................................................................................................236 13.1 display bgp vpnv6 brief............................................................................................................................................237 13.2 display bgp vpnv6 vpn6-instance brief.....................................................................................................................238 13.3 display bgp vpnv6 vpn6-instance routing-table........................................................................................................239 13.4 display bgp vpnv6 vpn6-instance routing-table statistics.........................................................................................245 13.5 display ipv6 prefix-limit statistics............................................................................................................................248 13.6 display ipv6 routing-table limit................................................................................................................................250 13.7 display ipv6 routing-table vpn6-instance.................................................................................................................252 13.8 display ipv6 vpn6-instance.......................................................................................................................................258 13.9 link-alive...................................................................................................................................................................264 13.10 mpls l2vpn traffic-statistics capability enable........................................................................................................265 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. x S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 1 1 Basic Configuration Compatible Commands Basic Configuration Compatible Commands About This Chapter 1.1 set save-configuration backup-to-server server 1.2 set save-configuration 1.3 super Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 1 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 1 Basic Configuration Compatible Commands 1.1 set save-configuration backup-to-server server Function The set save-configuration backup-to-server server command specifies the server where the system periodically saves the configuration file. By default, the system does not periodically save configurations to the server. Format set save-configuration backup-to-server server server-ip [ transport-type { ftp | sftp } ] path folder user user-name password password Parameters Parameter Description server server-ip Specifies the IP address of the server where the system periodically saves the configuration file. transport-type Specifies the mode in which the configuration file is transmitted to the server. The value can be ftp or sftp. user user-name Specifies the name of the user who saves the configuration file on the server. The value is a string of 1 to 64 case-sensitive characters without spaces. password password Specifies the password of the user who saves the configuration file on the server. The value is a string of 1 to 16 or 32 case-sensitive characters without spaces. path folder Value Specifies the relative save path on the The value is a string of 1 to 64 server. case-sensitive characters without spaces. Views System view Default Level 3: Management level Usage Guidelines Usage Scenario Run this command to periodically save the configuration file to the server. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 2 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 1 Basic Configuration Compatible Commands Precautions If the mode in which the configuration file is transmitted to the server is not specified, FTP is used. If the specified path on the server does not exist, configuration files cannot be sent to the server. The system then sends an alarm message indicating the transmission failure to the NMS, and the transmission failure is recorded as a log message on the device. The user name and password must be the same as those used in FTP or SFTP login mode. Example # Specify the server to which the system periodically sends the configuration file, and set the transmission mode to SFTP. <HUAWEI> system-view [HUAWEI] set save-configuration backup-to-server server 1.1.1.1 transport-type sftp path d:/ftp user huawei password huawei 1.2 set save-configuration Function Using the set save-configuration command, you can enable automatic saving of configurations. Using the undo set save-configuration command, you can disable automatic saving of configurations. By default, automatic saving of configurations is not enabled. Format set save-configuration nochange-time nochange-time undo set save-configuration nochange-time [ nochange-time ] Parameters Parameter Description Value nochange-time nochangetime Specifies a period and configures the system to automatically save configurations if no configurations are changed over the specified period. The value is an integer ranging from 30 to 43200, in minutes. The default value is 30. Views System view Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 3 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 1 Basic Configuration Compatible Commands Default Level 3: Management level Usage Guidelines If nochange-time nochange-time is specified in the command, the system automatically saves configurations if no configuration changes in the period specified by nochange-time. If the interval from the time of the last configuration to the current time is shorter than the set interval, the system cancels the current automatic saving operation. Example # Configure the system to automatically save configurations at 60-minute intervals if no configuration changes in the period. <HUAWEI> system-view [HUAWEI] set save-configuration nochange-time 60 1.3 super Function The super command changes the level of a user. Format super [ level ] Parameters Parameter Description level Value Specifies the user level. The value is an integer that ranges from 0 to 15. The default user level is 3. Views User view Default Level 0: Visit level Usage Guidelines Usage Scenario To prevent illegal intrusion of unauthorized users, when a user switches to a higher user level, the system authenticates the user identity by requiring the user to input the password for the higher user level. If the user inputs an incorrect password, the login fails. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 4 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 1 Basic Configuration Compatible Commands NOTE The device supports this command only when the super password command is configured in the history version and the device has upgraded to the current version. Precautions Users are assigned one of 16 levels, and these levels correspond to command levels. After logging in to the system, users can use only the commands whose levels are equal to or lower than their user levels. The password that the user enters is not displayed. If the user inputs the correct password within three times, the user switches to the higher user level. If the password is incorrect, the user level remains unchanged. Example # Switch users to level 3. <HUAWEI> super 3 Password: Now user privilege is 3 level, and only those commands whose level is equal to or less than this level can be used. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 5 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 2 LAN Compatible Commands LAN Compatible Commands About This Chapter 2.1 Link Aggregation Compatible Commands 2.2 MAC Compatible Commands 2.3 VLAN Compatible Commands 2.4 L2PT Compatible Commands 2.5 STP Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 6 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands 2.1 Link Aggregation Compatible Commands 2.1.1 load-balance Function Using the load-balance command, you can set the load balancing mode of an Eth-Trunk. Format load-balance { dip | dmac | sip | smac | sipxordip | smacxordmac } Parameters Parameter Description Value dip Indicates load balancing based on the destination IP addresses. - dmac Indicates load balancing based on the destination MAC addresses. - sip Indicates load balancing based on the source IP addresses. - smac Indicates load balancing based on the source MAC addresses. - sipxordip Indicates load balancing based on the Exclusive-OR result of the source and destination IP addresses. - smacxordmac Indicates load balancing based on the Exclusive-OR result of the source and destination MAC addresses. - Views Eth-Trunk interface view Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 7 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Default Level 2: Configuration level Usage Guidelines To ensure proper load balancing between the physical links of an Eth-Trunk interface and avoid link congestion, you can use the load-balance command to set the load balancing mode of the Eth-Trunk interface. Load balancing is valid only for the outbound traffic; therefore, the load balancing modes for the interfaces at both ends of the link can be different and do not affect each other. If you run the load-balance command repeatedly, only the latest configuration takes effect. You can set the load balancing mode according to the actual situation of the network. When a parameter of traffic changes frequently, you can set the load balancing mode based on this parameter to ensure that the traffic is load balanced evenly. The device supports the following load balancing modes: l dip: load balancing based on the destination IP address. In this mode, the system obtains the specified three bits from each of the destination IP address and the TCP or UDP port number in outgoing packets to perform the Exclusive-OR calculation, and then selects the outgoing interface from the Eth-Trunk table according to the calculation result. l dmac: load balancing based on the destination MAC address. In this mode, the system obtains the specified three bits from each of the destination MAC address, VLAN ID, Ethernet type, and incoming interface information to perform the Exclusive-OR calculation, and then selects the outgoing interface from the Eth-Trunk table according to the calculation result. l sip: load balancing based on the source IP address. In this mode, the system obtains the specified three bits from each of the source IP address and the TCP or UDP port number in incoming packets to perform the Exclusive-OR calculation, and then selects the outgoing interface from the Eth-Trunk table according to the calculation result. l smac: load balancing based on the source MAC address. In this mode, the system obtains the specified three bits from each of the source MAC address, VLAN ID, Ethernet type, and incoming interface information to perform the Exclusive-OR calculation, and then selects the outgoing interface from the Eth-Trunk table according to the calculation result. l sipxordip: load balancing based on the Exclusive-OR result of the source IP address and destination IP address. In this mode, the system performs the Exclusive-OR calculation between the Exclusive-OR results of the dip and sip modes, and then selects the outgoing interface from the Eth-Trunk table according to the calculation result. l smacxordmac: load balancing based on the Exclusive-OR result of the source MAC address and destination MAC address. In this mode, the system obtains three bits from each of the source MAC address, destination MAC address, VLAN ID, Ethernet type, and incoming interface information to perform the Exclusive-OR calculation, and then selects the outgoing interface from the Eth-Trunk table according to the calculation result. Example # Set the load balancing mode of Eth-Trunk 1 to dmac. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 8 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands <HUAWEI> system-view [HUAWEI] interface Eth-Trunk 1 [HUAWEI-Eth-Trunk1] load-balance dmac 2.1.2 service-type tunnel Function Using the service-type tunnel command, you can enable the service loopback function on an Eth-Trunk interface to loop back service packets over tunnels. Using the undo service-type tunnel command, you can disable the service loopback function on an Eth-Trunk interface. By default, the service loopback function is not enabled on an Eth-Trunk interface. NOTE S2350, S5300LI, S5306 do not support this command. Format service-type tunnel undo service-type tunnel Parameters None Views Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines An IPv6 packet is encapsulated in an IPv4 packet header by a device, and then is forwarded by the device according to the IPv4 routing table. NOTE After being configured as a service loopback interface, an Eth-Trunk interface can be used only to loop back service packets over tunnels. A device can be configured with only one service loopback interface. Example # Configure Eth-Trunk 0 as a service loopback interface. <HUAWEI> system-view [HUAWEI] interface eth-trunk 0 [HUAWEI-Eth-Trunk0] service-type tunnel Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 9 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands 2.1.3 l2 field dport Function The l2 field dport command sets the load balancing mode of Layer 2 packets to dport in a load balancing profile. The undo l2 field dport command deletes the load balancing mode of Layer 2 packets or restores the default load balancing mode of Layer 2 packets. Product Support S5300 Only the S5300HI and S5310EI support this configuration. S6300 Not supported Format l2 field dport undo l2 field dport Parameters None Views Load balancing profile view Default Level 2: Configuration level Usage Guidelines None 2.1.4 ipv4 field dport Function The ipv4 field dport command sets the load balancing mode of IPv4 packets to dportin a load balancing profile. The undo ipv4 field dport command deletes the load balancing mode of IPv4 packets or restores the default load balancing mode of IPv4 packets. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 10 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Product Support S5300 Only the S5300HI and S5310EI support the ipv4 field command. S6300 Not supported Format ipv4 field dport undo ipv4 field dport Parameters None Views Load balancing profile view Default Level 2: Configuration level Usage Guidelines None. 2.1.5 ipv6 field dport Function The ipv6 field dport command sets the load balancing mode of IPv6 packets to dport in a load balancing profile. The undo ipv6 field dport command deletes the load balancing mode of IPv6 packets or restores the default load balancing mode of IPv6 packets. Product Support S5300 Only the S5300HI and S5310EI support the ipv6 field command. S6300 Not supported Format ipv6 field dport Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 11 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands undo ipv6 field dport Parameters None Views Load balancing profile view Default Level 2: Configuration level Usage Guidelines None 2.1.6 mpls field dport Function The mpls field dport sets the load balancing mode of MPLS packets to dport in a load balancing profile. The undo mpls field dport command deletes the load balancing mode of MPLS packets or restores the default load balancing mode of MPLS packets. Product Support S5300 Only the S5300HI and S5310EI support the mpls field command. S6300 Not supported Format mpls field dport undo mpls field dport Parameters None Views Load balancing profile view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 12 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Usage Guidelines None 2.2 MAC Compatible Commands 2.2.1 mac-address blackhole(interface view) Function Using the mac-address blackhole command, you can add a blackhole MAC address entry. Format mac-address blackhole mac-address [ interface-type interface-number ] vlan vlan-id1 [ cevlan vlan-id2 ] Parameters Parameter Description Value blackhole Indicates blackhole MAC address entries. If the source or destination MAC address of a packet is a blackhole MAC address, the device discards the packet. - mac-address Specifies the destination MAC address in a MAC address entry. The value is in H-H-H format. H is a hexadecimal number of 1 to 4 digits. interface-type interfacenumber Specifies the outbound interface in a MAC address entry. - l interface-type specifies the type of the outbound interface. l interface-number specifies the number of the outbound interface. vlan vlan-id1 Specifies the VLAN ID in the outer VLAN tag. The value is an integer that ranges from 1 to 4094. Views Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 13 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Default Level 2: Configuration level Usage Guidelines Usage Scenario Blackhole MAC address entries that are manually configured. A data frame is discarded if the source or destination MAC address matches a blackhole MAC address entry. Functions of static and blackhole MAC address entries are: Blackhole MAC address entries prevent untrusted devices from attacking the device. Precautions If you configure a blackhole MAC address entry when the MAC table is full, the device processes the MAC address entry as follows: l If a dynamic MAC address entry with the same MAC address exists in the MAC address table, the device replaces the dynamic MAC address entry with the configured entry. l If no dynamic MAC address entry with the same MAC address exists in the MAC address table, the MAC address entries cannot be added to the MAC address table. Example # Configure a blackhole MAC address entry to discard the Ethernet frames whose destination MAC address is 0004-0004-0004 and VLAN ID is VLAN 5. <HUAWEI> system-view [HUAWEI] interface GigabitEthernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] mac-address blackhole 4-4-4 vlan 5 2.2.2 mac-address static Function Using the mac-address static command, you can add a static MAC address entry . Format mac-address static mac-address interface-type interface-number vlan vlan-id1 Parameters Issue 02 (2013-11-06) Parameter Description Value static Indicates static MAC address entries, that is, MAC address entries configured manually. - Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 14 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Parameter Description Value mac-address Specifies the destination MAC address in a MAC address entry. The value is in H-H-H format. H is a hexadecimal number of 1 to 4 digits. interface-type interfacenumber Specifies the outbound interface in a MAC address entry. - l interface-type specifies the type of the outbound interface. l interface-number specifies the number of the outbound interface. vlan vlan-id1 Specifies the VLAN ID in the outer VLAN tag. The value is an integer that ranges from 1 to 4094. Views Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines Usage Scenario Static MAC address entries that are manually configured. They take precedence over dynamic MAC address entries. Functions of static MAC address entries are: Static MAC address entries prevent bogus packets with trusted device MAC addresses sent from attackers and guarantee communication between the device and the upstream device or server. Configuration Impact You can configure multiple static MAC address entries by running the mac-address command multiple times. Precautions If you configure a static MAC address entry when the MAC table is full, the device processes the MAC address entry as follows: l Issue 02 (2013-11-06) If a dynamic MAC address entry with the same MAC address exists in the MAC address table, the device replaces the dynamic MAC address entry with the configured entry. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 15 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference l 2 LAN Compatible Commands If no dynamic MAC address entry with the same MAC address exists in the MAC address table, the MAC address entries cannot be added to the MAC address table. Example # Add a static MAC address entry to the MAC address table. The destination MAC address is 0003-0003-0003. The outbound interface is GigabitEthernet0/0/1, which belongs to VLAN 4. <HUAWEI> system-view [HUAWEI] mac-address static 3-3-3 GigabitEthernet 0/0/1 vlan 4 2.2.3 port-security mac-address sticky enable Function Using the port-security mac-address sticky enable, you can enable the sticky MAC function on an interface. Using the undo port-security mac-address sticky enable, you can disable the sticky MAC function on an interface. By default, the sticky MAC function is disabled on an interface. Format port-security mac-address sticky enable undo port-security mac-address sticky enable Parameters None Views Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines Usage Scenario After port security is enabled on an interface, MAC address entries learned by the interface are saved in the MAC address table as secure dynamic MAC address entries. After the sticky MAC function is enabled on an interface, the dynamic MAC addresses learned by the interface change to sticky MAC addresses. If the number of sticky MAC addresses does not reach the limit, the MAC addresses learned subsequently change to sticky MAC addresses. When the number of sticky MAC addresses reaches the limit, packets whose source MAC addresses do not match sticky MAC address entries are discarded. In addition, the system determines whether to send a trap message or shut down the interface according to the configured security protection action. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 16 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Prerequisites Port security has been enabled by using the port-security enable command on the interface. Example # Enable the sticky MAC function on GigabitEthernet0/0/1. <HUAWEI> system-view [HUAWEI] interface gigabitethernet0/0/1 [HUAWEI-GigabitEthernet0/0/1] port-security enable [HUAWEI-GigabitEthernet0/0/1] port-security mac-address sticky enable 2.2.4 port-security maximum Function The port-security maximum command sets the maximum number of MAC addresses that can be learned on an interface. Format port-security maximum max-number Parameters Parameter Description max-number Specifies the maximum number of MAC addresses that can be learned by an interface. Value Views Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines Usage Scenario After enabling port security on an interface, you can run the port-security maximum command to limit the number of MAC addresses that the interface can learn. Prerequisites Port security has been enabled by using the port-security enable command on the interface. Configuration Impact Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 17 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands If you run the port-security maximum command multiple times in the same interface view, only the latest configuration takes effect. Precautions If the sticky MAC function is disabled, max-number limits the number of secure dynamic MAC addresses learned by the interface. If the sticky MAC function is enabled, max-number limits the number of sticky MAC addresses learned by the interface. Example # Set the maximum number of MAC addresses that can be learned by GigabitEthernet0/0/1 to 5. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port-security enable [HUAWEI-GigabitEthernet0/0/1] port-security maximum 5 2.3 VLAN Compatible Commands 2.3.1 port mux-vlan enable Function The port mux-vlan enable command enables the MUX VLAN function on an interface. The undo port mux-vlan enable command disables the MUX VLAN function on an interface. By default, the MUX VLAN function is disabled on an interface. Format port mux-vlan enable undo port mux-vlan enable Parameters None Views GE interface view, XGE interface view, Eth-Trunk interface view, port group view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 18 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Usage Guidelines Usage Scenario The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function involves a MUX VLAN and several subordinate VLANs. Subordinate VLANs are classified into subordinate group VLANs and subordinate separate VLANs. Subordinate VLANs can communicate with the principal VLAN but cannot communicate with each other. Interfaces in a subordinate group VLAN can communicate with each other, and interfaces in a subordinate separate VLAN are isolated from each other. The MUX VLAN function takes effect only after it is enabled on an interface. Prerequisites Before enable MUX VLAN function, complete the following task: l The port has been added to a principal or subordinate VLAN as an access, hybrid, or trunk interface. l The port has been added to only a VLAN. If the port has been added to multiple VLANs, the MUX VLAN function cannot be enabled on this port. l The port has been added to a principal or subordinate VLAN in untagged mode as an access or hybrid interface. Precautions Disabling MAC address learning or limiting the number of learned MAC addresses on an interface affects the MUX VLAN function on the interface. The MUX VLAN and port security functions conflict on an interface. That is, the port-security enable and port mux-vlan enable commands cannot be used on the same interface. The MUX VLAN and MAC address authentication conflict on an interface; therefore, the port mux-vlan enable and mac-authen command cannot be used on the same interface. The MUX VLAN and 802.1x authentication conflict on an interface; therefore, the port muxvlan enable and dot1x enable command cannot be used on the same interface. Example # Enable the MUX VLAN function on GE0/0/1. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port mux-vlan enable 2.3.2 port vlan-stacking Function The port vlan-stacking command enables selective QinQ. Format port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] push vlan vlan-id3 { remark-8021p 8021pvalue | priority-inherit } Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 19 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Parameters Parameter Description Value vlan vlan-id1 [ to vlan-id2 ] Specifies a range of customer VLAN (C-VLAN) IDs. The value of vlan-id1 is an integer that ranges from 1 to 4094. l vlan-id1 specifies the start C-VLAN ID. l to vlan-id2 specifies the last C-VLAN ID. The value of vlan-id2 must be greater than the value of vlan-id1. The vlan-id1 and vlan-id2 parameters identify a range of VLANs. The value of vlan-id2 is an integer that ranges from 1 to 4094. push vlan vlan-id3 Specifies the VLAN ID in the outer tags added to frames. The value is an integer that ranges from 1 to 4094. remark-8021p 8021p-value Specifies the internal priority in the stacked outer VLAN tag. The value is an integer that ranges from 0 to 7. The greater the value is, the higher the priority is. By default, the priority in the stacked outer VLAN tag is the same as the priority in the inner VLAN tag. priority-inherit Indicates that the 802.1p priority in the outer VLAN tag of data frames inherits the 802.1p priority in the stacked outer VLAN tag. - Views Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines When the user packets traverse the ISP network, you can use the port vlan-stacking command to add a VLAN tag to the data frames sent from user VLANs so that the data frames contain double VLAN tags. When you configure selective QinQ, pay attention to the following points: Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 20 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands l Selective QinQ can be configured only on hybrid interfaces and it takes effect only in the inbound direction. l The specified stack VLAN ID must exist and the interface must be added to the specified stack VLAN in untagged mode. Example # Configure selective QinQ on GigabitEthernet 0/0/1. Add outer VLAN tag 100 to the frames with C-VLAN IDs 10-13. <HUAWEI> system-view [HUAWEI] interface gigabitethernet [HUAWEI-GigabitEthernet0/0/1] qinq [HUAWEI-GigabitEthernet0/0/1] port [HUAWEI-GigabitEthernet0/0/1] port priority-inherit 0/0/1 vlan-translation enable hybrid untagged vlan 100 vlan-stacking vlan 10 to 13 push vlan 100 2.4 L2PT Compatible Commands 2.4.1 bpdu-tunnel enable Function The bpdu-tunnel enable command enables Layer 2 protocol transparent transmission on an interface. Format bpdu-tunnel { all | protocol-type &<1-14> } enable Parameters Parameter Description Value all Enables or disables transparent transmission of packets of all standard Layer 2 protocols and user-defined Layer 2 protocols. - protocol-type Enables or disables transparent transmission of packets of a specified Layer 2 protocol. - NOTE You can specify multiple protocols in the command. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 21 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Views Ethernet interface view, XGE interface view, GE interface view, Eth-Trunk interface view, port group view Default Level 2: Configuration level Usage Guidelines After a user-side interface of a PE on an ISP network is enabled to transparently transmit Layer 2 protocol packets, the interface directly forwards Layer 2 protocol packets sent from a user network instead of sending the packets to the CPU. In this way, Layer 2 protocol packets are transparently transmitted through the ISP network. Generally, the bpdu-tunnel enable command is run on user-side interfaces of PEs. Example # Configure GE0/0/1 to transparently transmit all Layer 2 protocols. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] bpdu-tunnel all enable 2.4.2 bpdu-tunnel vlan Function The bpdu-tunnel vlan command enables VLAN-based Layer 2 protocol transparent transmission on an interface. Format bpdu-tunnel { all | protocol-type &<1-14> } vlan { low-id [ to high-id ] } &<1-10> Parameters Issue 02 (2013-11-06) Parameter Description Value all Enables or disables transparent transmission of packets of all standard Layer 2 protocols and user-defined Layer 2 protocols. - Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 22 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Parameter Description Value protocol-type Enables or disables transparent transmission of packets of a specified Layer 2 protocol. - NOTE You can specify multiple protocols in the command. low-id Specifies the start VLAN ID. The value is an integer that ranges from 1 to 4094. The value must be smaller than the end VLAN ID. high-id Specifies the end VLAN ID. The value is an integer that ranges from 1 to 4094. The value must be greater than the start VLAN ID. Views Ethernet interface view, XGE interface view, GE interface view, Eth-Trunk interface view, port group view Default Level 2: Configuration level Usage Guidelines After a user-side interface of a PE on an ISP network is enabled to transparently transmit Layer 2 protocol packets, the interface directly forwards Layer 2 protocol packets sent from a user network instead of sending the packets to the CPU. In this way, Layer 2 protocol packets are transparently transmitted through the ISP network. The bpdu-tunnel vlan command is usually used on user-side interfaces of PEs. Example # Enable GE0/0/1 to transparently transmit all Layer 2 protocols with VLAN tags ranging from 100 to 200. <HUAWEI> system-view [HUAWEI] vlan batch 100 to 200 [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port link-type trunk [HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200 [HUAWEI-GigabitEthernet0/0/1] bpdu-tunnel all vlan 100 to 200 2.5 STP Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 23 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands 2.5.1 bpdu filter Function Using the bpdu filter enable command, you can configure a port as a BPDU filter port. Using the bpdu filter disable command, you can configure a port as a non-BPDU filter port. By default, a port is a non-BPDU filter port. Format bpdu filter enable bpdu filter disable Parameters None Views Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines CAUTION After you run the bpdu filter enable command on a port, the port no longer process or send BPDUs. In this case, the port cannot negotiate the STP status with the directly connected port on the peer device; therefore, use this command with caution. It is recommended that you use this command on edge ports. This command is usually used on edge devices to prevent edge ports from processing and sending BPDUs. If this command is not used on an edge device, ports of the device are non-BPDU filter ports. In this case, the ports can send BPDUs even if they are configured as edge ports. Then BPDUs are sent to other networks, causing flapping of other networks. After you run the bpdu filter disable command on a port, the port becomes a non-BPDU filter port. This port remains a non-BPDU filter port after you run the stp bpdu-filter default command in the system view. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 24 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Example # Configure GE0/0/1 on an edge device as a non-BPDU filter port. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] bpdu filter disable # Configure GE0/0/2 on an edge device as a BPDU filter port. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/2 [HUAWEI-GigabitEthernet0/0/2] bpdu filter enable 2.5.2 stp-snooping enable Function Using the stp-snooping enable command, you can enable STP snooping. Using the stp-snooping disable command, you can disable STP snooping. By default, STP snooping is disabled on interfaces. Format stp-snooping enable stp-snooping disable Parameters None Views System view Default Level 2: Configuration level Usage Guidelines After the l2protocol-tunnel command is used to enable transparent transmission of Layer 2 protocol packets on untagged interfaces or the l2protocol-tunnel vlan command is used to enable transparent transmission of Layer 2 protocol packets on tagged packets, the untagged or tagged interfaces directly forward Layer 2 protocol packets sent from user networks over the ISP's network rather than send them to the CPU for processing. When a device enabled with transparent transmission of Layer 2 protocol packets receives TC packets, if the stp-snooping enable command is used, the device clears the MAC entries and ARP entires and updates the forwarding table. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 25 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 2 LAN Compatible Commands Example # Enable STP snooping. <HUAWEI> system-view [HUAWEI] stp-snooping enable Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 26 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 3 Interface Compatible Commands Interface Compatible Commands About This Chapter 3.1 Ethernet Interface Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 27 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands 3.1 Ethernet Interface Compatible Commands 3.1.1 port-down holdoff-time Function Using the port-down holdoff-time command, you can set the delay in reporting a port status change event. Format port-down holdoff-time interval Parameters Parameter Description Value interval Specifies the delay time. The value is an integer. The value can be 0 or in the range of 50 to 50000, in milliseconds. Views Ethernet interface view, GE interface view, XGE interface view Default Level 2: Configuration level Usage Guidelines Usage Scenario When the cable connected to an interface is faulty, the interface status may change frequently. When this occurs, the system frequently updates the matching entries. If link backup is configured on the interface, active/standby switchovers occur frequently. To prevent frequent status change, you can use the port-down holdoff-time command to set the delay in reporting a port status change event. If an S2350&S5300&S6300 interface is connected to a wavelength division multiplexing device, the interface becomes Down when a protective switchover occurs on the wavelength division multiplexing device, and services are interrupted. To prevent service interruption, you can set the delay in reporting a port Down event. Configuration Impact Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 28 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands If you run the port-down holdoff-time command multiple times in the same interface view, only the latest configuration takes effect. Example # Set the delay in reporting a port status change event to 1000 milliseconds on GigabitEthernet0/0/1. <HUAWEI> system [HUAWEI] interface gigabitethernet0/0/1 [HUAWEI-GigabitEthernet0/0/1] port-down holdoff-time 1000 3.1.2 port media type Function The port media type command determines whether an interface configuration item belongs to the optical interface or electrical interface. Format port media type { copper | fiber } Parameters Parameter Description Value copper Indicates that a configuration item belongs to the electrical interface. - fiber Indicates that a configuration item belongs to the optical interface. - Views GE interface view Default Level 2: Configuration level Usage Guidelines This command only distinguishes optical interface configuration and electrical interface configuration, and is not configurable. For example, an interface has the following configuration: # interface GigabitEthernet0/0/1 port media type copper undo negotiation auto Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 29 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands speed 100 port media type fiber undo negotiation auto # The preceding information shows that undo negotiation auto and speed 100 are configured on the electrical interface, and undo negotiation auto is configured on the optical interface. During configuration restoration, these configuration items are restored for the respective interfaces. 3.1.3 display control-flap Function The display control-flap command displays the statistics of flapping control on the interface including the status. You can adjust the flapping control parameters based on the statistics. If no interface is specified, the statistics of flapping control on all interfaces including the status are displayed. Format display control-flap [ interface interface-type interface-number ] Parameters Parameter Description Value interface interface-type interfacenumber Specifies the type and number of an interface. - Views All views Default Level 1: Monitoring level Usage Guidelines In the scenario where you need to monitor the status of an interface or locate an interface fault, you can use the display control-flap command to collect the statistics on the interface including the status. Through the displayed information, you can collect the traffic statistics and troubleshoot the interface. Example # Display the statistics of flapping control on the interface including the status. <HUAWEI> display control-flap Interface GigabitEthernet1/0/0 Control flap(IP) status:suppressed Flap(IP) count: 2 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 30 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands IP current penalty: 1.543 Control flap parameter: suppress reuse 2.000 0.750 Interface GigabitEthernet2/0/0 Control flap(IP) status:unsuppressed Flap(IP) count: 1 IP current penalty: 0.423 Control flap parameter: suppress reuse 2.000 0.750 decay-ok 54 decay-ng 54 ceiling 20.000 decay-ok 54 decay-ng 54 ceiling 6.000 Table 3-1 Description of the display control-flap command output Item Description Control flap (IP) status: Suppression status of IP on the interface l Suppressed l Unsuppressed Flap (IP) count: Total times for suppressing IP IP current penalty: Current suppress penalty value of IP on the interface Control flap paramater: Flapping control configured on the interface suppress Threshold for suppressing the interface reuse Threshold for reusing the interface decay-ok Time to decay the penalty as half when the interface is Up decay-ng Time to decay the penalty as hale when the interface is Down ceiling Maximum suppress penalty value Related Topics 3.1.4 reset control-flap 3.1.4 reset control-flap Function The reset control-flap command clears related information about control-flap. Format reset control-flap { penalty | counter } interface interface-type interface-number Parameters Parameter Description Value penalty Clears the penalty value of the flapping control and release the suppression. - Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 31 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands Parameter Description Value counter Clears the flapping times of the interface. - interface-type Indicates the interface type. - interface-number Indicates the interface number. - Views User view Default Level 3: Management level Usage Guidelines In a certain situation, you need collect statistics of traffic during a specified period. Then you need to use this command to clear the original statistics on the interface and recollect the traffic statistics. Example # Clear the suppress penalty value of the flapping control on GE 1/0/0 <HUAWEI> reset control-flap penalty interface gigabitethernet 1/0/0 3.1.5 display ifnet controller-tree Function The display ifnet controller-tree command displays information about the control interface and related channel interfaces on devices. Format display ifnet controller-tree { controller-name | controller-type controller-number } [ slot slotid ] Parameters Parameter Description Value controller-name Specifies the name of a control interface. - controller-type controller-number Specifies the type and number of a control interface. - slot slot-id - Issue 02 (2013-11-06) Specifies the slot ID. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 32 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands Views Diagnostic view Default Level 3: Management level Usage Guidelines The display ifnet controller-tree command displays information about the control interface and related channel interfaces on devices. NOTE The control interface must be available on a device. Example # Display hierarchies under a controller. <HUAWEI> system-view [HUAWEI] diagnose [HUAWEI-diagnose] display ifnet controller-tree T3 1/2/0 slot 1 Controller Channel Node Information ------------------------------------------------------Channel Node Addr : 0xd2861af4 Next Node : 0xd2861c5c Prev Node: 0xd8b79fe0 Low Level Node Count : 1 Next Node : 0xd285e584 Prev Node : 0xd285e584 ID : 0 Speed : 64000 Type : T3 SubType : T1 Mode : NOT_SURE Framed : FRAMED Shutdown Flag : NOSHUTDOWN ―――――――――――――――――――――――――――――――――――― Channel Node Addr : 0xd285e584 Next Node : 0xd2861b00 Prev Node: 0xd2861b00 Low Level Node Count : 1 Next Node: 0xd285e674 Prev Node: 0xd285e674 ID : 1 Speed : 0 Type : T1 SubType : NOT_SURE Mode : CHANNELIZED Framed : FRAMED Shutdown Flag : NOSHUTDOWN ―――――――――――――――――――――――――――――――――――― Channel Node Addr : 0xd285e674 Next Node : 0xd285e590 Prev Node : 0xd285e590 Low Level Node Count : 0 Next Node: 0xd285e680 Prev Node : 0xd285e680 Channel Interface : Serial1/2/0/1:1 TimeSlot Mask : 0xe ID : 1 Speed : 64000 Type : CHANNEL_SET SubType : NOT_SURE Mode : NOT_SURE Framed : NOT_SURE Shutdown Flag : NOSHUTDOWN Table 3-2 Description of the display ifnet controller-tree command output Issue 02 (2013-11-06) Item Description Channel Node Addr Address of a channel node Next Node Next node of the current node Prev Node Previous node of the current node Low Level Node Count Number of lower-level nodes Channel Interface Name of a channel interface Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 33 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands Item Description ID ID of the current node Speed Rate of the current node Type Channel type: l NOT_SURE l CPOS l E3 l T3 l E1 l T1 l CHANNEL_SET l PRI_SET l TIMESLOT_LIST SubType Channel sub-type: l NOT_SURE l CPOS l E3 l T3 l E1 l T1 l CHANNEL_SET l PRI_SET l TIMESLOT_LIST Mode Working mode of the current node: l NOT_SURE: indicates that the working mode is uncertain. l CHANNELIZED: indicates the channelized mode. l UNCHANNELIZED: indicates the unchannelized mode. l CLEAR_CHANNELIZED: indicates the clear-channelized mode. l PRI-SET: indicates the channelized mode. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 34 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands Item Description Framed Whether the current node is framed: l NOT_SURE: indicates that whether the current node is framed is uncertain. l UNFRAMED: indicates that the current node is not framed. l FRAMED: indicates that the current node is framed. Shutdown Flag When a node is shut down: l SHUTDOWN: indicates that the node is shut down. l NOSHUTDOWN: indicates that the node is not shut down. 3.1.6 control-flap Function The control-flap command enables flapping control on the interface. The undo control-flap command disables flapping control on the interface. By default, flapping control is disabled. Format control-flap [ suppress reuse ceiling decay-ok decay-ng ] undo control-flap Parameters Parameter Description suppress Issue 02 (2013-11-06) Value Specifies the threshold for suppressing When the suppress penalty value the interface. exceeds the suppress value, the interface is suppressed. The value ranges from 1 to 20000. The default value is 2000. This value must be greater than the reuse value and smaller than the ceiling value. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 35 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands Parameter Description Value reuse Specifies the threshold for reusing the interface. When the suppress penalty value is smaller than the reuse value, the interface is released from suppression. The value ranges from 1 to 20000. The default value is 750. The reuse value must be smaller than the suppress value. ceiling Specifies the maximum suppress penalty value of the interface. The suppress penalty value does not increase when it exceeds the ceiling value. This value ranges from 1001 to 20000. The default value is 6000. The ceiling value must be greater than the suppress value of the interface. decay-ok Specifies the half-life for decaying the The value ranges from 1 to 900, in penalty value when the interface is Up. seconds. The default value is 54. Generally, the decay-ok value should be set smaller than or equal to the decay-ng value. decay-ng Specifies the half-life for decaying the penalty value when the interface is Down. The value ranges from 1 to 900, in seconds. The default value is 54. Generally, the decay-ng value should be set greater than or equal to the decayok value. Views Interface view Default Level 2: Configuration level Usage Guidelines Usage Scenario Flapping control applies to reduce the adverse impact on the network stability caused by the change of interface status. A penalty value is set for each interface. The greater the penalty value, the more unstable the interface. When an interface alternates between Up and Down, the penalty value changes. Each time an interface goes Down, the penalty value of the interface is increased by 1000. Each time the interface goes Up, the penalty value of the interface is calculated by the exponential backoff technology. When the penalty value reaches to a specified suppressvalue (suppress for short), the interface status is suppressed and not reported. The penalty value can be decreased by exponent (Half-life principle) as the time elapses. When the penalty value is decreased to a specified reusevalue (reuse for short), the interface status is no longer suppressed and reported. NOTE Half-life (decay-ok/decay-ng): an indicator that measures the decaying degrees of stability, indicating the time for the penalty value of the interface decays to the half. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 36 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 3 Interface Compatible Commands Precautions If the IP address of flapping control-enabled sub-interface is deleted when the sub-interface is in the suppressed state, the sub-interface will be always in the suppressed state. Interfaces, such as Dialer, VT, NULL and loopback, do not support flapping control. Do not run the control-flap command on an interface that a VRRP backup group tracks. If this command is run on the interface and the interface recovers from a fault, the interface goes Up after a specified delay. During the delay, the network-side route is unreachable, and the VRRP status changes from Backup to Master. User-side traffic directed to the interface will be discarded. Example # Enable flapping control on GE 1/0/0. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 1/0/0 [HUAWEI-GigabitEthernet1/0/0] control-flap 2000 750 16000 15 15 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 37 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 4 IP Service Compatible Commands IP Service Compatible Commands About This Chapter 4.1 DHCP Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 38 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands 4.1 DHCP Compatible Commands 4.1.1 expired Function The expired command sets the lease for IP addresses in a global IP address pool. By default, the lease of IP addresses is one day. Format expired { day day [ hour hour [ minute minute ] ] | unlimited } Parameters Parameter Description day day Specifies the number of days The value is an integer in the IP address lease. ranging from 0 to 999, in days. The default value is 1. hour hour Specifies the number of hours in the IP address lease. The value is an integer ranging from 0 to 23, in hours. The default value is 0. minute minute Specifies the number of minutes in the IP address lease. The value is an integer ranging from 0 to 59, in minutes. The default value is 0. unlimited Indicates that the IP address lease is unlimited. - Value Views IP address pool view Default Level 2: Configuration level Usage Guidelines Usage Scenario The expired-hide command applies to DHCP servers. To meet different client requirements, DHCP supports dynamic, automatic, and static address assignment. Different hosts require Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 39 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands different IP address leases. For example, if some hosts such as a DNS server need to use certain IP addresses for a long time, configure expired as unlimited to set the IP address lease of the specified global address pool to unlimited. If some hosts such as a portable computer just need to user temporary IP addresses, set the IP address lease of the specified global address pool to the required time so that the expired IP addresses can be released and assigned to other clients. When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be assigned to the client, the DHCP server informs a renewed IP address lease to the client. If the IP address can no longer be assigned to this client, the DHCP server informs the client that the IP address lease cannot be renewed and it needs to apply for another IP address. Prerequisites Run the ip pool command to create a global IP address pool and the dhcp enable command to globally enable the DHCP server function. Precautions Different IP address leases can be specified for different global IP address pools on a DHCP server. In a global IP address pool, all addresses have the same lease. Example # Specify the IP address lease of the global address pool global1 to 1 day 2 hours and 30 minutes. <HUAWEI> system-view [HUAWEI] ip pool global1 [HUAWEI-ip-pool-global1] expired day 1 hour 2 minute 30 4.1.2 dhcp server expired Function The dhcp server expired command sets the lease for IP addresses in an interface IP address pool. By default, the lease of IP addresses is one day. Format dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } Parameters Issue 02 (2013-11-06) Parameter Description day Specifies the number of days The value is an integer in the IP address lease. ranging from 0 to 999, in days. The default value is 1. hour Specifies the number of hours in the IP address lease. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Value The value is an integer ranging from 0 to 23, in hours. The default value is 0. 40 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Parameter Description Value minute Specifies the number of minutes in the IP address lease. The value is an integer ranging from 0 to 59, in minutes. The default value is 0. unlimited Indicates that the IP address lease is unlimited. - Views VLANIF interface view Default Level 2: Configuration level Usage Guidelines Usage Scenario The dhcp server expired command applies to DHCP servers. To meet different client requirements, DHCP supports dynamic, automatic, and static address assignment. Different hosts require different IP address leases. For example, if some hosts such as a DNS server need to use certain IP addresses for a long time, run the dhcp server expired unlimited command to set the IP address lease of the specified VLANIF interface address pool to unlimited. If some hosts such as a portable computer just need to user temporary IP addresses, run the dhcp server expired command to set the IP address lease of the specified VLANIF interface address pool to the required time so that the expired IP addresses can be released and assigned to other clients. When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be assigned to the client, the DHCP server informs the client of a renewed IP address lease. If the IP address can no longer be assigned to this client, the DHCP server informs the client that the IP address lease cannot be renewed. Prerequisites Run the dhcp enable command to globally enable the DHCP function. Run the dhcp select interface command in the VLANIF interface view to enable the interface IP address pool. Precautions Different IP address leases can be specified for different interface IP address pools on a DHCP server. In an interface IP address pool, all IP addresses have the same lease. Example # Set the IP address lease of the IP address pool on VLANIF 100 to 2 days 2 hours and 30 minutes. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 41 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands <HUAWEI> system-view [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] dhcp server expired day 2 hour 2 minute 30 4.1.3 dhcp server forbidden-ip Function The dhcp server forbidden-ip command specifies the range of IP addresses that cannot be assigned to clients by the DHCP server. By default, the system does not configure the range of IP addresses that cannot be assigned to clients by the DHCP server. Format dhcp server forbidden-ip start-ip-address [ end-ip-address ] Parameters Parameter Description Value start-ip-address Specifies the start IP address that cannot be automatically assigned. The value is in dotted decimal notation. end-ip-address Specifies the end IP address that cannot be automatically assigned. If end-ip-address is not specified, only start-ipaddress cannot be assigned to clients. The value is in dotted decimal notation. end-ipaddress and start-ip-address must be on the same network segment and end-ip-address must be larger than start-ipaddress. Views System view Default Level 3: Management level Usage Guidelines Usage Scenario The dhcp server forbidden-ip command applies to DHCP servers. In an IP address pool, some IP addresses need to be reserved for other services, and some IP addresses are statically assigned to certain hosts (such as the DNS server) and cannot be automatically assigned to clients. You can run the dhcp server forbidden-ip command to specify the range of the IP addresses that cannot be automatically assigned to clients from the IP address pool. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 42 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Precautions l The excluded IP address must be in the IP address pool range. l The excluded IP address or IP address segment cannot be automatically assigned to clients from a local address pool. l If you run the dhcp server forbidden-ip command multiple times, you can specify multiple IP addresses or IP address segments that cannot be automatically assigned to clients from the specified address pool. Example # Configure that IP addresses in the address pool 10.10.10.10 to 10.10.10.20 cannot be automatically assigned to clients. <HUAWEI> system-view [HUAWEI] dhcp server forbidden-ip 10.10.10.10 10.10.10.20 4.1.4 dhcp server ip-pool Function The dhcp server ip-pool command creates a global IP address pool. The undo dhcp server ip-pool command delete a global IP address pool. By default, no IP address pool is created. Format dhcp server ip-pool pool-name undo dhcp server ip-pool pool-name Parameters Parameter Description Value pool-name Specifies the name of a global IP address pool. The value is a string of 1 to 64 characters without spaces. A combination of digits, letters, underscores (_), and dots (.) is allowed. Views System view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 43 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Usage Guidelines The dhcp server ip-pool command applies to DHCP servers. When configuring a DHCP server, run the dhcp server ip-pool command to create an IP address pool and set parameters for the IP address pool, including a gateway address, the IP address lease, and a VPN instance. Then the configured DHCP server can assign IP addresses in the IP address pool to clients. If IP addresses in a global IP address pool are in use, this global address pool cannot be deleted. Example # Create a global IP address pool pool1. <HUAWEI> system-view [HUAWEI] dhcp server ip-pool pool1 Info:It's successful to create an IP address pool. [HUAWEI-ip-pool-pool1] quit 4.1.5 dns-suffix Function The dns-suffix command configures the domain name suffix to be assigned by the DHCP server to a DHCP client. By default, no domain name suffix is configured for a DHCP client. Format dns-suffix domain-name Parameters Parameter Description Value domain-name Specifies the domain name suffix to be assigned to a DHCP client. The value is a string of 1 to 50 characters without spaces. A combination of digits, letters, underscores (_), and dots (.) is allowed. Views IP address pool view Default Level 2: Configuration level Usage Guidelines Usage Scenario Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 44 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands The dns-suffix command applies to DHCP servers. Each client has a domain name. To enable DHCP clients to communicate by using their domain names and prevent IP address conflicts, the DHCP server needs to specify domain name suffixes for these clients when allocating IP addresses to them. On the DHCP server, the dns-suffix command specifies a domain name suffix for each global address pool. When allocating IP addresses to clients, the DHCP server also sends the domain name suffixes to the clients. During domain name resolution, users only need to enter a part of the domain name, and then the system uses a complete domain name suffix for resolution. Precautions If no domain name suffix is configured for a global IP address pool, the DHCP server cannot send a domain name suffix to clients. In this situation, the clients cannot communicate. Example # Configure mydomain.com.cn as the domain name suffix of the IP address pool pool1. <HUAWEI> system-view [HUAWEI] ip pool pool1 Info:It's successful to create an IP address pool. [HUAWEI-ip-pool-pool1] dns-suffix mydomain.com.cn 4.1.6 ip relay address Function Using the ip relay address command, you can configure DHCP server addresses on a VLANIF interface enabled with DHCP relay. Using the undo ip relay address command, you can delete the configured DHCP server addresses. By default, no DHCP server address is configured on a VLANIF interface enabled with DHCP relay. Format ip relay address ip-address undo ip relay address { ip-address | all } Parameters Issue 02 (2013-11-06) Parameter Description Value ip-address Specifies the IP address of a DHCP server. The value is in dotted decimal notation. all Deletes all the DHCP server addresses configured on an interface. - Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 45 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Views VLANIF interface view Default Level 2: Configuration level Usage Guidelines Usage Scenario The ip relay address command is applicable to DHCP relay agents. When a DHCP client needs to send a DHCP request packet to a DHCP server on a different network segment by using a DHCP relay agent, run the ip relay address command on the DHCP relay agent to configure a DHCP server address. Prerequisites DHCP relay has been enabled on the VLANIF interface by using the dhcp select relay command. Precautions If you run the ip relay address command multiple times, multiple DHCP server addresses are configured. Example # Configure DHCP server addresses 2.2.2.2 on VLANIF 100 enabled with DHCP relay. <HUAWEI> system-view [HUAWEI] interface vlanif 100 [HUAWEI-Vlanif100] ip relay address 2.2.2.2 4.1.7 lease Function The lease command sets the lease for IP addresses in a global IP address pool. The undo lease command restores the default lease of IP addresses in a global IP address pool. By default, the lease of IP addresses is one day. Format lease day [ hour [ minute ] ] undo lease Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 46 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Parameters Parameter Description Value day Specifies the number of days The value is an integer in the IP address lease. ranging from 0 to 999, in days. The default value is 1. hour Specifies the number of hours in the IP address lease. The value is an integer ranging from 0 to 23, in hours. The default value is 0. minute Specifies the number of minutes in the IP address lease. The value is an integer ranging from 0 to 59, in minutes. The default value is 0. Views IP address pool view Default Level 2: Configuration level Usage Guidelines Usage Scenario The lease-hide command applies to DHCP servers. To meet different client requirements, DHCP supports dynamic, automatic, and static address assignment. Different hosts require different IP address leases. For example, if some hosts such as a DNS server need to use certain IP addresses for a long time, set the IP address lease of the current global address pool to unlimited. If some hosts such as a portable computer just need to use temporary IP addresses, run the lease command to set the IP address lease of the current global IP address pool to the required time so that the expired IP addresses can be released and assigned to other clients. When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be assigned to the client, the DHCP server informs a renewed IP address lease to the client. If the IP address can no longer be assigned to this client, the DHCP server informs the client that the IP address lease cannot be renewed and it needs to apply for another IP address. Precautions Different IP address leases can be specified for different global address pools on a DHCP server. In a global address pool, all addresses have the same lease. Example # Specify the IP address lease of the global address pool global1 to 1 day. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 47 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands <HUAWEI> system-view [HUAWEI] ip pool global1 [HUAWEI-ip-pool-global1] lease 1 4.1.8 policy-vlan dhcp-generic Function Using the policy-vlan dhcp-generic command, you can configure generic DHCP policy VLAN. Using the undo policy-vlan dhcp-generic command, you can delete generic DHCP policy VLAN. By default, the function of generic DHCP policy VLAN is disabled on the device. Format policy-vlan dhcp-generic [ priority priority ] undo policy-vlan dhcp-generic Parameters Parameter Description Value priority priority Specifies the 802.1p priority of DHCP messages. The value is an integer that ranges from 0 to 7. The default value is 0. Views VLAN view Default Level 2: Configuration level Usage Guidelines You can configure three types of DHCP policy VLAN on the device at the same time. They are listed in descending order based on priorities as follows: l DHCP policy VLAN based on MAC addresses l DHCP policy VLAN based on interfaces l Generic DHCP policy VLAN User hosts that access the network for the first time apply generic DHCP policy VLAN only when they cannot apply DHCP policy VLAN based on MAC addresses or DHCP policy VLAN based on interfaces. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 48 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Example # Configure generic DHCP policy VLAN to associate DHCP messages to which DHCP policy VLAN based on MAC addresses and DHCP policy VLAN based on interfaces cannot be applied with VLAN 2, and specify the 802.1p priority of the DHCP messages as 5. <HUAWEI> system-view [HUAWEI] vlan 2 [HUAWEI-vlan2] policy-vlan dhcp-generic priority 5 Related Topics 4.1.9 policy-vlan dhcp-mac 4.1.10 policy-vlan dhcp-port 4.1.9 policy-vlan dhcp-mac Function Using the policy-vlan dhcp-mac command, you can configure DHCP policy VLAN based on MAC addresses. Using the undo policy-vlan dhcp-mac command, you can delete DHCP policy VLAN based on MAC addresses. By default, the function of DHCP policy VLAN based on MAC addresses is disabled on the device. Format policy-vlan dhcp-mac mac-address1 [ to mac-address2 ] [ priority priority ] undo policy-vlan dhcp-mac mac-address [ to mac-address ] Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 49 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Parameters Parameter Description Value dhcp-mac mac-address1 [ to mac-address2 ] Specifies the MAC addresses of user hosts that access the network for the first time. mac-address1 and macaddress2 are in the format of H-H-H. An H contains one to four hexadecimal numbers. l mac-address1 specifies the start MAC address. l to mac-address2 specifies the end MAC address. mac-address2 must be greater than macaddress1. mac-address2 and mac-address1 specify the MAC address range. If to mac-address2 is not specified, DHCP policy VLAN based on only the MAC address specified by mac-address1 is configured. priority priority Specifies the 802.1p priority of DHCP messages. NOTE The range specified by macaddress1 and mac-address2 cannot contain multicast MAC addresses, broadcast MAC addresses, and all 0 address. The value is an integer that ranges from 0 to 7. The default value is 0. Views VLAN view Default Level 2: Configuration level Usage Guidelines You can configure three types of DHCP policy VLAN on the device at the same time. They are listed in descending order based on priorities as follows: l DHCP policy VLAN based on MAC addresses l DHCP policy VLAN based on interfaces l Generic DHCP policy VLAN When multiple user hosts access the network through an interface on the device, you need to run the policy-vlan dhcp-mac command to configure DHCP policy VLAN based on MAC addresses so that the user hosts can obtain IP addresses from the DHCP server and be added to specific VLANs. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 50 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Example # Configure DHCP policy VLAN based on the MAC address of the host 0001-0001-0001 to associate DHCP messages from this host with VLAN 2, and specify the 802.1p priority of the DHCP messages as 5. <HUAWEI> system-view [HUAWEI] vlan 2 [HUAWEI-vlan2] policy-vlan dhcp-mac 1-1-1 priority 5 Related Topics 4.1.10 policy-vlan dhcp-port 4.1.8 policy-vlan dhcp-generic 4.1.10 policy-vlan dhcp-port Function Using the policy-vlan dhcp-port command, you can configure DHCP policy VLAN based on interfaces. Using the undo policy-vlan dhcp-port command, you can delete DHCP policy VLAN based on interfaces. By default, the function of DHCP policy VLAN based on interfaces is disabled on the device. Format policy-vlan dhcp-port interface-type { interface-number1 [ to interface-number ] } &<1–10> [ priority priority ] undo policy-vlan dhcp-port interface-type { interface-number1 [ to interface-number ] } &<1– 10> Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 51 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Parameters Parameter Description Value interface-type interfacenumber1 [ to interfacenumber ] &<1–10> Specifies the interface type and interface number. interface-type can be one of the following: l interface-type specifies the type of an interface. l eth-trunk l interface-number1 specifies the number of the start interface. l xgigabitethernet l gigabitethernet l to interface-number specifies the number of the end interface. interface-number must be greater than interface-number1. interfacenumber and interfacenumber1 specify the interface range. If to interface-number is not specified, DHCP policy VLAN based on only the interface specified by interface-number1 is configured. priority priority Specifies the 802.1p priority of DHCP messages. The value is an integer that ranges from 0 to 7. The default value is 0. Views VLAN view Default Level 2: Configuration level Usage Guidelines You can configure three types of DHCP policy VLAN on the device at the same time. They are listed in descending order based on priorities as follows: l DHCP policy VLAN based on MAC addresses l DHCP policy VLAN based on interfaces l Generic DHCP policy VLAN NOTE DHCP policy VLAN based on interfaces is valid only for hybrid interfaces. Ensure that the interfaces are hybrid interfaces before running the policy-vlan dhcp-port command. The interfaces to be configured with this function are hybrid interfaces by default. If not, you can configure an interface as a hybrid interface. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 52 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 4 IP Service Compatible Commands Example # Configure DHCP policy VLAN based on GigabitEthernet 0/0/1 to associate DHCP messages on this interface with VLAN 2, and specify the 802.1p priority of the DHCP messages as 5. <HUAWEI> system-view [HUAWEI] vlan 2 [HUAWEI-vlan2] policy-vlan dhcp-port gigabitethernet 0/0/1 priority 5 Related Topics 4.1.9 policy-vlan dhcp-mac 4.1.8 policy-vlan dhcp-generic Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 53 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 5 IP Routing Compatible Commands IP Routing Compatible Commands About This Chapter 5.1 display bgp group 5.2 display bgp network 5.3 display bgp paths 5.4 display bgp peer 5.5 display bgp routing-table dampened 5.6 display bgp routing-table dampening parameter 5.7 display bgp routing-table flap-info 5.8 display bgp routing-table label 5.9 display bgp update-peer-group 5.10 display ipv6 nexthop-indirection 5.11 display ipv6 routing-table statistics 5.12 display ipv6 routing-table time-range 5.13 display rm ipv6 interface 5.14 ipv6 route-static vpn6-instance 5.15 ipv6-family vpn6-instance 5.16 isis vpn6-instance 5.17 reset ipv6 routing-table statistics protocol Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 54 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands 5.1 display bgp group Function Using the display bgp group command, you can display the peer group. Format display bgp vpnv6 vpn6-instance vpn6-instance-name group [ group-name ] Parameters Parameter Description Value group-name Specifies the peer group. It is case-sensitive. vpnv6 Displays information about BGP VPNv6 peer groups. - vpn6-instance vpn6-instancename Specifies the name of the IPv6 VPN It is case-sensitive. instance. Views All views Default Level 1: Monitoring level Usage Guidelines If the peer group is specified, the detailed information on the specified peer group is displayed. If the peer group is not specified, the information on all peer groups is displayed. Example # Display information about all peer groups of the IPv6 VPN instance named vpn6 on the local switch. <HUAWEI> display bgp vpnv6 vpn6-instance vpn6 group BGP peer-group: g1 Remote AS: 65410 Type : external PeerSession Members: 2000::2 Peer Members: 2000::2 # Display information about the peer group named g1 of the IPv6 VPN instance named vpn6 on the local switch. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 55 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands <HUAWEI> display bgp vpnv6 vpn6-instance vpn6 group g1 BGP peer-group: g1 Remote AS: 65410 Type : external Configured hold timer value: 180 Keepalive timer value: 60 Minimum route advertisement interval is 30 seconds PeerSession Members: 2000::2 Peer Preferred Value: 0 No routing policy is configured Peer Members: Peer V AS MsgRcvd 2000::2 4 65410 103 MsgSent 90 OutQ Up/Down State PrefRcv 0 01:20:55 Established 0 5.2 display bgp network Function Using the display bgp network command, you can view the routes to be advertised by BGP through the network command. Format display bgp vpnv6 vpn6-instance vpn6-instance-name network Parameters Parameter Description Value vpn6 Displays the VPNv6 routes that are advertised through the network command. vpn6-instance vpn6-instance-name Displays information about the routes advertised by the specified IPv6 VPN instance. Views All views Default Level 1: Monitoring level Usage Guidelines This command is used to display all the configurations of the network command in the specified address family view. Routes can be imported and then advertised by BGP only when the route prefix satisfies the following conditions: l Issue 02 (2013-11-06) It is specified in the network command. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 56 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands l It already exists in the IP routing table. l It is active. Example # Display the routes of the IPv6 VPN instance named vpn1 advertised by BGP through the network command. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 network BGP Local Router ID is 1.1.1.1 Local AS Number is 100 Route Distinguisher: 100:1 (vpn1) Network Prefix Route-policy 2000:: policy1 100 5.3 display bgp paths Function Using the display bgp paths command, you can view the path attributes of BGP. Format display bgp vpnv6 vpn6-instance vpn6-instance-name paths [ as-regular-expression ] Parameters Parameter Description Value as-regular-expression Displays the regular express of the matching AS-Path. - vpnv6 Displays the path attributes of BGP VPNv6. - vpn6-instance vpn6-instance-name Displays the AS-Path of the specified VPN instance. - Views All views Default Level 1: Monitoring level Usage Guidelines None. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 57 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Example # Display information about BGP4+ paths of IPv6 VPN instance named vpn1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 paths Total routes of vpn6-instance vpn1: 4 Total Number of Paths: 4 Address 0x50EEF20 0x50EEEB8 0x50EEF88 0x50EF0C0 Refcount 1 1 1 1 MED 0 0 0 Path/Origin ? ? i 65410? # Display the BGP4+ paths, including AS_Path 65420, of IPv6 VPN instance named vpn1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 paths 65420* Total routes of vpn6-instance vpn1: 1 Total Number of Paths: 1 Address 0x659D4A8 Refcount 1 MED 0 Path/Origin 65420? 5.4 display bgp peer Function Using the display bgp peer command, you can display the BGP peers. Format display bgp vpnv6 vpn6-instance vpn6-instance-name peer [ { group-name | ipv6-address } log-info | [ ipv6-address ] verbose ] Parameters Parameter Description log-info Displays the log of the peer. - verbose Displays the detailed information of the peer. - ipv6-address Specifies the address of the IPv6 peer. The prefix is a 128-bit hexadecimal number, in the format of X:X:X:X:X:X:X:X. vpnv6 Displays information about BGP VPNv6 peers. - vpn6-instance vpn6instance-name Displays the peers of IPv6 VPN instance. It is a string of 1 to 31 case-sensitive characters without any spaces. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Value 58 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Views All views Default Level 1: Monitoring level Usage Guidelines None. Example # Display log information about BGP peer groups of the IPv6 VPN instance. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 peer g1 log-info 5.5 display bgp routing-table dampened Function Using the display bgp routing-table dampened command, you can display BGP dampened routes. Format display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ statistics ] dampened Parameters Parameter Description Value statistics Displays the statistics of dampened routes. - vpnv6 Displays BGP routes of VPNv6. - vpn6-instance vpn6-instancename Specifies the name of the IPv6 VPN It is case-sensitive. instance. Views All views Default Level 1: Monitoring level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 59 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Usage Guidelines None Example # Display dampened IPv6 routes in the VPNv6 BGP routing table. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table dampened 5.6 display bgp routing-table dampening parameter Function Using the display bgp routing-table dampening parameter command, you can display BGP route dampening parameters. Format display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table dampening parameter Parameters Parameter Description Value vpnv6 Displays BGP route dampening parameters of VPNv6. - vpn6-instance vpn6-instance-name Specifies route dampening parameters of the IPv6 VPN instance. - Views All views Default Level 1: Monitoring level Usage Guidelines None. Example # Display BGP route dampening parameters of specified IPv6 VPN instance named vpn1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table dampening parameter 5.7 display bgp routing-table flap-info Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 60 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Function Using the display bgp routing-table flap-info command, you can view information about flapping BGP routes. Format display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table flap-info [ regularexpression as-regular-expression ] display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table flap-info { as-pathfilter as-path-filter-number | network-address [ prefix-length [ longer-match ] ] } Parameters Parameter Description Value regular-expression asregular-expression Displays the statistics of the The value is a string of 1 to route flapping that matches the 80 characters. AS-Path regular expression. as-path-filter Displays the statistics of the route flapping that matches the specified AS-Path filter. as-path-filter-number Specifies the number of the matching AS-Path filter. - network-address Displays the network address related to the dampening information. - mask | mask-length Specifies the network mask or mask length. - longer-match Matches according to the mask longer than the specified length. prefix-length Specifies the length of the prefix. vpnv6 Displays statistics of BGP route flapping of the VPNv6. vpn6-instance vpn6instance-name Specifies statistics of route flapping of the specified IPv6 VPN instance. - - Views All views Default Level 1: Monitoring level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 61 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Usage Guidelines None. Example # Display statistics of the BGP4+ route flapping of IPv6 VPN instance named vpn1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table flap-info 5.8 display bgp routing-table label Function Using the display bgp routing-table label command, you can display the labeled routes in the BGP routing table. Format display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ statistics ] label Parameters Parameter Description Value statistics Indicates the statistics of the labeled routes. vpnv6 Displays the labeled route of VPNv6. - vpn6-instance vpn6-instancename Specifies the name of a IPv6 VPN instance. It is case-sensitive. Views All views Default Level 1: Monitoring level Usage Guidelines None. Example # Display the BGP4+ labeled routes of the IPv6 VPN instance named vpna. <HUAWEI> display bgp vpnv6 vpn6-instance vpna routing-table label Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 62 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands 5.9 display bgp update-peer-group Function Using the display bgp update-peer-group command, you can view information about BGP update-groups. Format display bgp vpnv6 { vpn6-instance vpn6-instance-name } update-peer-group [ index updategroup-index ] Parameters Parameter Description Value vpnv6 Displays information about BGP VPNv6 update-groups. - vpn6-instance vpn6-instance-name Displays information about BGP update-groups in the specified IPv6 VPN instance. Views All views Default Level 1: Monitoring level Usage Guidelines You can specify the index of an update-group to view detailed information about the specified update-group. Example # Display information about the BGP update-group with the index being 0. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 update-peer-group index 0 5.10 display ipv6 nexthop-indirection Function The display ipv6 nexthop-indirection command displays information about the next-hop IPv6 VPN instance iterated control block. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 63 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Format display ipv6 nexthop-indirection vpn6-instance vpn6-instance-name [ nexthop nexthop-ipv6address | indirecid indirectid ] Parameters Parameter Description Value vpn6-instance vpn6instance-name Displays next-hop indirect information about a specified IPv6 VPN instance. The value is a string of 1 to 31 case-sensitive characters, spaces not supported. nexthop nexthop-ipv6address Specifies the next-hop IPv6 address. The value is an IPv6 address. indirecid indirectid Specifies the keyword value of The value ranges from 0 to the next-hop indirection. FFFFFFFF, in hexadecimal notation. Views Diagnosis view Default Level 3: Management level Usage Guidelines None. Example # Display information about the IPv6 VPN instance named vpna iterated control block. <HUAWEI> system-view [HUAWEI] diagnose [HUAWEI-diagnose] display ipv6 nexthop-indirection vpn6-instance vpna indirectid 29 5.11 display ipv6 routing-table statistics Function Using the display ipv6 routing-table statistics command, you can view integrated route statistics of the routing tables of all IPv6 VPN instances. Format display ipv6 routing-table all-vpn6-instance statistics Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 64 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Parameters Parameter Description Value all-vpn6-instance Displays integrated route statistics of the routing tables of all IPv6 VPN instances. Views All views Default Level 1: Monitoring level Usage Guidelines Integrated route statistics include the total number of routes, the number of added routes, and the number of deleted routes. Example # Display integrated route statistics of the routing tables of all IPv6 VPN instances. <HUAWEI> display ipv6 routing-table all-vpn6-instance statistics Summary Prefixes : 1 Protocol route active added deleted freed DIRECT 1 1 1 0 0 STATIC 0 0 0 0 0 RIPng 0 0 0 0 0 OSPFv3 0 0 0 0 0 IS-IS 0 0 0 0 0 BGP 0 0 0 0 0 Total 1 1 1 0 0 Table 5-1 Description of the display ipv6 routing-table all-vpn6-instance statistics command output Issue 02 (2013-11-06) Item Description Summary Prefixes Total number of prefixes in the current routing table Protocol Routing protocol route Number of routes in the current routing table active Number of active routes in the routing table added Number of active and inactive routes added in the routing table deleted Number of routes deleted from the routing table freed Number of released routes that are permanently deleted from the routing table Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 65 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands 5.12 display ipv6 routing-table time-range Function The display ipv6 routing-table time-range command displays information about routes generated in a specified time range in the IPv6 routing table of the specified VPN instance. Format display ipv6 routing-table vpn6-instance vpn6-instance-name time-range min-age max-age [ verbose ] Parameters Parameter Description Value vpn6-instance vpn6instance-name Displays information about The value is a string of 1 to 31 routes generated in a specified case-sensitive characters, spaces time range in the IPv6 routing not supported. table of the specified VPN instance. min-age Specifies the end time of the period when routes are generated. The format is xxdxxhxxmxxs. l The d indicates days. The value is an integer ranging from 0 to 10000. l The h indicates hours. The value is an integer ranging from 0 to 23. l The m indicates minutes. The value is an integer ranging from 0 to 59. l The s indicates seconds. The value is an integer ranging from 0 to 59. For example, you can enter 5d4h30m20s to specify 5 days, 4 hours, 30 minutes, and 20 seconds. NOTE If the value of the d is 10000, the values of the h, m, and s can be only 0. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 66 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Parameter Description Value max-age Specifies the start time of the The format is xxdxxhxxmxxs. period when routes are l The d indicates days. The generated. value is an integer ranging from 0 to 10000. l The h indicates hours. The value is an integer ranging from 0 to 23. l The m indicates minutes. The value is an integer ranging from 0 to 59. l The s indicates seconds. The value is an integer ranging from 0 to 59. For example, you can enter 5d4h30m20s to specify 5 days, 4 hours, 30 minutes, and 20 seconds. NOTE If the value of the d is 10000, the values of the h, m, and s can be only 0. Displays detailed information about active and inactive routes. If you do not specify this parameter, the display ipv6 routing-table timerange command displays only summary information about active routes. verbose Views All views Default Level 1: Monitoring level Usage Guidelines Usage Scenario If route flapping occurs on a network, you can run the display ipv6 routing-table time-range command and specify a small time range for the command. By doing so, you can find the flapping route in a timely manner and accelerate fault locating. Precautions Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 67 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands You must make sure that max-age is greater that min-age. Otherwise, the display ipv6 routingtable time-range command does not display any information. If the specified max-age is greater than min-age and no route was generated within this time range, the display ipv6 routing-table time-range command displays only the table heading. Example # Display information about routes generated in the last 2 hours, 20 minutes, and 10 seconds in the IPv6 routing table of the VPN instance named vpna. <HUAWEI> display ipv6 routing-table vpn6-instance vpna time-range 0 2h20m10s 5.13 display rm ipv6 interface Function Using the display rm ipv6 interface command, you can view IPv6 VPN instance RM information of interfaces, including physical and logical interfaces. Format display rm ipv6 interface vpn6-instance vpn6-instance-name Parameters Parameter Description Value vpn6-instance vpn6-instancename Specifies the name of an IPv6 VPN It is case-sensitive. instance. Views All views Default Level 1: Monitoring level Usage Guidelines None. Example # Display RM information of all interfaces bound to IPv6 VPN instance named vpna. <HUAWEI> display rm ipv6 interface vpn6-instance vpna Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 68 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands 5.14 ipv6 route-static vpn6-instance Function Using the ipv6 route-static vpn6-instance command, you can configure IPv6 static routes in a VPN instance. Using the undo ipv6 route-static vpn6-instance command, you can withdraw the IPv6 unicast static routes in a VPN instance. By default, the system does not configure IPv6 static routes for VPN instances. Format ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length [ interface-type interface-number ] nexthop-ipv6-address [ preference preference | tag tag ] * [ description text ] ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length nexthopipv6-address [ public ] [ preference preference | tag tag ] * [ description text ] ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length vpn6instance vpn6-destination-name nexthop-ipv6-address [ preference preference | tag tag ] * [ description text ] ipv6 route-static dest-ipv6-address prefix-length vpn6-instance vpn6-destination-name nexthop-ipv6-address [ preference preference | tag tag ] * [ description text ] undo ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length [ interface-type interface-number [ nexthop-ipv6-address ] | nexthop-ipv6-address ] [ preference preference | tag tag ] * undo ipv6 route-static vpn6-instance vpn6-instance-name all Parameters Parameter Description vpn6-instance-name Specifies the name of an IPv6 The name is a string of 1 to 31 caseVPN instance. Each IPv6 VPN sensitive characters without any instance has its own unicast spaces. routing table, and the configured static routes are installed into the routing table of the specified IPv6 VPN instance. dest-ipv6-address Specifies the destination IPv6 The value is a 128-digit hexadecimal address. number, in the format of X:X:X:X:X:X:X:X. Issue 02 (2013-11-06) Value Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 69 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Parameter Description Value prefix-length Specifies the length of an IPv6 It is an integer ranging from 1 to 128. prefix, namely, the number of consecutive 1s in the mask. interface-type Specifies the type of an interface. - interface-number Specifies the number of an interface. - nexthop-ipv6-address Specifies the next hop IPv6 address. The value is a 128-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. vpn6-destination-name Specifies the name of the The name is a string of 1 to 31 casedestination IPv6 VPN sensitive characters without any instance. After the destination spaces. IPv6 VPN instance name is configured, the switch can search the static routing table for the outbound interface to the destination IPv6 VPN instance according to the configured gateway address. public Indicates that the gateway address is a public network address. After a switch is configured to belong to an IPv6 VPN instance, the next hop or the next hop gateway router of this switch belongs to this IPv6 VPN instance or the public network. If the keyword public is specified in the command, it indicates that the next hop is specified as the public network router. preference preference Specifies the preference of a static route. tag tag Issue 02 (2013-11-06) It is an integer ranging from 1 to 255. Specifies the tag value of a The value is an integer ranging from static route. By configuring 1 to 4294967295. By default, it is 0. different tag values, you can classify static routes to implement different routing policies. For example, routing protocols can import routes with specified tag values through routing policies. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 70 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Parameter Description Value description text Specifies the description of static routes. The description is a string of 1 to 19 characters that can contain spaces. all Deletes all the static routes configured for the specified IPv6 VPN instance. - Views System view Default Level 2: Configuration level Usage Guidelines Applicable Environment When an VPN network is simple, you can configure static routes for this VPN by using the ipv6 route-static vpn6-instance command. Properly configuring and using static routes can improve network performance. l To configure VPN users to access a public network, you can run the ipv6 route-static vpn6-instance command with the keyword public to configure the VPN route with the next hop being the public network address. l You can configure description text to add the description of static routes so that the administrator can check and maintain static routes easily. You can run the display this or display current-configuration command in the system view to view the description. Precautions If the destination address and the prefix length are set to all 0s, it indicates that a default route is configured. However, after network faults occur or the network topology changes, static routes cannot automatically change. Therefore, configure static routes with caution. Example # Configure a default route with the next hop 2001::1. <HUAWEI> system-view [HUAWEI] ipv6 route-static vpn6-instance vpn1 :: 0 2001::1 5.15 ipv6-family vpn6-instance Function Using the ipv6-family vpn6-instance command, you can enter the BGP-VPN6 instance view. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 71 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Using the undo ipv6-family vpn6-instance command, you can remove all configurations in the BGP-VPN6 instance view. Format ipv6-family vpn6-instance vpn6-instance-name undo ipv6-family vpn6-instance vpn6-instance-name Parameters Parameter Description Value vpn6-instance vpn6-instance-name Binds the specified IPv6 VPN instance with the IPv6 address family. You can enter the BGPVPN6 instance view by using the parameter. Views BGP view Default Level 2: Configuration level Usage Guidelines None. Example # Enter the BGP-VPN6 instance view. <HUAWEI> system-view [HUAWEI] bgp 100 [HUAWEI-bgp] ipv6-family vpn6-instance vpna [HUAWEI-bgp6-vpna] 5.16 isis vpn6-instance Function Using the isis vpn6-instance command, you can start the IS-IS process and the specified IPv6 VPN instance. Using the undo isis command, you can cancel the specified IS-IS process. By default, an IS-IS process is runs in a public network instance. Format isis [ process-id ] vpn6-instance vpn6-instance-name Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 72 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands undo isis process-id Parameters Parameter Description Value process-id Specifies the process ID. The value is an integer ranging from 1 to 65535. vpn6-instance vpn6instance-name Specifies the name of the IPv6 VPN instance. The name is a string of 1 to 31 characters without spaces. It is case-sensitive. Views System view Default Level 2: Configuration level Usage Guidelines To make IS-IS work normally, do as follows: l Enable IS-IS process by using the isis command. l Set a Network Entity Title (NET) for the switch by using the network-entity command. l Enable each interface that needs to run IS-IS process by using the isis enable command. You can start IS-IS only when the above action is done. Example # Start an IS-IS routing process 1 which has the system ID 0000.0000.0002 and the area ID 01.0001. <HUAWEI> system-view [HUAWEI] isis 1 vpn6-instance vpna [HUAWEI-isis-1] network-entity 01.0001.0000.0000.0002.00 5.17 reset ipv6 routing-table statistics protocol Function Using the reset ipv6 routing-table statistics protocol command, you can clear statistics in the IPv6 routing table. Format reset ipv6 routing-table vpn6-instance vpn6-instance-name statistics protocol { all | protocol } Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 73 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 5 IP Routing Compatible Commands Parameters Parameter Description Value all Clears the statistics of all IPv6 routing protocols in the routing table. - protocol Clears the statistics of the specified routing protocol. This parameter can be bgp, direct, isis, ospfv3, ripng, or static. Views User view Default Level 2: Configuration level Usage Guidelines Statistics in the IPv6 routing table cannot be restored after you clear them. So, confirm the action before using the command. Example # Clear the statistics of all IPv6 routing protocols in the routing table. <HUAWEI> reset ipv6 routing-table vpn6-instance vpna statistics protocol all Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 74 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 6 Multicast Compatible Commands Multicast Compatible Commands About This Chapter 6.1 Layer 2 Multicast Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 75 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands 6.1 Layer 2 Multicast Compatible Commands 6.1.1 display igmp-proxy configuration Function Using the display igmp-proxy configuration command, you can display the non-default IGMP proxy configuration. Format display igmp-proxy [ vlan [ vlan-id ] ] configuration Parameters Parameter Description Value vlan vlan-id Displays the non-default IGMP proxy configuration in the specified VLAN. vlan-id specifies the ID of a VLAN. The value is an integer that ranges from 1 to 4094. Views All views Default Level 1: Monitoring level Usage Guidelines Before running the display igmp-proxy configuration command, you must run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no information is displayed. If the optional parameter is not specified, the non-default IGMP proxy configurations of all VLANs are displayed. Example # Display the non-default IGMP proxy configuration of VLAN 2. <HUAWEI> display igmp-proxy vlan 2 configuration IGMP Snooping Configuration for VLAN 2 igmp-snooping enable igmp-snooping proxy Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 76 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Table 6-1 Description of the display igmp-proxy configuration command output Item Description igmp-snooping enable IGMP snooping is enabled in the VLAN. igmp-snooping proxy IGMP proxy is enabled in the VLAN. 6.1.2 display igmp-proxy Function Using the display igmp-proxy command, you can view the default and non default configurations of IGMP proxy. Format display igmp-proxy [ vlan [ vlan-id ] ] Parameters Parameter Description Value vlan vlan-id Displays the configuration of the IGMP proxy in the specified VLAN. vlan-id specifies the ID of a VLAN. The value is an integer that ranges from 1 to 4094. Views All views Default Level 1: Monitoring level Usage Guidelines Before running the display igmp-proxy command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no information is displayed. The IGMP proxy configuration, including the default configuration, is displayed only when the VLAN is in Up state. That is, at least one interface in the VLAN is in Up state. Example # Display the IGMP proxy configuration of VLAN 3. <HUAWEI> display igmp-proxy vlan 3 IGMP Snooping Information for VLAN 3 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 77 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP 6 Multicast Compatible Commands Snooping is Enabled Version is Set to default 2 Query Interval is Set to default 125 Max Response Interval is Set to default 10 Robustness is Set to default 2 Last Member Query Interval is Set to default 1 Router Port Aging Interval is Set to 180s or holdtime in hello Filter Group-Policy is Set to default : Permit All Prompt Leave Disable Router Alert is Not Required Send Router Alert Enable Proxy Disable Report Suppress Disable Suppress Time is set to default 10 seconds Querier Disable Router Port Learning Enable SSM-Mapping Disable Limit Action Disable Suppress-dynamic-join Disable Table 6-2 Description of the display igmp-proxy command output Issue 02 (2013-11-06) Item Description IGMP Snooping is Enabled IGMP snooping is enabled in the VLAN. IGMP Version is Set to default 2 The version of IGMP messages that can be processed in the VLAN is the default version. Both IGMPv1 and IGMPv2 messages can be processed. IGMP Query Interval is Set to default 125 The interval at which IGMP General Query messages are sent in the VLAN is set to the default value, 125 seconds. IGMP Max Response Interval is Set to default 10 The maximum response time for IGMP Query messages in the VLAN is set to the default value, 10 seconds. IGMP Robustness is Set to default 2 The IGMP robustness variable is set to the default value 2. IGMP Last Member Query Interval is Set to default 1 The interval at which IGMP Group-Specific Query messages are sent in the VLAN is set to the default value, 1 second. IGMP Router Port Aging Interval is Set to 180s or holdtime in hello The aging time of router interfaces in the VLAN is set to the default value, 180 seconds or the holdtime in PIM Hello messages. IGMP Filter Group-Policy is Set to default : Permit All The default multicast group policy is used in the VLAN. That is, hosts in the VLAN can join all the multicast groups. IGMP Prompt Leave Disable Prompt leave is disabled for interfaces in the VLAN. IGMP Router Alert is Not Required The device does not require that the IGMP messages received in the VLAN contain the Router-Alert option in the IP header. IGMP Send Router Alert Enable The device sends the IGMP messages that contain the RouterAlert option in the IP headers to the hosts in the VLAN. IGMP Proxy Disable IGMP proxy is disabled in the VLAN. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 78 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Item Description IGMP Report Suppress Disable IGMP Report message suppression is disabled in the VLAN. IGMP Suppress Time is set to default 10 seconds The suppress duration of IGMP Report messages is set to the default value, 10 seconds. IGMP Querier Disable IGMP querier is disabled in the VLAN. IGMP Router Port Learning Enable Learning of IGMP router interfaces is enabled in the VLAN. IGMP SSM-Mapping Disable IGMP SSM mapping is disabled in the VLAN. IGMP Limit Action Disable Multicast entry overwriting is disabled in the VLAN. IGMP Suppress-dynamicjoin Disable The system does not send Report or Leave messages to the upstream router interface where a static multicast group is configured. 6.1.3 display igmp-proxy port-info Function Using the display igmp-proxy port-info command, you can view information about member interfaces of a multicast group. Format display igmp-proxy port-info [ vlan vlan-id [ group group-address ] ] [ verbose ] Parameters Issue 02 (2013-11-06) Parameter Description Value vlan vlan-id Displays information about the member interfaces in the specified VLAN. vlan-id specifies the ID of a VLAN. The value is an integer that ranges from 1 to 4094. group group-address Displays information about the member interfaces of the specified multicast group in the VLAN. group-address specifies the address of a multicast group. The value of ranges from 224.0.1.0 to 239.255.255.255 in dotted decimal notation. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 79 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Parameter Description Value verbose Displays detailed information about the member interfaces. - Views All views Default Level 1: Monitoring level Usage Guidelines This command displays information about the member interfaces of a multicast group, including the number of member interfaces and name of the member interfaces. Before running the display igmp-proxy port-info command, you must run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no information is displayed. Information about the member interfaces (static or dynamic) is displayed only if the interfaces are in Up state. If vlan-id is not specified, information about member interfaces of multicast groups in all the VLANs is displayed. Example # Display information about multicast member interfaces in VLAN 7. <HUAWEI> display igmp-proxy port-info vlan 7 ----------------------------------------------------------------------(Source, Group) Port Flag Flag: S:Static D:Dynamic M: Ssm-mapping ----------------------------------------------------------------------VLAN 7, 3 Entry(s) (1.1.1.1,225.1.1.1) GE0/0/1 D-1 port(s) (1.1.1.1,225.1.1.2) GE0/0/2 D-1 port(s) (1.1.1.1,225.1.1.3) GE0/0/3 D-1 port(s) Table 6-3 Description of the display igmp-snooping port-info command output Issue 02 (2013-11-06) Item Description (Source, Group) (S, G) entry, specifying the multicast source and multicast group. Port Outbound interface in an (S, G) entry. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 80 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Item Description Flag Type of an outbound interface. l S:static member interface l D: dynamic member interface l M: member interface specified in an SSM mapping entry 6.1.4 display igmp-proxy router-port Function Using the display igmp-proxy router-port command, you can view information about router interfaces in the specified VLAN, including the static router interface and the dynamic router interface. Format display igmp-proxy router-port vlan vlan-id Parameters Parameter Description Value vlan vlan-id Displays information about the router interfaces in the specified VLAN. vlan-id specifies the ID of a VLAN. The value is an integer that ranges from 1 to 4094. Views All views Default Level 1: Monitoring level Usage Guidelines A router interface connects the S2350&S5300&S6300 to an upstream router. The router interface can be dynamically generated after the IGMP Query message is received, or statically configured. Before running the display igmp-proxy router-port command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no information is displayed. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 81 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands You can run the display igmp-proxy router-port command to view information about the type, name, age, and remaining aging time of the router interface. NOTE Information about a router interface is displayed only when the interface is in Up state. Example # Display information about router interfaces in VLAN 2. <HUAWEI> display igmp-proxy router-port vlan 2 Port Name UpTime Expires Flags ------------------------------------------------------VLAN 2, 2 router-port(s) GE2/0/1 1d:22h 00:01:20 DYNAMIC GE2/0/3 2d:10h -STATIC Table 6-4 Description of the display igmp-proxy router-port command output Item Description Port Name Type and number of an interface. UpTime Age of a router interface, that is, time that elapsed since the interface became the router interface. Expires Remaining aging time of a router interface. l The remaining aging time is displayed for a dynamic router interface. l A static router interface does not age. Flags Type of the router interface, which can be either of the following: l STATIC: indicates a static router interface. l DYNAMIC: indicates a dynamic router interface. 6.1.5 igmp-proxy enable Function Using the igmp-proxy enable command, you can enable IGMP proxy. By default., IGMP proxy is disabled. Format igmp-proxy enable Parameters None Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 82 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Views System view, VLAN view Default Level 2: Configuration level Usage Guidelines The differences of using the igmp-proxy enable command in the system view and VLAN view are as follows: l When you run the commands in the system view, IGMP proxy is enabled globally. l When you run the commands in the VLAN view, IGMP proxy is enabled or in the VLAN. l To enable IGMP proxy in a VLAN, you must first enable IGMP proxy globally. Example # Enable IGMP proxy globally. <HUAWEI> system-view [HUAWEI] igmp-proxy enable # Enable IGMP proxy in VLAN 3. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable 6.1.6 igmp-proxy group-limit Function Using the igmp-proxy group-limit command, you can set the maximum number of IGMP proxy entries on an interface. Format igmp-proxy group-limit limit-num vlan { vlan-id1 [ to vlan-id2 ] } & <1-10> Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 83 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Parameters Parameter Description Value limit-num Specifies the maximum number of IGMP proxy entries on an interface. The value is an integer and the value range depends on the product model: l S2350: 1 to 1022 l S5300LI and S5300SI: 1 to 1024 l S5300EI, S5310EI, S5300HI, S5306, and S6300: 1 to 2048 vlan-id1 [ to vlan-id2 ] Specifies the ID of a user VLAN. The value is an integer that ranges from 1 to 4094. Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines After the igmp-proxy group-limit command is run, the number of IGMP proxy entries on the interface cannot exceeds the limit. Example # Set the maximum number of IGMP proxy entries in VLAN 10 on GE0/0/1 to 100. <HUAWEI> system view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] igmp-proxy group-limit 100 vlan 10 6.1.7 igmp-proxy group-policy (interface view) Function The igmp-proxy group-policy command configures a multicast group policy for a VLAN on an interface. The policy specifies the multicast groups that hosts in the VLAN can join. By default, no multicast group policy is configured for a VLAN. That is, hosts in the VLAN can join any multicast group. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 84 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Format igmp-proxy group-policy acl-number [ version version-number ] vlan vlan-id1 [ to vlanid2 ] igmp-proxy group-policy acl-number vlan vlan-id1 [ to vlan-id2 ] version-number Parameters Parameter Description Value acl-number Specifies the number of the ACL that limits the multicast groups that hosts in a VLAN can join. The value is an integer that ranges from 2000 to 3999. version-number Applies the multicast group policy to only the IGMP messages of the specified version. The value is an integer that ranges from 1 to 3. The value 1 indicates IGMPv1, the value 2 indicates IGMPv2 and the value 3 indicates IGMPv3. vlan vlan-id1 [ to vlan-id2 ] Applies the multicast group policy to the specified VLANs on the interface. vlan-id1 and vlan-id2 are integers that range 1 from 4094. Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines Before running the igmp-proxy group-policy command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the specified VLANs. By configuring a multicast group policy for a VLAN on an interface, you can prohibit hosts in the VLAN from joining the specified IP multicast groups. If the IGMP version is not specified, the device applies the multicast group policy to all IGMP messages regardless of their versions. Example # Prohibit hosts in VLAN 3 from join multicast group 225.1.1.123 on GE0/0/10. <HUAWEI> system-view [HUAWEI] acl number 2008 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 85 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands [HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0 [HUAWEI-acl-basic-2008] quit [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] quit [HUAWEI] interface gigabitehernet 0/0/10 [HUAWEI-GigabitEthernet0/0/10] igmp-proxy group-policy 2008 vlan 3 6.1.8 igmp-proxy group-policy (VLAN view) Function Using the igmp-proxy group-policy command, you can configure the multicast group policy in a VLAN. The policy specifies the multicast groups that hosts in the VLAN can join. By default, no multicast group policy is available in a VLAN. That is, hosts in a VLAN can join any multicast group. Format igmp-proxy group-policy acl-number [ [ version ] version-number ] Parameters Parameter Description Value acl-number Specifies the number of the ACL that limits the multicast groups that hosts in a VLAN can join. The value is an integer that ranges from 2000 to 3999. [ version ] version-number Applies the multicast group policy to only the IGMP messages of the specified version. The value is an integer that ranges from 1 to 3. The value 1 indicates IGMPv1, the value 2 indicates IGMPv2 and the value 3 indicates IGMPv3. Views VLAN view Default Level 2: Configuration level Usage Guidelines Before running the igmp-proxy group-policy command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 86 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands By setting the multicast group policy in a VLAN, you can restrict the access of hosts in the VLAN to multicast groups. If the IGMP version is not specified, the device applies the multicast group policy to all IGMP messages regardless of their versions. Example # Prevent hosts in VLAN 3 from joining multicast group 225.1.1.123. <HUAWEI> system-view [HUAWEI] acl number 2008 [HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0 [HUAWEI-acl-basic-2008] quit [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] igmp-proxy group-policy 2008 6.1.9 igmp-proxy lastmember-queryinterval Function Using the igmp-proxy lastmember-queryinterval command, you can set the interval for sending Group-Specific Query messages (last member query) in a VLAN. By default, the interval for sending Group-Specific Query messages in a VLAN is 1 second. Format igmp-proxy lastmember-queryinterval lastmember-queryinterval Parameters Parameter Description Value lastmember-queryinterval Specifies the interval for sending IGMP GroupSpecific Query messages. The value is an integer that ranges from 1 to 5, in seconds. The default value is 1. Views VLAN view Default Level 2: Configuration level Usage Guidelines Before running the igmp-proxy lastmember-queryinterval command, run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 87 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands By setting the interval for sending IGMP Group-Specific messages, you can: l Adjust and control the delay for hosts to leave a multicast group. For example, when memberships change frequently on the network, you can run the igmpproxy lastmember-queryinterval command to reduce the interval for sending IGMP Group-Specific Query messages. In this manner, the device can receive the response to the IGMP Group-Specific Query messages quickly. l Maintain forwarding entries. When receiving IGMP Leave messages from hosts, the device sets the aging time of member interfaces by using the following formula: Aging time = Interval for sending Group-Specific Query messages x IGMP robustness variable. When the device runs IGMPv1, hosts do not send Leave messages when leaving a multicast group. Therefore, the igmp-proxy lastmember-queryinterval command is valid only when IGMPv2 messages are processed in a VLAN. Example # Set the interval for sending Group-Specific Query messages in VLAN 3 to 4 seconds. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] igmp-proxy lastmember-queryinterval 4 6.1.10 igmp-proxy max-response-time Function Using the igmp-proxy max-response-time command, you can set the maximum response time for IGMP messages in the VLAN. By default, the maximum response time for IGMP messages is 10 seconds. Format igmp-proxy max-response-time max-response-time Parameters Parameter Description Value max-response-time Specifies the maximum response time for IGMP messages. The value is an integer that ranges from 1 to 25, in seconds. The default value is 10. Views VLAN view Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 88 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Default Level 2: Configuration level Usage Guidelines Before running the igmp-proxy max-response-time command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. By setting the maximum response time, you can: l Control the deadline for a host to send the IGMP Report message. A proper setting of the maximum response time enables hosts to quickly respond to Query messages, thus preventing the congestion caused by a large number of Response messages sent at the same time. l Adjust the aging time of member interfaces. When receiving IGMP Report messages from hosts, the device sets the aging time of member interfaces by using the following formula: Aging time = IGMP robustness variable x Interval for sending IGMP General Query messages + Maximum response time. NOTE The maximum response time must be shorter than the interval for sending IGMP General Query messages. If you run the igmp-proxy max-response-time command multiple times in the same VLAN view, the latest configuration takes effect. Example # Set the maximum response time in VLAN 3 to 20 seconds. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] igmp-proxy max-response-time 20 6.1.11 igmp-proxy prompt-leave Function Using the igmp-proxy prompt-leave command, you can enable interfaces in a VLAN to promptly leave multicast groups. By default, interfaces are disabled from promptly leave multicast groups. Format igmp-proxy prompt-leave [ group-policy acl-number ] Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 89 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Parameters Parameter Description Value group-policy basic-aclnumber Allows interfaces to promptly leave the specified multicast groups. aclnumber specifies the number of an ACL rule. The value is an integer that ranges from 2000 to 3999. Views VLAN view Default Level 2: Configuration level Usage Guidelines If group-policy basic-acl-number is not specified, interfaces in the VLAN can leave all multicast groups promptly. Before running the igmp-proxy prompt-leave command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. When an interface of the device receives an IGMP Leave message of a multicast group, the device deletes the forwarding entry of the multicast group corresponding to the interface from the forwarding table. This process is called prompt leave. When an interface is connected to only one host, the prompt leave mechanism can be used to release bandwidth resources quickly. The configuration is valid only when IGMPv2 messages can be processed in the VLAN. NOTE You can configure prompt leave for an interface only when each multicast member interface is connected to only one host in a VLAN. If the interface is connected to multiple host, the multicast traffic of other receivers in the same group is interrupted when prompt leave is enabled. Example # Enable interfaces in VLAN 3 to promptly leave multicast group 225.1.1.123. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] acl number 2008 [HUAWEI-acl-basic-2008] rule permit source 225.1.1.123 0 [HUAWEI-acl-basic-2000] rule deny source any [HUAWEI-acl-basic-2008] quit [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] igmp-proxy prompt-leave group-policy 2008 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 90 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands 6.1.12 igmp-proxy query-interval Function Using the igmp-proxy query-interval command, you can set the interval for sending IGMP General Query messages in a VLAN. By default, the interval for sending Group-Specific Query messages in a VLAN is 125 seconds. Format igmp-proxy query-interval query-interval Parameters Parameter Description Value query-interval Specifies the interval for sending IGMP General Query messages. The value is an integer that ranges from 1 to 65535, in seconds. The default value is 60. Views VLAN view Default Level 2: Configuration level Usage Guidelines Before running the igmp-proxy query-interval command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. By setting interval for sending IGMP General Query messages, you can: l Configure the device to send IGMP General Query messages at the set intervals to maintain memberships of interfaces. The shorter the interval is, the more sensitive the device is and the more bandwidth and switch resources are occupied. l Adjust the aging time of member interfaces. When receiving IGMP Report messages from hosts, the device sets the aging time of member interfaces by using the following formula: Aging time = IGMP robustness variable x Interval for sending IGMP General Query messages + Maximum response time. NOTE The maximum response time must be shorter than the interval for sending IGMP General Query messages. If you run the igmp-proxy query-interval command multiple times in the same VLAN view, the latest configuration takes effect. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 91 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Example # Set the interval for sending IGMP General Query messages in VLAN 3 to 100 seconds. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] igmp-proxy query-interval 100 6.1.13 igmp-proxy require-router-alert Function Using the igmp-proxy require-router-alert command, you can configure the device to process only the IGMP messages that contain the Router-Alert option in the IP header after receiving the messages from a VLAN. By default, the device can process the IGMP messages that do not contain the Router-Alert option in the IP header. Format igmp-proxy require-router-alert Parameters None Views VLAN view Default Level 2: Configuration level Usage Guidelines After you run the igmp-proxy require-router-alert command , the device checks whether received IGMP messages contain the Router-Alert option in the IP header. If not, the device discards the IGMP messages. Before running the igmp-proxy require-router-alert command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. Example # Configure interfaces in VLAN 3 to process only the IGMP messages that contain the RouterAlert option in the IP header. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] igmp-proxy require-router-alert Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 92 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands 6.1.14 igmp-proxy robust-count Function Using the igmp-proxy robust-count command sets the IGMP robustness variable in a VLAN, which specifies how many times IGMP Query messages are sent. By default, the robustness variable in a VLAN is 2. Format igmp-proxy robust-count robust-value Parameters Parameter Description Value robust-value Specifies the IGMP robustness variable in a VLAN. The value is an integer that ranges from 2 to 5. Views VLAN view Default Level 2: Configuration level Usage Guidelines Before running the igmp-proxy lastmember-queryinterval command, run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN. By setting the interval for sending IGMP Group-Specific messages, you can: l Specify the number of times the querier sends a Group-Specific Query message, which prevents packet loss on the network. When receiving an IGMP Leave message for a multicast group, the switch sends a GroupSpecific Query message certain times (specified by the IGMP robustness variable) to check whether this group has any other members. If the quality of transmission links is low, increase the IGMP robustness variable. l Change the aging time of multicast group member ports. When receiving an IGMP Report message from a host, the switch starts the aging timer for the member port. The aging time is calculated using the following formula: Aging time = IGMP robustness variable x General query interval + Maximum response time for General Query messages. The igmp-snooping robust-count command sets the general query count. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 93 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Example # Set the IGMP robustness variable to 5 in VLAN 3. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] igmp-proxy robust-count 5 6.1.15 igmp-proxy router-aging-time Function Using the igmp-proxy router-aging-time command, you can set the aging time of dynamic router interfaces in a VLAN. By default, the aging time of dynamic router interfaces in a VLAN is 180 seconds or equal to the holdtime contained in PIM Hello messages. Format igmp-proxy router-aging-time router-aging-time Parameters Parameter Description Value router-aging-time Specifies the aging time of dynamic router interfaces in a VLAN. The value is an integer that ranges from 1 to 1000, in seconds. The default value is 180 seconds or the holdtime contained in PIM Hello messages. Views VLAN view Default Level 2: Configuration level Usage Guidelines Before running the igmp-proxy router-aging-time command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. When receiving IGMP Query messages or PIM Hello messages from a dynamic router interface, the device resets the aging time of the router interface. By default, the device resets the aging time of the router interface as follows: Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 94 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands l If IGMP Query messages are received by the interface, the device resets the aging time of the interfaces to 180 seconds. l If PIM Hello messages are received by the interface and the holdtime of the Hello messages is greater than the remaining aging time of the interface, the device resets the aging time of the interface to the holdtime contained in the PIM Hello messages. Example # Set the aging time of router interfaces in VLAN 3 to 500 seconds. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] igmp-proxy router-aging-time 500 6.1.16 igmp-proxy send-query enable Function Using the igmp-proxy send-query enable command, you can enable the device to send IGMP Query messages to non-router interfaces. By default, the device is disabled from sending IGMP Query messages to non-router interfaces. Format igmp-proxy send-query enable Parameters None Views System view Default Level 2: Configuration level Usage Guidelines Before using the igmp-proxy send-query enable command, you must run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally. In most situations, the device does not send IGMP Query messages. When the MSTP recalculation is triggered by changes of network topologies, the device sends IGMP General Query messages to detect whether multicast members exist on each interface. This is caused by changes of the forwarding path of packets. When IGMP General Query messages are sent to hosts, the hosts that remain as multicast members reply with IGMP Report messages. The device then updates information about multicast member interfaces according to the IGMP Report messages. In this manner, multicast Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 95 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands packets can be quickly switched to new forwarding paths. This ensures smooth transmission of multicast services. Example # Enable the device to send IGMP Query messages that respond to changes of network topologies to non-router interfaces. <HUAWEI> system-view [HUAWEI] igmp-proxy send-query enable 6.1.17 igmp-proxy send-query source-address Function Using the igmp-proxy send-query source-address command, you can set the source IP address contained in the IGMP messages sent by the device enabled with IGMP proxy. Format igmp-proxy send-query source-address ip-address Parameters Parameter Description Value ip-address Specifies the source IP address of IGMP messages. The address is in dotted decimal notation and the default value is 192.168.0.1. Views System view Default Level 2: Configuration level Usage Guidelines Before using the igmp-proxy send-query source-address command, you must run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally. If 192.168.0.1 is already used by other devices on the network, you can use the command to modify the source IP address of IGMP General Query messages and other messages sent by the device enabled with IGMP proxy. When multiple devices exist on a shared network, you can set the source IP address of IGMP messages to identify the devices. For example, you must specify different source IP addresses for different devicees when the election mechanism is applied to the devicees with different performances. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 96 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands If the command is run for multiple times in the same view, the latest configuration overwrites the earlier ones. Example # Set the source IP address of IGMP messages sent by the device enabled with IGMP proxy to 192.168.10.1. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] igmp-proxy send-query source-address 192.168.10.1 6.1.18 igmp-proxy ssm-policy Function The igmp-proxy ssm-policy command configures an SSM group policy for IGMP proxy. Format igmp-proxy ssm-policy basic-acl-number Parameters Parameter Description Value basic-acl-number Specifies the number of the basic ACL that defines the range of SSM group addresses. The value is an integer that ranges from 2000 to 2999. Views System view Default Level 2: Configuration level Usage Guidelines Before this command, enable IGMP snooping globally. By default, SSM group addresses range from 232.0.0.0 to 232.255.255.255. You can configure an SSM group policy to narrow or expand the range of SSM group addresses. Example # Configure multicast group 225.1.1.123 as an SSM group. <HUAWEI> system-view [HUAWEI] acl number 2008 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 97 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands [HUAWEI-acl-basic-2008] rule permit source 225.1.1.123 0 [HUAWEI-acl-basic-2008] quit [HUAWEI] igmp-snooping enable [HUAWEI] igmp-proxy ssm-policy 2008 6.1.19 igmp-proxy static-group Function The igmp-proxy static-group command adds an interface statically to a multicast group. By default, an interface is not statically added to any multicast groups. Format igmp-proxy static-group group-ip-address1 [ to group-ip-address2 ] [ source-address sourceip-address ] vlan vlan-id Parameters Parameter Description Value group-ip-address1 to groupip-address2 Adds the interface to multiple multicast groups. The values of group-ip-address1 and group-ip-address2 must be in the same network segment (with a 24-bit mask). - source-address source-ipaddress Specifies the IP address of a multicast source. The value of source-ipaddress can be any Class A, Class B, or Class C address, in dotted decimal notation. vlan vlan-id Specifies the ID of a VLAN. The value is an integer that ranges from 1 to 4094. Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines In addition to dynamic multicast forwarding entries generated by Layer 2 protocol protocols, you can configure static Layer 2 multicast forwarding entries by binding interfaces to entries. After an interface is statically added to a multicast group, users connected to this interface can receive multicast data of the multicast group for a long time. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 98 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Example # Add GE0/0/1 in VLAN 2 to multicast group 224.1.1.1. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] igmp-proxy static-group 224.1.1.1 vlan 2 6.1.20 igmp-proxy static-router-port Function Using the igmp-proxy static-router-port command, you can configure an interface as a static router interface in a specified VLAN. Format igmp-proxy static-router-port vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> Parameters Parameter Description Value vlan vlan-id Indicates a VLAN. vlan-id specifies the ID of a VLAN. The value is an integer that ranges from 1 to 4094. Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines Before running the igmp-proxy static-router-port command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. If the interface is not added to the VLAN specified by vlan-id before the command is run, the configuration is kept on the device and becomes valid until the interface is added to the specified VLAN. NOTE A static router interface does not age. Example # Configure GE0/0/1 in VLAN 3 as a static router interface. <HUAWEI> system-view [HUAWEI] igmp-proxy enable Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 99 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] quit [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] igmp-proxy static-router-port vlan 3 6.1.21 igmp-proxy table limit Function Using the igmp-proxy table limit command, you can set the maximum number of IGMP proxy entries on an interface. Format igmp-proxy table limit limit-num vlan { vlan-id1 [ to vlan-id2 ] } & <1-10> Parameters Parameter Description Value limit-num Specifies the maximum number of IGMP proxy entries on an interface. The value is an integer and the value range depends on the product model: l S2350: 1 to 1022 l S5300LI and S5300SI: 1 to 1024 l S5300EI, S5310EI, S5300HI, S5306, and S6300: 1 to 2048 vlan-id1 [ to vlan-id2 ] Specifies the ID of a user VLAN. The value is an integer that ranges from 1 to 4094. Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines After the igmp-proxy table limit command is run, the number of IGMP proxy entries on the interface cannot exceeds the limit. Example # Set the maximum number of IGMP proxy entries in VLAN 10 on GE0/0/1 to 100. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 100 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands <HUAWEI> system view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] igmp-proxy table limit 100 vlan 10 6.1.22 igmp-proxy version Function Using the igmp-proxy version command, you can configure the version of IGMP messages that can be processed by the IGMP proxy in a VLAN. By default, the IGMP proxy can process both IGMPv1 messages and IGMPv2 messages in a VLAN. Format igmp-proxy version version Parameters Parameter Description Value version Specifies the version of IGMP messages that can be processed in a VLAN. The value is an integer that ranges from 1 to 3. l The value 1 indicates that only IGMPv1 messages can be processed. l The value 2 indicates that both IGMPv1 and IGMPv2 messages can be processed. l The value 3 indicates that the system can process IGMPv1, IGMPv2, and IGMPv3 messages. Views VLAN view Default Level 2: Configuration level Usage Guidelines Hosts in the same VLAN must run the IGMP protocol of the same version. When hosts that run different IGMP versions exist in a VLAN, you need to run the igmp-proxy version command to configure the IGMP version. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 101 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Before running the igmp-proxy version command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. Example # Configure the IGMP proxy to process only IGMPv1 messages in VLAN 2. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 2 [HUAWEI-vlan2] igmp-proxy enable [HUAWEI-vlan2] igmp-proxy version 1 6.1.23 igmp-snooping group-policy (interface view) Function The igmp-snooping group-policy command configures a multicast group policy for a VLAN on an interface. The policy specifies the multicast groups that hosts in the VLAN can join. By default, no multicast group policy is configured for a VLAN. That is, hosts in the VLAN can join any multicast group. Format igmp-snooping group-policy acl-number vlan vlan-id1 [ to vlan-id2 ] version-number Parameters Parameter Description Value acl-number Specifies the number of the ACL that limits the multicast groups that hosts in a VLAN can join. The value is an integer that ranges from 2000 to 3999. version-number Applies the multicast group policy to only the IGMP messages of the specified version. The value is an integer that ranges from 1 to 3. The value 1 indicates IGMPv1, the value 2 indicates IGMPv2 and the value 3 indicates IGMPv3. vlan vlan-id1 [ to vlan-id2 ] Applies the multicast group policy to the specified VLANs on the interface. vlan-id1 and vlan-id2 are integers that range 1 from 4094. Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 102 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Default Level 2: Configuration level Usage Guidelines Before running the igmp-snooping group-policy command, enable IGMP snooping globally and in the specified VLANs. By configuring a multicast group policy for a VLAN on an interface, you can prohibit hosts in the VLAN from joining the specified IP multicast groups. Example # Prohibit hosts in VLAN 3 from join multicast group 225.1.1.123 on GE0/0/10. <HUAWEI> system-view [HUAWEI] acl number 2008 [HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0 [HUAWEI-acl-basic-2008] quit [HUAWEI] igmp-snooping enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-snooping enable [HUAWEI-vlan3] quit [HUAWEI] interface gigabitethernet 0/0/10 [HUAWEI-GigabitEthernet0/0/10] igmp-snooping group-policy 2008 vlan 3 2 6.1.24 igmp-snooping group-policy (VLAN view) Function Using the igmp-snooping group-policy command, you can configure the multicast group policy in a VLAN. The policy specifies the multicast groups that hosts in the VLAN can join. By default, no multicast group policy is available in a VLAN. That is, hosts in a VLAN can join any multicast group. Format igmp-snooping group-policy acl-number version-number Parameters Issue 02 (2013-11-06) Parameter Description Value acl-number Specifies the number of the ACL that limits the multicast groups that hosts in a VLAN can join. The value is an integer that ranges from 2000 to 3999. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 103 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Parameter Description Value version-number Applies the multicast group policy to only the IGMP messages of the specified version. The value is an integer that ranges from 1 to 3. The value 1 indicates IGMPv1, the value 2 indicates IGMPv2 and the value 3 indicates IGMPv3. Views VLAN view Default Level 2: Configuration level Usage Guidelines Before running the igmp-snooping group-policy command, enable IGMP snooping globally and in the VLAN. By setting the multicast group policy in a VLAN, you can restrict the access of hosts in the VLAN to multicast groups. Example # Prevent hosts in VLAN 3 from joining multicast group 225.1.1.123. <HUAWEI> system-view [HUAWEI] acl number 2008 [HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0 [HUAWEI-acl-basic-2008] quit [HUAWEI] igmp-snooping enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-snooping enable [HUAWEI-vlan3] igmp-snooping group-policy 2008 2 6.1.25 igmp-snooping proxy enable Function Using the igmp-snooping proxy enable command, you can enable IGMP snooping globally. By default., IGMP snooping is disabled globally. Format igmp-snooping proxy enable Parameters None Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 104 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Views System view Default Level 2: Configuration level Usage Guidelines None Example # Enable IGMP proxy globally. <HUAWEI> system-view [HUAWEI] igmp-snooping proxy enable # Enable IGMP proxy in VLAN 3. 6.1.26 igmp-snooping ssm-policy Function The igmp-snooping ssm-policy command configures an SSM group policy for IGMP snooping. All the multicast groups permitted by the SSM group policy are SSM groups. Format igmp-snooping ssm-policy basic-acl-number Parameters Parameter Description Value basic-acl-number Specifies the number of the basic ACL that defines the range of SSM groups. The value is an integer that ranges from 2000 to 2999. Views System view Default Level 2: Configuration level Usage Guidelines Perform the following operations before using this command: Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 105 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands l Create a basic ACL. l Enable IGMP proxy globally. By default, SSM group addresses range from 232.0.0.0 to 232.255.255.255. If hosts need to join multicast groups out of this range or they are only allowed to join some of multicast groups in the range, you can configure an SSM group policy to specify the SSM group range. Example # Configure multicast group 225.1.1.123 as an SSM group. <HUAWEI> system-view [HUAWEI] acl number 2000 [HUAWEI-acl-basic-2000] rule permit source 225.1.1.123 0 [HUAWEI-acl-basic-2000] quit [HUAWEI] igmp-proxy enable [HUAWEI] igmp-snooping ssm-policy 2000 6.1.27 igmp-snooping static-group Function The igmp-snooping static-group command adds an interface statically to a multicast group. By default, an interface is not statically added to any multicast groups. Format igmp-snooping static-group group-ip-address1 [ to group-ip-address2 ] [ source-address source-ip-address ] vlan vlan-id Parameters Issue 02 (2013-11-06) Parameter Description Value group-ip-address1 to groupip-address2 Adds the interface to multiple multicast groups. The values of group-ipaddress1 and group-ipaddress2 must be in the same network segment (with a 24bit mask). - source-address source-ipaddress Specifies the IP address of a multicast source. The value of source-ipaddress can be any Class A, Class B, or Class C address, in dotted decimal notation. vlan vlanid Specifies the ID of a VLAN. The value is an integer that ranges from 1 to 4094. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 106 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines In addition to dynamic multicast forwarding entries generated by Layer 2 protocol protocols, you can configure static Layer 2 multicast forwarding entries by binding interfaces to entries. After an interface is statically added to a multicast group, users connected to this interface can receive multicast data of the multicast group for a long time. Example # Add GE0/0/1 in VLAN 2 to multicast group 224.1.1.1. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] igmp-snooping static-group 224.1.1.1 vlan 2 6.1.28 igmp-snooping suppression-time Function The igmp-snooping suppression-time command sets the global IGMP message suppression time. Format igmp-snooping suppression-time suppression-time Parameters Parameter Description Value suppression-time Specifies the global IGMP message suppression time. The value is an integer that ranges from 0 to 300, in seconds. The default value is 10. Views System view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 107 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Usage Guidelines To reduce the IGMP messages sent to the upstream router and protects the router from attacks, enable the device to suppress IGMP Report and IGMP Leave messages sent by hosts. After this function is enabled, the device processes IGMP Report and IGMP Leave messages as follows: l After receiving an IGMP Report message and forwarding the message, the device does not forward the same type of messages to the router interface within the suppression time. l If the device receives an IGMP General Query message or Group-Specific message, the device does not suppress the first IGMP Report message that responds to the General Query message. In addition, the device resets the suppression timer when receiving the first IGMP Report message. The igmp-snooping suppression-time command sets the period during which IGMP Report and IGMP Leave messages are suppressed. Example # Set the global IGMP message suppression time to 15 seconds. <HUAWEI> system-view [HUAWEI] igmp-snooping suppression-time 15 6.1.29 igmp-snooping table limit Function Using the igmp-snooping table limit command, you can set the maximum number of the entries that can be configured or learnt by the IGMP snooping module on an interface. Format igmp-snooping table limit limit-num vlan vlan-id Parameters Parameter Description Value limit-num Specifies the maximum number of the entries that can be configured or learnt by the IGMP snooping module on an interface. The value is an integer and the value range depends on the product model: l S2350: 1 to 1022 l S5300LI and S5300SI: 1 to 1024 l S5300EI, S5310EI, S5300HI, S5306, and S6300: 1 to 2048 vlan vlan-id Issue 02 (2013-11-06) Specifies a VLAN ID. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. The value is an integer that ranges from 1 to 4094. 108 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines After the igmp-snooping table limit command is used, the number of the entries that can be configured or learnt by the IGMP snooping module on an interface cannot exceed the maximum number. Example # Set the maximum number of the entries that can be configured or learnt by the IGMP snooping module on GE0/0/1 in VLAN 4 to 100. <HUAWEI> system view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] igmp-snooping table limit 100 vlan 4 6.1.30 mld-snooping group-policy (interface view) Function The mld-snooping group-policy command configures an IPv6 multicast group policy on an interface. Format mld-snooping group-policy acl6-number vlan vlan-id mld-version [ default-permit ] Parameters Issue 02 (2013-11-06) Parameter Description Value acl6-number Specifies the number of an IPv6 ACL that defines a range of multicast groups. A basic or advanced ACL can be used in an IPv6 multicast group policy. The value is an integer that ranges from 2000 to 3999. vlan vlan-id Applies the IPv6 multicast group policy to a specified VLAN on an interface. The value is an integer that ranges from 1 to 4094. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 109 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Parameter Description Value mld-version Specifies an MLD version. The multicast group policy is applied only to the MLD messages of this version. If this parameter is not specified, the multicast group policy applies to all MLD messages. The value is 1 or 2. Configures the multicast group policy to permit all groups by default. That is, if the referenced ACL has no rules, the multicast group policy allows hosts in the VLAN to join all groups. - default-permit l 1: MLDv1 l 2: MLDv2 Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines An IPv6 multicast group policy controls the multicast programs that users can order on a device with Multicast Listener Discovery (MLD) snooping enabled. In multicast applications, user hosts send MLD Report messages to join a group when they order programs of this group. When the upstream Layer 2 device receives the Report messages, it processes the Report messages differently depending on whether the group policy configured on the inbound interface has the default-permit keyword specified: l If default-permit is not specified, the group policy prevents hosts in the VLAN from joining any group by default. A filter rule must be configured by specifying the permit keyword in the rule command. If the Report messages match the filter rule, the Layer 2 device allows the hosts in the VLAN to join the group and forwards the Report messages. If the Report messages do not match the filter rule, the Layer 2 device prevents the hosts from joining the group and drops the Report messages. l If default-permit is specified, the group policy allows hosts in the VLAN to join all groups by default. A filter rule must be configured by specifying the deny keyword in the rule command. If the Report messages match the filter rule, the Layer 2 device prevents the hosts in the VLAN from joining the group and drops the Report messages. If the Report messages do not match the filter rule, the Layer 2 device allows the hosts to join the group and forwards the Report messages. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 110 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Example # Prevent hosts in VLAN 10 on GE0/0/1 from joining IPv6 multicast group ff1c::3/32. <HUAWEI> system-view [HUAWEI] acl ipv6 number 2000 [HUAWEI-acl6-basic-2000] rule deny source ff1c::3/32 [HUAWEI-acl6-basic-2000] quit [HUAWEI] mld-snooping enable [HUAWEI] vlan 10 [HUAWEI-vlan10] mld-snooping enable [HUAWEI-vlan10] quit [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port link-type trunk [HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 [HUAWEI-GigabitEthernet0/0/1] mld-snooping group-policy 2000 vlan 10 default-permit # Allow hosts in VLAN 10 connected to GE0/0/1 to join IPv6 multicast group ff1c::3/32. <HUAWEI> system-view [HUAWEI] acl ipv6 number 2000 [HUAWEI-acl6-basic-2000] rule permit source ff1c::3/32 [HUAWEI-acl6-basic-2000] quit [HUAWEI] mld-snooping enable [HUAWEI] vlan 10 [HUAWEI-vlan10] mld-snooping enable [HUAWEI-vlan10] quit [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port link-type trunk [HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 [HUAWEI-GigabitEthernet0/0/1] mld-snooping group-policy 2000 vlan 10 6.1.31 mld-snooping group-policy (VLAN view) Function The mld-snooping group-policy command configures an IPv6 multicast group policy in a VLAN. Format mld-snooping group-policy acl6-number mld-version [ default-permit ] undo mld-snooping group-policy Parameters Issue 02 (2013-11-06) Parameter Description Value acl6-number Specifies the number of an IPv6 ACL that defines a range of multicast groups. A basic or advanced ACL can be used in an IPv6 multicast group policy. The value is an integer that ranges from 2000 to 3999. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 111 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Parameter Description Value mld-version Applies the multicast group policy only to the MLD messages of the specified version. If this parameter is not specified, the multicast group policy applies to all MLD messages. The value is 1 or 3. Configures the multicast group policy to permit all groups by default. That is, if the referenced ACL has no rules, the multicast group policy allows hosts in the VLAN to join all groups. - default-permit l 1: MLDv1 l 2: MLDv2 Views VLAN view Default Level 2: Configuration level Usage Guidelines An IPv6 multicast group policy controls the multicast programs that users can order on a device with Multicast Listener Discovery (MLD) snooping enabled. In multicast applications, user hosts send MLD Report messages to join a group when they order programs of this group. When the upstream Layer 2 device receives the Report messages, it processes the Report messages differently depending on whether the group policy configured in the VLAN has the defaultpermit keyword specified: l If default-permit is not specified, the group policy prevents hosts in the VLAN from joining any group by default. A filter rule must be configured by specifying the permit keyword in the rule command. If the Report messages match the filter rule, the Layer 2 device allows the hosts in the VLAN to join the group and forwards the Report messages. If the Report messages do not match the filter rule, the Layer 2 device prevents the hosts from joining the group and drops the Report messages. l If default-permit is specified, the group policy allows hosts in the VLAN to join all groups by default. A filter rule must be configured by specifying the deny keyword in the rule command. If the Report messages match the filter rule, the Layer 2 device prevents the hosts in the VLAN from joining the group and drops the Report messages. If the Report messages do not match the filter rule, the Layer 2 device allows the hosts to join the group and forwards the Report messages. Example # Prevent hosts in VLAN 4 from joining IPv6 multicast group ff1e::1/32. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 112 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands <HUAWEI> system-view [HUAWEI] acl ipv6 number 2001 [HUAWEI-acl6-basic-2001] rule deny source ff1e::1/32 [HUAWEI-acl6-basic-2001] quit [HUAWEI] mld-snooping enable [HUAWEI] vlan 4 [HUAWEI-vlan4] mld-snooping enable [HUAWEI-vlan4] mld-snooping group-policy 2001 default-permit # Allow hosts in VLAN 4 to join IPv6 multicast group ff1e::1/32. <HUAWEI> system-view [HUAWEI] acl ipv6 number 2001 [HUAWEI-acl6-basic-2001] rule permit source ff1e::1/32 [HUAWEI-acl6-basic-2001] quit [HUAWEI] mld-snooping enable [HUAWEI] vlan 4 [HUAWEI-vlan4] mld-snooping enable [HUAWEI-vlan4] mld-snooping group-policy 2001 6.1.32 multicast user-vlan Function Using the multicast user-vlan command, you can set the mapping between a multicast VLAN and a user VLAN. Format multicast user-vlan vlan-id1 [ to vlan-id2 ] Parameters Parameter Description Value vlan-id1 [ to vlan-id2 ] Specifies the ID of a user VLAN. The value is an integer that ranges from 1 to 4094. Views VLAN view Default Level 2: Configuration level Usage Guidelines A user VLAN can be mapped to only one multicast VLAN. If you configure a multicast VLAN for a user VLAN, and then you configure another multicast VLAN for the user VLAN, the latest configured multicast VLAN overrides the previous configuration. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 113 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Example # Set the mapping between a multicast VLAN with the ID as 1 and a user VLAN with the ID as 2 after VLAN 1 is enabled with the multicast VLAN function. [HUAWEI] vlan 1 [HUAWEI-vlan1] multicast user-vlan 2 # Set the mappings between a multicast VLAN with the ID as 1 and user VLANs with the IDs ranging from 2 to 10 after VLAN 1 is enabled with the multicast VLAN function. [HUAWEI] vlan 1 [HUAWEI-vlan1] multicast user-vlan 2 to 10 6.1.33 multicast-source-deny interface Function The multicast-source-deny interface command enables the switch to filter outer multicast data packets sent from a VLAN on specified interfaces. By default, multicast data packets from all VLANs are accepted. Format multicast-source-deny interface interface-type interface-num1 [ to interface-num2 ] & <1-10> Parameters Parameter Description Value interface-type interfacenum1 [ to interface-num2 ] Specifies the interfaces on which the multicast packet filtering function needs to be enabled. - Views VLAN view Default Level 2: Configuration level Usage Guidelines When some interfaces need to reject multicast data packets sent from a VLAN (for example, a user VLAN), you can run the multicast-source-deny command in this VLAN and specify these interfaces in the command. Example # Filter out multicast data packets received from VLAN 10 on GE0/0/1. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 114 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands <HUAWEI> system-view [HUAWEI] vlan 10 [HUAWEI-vlan10] multicast-source-deny interface gigabitethernet 0/0/1 6.1.34 reset igmp-proxy group Function Using the reset igmp-proxy group command, you can clear the dynamic forwarding entries from the multicast forwarding table. Format reset igmp-proxy group vlan { vlan-id | all } all Parameters Parameter Description Value vlan vlan-id vlan-id specifies the ID of a VLAN. If this parameter is specified, the device clears the dynamic forwarding entries of the specified VLAN. The value is an integer that ranges from 1 to 4094. all Clears the dynamic forwarding entries of all VLANs from the multicast forwarding table. - Views User view Default Level 3: Management level Usage Guidelines Before running the reset igmp-proxy group command, you need to run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally. If the command clears the dynamic forwarding entries of a VLAN from the multicast forwarding table, the hosts in the VLAN cannot receive the multicast packets temporarily. The hosts can receive multicast packets only when they send IGMP Report messages and the device generates dynamic forwarding entries. NOTE This command cannot clear static forwarding entries. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 115 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands Example # Clear the dynamic forwarding entries of all VLANs. <HUAWEI> reset igmp-proxy group vlan all all # Clear all dynamic forwarding entries of VLAN 3. <HUAWEI> reset igmp-proxy group vlan 3 all 6.1.35 undo igmp-proxy router-learning Function The undo igmp-proxy router-learning command disables dynamic router interface learning in a VLAN. By default, dynamic router interface learning is enabled in a VLAN. Format undo igmp-proxy router-learning Parameters None Views VLAN view Default Level 2: Configuration level Usage Guidelines Before running the undo igmp-proxy router-learning command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. A device running IGMP snooping considers an interface as a router interface when the interface receives an IGMP General Query message with any source IP address except 0.0.0.0 or a PIM Hello message. The device records all the router interfaces in the router interface list. Too many router interfaces make it difficult for the device to control the multicast flows that users can receive. To control the multicast flows received by users, disable router interface learning in VLANs. Example # Disable router interface learning in VLAN 3. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] undo igmp-proxy router-learning Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 116 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 6 Multicast Compatible Commands 6.1.36 undo igmp-proxy send-router-alert Function Using the undo igmp-proxy send-router-alert command, you can configure the device to send IGMP messages not containing the Router-Alert option in the IP header. By default, the device sends IGMP messages that contain the Router-Alert option in the IP header. Format undo igmp-proxy send-router-alert Parameters None Views VLAN view Default Level 2: Configuration level Usage Guidelines Before running the undo igmp-proxy send-router-alert command, run the 6.1.5 igmp-proxy enable command to enable IGMP proxy globally and in the VLAN. Example # Configure the device to send IGMP messages that does not contain the Router-Alert option in the IP header to VLAN 3. <HUAWEI> system-view [HUAWEI] igmp-proxy enable [HUAWEI] vlan 3 [HUAWEI-vlan3] igmp-proxy enable [HUAWEI-vlan3] undo igmp-proxy send-router-alert Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 117 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 7 QoS compatible command QoS compatible command About This Chapter 7.1 cpu queue bpdu 7.2 port queue statistics enable 7.3 qos drr (scheduling template view) 7.4 qos local-precedence-queue-map 7.5 qos queue 7.6 qos queue max-buffer 7.7 qos queue max-length (tail drop template view) 7.8 qos queue statistics enable 7.9 qos sred 7.10 qos wrr (scheduling template view) Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 118 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command 7.1 cpu queue bpdu Function Using the cpu queue bpdu command, you can set the bandwidth consumed by BPDUs sent to the queues on the CPU. NOTE This command is only supported by S5300SI and S5300EI. Format cpu queue bpdu cir cir pir pir Parameters Parameter Description Value cir cir Specifies the Committed Information Rate (CIR) of BPDUs sent to the queues on the CPU. The value is an integer that ranges from 64 to 512, in kbit/ s. By default, the CIR is 128 kbit/s. pir pir Specifies the Peak Information Rate (PIR) of BPDUs sent to the queues on the CPU. The value is an integer that ranges from 64 to 512, in kbit/ s. By default, the PIR is 128 kbit/s. Views System view Default Level 2: Configuration level Usage Guidelines If packet loss occurs during the transmission of BPDUs, you can use the cpu queue bpdu command to set the bandwidth of BPDUs sent to the queues on the CPU. In this manner, less BPDUs are lost. Example # Set the CIR and PIR of BPDUs sent to the queues on the CPU to 512 kbit/s. <Quidway> system-view [Quidway] cpu queue bpdu cir 512 pir 512 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 119 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command 7.2 port queue statistics enable Function Using the port queue statistics enable command, you can enable traffic statistics on a specified queue and set parameters. Using the undo port queue statistics enable command, you can disable traffic statistics on a specified queue. By default, traffic statistics on a specified queue is disabled. NOTE This command is only supported by S5300EI. Format port queue statistics enable queue-index queue-index inbound interface interface-type interface-number port queue statistics enable queue-index queue-index outbound interface interface-type interface-number [ from interface interface-type interface-number ] Parameters Parameter Description Value queue-index Specifies a queue index. The value is an integer that ranges from 0 to 7. Value 0 to value 7 correspond to queue 0 to queue 7 respectively. interface-type interfacenumber Specifies the type and number of an interface. The interface type can be ethernet, gigabitethernet, xgigabitethernet. from interface interfacetype interface-number Enables traffic statistics on a specified queue from a specified inbound interface to a specified outbound interface. The interface type can be ethernet, gigabitethernet, xgigabitethernet. Views System view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 120 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Usage Guidelines If you have enabled traffic statistics on a specified queue, you can view the number of passed packets in the queue. NOTE port queue statistics enable queue-index queue-index outbound interface interface-type interfacenumber The device supports traffic statistics on a maximum of eight queues. Example # Display traffic statistics on queue 7 on the ingress interface GigabitEthernet 0/0/1. <Quidway> system-view [Quidway] port queue statistics enable queue-index 7 inbound interface gigabitethernet 0/0/1 7.3 qos drr (scheduling template view) Function Using the qos drr command, you can set parameters for queues on which the DRR scheduling is used. Using the undo qos drr command, you can restore default values of parameters for queues on which the DRR scheduling is used. By default, the DRR scheduling weight value of a queue is 1. NOTE This command can be configured only on the S5300SI. Format qos drr queue-index queue-index weight weight-value undo qos drr queue-index Parameters Issue 02 (2013-11-06) Parameter Description Value queue-index Specifies the index of a queue. The value is an integer that ranges from 0 to 7. Value 0 to value 7 correspond to queue 0 to queue 7 respectively. weight-value Specifies the DRR scheduling weight value of a queue. The value is an integer that ranges from 0 to 127. The default value is 1. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 121 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Views Scheduling template view Default Level 2: Configuration level Usage Guidelines You can set parameters for queues on which the DRR scheduling is used only when the scheduling mode in the scheduling template view is DRR; otherwise, you need to run the qos (scheduling template view) command to change the scheduling mode on an interface to DRR first. By default, the scheduling mode of the device is WRR. If the qos drr command is repeatedly run in the same scheduling template view for the same queue, the later configuration overrides the previous configuration. Example # Set the scheduling mode of queue 3 to DRR, and then set the scheduling weight value to 20 in global scheduling template a. <Quidway> system-view [Quidway] qos schedule-profile a [Quidway-qos-schedule-profile-a] qos drr [Quidway-qos-schedule-profile-a] qos drr queue-index 3 weight 20 7.4 qos local-precedence-queue-map Function Using the qos local-precedence-queue-map command, you can configure the mapping between a local precedence and a queue. Using the undo qos local-precedence-queue-map command, you can restore the default mapping between a local precedence and a queue. NOTE This command is only supported by S5300EI and S5300SI. Format qos local-precedence-queue-map local-precedence queue-index undo qos local-precedence-queue-map Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 122 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Parameters Parameter Description Value local-precedence Specifies a local precedence. The value is an integer that ranges from 0 to 7. The greater the value, the higher the priority. queue-index Specifies the index of a queue. The value is an integer that ranges from 0 to 7. Value 0 to value 7 correspond to queue 0 to queue 7 respectively. Views System view Default Level 2: Configuration level Usage Guidelines If the qos local-precedence-queue-map command is run repeatedly in the same system view, the later configuration overrides the previous configuration. The device sends packets to the specified queue according to the mapping between a local precedence and a queue. By default, the mapping between a local precedence and a queue is shown in the following table. Table 7-1 Mapping between a local precedence and a queue Issue 02 (2013-11-06) Local Precedence Queue Index 7 7 6 6 5 5 4 4 3 3 2 2 1 1 0 0 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 123 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Example # Map queue 3 to local precedence 4. <Quidway> system-view [Quidway] qos local-precedence-queue-map 4 3 7.5 qos queue Function Using the qos queue command, you can configure scheduling parameters for queues of each class of service on an interface. Using the undo qos queue command, you can restore the default scheduling parameters for queues of each class of service on an interface. Format qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } cir cir-value pir pir-value [ cbs cbs-value pbs pbs-value ] undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } NOTE This command is only supported by S5300SI and S5300EI. Parameters Issue 02 (2013-11-06) Parameter Description Value af1, af2, af3, af4 Indicates queues that guarantee bandwidths, corresponding to queues Q1, Q2, Q3, and Q4 respectively. - be Indicates the best effort (BE) queue, corresponding to queue Q0. cs6, cs7 Indicates high priority queues that correspond to queue Q6 and queue Q7 respectively. - ef Indicates the low-delay queue that corresponds to queue Q5. - Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 124 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Parameter Description Value cir cir-value Specifies a CIR, that is, guaranteed bandwidth of an interface. It is an integer ranging from 64 to the interface bandwidth, in kbit/s. For example, the bandwidth of a GE interface is 1000000 kbit/s, and that of a 10GE interface is 10000000 kbit/s. pir pir-value Specifies a PIR, that is, restricted bandwidth of an interface. It is an integer ranging from 64 to the interface bandwidth, in kbit/s. For example, the bandwidth of a GE interface is 1000000 kbit/s, and that of a 10GE interface is 10000000 kbit/s. The default value is the interface bandwidth. cbs cbs-value Specifies a Committed Burst Size (CBS), that is, the committed traffic size that can pass at a burst of traffic. It is an integer ranging from 4096 bytes to 16773120 bytes. The default cbs-value is related to the configured cir-value. pbs pbs-value Specifies a Peak Burst Size (PBS), that is, the peak traffic size that can pass at a burst of traffic. It is an integer ranging from 4096 bytes to 16773120 bytes. The default pbs-value is related to the configured pir-value. NOTE The priorities of queues Q7, Q6, …, Q1, and Q0 are 7, 6, …, 1, and 0 respectively, in an descending order on an interface. Views GE interface view, 10GE interface view Default Level 2: Configuration level Usage Guidelines When the rate of an interface on a downstream device is lower than the rate of an interface on an upstream device, traffic congestion may occur on the interface of the upstream device. In this case, you can configure traffic shaping for queues on the outbound interface of the upstream device and adjust the sending rate of the interface. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 125 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Example # Configure traffic shaping for queue 2 on GE0/0/1. Set the CIR to 300 kbit/s and the PIR to 500 kbit/s. <Quidway> system-view [Quidway] interface gigabitethernet 0/0/1 [Quidway-GigabitEthernet0/0/1] qos queue af2 cir 300 pir 500 7.6 qos queue max-buffer Function Using the qos queue max-buffer command, you can set the maximum buffer size of all packets in a specified queue for a tail drop template. Using the qos queue green max-buffer command, you can set the maximum buffer size of green packets in a specified queue for a tail drop template. Using the undo qos queue max-buffer command, you can delete the maximum buffer size of all packets in a specified queue set for a tail drop template. Using the undo qos queue green max-buffer command, you can delete the maximum buffer size of green packets in a specified queue set for a tail drop template. Format qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } max-buffer cell-number [ green maxbuffer cell-number ] qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } green max-buffer cell-number undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } max-buffer [ green maxbuffer ] undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } green max-buffer NOTE Only the S5300SI supports this command. Parameters Issue 02 (2013-11-06) Parameter Description Value af1, af2, af3, af4 Indicates bandwidth guaranteed queues that correspond to queues Q1, Q2, Q3, and Q4 respectively. - be Indicates the BE queue that corresponds to queue Q0. - Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 126 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Parameter Description Value cs6, cs7 Indicates high priority queues that correspond to queues Q6 and Q7 respectively. - ef Indicates the low-delay queue that corresponds to queue Q5. - max-buffer cell-number Specifies the maximum buffer size of all packets in a specified queue. The value is an integer that ranges from 1 to 5134, in cells. The size of a cell is 256 bytes. The default value is 24. green max-buffer cellnumber Specifies the maximum buffer size of green packets in a specified queue. The value is an integer that ranges from 1 to 5134, in cells. The size of a cell is 256 bytes. The default value is 12. Views Tail drop template view Default Level 2: Configuration level Usage Guidelines After running the qos tail-drop-profile command to create a tail drop template, you can run the qos queue max-buffer command to set the maximum buffer size of all packets or green packets in a specified queue for a tail drop template. Example # Create a global tail drop template named a, and then set the maximum buffer size of all packets in a BE queue for the global tail drop template to 200, in cells. <Quidway> system-view [Quidway] qos tail-drop-profile a [Quidway-qos-tail-drop-profile-a] qos queue be max-buffer 200 7.7 qos queue max-length (tail drop template view) Function Using the qos queue max-length command, you can set the maximum length of all packets in a specified queue for a tail drop template. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 127 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Using the qos queue green max-length command, you can set the maximum length of green packets in a specified queue for a tail drop template. Using the undo qos queue max-length command, you can delete the maximum length of all packets in a specified queue set for a tail drop template. Using the undo qos queue green max-length command, you can delete the maximum length of green packets in a specified queue set for a tail drop template. NOTE Only the S5300SI supports this command. Format qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } max-length packet-number [ green maxlength packet-number ] qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } green max-length packet-number undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } max-length [ green maxlength ] undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } green max-length Parameters Issue 02 (2013-11-06) Parameter Description Value af1, af2, af3, af4 Indicates bandwidth guaranteed queues that correspond to queues Q1, Q2, Q3, and Q4 respectively. - be Indicates the BE queue that corresponds to queue Q0. - cs6, cs7 Indicates high priority queues that correspond to queues Q6 and Q7 respectively. - ef Indicates the low-delay queue that corresponds to queue Q5. - max-length packet-number Specifies the maximum length of all packets in a specified queue. The value is an integer that ranges from 1 to 5134, in packets. The default value is 22. green max-length packetnumber Specifies the maximum length of green packets in a specified queue. The value is an integer that ranges from 1 to 5134, in packets. The default value is 11. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 128 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Views Tail drop template view Default Level 2: Configuration level Usage Guidelines After running the qos tail-drop-profile command to create a tail drop template, you can run the qos queue max-length command in the tail drop template view to set the maximum length of all packets or green packets in a specified queue for the tail drop template. Example # Create a global tail drop template named a, and then set the maximum length of all packets in a BE queue for the global tail drop template to 200, in packets. <Quidway> system-view [Quidway] qos tail-drop-profile a [Quidway-tail-drop-profile-a] qos queue be max-length 200 7.8 qos queue statistics enable Function Using the qos queue statistics enable command, you can enable the queue statistics function on a specified outbound interface. Using the undo qos queue statistics enable command, you can disable the queue statistics function on a specified outbound interface. By default, the queue statistics function is disabled. NOTE This command is only supported by S5300EI. Format qos queue statistics enable interface interface-type interface-number undo qos queue statistics enable Parameters Issue 02 (2013-11-06) Parameter Description Value interface interface-type interface-number Specifies the type and number of an interface. The interface type can be ethernet, gigabitethernet, xgigabitethernet. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 129 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Views System View Default Level 2: Configuration level Usage Guidelines After enabling the queue statistics function on a specified outbound interface, you can view the number of packets in the queue. When you repeatedly run the qos queue statistics enable command in the system view, the latest configuration overrides the previous ones. The function of the qos queue statistics enable command is similar to that of the port queue statistics enable command, but the port queue statistics enable command can flexibly configure the statistics function of eight queues according to the interface, queue, and direction. The port queue statistics enable command provides powerful functions, but the configuration is complicated. The qos queue statistics enable command simplifies the configuration and can take the statistics on packets entering the queue and discarded in the queue on the specified interface. For problems of packet scheduling and packet loss in the queue, the qos queue statistics enable command provides initial location information. NOTICE The qos queue statistics enable command is exclusive with the port queue statistics enable command. l If the port queue statistics enable command has been used, the following error message is displayed on the device when the qos queue statistics enable command is used: Error: Can't perform this operation because the port-queue-statistics is enabled. l If the qos queue statistics enable command has been used, the following error message is displayed on the device when the port queue statistics enable command is used: Error: Can't perform this operation because the qos-queue-statistics is enabled. After the qos queue statistics enable command is used, the statistics on discarded packets in queues on other interfaces except for the specified interface are not taken. The output of the display hol-drop command is affected. Therefore, the output of the display hol-drop command is inaccurate. After the undo qos queue statistics enable command is run, the statistics on discarded packets in queues on all the interfaces are taken. Example # Take the statistics on outgoing packets of the queue on GE 0/0/1. <Quidway> system-view [Quidway] qos queue statistics enable interface gigabitethernet 0/0/1 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 130 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command 7.9 qos sred Function Using the qos sred command, you can set the SRED threshold and drop probability for queues on an outbound interface. Using the undo qos sred command, you can restore the default configuration. By default, the SRED threshold and drop probability for queues on an outbound interface are not set. NOTE This command is only supported by S5300EI. Format qos sred queue-index queue-index red start-discard-point discard-probability discardprobability yellow start-discard-point discard-probability discard-probability undo qos sred [ queue queue-index ] Parameters Parameter Description Value queue-index Specifies the index of a queue. The value is an integer that ranges from 0 to 7. Value 0 to value 7 correspond to queue 0 to queue 7 respectively. start-discard-point Specifies a threshold for discarding packets. The value ranges from 4 to 2047. discard-probability Specifies a probability for discarding packets. The value ranges from 0 to 7. The mapping between the values and percentages is as follows: l 0: 100% l 1: 6.25% l 2: 3.125% l 3: 1.5625% l 4: 0.78125% l 5: 0.390625% l 6: 0.1953125% l 7: 0.09765625% Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 131 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Views System view Default Level 2: Configuration level Usage Guidelines NOTE Using the trust 8021p command, you can configure an interface to trust priorities carried in packets. Then, the device colors the packets red or yellow according to the 802.1p priorities of the packets; the device sets a threshold for dropping red packets and a threshold for dropping yellow packets. When congestion avoidance based on the SRED is configured, l A threshold for discarding red packets and the drop probability that are set for queues 0 to 4 take effect. l A threshold for discarding yellow packets and the drop probability that are set for queues 0 to 4 do not take effect. l A threshold for discarding yellow packets and the drop probability that are set for queues 5 to 7 take effect. l A threshold for discarding red packets and the drop probability that are set for queues 5 to 7 do not take effect. Using the trust 8021p command, you can configure an interface to trust DSCP values of packets. Then, the device colors the packets red or yellow according to drop precedences of packets; packets enter different queues according to mappings between DSCP values and 802.1p priorities; the device drops packets according to thresholds for dropping packets and drop precedences that are set in queues. Configuring an SRED threshold impacts on thresholds for discarding packets in all queues on an interface. When you repeatedly run the qos sred command for the same queue, the later configuration overwrites the previous configuration. When the number of packets in a queue is greater than a threshold for discarding packets, conformed packets are dropped from the tail of the queue according to the drop probability set by a user. Example # Configure queue 0 in the system view. Set a threshold for discarding red packets to 10. Set the drop probability for red packets to 5. Set a threshold for discarding yellow packets to 20. Set the drop probability for yellow packets to 4. <Quidway> system-view [Quidway] qos sred queue-index 0 red 10 discard-probability 5 yellow 20 discardprobability 4 7.10 qos wrr (scheduling template view) Function Using the qos wrr command, you can set parameters for queues on which the WRR scheduling is used. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 132 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command Using the undo qos wrr command, you can restore default values of parameters for queues on which WRR scheduling is used. By default, the WRR scheduling weight value of a queue is 1. NOTE Only the S5300SI supports this command. Format qos wrr queue-index queue-index weight weight-value undo qos wrr queue-index Parameters Parameter Description Value queue-index Specifies the index of a queue. The value is an integer that ranges from 0 to 7. Value 0 to value 7 correspond to queue 0 to queue 7 respectively. weight-value Specifies the WRR scheduling weight value of a queue. The value is an integer that ranges from 0 to 127. The default value is 1. Views Scheduling template view Default Level 2: Configuration level Usage Guidelines The device forwards packets of queues round according to values of WRR scheduling parameters. The ratio of WRR weight values refers to the ratio of the number of packets in queues for forwarding. If the qos wrr command is repeatedly run in the same scheduling template view for the same queue, the later configuration overrides the previous configuration. Example # In global scheduling template a, set the scheduling mode of queue 3 to WRR, and then set the scheduling weight value to 20. <Quidway> system-view [Quidway] qos schedule-profile a Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 133 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 7 QoS compatible command [Quidway-qos-schedule-profile-a] qos wrr [Quidway-qos-schedule-profile-a] qos wrr queue-index 3 weight 20 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 134 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 8 Security Compatible Commands Security Compatible Commands About This Chapter 8.1 AAA Compatible Commands 8.2 DHCP Snooping Compatible Commands 8.3 NAC Compatible Commands 8.4 Local Attack Defense Compatible Commands 8.5 IP Source Guard Compatible Commands 8.6 URPF Compatible Commands 8.7 Traffic Suppression Compatible Commands 8.8 ACL Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 135 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands 8.1 AAA Compatible Commands 8.1.1 adminuser-priority Function The adminuser-priority command configures a user as an administrator to log in to the device and sets the administrator level during login. Format adminuser-priority level Parameters Parameter Description level Value Specifies the level of an administrator. The value is an integer ranging from 0 to 15. After logging in to the device, a user can run only the commands of the same level or lower levels. Views Service scheme view Default Level 2: Configuration level Usage Guidelines The adminuser-priority command configures a user as an administrator to log in to the device and sets the administrator level during login. Example # Configure a user as an administrator to log in to the device and set the administrator level to 15. <HUAWEI> system-view [HUAWEI] aaa [HUAWEI-aaa] service-scheme svcscheme1 [HUAWEI-aaa-service-svcscheme1] adminuser-priority 15 8.1.2 local-user level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 136 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Function The local-user level command sets the level of a local user. Format local-user user-name level level Parameters Parameter Description Value user-name Specifies the user name. The value is a string of 1 to 64 case-insensitive characters without spaces. level Specifies the user level. The value is an integer that ranges from 0 to 15. A greater value indicates a higher level of a user. The default user level is 3. After logging in to the device, a user can run only the commands of the same level or lower levels. Views AAA view Default Level 2: Configuration level Usage Guidelines The local-user level command sets the level of a local user. Example # Set the level of local user hello@huawei.net to 6. <HUAWEI> system-view [HUAWEI] aaa [HUAWEI-aaa] local-user hello@huawei.net level 6 8.1.3 local-user password old-password Function The local-user password old-password command changes the password for a local user. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 137 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Format local-user user-name password { cipher | irreversible-cipher } password old-password oldpassword Parameters Parameter Description Value user-name Specifies a user name. If the user name contains a domain name delimiter such as @, the character string before @ is the user name and the character string behind @ is the domain name. If the user name does not contain @, the entire character string is the user name and the domain name is the default one. The value is a string of 1 to 64 case-sensitive characters without spaces. The value is in format user@domain. When querying and modifying user names, you can use the wildcard *, for example, *@isp, user@*, and *@*. cipher password Indicates a password encrypted through the reversible algorithm. The value is a string of casesensitive characters without spaces. The length of a plaintext password ranges from 8 to 16, and the length of a cipher-text password is 32. It is recommended that you set the user password when creating a user. cipher indicates that the password is encrypted through the reversible algorithm. That is, unauthorized users can decrypt the passwords of authorized users. This mode has low security. irreversible-cipher password Indicates a password encrypted through the irreversible algorithm. irreversible-cipher indicates that the password is encrypted through the irreversible algorithm. That is, unauthorized users cannot decrypt the passwords of authorized users. This mode has high security. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. The value is a string of casesensitive characters without spaces. The length of a plaintext password ranges from 8 to 16, and the length of a cipher-text password is 56. 138 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameter Description Value old-password old-password Indicates the old password of a local user. The value is a string of casesensitive characters without spaces. The length of a plaintext password ranges from 8 to 16, and the length of a cipher-text password is 32 or 56. Views AAA view Default Level 3: Management level Usage Guidelines It is recommended that you change user passwords in the following situations: l Unauthorized users use the default user name and password to log in to the device. l A password has been used for a long time, so it is prone to disclosing and deciphering. Example # Change the password of the local user user1@vipdomain from admin@12345 to huawei@1234. <HUAWEI> system-view [HUAWEI] aaa [HUAWEI-aaa] local-user user1@vipdomain password cipher huawei@1234 old-password admin@12345 8.1.4 radius-server test-user detect interval Function The radius-server test-user detect interval command sets the interval for automatic user status detection. Format radius-server test-user detect interval interval-time Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 139 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameters Parameter Description Value interval-time Specifies the interval for automatic user status detection. The value is an integer that ranges from 5 to 3600, in seconds. Views RADIUS server template view Default Level 2: Configuration level Usage Guidelines You can use this command to set the interval for automatic user status detection. Example # Set the interval for automatic user status detection to 360 seconds. <HUAWEI> system-view [HUAWEI] radius-server template huawei [HUAWEI-radius-huawei] radius-server test-user detect interval 360 8.2 DHCP Snooping Compatible Commands 8.2.1 dhcp option82 format Function The dhcp option82 format command configures the format of the Option 82 field in DHCP messages. Format dhcp option82 [ circuit-id | remote-id ] format userdefined text Parameters Parameter Description Value circuit-id Specifies the format of the circuit-id (CID). - Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 140 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameter Description Value remote-id Specifies the format of the remote-id (RID). - userdefined text Indicates the user-defined format of the text is the user-defined character Option 82 field. string of the Option 82 field. Views System view Default Level 2: Configuration level Usage Guidelines You can use the dhcp option82 format command to configure the format of the Option 82 field in DHCP messages. Example # Configure the user-defined string for the CID in the Option 82 field and use the hexadecimal format to encapsulate the CID type (0, indicating the hexadecimal format), length (excluding the length of the CID type and the length keyword itself), outer VLAN ID, slot ID (5 bits), subslot ID (3 bits), and port number (8 bits). <HUAWEI> system-view [HUAWEI] dhcp option82 circuit-id format userdefined 0 %length %svlan %5slot % 3subslot %8port 8.2.2 dhcp snooping bind-table Function The dhcp snooping bind-table command configures a device to automatically back up DHCP snooping binding entries in a specified file. Format dhcp snooping bind-table autosave file-name [ write-delay delay-time ] Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 141 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameters Parameter Description Value file-name Specifies the path for storing the file that backs up DHCP snooping binding entries and the file name. You must specify both the path and name of the file supported by the system. The value is a string of 1 to 51 characters. write-delay delay-time Specifies the interval for local automatic backup of the DHCP snooping binding table. The value is an integer that ranges from 60 to 4294967295, in seconds. By default, the system backs up the DHCP snooping binding table every two days. If this parameter is not specified, the backup interval is the default value. Views System view Default Level 2: Configuration level Usage Guidelines You can use the dhcp snooping bind-table command to back up DHCP snooping binding entries in a specified file. Example # Configure a device to automatically back up DHCP snooping binding entries in the file backup.tbl in the flash memory. <HUAWEI> system-view [HUAWEI] dhcp snooping enable [HUAWEI] dhcp snooping bind-table autosave flash:/backup.tbl 8.2.3 dhcp snooping information circuit-id Function The dhcp snooping information circuit-id command configures the Option 82 circuit-id format. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 142 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Format dhcp snooping information circuit-id string string Parameters Parameter Description Value string string Specifies the circuit-id format. The value is a string of 1 to 63 characters. Views System view Default Level 2: Configuration level Usage Guidelines You can use the dhcp snooping information circuit-id command to configure the Option 82 circuit-id format. Example # Configure the Option 82 circuit-id format. <HUAWEI> system-view [HUAWEI] dhcp snooping information circuit-id string teststring 8.2.4 dhcp snooping information remote-id Function The dhcp snooping information remote-id command configures the Option 82 remote-id format. Format dhcp snooping information remote-id { sysname | string string } Parameters Issue 02 (2013-11-06) Parameter Description Value sysname System name. - string string Specifies the remote-id format. The value is a string of 1 to 63 characters. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 143 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Views System view Default Level 2: Configuration level Usage Guidelines You can use the dhcp snooping information remote-id command to configure the Option 82 remote-id format. Example # Configure the Option 82 remote-id format. <HUAWEI> system-view [HUAWEI] dhcp snooping information remote-id string teststring 8.2.5 dhcp snooping information format Function The dhcp snooping information format command configures the Option 82 field format. Format dhcp snooping information format { hex | ascii } Parameters Parameter Description Value hex Sets the Option 82 format to hexadecimal. - ascii Sets the Option 82 format to ASCII. - Views System view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 144 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Usage Guidelines You can use the dhcp snooping information format command to configure the Option 82 field format. Example # Set the Option 82 format to ASCII. <HUAWEI> system-view [HUAWEI] dhcp snooping information format ascii 8.2.6 dhcp snooping check dhcp-rate enable Function The dhcp snooping check dhcp-rate enable command enables the alarm function for checking the rate of sending DHCP packets to the DHCP stack. Format dhcp snooping check dhcp-rate enable rate rate [ alarm { enable | [ enable ] threshold threshold } | vlan { vlanstart_id [ to vlanend_id ] } &<1-10>] Parameters Parameter Description Value rate rate Specifies the rate of sending DHCP messages to the CPU. The value is an integer that ranges from 1 to 100. The value is an integer that ranges from 1 to 4094. threshold threshold Specifies the alarm threshold for the number of DHCP packets sent to the CPU. After DHCP packet check is enabled, an alarm is generated if the number of discarded DHCP packets reaches the alarm threshold. The value is an integer that ranges from 1 to 1000. Views System view, VLAN view, Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 145 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Usage Guidelines You can use the dhcp snooping check dhcp-rate enable command to enable the alarm function for checking the rate of sending DHCP packets to the DHCP stack. This command can only be used during a configuration restoration. Example # Enable DHCP packet rate check in the system view. <HUAWEI> system-view [HUAWEI] dhcp snooping enable [HUAWEI] dhcp snooping check dhcp-rate enable 8.2.7 dhcp snooping global max-user-number Function The dhcp snooping global max-user-number command sets the maximum number of global DHCP users. By default, the maximum number of global DHCP users is 1024. Format dhcp snooping global max-user-number max-user-number Parameters Parameter Description Value max-user-number Specifies the maximum number of global DHCP users. The value is an integer that ranges from 1 to 1024. Views System view Default Level 2: Configuration level Usage Guidelines The dhcp snooping global max-user-number command takes effect only when DHCP snooping is enabled globally and is valid for only DHCP users. When the number of global DHCP users reaches the threshold set by this command, no more users can access. You can use the dhcp snooping global max-user-number command to set the maximum number of global users. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 146 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Example # Set the maximum number of global DHCP users to 100. <HUAWEI> system-view [HUAWEI] dhcp snooping enable [HUAWEI] dhcp snooping global max-user-number 100 8.2.8 dhcp snooping sticky-mac Function The dhcp snooping sticky-mac command enables the device to generate static MAC address entries based on dynamic DHCP snooping binding entries. The undo dhcp snooping sticky-mac command disables the device from generating static MAC address entries based on dynamic DHCP snooping binding entries. By default, the device is disabled to generate static MAC address entries based on dynamic DHCP snooping binding entries. Format dhcp snooping sticky-mac undo dhcp snooping sticky-mac Parameters None Views Ethernet interface view, GE interface view, XGE interface view, port group view, Eth-trunk view Default Level 2: Configuration level Usage Guidelines Usage Scenario Dynamic MAC address entries are learned and generated by the device, and static MAC address entries are configured by command lines. A MAC address entry consists of the MAC address, VLAN ID, and port number of a DHCP client. The device implements Layer 2 forwarding based on MAC address entries. After the dhcp snooping sticky-mac command is executed on an interface, the device generates static MAC address entries (snooping type) of DHCP users on the interface based on the corresponding dynamic binding entries, clears all the dynamic MAC address entries on the interface, disables the interface to learn dynamic MAC address entries, and enables the device to match the source MAC address based on MAC address entries. Then only the message with Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 147 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands the source MAC address matching the static MAC address entry can pass through the interface; otherwise, messages are discarded. Therefore, the administrator needs to manually configure static MAC address entries (the static type) for non-DHCP users on the interface so that messages sent from non-DHCP users can pass through; otherwise, DHCP messages are discarded. This prevents attacks from non-DHCP users. NOTE l If a DHCP snooping binding entry is updated, the corresponding static MAC address entry is automatically updated. l If you run the dhcp snooping sticky-mac command on the interface, DHCPv6 users cannot go online. Run the nd snooping enable command in the system view and interface view to enable ND snooping and the savi enable command in the system view to enable SAVI. Prerequisites DHCP snooping has been enabled on the device using the dhcp snooping enable command. Precautions The dhcp snooping sticky-mac command cannot be used with the following commands on an interface. Command Description dot1x enable Enables 802.1x authentication on an interface. mac-authen Enables MAC address authentication on an interface. mac-address learning disable Enables MAC address learning. mac-limit Sets the maximum number of MAC addresses to be learned. port vlan-mapping vlan map-vlan Enables VLAN mapping. port vlan-mapping vlan inner-vlan port-security enable Enables port security. Example # Enable the device to generate static MAC address entries based on DHCP snooping binding entries on GE0/0/1. <HUAWEI> system-view [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] dhcp snooping sticky-mac Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 148 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands 8.2.9 dhcp snooping trust Function The dhcp snooping trust command configures an interface as a trusted interface. The undo dhcp snooping trust command configures an interface as an untrusted interface. By default, all interfaces are untrusted interfaces. Format dhcp snooping trust interface interface-type interface-number undo dhcp snooping trust interface interface-type interface-number Parameters Parameter Description Value interface interface-type interfacenumber Specifies the type and number of an interface. - l interface-type specifies the interface type. l interface-number specifies the interface number. Views VLAN view Default Level 2: Configuration level Usage Guidelines To enable DHCP clients to obtain IP addresses from authorized DHCP servers, DHCP snooping supports the trusted interface and untrusted interfaces. The trusted interface forwards DHCP messages while untrusted interfaces discard received DHCP ACK messages and DHCP Offer messages. An interface directly or indirectly connected to the DHCP server trusted by the administrator needs to be configured as the trusted interface, and other interfaces are configured as untrusted interfaces. This ensures that DHCP clients obtain IP addresses from authorized DHCP servers. Example # Configure GE0/0/1 in VLAN 100 as the trusted interface. <HUAWEI> system-view [HUAWEI] vlan 100 [HUAWEI-vlan100] dhcp snooping trust interface gigabitethernet 0/0/1 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 149 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands 8.3 NAC Compatible Commands 8.3.1 mac-authen username fixed password Function The mac-authen username fixed password command configures the fixed user name and password for MAC address authentication. The undo mac-authen username fixed password command deletes the fixed user name and password for MAC address authentication. By default, no fixed user name and password is configured for MAC address authentication. Format mac-authen username fixed username password simple password undo mac-authen username fixed username password simple password Parameters Parameter Description Value fixed username Specifies the fixed user name for MAC The value is a string of 1 to 64 characters. address authentication. simple Indicates the password in plain text. - password Specifies the password for MAC address authentication. The value is a string of 1 to 16 characters. Views System view Default Level 2: Configuration level Usage Guidelines You can use the mac-authen username fixed password command to configure the fixed user name and password for MAC address authentication. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 150 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Example # Configure the fixed user name and password for MAC address authentication. <HUAWEI> system-view [HUAWEI] mac-authen username fixed tester password simple 123456 8.3.2 web-auth-server (system view) Function The web-auth-server command configures a web authentication server in the system view. By default, no web authentication server is configured in the system view. Format web-auth-server server-name ip-address [ port port [ all ] ] [ key password | shared-key { simple password | cipher password } ] [ url url-string ] Parameters Issue 02 (2013-11-06) Parameter Description Value server-name Specifies the name of a web authentication server template. The value is a string of 1 to 31 case-insensitive characters. ip-address Specifies the IP address of a web authentication server. The value is in dotted decimal notation. port port Specifies the port number that the Portal server uses to receive and encapsulate UDP packets from the device. The value is an integer that ranges from 1 to 65535. all Indicates that the device always uses the destination port number specified by port-number to encapsulate UDP packets. - key password Specifies the shared key that the device uses to exchange information with a Portal server. The value is a string of 1 to 16 characters. shared-key Specifies the shared key that the device uses to exchange information with a Portal server. - Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 151 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameter Description Value simple password Displays a shared key in plain text. The value is a string of 1 to 16 characters. cipher password Displays a shared key in cipher text. The value is a string of 1 to 256 characters. url url-string Specifies the URL of a portal server. Portal authentication users can visit this URL to access the Portal server. The value is a string of 1 to 200 characters. Views System view Default Level 2: Configuration level Usage Guidelines When an unauthenticated user goes online, a device forces the user to log in to a special website (namely, the Portal website) so that the user can access the service on the Portal for free. To access the Internet, the user must pass the authentication on the Portal. Example # Set the IP address of web authentication server huawei to 10.1.1.1. <HUAWEI> system-view [HUAWEI] web-auth-server huawei 10.1.1.1 8.4 Local Attack Defense Compatible Commands 8.4.1 blacklist Function The blacklist command configures an ACL-based blacklist. By default, no blacklist is configured. Format blacklist acl { acl-number } &<1-4> Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 152 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameters Parameter Description acl acl-number Indicates the ACL ID. The ACL referenced by a blacklist on the device can be a basic ACL, an advanced ACL, or a Layer 2 ACL. Value The value is an integer that ranges from 2000 to 4999. Views System view, Attack defense policy view Default Level 2: Configuration level Usage Guidelines A maximum of eight blacklists can be configured on the device. You can set the attributes of a blacklist by defining ACL rules. The packets sent from users in the blacklist are discarded after reaching the device. Example # Reference ACL 2001 in the blacklist. <HUAWEI> system-view [HUAWEI] cpu-defend policy test [HUAWEI-cpu-defend-policy-test] blacklist acl 2001 8.4.2 car Function The car command sets the rate at which packets are sent to the CPU. Format car packet-type bpdu cir cir-value [ cbs cbs-value ] car packet-type ftp-dynamic cir cir-value [ cbs cbs-value ] undo car packet-type bpdu undo car packet-type ftp-dynamic Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 153 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameters Parameter Description Value packet-type bpdu Limits the rate of bpdu packets. - packet-type ftp-dynamic Limits the rate of ftp-dynamic packets. - cir cir-value Indicates the committed information rate (CIR). The value is an integer that ranges from 8 to 4294967295, in kbit/s. cbs cbs-value Indicates the committed burst size (CBS). The value is an integer that ranges from 10000 to 4294967295, in bytes. Views Attack defense policy view Default Level 2: Configuration level Usage Guidelines The default CARs for packets of each type range from 64 kbit/s to 512 kbit/s. You can run the display cpu-defend configuration command to query the default CAR. If you run the deny and car commands for the same type of packets sent to the CPU, the command that runs later takes effect. NOTE If packets are sent to the CPU at a high rate and a large CAR value is configured on the device, the CPU usage may be too high. This may degrade the device performance or even cause the stack split. Example # Set the CAR of packets in defense policy test as follows: Set the packet type to bpdu, CIR to 64 kbit/s, and CBS to 33000 bytes. <HUAWEI> system-view [HUAWEI] cpu-defend policy test [HUAWEI-cpu-defend-policy-test] car packet-type bpdu cir 64 cbs 33000 8.4.3 car cpu-port Function The car cpu-port command configures the CIR of all the packets to be sent to the CPU. By default, the CIR value of all the packets to be sent to the CPU is 1024 kbit/s on the device. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 154 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Format car cpu-port cir cir-rate Parameters Parameter Description Value cir cir-rate Sets the CIR of all the packets to be sent to the CPU. The value is an integer that ranges from 64 to 2048, in kbit/s. Views Attack defense policy view Default Level 2: Configuration level Usage Guidelines The car cpu-port command limits the total rate of all protocol packets sent to the CPU. The car packet-type command limits the rate of packets of a specified protocol. However, the total CIR of packets of specified protocols cannot exceed the CIR of all the packets sent to the CPU. When the CIR is exceeded, excess packets including unicast, multicast, and broadcast packets are not sent to the CPU. In addition, the unicast packets are discarded directly. Example # Set the CIR of all the packets to be sent to the CPU to 512 kbit/s on the device. <HUAWEI> system-view [HUAWEI] cpu-defend policy test [HUAWEI-cpu-defend-policy-test] car cpu-port cir 512 8.4.4 cpu-defend linkup-car bgp enable Function The cpu-defend linkup-car bgp enable command enables the BGP protocol association. The undo cpu-defend linkup-car bgp enable command disables the BGP protocol association. By default, the BGP protocol association is disabled. Format cpu-defend linkup-car bgp enable undo cpu-defend linkup-car bgp enable Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 155 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameters None Views System view Default Level 2: Configuration level Usage Guidelines This command is provided for compatibility with earlier versions. Example # Enable the BGP protocol association. <HUAWEI> system-view [HUAWEI] cpu-defend linkup-car bgp enable 8.4.5 deny Function The deny command sets the discard action taken for packets sent to the CPU. The undo deny command restores the default action taken for packets sent to the CPU. By default, the device limits the rate of protocol packets and user-defined flows based on the CAR configuration. Format deny packet-type bpdu deny packet-type ftp-dynamic undo deny packet-type bpdu undo deny packet-type ftp-dynamic Parameters Parameter Description Value packet-type bpdu Discards bpdu packets . - packet-type ftp-dynamic Discards ftp-dynamic packets. - Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 156 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Views Attack defense policy view Default Level 2: Configuration level Usage Guidelines If you run the deny and car commands for the same type of packets sent to the CPU, the command that runs later takes effect. The undo deny command restores the default action taken for packets sent to the CPU. After you run this command, the system limits the rate of packets sent to the CPU based on the configured CIR and CBS values. Example # Set the discard action taken for bpdu packets sent to the CPU attack in defense policy test. <HUAWEI> system-view [HUAWEI] cpu-defend policy test [HUAWEI-cpu-defend-policy-test] deny packet-type bpdu 8.5 IP Source Guard Compatible Commands 8.5.1 ip anti-attack source-ip equals destinetion-ip drop Function The ip anti-attack source-ip equals destinetion-ip drop command enables the device to discard IP packets with the same source and destination IP addresses. The undo ip anti-attack source-ip equals destinetion-ip drop command disables the device from discarding IP packets with the same source and destination IP addresses. By default, the device does not discard IP packets with the same source and destination IP addresses. Format ip anti-attack source-ip equals destinetion-ip drop { all | slot slot-id } undo ip anti-attack source-ip equals destinetion-ip drop { all | slot slot-id } Parameters Issue 02 (2013-11-06) Parameter Description Value all All the devices. - Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 157 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameter Description Value slot slot-id l The value is 0 if stacking is not configured. Set the value according to the device configuration. l Specifies the stack ID if stacking is configured. Views System view Default Level 2: Configuration level Usage Guidelines Generally, IP packets with the same source and destination IP addresses can be forwarded. When you determine that the IP packets are attack packets, you can use the ip anti-attack source-ip equals destinetion-ip drop command to enable the device to discard the IP packets. Example # Enable the device to discard IP packets with the same source and destination IP addresses. <HUAWEI> system-view [HUAWEI] ip anti-attack source-ip equals destinetion-ip drop all 8.5.2 ip source check Function The ip source check command enables dynamic IP source guard. By default, dynamic IP source guard is disabled on the device. Format ip source check { ip-address | mac-address | interface } * Parameters None Views VLAN view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 158 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Usage Guidelines After dynamic IP source guard is enabled on a VLAN, the device checks packets according to the entries in the DHCP snooping binding table specified by the ip source check command. Packets that do not match the specified entries in the DHCP snooping binding table are discarded. Therefore, access control is implemented and unauthorized users are not allowed to access the network. Dynamic IP source guard does not generate binding entries. Packets are checked according to the specified entries in the DHCP snooping binding table. Therefore, you must enable the device to check IP and ARP packets before enabling the dynamic IP source guard. Dynamic IP source guard configured independently does not take effect. Example # Enable dynamic IP source guard in VLAN 10 to check the IP address and MAC address of a packet according to the DHCP snooping binding table. View the DHCP snooping binding table. <HUAWEI> system-view [HUAWEI] vlan 10 [HUAWEI-Vlan10] ip source check ip-address mac-address 8.6 URPF Compatible Commands 8.6.1 urpf (interface view) Function The urpf command configures the URPF check mode for interfaces. NOTE The S2350, S5300SI, S5306, and S5300LI do not support this command. Format ip urpf { loose | strict } [ allow-default-route ] Parameters Parameter Description loose Indicates URPF loose check. In this mode, the device forwards a packet as long as the source address of the packet exists in the routing table or ARP table, regardless of whether the matching outbound interface in the routing table or ARP table is the same as the inbound interface of the packet. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Value 159 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameter Description strict Indicates URPF strict check. In this mode, the device forwards a packet only when the source address of the packet exists in the routing table or ARP table, and the matching outbound interface in the routing table or ARP table is the same as the inbound interface of the packet. allow-default-route Allows special process for the default route. Value - Views GE interface view, XGE interface view, Eth-Trunk interface view, port group view Default Level 2: Configuration level Usage Guidelines The URPF check mode configured on an interface is valid only after the URPF is enabled on the LPU. The URPF determines how to process the default route based on whether the allow-defaultroute parameter is specified in the command. l If allow-default-route is set but the source address of a packet does not exist in the routing table or ARP table, the packet is discarded even if the default route is found, regardless of the strict or loose check. If allow-default-route is set and the source address of a packet exists in the routing table or ARP table: – In the strict check mode, the device forwards a packet when the outbound interface in the default route is the same as the inbound interface of the packet. When the outbound interface in the default route is different from the inbound interface of the packet, the packet is discarded. – In the loose check mode, the device forwards a packet regardless of whether the outbound interface in the default route is the same as the inbound interface of the packet. l If allow-default-route is not set, the default route is not processed. Example # Enable the strict URPF check on GE0/0/1 and allow the special process for the default route. <HUAWEI> system-view [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] ip urpf strict allow-default-route 8.7 Traffic Suppression Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 160 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands 8.7.1 broadcast-suppression Function The broadcast-suppression command sets the maximum traffic rate of broadcast packets that can pass through an interface. The undo broadcast-suppression command restores the default traffic rate of broadcast packets that can pass through an interface. Format broadcast-suppression { broadcast-pct | packets packets-per-second } undo broadcast-suppression Parameters Parameter Description Value broadcast-pct Specifies the maximum percentage of broadcast traffic on an interface. The value ranges from 0 to 100. The default value is 100. By default, broadcast traffic is not suppressed on interfaces. packets packets-per-second Specifies the maximum number of broadcast packets allowed to pass through an interface per second. The value of packets-persecond is an integer. Views Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines When the traffic rate of broadcast packets exceeds the maximum value, the system discards excess broadcast packets to control the traffic rate and ensure normal operation of network services. Example # Set the maximum percentage of broadcast traffic to 20% of interface bandwidth on Eth-Trunk1. <HUAWEI> system-view [HUAWEI] interface eth-trunk 1 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 161 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands [HUAWEI-Eth-Trunk1] broadcast-suppression 20 8.7.2 multicast-suppression Function The multicast-suppression command sets the maximum traffic rate of multicast packets that can pass through an interface. The undo multicast-suppression command restores the default traffic rate of multicast packets that can pass through an interface. Format multicast-suppression { multicast-pct | packets packets-per-second } undo multicast-suppression Parameters Parameter Description Value multicast-pct Specifies the maximum percentage of multicast traffic on an Ethernet interface. The value ranges from 0 to 100. The default value is 100. By default, multicast traffic is not suppressed on interfaces. packets packets-per-second Specifies the maximum number of multicast packets allowed to pass through an interface per second. The value of packets-persecond is an integer. Views Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines When the traffic rate of multicast packets exceeds the maximum value, the system discards excess multicast packets to control the traffic rate and ensure normal operation of network services. Example # Set the maximum percentage of multicast traffic to 20% of interface bandwidth on Eth-Trunk1. <HUAWEI> system-view [HUAWEI] interface eth-trunk 1 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 162 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands [HUAWEI-Eth-Trunk1] multicast-suppression 20 8.7.3 unicast-suppression Function The unicast-suppression command sets the maximum traffic rate of unknown unicast packets that can pass through an interface. The undo unicast-suppression command restores the default traffic rate of unknown unicast packets that can pass through an interface. Format unicast-suppression { unicast-pct | packets packets-per-second } undo unicast-suppression Parameters Parameter Description Value unicast-pct Specifies maximum percentage of unknown unicast traffic on an Ethernet interface. The value ranges from 0 to 100. The default value is 100. By default, unknown unicast traffic is not suppressed on interfaces. packets packets-per-second Specifies the maximum number of unknown unicast packets allowed to pass through an interface per second. The value of packets-persecond is an integer. Views Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines When the traffic rate of unknown unicast packets exceeds the maximum value, the system discards excess unknown unicast packets to control the traffic rate and ensure normal operation of network services. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 163 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Example # Set the maximum percentage of unknown unicast traffic to 20% of interface bandwidth on Eth-Trunk1. <HUAWEI> system-view [HUAWEI] interface eth-trunk1 [HUAWEI-Eth-Trunk1] unicast-suppression 20 8.8 ACL Compatible Commands 8.8.1 acl ipv6 Function The acl ipv6 command creates an ACL6 and enters the ACL6 view. The undo acl ipv6 command deletes an ACL. Format acl ipv6 [ number ] acl6-number [ name acl6-name ] undo acl ipv6 { all | [ number ] acl6-number | name acl6-name } Parameters Parameter Description Value number acl6-number Indicates the ID of an ACL6. The value of acl6-number is an integer that ranges from 2000 to 3999. In these options, l ACL6s numbered from 2000 to 2999 are basic ACL6s. l ACL6s numbered from 3000 to 3999 are advanced ACL6s. name acl6-name Issue 02 (2013-11-06) Specifies a named ACL6. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. The value of acl6-name is a string of 1 to 32 casesensitive characters without spaces. The name starts with a letter (lowercase a to z or uppercase A to Z) and can contain letters, digits, and symbols such as the number sign (#), percentage symbol (%), and hyphen (-). 164 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameter Description Value all Deletes all ACL6s. - Views System view Default Level 2: Configuration level Usage Guidelines None Example # Create an ACL6 named test and numbered 3100. <HUAWEI> system-view [HUAWEI] acl ipv6 number 3100 name test [HUAWEI-acl6-adv-test] 8.8.2 acl (system view) Function The acl command creates an ACL and enters the ACL view. The undo acl command deletes a specified ACL. Format acl [ number ] acl-number [ name acl-name ] undo acl { all | [ number ] acl-number | name acl-name } Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 165 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameters Parameter Description Value number acl-number Indicates the ID of an ACL. The value of acl-number is an integer that ranges from 2000 to 5999. l ACLs numbered from 2000 to 2999 are basic ACLs. l ACLs numbered from 3000 to 3999 are advanced ACLs. l ACLs numbered from 4000 to 4999 are Layer 2 ACLs. l ACLs numbered from 5000 to 5999 are customized ACLs. name acl-name Specifies a named ACL. The value of acl-name is a string of 1 to 32 casesensitive characters without spaces. The name starts with a letter (lowercase a to z or uppercase A to Z) and can contain letters, digits, and symbols such as the number sign (#), percentage symbol (%), and hyphen (-). all Deletes all ACLs. - Views System view Default Level 2: Configuration level Usage Guidelines An ACL consists of a list of rules. Each rule contains a permit or deny clause. Before creating an ACL rule, you must create an ACL. Example # Create an ACL named test and numbered 3100. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 166 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands <HUAWEI> system-view [HUAWEI] acl number 3100 name test [HUAWEI-acl-adv-test] 8.8.3 rule (ACL6) Function The rule command adds or modifies advanced ACL6 rules. The undo rule command deletes IPv6 ACL rules. Format rule [ rule-id ] { deny | permit } ipv6-AH [ destination { destination-ipv6-address prefixlength | destination-ipv6-address/prefix-length | destination-ipv6-address postfix postfixlength | any } | dscp dscp | fragment | logging | precedence precedence | source { source-ipv6address prefix-length | source-ipv6-address/prefix-length | source-ipv6-address postfix postfixlength | any } | time-range time-name | tos tos ] * rule [ rule-id ] { deny | permit } ipv6-ESP [ destination { destination-ipv6-address prefixlength | destination-ipv6-address/prefix-length | destination-ipv6-address postfix postfixlength | any } | dscp dscp | fragment | logging | precedence precedence | source { source-ipv6address prefix-length | source-ipv6-address/prefix-length | source-ipv6-address postfix postfixlength | any } | time-range time-name | tos tos ] * Parameters Parameter Description Value rule-id Indicates the ID of an ACL6 rule. The value ranges from 0 to 2047. l If the ID of a rule is specified and the rule exists, the new rule is added to the rule with this ID, that is, the old rule is modified. l If the rule associated with a rule ID does not exist, a rule can be created with this rule ID and its position in the ACL is determined by the rule ID. l If no rule ID is specified, the device allocates an ID to the new rule. The rule IDs are sorted in ascending order. Issue 02 (2013-11-06) deny Discards packets that do not match ACL rules. - permit Allows packets to pass. - ipv6-AH Indicates the protocol type. - ipv6-ESP Indicates the protocol type. - Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 167 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Issue 02 (2013-11-06) 8 Security Compatible Commands Parameter Description Value destination { destinationipv6-address prefix-length | destinationipv6-address/ prefix-length | any } Indicates the destination address and prefix of a packet. destination-ipv6-address is expressed in hexadecimal notation. The value of prefixlength is an integer that ranges from 1 to 128. You can also use any to represent any destination address. destination destinationipv6-address postfix postfix-length Indicates the destination address and the length of destination address postfix. destination-ipv6-address indicates the destination address and is expressed in hexadecimal notation. postfix-length is an integer that ranges from 1 to 64. dscp dscpvalue Specifies the value of a Differentiated Services CodePoint (DSCP). The value ranges from 0 to 63. fragment Indicates that the rule is valid for only non-initial fragments. - logging Indicates whether to record logs for packets that meet ACL rules. Log contents include the ACL rule ID, pass or discard of packets, type of the protocol over IP, source or destination address, source or destination port number, and number of packets. precedence Filters packets by priority. The value is a name or a digit that ranges from 0 to 7. source { source-ipv6address prefix-length | source-ipv6address/ prefix-length | any } Indicates the source address and prefix of a packet. source-ipv6-address indicates the source address and is expressed in hexadecimal notation. prefix-length is an integer that ranges from 1 to 128. You can also use any to represent any source address. source source-ipv6address postfix postfix-length Indicates the source address and the length of source address postfix. source-ipv6-address indicates the source address and is expressed in hexadecimal notation. postfix-length is an integer that ranges from 1 to 64. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 168 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 8 Security Compatible Commands Parameter Description Value time-range time-name Specifies the time range only in which ACL6 rules are effective. The value is a string of 1 to 32 characters. time-name indicates the name of the time range. tos tos Filters packets by Type of Service (ToS). The value is a name or a digit that ranges from 0 to 15. Views Advanced ACL6 view Default Level 2: Configuration level Usage Guidelines This command is used in the IPv6 ACL configuration mode. When adding a rule, specify the source IPv6 address in the rule. To delete or modify an existing rule, specify the rule ID. Example # Create an advanced ACL6 with ID 3000 and configure a rule that allows only IPv6 ESP packets with the source IPv6 address 2030:5060::9050 and mask 64 to pass. <HUAWEI> system-view [HUAWEI] acl ipv6 number 3000 [HUAWEI-acl6-adv-3000] rule 0 permit ipv6-esp source 2030:5060::9050/64 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 169 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 9 9 Reliability Compatible Commands Reliability Compatible Commands About This Chapter 9.1 VRRP Compatible Commands 9.2 Smart Link Compatible Commands 9.3 Ethernet OAM Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 170 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 9 Reliability Compatible Commands 9.1 VRRP Compatible Commands 9.1.1 clear vrrp-config Function The clear vrrp-config command clears the current configuration of VRRP backup groups. Format clear vrrp-config Parameters None Views Hide view Default Level 3: Management level Usage Guidelines Usage Scenario The clear vrrp-config command clears the current configuration of VRRP backup groups. Configuration Impact After this command is run, all existing VRRP backup groups are deleted. Precautions No prompt information is displayed when this command is run. Nothing is displayed if no VRRP backup groups are available. Example # Clear the current configuration information about VRRP backup groups. <HUAWEI> system-view [HUAWEI] _h [HUAWEI-hidecmd] clear vrrp-config 9.2 Smart Link Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 171 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 9 Reliability Compatible Commands 9.2.1 load-balance reference-instance Function The load-balance reference-instance command sets the load balancing mode of a Smart Link group. The undo load-balance reference-instance command deletes a load balancing instance of a Smart Link group. Format load-balance reference-instance instance-id slave undo load-balance reference-instance [ slave ] Parameters Parameter Description Value instance-id Specifies the ID of a Smart Link instance. The value is an integer that ranges from 0 to 48. slave Specifies the slave interface for transmitting packets of a Smart Link instance. - Views Smart Link group view Default Level 2: Configuration level Usage Guidelines Before you run the load-balance instance command in a Smart Link group, the Smart Link group must be disabled. After configuring load balancing in a Smart Link group, you can use the display smart-link group command to verify the configuration. When the links of all Smart Link group members are Up, the inactive link transmits the traffic from the VLANs mapping the specified instance. Example # Set the load balancing mode of the Smart Link group whose ID is 3. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 172 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 9 Reliability Compatible Commands <Quidway> system-view [Quidway] smart-link group 3 [Quidway-smlk-group3] load-balance reference-instance 1 slave 9.3 Ethernet OAM Compatible Commands 9.3.1 efm trigger if-net Function The efm trigger if-net command associates EFM with an interface. Format efm trigger if-net Parameters None Views GE interface view, XGE interface view Default Level 2: Configuration level Usage Guidelines Usage Scenario EFM can be associated with interfaces. On a scenario with primary and backup links, if EFM detects a fault on the primary link, it will set the protocol status of the associated interface to ETHOAM Down, speeding up routing convergence. Traffic can be fast switched to the backup link. Prerequisites EFM has been enabled globally and on an interface, and is in detect state. Precautions If EFM is associated with an interface and detects a link fault, the protocol status of the interface becomes ETHOAM Down, and no packet except EFM OAMPDUs can be forwarded by the interface, and all Layer 2 and Layer 3 services are blocked. Therefore, associating EFM with an interface may greatly affect services. When the interface detects link recovery using EFM, the interface can forward all packets and unblocks Layer 2 and Layer 3 services. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 173 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 9 Reliability Compatible Commands Example # Associate EFM with GE0/0/1. <HUAWEI> system-view [HUAWEI] efm enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] efm enable [HUAWEI-GigabitEthernet0/0/1] efm trigger if-net 9.3.2 error-shutdown auto-recovery cause efm-threshold-event Function The error-shutdown auto-recovery cause efm-threshold-event command enables an interface in error-shutdown state to go Up. NOTE An interface enters the error-shutdown state after being shut down due to an error. Format error-shutdown auto-recovery cause efm-threshold-event Parameters Parameter Description Value cause Indicates the cause for an interface in error-down state. efm-threshold-event Indicates that a threshold crossing event occurs. - Views System view Default Level 2: Configuration level Usage Guidelines Usage Scenario When link monitoring is configured for an interface on a link, the link is considered unavailable, if the number of errored frames, errored codes, or errored frame seconds detected by the interface reaches or exceeds the threshold within a period. You can associate an EFM crossing event with an interface. Then the system sets the administrative status of the interface to Down. In this manner, all services on the interface are interrupted. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 174 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 9 Reliability Compatible Commands By default, an interface can only be resumed by a network administrator after being shut down. To configure the interface to restore to the Up state automatically, run the error-down autorecovery command to set an auto recovery. Example # Set the auto recovery after an EFM threshold crossing event is associated with an interface. <HUAWEI> system-view [HUAWEI] error-shutdown auto-recovery cause efm-threshold-event 9.3.3 error-shutdown auto-recovery interval Function The error-shutdown auto-recovery interval command sets the auto recovery delay. NOTE An interface enters the error-shutdown state after being shut down due to an error. Format error-shutdown auto-recovery interval interval-value Parameters Parameter Description Value interval interval-value Specifies the auto recovery delay. The value is an integer that ranges from 30 to 86400, in seconds. l A smaller value indicates a higher frequency at which an interface alternates between Up and Down states. l A larger value indicates longer traffic interruption. Views System view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 175 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 9 Reliability Compatible Commands Usage Guidelines Usage Scenario By default, an interface can only be resumed by a network administrator after being shut down. To configure the interface to restore to the Up state automatically, run the error-shutdown autorecovery interval command to set an auto recovery delay. After the delay, the interface goes Up automatically. Example # Set the auto recovery delay to 50s. <HUAWEI> system-view [HUAWEI] error-shutdown auto-recovery interval 50 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 176 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 10 Device Management Compatible Commands Device Management Compatible Commands About This Chapter 10.1 vrbd 10.2 _shell 10.3 backup elabel 10.4 cpu-usage threshold 10.5 display autosave config 10.6 display environment 10.7 display elabel unit 10.8 display fault-management 10.9 display fault-management alarm information 10.10 display reboot-info 10.11 fault-management alarm 10.12 reset reboot-info 10.13 display alarm urgent 10.14 reset alarm urgent 10.15 temperature threshold unit 10.16 port-mirroring to observe-port 10.17 poe power 10.18 port-mirroring Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 177 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands 10.19 reset fault-management Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 178 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands 10.1 vrbd Function The vrbd command displays the compiling time and version of the system software. Format vrbd Parameters None Views Diagnosis view Default Level 3: Management level Usage Guidelines You can check the compiling time and version of the system software to determine whether the system software needs to be upgraded. Example # Display the compiling time and version of the system software. <HUAWEI> system-view [HUAWEI] diagnose [HUAWEI-diagnose] vrbd S5300 Version V200R003C00SPC300 VRP Software Version F100S100 Copyright (C) 2000-2011 Huawei Technologies Co., Ltd. Compiled Mar 26 2012 17:30:56 By S5300 CMO CPLD Ver 257, Date Aug 8 2013 Board 0 SoftWare Version V200R003C00 SPC300B440 Board 0 SoftWare for user V200R003C00SPC300 10.2 _shell Function The _shell command displays the shell mode. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 179 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands The _shell show command displays the shell mode status. The _shell slot-id [ kick-out ] command enables you to exit from the shell mode. Format _shell { slot-id [ kick-out ] | show } Parameters Parameter Description Value slot-id Specifies the destination slot ID. The value must be set according to the device configuration. kick-out Indicates that users exit from the shell mode. show Displays the shell mode status. - Views Diagnosis view Default Level 2: Configuration level Usage Guidelines None Example # Display the shell mode status. <HUAWEI> system-view [HUAWEI] diagnose [HUAWEI-diagnose] _shell [HUAWEI-diagnose] _shell show User-ID User-Intf Slot 0 con0 2 Username Unspecified # Enable slot 0 to exit from the shell mode. <HUAWEI> system-view [HUAWEI] diagnose [HUAWEI-diagnose] _shell 0 kick-out Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 180 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands 10.3 backup elabel Function Using the backup elabel command, you can save the electronic label of the S2350&S5300&S6300 to the File Transfer Protocol (FTP) server or to the Flash memory. Format backup elabel [ ftp ip-address filename username password ] [ unit unit-id ] Parameters Parameter Description Value ip-address Specifies the IP address of the FTP server that stores the electronic label. The value is in dotted decimal notation. filename Specifies the name of the file that stores the electronic label on the FTP server. The value is a string of 1 to 20 case-sensitive characters without spaces. username Specifies user name used to log in to the FTP server. The value is a string of 0 to 20 case-sensitive characters without spaces. password Specifies the password used to log in to the FTP server. The value is a string of 0 to 20 case-sensitive characters without spaces. unit unit-id l Specifies the slot ID if stacking is not configured. The value an integer that is 0 if stacking is not configured; the value ranges from 0 to 8 if stacking is configured. l Specifies the stack ID if stacking is configured. Views User view Default Level 1: Monitoring level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 181 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Usage Guidelines You can use this command to save the electronic label of the S2350&S5300&S6300 to a file in the flash memory or on the FTP server. If the electronic label is saved in the flash memory, the file name is elabel.fls by default. Example # Save the electronic label of the S2350&S5300&S6300 with the stack ID being 0 to the elabel.fls file in the flash memory. <HUAWEI> backup elabel unit 0 Info: Output information to file: flash:/elabel.fls. Please wait for a moment... Info: Put file to flash successfully. 10.4 cpu-usage threshold Function The cpu-usage threshold command sets the upper and lower CPU usage alarm thresholds. The undo cpu-usage threshold command restores the default setting. Format cpu-usage threshold unit unit-id { high | low } threshold-value Parameters Parameter Description Value high Specifies the upper CPU usage alarm threshold. - low Specifies the lower CPU usage alarm threshold. - unit unit-id l Specifies the slot ID if stacking is not The value is 0 if stacking is not configured; the value ranges from 0 to configured. l Specifies the stack ID if stacking is 8 if stacking is configured. configured. Views System view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 182 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Usage Guidelines When the CPU usage is not within the allowed range, a log is recorded. You can conveniently know CPU usage through log information. Example # Set the upper CPU usage alarm threshold of a switch to 85%. <HUAWEI> system-view [HUAWEI] cpu-usage threshold unit 0 high 85 10.5 display autosave config Function The display autosave config command displays the configuration about the autosave function, including the status of the autosave function, time for autosave check, threshold of the CPU usage, and interval during which configurations are not changed. Format display autosave config Parameters None Views All views Default Level 1: Monitoring level Usage Guidelines After the autosave function is configured, you can run the display autosave config command to check whether the configured parameters are correct. You can also run this command to check whether the parameters about the autosave function are properly configured when autosave cannot function normally. If not, run the set save-configuration command to adjust the parameters to restore the normal state of the autosave function. Example # Display the configuration about the autosave function. <HUAWEI> display autosave config Auto save function status: enable Auto save checking interval: 60 minutes The threshold of the CPU usage: 50% The interval of the configuration not changing: 30 minutes Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 183 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Table 10-1 Description of the display autosave config command output Item Description Auto save function status Indicates the status of the autosave function: l Enable l Disable Auto save checking interval Indicates the time for autosave check. The threshold of the CPU usage Indicates the threshold of the CPU usage during the autosave operation. The interval of the configuration not changing Indicates the interval during which system configurations are not changed. 10.6 display environment Function Using the display environment command, you can view the temperature of the S2350&S5300&S6300. Format display environment unit unit-id Parameters Parameter Description Value unit unit-id l Specifies the slot ID if stacking is not configured. The value is an integer that is 0 if stacking is not configured; the value ranges from 0 to 8 if stacking is configured. l Specifies the stack ID if stacking is configured. Views All views Default Level 1: Monitoring level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 184 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Usage Guidelines You can set the temperature alarm threshold of the S2350&S5300&S6300 or a temperature sensing board. When the temperature of the S2350&S5300&S6300 exceeds the threshold, check the working environment of the S2350&S5300&S6300 to ensure that the environment is suitable for the S2350&S5300&S6300. Example # Display the temperature of the S2350&S5300&S6300 that unit id is 0. <HUAWEI> display environment unit 0 Environment information: Temperature information: SlotID CurrentTemperature LowLimit HighLimit (deg c ) (deg c) (deg c ) 1 33 0 70 Table 10-2 Description of the display environment command output Item Description SlotID Stack ID of the S2350&S5300&S6300. CurrentTemperature Temperature of the S2350&S5300&S6300. It is expressed in Celsius. LowLimit Lower temperature threshold of the S2350&S5300&S6300. It is expressed in Celsius. HighLimit Upper temperature threshold of the S2350&S5300&S6300. It is expressed in Celsius. 10.7 display elabel unit Function The display elabel unit command displays the electronic label of the device. Format display elabel unit unit-id [ subcard-id ] Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 185 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Parameters Parameter Description Value slot slot-id Specifies the stack ID of the device. The value ranges from 0 to 8 if stacking is configured. The value is 0 if stacking is not configured. subcard-id Specifies the subcard ID. This parameter can be specified if any subcard is used on the device. The value is an integer that ranges from 1 to 8. Views All views Default Level 1: Monitoring level Usage Guidelines Electronic labels identify the hardware. You can use the display elabel command to view the electronic label information. Example # Display the electronic label of the device with stack ID 0. <HUAWEI> display elabel slot 0 /$[System Integration Version] /$SystemIntegrationVersion=3.0 [Slot_0] /$[Board Integration Version] /$BoardIntegrationVersion=3.0 [Main_Board] /$[System Integration Version] /$SystemIntegrationVersion=3.0 [Slot_0] /$[Board Integration Version] /$BoardIntegrationVersion=3.0 [Main_Board] /$[ArchivesInfo Version] /$ArchivesInfoVersion=3.0 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 186 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands [Board Properties] BoardType=CX22EFGE BarCode=21023516101234567890 Item=02351610 Description=CX22EFGE Manufactured=2009-12-10 VendorName=Huawei IssueNumber= CLEICode= BOM= /$[ArchivesInfo Version] /$ArchivesInfoVersion=3.0 [Board Properties] BoardType=CX7E1FANA BarCode=21023516511091000140 Item=02351651 Description=S23&33&53&CX200D,CX7E1FANA,Fan Assembly Manufactured=2009-01-27 VendorName=Huawei IssueNumber=00 CLEICode= BOM= /$[ArchivesInfo Version] /$ArchivesInfoVersion=3.0 [Board Properties] BoardType=CX7M1PWA BarCode=21023167831091000269 Item=02316783 Description=S5300C,CX7M1PWA,AC Power Module Manufactured=2009-01-29 VendorName=Huawei IssueNumber=00 CLEICode= BOM= /$[ArchivesInfo Version] /$ArchivesInfoVersion=3.0 [Board Properties] BoardType=CX7E1FANA BarCode=210235165110A6000619 Item=02351651 Description=S23&33&53&CX200D,CX7E1FANA,Fan Assembly Manufactured=2010-06-08 VendorName=Huawei IssueNumber=00 CLEICode= BOM= Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 187 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands /$[ArchivesInfo Version] /$ArchivesInfoVersion=3.0 [Board Properties] BoardType=CX22PW12 BarCode=020LXP0123456789 Item=03020LXP Description=S23&33&53&CX200D ,CX22PW12 ,Power Conversion Board,2*4 Manufactured=2009-10-22 VendorName=Huawei IssueNumber=00 CLEICode= BOM= Table 10-3 Description of the display elabel command output Item Description BoardType Board model of the specified component. BarCode Bar code of the specified component. Item BOM code of the specified component. Description English description of the specified component. Manufactured Production date of the specified component. VendorName Vendor name of the specified component. IssueNumber Issuing number of the specified component. CLEICode CLEI code of the specified component. BOM Sales BOM code of the specified component. 10.8 display fault-management Function The display fault-management command displays the contents of an alarm message, active alarm message, or event. Format display fault-management { alarm | active-alarm | event } [ sequence-number sequencenumber ] Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 188 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Parameters Parameter Description Value sequence-number sequence-number Specifies the number of an alarm message, active alarm message, or event. The value is an integer ranging from 0 to 2147483647. When the value is 0, information about all alarm messages, active messages, or events is displayed. Views All views Default Level 1: Monitoring level Usage Guidelines This command helps you obtain the contents of all alarm messages or one alarm message on a device. Example # Display the contents of active alarm messages in the system. <HUAWEI> display fault-management active-alarm A/B/C/D/E/F/G/H/I/J A=Sequence, B=RootKindFlag(Independent|RootCause|nonRootCause) C=Generating time, D=Clearing time E=ID, F=Name, G=Level, H=State I=Description information for locating(Para info, Reason info) J=RootCause alarm sequence(Only for nonRootCause alarm) 1/Independent/2008-10-13 01:49:45+08:00/-/0x41932001/hwLldpEnabled/Warning/Sta rt/OID: 1.3.6.1.4.1.2011.5.25.134.2.1 Global LLDP is enabled. 2/Independent/2008-10-13 01:50:06+08:00/-/0x41932000/lldpRemTablesChange/Warni ng/Start/OID: 1.0.8802.1.1.2.0.0.1 Neighbor information is changed. (LldpStatsRe mTablesInserts=1, LldpStatsRemTablesDeletes=0, LldpStatsRemTablesDrops=0, LldpSt atsRemTablesAgeouts=0) 5/Independent/2008-10-13 02:22:52+08:00/-/0x40c12014/hwPortPhysicalEthHalfDupl exAlarm/Minor/Start/OID 1.3.6.1.4.1.2011.5.25.129.2.5.11 The port works in half duplex mode. (EntityPhysicalIndex=10, BaseTrapSeverity=3, BaseTrapProbableCause= 1024, BaseTrapEventType=8, EntPhysicalName=GigabitEthernet0/0/5, RelativeResourc e=interface GigabitEthernet0/0/5) 10.9 display fault-management alarm information Function The display fault-management alarm information command displays registration information about an alarm message. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 189 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Format display fault-management alarm information [ alarm-name ] Parameters Parameter Description Value alarm-name Specifies the name of an alarm message. The value is a case-sensitive string of 1 to 256 characters without spaces. Views All views Default Level 1: Monitoring level Usage Guidelines If alarm-name is not specified, registration information about all alarm messages is displayed. To view registration information about an alarm message, you can run the display faultmanagement alarm information command; to modify registration information about an alarm message, including alarm level, you can run the fault-management alarm command. Example # Check registration information about the alarm message named linkUp. <HUAWEI> display fault-management alarm information linkUp ********************************** AlarmName: linkUp AlarmType: Resume Alarm AlarmLevel: Cleared Suppress Period: NA CauseAlarmName: linkDown Match VB Name: ifIndex ********************************** Table 10-4 Description of the display fault-management alarm information command output Issue 02 (2013-11-06) Item Description AlarmName Name of an alarm message AlarmType Type of an alarm AlarmLevel Level of an alarm Suppress Period Suppress period of an alarm CauseAlarmName Name of the corresponding root alarm Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 190 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Item Description Match VB Name Contents of the matching rule set for the alarm messages Related Topics 10.11 fault-management alarm 10.10 display reboot-info Function Using the display reboot-info command, you can view the information of restarting the S2350&S5300&S6300. Format display reboot-info unit unit-id Parameters Parameter Description Value unit unit-id l Specifies the slot ID if stacking is not configured. The value is an integer that is 0 if stacking is not configured; the value ranges from 0 to 8 if stacking is configured. l Specifies the stack ID if stacking is configured. Views All views Default Level 2: Configuration level Usage Guidelines None Example # Display the information about restarting the S2350&S5300&S6300 that unit id is 0. <HUAWEI> display reboot-info unit 0 Slot ID Issue 02 (2013-11-06) Times Reboot Type Reboot Time(DST) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 191 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands =========================================================================== 0 1 MANUAL 2012/10/13 01:48:28 0 2 MANUAL 2012/10/08 06:43:35 0 3 MANUAL 2012/10/01 01:34:32 0 4 POWER 2012/10/01 00:01:26 0 5 POWER 2012/10/01 00:01:25 0 6 POWER 2012/10/01 00:01:24 0 7 POWER 2012/10/01 00:01:25 0 8 POWER 2012/10/01 00:01:28 0 9 POWER 2012/10/01 00:01:24 0 10 POWER 2012/10/01 00:01:23 0 11 MANUAL 2012/10/03 00:42:32 0 12 POWER 2012/10/01 00:01:21 0 13 MANUAL 2012/10/05 07:12:18 0 14 POWER 2012/10/01 00:01:21 0 15 POWER 2012/10/01 00:01:21 0 16 POWER 2012/10/01 00:01:19 0 17 MANUAL 2012/10/04 07:02:23 0 18 MANUAL 2012/10/03 00:37:50 0 19 MANUAL 2012/10/01 03:21:56 0 20 POWER 2012/10/01 00:01:23 0 21 MANUAL 2012/10/10 02:55:49 0 22 MANUAL 2012/10/10 01:28:13 0 23 POWER 2012/10/01 00:01:19 0 24 MANUAL 2012/10/03 23:49:02 =========================================================================== Total 24 Table 10-5 Description of the display reboot-info command output Item Description Slot ID Specifies the stack ID if the stacking function is enabled or the slot ID if the stacking function is not enabled. Times Indicates the times of restarting the S2350&S5300&S6300. Reboot Type Indicates the types of restarting the S2350&S5300&S6300: l MANUAL l POWERR l SCHEDU l OTHER Reboot Time (DST) Indicates the time of restarting the S2350&S5300&S6300. 10.11 fault-management alarm Function The fault-management alarm command configures the type or level of an alarm message or event. The undo fault-management alarm command cancels the type or level of an alarm message or event. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 192 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Format fault-management alarm alarm-name level alarm-level undo fault-management alarm alarm-name [ level ] Parameters Parameter Description alarm alarm-name Specifies the name of an alarm message or event. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Value The value is a case-sensitive string of 1 to 64 characters without spaces. 193 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Parameter Description Value level alarm-level Specifies the level of an alarm The value is a character string. In message or event. Mappings between the X.733 standard, according to alarm levels and severity levels: the severity level and emergency level, alarm messages are 1. Critical: Indicates that a service affecting condition has occurred classified into six levels. The more serious event an alarm and an immediate corrective action is required. Such a severity message indicates, the smaller alarm-level is. Critical indicates can be reported. For example, when a managed object becomes the alarm level 1; whereas totally out of service, its capability Cleared indicates the alarm level 6. must be restored. 2. Major: Indicates that a service affecting condition has developed and an urgent corrective action is required. Such a severity can be reported. For example, when there is a severe degradation in the capability of a managed object, its full capability must be restored. 3. Minor: Indicates the existence of a non-service affecting fault condition and that corrective action should be taken in order to prevent a more serious (for example, service affecting) fault. Such a severity can be reported. For example, when the detected alarm condition is not currently degrading the capacity of the managed object. 4. Warning: Indicates the detection of a potential or impending service affecting fault, before any significant effects have been felt. Action should be taken to further diagnose (if necessary) and correct the problem in order to prevent it from becoming a more serious service affecting fault. 5. Indeterminate: Indicates that the severity level cannot be determined. 6. Cleared: Indicates the clearing of one or more previously reported alarms. This alarm clears all alarms for this managed object that have the same Alarm type, Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 194 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Parameter 10 Device Management Compatible Commands Description Value Probable cause and Specific problems (if given). Multiple associated notifications may be cleared by using the Correlated notifications parameter. Views System view Default Level 2: Configuration level Usage Guidelines Alarm messages can be classified into root alarm messages and resume-alarm messages. All the alarms are saved on the device. Events can be classified into critical events and events. Critical events are saved on a device and can be obtained by the NMS. Events are not saved on a device. The fault-management alarm command can be used to promote or degrade the level of an alarm message according to the severity level and emergency level of the alarm message. Example # Set the alarm level of the alarm message named hwCfgManEventlog to major respectively. <HUAWEI> system-view [HUAWEI] fault-management alarm hwCfgManEventlog level major 10.12 reset reboot-info Function Using the reset reboot-info command, you can clear the reboot information. Format reset reboot-info unit unit-id Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 195 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Parameters Parameter Description Value unit unit-id l Specifies the slot ID if stacking is not configured. The value is an integer that is 0 if stacking is not configured; the value ranges from 0 to 8 if stacking is configured. l Specifies the stack ID if stacking is configured. Views User view Default Level 2: Configuration level Usage Guidelines None. Example # clear the reboot information of device that unit id is 0. <HUAWEI> reset reboot-info unit 0 10.13 display alarm urgent Function Using the display alarm urgent command, you can view alarms on the S2350&S5300&S6300. Format display alarm urgent unit unit-id Parameters Parameter Description Value unit unit-id l Specifies the slot ID if stacking is not configured. The value is an integer thatis 0 if stacking is not configured; the value ranges from 0 to 8 if stacking is configured. l Specifies the stack ID if stacking is configured. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 196 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Views All views Default Level 1: Monitoring level Usage Guidelines You can use the command to view alarms, including alarms about the abnormality of the temperature, the fan, and the chip. If no parameter is specified, the command displays all the alarms. Example # Display alarms of the device that unit id is 0. <HUAWEI> display alarm urgent unit 0 Alarm Slot Date Time Location ------------------------------------------------------------------Power abnormal 0 2008/08/01 00:00:46 slot 0 Power plugged out 0 2008/08/01 00:00:46 slot 0 Table 10-6 Description of the display alarm urgent command output Item Description Alarm Details about an alarm. Slot Stack ID of the S2350&S5300&S6300 where alarms are generated. Date Date when alarms are generated. Time Time when alarms are generated. Location Position where alarms are generated. 10.14 reset alarm urgent Function The reset alarm urgent command clears all alarm messages. Format reset alarm urgent unit unit-id Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 197 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Parameters Parameter Description Value unit unit-id l Specifies the slot ID if stacking is not configured. The value is an integer that is 0 if stacking is not configured. The value ranges from 0 to 8 if stacking is configured. l Specifies the stack ID if stacking is configured. Views System view Default Level 2: Configuration level Usage Guidelines None Example # Clear all alarm messages of the device that unit id is 0. <HUAWEI> system-view [HUAWEI] reset alarm urgen unit 0 10.15 temperature threshold unit Function The temperature threshold unitcommand sets the temperature thresholds. The undo temperature threshold unitcommand cancels the temperature thresholds. Format temperature threshold unit unit-id lower-limit low-temperature upper-limit high-teperature undo temperature threshold unit unit-id lower-limit low-temperature upper-limit highteperature Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 198 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Parameters Parameter Description Value unit-id l Specifies the slot ID if stacking is not configured. l Specifies the stack ID if stacking is configured. The value is an integer that is 0 if stacking is not configured. The value ranges from 0 to 8 if stacking is configured. lower-limit low-temperature Specify the lower temperature alarm threshold. The value is an integer that ranges from 0 to 300. upper-limit high-teperature Specify the upper temperature alarm threshold. The value is an integer that ranges from 0 to 300. Views System view Default Level 2: Configuration level Usage Guidelines This command sets the upper and lower temperature thresholds for a device. If the device temperature is out of the specified range, an alarm is generated. Example # Set the upper temperature alarm threshold of the device with stack ID 3 to 40. <HUAWEI> system-view [HUAWEI] temperature threshold unit 3 lower-limit 0 upper-limit 40 10.16 port-mirroring to observe-port Function The port-mirroring to observe-port command configures a mirroring action on an interface. NOTE Only S5300EI and S5300SI support this command. Format port-mirroring to observe-port index { both | inbound | outbound } remote vlan-id Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 199 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Parameters Parameter Description Value index Specifies the index of a global observing port. For the S5300EI series, the value ranges from 1 to 4, whereas for the S5300SI series, the value is 1. both Indicates that port mirroring is configured for both incoming and outgoing packets. - inbound incoming Indicates that port mirroring is configured for incoming packets. - outbound Indicates that port mirroring is configured for outgoing packets. - remote vlan-id Specifies the VLAN ID used in remote mirroring. The value is an integer that ranges from 1 to 4094. Views GE interface view, 10GE interface view, Eth-Trunk interface view Default Level 2: Configuration level Usage Guidelines NOTE The mirrored port cannot be added to the RSPAN VLAN. In the process of port mirroring, the S2350&S5300&S6300 copies the packets passing through an observed port to a specified observing port. To ensure information integrity during port mirroring, it is recommended that the observing port and observed port be of the same type and enjoy the same bandwidth. On the S2350&S5300&S6300, port mirroring is implemented by the Layer 2 switch chip. Ensure that the Layer 2 header, Layer 3 header, and data of each packet copied to the observing port remain unchanged. Port mirroring can be configured for the incoming traffic, outgoing traffic, or both. To configure an Eth-Trunk as a mirrored interface, you must run the interface eth-trunk trunkid command to create the Eth-Trunk first. l Issue 02 (2013-11-06) If an Eth-Trunk is configured as a mirrored interface, its member interfaces cannot be configured as mirrored interfaces. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 200 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference l 10 Device Management Compatible Commands If a member interface of an Eth-Trunk is configured as a mirrored interface, the Eth-Trunk cannot be configured as a mirrored interface. Example # Configure GE 0/0/1 as the observed interface and GE0/0/2 as the observing port with the index as 1. Mirror the incoming traffic of GE0/0/1 to GE0/0/2. <HUAWEI> system-view [HUAWEI] observe-port 1 interface gigabitethernet 0/0/2 [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] port-mirroring to observe-port 1 inbound remote 10 10.17 poe power Function The poe power command sets the maximum output power of an interface. The undo poe power command restores the default maximum output power of an interface. By default, the maximum output power of an interface is 30000 mW. Format poe power port-max-power undo poe power Parameters Parameter Description Value port-max-power Specifies the maximum output power of an interface. The value is an integer that ranges from 0 to 30000, in mW. Views GE interface view, Ethernet interface view, port group view Default Level 2: Configuration level Usage Guidelines Usage Scenarios Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 201 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands The PD negotiation power may be different from the power required by some non-standard PDs or PDs that cannot be classified. You can run the poe power command to set the maximum output power of the interface, which prevents power overload for PDs and saves energy. Prerequisites The PoE function has been enabled on the interface using the poe enable command. Example # Set the maximum output power on GigabitEthernet0/0/5 to 20000 mW. <HUAWEI> system-view [HUAWEI] interface gigabitEthernet 0/0/5 [HUAWEI-GigabitEthernet0/0/5] poe power 20000 10.18 port-mirroring Function The port-mirroring command configures a mirroring behavior on an interface. NOTE The S5300SI does not support this command. Format port-mirroring to observe-port index remote vlan-id Parameters Parameter Description Value index Specifies the index of a global observing interface. On an S5300EI, the value ranges from 1 to 4. remote vlan-id Specifies the VLAN ID used in remote mirroring. The value is an integer that ranges from 1 to 4094. Views Traffic behavior view Default Level 2: Configuration level Usage Guidelines During flow mirroring, the device copies the packets of an observed flow and then sends the copy to a specified observing interface. The device implements flow mirroring for the incoming flows on an interface through traffic classification. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 202 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands On the S-switch, flow mirroring is implemented by the Layer 2 switch chip. Ensure that the Layer 2 header, Layer 3 header, and data of each packet copied to the observing interface remain unchanged. You can only specify an existing VLAN for remote mirroring. This VLAN must be configured as an RSPAN VLAN. Example # Mirror traffic to observing interface with index 1. <HUAWEI> system-view [HUAWEI] traffic behavior b1 [HUAWEI-traffic-behavior-b1] port-mirroring to observe-port 1 remote 1 10.19 reset fault-management Function The reset fault-management command clears all alarm messages. Format reset fault-management { active-alarm | event } [ sequence-number sequence-number ] Parameters Parameter Description Value sequence-number sequence-number Specifies the number of an alarm message. The value is an integer ranging from 0 to 2147483647. If the value is 0, it indicates that all alarm messages are cleared. Views System view Default Level 2: Configuration level Usage Guidelines If sequence-number is not specified, the system clears all the alarm messages on the device. NOTICE After this command is run, all alarm messages on a device are cleared and cannot be restored. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 203 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 10 Device Management Compatible Commands Example # Clear all active alarm messages. <HUAWEI> system-view [HUAWEI] reset fault-management active-alarm Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 204 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 11 Network Management Compatible Commands Network Management Compatible Commands About This Chapter 11.1 Ping and Tracert Compatible Commands 11.2 NTP Compatible Commands 11.3 SNMP Compatible Commands Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 205 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands 11.1 Ping and Tracert Compatible Commands 11.1.1 ping ipv6 Function The ping ipv6 command checks whether a specified IPv6 IP address is reachable and exports corresponding statistics. Format ping ipv6 [ -a source-ipv6-address | -c count | -h ttl-value | -m time | -name | -s packetsize | -t timeout | -tc traffic-class-value | vpn6-instance vpn6-instance-name ] * { destination-ipv6address | host } [ -i interface-type interface-number ] Parameters Parameter Description Value -a source-ipv6-address The value is a 32-digit hexadecimal Specifies a source IPv6 address for sending ICMPv6 number, in the format of X:X:X:X:X:X:X:X. Echo Request messages. If no source IPv6 address is specified, the IPv6 address of the outbound interface is used as the source address for sending ICMPv6 Echo Request messages. -c count Specifies the number of times for sending ICMPv6 Echo Request messages. The value is an integer that ranges from 1 to 4294967295. The default value is 5. You can increase the number of outgoing packets to detect the network quality based on the packet loss rate. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 206 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameter Description -h ttl-value Specifies the TTL value. -m time Specifies the time to wait before sending the next ICMPv6 Echo Request message. Value The value is an integer that ranges from 1 to 255. The default value is If the TTL field is reduced to 255. 0 during message forwarding, the Layer 3 switch that the message reaches sends an ICMPv6 timeout message to the source host, indicating that the destination host is unreachable. The value is an integer that ranges from 1 to 10000, in milliseconds. The default value is 2000. Each time the source sends an ICMPv6 Echo Request message using the ping ipv6 command, the source waits a period of time (2000 ms by default) before sending the next ICMPv6 Echo Request message. You can set the time to wait before sending the next ICMPv6 Echo Request message using the parameter time. In the case of poor network condition, the value should be equal to or larger than 2000, in milliseconds. -name Displays the name of the destination host. -s packetsize Specifies the length of an The value is an integer that ranges ICMPv6 Echo Request from 20 to 9600, in bytes. The message, excluding the IP default value is 56. header and ICMPv6 header. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. - 207 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameter Description Value -t timeout Specifies the timeout period The value is an integer that ranges to wait for an ICMPv6 Echo from 0 to 65535, in milliseconds. The default value is 2000. Reply message after an ICMPv6 Echo Request message is sent. After the ping ipv6 command is run, the source sends an ICMPv6 Echo Request message to a destination and waits for an ICMPv6 Echo Reply message. If the destination, after receiving the ICMPv6 Echo Request message, returns an ICMPv6 Echo Reply message to the source within the period specified by the parameter timeout, the destination is reachable. If the destination does not return an ICMPv6 Echo Reply message within the specified period, the source displays that the message times out. Normally, the source receives an ICMPv6 Echo Reply message within 1 to 10 seconds after sending an ICMPv6 Echo Request message. If the transmission speed is low, properly prolong the timeout period. -tc traffic-class-value The value is an integer that ranges Specifies the traffic classification in the ICMPv6 from 0 to 255. The default value is 0. Echo Request message. To configure traffic control for ICMPv6 packets, set the parameter traffic-classvalue. vpn6-instance vpn6instance-name Issue 02 (2013-11-06) Specifies the name of a VPN The value is a string of 1 to 31 instance for the IPv6 address characters without spaces. family. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 208 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameter Description destination-ipv6-address The value is a 32-digit hexadecimal Specifies the IPv6 address of number, in the format of the destination host. X:X:X:X:X:X:X:X. host Specifies the name of the destination host. -i interface-type interface- Specifies the outbound number interface for sending ICMPv6 Echo Request messages. Value The value is a string of 1 to 46 characters. - Views All views Default Level 1: Monitoring level Usage Guidelines Usage Scenario The ping ipv6 command is a widely used debugging tool for checking network connectivity and host reachability on an IPv6 network by transmitting ICMPv6 messages. It can detect the following items: l Availability of the remote device l Round-trip delay in communication between the local and remote devices l Packet loss rate You can run the ping ipv6 command to check the IPv6 network connectivity or line quality in the following scenarios: l Scenario 1: Check the protocol stack on the local device. You can run the ping ipv6 IPv6loopback-address command to check whether the TCP/IP protocol stack works properly on the local device. l Scenario 2: Check whether the destination IPv6 host is reachable on an IPv6 network. You can run the ping ipv6 host command to send an ICMPv6 Echo Request message to the destination host. If a reply is received, the destination host is reachable. l Scenario 3: Check whether the peer is reachable on a Layer 3 VPN. On a Layer 3 VPN, devices may not have routing information about each other. Therefore, you cannot use the ping ipv6 host command to check whether the peer is reachable. When a VPN instance name is specified, you can run the ping ipv6 vpn6-instance vpn6-instance-name host command to send an ICMPv6 Echo Request message to the peer. If the peer returns an ICMPv6 Echo Reply message, the peer is reachable. l Scenario 4: In the case of an unstable network, you can run the ping ipv6 -c count -t timeout { destination-ipv6-address | host } command to check the quality of the network Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 209 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands between the local device and the peer. By analyzing the packet loss rate and average delay in the command output, you can evaluate the network quality. If the network is unreliable, set the packet transmission count (-c) and timeout (-t) to the upper limits. This makes the test result accurate. Prerequisites l Before running the ping ipv6 command, ensure that the ICMPv6 module is working properly. l If -vpn6-instance is specified, ensure that the VPN module is working properly. Configuration Impact l When the destination host is unreachable, the system displays "Request time out" indicating that the ICMPv6 Echo Request message times out and displays statistics collected by the IPv6 ping test. Precautions l If an intermediate device is disabled from responding to ICMPv6 messages, detection on this node fails. l If the IPv6 address of the destination host maps the local address, specify the name of the local outbound interface through which the ICMPv6 Echo Request message is sent. Otherwise, reply to the ping ipv6 command times out. l If a fault occurs in the IPv6 ping process, you can press Ctrl+C to terminate the IPv6 ping operation. Example # Check whether the host with the IPv6 address as 2001::1 is reachable. <HUAWEI> ping ipv6 2001::1 PING 2001::1 : 56 data bytes, press CTRL_C to break Reply from 2001::1 bytes=56 Sequence=1 hop limit=64 time=115 ms Reply from 2001::1 bytes=56 Sequence=2 hop limit=64 time=1 ms Reply from 2001::1 bytes=56 Sequence=3 hop limit=64 time=1 ms Reply from 2001::1 bytes=56 Sequence=4 hop limit=64 time=1 ms Reply from 2001::1 bytes=56 Sequence=5 hop limit=64 time=1 ms ---2001::1 ping statistics--5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max=1/23/115 ms Table 11-1 Description of the ping ipv6 command output Issue 02 (2013-11-06) Item Description PING HH:HH::HH:H IPv6 address of the destination host. x data bytes Length of a sent ICMPv6 Echo Request message. press CTRL_C to break The ongoing IPv6 ping test is terminated after you press Ctrl+C. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 210 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Item Description Reply from HH:HH::HH:H The destination host responds to the ICMPv6 Echo Request message with an ICMPv6 Echo Reply message that contains the following items: l bytes: indicates the length of the ICMPv6 Echo Reply message. l sequence: indicates the sequence number of the ICMPv6 Echo Reply message. l hop limit: indicates the TTL of the ICMPv6 Echo Reply message. l time: indicates the RTT, in milliseconds. If no ICMPv6 Echo Reply message is received after the timeout period, the system displays "Request time out". HH:HH::HH:H ping statistics Statistics collected after the IPv6 ping test on the destination host. The statistics include the following information: l packet(s) transmitted: indicates the number of sent ICMPv6 Echo Request messages. l packet(s) received: indicates the number of received ICMPv6 Echo Reply messages. l % packet loss: indicates the percentage of unresponded messages to total sent messages. l round-trip min/avg/max: indicates the minimum, average, and maximum RTTs. Related Topics 11.1.2 tracert ipv6 11.1.2 tracert ipv6 Function The tracert ipv6 command checks the path of packets from the source to the destination, checks IPv6 network connectivity, and locates a network fault. Format tracert ipv6 [ -a source-ip-address | -f first-hop-limit | -m max-hop-limit | -name | -p portnumber | -q probes | -s packetsize | -w timeout | vpn6-instance vpn6-instance-name ] * { destination-ipv6-address | host-name } Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 211 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameters Parameter Description Value -a source-ip-address Specifies the source address of a tracert packet. The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. If this parameter is not specified, the IP address of the outbound interface is used as the source IP address for sending tracert packets. -f first-hop-limit Specifies the initial hop-limit. The value is an integer that ranges from 1 to 255. The default value is Carried in the IPv6 header, 1. the hop-limit (time to live) indicates the lifetime of IPv6 packets and specifies the maximum number of hops that the IPv6 packets can pass through. The hop-limit field in IPv6 packets is similar to the TTL field in the IPv4 packets. The hop-limit value is set on the source and reduced by 1 each time the packet passes through a Layer 3 device. When the hop-limit value is reduced to 0 on a Layer 3 device, the Layer 3 device discards the packet and sends an ICMPv6 Timeout message to the source. If first-hop-limit is specified and the number of hops is smaller than the specified value, the hop-limit value will be greater than 0 after the packet passes through all the nodes. Therefore, no ICMPv6 Timeout message is sent to the source. If max-hop-limit is specified, the value of first-hop-limit must be smaller than the value of max-hop-limit. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 212 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameter Description Value -m max-hop-limit Specifies the maximum hop- The value is an integer that ranges limit. from 1 to 255. The default value is 30. Usually, the maximum hoplimit is set to the number of hops that a packet passes through. To change the hoplimit value, you need to use this parameter. If first-hop-limit is specified, the value of max-hop-limit must be greater than the value of first-hop-limit. -name Displays the name of the destination host. -p port-number Specifies the UDP port number of the destination. - The value is an integer that ranges from 1 to 65535. The default value l If no UDP port number is is 33434. specified for the destination, when you run the tracert ipv6 command, a port with the port number greater than 32768 is randomly chosen for the destination to receive tracert packets. l Before specifying the UDP port number for the destination, ensure that the port is not in use; otherwise, the tracert fails. -q probes Specifies the number of The value is an integer that ranges tracert packets sent each time. from 1 to 65535. The default value is 3. In the case of poor network quality, you can set probes to a comparatively large value to ensure that tracert packets can reach the destination. -s packetsize Specifies the length of an ICMPv6 Echo Request message, excluding the IP header and ICMPv6 header. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. The value is an integer that ranges from 20 to 9600, in bytes. The default value is 56. 213 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameter Description Value -w timeout Sets the timeout period to wait for a reply. The value is an integer that ranges from 1 to 65535, in milliseconds. The default value is 5000. If a tracert packet times out when reaching a gateway, an asterisk (*) is displayed. In the case of poor network quality and a low network transmission rate, you are advised to prolong the timeout period. vpn6-instance vpn6instance-name Specifies the name of a VPN The value is a string of 1 to 31 caseinstance for the IPv6 address sensitive characters. family. destination-ipv6-address The value is a 32-digit Specifies the IPv6 address of hexadecimal number, in the format the destination host. of X:X:X:X:X:X:X:X. host-name Specifies the name of the destination host. The value is a string of 1 to 46 characters. Views All views Default Level 1: Monitoring level Usage Guidelines Usage Scenario When a fault occurs on the network and the peer is an IPv6 device, you can run the ping ipv6 command to check network connectivity based on the reply message, and then run the tracert ipv6 command to locate the fault. You can specify different parameters in the tracert ipv6 command for different scenarios: l To check information about nodes between the source and the IPv6 destination, run the tracert ipv6 host command. l To check information about nodes between the source and the IPv6 destination on a Layer 3 VPN, run the tracert ipv6 vpn6-instance vpn6-instance-name host command. On a Layer 3 VPN, devices may not have routing information about each other. Therefore, you cannot use the tracert ipv6 host command to check whether the peer is reachable. To check information about nodes between the source and the IPv6 destination in a specified VPN instance, run the tracert ipv6 vpn6-instance vpn6-instance-name host command. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 214 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands l On an unstable network, you can run the tracert ipv6 -q probes -w timeout host command to check information about nodes between the source and the IPv6 destination. If the network is unreliable, set the packet transmission count (-q) and timeout (-w) to the upper limits. This makes the test result accurate. l To check information about nodes along a segment of a path, run the tracert ipv6 -f firsthop-limit -m max-hop-limit host command that has initial hop-limit and maximum hoplimit specified. Prerequisites l The UDP module of each node is working properly; otherwise, the IPv6 tracert operation fails. l The VPN module of each node is working properly if vpn6-instance is specified. l The ICMPv6 module of each node is working properly; otherwise, " * * * " is displayed. Procedure The execution process of the tracert ipv6 command is as follows: l The source sends a packet with the hop-limit being 1. After the hop-limit times out, the first hop sends an ICMPv6 Error message to the source, indicating that the packet cannot be forwarded. l The source sends a packet with the hop-limit being 2. After the hop-limit times out, the second hop sends an ICMPv6 Error message to the source, indicating that the packet cannot be forwarded. l The source sends a packet with the hop-limit being 3. After the hop-limit times out, the third hop sends an ICMPv6 Error message to the source, indicating that the packet cannot be forwarded. l The preceding process proceeds until the packet reaches the destination. When receiving an IPv6 packet, each destination hop cannot find the port specified in the IPv6 packet, and therefore returns an ICMPv6 Port Unreachable message, indicating that the destination port is unreachable and the IPv6 tracert ends. In this manner, the result of each probe is displayed on the source, according to which you can find the path from the source to the destination. Configuration Impact If a fault occurs when you run the tracert ipv6 command, the following information may be displayed: l !H: The host is unreachable. l !N: The network is unreachable. l !: The port is unreachable. l !P: The protocol type is incorrect. l !F: The packet is incorrectly fragmented. l !S: The source route is incorrect. Precautions By default, the ICMPv6 module is automatically enabled after you enable the IPv6 module. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 215 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Example # Set the number of packets to be sent to 5 and timeout period to 8000 ms, and tracert the gateways from the source to the destination at 3002::3. <HUAWEI> tracert ipv6 -q 5 -w 8000 3002::3 traceroute to 3002::3 30 hops max,60 bytes packet 1 2002::2 26 ms 23 ms 26 ms 30 ms 29 ms 2 3002::3 3020 ms 3024 ms 4040 ms 6820 ms 5584 ms # Tracert the gateways from the source to the destination at 3002::3 on a specified VPN. <HUAWEI> tracert ipv6 vpn6-instance vsi6 3002::3 traceroute to vsi6 3002::3 30 hops max,60 bytes packet 1 2002::2 26 ms 23 ms 26 ms 2 3002::2 3020 ms !H 3024 ms !H 4040 ms !H Table 11-2 Description of the tracert ipv6 command output Item Description traceroute to HH:HH::HH:H IPv6 address of the destination host. x hops max Maximum hop-limit value. x bytes packet Length of a tracert packet. 1 Sequence number of the received ICMPv6 Echo Reply message. 2 HH:HH::HH:H Address of the IPCMPv6 Echo Reply message. 26 ms 23 ms 26 ms RTT, in milliseconds. Related Topics 11.1.1 ping ipv6 11.2 NTP Compatible Commands 11.2.1 ntp-service authentication-keyid Function The ntp-service authentication-keyid command sets NTP authentication key. The undo ntp-service authentication-keyid command removes NTP authentication key. By default, no authentication key is set. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 216 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Format ntp-service authentication-keyid key-id authentication-mode { md5 | hmac-sha256 } { plain password-plain | [ cipher ] password } undo ntp-service authentication-keyid key-id Parameters Parameter Description Value key-id Indicates the key number. Key ID is an integer and ranges from 1 to 4294967295. authentication-mode md5 Indicates MD5 authentication mode. authentication-mode hmacsha256 Indicates HMAC-SHA256 authentication mode. plain password-plain Indicates that the configured The password is a string of 1 password is displayed in plain to 255 case-sensitive text, and specifies the plain- characters without spaces. text password. - NOTICE If plain is selected, the password is saved in the configuration file in plain text. This brings security risks. It is recommended that you select cipher to save the password in cipher text. cipher Indicates that the configured password is displayed in cipher text. - If this parameter is not specified, the configured password is displayed in cipher text. password Specifies the authentication password in plain text or in cipher text. The value is a string of casesensitive characters without spaces. The string length range is: l 1 to 255 characters in plain text. l 20 to 392 characters in cipher text. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 217 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Views System view Default Level 2: Configuration level Usage Guidelines Usage Scenario On a network that requires high security, the NTP authentication must be enabled. You can configure password authentication between client and server, which guarantee the client only to synchronize with server successfully authenticated, and improve network security. If the NTP authentication function is enabled, a reliable key should be configured at the same time. Keys configured on the client and the server must be identical. NOTE In NTP symmetric peer mode, the symmetric active peer functions as a client and the symmetric passive peer functions as a server. Select the parameter for displaying the password according to the following rules: l If the parameter plain is specified, the system encrypts the password and stores the password in the database. When the display current-configuration | include ntp command is used to display the current configuration information, the stored password is displayed in plain text. l If the parameter cipher is specified, you can enter a plain-text password or a cipher-text password. – If you enter a cipher-text password, for example, a password copied from the configuration file and pasted as the cipher-text password, the system encrypts the password and stores it in the database. When you check the current configuration information, the stored password is displayed in cipher text and consistent with the entered password. – If you enter a plain-text password, the system encrypts the password and stores it in the database. When you check the current configuration information, the stored password is displayed in cipher text. You can configure the parameter cipher for rolling back, copying and pasting the configuration. – If you do not specify the parameter plain or cipher, the system displays the configured password in cipher text. The process of displaying the configured password in cipher text is the same as that of specifying the parameter cipher, and the parameter cipher is specified in the configuration file. For example, after you configure ntp-service authentication-keyid 10 authentication-mode md5 BetterKey, the system displays the message ntp-service authentication-keyid 10 authentication-mode md5 cipher %$%$U,"!FB;{C 5XW(q%Nr0g,#2)}%$%$ when you check the current configuration. Follow-up Procedure You can configure multiple keys for each device. After the NTP authentication key is configured, you need to set the key to reliable using the ntp-service reliable authentication-keyid command. If you do not set the key to reliable, the NTP key does not take effect. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 218 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Precautions You can configure a maximum of 1024 keys for each device. If the NTP authentication key is a reliable key, it automatically becomes unreliable when you delete the key. You do not need to run the undo ntp-service reliable authentication-keyid command. Example # Set the MD5 identity authentication key. The key ID number is 10, and the key is Betterkey. <HUAWEI> system-view [HUAWEI] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey # Set authentication text to abc in MD5 authentication with plain option. <HUAWEI> system-view [HUAWEI] ntp-service authentication-keyid 10 authentication-mode md5 plain abc # Set authentication text to xyz123 in MD5 authentication with cipher option. <HUAWEI> system-view [HUAWEI] ntp-service authentication-keyid 10 authentication-mode md5 cipher xyz123 11.3 SNMP Compatible Commands 11.3.1 snmp-agent usm-user Function The snmp-agent usm-user command adds a user to an SNMP user group. The undo snmp-agent usm-user command deletes a user from an SNMP user group. By default, the SNMP user group has no users added. Format snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } password [ privacy-mode { aes128 | des56 } encrypt-password ] ] [ acl acl-number ] undo snmp-agent usm-user v3 user-name group-name [ engineid engineid | local ] Parameters Parameter Description v3 Indicates that the security mode in v3 is adopted. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Value 219 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameter Description Value user-name Specifies the name of a user. It is a string of 1 to 32 casesensitive characters without spaces. group-name Specifies the name of the group to It is a string of 1 to 32 casewhich a user belongs. sensitive characters without spaces. authentication-mode Sets the authentication mode. - NOTE Authentication is a process in which the SNMP agent (or the NMS) confirms that the message is received from an authorized NMS (or SNMP agent) and the message is not changed during transmission. RFC 2104 defines Keyed-Hashing for Message Authentication Code (HMAC), an effective tool that uses the security hash function and key to generate the message authentication code. This tool is widely used in the Internet. HMAC used in SNMP includes HWACMD5-96 and HWAC-SHA-96. The hash function of HWAC-MD5-96 is MD5 that uses 128-bit authKey to generate the key. The hash function of HWAC-SHA-96 is SHA-1 that uses 160-bit authKey to generate the key. md5 | sha Indicates the authentication protocol. - l md5: Specifies HMACMD5-96 as the authentication protocol. l sha: Specifies HMAC-SHA-96 as the authentication protocol. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 220 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameter Description Value password Specifies the password for user authentication. For plain-text password, the value is a string of 6 to 64 characters by default, and the minimum length is 6 characters. If the set password min-length command is run to set the minimum length of passwords to a value greater than 6, the minimum length is the value configured using the set password minlength command. For ciphertext password, the value is a string of 32 to 104 characters. NOTE The password cannot be the same as the user name or reverse of the user name. The password must contain at least two types of characters, including letters, digits, and special characters. The special characters cannot be question mark (?) or space. privacy-mode Specifies the authentication with encryption. - The system adopts the cipher block chaining (CBC) code of the data encryption standard (DES) and uses 128-bit privKey to generate the key. The NMS uses the key to calculate the CBC code and then adds the CBC code to the message while the SNMP agent fetches the authentication code through the same key and then obtains the actual information. Like the identification authentication, the encryption requires the NMS and the SNMP agent to share the same key to encrypt and decrypt the message. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 221 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Parameter Description Value des56 encrypt-password Indicates DES–56 as the encryption For plain-text password, the protocol. value is a string of 6 to 64 characters by default, and the minimum length is 6 characters. If the set password min-length command is run to set the minimum length of passwords to a value greater than 6, the minimum length is the value configured using the set password minlength command. For ciphertext password, the value is a string of 32 to 104 characters. NOTE The password cannot be the same as the user name or reverse of the user name. The password must contain at least two types of characters, including letters, digits, and special characters. The special characters cannot be question mark (?) or space. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 222 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Parameter 11 Network Management Compatible Commands Description aes128 encrypt-password Indicates AES-128 as the encryption protocol. Value For plain-text password, the value is a string of 6 to 64 characters by default, and the minimum length is 6 characters. If the set password min-length command is run to set the minimum length of passwords to a value greater than 6, the minimum length is the value configured using the set password minlength command. For ciphertext password, the value is a string of 32 to 104 characters. NOTE The password cannot be the same as the user name or reverse of the user name. The password must contain at least two types of characters, including letters, digits, and special characters. The special characters cannot be question mark (?) or space. acl acl-number Specifies the ACL number of the access view. The value is an integer that ranges from 2000 to 2999. engineid engineid Specifies the ID of the engine associated with a user. The value is a string of 10 to 64 case-insensitive characters without spaces. local Indicates the local entity user. - Views System view Default Level 2: Configuration level Usage Guidelines Usage Scenario SNMPv1 and SNMPv2c have serious defects in terms of security. The security authentication mechanism used by SNMPv1 and SNMPv2c is based on the community name. In this mechanism, the community name is transmitted in plain text. You are not advised to use SNMPv1 and SNMPv2c on untrusted networks. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 223 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands By adopting the user-based security model, SNMPv3 eradicates the security defects in SNMPv1 and SNMPv2c and provides two services, authentication and encryption. The user-based security model defines three security authentication levels: noAuthNoPriv, AuthNoPriv, and AuthPriv. NOTE The security authentication level noAuthPriv does not exist. This is because the generation of a key is based on the authentication information and product information. Different from SNMPv1 and SNMPv2c, SNMPv3 can implement access control, identity authentication, and data encryption through the local processing model and user security model. SNMPv3 can provide higher security and confidentiality than SNMPv1 and SNMPv2c. The following table lists the difference between SNMPv1, SNMPv2c, and SNMPv3: Table 11-3 Comparison in the security of SNMP of different versions Protocol version User Checksum Encryption Authentication v1 Adopts the community name. None None v2c Adopts the community name. None None v3 Adopts user namebased encryption/ decryption. Yes Yes The snmp-agent group command can be used to configure the authentication, encryption, and access rights for an SNMP group. The snmp-agent group command can be used to configure the rights for users in a specified SNMP group and bind the SNMP group to a MIB view. The MIB view is created through the snmp-agent mib-view command. For details, see the usage guideline of this command. After an SNMP user group is configured, the MIB-view-based access control is configured for the SNMP user group. Users cannot access objects in the MIB view through the SNMP user group. The purpose of adding SNMP users to an SNMP user group is to ensure that SNMP users in an SNMP user group have the same security level and access control list. When you run the snmp-agent usm-user command to configure a user in an SNMP user group, you configure the MIB-view-based access rights for the user. If an SNMP user group is configured with the AuthPriv access rights, you can configure the authentication mode and encryption mode when configuring SNMP users. Currently, you can set the authentication mode to MD5 or SHA and the privacy mode to AES128 or DES56. When setting the authentication key on the managed object, you can set whether to encrypt packets. Note that the authentication keys and encryption passwords configured on the NMS and the SNMP agent should be the same; otherwise, authentication fails. NOTE AES128 algorithm is recommeded to improve data transmission security. Configuration Impact If an SNMP agent is configured with a remote user, the engine ID is required during the authentication. If the engine ID changes after the remote user is configured, the remote user becomes invalid. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 224 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 11 Network Management Compatible Commands Precautions The user security level must be higher than or equal to the security level of the SNMP user group to which the user is added. The security level of an SNMP user group can be (in descending order): l Level 1: privacy (authentication and encryption) l Level 2: authentication (without encryption) l Level 3: none (neither authentication nor encryption) For example, if the security level of an SNMP user group is level 1, the security level of the user that is added to the group must be level 1; if the security level of an SNMP user group is level 2, the security level of the user that is added to the group can be level 1 or level 2. To add an SNMP user to an SNMP group, ensure that the SNMP user group is valid. If you run the snmp-agent usm-user command multiple times, only the latest configuration takes effect. Keep your user name and plain-text password well when creating the user. The plain-text password is required when the NMS accesses the device. Example # Configure an SNMPv3 user with user name u1, group name g1, authentication mode md5, authentication password 8937561bc, encryption mode aes128, and encryption password 68283asd. <HUAWEI> system-view [HUAWEI] snmp-agent usm-user v3 u1 g1 authentication-mode md5 8937561bc privacymode aes128 68283asd Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 225 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 12 MPLS compatible command MPLS compatible command About This Chapter NOTE 12.1 explicit-path 12.2 mpls te bypass-tunnel bandwidth 12.3 snmp-agent trap enable feature-name ldp 12.4 static-cr-lsp ingress bandwidth 12.5 static-cr-lsp transit bandwidth 12.6 bandwidth (LSP attribute view) 12.7 mpls te bandwidth Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 226 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 MPLS compatible command 12.1 explicit-path Function Using the explicit-path command, you can configure an explicit path of a tunnel. By default, no explicit path of a tunnel is configured. Format explicit-path path-name { enable | disable } Parameters Parameter Description Value path-name Indicates the name of an explicit path. The value is a string of 1 to 31 characters. enable Enables the explicit path of a tunnel. - disable Disables the explicit path of a tunnel. - Views System view Default Level 2: Configuration level Usage Guidelines You can configure an explicit path only after MPLS TE is enabled. The addresses of the hops along the explicit path cannot overlap or loops cannot occur. If a loop occurs, CSPF detects the loop and fails to calculate the path. When the explicit path is in use, you cannot perform the following operations: l Run the explicit-path path-name disable command to disable the explicit path. l Run the undo explicit-path command to delete the explicit path. Example # Create an explicit path named path1. <HUAWEI> system-view [HUAWEI] mpls [HUAWEI-mpls] mpls te [HUAWEI-mpls] quit [HUAWEI] explicit-path path1 enable [HUAWEI-explicit-path-path1] Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 227 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 MPLS compatible command 12.2 mpls te bypass-tunnel bandwidth Function Using the mpls te bypass-tunnel bandwidth command, you can configure the bypass LSP bandwidth. By default, no bypass LSP bandwidth is configured. Format mpls te bypass-tunnel bandwidth { bandwidth | { bc0 | bc1 } { bandwidth | un-limited } } Parameters Parameter Description Value bandwidth Specifies the bandwidth that the bypass tunnel can protect. The value is an integer that ranges from 1 to 32000000, in kbit/s. bc0 Indicates the BC0 bandwidth (global bandwidth) that the bypass tunnel can protect. - bc1 Indicates the BC1 bandwidth (subaddress pool bandwidth) that the bypass tunnel can protect. - un-limited Indicates that there is no limit on the total bandwidth that can be protected. Views Tunnel interface view Default Level 2: Configuration level Usage Guidelines The total bandwidth of LSPs protected by the bypass tunnel is not more than the bandwidth of the primary tunnel. When multiple bypass tunnels exist, the system selects a single bypass tunnel through the best-fit algorithm. The total bandwidth of all the LSPs protected by the bypass tunnel is not greater than the bandwidth of the primary tunnel. When multiple bypass tunnels exist, the system determines the bypass tunnel through the best-fit algorithm. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 228 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 MPLS compatible command Example # Configure Tunnel 0/0/1 to protect the LSPs that use the BC0 bandwidth and set no limit on the bandwidth to be protected. <HUAWEI> system-view [HUAWEI] interface tunnel 0/0/1 [HUAWEI-Tunnel0/0/1] tunnel-protocol mpls te [HUAWEI-Tunnel0/0/1] destination 2.2.2.2 [HUAWEI-Tunnel0/0/1] mpls te tunnel-id 100 [HUAWEI-Tunnel0/0/1] mpls te bypass-tunnel bandwidth bc0 un-limited [HUAWEI-Tunnel0/0/1] mpls te commit 12.3 snmp-agent trap enable feature-name ldp Function The snmp-agent trap enable feature-name ldp command enables the trap for the MPLS LDP module. The undo snmp-agent trap enable feature-name ldp command disables the trap for the MPLS LDP module. By default, the trap is disabled for the MPLS LDP module. Format snmp-agent trap enable feature-name ldp trap-name { session-down | session-up } undo snmp-agent trap enable feature-name ldp trap-name { session-down | session-up } Parameters Parameter Description Value trap-name Enables the trap of MPLS LDP events of a specified type. - session-down Enables the trap of the event that an LDP session goes Down in the MIB. session-up - Enables the trap of the event that an LDP session goes Up in the MIB. - Views System view Default Level 2: Configuration level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 229 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 MPLS compatible command Usage Guidelines Run the snmp-agent trap enable feature-name ldp command to enable the LDP session trap. Currently, all traps of the MPLS LDP module are non-excessive trap. The frequent LDP session status changes do not trigger a large number of traps. Example # Enable the trap of the event that an LDP session is reestablished. <HUAWEI> system-view [HUAWEI] snmp-agent trap enable feature-name ldp trap-name session-up 12.4 static-cr-lsp ingress bandwidth Function Using the static-cr-lsp ingress bandwidth command, you can configure a static CR-LSP and specify its bandwidth on the ingress LSR. By default, no static CR-LSP on the ingress LSR is configured. Format static-cr-lsp ingress { tunnel-interface tunnel interface-number | tunnel-name } destination destination-address { nexthop next-hop-address | outgoing-interface interface-type interfacenumber } * out-label out-label bandwidth { bc0 | bc1 } bandwidth Parameters Parameter Description tunnel-interface tunnel interface-number Specifies the tunnel interface of a static CR-LSP. interfacenumber indicates the tunnel interface number. tunnel-name Specifies the name of a CRLSP. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Value The name is a string of 1 to 19 case-sensitive characters, spaces and abbreviation not supported. If you use the interface Tunnel 0/0/2 command to create a tunnel interface for a static CR-LSP, the tunnel name in the staticcr-lsp ingress command must be formatted as "Tunnel0/0/2", otherwise, the tunnel cannot be created. There is no such a limit for the transit node and egress node. 230 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 MPLS compatible command Parameter Description Value destination destinationaddress Specifies the destination IP address of a static CR-LSP. - nexthop next-hop-address Specifies the next-hop IP address of a static CR-LSP. - outgoing-interface interface-type interfacenumber Specifies the type and number of an outgoing interface. This parameter is only applicable to a P2P link. out-label out-label Specifies the value of an outgoing label. bc0 Specifies BC0 bandwidth of a static CR-LSP. bc1 Specifies BC1 bandwidth of a static CR-LSP. bandwidth Specifies the bandwidth required by a CR-LSP. out-label is an integer ranging from 16 to 1048575. The value ranges from 0 to 4000000000, in kbit/s. The default value is 0. Views System view Default Level 2: Configuration level Usage Guidelines Before setting up an MPLS TE tunnel through a static CR-LSP, configure a static route or an IGP to ensure connectivity between LSRs, and enable basic MPLS and MPLS TE functions. Example # Configure the static CR-LSP named Tunnel0/0/1, with the destination IP address being 10.1.3.1, the next-hop address being 10.1.1.2, the outgoing label being 237, and the required bandwidth being 20 kbit/s from BC0 on the ingress. <HUAWEI> system-view [HUAWEI] static-cr-lsp ingress tunnel-interface Tunnel0/0/1 destination 10.1.3.1 nexthop 10.1.1.2 out-label 237 bandwidth bc0 20 12.5 static-cr-lsp transit bandwidth Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 231 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 MPLS compatible command Function Using the static-cr-lsp transit bandwidth command, you can configure a static CR-LSP and specify its bandwidth on a transit LSR. By default, no static CR-LSP on a transit LSR is configured. Format static-cr-lsp transit lsp-name incoming-interface interface-type interface-number in-label inlabel { nexthop next-hop-address | outgoing-interface interface-type interface-number } * outlabel out-label bandwidth { bc0 | bc1 } bandwidth [ description description ] Parameters Parameter Description Value lsp-name Specifies the CR-LSP name. The name is a string of 1 to 19 case-sensitive characters, spaces not supported. incoming-interface interface-type interfacenumber Specifies the name of an incoming interface. - in-label in-label Specifies the value of an incoming label. An integer ranging from 16 to 1023 nexthop next-hop-address Specifies the next-hop address. - outgoing-interface interface-type interfacenumber Specifies the name of an outgoing interface. - out-label out-label Specifies the value of an outgoing label. An integer ranging from 16 to 1048575. bc0 Obtains the bandwidth from BC0. - bc1 Obtains the bandwidth from BC1. - Views System view Default Level 2: Configuration level Usage Guidelines Before setting up an MPLS TE tunnel through a static CR-LSP, configure a static route or an IGP to ensure connectivity between LSRs, and enable basic MPLS and MPLS TE functions. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 232 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 MPLS compatible command Example # Configure the static CR-LSP named tunnel34, with the incoming interface being VLANIF10, the incoming label being 123, the outgoing interface being VLANIF20, the outgoing label as 253, the required BC0 bandwidth being 20 kbit/s on the transit node. <HUAWEI> system-view [HUAWEI] static-cr-lsp transit tunnel34 incoming-interface vlanif 10 in-label 123 outgoing-interface vlanif 20 out-label 253 bandwidth bc0 20 12.6 bandwidth (LSP attribute view) Function The bandwidth command configures the bandwidth in the CR-LSP attribute template. The undo bandwidth command deletes the bandwidth in the CR-LSP attribute template. By default, no bandwidth in the CR-LSP attribute template is configured. Format bandwidth ct0 ct0-bandwidth ct1 ct1-bandwidth undo bandwidth ct0 ct1 Parameters Parameter Description Value ct0 ct0-bandwidth Specifies the bandwidth of an LSP of CT0. The value is an integer that ranges from 1 to 4000000000, in kbit/s. By default, the bandwidth is 0 kbit/s. ct1 ct1-bandwidth Specifies the bandwidth of an LSP of CT1. The value is an integer that ranges from 1 to 4000000000, in kbit/s. By default, the bandwidth is 0 kbit/s. ct2 ct2-bandwidth Specifies the bandwidth of an LSP of CT2. The value is an integer that ranges from 1 to 4000000000, in kbit/s. By default, the bandwidth is 0 kbit/s. ct3 ct3-bandwidth Specifies the bandwidth of an LSP of CT3. The value is an integer that ranges from 1 to 4000000000, in kbit/s. By default, the bandwidth is 0 kbit/s. ct4 ct4-bandwidth Specifies the bandwidth of an LSP of CT4. The value is an integer that ranges from 1 to 4000000000, in kbit/s. By default, the bandwidth is 0 kbit/s. ct5 ct5-bandwidth Specifies the bandwidth of an LSP of CT5. The value is an integer that ranges from 1 to 4000000000, in kbit/s. By default, the bandwidth is 0 kbit/s. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 233 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Parameter Description 12 MPLS compatible command Value ct6 ct6-bandwidth Specifies the bandwidth of an LSP of CT6. The value is an integer that ranges from 1 to 4000000000, in kbit/s. By default, the bandwidth is 0 kbit/s. ct7 ct7-bandwidth Specifies the bandwidth of an LSP of CT7. The value is an integer that ranges from 1 to 4000000000, in kbit/s. By default, the bandwidth is 0 kbit/s. Views LSP attribute view Default Level 2: Configuration level Usage Guidelines A static TE tunnel does not support the multi-CT configuration. On a single TE tunnel interface, the multi-CT bandwidth cannot be configured with the following features: l CSPF tie-breaking l Bypass tunnel attributes The preceding constraints do not apply to the single CT configuration for a TE tunnel. NOTE If the bandwidth required for a CR-LSP is more than 67,105 kbit/s, it is recommended that additional one thousandth of the required bandwidth be reserved. Example # Configure the bandwidth of an LSP of CT0 as 20 kbit/s in the CR-LSP attribute template. <HUAWEI> system-view [HUAWEI] lsp-attribute lsp-attribute-name [HUAWEI-lsp-attribute-lsp-attribute-name] bandwidth ct0 20 12.7 mpls te bandwidth Function The mpls te bandwidth command sets the bandwidth of an MPLS TE tunnel. The undo mpls te bandwidth command restores the default settings. The bandwidth of an MPLS TE tunnel is not set by default. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 234 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 12 MPLS compatible command Format mpls te bandwidth ct0 ct0-bw-value ct1 ct1-bw-value undo mpls te bandwidth ct0 ct1 undo mpls te bandwidth ct0 ct0-bw-value ct1 ct1-bw-value Parameters Parameter Description Value ct0 ct0-bw-value Specifies the bandwidth reserved for ct0-bw-value is an integer that ranges a TE tunnel of CT0. from 1 to 4000000000, in kbit/s. ct1 ct1-bw-value Specifies the bandwidth reserved for ct1-bw-value is an integer that ranges a TE tunnel of CT1. from 1 to 4000000000, in kbit/s. Views Tunnel interface view Default Level 2: Configuration level Usage Guidelines A static TE tunnel does not support the multi-CT configuration. On a single TE tunnel interface, the multi-CT bandwidth cannot be configured with the following features: l CSPF tie-breaking l Bypass tunnel attributes NOTE The configured bandwidth takes effect only during tunnel establishment and protocol negotiation, and does not limits the bandwidth for traffic forwarding. Example # Set the bandwidth required by Tunnel1. The bandwidth of CT0 is 2 Mbit/s. <HUAWEI> system-view [HUAWEI] mpls lsr-id 1.1.1.1 [HUAWEI] mpls [HUAWEI-mpls] mpls te [HUAWEI-mpls] quit [HUAWEI] interface tunnel 1 [HUAWEI-Tunnel1] tunnel-protocol mpls te [HUAWEI-Tunnel1] destination 2.2.2.2 [HUAWEI-Tunnel1] mpls te tunnel-id 100 [HUAWEI-Tunnel1] mpls te bandwidth ct0 2000 [HUAWEI-Tunnel1] mpls te commit Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 235 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 13 VPN compatible command VPN compatible command About This Chapter 13.1 display bgp vpnv6 brief 13.2 display bgp vpnv6 vpn6-instance brief 13.3 display bgp vpnv6 vpn6-instance routing-table 13.4 display bgp vpnv6 vpn6-instance routing-table statistics 13.5 display ipv6 prefix-limit statistics 13.6 display ipv6 routing-table limit 13.7 display ipv6 routing-table vpn6-instance 13.8 display ipv6 vpn6-instance 13.9 link-alive 13.10 mpls l2vpn traffic-statistics capability enable Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 236 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command 13.1 display bgp vpnv6 brief Function The display bgp vpnv6 brief command displays brief information about IPv6 VPN instances. Format display bgp vpnv6 vpn6-instance vpn-instance-name brief Parameters Parameter Description Value all Displays information about all VPNv6 instances. - vpn6-instance vpn-instance- Specifies the name of a VPNv6 The value is a string of 1 to name instance. 31 case-sensitive characters without spaces. Views All views Default Level 1: Monitoring level Usage Guidelines After the display bgp vpnv6 brief command is used to display information about VPNv6 instances, the VPNv6 instances are displayed and arranged alphabetically by name. Example # Display brief information about VPNv6 and all IPv6 VPN instances. <HUAWEI> display bgp vpnv6 vpn6-instance brief VPN-Instance(IPv6family): VPN-Instance Name Num vpna Issue 02 (2013-11-06) Peer Num 0 Route 0 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 237 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Table 13-1 Description of the display bgp vpnv6 all brief command output Item Description Peer Num Number of peers. Route Num Number of routes. VPN-Instance Name Name of a VPN instance. 13.2 display bgp vpnv6 vpn6-instance brief Function The display bgp vpnv6 vpn6-instance brief command displays brief information about IPv6 VPN instances. Format display bgp vpnv6 vpn6-instance vpn6-instance-namebrief Parameters Parameter Description Value vpn6-instance-name Specifies the name of a IPv6 VPNv6 The value is a string of 1 to 31 instance. case-sensitive characters without spaces. Views All views Default Level 1: Monitoring level Usage Guidelines After the display bgp vpnv6 vpn6-instance brief command is used to display information about VPNv6 instances, the VPNv6 instances are displayed and arranged alphabetically by name. Example # Display brief information about VPNv6 and all IPv6 VPN instances. <HUAWEI> display bgp vpnv6 vpn6-instance vrf0 brief VPN-Instance(IPv6-family): VPN-Instance Name Peer Num vrf0 1 Issue 02 (2013-11-06) Route Num 2 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 238 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Table 13-2 Description of the display bgp vpnv6 all brief command output Item Description Peer Num Number of peers. Route Num Number of routes. VPN-Instance Name Name of a VPN instance. 13.3 display bgp vpnv6 vpn6-instance routing-table Function The display bgp vpnv6 vpn6-instance routing-table command displays BGP VPNv6 routes. Format display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ ipv6-address [ prefixlength ] ] display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table as-path-filter { as-pathfilter-number | as-path-filter-name } display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table community [ community-number | aa:nn ] &<1-29> [ internet | no-advertise | no-export | no-exportsubconfed ] * [ whole-match ] display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table community-filter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advancedcommunity-filter-number } display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table different-origin-as display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table regular-expression asregular-expression display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table peer ipv6-address { advertised-routes [ ipv6–address [ prefix-length [ longer-prefixes ] ] ] | received-routes [ active ] } Parameters Parameter Description Value vpn6-instance Displays the BGP routes of a specified an IPv6 address family-enabled VPN instance on the local end. The value is a string of 1 to 31 case-sensitive characters without spaces. route-distinguisher routedistinguisher Displays the BGP routes with the specified RD. - Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 239 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Parameter Description ipv6-address Specifies the IPv6 address of a peer to be displayed. prefix-length Specifies the prefix length of an IPv6 address. - as-path-filter as-path-filternumber Specifies the number of an AS_Path filter. The value of as-path-filternumber is an integer that ranges from 1 to 256. as-path-filter-name Specifies the name of the matching AS-Path filter. The value is case-sensitive. community Displays the routes carrying the specified BGP community attribute in the routing table. community-number Specifies the community number. - aa:nn Specifies the community number. A maximum of 29 community numbers can be set. - internet Displays the BGP routes carrying the Internet community attribute. - no-advertise Displays the BGP routes carrying the No-Advertise community attribute. - no-export Displays the BGP routes carrying the No-Export community attribute. - no-export-subconfed Displays the BGP routes carrying the No-ExportSubconfed community attribute. - whole-match Indicates exact matching. - community-filter Displays the routes that match a specified BGP community filter. community-filter-name Specifies the name of a community filter. basic-community-filternumber Specifies the number of a basic community filter. advanced-community-filternumber Specifies the number of an advanced community filter. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Value - - 240 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Parameter Description Value different-origin-as Displays the routes that have the same destination address but different source AS numbers. - regular-expression asregular-expression Specifies the regular expression used to match the AS_Path information. The value is a string of 1 to 80 characters. peer ipv6-address Displays the BGP routes of a specified peer. - advertised-routes Displays the routes advertised to a specified peer. longer-prefixes Matches any route whose prefix mask is longer than the specified length. received-routes Displays the routes received from a specified peer. active Displays the active routes received from a specified peer. - Views All views Default Level 1: Monitoring level Usage Guidelines Information about specified routes can be displayed by specifying different parameters. Example # Display the routes of an IPv6 address family-enabled VPN instance named vpn1 on the local device. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number *>i Network NextHop MED Label Path/Ogn Issue 02 (2013-11-06) of Routes: 2 : 2001:: : 2001::1 : 0 : : 65410 ? Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. PrefixLen : 64 LocPrf : PrefVal : 0 241 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference *>i Network NextHop MED Label Path/Ogn : : : : : 2002:: ::FFFF:3.3.3.9 0 1037/NULL ? 13 VPN compatible command PrefixLen : 64 LocPrf : 100 PrefVal : 0 # Display the BGP routes with a specified destination address of an IPv6 address family-enabled VPN instance. <HUAWEI> display bgp vpnv6 vpn6-instance vrf1 routing-table 2001:: BGP local router ID : 1.1.1.1 Local AS number : 100 Paths: 2 available, 1 best, 1 select BGP routing table entry information of 2001::/64: Imported route. From: :: (0.0.0.0) Route Duration: 1d03h46m24s Direct Out-interface: Vlanif100 Original nexthop: :: AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, best, select, pre 0 Advertised to such 1 peers: 2001::1 BGP routing table entry information of 2001::/64: From: 2001::1 (10.10.10.10) Route Duration: 02h39m43s Direct Out-interface: Vlanif100 Original nexthop: 2001::1 AS-path 65410, origin incomplete, MED 0, pref-val 0, external, pre 255 Not advertised to any peer yet # Display all BGP VPNv6 routes whose AS_Path attribute contains 65420. <HUAWEI> display bgp vpnv6 all routing-table as-path-filter 1 BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 1 Route Distinguisher: 100:1 *> Network NextHop MED Label Path/Ogn : : : : : 2001:: 2001::1 0 NULL 65420 ? PrefixLen : 64 LocPrf : PrefVal : 0 VPN-Instance vpn1 : Total Number Network NextHop MED Label Path/Ogn of Routes: 1 : 2001:: : 2001::1 : 0 : : 65420 ? PrefixLen : 64 LocPrf : PrefVal : 0 # Display BGP4+ routes of the VPN instance named vpn1 whose AS path attribute contains 65420. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table as-path-filter 1 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 242 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete VPN-Instance vpn1 : Total Number Network NextHop MED Label Path/Ogn of Routes: 1 : 2001:: : 2001::1 : 0 : : 65420 ? PrefixLen : 64 LocPrf : PrefVal : 0 # Display BGP4+ routes of the VPN instance named vpn1 and matching the BGP community filter 1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table community-filter 1 whole-match BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete VPN-Instance vpn1 : Total Number Network NextHop MED Label *>i Network NextHop MED Label of Routes: 2 : 2001:: : 2001::1 : 0 : : 2002:: : ::FFFF:3.3.3.9 : 0 : 1037/NULL PrefixLen : 64 LocPrf : PrefVal : 0 PrefixLen : 64 LocPrf : 100 PrefVal : 0 # Display all BGP4+ routes of the VPN instance named vpn1 and matching the AS regular expression. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table regular-expression ^65420 BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete VPN-Instance Network NextHop MED Label Path/Ogn vpn1 : : 2001:: : 2001::1 : 0 : : 65420 ? PrefixLen : 64 LocPrf : PrefVal : 0 # Display all BGP4+ routes of the VPN instance named vpn1 that are received from the peer at 2001::1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2001::1 receivedroutes BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 243 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number Network NextHop MED Label Path/Ogn of Routes: 1 : 2001:: : 2001::1 : 0 : : 65410 ? PrefixLen : 64 LocPrf : PrefVal : 0 # Display BGP4+ routes sent to the peer at 2001::1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2001::1 advertisedroutes BGP Local router ID is 1.1.1.9 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total Number *>i Network NextHop MED Label Path/Ogn of Routes: 1 : 2002:: : ::FFFF:3.3.3.9 : 0 : 1037/NULL : ? PrefixLen : 64 LocPrf : 100 PrefVal : 0 Table 13-3 Description of the display bgp vpnv6 vpn6-instance routing-table command output Issue 02 (2013-11-06) Item Description BGP Local router ID ID of the local BGP router. The ID is in the same format as an IPv4 address. Total number of routes from all PE Total number of BGP VPNv6 routes received by the switch from its peer PEs. Network Destination network or host address of the route. PrefixLen Prefix length of the destination network or host address of the route. NextHop IPv6 address of the next hop. LocPrf Local preference of the BGP route. The default value is 100. MED MED of the route. The default value is 0. PrefVal Preferred value of the route. Label Label carried by the data packet destined for the destination network or host address of the route. Duration Route duration. Peer IP addresses of the peer. Path/Ogn AS_Path number and Origin attribute of the route. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 244 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Item Description Local AS Number Local AS number. BGP routing table entry information of Information about a specified BGP routing entry. From IPv6 address of the route originator. Route Duration Route duration. Original nexthop Original next hop. AS-path AS_Path attribute. Nil indicates that the attribute value is null. origin Origin attribute of the BGP route. The value can be IGP (for example, the routes imported into the BGP routing table by using the network (BGP) command), EGP (the routes obtained by EGP), or Incomplete (the routes whose origin cannot be identified, for example, the routes imported into the BGP routing table by using the import-route command). MED MED of a route. The MED is used to identify the optimal route for the traffic entering an AS. The route with the smallest MED is selected as the optimal route if the other attributes of the routes are the same. pref-val Preferred value. valid The BGP route is a valid route. external The BGP route is a external route. best The BGP route is the optimal route. select The BGP route is a preferred route. Pre 255 The preference of the BGP route is 255. Not advertised to any peer yet The BGP route has not been advertised to any peer. 13.4 display bgp vpnv6 vpn6-instance routing-table statistics Function The display bgp vpnv6 vpn6-instance routing-table statistics command displays statistics about BGP VPNv6 routes. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 245 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Format display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics [ as-pathfilter { as-path-filter-number | as-path-filter-name } | different-origin-as ] display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics regularexpression as-regular-expression display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics community [ community-number | aa:nn ] &<1-29> [ internet | no-advertise | no-export | no-exportsubconfed ] * [ whole-match ] display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics communityfilter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advancedcommunity-filter-number } display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table peer ipv6-address { advertised-routes | received-routes [ active ] } statistics Parameters Parameter Description Value all Displays statistics about all BGP VPNv6 routes. - vpn6-instance-name Displays statistics about the It is a string of 1 to 31 caseBGP routes of a specified VPN sensitive characters without instance. any spaces. as-path-filter Displays the routes that match the specified filter. as-path-filter-number Specifies the number of the matching AS-Path filter. It is an integer that ranges from 1 to 256. as-path-filter-name Specifies the name of the matching AS-Path filter. The name is a string of 1 to 51 characters without any space. It is case-sensitive. community Displays statistics about the routes carrying the specified BGP community attribute in the routing table. - community-number Specifies the community number. It is an integer ranging from 0 to 4294967295. aa:nn Specifies the community number. Both aa and nn are integers ranging from 0 to 65535. internet Displays statistics about the BGP routes carrying the Internet community attribute. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 246 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Parameter Description Value no-advertise Displays statistics about the BGP routes carrying the NoAdvertise community attribute. - no-export Displays statistics about the BGP routes carrying the NoExport community attribute. - no-export-subconfed Displays statistics about the BGP routes carrying the NoExport-Subconfed community attribute. whole-match Indicates exact matching. - community-filter Displays statistics about the routes that match a specified BGP community filter. - community-filter-name Specifies the name of a community filter. The name is a string of 1 to 51 characters without any space. It is case-sensitive. basic-community-filternumber Specifies the number of a basic It is an integer ranging from 1 community filter. to 99. advanced-community-filternumber Specifies the number of an advanced community filter. different-origin-as Displays statistics about the routes that have the same destination address but different source AS numbers. regular-expression asregular-expression Specifies the regular expression used to match the AS_Path information. active Specifies the number of active routes. peer ipv6-address Displays statistics about the BGP routes of a specified peer. advertised-routes Displays statistics about the routes advertised to a specified peer. received-routes Displays statistics about the routes received from a specified peer. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. It is an integer ranging from 100 to 199. The value is a string of 1 to 80 characters. - 247 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Views All views Default Level 1: Monitoring level Usage Guidelines None Example # Display statistics about the routes of an IPv6 address family-enabled VPN instance named vpn1 on the local device. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table statistics Total Number of Routes: 5 # Display statistics of BGP routes sent by the local device to peer 2000::1 of the IPv6 VPN instance named vpn1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2000::1 receivedroutes statistics Received routes total: 2 # Display statistics about the IPv6 routes sent by the local device to peer 2000::1 in a VPN instance named vpn1. <HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2000::1 advertisedroutes statistics Advertised routes total: 2 Default originated : 0 13.5 display ipv6 prefix-limit statistics Function The display ipv6 prefix-limit statistics command displays the statistics of the prefix limits of IPv6 VPN instances. Format display ipv6 prefix-limit { all-vpn6-instance | vpn6-instance vpn-instance-name } statistics Parameters Parameter Description Value all-vpn6-instance Indicates all IPv6 VPN instances. - Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 248 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Parameter Description Value vpn6-instance vpn-instance-name Specifies the name of an IPv6 VPN instance. - Views All views Default Level 1: Monitoring level Usage Guidelines You can run the display ipv6 prefix-limit statistics command to view the number of times that a protocol re-adds or deletes routes according to the prefix limit of a specified IPv6 VPN instance. Example # Display the statistics of the prefix limits of all IPv6 VPN instances. <HUAWEI> display ipv6 prefix-limit all-vpn6-instance statistics ------------------------------------------------------------------------------IPv6 VPN instance name: vrf1 DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute DIRECT 0 0 0 0 0 STATIC 0 0 0 0 0 OSPFv3 11 3 1 0 5 IS-IS 106 0 1 0 5 RIPng 98 0 1 1 5 BGP 2 0 1 1 5 -----------------------------------------------------------------------------IPv6 VPN instance name: VPN123 DIRECT STATIC OSPFv3 IS-IS RIPng BGP DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute 0 0 0 0 0 0 0 0 0 0 11 3 1 0 5 106 0 1 0 5 98 0 1 1 5 2 0 1 1 5 Table 13-4 Description of the display ipv6 prefix-limit statistics command output Issue 02 (2013-11-06) Item Description DenyAdd Number of routes that the protocol fails to add to the RIB because of the prefix limit. TryAddInDelState Number of routes that the protocol fails to add to the RIB because the RIB is in the process of deleting routes. NotifyDelAll Number of times that the RIB notifies the protocol of deleting routes when the prefix limit is decreased. NotifyDelFinish Number of times that the protocol notifies the RIB of completion of deleting routes. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 249 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Item Description NotifyAddRoute Number of times that the RIB notifies the protocol of readding routes. # Display the statistics of the prefix limit of the IPv6 VPN instance named vrf1. <HUAWEI> display ipv6 prefix-limit vpn6-instance vrf1 statistics ------------------------------------------------------------------------------IPv6 VPN instance name: vrf1 DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute DIRECT 0 0 0 0 0 STATIC 0 0 0 0 0 OSPFv3 11 3 1 0 5 IS-IS 106 0 1 0 5 RIPng 98 0 1 1 5 BGP 2 0 1 1 5 13.6 display ipv6 routing-table limit Function The display ipv6 routing-table limit command displays limits on the numbers of routes and prefixes of the IPv6 VPN instance. Format display ipv6 routing-table limit { all-vpn6-instance | vpn6-instance vpn-instance-name } Parameters Parameter Description Value all-vpn-instance Indicates all IPv6 VPN instances. - vpn-instance vpn-instance-name Specifies the name of an IPv6 VPN instance. - Views All views Default Level 1: Monitoring level Usage Guidelines None. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 250 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Example # Display limits on the numbers of routes and prefixes of all IPv6 VPN instances. <HUAWEI> display ipv6 routing-table limit all-vpn-instance Limit-Object Limit-Type Upper-Limit Warning Current Log-Interval ---------------------------------------------------------------------------------IPv6 VPN Instance Name: VPN1 Route Simply-Alert 5000 4223 5 Prefix Alert-Percent 1000 800 760 5 ---------------------------------------------------------------------------------IPv6 VPN Instance Name: VPN1234567890123456789123456789 Route Alert-Percent 2000 1000 823 5 Prefix Default 760 5 Table 13-5 Description of the display ipv6 routing-table limit command output Item Description Limit-Object Indicates the object whose total number is limited: l Prefix l Route Limit-Type Indicates the limit mode for the routes and prefixes in the current routing table: l Simply-Alert: indicates that only alarms are generated after the number of routes or prefixes exceeds the upper limit. l Alert-Percent: indicates the percentage of the alarm threshold of routes. l Default: indicates that the number of routes or prefixes is not limited by default. Upper-Limit Indicates the upper limit of routes or prefixes in the current routing table. Warning Indicates the alarm threshold of routes or prefixes in the current routing table. Current Indicates the number of routes or prefixes in the current routing table. Log-Interval Indicates the frequency of displaying logs when the number of routes or prefixes in the current routing table exceeds the upper limit, in seconds. # Display limits on the numbers of routes and prefixes of the IPv6 VPN instance named vpn1. <HUAWEI> display ipv6 routing-table limit vpn-instance vpn1 IPv6 VPN Instance Name: vpn1 Limit-Object Limit-Type Upper-Limit Warning Current Route Simply-Alert 5000 4223 Prefix Alert-Percent 1000 800 760 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. Log-Interval 5 5 251 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command 13.7 display ipv6 routing-table vpn6-instance Function The display ipv6 routing-table vpn6-instance command displays the routing table of the VPN instance. Format display ipv6 routing-table vpn6-instance vpn6-instance-name [ verbose ] display ipv6 routing-table vpn6-instance vpn6-instance-name acl { acl6-number | acl6name } [ verbose ] display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address [ prefix-length ] [ longer-match ] [ verbose ] display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address1 [ prefixlength1 ] ipv6-address2 prefix-length2 [ verbose ] display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-prefix ipv6-prefix-name [ verbose ] display ipv6 routing-table vpn6-instance vpn6-instance-name statistics display ipv6 routing-table vpn6-instance vpn6-instance-name protocol protocol [ inactive | verbose ] Parameters Parameter Description Value vpn6-instance-name Specifies the name of an VPN instance. The value is a string of 1 to 31 case-sensitive characters without spaces. verbose Displays detailed information about active and inactive routes in the routing table of the current VPN instance. acl Uses ACL6 to filter the command output. If the specified ACL6 does not exist, information about all active routes is displayed. acl6-number Specifies the number of a basic The value is an integer that ACL6. ranges from 2000 to 2999. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 252 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Parameter Description Value acl6-name Specifies the name of a Named The value is a string of 1 to ACL6. 32 case-sensitive characters without spaces, begin with a~z or A~Z. longer-match Displays only the VPN routes that match the specified network and mask. - ipv6-address Specifies the destination IPv6 address. - prefix-length Specifies the length of the IPv6 The value is an integer that address prefix. ranges from 0 to 128. ipv6-address1 / ipv6address2 Specifies the IPv6 address. ipv6-address1 and ipv6address2 together determine an address range. Only the VPN routes in the address range are displayed. prefix-length1/prefix-length2 Specifies the length of the IPv6 The value is an integer that address prefix. ranges from 0 to 128. ipv6-prefix ipv6-prefix-name Specifies the name of the IPv6 A string of 1 to 19 characters. prefix list. statistics Displays integrated route statistics in the routing table of the VPN instance. protocol Displays the routes of a specified protocol. protocol Displays the routes of a specified protocol. It can be one of the following keywords: - l direct: displays direct IPv6 routes. l static: displays IPv6 static routes. l bgp: displays BGP4+ routes. l isis: displays IS-IS IPv6 routes. l ospfv3: displays OSPFv3 routes. l ripng: displays RIPng routes. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 253 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Parameter Description Value inactive Displays the summary of inactive routes only. - Views All views Default Level 1: Monitoring level Usage Guidelines Usage Scenario The command output includes the destination address, prefix length, protocol type, preference, cost, next hop, and outbound interface. NOTE An iterated route is counted as one route no matter how many outbound interfaces and next hops the route finds. This command without the parameter verbose displays the currently preferred routes only. When using the display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address prefix-length [ longer-match ] [ verbose ] command, you can select parameters in the command as required. l If ipv6-address prefix-length is specified, the VPN routes that accurately match the destination address are displayed. l If ipv6-address prefix-length longer-match is specified, the IPv6 routes with the destination address within the specified address range are displayed. If the prefix length is 0, all routes in the routing table of the VPN instance are displayed. For example, there are four routes in the routing table of the VPN instance named vpna, 2000::20/128, 2000::/100, 2000::/64, and 1000::/64. l If the display ipv6 routing-table vpn6-instance vpna 2000:: 64 command is used, only 2000::/64 is displayed. l If the display ipv6 routing-table vpn6-instance vpna 2000:: command is used, only 2000::/100 is displayed. l If the display ipv6 routing-table vpn6-instance vpna 2000:: 127 longer-match command is used, only 2000::/100 and 2000::/64 are displayed. l If the display ipv6 routing-table vpn6-instance vpna 2000:: 0 longer-match command is used, four routes are displayed. Precautions If the specified ip-prefix ip-prefix-name does not exist, the command displays all of the currently preferred routes. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 254 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Example # Display the summary of the routing table of the VPN instance named vpn1. <HUAWEI> display ipv6 routing-table vpn6-instance vpn1 Routing Table : vpn1 Destinations : 1 Routes : 1 Destination NextHop Cost RelayNextHop Interface : : : : : 7777:5:344:: 3335::2 0 :: Vlanif10 PrefixLength Preference Protocol TunnelID Flags : : : : : 48 255 BGP 0x0 D Table 13-6 Description of the display ipv6 routing-table vpn6-instance command output Item Description Routing Table : vpn1 VPN routing table named vpn1. Destinations Total number of destination networks or hosts. Destination Address of the destination network or host. Routes Total number of routes. PrefixLength Length of the prefix. NextHop IPv6 address of the adjacent next hop through which the packet reaches the destination. Preference Preference of the route. Cost Route cost. Protocol Routing protocol name. RelayNextHop Iterated next hop. TunnelID Tunnel ID. The value 0x0 indicates that no tunnel is used or the tunnel is not set up. Interface Outbound interface through which the next hop is reachable. Flags Route flags. # Display detailed information about the route 200:0:1:2::1 of the VPN instance after the instance is enabled with VPN FRR. <HUAWEI> display ipv6 routing-table vpn6-instance vrf1 200:0:1:2::1 verbose Routing Table : vrf1 Summary Count : 1 Destination NextHop Neighbour Issue 02 (2013-11-06) : 200:0:1:2::1 : ::FFFF:192.168.100.6 : ::192.168.100.6 PrefixLength : 128 Preference : 255 ProcessID : 0 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 255 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Label : State : Entry ID : Reference Cnt: Priority : IndirectID : RelayNextHop : Interface : BkNextHop : BkPETunnelID : 13313 Active Adv Relied 14 1 low 0x0 :: NULL0 ::FFFF:192.168.100.7 0x100c 13 VPN compatible command Protocol Cost EntryFlags Tag Age : : : : : BGP 0 0x80024904 0 393sec TunnelID Flags BkLabel : 0x100a : RD : 13313 Table 13-7 Description of the display ipv6 routing-table vpn6-instance verbose command output Item Description Summary Count Total number of route prefixes. Neighbour IP address of the neighbor interface. ProcessID Process ID of the routing protocol. Label Label value carried by the route. State Route status: l Active: indicates active routes. l Invalid: indicates invalid routes. l Inactive: indicates inactive routes. l NoAdv: indicates the routes that cannot be advertised. l Adv: indicates the routes that can be advertised. l Del: indicates the routes to be deleted. l Relied: indicates the route that finds the next hop and outbound interface or the route that finds the tunnel during packet forwarding. l Stale.: indicates the routes with the stale flag. The routes are used in GR. Issue 02 (2013-11-06) Entry ID Keyword of the retrieval index of routes in the routing table. EntryFlags Information about route flags. Refernce Cnt Number of times that the route is referenced. Tag Tag for importing routes. The value is an integer ranging from 0 to 4294967295. Priority Priority of the route. Age Time since the route is generated. IndirectID Indirect ID of the next hop. BkNextHop Backup next hop. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 256 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Item Description BkLabel Backup label. BkPETunnelID Backup Tunnel ID. # Display the statistics of the routing table of the VPN instance named vpn1. <HUAWEI> display ipv6 routing-table vpn6-instance vpn1 statistics Summary prefixes: 6 Protocol route active added deleted freed DIRECT 4 4 4 0 0 STATIC 2 1 2 0 0 RIPng 0 0 0 0 0 OSPFv3 0 0 0 0 0 IS-IS 0 0 0 0 0 BGP 0 0 0 0 0 UNR 0 0 0 0 0 Total 6 5 6 0 0 Table 13-8 Description of the display ipv6 routing-table statistics command output Item Description Summary prefixes Total number of prefixes in the current routing table. route Indicates the total number of active and inactive routes in the current routing table. active Number of active routes. added Number of active and inactive routes added in the routing table. deleted Number of routes deleted from the routing table. freed Number of released routes that are permanently deleted from the routing table. # Display all the direct routes of the VPN instance named vpn1. <HUAWEI> display ipv6 routing-table vpn6-instance vpn1 protocol direct vpn1 Routing Table : Direct Summary Count : 3 Direct Routing Table's Status : < Active > Summary Count : 3 Issue 02 (2013-11-06) Destination NextHop Cost RelayNextHop Interface : : : : : 3335:: 3335::1 0 :: Vlanif10 Destination NextHop : 3335::1 : ::1 Flags PrefixLength Preference Protocol TunnelID : D : : : : 64 0 Direct 0x0 PrefixLength : 128 Preference : 0 Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 257 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference Cost : 0 RelayNextHop : :: Interface : Vlanif10 13 VPN compatible command Flags Destination : FE80:: NextHop : :: Cost : 0 RelayNextHop : :: Interface : NULL0 Direct Routing Table's Status : < Inactive > Summary Count : 0 Protocol TunnelID : D : Direct : 0x0 PrefixLength Preference Protocol TunnelID Flags : : : : : 10 0 Direct 0x0 D Table 13-9 Description of the display ipv6 routing-table vpn6-instance protocol command output Item Description Active Active routes. Inactive Inactive routes. 13.8 display ipv6 vpn6-instance Function The display ipv6 vpn6-instance command displays information about an IPv6 VPN instance. Format display ipv6 vpn6-instance [ brief | verbose ] [ vpn6-instance-name ] Parameters Parameter Description Value brief Displays summary information about an IPv6 VPN instance. - verbose Displays detailed information about the IPv6 VPN instances and their associated interfaces. vpn6-instance-name Specifies the name of an IPv6 VPN The name is a string of 1 to 31 instance. case-sensitive characters. Views All views Default Level 1: Monitoring level Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 258 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Usage Guidelines If a VPN instance is configured, you can check the configuration of the instance by using the display ipv6 vpn6-instance command. You can also use this command to view the VPN instances configured on the local device. When no parameters are specified, the command displays brief information about all the configured VPN instances. Example # View brief information about all the configured IPv6 VPN instances. <HUAWEI> display ipv6 vpn6-instance Total VPN-Instances configured : 3 Total IPv4 VPN-Instances configured : 2 Total IPv6 VPN-Instances configured : 1 VPN-Instance Name family RD Address- vpn1 vpna IPv4 vpna IPv6 vpnb 100:1 100:3 100:2 IPv4 Table 13-10 Description of the display ip vpn-instance command output Issue 02 (2013-11-06) Item Description Total VPN-Instances configured Total number of VPN instances configured on the local end. Total IPv4 VPN-Instances configured Total number of locally configured VPN instances for which IPv4 address families are enabled. Total IPv6 VPN-Instances configured Total number of locally configured VPN instances for which IPv6 address families are enabled. VPN-Instance Name Name of the VPN instance. RD RD of the VPN instance IPv4 address family or IPv6 address family. Creation Time Time when an IPv4 or IPv6 address family is enabled for the VPN instance. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 259 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Item Description Address-family Address family enabled for the VPN instance. The address family can be: l Null, if no address family is enabled. l ipv4, if only the IPv4 address family is enabled. l ipv6, if only the IPv6 address family is enabled. <HUAWEI> display ipv6 vpn6-instance brief Total VPN-Instances configured : 3 Total IPv4 VPN-Instances configured : 2 Total IPv6 VPN-Instances configured : 1 VPN-Instance Name family RD Address- vpn1 vpna IPv4 vpna IPv6 vpnb 100:1 100:3 100:2 IPv4 # View detailed information about all IPv6 VPN instances. <HUAWEI> display ipv6 vpn6-instance verbose Total VPN-Instances configured : 1 Total IPv4 VPN-Instances configured : 1 Total IPv6 VPN-Instances configured : 1 VPN-Instance Name and ID : vpna, 6 Description : vpna-1 Service ID : 12 Interfaces : Vlanif10 Address family ipv4 Create date : 2012/12/3 15:36:20 UTC+08:00 Up time : 6 days, 04 hours, 41 minutes and 57 seconds Route Distinguisher : 100:1 Export VPN Targets : 1:1 Import VPN Targets : 1:1 Label Policy : label per instance Per-Instance Label : 1024 IP FRR Route Policy : 20 VPN FRR Route Policy : 12 Import Route Policy : 10 Export Route Policy : 20 Tunnel Policy : bindTE Maximum Routes Limit : 2000 Threshold Routes Limit : 80% Maximum Prefixes Limit : 1024 Threshold Prefixes Limit : 50% Install Mode : route-unchanged Log Interval : 10 Address family ipv6 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 260 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Create date : 2012/12/3 15:36:20 UTC+08:00 Up time : 6 days, 04 hours, 41 minutes and 57 seconds Log Interval : 5 Table 13-11 Description of the display ip vpn-instance verbose command output Issue 02 (2013-11-06) Item Description Total VPN-Instances configured Total number of VPN instances configured on the local end. Total IPv4 VPN-Instances configured Total number of locally configured VPN instances for which IPv4 address families are enabled. Total IPv6 VPN-Instances configured Total number of locally configured VPN instances for which IPv6 address families are enabled. VPN-Instance Name and ID Name and ID of the VPN instance. The ID is assigned by the system, which facilitates indexing. Description Description of the VPN instance. This field is displayed in the command output only when the description (VPN instance view) command is used. Service ID Service ID of the VPN instance. This item is displayed only after the service-id (VPN instance view) command is run in the VPN instance view. Interfaces Interfaces bound to the VPN instance. This field is displayed only after the ip binding vpn-instance command is configured on these interfaces. Address family ipv4 Information about the IPv4 address family enabled for the VPN instance. Address family ipv6 Information about the IPv6 address family enabled for the VPN instance. Create date Time when the VPN instance is created. Up time Period during which the VPN instance maintains in the Up state. Route Distinguisher RD of the VPN instance IPv4 address family or IPv6 address family Export VPN Targets Route Target list in the outbound direction. To set the VPN target, run the vpn-target command. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 261 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Item Description Import VPN Targets Route Target list in the inbound direction. To set the VPN target, run the vpn-target command. Label Policy Label policy: l label per instance: indicates that the same label is allocated to routes of a VPN instance. This field is displayed in the command output only when the applylabel per-instance command is run in the VPN instance view. l label per route: indicates that each route of a VPN instance is assigned a label. Label allocation for routes of a VPN instance is implemented in this mode. Issue 02 (2013-11-06) Per-Instance Label Label value used when all VPN routes of the VPN instance address family share one label. This field is displayed only after the apply-label per-instance command is run in the VPN instance address family view. IP FRR Route Policy IP FRR route policy used for the address family. This item is displayed only after the ip frr command is run in the VPN instance IPv4 address family view. VPN FRR Route Policy VPN FRR route policy used for the address family. This item is displayed only after the vpn frr command is run in the VPN instance IPv4 address family view. Import Route Policy Import Route-Policy applied to the VPN instance. This field is displayed only after the import route-policy command is run in the VPN instance address family view. Export Route Policy Export Route-Policy applied to the VPN instance. This field is displayed only after the export route-policy command is run in the VPN instance address family view. Tunnel Policy Tunnel policy applied to the VPN instance. This field is displayed only after the tnlpolicy command is run in the VPN instance address family view. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 262 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command Item Description Maximum Routes Limit Maximum number of routes supported by the current address family. This field is displayed only after the routing-table limit command is run in the VPN instance address family view. Threshold Routes Limit Percentage of the maximum number of routes specified for the current address family. When the maximum number of routes reaches the percentage threshold, an alarm is generated.This field is displayed only after the routing-table limit command is run in the VPN instance address family view. Maximum Prefixes Limit Maximum number of prefixes supported by the current address family of the VPN instanceThis field is displayed only after the prefix limit command is run in the VPN instance address family view. Threshold Prefixes Limit Percentage of the maximum number of prefixes specified for the current address family of the VPN instance. When the maximum number of prefixes reaches the percentage threshold, an alarm is generated.This field is displayed only after the prefix limit command is run in the VPN instance address family view. Install Mode Method of processing routes. The prefix limit command can be used to specify the route processing method when the threshold is lowered due to the number of route prefixes exceeding the upper threshold. l If route-unchanged is configured, routes in the routing information base (RIB) table remain unchanged. l If route-unchanged is not configured, all routes in the RIB table are deleted and the routes are re-installed in the RIB table. Log Interval Issue 02 (2013-11-06) Interval for displaying log messages when the number of VPN instance routes exceeds the maximum value. The default interval is 5 seconds. The value can be set by the command limit-log-interval. Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 263 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command 13.9 link-alive Function The link-alive command enables the link-alive function on a GRE tunnel. The undo link-alive command disables the link-alive function on a GRE tunnel. By default, the link-alive function is disabled on a GRE tunnel. Format link-alive [ period period ] [ retry-times retry-times ] undo link-alive Parameters Parameter Description Value period Specifies the interval for sending link-alive packets. The value is an integer that ranges from 1 to 32767, in seconds. The default value is 5. retry-times retry-times Specifies the tunnel-unreachable counter value. The value is an integer that ranges from 1 to 255. The default value is 3. Views Tunnel interface view Default Level 2: Configuration level Usage Guidelines The link-alive function takes effect on a GRE tunnel immediately after you run the link-alive command on the tunnel interface. After you run the undo link-alive command, the link-alive function immediately becomes invalid. The source end of a GRE tunnel periodically sends linkalive packets. The tunnel-unreachable counter increases by 1 every time a link-alive packet is sent. If the source end does not receive any response packet when the tunnel-unreachable counter value reaches retry-times, the source end considers the remote end unreachable. Example # Enable the link-alive function on a GRE tunnel and retain the default parameter values. <HUAWEI> system-view [HUAWEI] interface tunnel 1 Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 264 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command [HUAWEI-Tunnel1] tunnel-protocol gre [HUAWEI-Tunnel1] link-alive # Disable the link-alive function on a GRE tunnel. <HUAWEI> system-view [HUAWEI] interface tunnel 1 [HUAWEI-Tunnel1] undo link-alive # Enable the link-alive function on a GRE tunnel. Set the interval for sending link-alive packets to 12 seconds and retain the default tunnel-unreachable counter value. <HUAWEI> system-view [HUAWEI] interface tunnel 1 [HUAWEI-Tunnel1] link-alive period 12 # Enable the link-alive function on a GRE tunnel. Set the interval for sending link-alive packets to 12 seconds and the tunnel-unreachable counter to 4. <HUAWEI> system-view [HUAWEI] interface tunnel 1 [HUAWEI-Tunnel1] link-alive period 12 retry-times 4 13.10 mpls l2vpn traffic-statistics capability enable Function The mpls l2vpn traffic-statistics capability enable command enables VLL traffic statistics. The undo mpls l2vpn traffic-statistics capability command disables VLL traffic statistics. By default, VLL traffic statistics function is disabled.. Format mpls l2vpn traffic-statistics capability enable undo mpls l2vpn traffic-statistics capability Parameters None. Views System view Default Level 2: Configuration level Usage Guidelines The traffic statistics function takes effect only on the VLLs created after you run the mpls l2vpn traffic-statistics capability enable or mpls l2vpn traffic-statistics enable command. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 265 S2350&S5300&S6300 Series Ethernet Switches Compatible Commands Reference 13 VPN compatible command After you run the mpls l2vpn traffic-statistics capability enable command to enable VLL traffic statistics, you can run the display traffic-statistics l2vpn interface command to view the traffic statistics result. Example # Enable L2VPN traffic statistics. <HUAWEI>system-view [HUAWEI] mpls l2vpn traffic-statistics capability enable Info: The modification can only take effect for newly created VC. System Response None. Issue 02 (2013-11-06) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. 266

S2350&S5300&S6300 V200R003(C00&C02) Compatible Commands Reference 02

Related documents

Products

Support

S2350&S5300&S6300 V200R003(C00&C02) Compatible Commands Reference 02

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib