Professional Documents
Culture Documents
V200R003(C00&C02&C10)
04
Date
2014-07-30
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website:
http://enterprise.huawei.com
Issue 04 (2014-07-30)
Intended Audience
This document is intended for:
l
Commissioning engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
Indicates an imminently hazardous situation
which, if not avoided, will result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, may result in minor or
moderate injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in
equipment damage, data loss, performance
deterioration, or unanticipated results.
NOTICE is used to address practices not
related to personal injury.
Issue 04 (2014-07-30)
ii
Symbol
Description
Calls attention to important information, best
practices and tips.
NOTE
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... }*
[ x | y | ... ]*
&<1-n>
Security Conventions
l
Issue 04 (2014-07-30)
Password setting
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
iii
When configuring a password in plain text, the password is saved in the configuration
file in plain text. The plain text has high security risks. The cipher text is recommended.
To ensure device security, change the password periodically.
When you configure a password in cipher text that starts and ends with %@%@ (the
password can be decrypted by the device), the password is displayed in the same manner
as the configured one in the configuration file. Do not use this setting.
l
Encryption algorithm
Currently, the device uses the following encryption algorithms: DES, AES, SHA-1, SHA-2,
and MD5. DES and AES are reversible, and SHA-1, SHA-2, and MD5 are irreversible.
The encryption algorithm depends on actual networking. If protocols are used for
interconnection, the locally stored password must be reversible. It is recommended that the
irreversible encryption algorithm be used for the administrator password.
Personal data
Some personal data may be obtained or used during operation or fault location of your
purchased products, services, features, so you have an obligation to make privacy policies
and take measures according to the applicable law of the country to protect personal data.
eSight
V200R003C00
V200R003C01
V200R003C02
V200R003C10
V200R003C10
V200R005C00
Change History
Changes between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
iv
Issue 04 (2014-07-30)
Contents
Contents
About This Document.....................................................................................................................ii
1 Basic Configuration Compatible Commands..........................................................................1
1.1 set save-configuration backup-to-server server..............................................................................................................2
1.2 set save-configuration.....................................................................................................................................................3
1.3 super................................................................................................................................................................................4
vi
Contents
vii
Contents
viii
Contents
ix
Contents
Contents
Issue 04 (2014-07-30)
xi
Issue 04 (2014-07-30)
Format
set save-configuration backup-to-server server server-ip [ transport-type { ftp | sftp } ]
path folder user user-name password password
Parameters
Parameter
Description
server server-ip
Specifies the IP address of the server where the system periodically saves
the configuration file.
transport-type
user user-name
path folder
Value
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
Run this command to periodically save the configuration file to the server.
Issue 04 (2014-07-30)
Precautions
If the mode in which the configuration file is transmitted to the server is not specified, FTP is
used.
If the specified path on the server does not exist, configuration files cannot be sent to the server.
The system then sends an alarm message indicating the transmission failure to the NMS, and
the transmission failure is recorded as a log message on the device.
The user name and password must be the same as those used in FTP or SFTP login mode.
Example
# Specify the server to which the system periodically sends the configuration file, and set the
transmission mode to SFTP.
<HUAWEI> system-view
[HUAWEI] set save-configuration backup-to-server server 1.1.1.1 transport-type
sftp path d:/ftp user huawei password huawei
Format
set save-configuration nochange-time nochange-time
undo set save-configuration nochange-time [ nochange-time ]
Parameters
Parameter
Description
Value
nochange-time nochangetime
Views
System view
Issue 04 (2014-07-30)
Default Level
3: Management level
Usage Guidelines
If nochange-time nochange-time is specified in the command, the system automatically saves
configurations if no configuration changes in the period specified by nochange-time.
If the interval from the time of the last configuration to the current time is shorter than the set
interval, the system cancels the current automatic saving operation.
Example
# Configure the system to automatically save configurations at 60-minute intervals if no
configuration changes in the period.
<HUAWEI> system-view
[HUAWEI] set save-configuration nochange-time 60
1.3 super
Function
The super command changes the level of a user.
Format
super [ level ]
Parameters
Parameter Description
level
Value
Specifies the user level. The value is an integer that ranges from 0 to 15. The
default user level is 3.
Views
User view
Default Level
0: Visit level
Usage Guidelines
Usage Scenario
To prevent illegal intrusion of unauthorized users, when a user switches to a higher user level,
the system authenticates the user identity by requiring the user to input the password for the
higher user level. If the user inputs an incorrect password, the login fails.
Issue 04 (2014-07-30)
NOTE
The device supports this command only when the super password command is configured in the history
version and the device has upgraded to the current version.
Precautions
Users are assigned one of 16 levels, and these levels correspond to command levels. After logging
in to the system, users can use only the commands whose levels are equal to or lower than their
user levels.
The password that the user enters is not displayed. If the user inputs the correct password within
three times, the user switches to the higher user level. If the password is incorrect, the user level
remains unchanged.
Example
# Switch users to level 3.
<HUAWEI> super 3
Password:
Now user privilege is 3 level, and only those commands whose level is equal to or
less than this level can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
Issue 04 (2014-07-30)
Issue 04 (2014-07-30)
Format
load-balance { dip | dmac | sip | smac | sipxordip | smacxordmac }
Parameters
Parameter
Description
Value
dip
dmac
sip
smac
sipxordip
smacxordmac
Views
Eth-Trunk interface view
Issue 04 (2014-07-30)
Default Level
2: Configuration level
Usage Guidelines
To ensure proper load balancing between the physical links of an Eth-Trunk interface and avoid
link congestion, you can use the load-balance command to set the load balancing mode of the
Eth-Trunk interface.
Load balancing is valid only for the outbound traffic; therefore, the load balancing modes for
the interfaces at both ends of the link can be different and do not affect each other.
If you run the load-balance command repeatedly, only the latest configuration takes effect.
You can set the load balancing mode according to the actual situation of the network. When a
parameter of traffic changes frequently, you can set the load balancing mode based on this
parameter to ensure that the traffic is load balanced evenly.
The device supports the following load balancing modes:
l
dip: load balancing based on the destination IP address. In this mode, the system obtains
the specified three bits from each of the destination IP address and the TCP or UDP port
number in outgoing packets to perform the Exclusive-OR calculation, and then selects the
outgoing interface from the Eth-Trunk table according to the calculation result.
dmac: load balancing based on the destination MAC address. In this mode, the system
obtains the specified three bits from each of the destination MAC address, VLAN ID,
Ethernet type, and incoming interface information to perform the Exclusive-OR
calculation, and then selects the outgoing interface from the Eth-Trunk table according to
the calculation result.
sip: load balancing based on the source IP address. In this mode, the system obtains the
specified three bits from each of the source IP address and the TCP or UDP port number
in incoming packets to perform the Exclusive-OR calculation, and then selects the outgoing
interface from the Eth-Trunk table according to the calculation result.
smac: load balancing based on the source MAC address. In this mode, the system obtains
the specified three bits from each of the source MAC address, VLAN ID, Ethernet type,
and incoming interface information to perform the Exclusive-OR calculation, and then
selects the outgoing interface from the Eth-Trunk table according to the calculation result.
sipxordip: load balancing based on the Exclusive-OR result of the source IP address and
destination IP address. In this mode, the system performs the Exclusive-OR calculation
between the Exclusive-OR results of the dip and sip modes, and then selects the outgoing
interface from the Eth-Trunk table according to the calculation result.
smacxordmac: load balancing based on the Exclusive-OR result of the source MAC address
and destination MAC address. In this mode, the system obtains three bits from each of the
source MAC address, destination MAC address, VLAN ID, Ethernet type, and incoming
interface information to perform the Exclusive-OR calculation, and then selects the
outgoing interface from the Eth-Trunk table according to the calculation result.
Example
# Set the load balancing mode of Eth-Trunk 1 to dmac.
Issue 04 (2014-07-30)
<HUAWEI> system-view
[HUAWEI] interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1] load-balance dmac
Format
service-type tunnel
undo service-type tunnel
Parameters
None
Views
Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
An IPv6 packet is encapsulated in an IPv4 packet header by a device, and then is forwarded by
the device according to the IPv4 routing table.
NOTE
After being configured as a service loopback interface, an Eth-Trunk interface can be used only to loop
back service packets over tunnels.
A device can be configured with only one service loopback interface.
Example
# Configure Eth-Trunk 0 as a service loopback interface.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk 0
[HUAWEI-Eth-Trunk0] service-type tunnel
Issue 04 (2014-07-30)
Support
S5700
S6700
Not supported
Format
l2 field dport
undo l2 field dport
Parameters
None
Views
Load balancing profile view
Default Level
2: Configuration level
Usage Guidelines
None
Example
# In the enhanced load balancing mode profile a, set the load balancing mode of Layer 2 packets
to dport.
<HUAWEI> system-view
[HUAWEI] load-balance-profile a
[HUAWEI-load-balance-profile-a] l2 field dport
Issue 04 (2014-07-30)
10
Support
S5700
S6700
Not supported
Format
ipv4 field dport
undo ipv4 field dport
Parameters
None
Views
Load balancing profile view
Default Level
2: Configuration level
Usage Guidelines
None.
Example
# In the load balancing profile a, set the load balancing mode of IPv4 packets to dport.
<HUAWEI> system-view
[HUAWEI] load-balance-profile a
[HUAWEI-load-balance-profile-a] ipv4 field dport
Issue 04 (2014-07-30)
11
Support
S5700
S6700
Not supported
Format
ipv6 field dport
undo ipv6 field dport
Parameters
None
Views
Load balancing profile view
Default Level
2: Configuration level
Usage Guidelines
None
Example
# In the load balancing profile a, set the load balancing mode of IPv6 packets to dport.
<HUAWEI> system-view
[HUAWEI] load-balance-profile a
[HUAWEI-load-balance-profile-a] ipv6 field dport
Issue 04 (2014-07-30)
12
Support
S5700
S6700
Not supported
Format
mpls field dport
undo mpls field dport
Parameters
None
Views
Load balancing profile view
Default Level
2: Configuration level
Usage Guidelines
None
Example
# In the load balancing profile a, set the load balancing mode of MPLS packets to dport.
<HUAWEI> system-view
[HUAWEI] load-balance-profile a
[HUAWEI-load-balance-profile-a] mpls field dport
13
Format
mac-address blackhole mac-address [ interface-type interface-number ] vlan vlan-id1 [ cevlan vlan-id2 ]
Parameters
Parameter
Description
Value
blackhole
mac-address
interface-type interfacenumber
l interface-type specifies
the type of the outbound
interface.
l interface-number
specifies the number of
the outbound interface.
vlan vlan-id1
Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
Issue 04 (2014-07-30)
14
Blackhole MAC address entries that are manually configured. A data frame is discarded if the
source or destination MAC address matches a blackhole MAC address entry.
Functions of static and blackhole MAC address entries are: Blackhole MAC address entries
prevent untrusted devices from attacking the device.
Precautions
If you configure a blackhole MAC address entry when the MAC table is full, the device processes
the MAC address entry as follows:
l
If a dynamic MAC address entry with the same MAC address exists in the MAC address
table, the device replaces the dynamic MAC address entry with the configured entry.
If no dynamic MAC address entry with the same MAC address exists in the MAC address
table, the MAC address entries cannot be added to the MAC address table.
Example
# Configure a blackhole MAC address entry to discard the Ethernet frames whose destination
MAC address is 0004-0004-0004 and VLAN ID is VLAN 5.
<HUAWEI> system-view
[HUAWEI] interface GigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] mac-address blackhole 4-4-4 vlan 5
Format
mac-address static mac-address interface-type interface-number vlan vlan-id1
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
static
mac-address
15
Parameter
Description
Value
interface-type interfacenumber
l interface-type specifies
the type of the outbound
interface.
l interface-number
specifies the number of
the outbound interface.
vlan vlan-id1
Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
Static MAC address entries that are manually configured. They take precedence over dynamic
MAC address entries.
Functions of static MAC address entries are: Static MAC address entries prevent bogus packets
with trusted device MAC addresses sent from attackers and guarantee communication between
the device and the upstream device or server.
Configuration Impact
You can configure multiple static MAC address entries by running the mac-address command
multiple times.
Precautions
If you configure a static MAC address entry when the MAC table is full, the device processes
the MAC address entry as follows:
l
If a dynamic MAC address entry with the same MAC address exists in the MAC address
table, the device replaces the dynamic MAC address entry with the configured entry.
If no dynamic MAC address entry with the same MAC address exists in the MAC address
table, the MAC address entries cannot be added to the MAC address table.
Issue 04 (2014-07-30)
16
Example
# Add a static MAC address entry to the MAC address table. The destination MAC address is
0003-0003-0003. The outbound interface is GigabitEthernet0/0/1, which belongs to VLAN 4.
<HUAWEI> system-view
[HUAWEI] mac-address static 3-3-3 GigabitEthernet 0/0/1 vlan 4
Format
port-security mac-address sticky enable
undo port-security mac-address sticky enable
Parameters
None
Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
After port security is enabled on an interface, MAC address entries learned by the interface are
saved in the MAC address table as secure dynamic MAC address entries.
After the sticky MAC function is enabled on an interface, the dynamic MAC addresses learned
by the interface change to sticky MAC addresses. If the number of sticky MAC addresses does
not reach the limit, the MAC addresses learned subsequently change to sticky MAC addresses.
When the number of sticky MAC addresses reaches the limit, packets whose source MAC
addresses do not match sticky MAC address entries are discarded. In addition, the system
determines whether to send a trap message or shut down the interface according to the configured
security protection action.
Prerequisites
Issue 04 (2014-07-30)
17
Port security has been enabled by using the port-security enable command on the interface.
Example
# Enable the sticky MAC function on GigabitEthernet0/0/1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-security enable
[HUAWEI-GigabitEthernet0/0/1] port-security mac-address sticky enable
Format
port-security maximum max-number
Parameters
Parameter
Description
max-number
Value
Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
After enabling port security on an interface, you can run the port-security maximum command
to limit the number of MAC addresses that the interface can learn.
Prerequisites
Port security has been enabled by using the port-security enable command on the interface.
Configuration Impact
Issue 04 (2014-07-30)
18
If you run the port-security maximum command multiple times in the same interface view,
only the latest configuration takes effect.
Precautions
If the sticky MAC function is disabled, max-number limits the number of secure dynamic MAC
addresses learned by the interface.
If the sticky MAC function is enabled, max-number limits the number of sticky MAC addresses
learned by the interface.
Example
# Set the maximum number of MAC addresses that can be learned by GigabitEthernet0/0/1 to
5.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-security enable
[HUAWEI-GigabitEthernet0/0/1] port-security maximum 5
Format
port mux-vlan enable
undo port mux-vlan enable
Parameters
None
Views
GE interface view, XGE interface view, 40GE interface view, Eth-Trunk interface view, port
group view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
19
Usage Guidelines
Usage Scenario
The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function
involves a MUX VLAN and several subordinate VLANs. Subordinate VLANs are classified
into subordinate group VLANs and subordinate separate VLANs. Subordinate VLANs can
communicate with the principal VLAN but cannot communicate with each other. Interfaces in
a subordinate group VLAN can communicate with each other, and interfaces in a subordinate
separate VLAN are isolated from each other.
The MUX VLAN function takes effect only after it is enabled on an interface.
Prerequisites
Before enable MUX VLAN function, complete the following task:
l
The port has been added to a principal or subordinate VLAN as an access, hybrid, or trunk
interface.
The port has been added to only a VLAN. If the port has been added to multiple VLANs,
the MUX VLAN function cannot be enabled on this port.
The port has been added to a principal or subordinate VLAN in untagged mode as an access
or hybrid interface.
Precautions
Disabling MAC address learning or limiting the number of learned MAC addresses on an
interface affects the MUX VLAN function on the interface.
The MUX VLAN and port security functions conflict on an interface. That is, the port-security
enable and port mux-vlan enable commands cannot be used on the same interface.
The MUX VLAN and MAC address authentication conflict on an interface; therefore, the port
mux-vlan enable and mac-authen command cannot be used on the same interface.
The MUX VLAN and 802.1x authentication conflict on an interface; therefore, the port muxvlan enable and dot1x enable command cannot be used on the same interface.
Example
# Enable the MUX VLAN function on GE0/0/1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port mux-vlan enable
Format
port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] push vlan vlan-id3 { remark-8021p 8021pvalue | priority-inherit }
Issue 04 (2014-07-30)
20
Parameters
Parameter
Description
Value
remark-8021p 8021p-value
priority-inherit
Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
When the user packets traverse the ISP network, you can use the port vlan-stacking command
to add a VLAN tag to the data frames sent from user VLANs so that the data frames contain
double VLAN tags.
When you configure selective QinQ, pay attention to the following points:
Issue 04 (2014-07-30)
21
Selective QinQ can be configured only on hybrid interfaces and it takes effect only in the
inbound direction.
The specified stack VLAN ID must exist and the interface must be added to the specified
stack VLAN in untagged mode.
Example
# Configure selective QinQ on GigabitEthernet 0/0/1. Add outer VLAN tag 100 to the frames
with C-VLAN IDs 10-13.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] qinq
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
priority-inherit
0/0/1
vlan-translation enable
hybrid untagged vlan 100
vlan-stacking vlan 10 to 13 push vlan 100
Format
bpdu-tunnel { all | protocol-type &<1-14> } enable
Parameters
Parameter
Description
Value
all
Enables or disables
transparent transmission of
packets of all standard Layer
2 protocols and user-defined
Layer 2 protocols.
protocol-type
Enables or disables
transparent transmission of
packets of a specified Layer
2 protocol.
NOTE
You can specify multiple
protocols in the command.
Issue 04 (2014-07-30)
22
Views
Ethernet interface view, XGE interface view, GE interface view, Eth-Trunk interface view, port
group view
Default Level
2: Configuration level
Usage Guidelines
After a user-side interface of a PE on an ISP network is enabled to transparently transmit Layer
2 protocol packets, the interface directly forwards Layer 2 protocol packets sent from a user
network instead of sending the packets to the CPU. In this way, Layer 2 protocol packets are
transparently transmitted through the ISP network.
Generally, the bpdu-tunnel enable command is run on user-side interfaces of PEs.
Example
# Configure GE0/0/1 to transparently transmit all Layer 2 protocols.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] bpdu-tunnel all enable
Format
bpdu-tunnel { all | protocol-type &<1-14> } vlan { low-id [ to high-id ] } &<1-10>
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
all
Enables or disables
transparent transmission of
packets of all standard Layer
2 protocols and user-defined
Layer 2 protocols.
23
Parameter
Description
Value
protocol-type
Enables or disables
transparent transmission of
packets of a specified Layer
2 protocol.
NOTE
You can specify multiple
protocols in the command.
low-id
high-id
Views
Ethernet interface view, XGE interface view, GE interface view, Eth-Trunk interface view, port
group view
Default Level
2: Configuration level
Usage Guidelines
After a user-side interface of a PE on an ISP network is enabled to transparently transmit Layer
2 protocol packets, the interface directly forwards Layer 2 protocol packets sent from a user
network instead of sending the packets to the CPU. In this way, Layer 2 protocol packets are
transparently transmitted through the ISP network.
The bpdu-tunnel vlan command is usually used on user-side interfaces of PEs.
Example
# Enable GE0/0/1 to transparently transmit all Layer 2 protocols with VLAN tags ranging from
100 to 200.
<HUAWEI> system-view
[HUAWEI] vlan batch 100 to 200
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200
[HUAWEI-GigabitEthernet0/0/1] bpdu-tunnel all vlan 100 to 200
24
Format
bpdu filter enable
bpdu filter disable
Parameters
None
Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
CAUTION
After you run the bpdu filter enable command on a port, the port no longer process or send
BPDUs. In this case, the port cannot negotiate the STP status with the directly connected port
on the peer device; therefore, use this command with caution. It is recommended that you use
this command on edge ports.
This command is usually used on edge devices to prevent edge ports from processing and sending
BPDUs.
If this command is not used on an edge device, ports of the device are non-BPDU filter ports.
In this case, the ports can send BPDUs even if they are configured as edge ports. Then BPDUs
are sent to other networks, causing flapping of other networks.
After you run the bpdu filter disable command on a port, the port becomes a non-BPDU filter
port. This port remains a non-BPDU filter port after you run the stp bpdu-filter default
command in the system view.
Issue 04 (2014-07-30)
25
Example
# Configure GE0/0/1 on an edge device as a non-BPDU filter port.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] bpdu filter disable
Format
stp-snooping enable
stp-snooping disable
Parameters
None
Views
System view
Default Level
2: Configuration level
Usage Guidelines
After the l2protocol-tunnel command is used to enable transparent transmission of Layer 2
protocol packets on untagged interfaces or the l2protocol-tunnel vlan command is used to
enable transparent transmission of Layer 2 protocol packets on tagged packets, the untagged or
tagged interfaces directly forward Layer 2 protocol packets sent from user networks over the
ISP's network rather than send them to the CPU for processing. When a device enabled with
transparent transmission of Layer 2 protocol packets receives TC packets, if the stp-snooping
enable command is used, the device clears the MAC entries and ARP entires and updates the
forwarding table.
Issue 04 (2014-07-30)
26
Example
# Enable STP snooping.
<HUAWEI> system-view
[HUAWEI] stp-snooping enable
Issue 04 (2014-07-30)
27
Issue 04 (2014-07-30)
28
Format
port-down holdoff-timer interval
Parameters
Parameter
Description
Value
interval
Views
Ethernet interface view, GE interface view, XGE interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
When the cable connected to an interface is faulty, the interface status may change frequently.
When this occurs, the system frequently updates the matching entries. If link backup is
configured on the interface, active/standby switchovers occur frequently. To prevent frequent
status change, you can use the port-down holdoff-timer command to set the delay in reporting
a port status change event.
If an S2750&S5700&S6700 interface is connected to a wavelength division multiplexing device,
the interface becomes Down when a protective switchover occurs on the wavelength division
multiplexing device, and services are interrupted. To prevent service interruption, you can set
the delay in reporting a port Down event.
Configuration Impact
Issue 04 (2014-07-30)
29
If you run the port-down holdoff-timer command multiple times in the same interface view,
only the latest configuration takes effect.
Example
# Set the delay in reporting a port status change event to 1000 milliseconds on
GigabitEthernet0/0/1.
<HUAWEI> system
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-down holdoff-timer 1000
Format
port media type { copper | fiber }
Parameters
Parameter
Description
Value
copper
fiber
Views
GE interface view
Default Level
2: Configuration level
Usage Guidelines
This command only distinguishes optical interface configuration and electrical interface
configuration, and is not configurable. For example, an interface has the following configuration:
#
interface GigabitEthernet0/0/1
port media type copper
undo negotiation auto
Issue 04 (2014-07-30)
30
speed 100
port media type fiber
undo negotiation auto
#
The preceding information shows that undo negotiation auto and speed 100 are configured on
the electrical interface, and undo negotiation auto is configured on the optical interface. During
configuration restoration, these configuration items are restored for the respective interfaces.
Format
display ifnet controller-tree { controller-name | controller-type controller-number } [ slot slotid ]
Parameters
Parameter
Description
Value
controller-name
slot slot-id
Views
Diagnostic view
Default Level
3: Management level
Usage Guidelines
The display ifnet controller-tree command displays information about the control interface
and related channel interfaces on devices.
NOTE
Example
# Display hierarchies under a controller.
<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] display ifnet controller-tree T3 1/2/0 slot 1
Issue 04 (2014-07-30)
31
Channel Node Addr : 0xd285e584 Next Node : 0xd2861b00 Prev Node: 0xd2861b00
Low Level Node Count : 1
Next Node: 0xd285e674 Prev Node: 0xd285e674
ID
: 1
Speed
: 0
Type : T1
SubType : NOT_SURE
Mode : CHANNELIZED
Framed : FRAMED
Shutdown Flag : NOSHUTDOWN
Channel Node Addr : 0xd285e674 Next Node : 0xd285e590 Prev Node : 0xd285e590
Low Level Node Count : 0
Next Node: 0xd285e680 Prev Node : 0xd285e680
Channel Interface
: Serial1/2/0/1:1 TimeSlot Mask : 0xe
ID
: 1
Speed
: 64000
Type : CHANNEL_SET
SubType : NOT_SURE
Mode : NOT_SURE
Framed : NOT_SURE
Shutdown Flag : NOSHUTDOWN
Description
Next Node
Prev Node
Channel Interface
ID
Speed
Type
Channel type:
l NOT_SURE
l CPOS
l E3
l T3
l E1
l T1
l CHANNEL_SET
l PRI_SET
l TIMESLOT_LIST
Issue 04 (2014-07-30)
32
Item
Description
SubType
Channel sub-type:
l NOT_SURE
l CPOS
l E3
l T3
l E1
l T1
l CHANNEL_SET
l PRI_SET
l TIMESLOT_LIST
Working mode of the current node:
Mode
Framed
Issue 04 (2014-07-30)
33
Issue 04 (2014-07-30)
34
Format
expired { day day [ hour hour [ minute minute ] ] | unlimited }
Parameters
Parameter
Description
day day
hour hour
minute minute
unlimited
Value
Views
IP address pool view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
The expired-hide command applies to DHCP servers. To meet different client requirements,
DHCP supports dynamic, automatic, and static address assignment. Different hosts require
Issue 04 (2014-07-30)
35
different IP address leases. For example, if some hosts such as a DNS server need to use certain
IP addresses for a long time, configure expired as unlimited to set the IP address lease of the
specified global address pool to unlimited. If some hosts such as a portable computer just need
to user temporary IP addresses, set the IP address lease of the specified global address pool to
the required time so that the expired IP addresses can be released and assigned to other clients.
When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a
DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be
assigned to the client, the DHCP server informs a renewed IP address lease to the client. If the
IP address can no longer be assigned to this client, the DHCP server informs the client that the
IP address lease cannot be renewed and it needs to apply for another IP address.
Prerequisites
Run the ip pool command to create a global IP address pool and the dhcp enable command to
globally enable the DHCP server function.
Precautions
Different IP address leases can be specified for different global IP address pools on a DHCP
server. In a global IP address pool, all addresses have the same lease.
Example
# Specify the IP address lease of the global address pool global1 to 1 day 2 hours and 30 minutes.
<HUAWEI> system-view
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] expired
Format
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
NOTE
Parameters
Issue 04 (2014-07-30)
Parameter
Description
day
Value
36
Parameter
Description
Value
hour
minute
unlimited
Views
VLANIF interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
The dhcp server expired command applies to DHCP servers. To meet different client
requirements, DHCP supports dynamic, automatic, and static address assignment. Different
hosts require different IP address leases. For example, if some hosts such as a DNS server need
to use certain IP addresses for a long time, run the dhcp server expired unlimited command
to set the IP address lease of the specified VLANIF interface address pool to unlimited. If some
hosts such as a portable computer just need to user temporary IP addresses, run the dhcp server
expired command to set the IP address lease of the specified VLANIF interface address pool to
the required time so that the expired IP addresses can be released and assigned to other clients.
When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a
DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be
assigned to the client, the DHCP server informs the client of a renewed IP address lease. If the
IP address can no longer be assigned to this client, the DHCP server informs the client that the
IP address lease cannot be renewed.
Prerequisites
Run the dhcp enable command to globally enable the DHCP function. Run the dhcp select
interface command in the VLANIF interface view to enable the interface IP address pool.
Precautions
Different IP address leases can be specified for different interface IP address pools on a DHCP
server. In an interface IP address pool, all IP addresses have the same lease.
Issue 04 (2014-07-30)
37
Example
# Set the IP address lease of the IP address pool on VLANIF 100 to 2 days 2 hours and 30
minutes.
<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ip address 10.1.1.1 24
[HUAWEI-Vlanif100] dhcp select interface
[HUAWEI-Vlanif100] dhcp server expired day 2 hour 2 minute 30
Format
dhcp server forbidden-ip start-ip-address [ end-ip-address ]
NOTE
Parameters
Parameter
Description
Value
start-ip-address
end-ip-address
Views
System view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
38
Usage Guidelines
Usage Scenario
The dhcp server forbidden-ip command applies to DHCP servers. In an IP address pool, some
IP addresses need to be reserved for other services, and some IP addresses are statically assigned
to certain hosts (such as the DNS server) and cannot be automatically assigned to clients. You
can run the dhcp server forbidden-ip command to specify the range of the IP addresses that
cannot be automatically assigned to clients from the IP address pool.
Precautions
l
If you run the dhcp server forbidden-ip command multiple times, you can specify multiple
IP addresses or IP address segments that cannot be automatically assigned to clients from
the specified address pool.
Example
# Configure that IP addresses in the address pool 10.10.10.10 to 10.10.10.20 cannot be
automatically assigned to clients.
<HUAWEI> system-view
[HUAWEI] dhcp server forbidden-ip 10.10.10.10 10.10.10.20
Format
dhcp server ip-pool pool-name
undo dhcp server ip-pool pool-name
NOTE
Issue 04 (2014-07-30)
39
Parameters
Parameter
Description
Value
pool-name
Views
System view
Default Level
2: Configuration level
Usage Guidelines
The dhcp server ip-pool command applies to DHCP servers. When configuring a DHCP server,
run the dhcp server ip-pool command to create an IP address pool and set parameters for the
IP address pool, including a gateway address, the IP address lease, and a VPN instance. Then
the configured DHCP server can assign IP addresses in the IP address pool to clients. If IP
addresses in a global IP address pool are in use, this global address pool cannot be deleted.
Example
# Create a global IP address pool pool1.
<HUAWEI> system-view
[HUAWEI] dhcp server ip-pool pool1
4.1.5 dns-suffix
Function
The dns-suffix command configures the domain name suffix to be assigned by the DHCP server
to a DHCP client.
By default, no domain name suffix is configured for a DHCP client.
Format
dns-suffix domain-name
NOTE
Issue 04 (2014-07-30)
40
Parameters
Parameter
Description
Value
domain-name
Views
IP address pool view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
The dns-suffix command applies to DHCP servers. Each client has a domain name. To enable
DHCP clients to communicate by using their domain names and prevent IP address conflicts,
the DHCP server needs to specify domain name suffixes for these clients when allocating IP
addresses to them. On the DHCP server, the dns-suffix command specifies a domain name suffix
for each global address pool. When allocating IP addresses to clients, the DHCP server also
sends the domain name suffixes to the clients. During domain name resolution, users only need
to enter a part of the domain name, and then the system uses a complete domain name suffix for
resolution.
Precautions
If no domain name suffix is configured for a global IP address pool, the DHCP server cannot
send a domain name suffix to clients. In this situation, the clients cannot communicate.
Example
# Configure mydomain.com.cn as the domain name suffix of the IP address pool pool1.
<HUAWEI> system-view
[HUAWEI] ip pool pool1
[HUAWEI-ip-pool-pool1] dns-suffix mydomain.com.cn
41
Using the undo ip relay address command, you can delete the configured DHCP server
addresses.
By default, no DHCP server address is configured on a VLANIF interface enabled with DHCP
relay.
Format
ip relay address ip-address
undo ip relay address { ip-address | all }
Parameters
Parameter
Description
Value
ip-address
all
Views
VLANIF interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
The ip relay address command is applicable to DHCP relay agents. When a DHCP client needs
to send a DHCP request packet to a DHCP server on a different network segment by using a
DHCP relay agent, run the ip relay address command on the DHCP relay agent to configure a
DHCP server address.
Prerequisites
DHCP relay has been enabled on the VLANIF interface by using the dhcp select relay
command.
Precautions
If you run the ip relay address command multiple times, multiple DHCP server addresses are
configured.
Example
# Configure DHCP server addresses 10.2.2.2 on VLANIF 100 enabled with DHCP relay.
Issue 04 (2014-07-30)
42
<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] dhcp select relay
[HUAWEI-Vlanif100] ip relay address 10.2.2.2
4.1.7 lease
Function
The lease command sets the lease for IP addresses in a global IP address pool.
The undo lease command restores the default lease of IP addresses in a global IP address pool.
By default, the lease of IP addresses is one day.
Format
lease day [ hour [ minute ] ]
undo lease
NOTE
Parameters
Parameter
Description
Value
day
hour
minute
Views
IP address pool view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
Issue 04 (2014-07-30)
43
The lease-hide command applies to DHCP servers. To meet different client requirements, DHCP
supports dynamic, automatic, and static address assignment. Different hosts require different IP
address leases. For example, if some hosts such as a DNS server need to use certain IP addresses
for a long time, set the IP address lease of the current global address pool to unlimited. If some
hosts such as a portable computer just need to use temporary IP addresses, run the lease command
to set the IP address lease of the current global IP address pool to the required time so that the
expired IP addresses can be released and assigned to other clients.
When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a
DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be
assigned to the client, the DHCP server informs a renewed IP address lease to the client. If the
IP address can no longer be assigned to this client, the DHCP server informs the client that the
IP address lease cannot be renewed and it needs to apply for another IP address.
Precautions
Different IP address leases can be specified for different global address pools on a DHCP server.
In a global address pool, all addresses have the same lease.
Example
# Specify the IP address lease of the global address pool global1 to 1 day.
<HUAWEI> system-view
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] lease 1
Format
policy-vlan dhcp-generic [ priority priority ]
undo policy-vlan dhcp-generic
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
priority priority
44
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
You can configure three types of DHCP policy VLAN on the device at the same time. They are
listed in descending order based on priorities as follows:
l
User hosts that access the network for the first time apply generic DHCP policy VLAN only
when they cannot apply DHCP policy VLAN based on MAC addresses or DHCP policy VLAN
based on interfaces.
Example
# Configure generic DHCP policy VLAN to associate DHCP messages to which DHCP policy
VLAN based on MAC addresses and DHCP policy VLAN based on interfaces cannot be applied
with VLAN 2, and specify the 802.1p priority of the DHCP messages as 5.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] policy-vlan dhcp-generic priority 5
Format
policy-vlan dhcp-mac mac-address1 [ to mac-address2 ] [ priority priority ]
undo policy-vlan dhcp-mac mac-address [ to mac-address ]
Issue 04 (2014-07-30)
45
Parameters
Parameter
Description
Value
dhcp-mac mac-address1 [ to
mac-address2 ]
l mac-address1 specifies
the start MAC address.
l to mac-address2 specifies
the end MAC address.
mac-address2 must be
greater than macaddress1. mac-address2
and mac-address1 specify
the MAC address range. If
to mac-address2 is not
specified, DHCP policy
VLAN based on only the
MAC address specified by
mac-address1 is
configured.
priority priority
NOTE
The range specified by macaddress1 and mac-address2
cannot contain multicast
MAC addresses, broadcast
MAC addresses, and all 0
address.
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
You can configure three types of DHCP policy VLAN on the device at the same time. They are
listed in descending order based on priorities as follows:
l
When multiple user hosts access the network through an interface on the device, you need to
run the policy-vlan dhcp-mac command to configure DHCP policy VLAN based on MAC
addresses so that the user hosts can obtain IP addresses from the DHCP server and be added to
specific VLANs.
Issue 04 (2014-07-30)
46
Example
# Configure DHCP policy VLAN based on the MAC address of the host 0001-0001-0001 to
associate DHCP messages from this host with VLAN 2, and specify the 802.1p priority of the
DHCP messages as 5.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] policy-vlan dhcp-mac 1-1-1 priority 5
Format
policy-vlan dhcp-port interface-type { interface-number1 [ to interface-number ] } &<110>
[ priority priority ]
undo policy-vlan dhcp-port interface-type { interface-number1 [ to interface-number ] } &<1
10>
Issue 04 (2014-07-30)
47
Parameters
Parameter
Description
Value
l eth-trunk
l interface-number1 specifies
the number of the start
interface.
l xgigabitethernet
l gigabitethernet
l to interface-number specifies
the number of the end
interface. interface-number
must be greater than
interface-number1. interfacenumber and interfacenumber1 specify the interface
range. If to interface-number
is not specified, DHCP policy
VLAN based on only the
interface specified by
interface-number1 is
configured.
priority priority
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
You can configure three types of DHCP policy VLAN on the device at the same time. They are
listed in descending order based on priorities as follows:
l
DHCP policy VLAN based on interfaces is valid only for hybrid interfaces. Ensure that the interfaces are
hybrid interfaces before running the policy-vlan dhcp-port command. The interfaces to be configured
with this function are hybrid interfaces by default. If not, you can configure an interface as a hybrid interface.
Issue 04 (2014-07-30)
48
Example
# Configure DHCP policy VLAN based on GigabitEthernet 0/0/1 to associate DHCP messages
on this interface with VLAN 2, and specify the 802.1p priority of the DHCP messages as 5.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] policy-vlan dhcp-port gigabitethernet 0/0/1 priority 5
Issue 04 (2014-07-30)
49
Issue 04 (2014-07-30)
50
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name group [ group-name ]
Parameters
Parameter
Description
Value
group-name
It is case-sensitive.
vpnv6
vpn6-instance vpn6-instancename
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If the peer group is specified, the detailed information on the specified peer group is displayed.
If the peer group is not specified, the information on all peer groups is displayed.
Example
# Display information about all peer groups of the IPv6 VPN instance named vpn6 on the local
switch.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn6 group
BGP peer-group: g1
Remote AS: 65410
Type : external
PeerSession Members:
2000::2
Peer Members:
2000::2
# Display information about the peer group named g1 of the IPv6 VPN instance named vpn6 on
the local switch.
Issue 04 (2014-07-30)
51
MsgSent
90
OutQ Up/Down
State PrefRcv
0 01:20:55 Established
0
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name network
Parameters
Parameter
Description
Value
vpn6
Displays the VPNv6 routes that are advertised through the network command.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
This command is used to display all the configurations of the network command in the specified
address family view. Routes can be imported and then advertised by BGP only when the route
prefix satisfies the following conditions:
l
Issue 04 (2014-07-30)
52
It is active.
Example
# Display the routes of the IPv6 VPN instance named vpn1 advertised by BGP through the
network command.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 network
BGP Local Router ID is 1.1.1.1
Local AS Number is 100
Route Distinguisher: 100:1
(vpn1)
Network
Prefix
Route-policy
2000::
policy1
100
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name paths [ as-regular-expression ]
Parameters
Parameter
Description
Value
as-regular-expression
vpnv6
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None.
Issue 04 (2014-07-30)
53
Example
# Display information about BGP4+ paths of IPv6 VPN instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 paths
Total routes of vpn6-instance vpn1: 4
Total Number of Paths: 4
Address
0x50EEF20
0x50EEEB8
0x50EEF88
0x50EF0C0
Refcount
1
1
1
1
MED
0
0
0
Path/Origin
?
?
i
65410?
# Display the BGP4+ paths, including AS_Path 65420, of IPv6 VPN instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 paths 65420*
Total routes of vpn6-instance vpn1: 1
Total Number of Paths: 1
Address
0x659D4A8
Refcount
1
MED
0
Path/Origin
65420?
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name peer [ { group-name | ipv6-address }
log-info | [ ipv6-address ] verbose ]
Parameters
Parameter
Description
log-info
verbose
ipv6-address
vpnv6
vpn6-instance vpn6instance-name
It is a string of 1 to 31 case-sensitive
characters without any spaces.
Issue 04 (2014-07-30)
Value
54
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None.
Example
# Display log information about BGP peer groups of the IPv6 VPN instance.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 peer g1 log-info
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ statistics ] dampened
Parameters
Parameter
Description
Value
statistics
vpnv6
vpn6-instance vpn6-instancename
Views
All views
Default Level
1: Monitoring level
Issue 04 (2014-07-30)
55
Usage Guidelines
None
Example
# Display dampened IPv6 routes in the VPNv6 BGP routing table.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table dampened
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table dampening parameter
Parameters
Parameter
Description
Value
vpnv6
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None.
Example
# Display BGP route dampening parameters of specified IPv6 VPN instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table dampening parameter
56
Function
Using the display bgp routing-table flap-info command, you can view information about
flapping BGP routes.
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table flap-info [ regularexpression as-regular-expression ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table flap-info { as-pathfilter as-path-filter-number | network-address [ prefix-length [ longer-match ] ] }
Parameters
Parameter
Description
Value
regular-expression asregular-expression
as-path-filter
as-path-filter-number
network-address
mask | mask-length
longer-match
prefix-length
vpnv6
vpn6-instance vpn6instance-name
Views
All views
Default Level
1: Monitoring level
Issue 04 (2014-07-30)
57
Usage Guidelines
None.
Example
# Display statistics of the BGP4+ route flapping of IPv6 VPN instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table flap-info
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ statistics ] label
Parameters
Parameter
Description
Value
statistics
vpnv6
vpn6-instance vpn6-instancename
It is case-sensitive.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None.
Example
# Display the BGP4+ labeled routes of the IPv6 VPN instance named vpna.
<HUAWEI> display bgp vpnv6 vpn6-instance vpna routing-table label
Issue 04 (2014-07-30)
58
Format
display bgp vpnv6 { vpn6-instance vpn6-instance-name } update-peer-group [ index updategroup-index ]
Parameters
Parameter
Description
Value
vpnv6
vpn6-instance vpn6-instance-name Displays information about BGP update-groups in the specified IPv6 VPN instance.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can specify the index of an update-group to view detailed information about the specified
update-group.
Example
# Display information about the BGP update-group with the index being 0.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 update-peer-group index 0
59
Format
display ipv6 nexthop-indirection vpn6-instance vpn6-instance-name [ nexthop nexthop-ipv6address | indirectid indirectid ]
Parameters
Parameter
Description
Value
vpn6-instance vpn6instance-name
nexthop nexthop-ipv6address
indirectid indirectid
Views
Diagnosis view
Default Level
3: Management level
Usage Guidelines
None.
Example
# Display information about the IPv6 VPN instance named vpna iterated control block.
<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] display ipv6 nexthop-indirection vpn6-instance vpna indirectid 29
Format
display ipv6 routing-table { all-vpn6-instance | vpn6-instance vpn-instance-name } statistics
Issue 04 (2014-07-30)
60
Parameters
Parameter
Description
all-vpn6-instance
Value
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Integrated route statistics include the total number of routes, the number of added routes, and
the number of deleted routes.
Example
# Display integrated route statistics of the routing tables of all IPv6 VPN instances.
<HUAWEI> display ipv6 routing-table all-vpn6-instance statistics
Summary Prefixes : 1
Protocol
route
active
added
deleted
freed
DIRECT
1
1
1
0
0
STATIC
0
0
0
0
0
RIPng
0
0
0
0
0
OSPFv3
0
0
0
0
0
IS-IS
0
0
0
0
0
BGP
0
0
0
0
0
Total
1
1
1
0
0
Table 5-1 Description of the display ipv6 routing-table all-vpn6-instance statistics command
output
Issue 04 (2014-07-30)
Item
Description
Summary Prefixes
Protocol
Routing protocol
route
active
61
Item
Description
added
deleted
freed
Format
display ipv6 routing-table vpn6-instance vpn6-instance-name time-range min-age max-age
[ verbose ]
Parameters
Parameter
Description
vpn6-instance vpn6instance-name
Issue 04 (2014-07-30)
Value
62
Parameter
Description
Value
min-age
max-age
Issue 04 (2014-07-30)
63
Parameter
Description
Value
verbose
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
If route flapping occurs on a network, you can run the display ipv6 routing-table time-range
command and specify a small time range for the command. By doing so, you can find the flapping
route in a timely manner and accelerate fault locating.
Precautions
You must make sure that max-age is greater that min-age. Otherwise, the display ipv6 routingtable time-range command does not display any information.
If the specified max-age is greater than min-age and no route was generated within this time
range, the display ipv6 routing-table time-range command displays only the table heading.
Example
# Display information about routes generated in the last 2 hours, 20 minutes, and 10 seconds in
the IPv6 routing table of the VPN instance named vpna.
<HUAWEI> display ipv6 routing-table vpn6-instance vpna time-range 0 2h20m10s
64
Format
display rm ipv6 interface vpn6-instance vpn6-instance-name [ interface-type interfacenumber ]
Parameters
Parameter
Description
Value
vpn6-instance vpn6instance-name
It is case-sensitive.
ipv6-address ipv6address
Displays IPv6 RM
information with the
specified destination IPv6
address.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None.
Example
# Display RM information of all interfaces bound to IPv6 VPN instance named vpna.
<HUAWEI> display rm ipv6 interface vpn6-instance vpna
Format
ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length
[ interface-type interface-number ] nexthop-ipv6-address [ preference preference | tag tag ] *
[ description text ]
Issue 04 (2014-07-30)
65
ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length nexthopipv6-address [ public ] [ preference preference | tag tag ] * [ description text ]
ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length vpn6instance vpn6-destination-name nexthop-ipv6-address [ preference preference | tag tag ] *
[ description text ]
ipv6 route-static dest-ipv6-address prefix-length vpn6-instance vpn6-destination-name
nexthop-ipv6-address [ preference preference | tag tag ] * [ description text ]
undo ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length
[ interface-type interface-number [ nexthop-ipv6-address ] | nexthop-ipv6-address ]
[ preference preference | tag tag ] *
undo ipv6 route-static vpn6-instance vpn6-instance-name all
Parameters
Parameter
Description
vpn6-instance-name
Specifies the name of an IPv6 The name is a string of 1 to 31 caseVPN instance. Each IPv6 VPN sensitive characters without any
instance has its own unicast
spaces.
routing table, and the
configured static routes are
installed into the routing table
of the specified IPv6 VPN
instance.
dest-ipv6-address
prefix-length
interface-type
interface-number
nexthop-ipv6-address
Issue 04 (2014-07-30)
Value
66
Parameter
Description
Value
tag tag
description text
all
Views
System view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
67
Usage Guidelines
Applicable Environment
When an VPN network is simple, you can configure static routes for this VPN by using the ipv6
route-static vpn6-instance command. Properly configuring and using static routes can improve
network performance.
l
To configure VPN users to access a public network, you can run the ipv6 route-static
vpn6-instance command with the keyword public to configure the VPN route with the
next hop being the public network address.
You can configure description text to add the description of static routes so that the
administrator can check and maintain static routes easily. You can run the display this or
display current-configuration command in the system view to view the description.
Precautions
If the destination address and the prefix length are set to all 0s, it indicates that a default route
is configured.
However, after network faults occur or the network topology changes, static routes cannot
automatically change. Therefore, configure static routes with caution.
Example
# Configure a default route with the next hop 2001::1.
<HUAWEI> system-view
[HUAWEI] ipv6 route-static vpn6-instance vpn1 :: 0 2001::1
Format
ipv6-family vpn6-instance vpn6-instance-name
undo ipv6-family vpn6-instance vpn6-instance-name
Parameters
Parameter
Description
Value
vpn6-instance vpn6-instance-name Binds the specified IPv6 VPN instance with the IPv6 address family. You can enter the BGPVPN6 instance view by using the parameter.
Issue 04 (2014-07-30)
68
Views
BGP view
Default Level
2: Configuration level
Usage Guidelines
None.
Example
# Enter the BGP-VPN6 instance view.
<HUAWEI> system-view
[HUAWEI] bgp 100
[HUAWEI-bgp] ipv6-family vpn6-instance vpna
[HUAWEI-bgp6-vpna]
Format
isis [ process-id ] vpn6-instance vpn6-instance-name
undo isis process-id
Parameters
Parameter
Description
Value
process-id
vpn6-instance vpn6instance-name
Views
System view
Issue 04 (2014-07-30)
69
Default Level
2: Configuration level
Usage Guidelines
To make IS-IS work normally, do as follows:
l
Set a Network Entity Title (NET) for the switch by using the network-entity command.
Enable each interface that needs to run IS-IS process by using the isis enable command.
You can start IS-IS only when the above action is done.
Example
# Start an IS-IS routing process 1 which has the system ID 0000.0000.0002 and the area ID
01.0001.
<HUAWEI> system-view
[HUAWEI] isis 1 vpn6-instance vpna
[HUAWEI-isis-1] network-entity 01.0001.0000.0000.0002.00
Format
reset ipv6 routing-table vpn6-instance vpn6-instance-name statistics protocol { all |
protocol }
Parameters
Parameter Description
Value
all
Clears the statistics of all IPv6 routing protocols in the routing table.
protocol
Clears the statistics of the specified routing protocol. This parameter can be bgp, direct, isis, ospfv3, ripng, or static.
Views
User view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
70
Usage Guidelines
Statistics in the IPv6 routing table cannot be restored after you clear them. So, confirm the action
before using the command.
Example
# Clear the statistics of all IPv6 routing protocols in the routing table.
<HUAWEI> reset ipv6 routing-table vpn6-instance vpna statistics protocol all
Issue 04 (2014-07-30)
71
Issue 04 (2014-07-30)
72
Format
display igmp-proxy [ vlan [ vlan-id ] ]
Parameters
Parameter
Description
Value
vlan vlan-id
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Before running the display igmp-proxy command, run the 6.1.5 igmp-proxy enable command
to enable IGMP proxy globally and in the VLAN. Otherwise, no information is displayed.
The IGMP proxy configuration, including the default configuration, is displayed only when the
VLAN is in Up state. That is, at least one interface in the VLAN is in Up state.
Example
# Display the IGMP proxy configuration of VLAN 3.
<HUAWEI> display igmp-proxy vlan 3
IGMP Snooping Information for VLAN 3
IGMP Snooping is Enabled
IGMP Version is Set to default 2
IGMP Query Interval is Set to default 125
IGMP Max Response Interval is Set to default 10
Issue 04 (2014-07-30)
73
Issue 04 (2014-07-30)
Item
Description
The device does not require that the IGMP messages received
in the VLAN contain the Router-Alert option in the IP header.
The device sends the IGMP messages that contain the RouterAlert option in the IP headers to the hosts in the VLAN.
74
Item
Description
IGMP SSM-Mapping
Disable
Format
display igmp-proxy [ vlan [ vlan-id ] ] configuration
Parameters
Parameter
Description
Value
vlan vlan-id
Views
All views
Default Level
1: Monitoring level
Issue 04 (2014-07-30)
75
Usage Guidelines
Before running the display igmp-proxy configuration command, you must run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no
information is displayed.
If the optional parameter is not specified, the non-default IGMP proxy configurations of all
VLANs are displayed.
Example
# Display the non-default IGMP proxy configuration of VLAN 2.
<HUAWEI> display igmp-proxy vlan 2 configuration
IGMP Snooping Configuration for VLAN 2
igmp-snooping enable
igmp-snooping proxy
Description
igmp-snooping enable
igmp-snooping proxy
Format
display igmp-proxy port-info [ vlan vlan-id [ group group-address ] ] [ verbose ]
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
vlan vlan-id
76
Parameter
Description
Value
group group-address
verbose
Displays detailed
information about the
member interfaces.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
This command displays information about the member interfaces of a multicast group, including
the number of member interfaces and name of the member interfaces.
Before running the display igmp-proxy port-info command, you must run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no
information is displayed.
Information about the member interfaces (static or dynamic) is displayed only if the interfaces
are in Up state.
If vlan-id is not specified, information about member interfaces of multicast groups in all the
VLANs is displayed.
Example
# Display information about multicast member interfaces in VLAN 7.
<HUAWEI> display igmp-proxy port-info vlan 7
----------------------------------------------------------------------(Source, Group)
Port
Flag
Flag: S:Static
D:Dynamic
M: Ssm-mapping
----------------------------------------------------------------------VLAN 7, 3 Entry(s)
(1.1.1.1,225.1.1.1) GE0/0/1
D-1 port(s)
(1.1.1.1,225.1.1.2) GE0/0/2
D-1 port(s)
(1.1.1.1,225.1.1.3) GE0/0/3
D-1 port(s)
Issue 04 (2014-07-30)
77
Description
(Source, Group)
Port
Flag
Format
display igmp-proxy router-port vlan vlan-id
Parameters
Parameter
Description
Value
vlan vlan-id
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
A router interface connects the S2750&S5700&S6700 to an upstream router. The router
interface can be dynamically generated after the IGMP Query message is received, or statically
configured.
Issue 04 (2014-07-30)
78
Before running the display igmp-proxy router-port command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no information
is displayed.
You can run the display igmp-proxy router-port command to view information about the type,
name, age, and remaining aging time of the router interface.
NOTE
Information about a router interface is displayed only when the interface is in Up state.
Example
# Display information about router interfaces in VLAN 2.
<HUAWEI> display igmp-proxy router-port vlan 2
Port Name
UpTime
Expires
Flags
------------------------------------------------------VLAN 2, 2 router-port(s)
GE0/0/1
1d:22h
00:01:20
DYNAMIC
GE0/0/2
2d:10h
-STATIC
Description
Port Name
UpTime
Age of a router interface, that is, time that elapsed since the
interface became the router interface.
Expires
Flags
Format
igmp-proxy enable
Issue 04 (2014-07-30)
79
Parameters
None
Views
System view, VLAN view
Default Level
2: Configuration level
Usage Guidelines
The differences of using the igmp-proxy enable command in the system view and VLAN view
are as follows:
l
When you run the commands in the system view, IGMP proxy is enabled globally.
When you run the commands in the VLAN view, IGMP proxy is enabled or in the VLAN.
To enable IGMP proxy in a VLAN, you must first enable IGMP proxy globally.
Example
# Enable IGMP proxy globally.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
Format
igmp-proxy group-limit limit-num vlan { vlan-id1 [ to vlan-id2 ] } & <1-10>
Issue 04 (2014-07-30)
80
Parameters
Parameter
Description
Value
limit-num
vlan-id1 [ to vlan-id2 ]
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
After the igmp-proxy group-limit command is run, the number of IGMP proxy entries on the
interface cannot exceeds the limit.
Example
# Set the maximum number of IGMP proxy entries in VLAN 10 on GE0/0/1 to 100.
<HUAWEI> system view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-proxy group-limit 100 vlan 10
81
Format
igmp-proxy group-policy acl-number [ version version-number ] vlan vlan-id1 [ to vlanid2 ]
igmp-proxy group-policy acl-number vlan vlan-id1 [ to vlan-id2 ] version-number
Parameters
Parameter
Description
Value
acl-number
version-number
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-proxy group-policy command, run the 6.1.5 igmp-proxy enable
command to enable IGMP proxy globally and in the specified VLANs.
By configuring a multicast group policy for a VLAN on an interface, you can prohibit hosts in
the VLAN from joining the specified IP multicast groups.
If the IGMP version is not specified, the device applies the multicast group policy to all IGMP
messages regardless of their versions.
Example
# Prohibit hosts in VLAN 3 from join multicast group 225.1.1.123 on GE0/0/10.
<HUAWEI> system-view
[HUAWEI] acl number 2008
Issue 04 (2014-07-30)
82
Format
igmp-proxy group-policy acl-number [ [ version ] version-number ]
Parameters
Parameter
Description
Value
acl-number
[ version ] version-number
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-proxy group-policy command, run the 6.1.5 igmp-proxy enable
command to enable IGMP proxy globally and in the VLAN.
Issue 04 (2014-07-30)
83
By setting the multicast group policy in a VLAN, you can restrict the access of hosts in the
VLAN to multicast groups.
If the IGMP version is not specified, the device applies the multicast group policy to all IGMP
messages regardless of their versions.
Example
# Prevent hosts in VLAN 3 from joining multicast group 225.1.1.123.
<HUAWEI> system-view
[HUAWEI] acl number 2008
[HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0
[HUAWEI-acl-basic-2008] quit
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy group-policy 2008
Format
igmp-proxy lastmember-queryinterval lastmember-queryinterval
Parameters
Parameter
Description
Value
lastmember-queryinterval
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-proxy lastmember-queryinterval command, run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN.
Issue 04 (2014-07-30)
84
By setting the interval for sending IGMP Group-Specific messages, you can:
l
Adjust and control the delay for hosts to leave a multicast group.
For example, when memberships change frequently on the network, you can run the igmpproxy lastmember-queryinterval command to reduce the interval for sending IGMP
Group-Specific Query messages. In this manner, the device can receive the response to the
IGMP Group-Specific Query messages quickly.
When the device runs IGMPv1, hosts do not send Leave messages when leaving a multicast
group. Therefore, the igmp-proxy lastmember-queryinterval command is valid only when
IGMPv2 messages are processed in a VLAN.
Example
# Set the interval for sending Group-Specific Query messages in VLAN 3 to 4 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy lastmember-queryinterval 4
Format
igmp-proxy max-response-time max-response-time
Parameters
Parameter
Description
Value
max-response-time
Views
VLAN view
Issue 04 (2014-07-30)
85
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-proxy max-response-time command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
By setting the maximum response time, you can:
l
Control the deadline for a host to send the IGMP Report message. A proper setting of the
maximum response time enables hosts to quickly respond to Query messages, thus
preventing the congestion caused by a large number of Response messages sent at the same
time.
Adjust the aging time of member interfaces. When receiving IGMP Report messages from
hosts, the device sets the aging time of member interfaces by using the following formula:
Aging time = IGMP robustness variable x Interval for sending IGMP General Query
messages + Maximum response time.
NOTE
The maximum response time must be shorter than the interval for sending IGMP General Query messages.
If you run the igmp-proxy max-response-time command multiple times in the same VLAN
view, the latest configuration takes effect.
Example
# Set the maximum response time in VLAN 3 to 20 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy max-response-time 20
Format
igmp-proxy prompt-leave [ group-policy acl-number ]
Issue 04 (2014-07-30)
86
Parameters
Parameter
Description
Value
group-policy basic-aclnumber
Allows interfaces to
promptly leave the specified
multicast groups. aclnumber specifies the number
of an ACL rule.
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
If group-policy basic-acl-number is not specified, interfaces in the VLAN can leave all multicast
groups promptly.
Before running the igmp-proxy prompt-leave command, run the 6.1.5 igmp-proxy enable
command to enable IGMP proxy globally and in the VLAN.
When an interface of the device receives an IGMP Leave message of a multicast group, the
device deletes the forwarding entry of the multicast group corresponding to the interface from
the forwarding table. This process is called prompt leave. When an interface is connected to only
one host, the prompt leave mechanism can be used to release bandwidth resources quickly.
The configuration is valid only when IGMPv2 messages can be processed in the VLAN.
NOTE
You can configure prompt leave for an interface only when each multicast member interface is connected
to only one host in a VLAN. If the interface is connected to multiple host, the multicast traffic of other
receivers in the same group is interrupted when prompt leave is enabled.
Example
# Enable interfaces in VLAN 3 to promptly leave multicast group 225.1.1.123.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] acl number 2008
[HUAWEI-acl-basic-2008] rule permit source 225.1.1.123 0
[HUAWEI-acl-basic-2000] rule deny source any
[HUAWEI-acl-basic-2008] quit
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy prompt-leave group-policy 2008
Issue 04 (2014-07-30)
87
Format
igmp-proxy query-interval query-interval
Parameters
Parameter
Description
Value
query-interval
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-proxy query-interval command, run the 6.1.5 igmp-proxy enable
command to enable IGMP proxy globally and in the VLAN.
By setting interval for sending IGMP General Query messages, you can:
l
Configure the device to send IGMP General Query messages at the set intervals to maintain
memberships of interfaces. The shorter the interval is, the more sensitive the device is and
the more bandwidth and switch resources are occupied.
Adjust the aging time of member interfaces. When receiving IGMP Report messages from
hosts, the device sets the aging time of member interfaces by using the following formula:
Aging time = IGMP robustness variable x Interval for sending IGMP General Query
messages + Maximum response time.
NOTE
The maximum response time must be shorter than the interval for sending IGMP General Query messages.
If you run the igmp-proxy query-interval command multiple times in the same VLAN view,
the latest configuration takes effect.
Issue 04 (2014-07-30)
88
Example
# Set the interval for sending IGMP General Query messages in VLAN 3 to 100 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy query-interval 100
Format
igmp-proxy require-router-alert
Parameters
None
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
After you run the igmp-proxy require-router-alert command , the device checks whether
received IGMP messages contain the Router-Alert option in the IP header. If not, the device
discards the IGMP messages.
Before running the igmp-proxy require-router-alert command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
Example
# Configure interfaces in VLAN 3 to process only the IGMP messages that contain the RouterAlert option in the IP header.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy require-router-alert
Issue 04 (2014-07-30)
89
Format
igmp-proxy robust-count robust-value
Parameters
Parameter
Description
Value
robust-value
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-proxy lastmember-queryinterval command, run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN.
By setting the interval for sending IGMP Group-Specific messages, you can:
l
Specify the number of times the querier sends a Group-Specific Query message, which
prevents packet loss on the network.
When receiving an IGMP Leave message for a multicast group, the switch sends a GroupSpecific Query message certain times (specified by the IGMP robustness variable) to check
whether this group has any other members. If the quality of transmission links is low,
increase the IGMP robustness variable.
Issue 04 (2014-07-30)
90
Example
# Set the IGMP robustness variable to 5 in VLAN 3.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy robust-count 5
Format
igmp-proxy router-aging-time router-aging-time
Parameters
Parameter
Description
Value
router-aging-time
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-proxy router-aging-time command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
When receiving IGMP Query messages or PIM Hello messages from a dynamic router interface,
the device resets the aging time of the router interface.
By default, the device resets the aging time of the router interface as follows:
Issue 04 (2014-07-30)
91
If IGMP Query messages are received by the interface, the device resets the aging time of
the interfaces to 180 seconds.
If PIM Hello messages are received by the interface and the holdtime of the Hello messages
is greater than the remaining aging time of the interface, the device resets the aging time
of the interface to the holdtime contained in the PIM Hello messages.
Example
# Set the aging time of router interfaces in VLAN 3 to 500 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy router-aging-time 500
Format
igmp-proxy send-query enable
Parameters
None
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Before using the igmp-proxy send-query enable command, you must run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally.
In most situations, the device does not send IGMP Query messages. When the MSTP
recalculation is triggered by changes of network topologies, the device sends IGMP General
Query messages to detect whether multicast members exist on each interface. This is caused by
changes of the forwarding path of packets.
When IGMP General Query messages are sent to hosts, the hosts that remain as multicast
members reply with IGMP Report messages. The device then updates information about
multicast member interfaces according to the IGMP Report messages. In this manner, multicast
Issue 04 (2014-07-30)
92
packets can be quickly switched to new forwarding paths. This ensures smooth transmission of
multicast services.
Example
# Enable the device to send IGMP Query messages that respond to changes of network topologies
to non-router interfaces.
<HUAWEI> system-view
[HUAWEI] igmp-proxy send-query enable
Format
igmp-proxy send-query source-address ip-address
Parameters
Parameter
Description
Value
ip-address
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Before using the igmp-proxy send-query source-address command, you must run the 6.1.5
igmp-proxy enable command to enable IGMP proxy globally.
If 192.168.0.1 is already used by other devices on the network, you can use the command to
modify the source IP address of IGMP General Query messages and other messages sent by the
device enabled with IGMP proxy.
When multiple devices exist on a shared network, you can set the source IP address of IGMP
messages to identify the devices. For example, you must specify different source IP addresses
for different devicees when the election mechanism is applied to the devicees with different
performances.
Issue 04 (2014-07-30)
93
If the command is run for multiple times in the same view, the latest configuration overwrites
the earlier ones.
Example
# Set the source IP address of IGMP messages sent by the device enabled with IGMP proxy to
192.168.10.1.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] igmp-proxy send-query source-address 192.168.10.1
Format
igmp-proxy ssm-policy basic-acl-number
Parameters
Parameter
Description
Value
basic-acl-number
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Before this command, enable IGMP snooping globally.
By default, SSM group addresses range from 232.0.0.0 to 232.255.255.255. You can configure
an SSM group policy to narrow or expand the range of SSM group addresses.
Example
# Configure multicast group 225.1.1.123 as an SSM group.
<HUAWEI> system-view
[HUAWEI] acl number 2008
Issue 04 (2014-07-30)
94
Format
igmp-proxy static-group group-ip-address1 [ to group-ip-address2 ] [ source-address sourceip-address ] vlan vlan-id
Parameters
Parameter
Description
Value
group-ip-address1 to groupip-address2
source-address source-ipaddress
vlan vlan-id
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
In addition to dynamic multicast forwarding entries generated by Layer 2 protocol protocols,
you can configure static Layer 2 multicast forwarding entries by binding interfaces to entries.
After an interface is statically added to a multicast group, users connected to this interface can
receive multicast data of the multicast group for a long time.
Issue 04 (2014-07-30)
95
Example
# Add GE0/0/1 in VLAN 2 to multicast group 224.1.1.1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-proxy static-group 224.1.1.1 vlan 2
Format
igmp-proxy static-router-port vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
Parameters
Parameter
Description
Value
vlan vlan-id
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-proxy static-router-port command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
If the interface is not added to the VLAN specified by vlan-id before the command is run, the
configuration is kept on the device and becomes valid until the interface is added to the specified
VLAN.
NOTE
Example
# Configure GE0/0/1 in VLAN 3 as a static router interface.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
Issue 04 (2014-07-30)
96
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-proxy static-router-port vlan 3
Format
igmp-proxy table limit limit-num vlan { vlan-id1 [ to vlan-id2 ] } & <1-10>
Parameters
Parameter
Description
Value
limit-num
vlan-id1 [ to vlan-id2 ]
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
After the igmp-proxy table limit command is run, the number of IGMP proxy entries on the
interface cannot exceeds the limit.
Example
# Set the maximum number of IGMP proxy entries in VLAN 10 on GE0/0/1 to 100.
Issue 04 (2014-07-30)
97
Format
igmp-proxy version version
Parameters
Parameter
Description
Value
version
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Hosts in the same VLAN must run the IGMP protocol of the same version. When hosts that run
different IGMP versions exist in a VLAN, you need to run the igmp-proxy version command
to configure the IGMP version.
Issue 04 (2014-07-30)
98
Before running the igmp-proxy version command, run the 6.1.5 igmp-proxy enable command
to enable IGMP proxy globally and in the VLAN.
Example
# Configure the IGMP proxy to process only IGMPv1 messages in VLAN 2.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 2
[HUAWEI-vlan2] igmp-proxy enable
[HUAWEI-vlan2] igmp-proxy version 1
Format
igmp-snooping group-policy acl-number vlan vlan-id1 [ to vlan-id2 ] version-number
Parameters
Parameter
Description
Value
acl-number
version-number
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Issue 04 (2014-07-30)
99
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-snooping group-policy command, enable IGMP snooping globally
and in the specified VLANs.
By configuring a multicast group policy for a VLAN on an interface, you can prohibit hosts in
the VLAN from joining the specified IP multicast groups.
Example
# Prohibit hosts in VLAN 3 from join multicast group 225.1.1.123 on GE0/0/10.
<HUAWEI> system-view
[HUAWEI] acl number 2008
[HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0
[HUAWEI-acl-basic-2008] quit
[HUAWEI] igmp-snooping enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-snooping enable
[HUAWEI-vlan3] quit
[HUAWEI] interface gigabitethernet 0/0/10
[HUAWEI-GigabitEthernet0/0/10] igmp-snooping group-policy 2008 vlan 3 2
Format
igmp-snooping group-policy acl-number version-number
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
acl-number
100
Parameter
Description
Value
version-number
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Before running the igmp-snooping group-policy command, enable IGMP snooping globally
and in the VLAN.
By setting the multicast group policy in a VLAN, you can restrict the access of hosts in the
VLAN to multicast groups.
Example
# Prevent hosts in VLAN 3 from joining multicast group 225.1.1.123.
<HUAWEI> system-view
[HUAWEI] acl number 2008
[HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0
[HUAWEI-acl-basic-2008] quit
[HUAWEI] igmp-snooping enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-snooping enable
[HUAWEI-vlan3] igmp-snooping group-policy 2008 2
Format
igmp-snooping proxy enable
Parameters
None
Issue 04 (2014-07-30)
101
Views
System view
Default Level
2: Configuration level
Usage Guidelines
None
Example
# Enable IGMP proxy globally.
<HUAWEI> system-view
[HUAWEI] igmp-snooping proxy enable
Format
igmp-snooping ssm-policy basic-acl-number
Parameters
Parameter
Description
Value
basic-acl-number
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Perform the following operations before using this command:
Issue 04 (2014-07-30)
102
By default, SSM group addresses range from 232.0.0.0 to 232.255.255.255. If hosts need to join
multicast groups out of this range or they are only allowed to join some of multicast groups in
the range, you can configure an SSM group policy to specify the SSM group range.
Example
# Configure multicast group 225.1.1.123 as an SSM group.
<HUAWEI> system-view
[HUAWEI] acl number 2000
[HUAWEI-acl-basic-2000] rule permit source 225.1.1.123 0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] igmp-proxy enable
[HUAWEI] igmp-snooping ssm-policy 2000
Format
igmp-snooping static-group group-ip-address1 [ to group-ip-address2 ] [ source-address
source-ip-address ] vlan vlan-id
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
group-ip-address1 to groupip-address2
source-address source-ipaddress
vlan vlanid
103
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
In addition to dynamic multicast forwarding entries generated by Layer 2 protocol protocols,
you can configure static Layer 2 multicast forwarding entries by binding interfaces to entries.
After an interface is statically added to a multicast group, users connected to this interface can
receive multicast data of the multicast group for a long time.
Example
# Add GE0/0/1 in VLAN 2 to multicast group 224.1.1.1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-snooping static-group 224.1.1.1 vlan 2
Format
igmp-snooping suppression-time suppression-time
Parameters
Parameter
Description
Value
suppression-time
Views
System view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
104
Usage Guidelines
To reduce the IGMP messages sent to the upstream router and protects the router from attacks,
enable the device to suppress IGMP Report and IGMP Leave messages sent by hosts. After this
function is enabled, the device processes IGMP Report and IGMP Leave messages as follows:
l
After receiving an IGMP Report message and forwarding the message, the device does not
forward the same type of messages to the router interface within the suppression time.
If the device receives an IGMP General Query message or Group-Specific message, the
device does not suppress the first IGMP Report message that responds to the General Query
message. In addition, the device resets the suppression timer when receiving the first IGMP
Report message.
The igmp-snooping suppression-time command sets the period during which IGMP Report
and IGMP Leave messages are suppressed.
Example
# Set the global IGMP message suppression time to 15 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-snooping suppression-time 15
Format
igmp-snooping table limit limit-num vlan vlan-id
Parameters
Parameter
Description
Value
limit-num
vlan vlan-id
Issue 04 (2014-07-30)
105
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
After the igmp-snooping table limit command is used, the number of the entries that can be
configured or learnt by the IGMP snooping module on an interface cannot exceed the maximum
number.
Example
# Set the maximum number of the entries that can be configured or learnt by the IGMP snooping
module on GE0/0/1 in VLAN 4 to 100.
<HUAWEI> system view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-snooping table limit 100 vlan 4
Format
multicast-source-deny interface interface-type interface-num1 [ to interface-num2 ] & <1-10>
Parameters
Parameter
Description
Value
Views
VLAN view
Issue 04 (2014-07-30)
106
Default Level
2: Configuration level
Usage Guidelines
When some interfaces need to reject multicast data packets sent from a VLAN (for example, a
user VLAN), you can run the multicast-source-deny command in this VLAN and specify these
interfaces in the command.
Example
# Filter out multicast data packets received from VLAN 10 on GE0/0/1.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] multicast-source-deny interface gigabitethernet 0/0/1
Format
reset igmp-proxy group vlan { vlan-id | all } all
Parameters
Parameter
Description
Value
vlan vlan-id
all
Views
User view
Default Level
3: Management level
Issue 04 (2014-07-30)
107
Usage Guidelines
Before running the reset igmp-proxy group command, you need to run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally.
If the command clears the dynamic forwarding entries of a VLAN from the multicast forwarding
table, the hosts in the VLAN cannot receive the multicast packets temporarily. The hosts can
receive multicast packets only when they send IGMP Report messages and the device generates
dynamic forwarding entries.
NOTE
Example
# Clear the dynamic forwarding entries of all VLANs.
<HUAWEI> reset igmp-proxy group vlan all all
Format
undo igmp-proxy router-learning
Parameters
None
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Before running the undo igmp-proxy router-learning command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
A device running IGMP snooping considers an interface as a router interface when the interface
receives an IGMP General Query message with any source IP address except 0.0.0.0 or a PIM
Issue 04 (2014-07-30)
108
Hello message. The device records all the router interfaces in the router interface list. Too many
router interfaces make it difficult for the device to control the multicast flows that users can
receive. To control the multicast flows received by users, disable router interface learning in
VLANs.
Example
# Disable router interface learning in VLAN 3.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] undo igmp-proxy router-learning
Format
undo igmp-proxy send-router-alert
Parameters
None
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
Before running the undo igmp-proxy send-router-alert command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
Example
# Configure the device to send IGMP messages that does not contain the Router-Alert option in
the IP header to VLAN 3.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
Issue 04 (2014-07-30)
109
Format
mld-snooping group-policy acl6-number vlan vlan-id mld-version [ default-permit ]
Parameters
Parameter
Description
Value
acl6-number
vlan vlan-id
mld-version
The value is 1 or 2.
default-permit
Issue 04 (2014-07-30)
l 1: MLDv1
l 2: MLDv2
110
Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
An IPv6 multicast group policy controls the multicast programs that users can order on a device
with Multicast Listener Discovery (MLD) snooping enabled. In multicast applications, user
hosts send MLD Report messages to join a group when they order programs of this group. When
the upstream Layer 2 device receives the Report messages, it processes the Report messages
differently depending on whether the group policy configured on the inbound interface has the
default-permit keyword specified:
l
If default-permit is not specified, the group policy prevents hosts in the VLAN from
joining any group by default. A filter rule must be configured by specifying the permit
keyword in the rule command. If the Report messages match the filter rule, the Layer 2
device allows the hosts in the VLAN to join the group and forwards the Report messages.
If the Report messages do not match the filter rule, the Layer 2 device prevents the hosts
from joining the group and drops the Report messages.
If default-permit is specified, the group policy allows hosts in the VLAN to join all groups
by default. A filter rule must be configured by specifying the deny keyword in the rule
command. If the Report messages match the filter rule, the Layer 2 device prevents the
hosts in the VLAN from joining the group and drops the Report messages. If the Report
messages do not match the filter rule, the Layer 2 device allows the hosts to join the group
and forwards the Report messages.
Example
# Prevent hosts in VLAN 10 on GE0/0/1 from joining IPv6 multicast group ff1c::3/32.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2000
[HUAWEI-acl6-basic-2000] rule deny source ff1c::3/32
[HUAWEI-acl6-basic-2000] quit
[HUAWEI] mld-snooping enable
[HUAWEI] vlan 10
[HUAWEI-vlan10] mld-snooping enable
[HUAWEI-vlan10] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[HUAWEI-GigabitEthernet0/0/1] mld-snooping group-policy 2000 vlan 10 default-permit
# Allow hosts in VLAN 10 connected to GE0/0/1 to join IPv6 multicast group ff1c::3/32.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2000
[HUAWEI-acl6-basic-2000] rule permit source ff1c::3/32
[HUAWEI-acl6-basic-2000] quit
[HUAWEI] mld-snooping enable
[HUAWEI] vlan 10
[HUAWEI-vlan10] mld-snooping enable
[HUAWEI-vlan10] quit
[HUAWEI] interface gigabitethernet 0/0/1
Issue 04 (2014-07-30)
111
Format
mld-snooping group-policy acl6-number mld-version [ default-permit ]
undo mld-snooping group-policy
Parameters
Parameter
Description
Value
acl6-number
mld-version
The value is 1 or 3.
default-permit
l 1: MLDv1
l 2: MLDv2
Views
VLAN view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
112
Usage Guidelines
An IPv6 multicast group policy controls the multicast programs that users can order on a device
with Multicast Listener Discovery (MLD) snooping enabled. In multicast applications, user
hosts send MLD Report messages to join a group when they order programs of this group. When
the upstream Layer 2 device receives the Report messages, it processes the Report messages
differently depending on whether the group policy configured in the VLAN has the defaultpermit keyword specified:
l
If default-permit is not specified, the group policy prevents hosts in the VLAN from
joining any group by default. A filter rule must be configured by specifying the permit
keyword in the rule command. If the Report messages match the filter rule, the Layer 2
device allows the hosts in the VLAN to join the group and forwards the Report messages.
If the Report messages do not match the filter rule, the Layer 2 device prevents the hosts
from joining the group and drops the Report messages.
If default-permit is specified, the group policy allows hosts in the VLAN to join all groups
by default. A filter rule must be configured by specifying the deny keyword in the rule
command. If the Report messages match the filter rule, the Layer 2 device prevents the
hosts in the VLAN from joining the group and drops the Report messages. If the Report
messages do not match the filter rule, the Layer 2 device allows the hosts to join the group
and forwards the Report messages.
Example
# Prevent hosts in VLAN 4 from joining IPv6 multicast group ff1e::1/32.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2001
[HUAWEI-acl6-basic-2001] rule deny source ff1e::1/32
[HUAWEI-acl6-basic-2001] quit
[HUAWEI] mld-snooping enable
[HUAWEI] vlan 4
[HUAWEI-vlan4] mld-snooping enable
[HUAWEI-vlan4] mld-snooping group-policy 2001 default-permit
113
Format
multicast user-vlan { vlan-id1 [ to vlan-id2 ] } & <1-10>
Parameters
Parameter
Description
Value
vlan-id1 [ to vlan-id2 ]
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
A user VLAN can be mapped to only one multicast VLAN. If you configure a multicast VLAN
for a user VLAN, and then you configure another multicast VLAN for the user VLAN, the latest
configured multicast VLAN overrides the previous configuration.
Example
# Set the mapping between a multicast VLAN with the ID as 1 and a user VLAN with the ID as
2 after VLAN 1 is enabled with the multicast VLAN function.
[HUAWEI] vlan 1
[HUAWEI-vlan1] multicast user-vlan 2
# Set the mappings between a multicast VLAN with the ID as 1 and user VLANs with the IDs
ranging from 2 to 10 after VLAN 1 is enabled with the multicast VLAN function.
[HUAWEI] vlan 1
[HUAWEI-vlan1] multicast user-vlan 2 to 10
Issue 04 (2014-07-30)
114
Issue 04 (2014-07-30)
115
Format
cpu queue bpdu cir cir pir pir
Parameters
Parameter
Description
Value
cir cir
pir pir
Views
System view
Default Level
2: Configuration level
Usage Guidelines
If packet loss occurs during the transmission of BPDUs, you can use the cpu queue bpdu
command to set the bandwidth of BPDUs sent to the queues on the CPU. In this manner, less
BPDUs are lost.
Example
# Set the CIR and PIR of BPDUs sent to the queues on the CPU to 512 kbit/s.
<Quidway> system-view
[Quidway] cpu queue bpdu cir 512 pir 512
Issue 04 (2014-07-30)
116
Format
port queue statistics enable queue-index queue-index inbound interface interface-type
interface-number
port queue statistics enable queue-index queue-index outbound interface interface-type
interface-number [ from interface interface-type interface-number ]
Parameters
Parameter
Description
Value
queue-index
interface-type interfacenumber
Views
System view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
117
Usage Guidelines
If you have enabled traffic statistics on a specified queue, you can view the number of passed
packets in the queue.
NOTE
port queue statistics enable queue-index queue-index outbound interface interface-type interfacenumber
The device supports traffic statistics on a maximum of eight queues.
Example
# Display traffic statistics on queue 7 on the ingress interface GigabitEthernet 0/0/1.
<Quidway> system-view
[Quidway] port queue statistics enable queue-index 7 inbound interface
gigabitethernet 0/0/1
Format
qos drr queue-index queue-index weight weight-value
undo qos drr queue-index
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
queue-index
weight-value
118
Views
Scheduling template view
Default Level
2: Configuration level
Usage Guidelines
You can set parameters for queues on which the DRR scheduling is used only when the
scheduling mode in the scheduling template view is DRR; otherwise, you need to run the qos
(scheduling template view) command to change the scheduling mode on an interface to DRR
first. By default, the scheduling mode of the device is WRR.
If the qos drr command is repeatedly run in the same scheduling template view for the same
queue, the later configuration overrides the previous configuration.
Example
# Set the scheduling mode of queue 3 to DRR, and then set the scheduling weight value to 20
in global scheduling template a.
<Quidway> system-view
[Quidway] qos schedule-profile a
[Quidway-qos-schedule-profile-a] qos drr
[Quidway-qos-schedule-profile-a] qos drr queue-index 3 weight 20
Format
qos local-precedence-queue-map local-precedence queue-index
undo qos local-precedence-queue-map
Issue 04 (2014-07-30)
119
Parameters
Parameter
Description
Value
local-precedence
queue-index
Views
System view
Default Level
2: Configuration level
Usage Guidelines
If the qos local-precedence-queue-map command is run repeatedly in the same system view,
the later configuration overrides the previous configuration.
The device sends packets to the specified queue according to the mapping between a local
precedence and a queue.
By default, the mapping between a local precedence and a queue is shown in the following table.
Table 7-1 Mapping between a local precedence and a queue
Issue 04 (2014-07-30)
Local Precedence
Queue Index
120
Example
# Map queue 3 to local precedence 4.
<Quidway> system-view
[Quidway] qos local-precedence-queue-map 4 3
Format
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } cir cir-value pir pir-value [ cbs cbs-value
pbs pbs-value ]
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef }
NOTE
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
be
cs6, cs7
ef
121
Parameter
Description
Value
cir cir-value
pir pir-value
cbs cbs-value
pbs pbs-value
NOTE
The priorities of queues Q7, Q6, , Q1, and Q0 are 7, 6, , 1, and 0 respectively, in an descending order
on an interface.
Views
GE interface view, 10GE interface view
Default Level
2: Configuration level
Usage Guidelines
When the rate of an interface on a downstream device is lower than the rate of an interface on
an upstream device, traffic congestion may occur on the interface of the upstream device. In this
case, you can configure traffic shaping for queues on the outbound interface of the upstream
device and adjust the sending rate of the interface.
Issue 04 (2014-07-30)
122
Example
# Configure traffic shaping for queue 2 on GE0/0/1. Set the CIR to 300 kbit/s and the PIR to
500 kbit/s.
<Quidway> system-view
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] qos queue af2 cir 300 pir 500
Format
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } max-buffer cell-number [ green maxbuffer cell-number ]
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } green max-buffer cell-number
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } max-buffer [ green maxbuffer ]
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } green max-buffer
NOTE
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
Indicates bandwidth
guaranteed queues that
correspond to queues Q1, Q2,
Q3, and Q4 respectively.
be
123
Parameter
Description
Value
cs6, cs7
ef
max-buffer cell-number
Views
Tail drop template view
Default Level
2: Configuration level
Usage Guidelines
After running the qos tail-drop-profile command to create a tail drop template, you can run the
qos queue max-buffer command to set the maximum buffer size of all packets or green packets
in a specified queue for a tail drop template.
Example
# Create a global tail drop template named a, and then set the maximum buffer size of all packets
in a BE queue for the global tail drop template to 200, in cells.
<Quidway> system-view
[Quidway] qos tail-drop-profile a
[Quidway-qos-tail-drop-profile-a] qos queue be max-buffer 200
124
Using the qos queue green max-length command, you can set the maximum length of green
packets in a specified queue for a tail drop template.
Using the undo qos queue max-length command, you can delete the maximum length of all
packets in a specified queue set for a tail drop template.
Using the undo qos queue green max-length command, you can delete the maximum length
of green packets in a specified queue set for a tail drop template.
NOTE
Format
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } max-length packet-number [ green maxlength packet-number ]
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } green max-length packet-number
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } max-length [ green maxlength ]
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } green max-length
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
Indicates bandwidth
guaranteed queues that
correspond to queues Q1, Q2,
Q3, and Q4 respectively.
be
cs6, cs7
ef
max-length packet-number
125
Views
Tail drop template view
Default Level
2: Configuration level
Usage Guidelines
After running the qos tail-drop-profile command to create a tail drop template, you can run the
qos queue max-length command in the tail drop template view to set the maximum length of
all packets or green packets in a specified queue for the tail drop template.
Example
# Create a global tail drop template named a, and then set the maximum length of all packets in
a BE queue for the global tail drop template to 200, in packets.
<Quidway> system-view
[Quidway] qos tail-drop-profile a
[Quidway-tail-drop-profile-a] qos queue be max-length 200
Format
qos queue statistics enable interface interface-type interface-number
undo qos queue statistics enable
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
interface interface-type
interface-number
126
Views
System View
Default Level
2: Configuration level
Usage Guidelines
After enabling the queue statistics function on a specified outbound interface, you can view the
number of packets in the queue.
When you repeatedly run the qos queue statistics enable command in the system view, the
latest configuration overrides the previous ones.
The function of the qos queue statistics enable command is similar to that of the port queue
statistics enable command, but the port queue statistics enable command can flexibly
configure the statistics function of eight queues according to the interface, queue, and direction.
The port queue statistics enable command provides powerful functions, but the configuration
is complicated. The qos queue statistics enable command simplifies the configuration and can
take the statistics on packets entering the queue and discarded in the queue on the specified
interface. For problems of packet scheduling and packet loss in the queue, the qos queue
statistics enable command provides initial location information.
NOTICE
The qos queue statistics enable command is exclusive with the port queue statistics enable
command.
l
If the port queue statistics enable command has been used, the following error message
is displayed on the device when the qos queue statistics enable command is used:
Error: Can't perform this operation because the port-queue-statistics is
enabled.
If the qos queue statistics enable command has been used, the following error message is
displayed on the device when the port queue statistics enable command is used:
Error: Can't perform this operation because the qos-queue-statistics is
enabled.
After the qos queue statistics enable command is used, the statistics on discarded packets in
queues on other interfaces except for the specified interface are not taken. The output of the
display hol-drop command is affected. Therefore, the output of the display hol-drop command
is inaccurate. After the undo qos queue statistics enable command is run, the statistics on
discarded packets in queues on all the interfaces are taken.
Example
# Take the statistics on outgoing packets of the queue on GE 0/0/1.
<Quidway> system-view
[Quidway] qos queue statistics enable interface gigabitethernet 0/0/1
Issue 04 (2014-07-30)
127
Format
qos sred queue-index queue-index red start-discard-point discard-probability discardprobability yellow start-discard-point discard-probability discard-probability
undo qos sred [ queue queue-index ]
Parameters
Parameter
Description
Value
queue-index
start-discard-point
discard-probability
Issue 04 (2014-07-30)
128
Views
System view
Default Level
2: Configuration level
Usage Guidelines
NOTE
Using the trust 8021p command, you can configure an interface to trust priorities carried in packets. Then,
the device colors the packets red or yellow according to the 802.1p priorities of the packets; the device sets
a threshold for dropping red packets and a threshold for dropping yellow packets. When congestion
avoidance based on the SRED is configured,
l
A threshold for discarding red packets and the drop probability that are set for queues 0 to 4 take
effect.
A threshold for discarding yellow packets and the drop probability that are set for queues 0 to 4 do
not take effect.
A threshold for discarding yellow packets and the drop probability that are set for queues 5 to 7 take
effect.
A threshold for discarding red packets and the drop probability that are set for queues 5 to 7 do not
take effect.
Using the trust 8021p command, you can configure an interface to trust DSCP values of packets. Then,
the device colors the packets red or yellow according to drop precedences of packets; packets enter different
queues according to mappings between DSCP values and 802.1p priorities; the device drops packets
according to thresholds for dropping packets and drop precedences that are set in queues.
Configuring an SRED threshold impacts on thresholds for discarding packets in all queues on
an interface. When you repeatedly run the qos sred command for the same queue, the later
configuration overwrites the previous configuration.
When the number of packets in a queue is greater than a threshold for discarding packets,
conformed packets are dropped from the tail of the queue according to the drop probability set
by a user.
Example
# Configure queue 0 in the system view. Set a threshold for discarding red packets to 10. Set the
drop probability for red packets to 5. Set a threshold for discarding yellow packets to 20. Set the
drop probability for yellow packets to 4.
<Quidway> system-view
[Quidway] qos sred queue-index 0 red 10 discard-probability 5 yellow 20 discardprobability 4
129
Using the undo qos wrr command, you can restore default values of parameters for queues on
which WRR scheduling is used.
By default, the WRR scheduling weight value of a queue is 1.
NOTE
Format
qos wrr queue-index queue-index weight weight-value
undo qos wrr queue-index
Parameters
Parameter
Description
Value
queue-index
weight-value
Views
Scheduling template view
Default Level
2: Configuration level
Usage Guidelines
The device forwards packets of queues round according to values of WRR scheduling
parameters. The ratio of WRR weight values refers to the ratio of the number of packets in queues
for forwarding.
If the qos wrr command is repeatedly run in the same scheduling template view for the same
queue, the later configuration overrides the previous configuration.
Example
# In global scheduling template a, set the scheduling mode of queue 3 to WRR, and then set the
scheduling weight value to 20.
<Quidway> system-view
[Quidway] qos schedule-profile a
Issue 04 (2014-07-30)
130
Issue 04 (2014-07-30)
131
Issue 04 (2014-07-30)
132
Format
adminuser-priority level
Parameters
Parameter Description
level
Value
Views
Service scheme view
Default Level
2: Configuration level
Usage Guidelines
The adminuser-priority command configures a user as an administrator to log in to the device
and sets the administrator level during login.
Example
# Configure a user as an administrator to log in to the device and set the administrator level to
15.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] service-scheme svcscheme1
[HUAWEI-aaa-service-svcscheme1] adminuser-priority 15
133
Function
The local-user level command sets the level of a local user.
Format
local-user user-name level level
Parameters
Parameter
Description
Value
user-name
level
Views
AAA view
Default Level
2: Configuration level
Usage Guidelines
The local-user level command sets the level of a local user.
Example
# Set the level of local user hello@huawei.net to 6.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] local-user hello@huawei.net level 6
134
Format
local-user user-name password { cipher | irreversible-cipher } password old-password oldpassword
Parameters
Parameter
Description
Value
user-name
cipher password
Indicates a password
encrypted through the
reversible algorithm.
Indicates a password
encrypted through the
irreversible algorithm.
irreversible-cipher
indicates that the password is
encrypted through the
irreversible algorithm. That
is, unauthorized users cannot
decrypt the passwords of
authorized users. This mode
has high security.
Issue 04 (2014-07-30)
135
Parameter
Description
Value
old-password old-password
Views
AAA view
Default Level
3: Management level
Usage Guidelines
It is recommended that you change user passwords in the following situations:
l
Unauthorized users use the default user name and password to log in to the device.
A password has been used for a long time, so it is prone to disclosing and deciphering.
Example
# Change the password of the local user user1@vipdomain from admin@12345 to
huawei@1234.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] local-user user1@vipdomain password cipher huawei@1234 old-password
admin@12345
Format
radius-server test-user detect interval interval-time
Issue 04 (2014-07-30)
136
Parameters
Parameter
Description
Value
interval-time
Views
RADIUS server template view
Default Level
2: Configuration level
Usage Guidelines
You can use this command to set the interval for automatic user status detection.
Example
# Set the interval for automatic user status detection to 360 seconds.
<HUAWEI> system-view
[HUAWEI] radius-server template huawei
[HUAWEI-radius-huawei] radius-server test-user detect interval 360
Format
dhcp option82 [ circuit-id | remote-id ] format userdefined text
Parameters
Parameter
Description
Value
circuit-id
Issue 04 (2014-07-30)
137
Parameter
Description
Value
remote-id
userdefined text Indicates the user-defined format of the text is the user-defined character
Option 82 field.
string of the Option 82 field.
Views
System view
Default Level
2: Configuration level
Usage Guidelines
You can use the dhcp option82 format command to configure the format of the Option 82 field
in DHCP messages.
Example
# Configure the user-defined string for the CID in the Option 82 field and use the hexadecimal
format to encapsulate the CID type (0, indicating the hexadecimal format), length (excluding
the length of the CID type and the length keyword itself), outer VLAN ID, slot ID (5 bits), subslot
ID (3 bits), and port number (8 bits).
<HUAWEI> system-view
[HUAWEI] dhcp option82 circuit-id format userdefined 0 %length %svlan %5slot %
3subslot %8port
Format
dhcp snooping bind-table autosave file-name [ write-delay delay-time ]
Issue 04 (2014-07-30)
138
Parameters
Parameter
Description
Value
file-name
write-delay delay-time
Views
System view
Default Level
2: Configuration level
Usage Guidelines
You can use the dhcp snooping bind-table command to back up DHCP snooping binding entries
in a specified file.
Example
# Configure a device to automatically back up DHCP snooping binding entries in the file
backup.tbl in the flash memory.
<HUAWEI> system-view
[HUAWEI] dhcp snooping enable
[HUAWEI] dhcp snooping bind-table autosave flash:/backup.tbl
Issue 04 (2014-07-30)
139
Format
System view:
dhcp snooping information circuit-id string string
Interface view:
dhcp snooping information vlan vlan-id circuit-id string string
Parameters
Parameter
Description
Value
string string
vlan vlan-id
Views
System view, Ethernet interface view, GE interface view, XGE interface view, 40GE interface
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
You can use the dhcp snooping information circuit-id command to configure the Option 82
circuit-id format.
Example
# Configure the Option 82 circuit-id format.
<Quidway> system-view
[Quidway] dhcp snooping information circuit-id string teststring
Format
System view:
dhcp snooping information remote-id { sysname | string string }
Issue 04 (2014-07-30)
140
Interface view:
dhcp snooping information vlan vlan-id remote-id string string
Parameters
Parameter
Description
Value
sysname
System name.
string string
vlan vlan-id
Views
System view, Ethernet interface view, GE interface view, XGE interface view, 40GE interface
view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
You can use the dhcp snooping information remote-id command to configure the Option 82
remote-id format.
Example
# Configure the Option 82 remote-id format.
<Quidway> system-view
[Quidway] dhcp snooping information remote-id string teststring
Format
dhcp snooping information format { hex | ascii }
Issue 04 (2014-07-30)
141
Parameters
Parameter
Description
Value
hex
ascii
Views
System view
Default Level
2: Configuration level
Usage Guidelines
You can use the dhcp snooping information format command to configure the Option 82 field
format.
Example
# Set the Option 82 format to ASCII.
<HUAWEI> system-view
[HUAWEI] dhcp snooping information format ascii
Format
dhcp snooping check dhcp-rate enable rate rate [ alarm { enable | [ enable ] threshold
threshold } | vlan { vlanstart_id [ to vlanend_id ] } &<1-10>]
Issue 04 (2014-07-30)
142
Parameters
Parameter
Description
Value
rate rate
Views
System view, VLAN view, Ethernet interface view, GE interface view, XGE interface view,
40GE interface view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
You can use the dhcp snooping check dhcp-rate enable command to enable the alarm function
for checking the rate of sending DHCP packets to the DHCP stack.
This command can only be used during a configuration restoration.
Example
# Enable DHCP packet rate check in the system view.
<HUAWEI> system-view
[HUAWEI] dhcp snooping enable
[HUAWEI] dhcp snooping check dhcp-rate enable
Format
dhcp snooping global max-user-number max-user-number
Issue 04 (2014-07-30)
143
Parameters
Parameter
Description
Value
max-user-number
Views
System view
Default Level
2: Configuration level
Usage Guidelines
The dhcp snooping global max-user-number command takes effect only when DHCP
snooping is enabled globally and is valid for only DHCP users. When the number of global
DHCP users reaches the threshold set by this command, no more users can access.
You can use the dhcp snooping global max-user-number command to set the maximum
number of global users.
Example
# Set the maximum number of global DHCP users to 100.
<HUAWEI> system-view
[HUAWEI] dhcp snooping enable
[HUAWEI] dhcp snooping global max-user-number 100
Format
dhcp snooping sticky-mac
undo dhcp snooping sticky-mac
Issue 04 (2014-07-30)
144
Parameters
None
Views
Ethernet interface view, 40GE interface view, GE interface view, XGE interface view, port group
view, Eth-trunk view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
Dynamic MAC address entries are learned and generated by the device, and static MAC address
entries are configured by command lines. A MAC address entry consists of the MAC address,
VLAN ID, and port number of a DHCP client. The device implements Layer 2 forwarding based
on MAC address entries.
After the dhcp snooping sticky-mac command is executed on an interface, the device generates
static MAC address entries (snooping type) of DHCP users on the interface based on the
corresponding dynamic binding entries, clears all the dynamic MAC address entries on the
interface, disables the interface to learn dynamic MAC address entries, and enables the device
to match the source MAC address based on MAC address entries. Then only the message with
the source MAC address matching the static MAC address entry can pass through the interface;
otherwise, messages are discarded. Therefore, the administrator needs to manually configure
static MAC address entries (the static type) for non-DHCP users on the interface so that messages
sent from non-DHCP users can pass through; otherwise, DHCP messages are discarded. This
prevents attacks from non-DHCP users.
NOTE
l If a DHCP snooping binding entry is updated, the corresponding static MAC address entry is
automatically updated.
l If you run the dhcp snooping sticky-mac command on the interface, DHCPv6 users cannot go online.
Run the nd snooping enable command in the system view and interface view to enable ND snooping
and the savi enable command in the system view to enable SAVI.
Prerequisites
DHCP snooping has been enabled on the device using the dhcp snooping enable command.
Precautions
The dhcp snooping sticky-mac command cannot be used with the following commands on an
interface.
Issue 04 (2014-07-30)
Command
Description
dot1x enable
145
Command
Description
mac-authen
mac-limit
Example
# Enable the device to generate static MAC address entries based on DHCP snooping binding
entries on GE0/0/1.
<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] dhcp snooping enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dhcp snooping sticky-mac
Format
dhcp snooping trust interface interface-type interface-number
undo dhcp snooping trust interface interface-type interface-number
Parameters
Parameter
Description
Value
146
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
To enable DHCP clients to obtain IP addresses from authorized DHCP servers, DHCP snooping
supports the trusted interface and untrusted interfaces. The trusted interface forwards DHCP
messages while untrusted interfaces discard received DHCP ACK messages and DHCP Offer
messages.
An interface directly or indirectly connected to the DHCP server trusted by the administrator
needs to be configured as the trusted interface, and other interfaces are configured as untrusted
interfaces. This ensures that DHCP clients obtain IP addresses from authorized DHCP servers.
Example
# Configure GE0/0/1 in VLAN 100 as the trusted interface.
<HUAWEI> system-view
[HUAWEI] vlan 100
[HUAWEI-vlan100] dhcp snooping trust interface gigabitethernet 0/0/1
Format
mac-authen username fixed username password simple password
undo mac-authen username fixed username password simple password
Issue 04 (2014-07-30)
147
Parameters
Parameter
Description
Value
fixed username Specifies the fixed user name for MAC The value is a string of 1 to 64
characters.
address authentication.
simple
password
Views
System view
Default Level
2: Configuration level
Usage Guidelines
You can use the mac-authen username fixed password command to configure the fixed user
name and password for MAC address authentication.
Example
# Configure the fixed user name and password for MAC address authentication.
<HUAWEI> system-view
[HUAWEI] mac-authen username fixed tester password simple 123456
Format
web-auth-server server-name ip-address [ port port [ all ] ] [ key password | shared-key
{ simple password | cipher password } ] [ url url-string ]
Issue 04 (2014-07-30)
148
Parameters
Parameter
Description
Value
server-name
ip-address
port port
all
key password
shared-key
simple password
cipher password
url url-string
Views
System view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
149
Usage Guidelines
When an unauthenticated user goes online, a device forces the user to log in to a special website
(namely, the Portal website) so that the user can access the service on the Portal for free. To
access the Internet, the user must pass the authentication on the Portal.
Example
# Set the IP address of web authentication server huawei to 10.1.1.1.
<HUAWEI> system-view
[HUAWEI] web-auth-server huawei 10.1.1.1
Format
blacklist acl { acl-number } &<1-4>
Parameters
Parameter
Description
Value
The value is an integer that ranges
from 2000 to 4999.
Views
System view, Attack defense policy view
Default Level
2: Configuration level
Usage Guidelines
A maximum of eight blacklists can be configured on the device. You can set the attributes of a
blacklist by defining ACL rules.
The packets sent from users in the blacklist are discarded after reaching the device.
Issue 04 (2014-07-30)
150
Example
# Reference ACL 2001 in the blacklist.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] blacklist acl 2001
8.4.2 car
Function
The car command sets the rate at which packets are sent to the CPU.
Format
car packet-type bpdu cir cir-value [ cbs cbs-value ]
car packet-type ftp-dynamic cir cir-value [ cbs cbs-value ]
undo car packet-type bpdu
undo car packet-type ftp-dynamic
Parameters
Parameter
Description
Value
packet-type bpdu
cir cir-value
cbs cbs-value
Views
Attack defense policy view
Default Level
2: Configuration level
Usage Guidelines
The default CARs for packets of each type range from 64 kbit/s to 512 kbit/s. You can run the
display cpu-defend configuration command to query the default CAR.
Issue 04 (2014-07-30)
151
If you run the deny and car commands for the same type of packets sent to the CPU, the command
that runs later takes effect.
NOTE
If packets are sent to the CPU at a high rate and a large CAR value is configured on the device, the CPU
usage may be too high. This may degrade the device performance or even cause the stack split.
Example
# Set the CAR of packets in defense policy test as follows: Set the packet type to bpdu, CIR to
64 kbit/s, and CBS to 33000 bytes.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] car packet-type bpdu cir 64 cbs 33000
Format
car cpu-port cir cir-rate
Parameters
Parameter
Description
Value
cir cir-rate
Views
Attack defense policy view
Default Level
2: Configuration level
Usage Guidelines
The car cpu-port command limits the total rate of all protocol packets sent to the CPU. The
car packet-type command limits the rate of packets of a specified protocol. However, the total
CIR of packets of specified protocols cannot exceed the CIR of all the packets sent to the CPU.
When the CIR is exceeded, excess packets including unicast, multicast, and broadcast packets
are not sent to the CPU. In addition, the unicast packets are discarded directly.
Issue 04 (2014-07-30)
152
Example
# Set the CIR of all the packets to be sent to the CPU to 512 kbit/s on the device.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] car cpu-port cir 512
Format
cpu-defend linkup-car bgp enable
undo cpu-defend linkup-car bgp enable
Parameters
None
Views
System view
Default Level
2: Configuration level
Usage Guidelines
This command is provided for compatibility with earlier versions.
Example
# Enable the BGP protocol association.
<HUAWEI> system-view
[HUAWEI] cpu-defend linkup-car bgp enable
8.4.5 deny
Function
The deny command sets the discard action taken for packets sent to the CPU.
The undo deny command restores the default action taken for packets sent to the CPU.
Issue 04 (2014-07-30)
153
By default, the device limits the rate of protocol packets and user-defined flows based on the
CAR configuration.
Format
deny packet-type bpdu
deny packet-type ftp-dynamic
undo deny packet-type bpdu
undo deny packet-type ftp-dynamic
Parameters
Parameter
Description
Value
packet-type bpdu
packet-type ftp-dynamic
Views
Attack defense policy view
Default Level
2: Configuration level
Usage Guidelines
If you run the deny and car commands for the same type of packets sent to the CPU, the command
that runs later takes effect. The undo deny command restores the default action taken for packets
sent to the CPU. After you run this command, the system limits the rate of packets sent to the
CPU based on the configured CIR and CBS values.
Example
# Set the discard action taken for bpdu packets sent to the CPU attack in defense policy test.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] deny packet-type bpdu
154
Function
The ip anti-attack source-ip equals destinetion-ip drop command enables the device to
discard IP packets with the same source and destination IP addresses.
The undo ip anti-attack source-ip equals destinetion-ip drop command disables the device
from discarding IP packets with the same source and destination IP addresses.
By default, the device does not discard IP packets with the same source and destination IP
addresses.
Format
ip anti-attack source-ip equals destinetion-ip drop { all | slot slot-id }
undo ip anti-attack source-ip equals destinetion-ip drop { all | slot slot-id }
Parameters
Parameter
Description
Value
all
slot slot-id
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Generally, IP packets with the same source and destination IP addresses can be forwarded. When
you determine that the IP packets are attack packets, you can use the ip anti-attack source-ip
equals destinetion-ip drop command to enable the device to discard the IP packets.
Example
# Enable the device to discard IP packets with the same source and destination IP addresses.
<HUAWEI> system-view
[HUAWEI] ip anti-attack source-ip equals destinetion-ip drop all
Issue 04 (2014-07-30)
155
Format
ip source check { ip-address | mac-address | interface } *
Parameters
None
Views
VLAN view
Default Level
2: Configuration level
Usage Guidelines
After dynamic IP source guard is enabled on a VLAN, the device checks packets according to
the entries in the DHCP snooping binding table specified by the ip source check command.
Packets that do not match the specified entries in the DHCP snooping binding table are discarded.
Therefore, access control is implemented and unauthorized users are not allowed to access the
network.
Dynamic IP source guard does not generate binding entries. Packets are checked according to
the specified entries in the DHCP snooping binding table. Therefore, you must enable the device
to check IP and ARP packets before enabling the dynamic IP source guard. Dynamic IP source
guard configured independently does not take effect.
Example
# Enable dynamic IP source guard in VLAN 10 to check the IP address and MAC address of a
packet according to the DHCP snooping binding table. View the DHCP snooping binding table.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-Vlan10] ip source check ip-address mac-address
156
Function
The ip urpf command enables URPF check on the interface and configure the URPF check
mode.
The undo ip urpf command disables URPF check on the interface.
NOTE
Format
ip urpf { loose | strict } [ allow-default-route ]
undo ip urpf
Parameters
Parameter
Description
loose
Indicates URPF loose check. In this mode, the device forwards a packet as long as the source address of the packet exists in the
routing table or ARP table, regardless of whether the matching
outbound interface in the routing table or ARP table is the same
as the inbound interface of the packet.
strict
Indicates URPF strict check. In this mode, the device forwards a packet only when the source address of the packet exists in
the routing table or ARP table, and the matching outbound
interface in the routing table or ARP table is the same as the
inbound interface of the packet.
Value
Views
GE interface view, XGE interface view, 40GE interface view, Eth-Trunk interface view, port
group view
Default Level
2: Configuration level
Usage Guidelines
The URPF check mode configured on an interface is valid only after the URPF is enabled on
the LPU.
The URPF determines how to process the default route based on whether the allow-defaultroute parameter is specified in the command.
l
Issue 04 (2014-07-30)
If allow-default-route is set but the source address of a packet does not exist in the routing
table or ARP table, the packet is discarded even if the default route is found, regardless of
the strict or loose check. If allow-default-route is set and the source address of a packet
exists in the routing table or ARP table:
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
157
In the strict check mode, the device forwards a packet when the outbound interface in
the default route is the same as the inbound interface of the packet. When the outbound
interface in the default route is different from the inbound interface of the packet, the
packet is discarded.
In the loose check mode, the device forwards a packet regardless of whether the
outbound interface in the default route is the same as the inbound interface of the packet.
l
Example
# Enable the strict URPF check on GE0/0/1 and allow the special process for the default route.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] ip urpf strict allow-default-route
Format
broadcast-suppression { broadcast-pct | packets packets-per-second }
undo broadcast-suppression
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
broadcast-pct
packets packets-per-second
158
Views
Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
When the traffic rate of broadcast packets exceeds the maximum value, the system discards
excess broadcast packets to control the traffic rate and ensure normal operation of network
services.
Example
# Set the maximum percentage of broadcast traffic to 20% of interface bandwidth on Eth-Trunk1.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk 1
[HUAWEI-Eth-Trunk1] broadcast-suppression 20
8.7.2 multicast-suppression
Function
The multicast-suppression command sets the maximum traffic rate of multicast packets that
can pass through an interface.
The undo multicast-suppression command restores the default traffic rate of multicast packets
that can pass through an interface.
Format
multicast-suppression { multicast-pct | packets packets-per-second }
undo multicast-suppression
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
multicast-pct
packets packets-per-second
159
Views
Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
When the traffic rate of multicast packets exceeds the maximum value, the system discards
excess multicast packets to control the traffic rate and ensure normal operation of network
services.
Example
# Set the maximum percentage of multicast traffic to 20% of interface bandwidth on Eth-Trunk1.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk 1
[HUAWEI-Eth-Trunk1] multicast-suppression 20
8.7.3 unicast-suppression
Function
The unicast-suppression command sets the maximum traffic rate of unknown unicast packets
that can pass through an interface.
The undo unicast-suppression command restores the default traffic rate of unknown unicast
packets that can pass through an interface.
Format
unicast-suppression { unicast-pct | packets packets-per-second }
undo unicast-suppression
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
unicast-pct
Specifies maximum
percentage of unknown
unicast traffic on an Ethernet
interface.
packets packets-per-second
160
Views
Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
When the traffic rate of unknown unicast packets exceeds the maximum value, the system
discards excess unknown unicast packets to control the traffic rate and ensure normal operation
of network services.
Example
# Set the maximum percentage of unknown unicast traffic to 20% of interface bandwidth on
Eth-Trunk1.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk1
[HUAWEI-Eth-Trunk1] unicast-suppression 20
Format
acl ipv6 [ number ] acl6-number [ name acl6-name ]
undo acl ipv6 { all | [ number ] acl6-number | name acl6-name }
Issue 04 (2014-07-30)
161
Parameters
Parameter
Description
Value
number acl6-number
name acl6-name
all
Views
System view
Default Level
2: Configuration level
Usage Guidelines
None
Example
# Create an ACL6 named test and numbered 3100.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 3100 name test
[HUAWEI-acl6-adv-test]
Issue 04 (2014-07-30)
162
Format
acl [ number ] acl-number [ name acl-name ]
undo acl { all | [ number ] acl-number | name acl-name }
Parameters
Parameter
Description
Value
number acl-number
name acl-name
all
Views
System view
Issue 04 (2014-07-30)
163
Default Level
2: Configuration level
Usage Guidelines
An ACL consists of a list of rules. Each rule contains a permit or deny clause. Before creating
an ACL rule, you must create an ACL.
Example
# Create an ACL named test and numbered 3100.
<HUAWEI> system-view
[HUAWEI] acl number 3100 name test
[HUAWEI-acl-adv-test]
Format
rule [ rule-id ] { deny | permit } ipv6-AH [ destination { destination-ipv6-address prefixlength | destination-ipv6-address/prefix-length | destination-ipv6-address postfix postfixlength | any } | dscp dscp | fragment | logging | precedence precedence | source { source-ipv6address prefix-length | source-ipv6-address/prefix-length | source-ipv6-address postfix postfixlength | any } | time-range time-name | tos tos | vpn-instance vpn-instance-name ] *
rule [ rule-id ] { deny | permit } ipv6-ESP [ destination { destination-ipv6-address prefixlength | destination-ipv6-address/prefix-length | destination-ipv6-address postfix postfixlength | any } | dscp dscp | fragment | logging | precedence precedence | source { source-ipv6address prefix-length | source-ipv6-address/prefix-length | source-ipv6-address postfix postfixlength | any } | time-range time-name | tos tos | vpn-instance vpn-instance-name ] *
Issue 04 (2014-07-30)
164
Parameters
Parameter
Description
Value
rule-id
Issue 04 (2014-07-30)
deny
permit
ipv6-AH
ipv6-ESP
destination
{ destinationipv6-address
prefix-length |
destinationipv6-address/
prefix-length |
any }
destination-ipv6-address is expressed in
hexadecimal notation. The value of prefixlength is an integer that ranges from 1 to
128. You can also use any to represent any
destination address.
destination
destinationipv6-address
postfix
postfix-length
dscp dscpvalue
fragment
165
Parameter
Description
Value
logging
precedence
source
{ source-ipv6address
prefix-length |
source-ipv6address/
prefix-length |
any }
source
source-ipv6address
postfix
postfix-length
time-range
time-name
vpn-instance
vpn-instancename
Views
Advanced ACL6 view
Default Level
2: Configuration level
Usage Guidelines
This command is used in the IPv6 ACL configuration mode. When adding a rule, specify the
source IPv6 address in the rule. To delete or modify an existing rule, specify the rule ID.
Issue 04 (2014-07-30)
166
Example
# Create an advanced ACL6 with ID 3000 and configure a rule that allows only IPv6 ESP packets
with the source IPv6 address 2030:5060::9050 and mask 64 to pass.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 3000
[HUAWEI-acl6-adv-3000] rule 0 permit ipv6-esp source 2030:5060::9050/64
Issue 04 (2014-07-30)
167
Issue 04 (2014-07-30)
168
Format
load-balance reference-instance instance-id slave
undo load-balance reference-instance [ slave ]
Parameters
Parameter
Description
Value
instance-id
slave
Views
Smart Link group view
Default Level
2: Configuration level
Usage Guidelines
Before you run the load-balance instance command in a Smart Link group, the Smart Link
group must be disabled.
After configuring load balancing in a Smart Link group, you can use the display smart-link
group command to verify the configuration.
When the links of all Smart Link group members are Up, the inactive link transmits the traffic
from the VLANs mapping the specified instance.
Issue 04 (2014-07-30)
169
Example
# Set the load balancing mode of the Smart Link group whose ID is 3.
<Quidway> system-view
[Quidway] smart-link group 3
[Quidway-smlk-group3] load-balance reference-instance 1 slave
Format
efm trigger if-net
Parameters
None
Views
GE interface view, XGE interface view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
EFM can be associated with interfaces. On a scenario with primary and backup links, if EFM
detects a fault on the primary link, it will set the protocol status of the associated interface to
ETHOAM Down, speeding up routing convergence. Traffic can be fast switched to the backup
link.
Prerequisites
EFM has been enabled globally and on an interface, and is in detect state.
Precautions
If EFM is associated with an interface and detects a link fault, the protocol status of the interface
becomes ETHOAM Down, and no packet except EFM OAMPDUs can be forwarded by the
interface, and all Layer 2 and Layer 3 services are blocked. Therefore, associating EFM with an
interface may greatly affect services. When the interface detects link recovery using EFM, the
interface can forward all packets and unblocks Layer 2 and Layer 3 services.
Issue 04 (2014-07-30)
170
Example
# Associate EFM with GE0/0/1.
<HUAWEI> system-view
[HUAWEI] efm enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] efm enable
[HUAWEI-GigabitEthernet0/0/1] efm trigger if-net
An interface enters the error-shutdown state after being shut down due to an error.
Format
error-shutdown auto-recovery cause efm-threshold-event
Parameters
Parameter
Description
Value
cause
efm-threshold-event
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
When link monitoring is configured for an interface on a link, the link is considered unavailable,
if the number of errored frames, errored codes, or errored frame seconds detected by the interface
reaches or exceeds the threshold within a period. You can associate an EFM crossing event with
an interface. Then the system sets the administrative status of the interface to Down. In this
manner, all services on the interface are interrupted.
Issue 04 (2014-07-30)
171
By default, an interface can only be resumed by a network administrator after being shut down.
To configure the interface to restore to the Up state automatically, run the error-down autorecovery command to set an auto recovery.
Example
# Set the auto recovery after an EFM threshold crossing event is associated with an interface.
<HUAWEI> system-view
[HUAWEI] error-shutdown auto-recovery cause efm-threshold-event
An interface enters the error-shutdown state after being shut down due to an error.
Format
error-shutdown auto-recovery interval interval-value
Parameters
Parameter
Description
Value
interval interval-value
Views
System view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
172
Usage Guidelines
Usage Scenario
By default, an interface can only be resumed by a network administrator after being shut down.
To configure the interface to restore to the Up state automatically, run the error-shutdown autorecovery interval command to set an auto recovery delay. After the delay, the interface goes
Up automatically.
Example
# Set the auto recovery delay to 50s.
<HUAWEI> system-view
[HUAWEI] error-shutdown auto-recovery interval 50
Issue 04 (2014-07-30)
173
10
Issue 04 (2014-07-30)
174
Issue 04 (2014-07-30)
175
10.1 vrbd
Function
The vrbd command displays the compiling time and version of the system software.
Format
vrbd
Parameters
None
Views
Diagnosis view
Default Level
3: Management level
Usage Guidelines
You can run the command to view the compiling time and version of the system software.
Example
# Display the compiling time and version of the system software.
<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] vrbd
S5700 Version V200R003C00SPC300
VRP Software Version F100S100
Copyright (C) 2000-2011 Huawei Technologies Co., Ltd.
Compiled Mar 26 2012 17:30:56 By S5700 CMO
CPLD Ver 257, Date Aug 8
2013
Board 0 SoftWare Version
V200R003C00
SPC300B440
Board 0 SoftWare for user V200R003C00SPC300
Issue 04 (2014-07-30)
Item
Description
176
Item
Description
SoftWare Version
10.2 _shell
Function
The _shell command displays the shell mode.
The _shell show command displays the shell mode status.
The _shell slot-id [ kick-out ] command enables you to exit from the shell mode.
Format
_shell { slot-id [ kick-out ] | show }
Parameters
Parameter Description
Value
slot-id
kick-out
show
Views
Diagnosis view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
177
Usage Guidelines
None
Example
# Display the shell mode status.
<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] _shell
[HUAWEI-diagnose] _shell show
User-ID
User-Intf
Slot
0
con0
2
Username
Unspecified
Format
backup elabel [ ftp ip-address filename username password ] [ unit unit-id ]
Parameters
Issue 04 (2014-07-30)
Parameter
Description
Value
ip-address
filename
username
password
178
Parameter
Description
Value
unit unit-id
Views
User view
Default Level
1: Monitoring level
Usage Guidelines
You can use this command to save the electronic label of the S2750&S5700&S6700 to a file in
the flash memory or on the FTP server. If the electronic label is saved in the flash memory, the
file name is elabel.fls by default.
Example
# Save the electronic label of the S2750&S5700&S6700 with the stack ID being 0 to the
elabel.fls file in the flash memory.
<HUAWEI> backup elabel unit 0
Info: Output information to file: flash:/elabel.fls. Please wait for a moment...
Info: Put file to flash successfully.
Format
cpu-usage threshold unit unit-id { high | low } threshold-value
Issue 04 (2014-07-30)
179
Parameters
Parameter Description
Value
high
low
unit unit-id l Specifies the slot ID if stacking is not The value is 0 if stacking is not
configured; the value ranges from 0 to
configured.
l Specifies the stack ID if stacking is 8 if stacking is configured.
configured.
Views
System view
Default Level
2: Configuration level
Usage Guidelines
When the CPU usage is not within the allowed range, a log is recorded. You can conveniently
know CPU usage through log information.
Example
# Set the upper CPU usage alarm threshold of a switch to 85%.
<HUAWEI> system-view
[HUAWEI] cpu-usage threshold unit 0 high 85
Format
display autosave config
Parameters
None
Issue 04 (2014-07-30)
180
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After the autosave function is configured, you can run the display autosave config command
to check whether the configured parameters are correct. You can also run this command to check
whether the parameters about the autosave function are properly configured when autosave
cannot function normally. If not, run the set save-configuration command to adjust the
parameters to restore the normal state of the autosave function.
Example
# Display the configuration about the autosave function.
<HUAWEI> display autosave config
Auto save function status: enable
Auto save checking interval: 60 minutes
The threshold of the CPU usage: 50%
The interval of the configuration not changing: 30 minutes
Description
Format
display environment unit unit-id
Issue 04 (2014-07-30)
181
Parameters
Parameter
Description
Value
unit unit-id
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can set the temperature alarm threshold of the S2750&S5700&S6700 or a temperature
sensing board.
When the temperature of the S2750&S5700&S6700 exceeds the threshold, check the working
environment of the S2750&S5700&S6700 to ensure that the environment is suitable for the
S2750&S5700&S6700.
Example
# Display the temperature of the S2750&S5700&S6700 that unit id is 0.
<HUAWEI> display environment unit 0
Environment information:
Temperature information:
SlotID
CurrentTemperature LowLimit HighLimit
(deg c )
(deg c)
(deg c )
1
33
0
70
Issue 04 (2014-07-30)
Item
Description
SlotID
CurrentTemperature
LowLimit
182
Item
Description
HighLimit
Format
display elabel unit unit-id [ subcard-id ]
Parameters
Parameter
Description
Value
slot slot-id
subcard-id
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Electronic labels identify the hardware. You can use the display elabel command to view the
electronic label information.
Example
# Display the electronic label of the device with stack ID 0.
<HUAWEI> display elabel slot 0
Issue 04 (2014-07-30)
183
[Slot_0]
/$[Board Integration Version]
/$BoardIntegrationVersion=3.0
[Main_Board]
[Main_Board]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0
[Board Properties]
BoardType=LS52T52C
BarCode=2102353169107C800132
Item=02353169
Description=S5752c-EI Mainframe(48 10/100 BASE-T ports and 4 SFP XGE (100/1000 B
ASE-X) ports (SFP Req.) and DC -48V)
Manufactured=2011-08-24
VendorName=Huawei
IssueNumber=00
CLEICode=
BOM=02353169
[Port_1]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0
[Board Properties]
BoardType=VAHS-28-0029
BarCode=5529900015
Item=
Description=1Gbps-0nm-Copper Pigtail-2(copper)
Manufactured=2010-04-09
/$VendorName=Volex Inc.
IssueNumber=
CLEICode=
BOM=
[Port_2]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0
[Board Properties]
BoardType=
BarCode=
Item=
Description=
Manufactured=
/$VendorName=
IssueNumber=
CLEICode=
BOM=
[Port_3]
Issue 04 (2014-07-30)
184
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0
[Board Properties]
BoardType=04050017
BarCode=GEC42100170065
Item=
Description=1Gbps-0nm-Unknown or UnspecifiedManufactured=2010-10-22
/$VendorName=Amphenol
IssueNumber=
CLEICode=
BOM=
[Port_4]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0
[Board Properties]
BoardType=
BarCode=
Item=
Description=
Manufactured=
/$VendorName=
IssueNumber=
CLEICode=
BOM=
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0
[Board Properties]
BoardType=CX7M1PWA
BarCode=2102316783P0B1002502
Item=02316783
Description=S5300C,CX7M1PWA,AC Power Module
Manufactured=2011-01-16
VendorName=Huawei
IssueNumber=00
CLEICode=
BOM=
Issue 04 (2014-07-30)
Item
Description
BoardType
BarCode
Item
Description
Manufactured
185
Item
Description
VendorName
IssueNumber
CLEICode
BOM
Format
display fault-management { alarm | active-alarm | event } [ sequence-number sequencenumber ]
Parameters
Parameter
Description
Value
sequence-number
sequence-number
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
This command helps you obtain the contents of all alarm messages or one alarm message on a
device.
Issue 04 (2014-07-30)
186
Example
# Display the contents of active alarm messages in the system.
<HUAWEI> display fault-management active-alarm
A/B/C/D/E/F/G/H/I/J
A=Sequence, B=RootKindFlag(Independent|RootCause|nonRootCause)
C=Generating time, D=Clearing time
E=ID, F=Name, G=Level, H=State
I=Description information for locating(Para info, Reason info)
J=RootCause alarm sequence(Only for nonRootCause alarm)
1/Independent/2008-10-13 01:49:45+08:00/-/0x41932001/hwLldpEnabled/Warning/Sta
rt/OID: 1.3.6.1.4.1.2011.5.25.134.2.1 Global LLDP is enabled.
2/Independent/2008-10-13 01:50:06+08:00/-/0x41932000/lldpRemTablesChange/Warni
ng/Start/OID: 1.0.8802.1.1.2.0.0.1 Neighbor information is changed. (LldpStatsRe
mTablesInserts=1, LldpStatsRemTablesDeletes=0, LldpStatsRemTablesDrops=0, LldpSt
atsRemTablesAgeouts=0)
5/Independent/2008-10-13 02:22:52+08:00/-/0x40c12014/hwPortPhysicalEthHalfDupl
exAlarm/Minor/Start/OID 1.3.6.1.4.1.2011.5.25.129.2.5.11 The port works in half
duplex mode. (EntityPhysicalIndex=10, BaseTrapSeverity=3, BaseTrapProbableCause=
1024, BaseTrapEventType=8, EntPhysicalName=GigabitEthernet0/0/5, RelativeResourc
e=interface GigabitEthernet0/0/5)
Format
display fault-management alarm information [ alarm-name ]
Parameters
Parameter Description
Value
alarm-name Specifies the name of an alarm message. The value is a case-sensitive string of
1 to 256 characters without spaces.
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
If alarm-name is not specified, registration information about all alarm messages is displayed.
Issue 04 (2014-07-30)
187
To view registration information about an alarm message, you can run the display faultmanagement alarm information command; to modify registration information about an alarm
message, including alarm level, you can run the fault-management alarm command.
Example
# Check registration information about the alarm message named linkUp.
<HUAWEI> display fault-management alarm information linkUp
**********************************
AlarmName: linkUp
AlarmType: Resume Alarm
AlarmLevel: Cleared
Suppress Period: NA
CauseAlarmName: linkDown
Match VB Name: ifIndex
**********************************
Table 10-5 Description of the display fault-management alarm information command output
Item
Description
AlarmName
AlarmType
Type of an alarm
AlarmLevel
Level of an alarm
Suppress Period
CauseAlarmName
Match VB Name
Related Topics
10.11 fault-management alarm
Format
display reboot-info unit unit-id
Issue 04 (2014-07-30)
188
Parameters
Parameter
Description
Value
unit unit-id
Views
All views
Default Level
2: Configuration level
Usage Guidelines
None
Example
# Display the information about restarting the S2750&S5700&S6700 that unit id is 0.
<HUAWEI> display reboot-info unit 0
Slot ID
Times
Reboot Type
Reboot Time(DST)
===========================================================================
0
1
MANUAL
2012/10/13 01:48:28
0
2
MANUAL
2012/10/08 06:43:35
0
3
MANUAL
2012/10/01 01:34:32
0
4
POWER
2012/10/01 00:01:26
0
5
POWER
2012/10/01 00:01:25
0
6
POWER
2012/10/01 00:01:24
0
7
POWER
2012/10/01 00:01:25
0
8
POWER
2012/10/01 00:01:28
0
9
POWER
2012/10/01 00:01:24
0
10
POWER
2012/10/01 00:01:23
0
11
MANUAL
2012/10/03 00:42:32
0
12
POWER
2012/10/01 00:01:21
0
13
MANUAL
2012/10/05 07:12:18
0
14
POWER
2012/10/01 00:01:21
0
15
POWER
2012/10/01 00:01:21
0
16
POWER
2012/10/01 00:01:19
0
17
MANUAL
2012/10/04 07:02:23
0
18
MANUAL
2012/10/03 00:37:50
0
19
MANUAL
2012/10/01 03:21:56
0
20
POWER
2012/10/01 00:01:23
0
21
MANUAL
2012/10/10 02:55:49
0
22
MANUAL
2012/10/10 01:28:13
0
23
POWER
2012/10/01 00:01:19
0
24
MANUAL
2012/10/03 23:49:02
===========================================================================
Total
24
Issue 04 (2014-07-30)
189
Description
Slot ID
Times
Reboot Type
Format
fault-management alarm alarm-name level alarm-level
undo fault-management alarm alarm-name [ level ]
Parameters
Parameter
Description
Issue 04 (2014-07-30)
Value
The value is a case-sensitive
string of 1 to 64 characters
without spaces.
190
Parameter
Description
Value
level alarm-level
Issue 04 (2014-07-30)
191
Parameter
Description
Value
Views
System view
Default Level
3: Management
Usage Guidelines
Alarm messages can be classified into root alarm messages and resume-alarm messages. All the
alarms are saved on the device.
Events can be classified into critical events and events. Critical events are saved on a device and
can be obtained by the NMS. Events are not saved on a device.
The fault-management alarm command can be used to promote or degrade the level of an
alarm message according to the severity level and emergency level of the alarm message.
Example
# Set the alarm level of the alarm message named hwCfgManEventlog to major respectively.
<HUAWEI> system-view
[HUAWEI] fault-management alarm hwCfgManEventlog level major
Format
reset reboot-info unit unit-id
Issue 04 (2014-07-30)
192
Parameters
Parameter
Description
Value
unit unit-id
Views
User view
Default Level
2: Configuration level
Usage Guidelines
None.
Example
# clear the reboot information of device that unit id is 0.
<HUAWEI> reset reboot-info unit 0
Format
display alarm urgent unit unit-id
Parameters
Parameter
Description
Value
unit unit-id
Issue 04 (2014-07-30)
193
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can use the command to view alarms, including alarms about the abnormality of the
temperature, the fan, and the chip.
If no parameter is specified, the command displays all the alarms.
Example
# Display alarms of the device that unit id is 0.
<HUAWEI> display alarm urgent unit 0
Alarm
Slot
Date
Time
Location
------------------------------------------------------------------Power abnormal
0
2008/08/01 00:00:46
slot 0
Power plugged out
0
2008/08/01 00:00:46
slot 0
Description
Alarm
Slot
Date
Time
Location
Format
reset alarm urgent unit unit-id
Issue 04 (2014-07-30)
194
Parameters
Parameter
Description
Value
unit unit-id
Views
System view
Default Level
2: Configuration level
Usage Guidelines
None
Example
# Clear all alarm messages of the device that unit id is 0.
<HUAWEI> system-view
[HUAWEI] reset alarm urgen unit 0
Format
temperature threshold unit unit-id lower-limit low-temperature upper-limit high-teperature
undo temperature threshold unit unit-id lower-limit low-temperature upper-limit highteperature
Issue 04 (2014-07-30)
195
Parameters
Parameter
Description
Value
unit-id
lower-limit low-temperature
upper-limit high-teperature
Views
System view
Default Level
2: Configuration level
Usage Guidelines
This command sets the upper and lower temperature thresholds for a device. If the device
temperature is out of the specified range, an alarm is generated.
Example
# Set the upper temperature alarm threshold of the device with stack ID 3 to 40.
<HUAWEI> system-view
[HUAWEI] temperature threshold unit 3 lower-limit 0 upper-limit 40
Format
port-mirroring to observe-port index { both | inbound | outbound } remote vlan-id
Issue 04 (2014-07-30)
196
Parameters
Parameter
Description
Value
index
both
inbound
incoming
outbound
remote vlan-id
Views
GE interface view, 10GE interface view, Eth-Trunk interface view
Default Level
2: Configuration level
Usage Guidelines
NOTE
In the process of port mirroring, the S2750&S5700&S6700 copies the packets passing through
an observed port to a specified observing port. To ensure information integrity during port
mirroring, it is recommended that the observing port and observed port be of the same type and
enjoy the same bandwidth.
On the S2750&S5700&S6700, port mirroring is implemented by the Layer 2 switch chip. Ensure
that the Layer 2 header, Layer 3 header, and data of each packet copied to the observing port
remain unchanged. Port mirroring can be configured for the incoming traffic, outgoing traffic,
or both.
To configure an Eth-Trunk as a mirrored interface, you must run the interface eth-trunk trunkid command to create the Eth-Trunk first.
l
Issue 04 (2014-07-30)
197
Example
# Configure GE 0/0/1 as the observed interface and GE0/0/2 as the observing port with the index
as 1. Mirror the incoming traffic of GE0/0/1 to GE0/0/2.
<HUAWEI> system-view
[HUAWEI] observe-port 1 interface gigabitethernet 0/0/2
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-mirroring to observe-port 1 inbound remote 10
Format
poe power port-max-power
undo poe power
Parameters
Parameter
Description
Value
port-max-power
Views
GE interface view, Ethernet interface view, port group view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenarios
Issue 04 (2014-07-30)
198
The PD negotiation power may be different from the power required by some non-standard PDs
or PDs that cannot be classified. You can run the poe power command to set the maximum
output power of the interface, which prevents power overload for PDs and saves energy.
Prerequisites
The PoE function has been enabled on the interface using the poe enable command.
Example
# Set the maximum output power on GigabitEthernet0/0/5 to 20000 mW.
<HUAWEI> system-view
[HUAWEI] interface gigabitEthernet 0/0/5
[HUAWEI-GigabitEthernet0/0/5] poe power 20000
10.18 port-mirroring
Function
The port-mirroring command configures a mirroring behavior on an interface.
NOTE
Format
port-mirroring to observe-port index remote vlan-id
Parameters
Parameter
Description
Value
index
remote vlan-id
Views
Traffic behavior view
Default Level
2: Configuration level
Usage Guidelines
During flow mirroring, the device copies the packets of an observed flow and then sends the
copy to a specified observing interface. The device implements flow mirroring for the incoming
flows on an interface through traffic classification.
Issue 04 (2014-07-30)
199
On the S-switch, flow mirroring is implemented by the Layer 2 switch chip. Ensure that the
Layer 2 header, Layer 3 header, and data of each packet copied to the observing interface remain
unchanged.
You can only specify an existing VLAN for remote mirroring. This VLAN must be configured
as an RSPAN VLAN.
Example
# Mirror traffic to observing interface with index 1.
<HUAWEI> system-view
[HUAWEI] traffic behavior b1
[HUAWEI-traffic-behavior-b1] port-mirroring to observe-port 1 remote 1
Format
reset fault-management { active-alarm | event } [ sequence-number sequence-number ]
Parameters
Parameter
Description
Value
sequence-number
sequence-number
Views
System view
Default Level
3: Management
Usage Guidelines
If sequence-number is not specified, the system clears all the alarm messages on the device.
NOTICE
After this command is run, all alarm messages on a device are cleared and cannot be restored.
Issue 04 (2014-07-30)
200
Example
# Clear all active alarm messages.
<HUAWEI> system-view
[HUAWEI] reset fault-management active-alarm
Issue 04 (2014-07-30)
201
11
Issue 04 (2014-07-30)
202
Format
ping ipv6 [ -a source-ipv6-address | -c count | -h ttl-value | -m time | -name | -s packetsize | -t
timeout | -tc traffic-class-value | vpn6-instance vpn6-instance-name ] * { destination-ipv6address | host } [ -i interface-type interface-number ]
Parameters
Parameter
Description
Value
-a source-ipv6-address
-c count
Issue 04 (2014-07-30)
203
Parameter
Description
-h ttl-value
-m time
Value
-s packetsize
Issue 04 (2014-07-30)
204
Parameter
Description
Value
-t timeout
-tc traffic-class-value
vpn6-instance vpn6instance-name
Issue 04 (2014-07-30)
205
Parameter
Description
destination-ipv6-address
host
Value
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The ping ipv6 command is a widely used debugging tool for checking network connectivity and
host reachability on an IPv6 network by transmitting ICMPv6 messages. It can detect the
following items:
l
You can run the ping ipv6 command to check the IPv6 network connectivity or line quality in
the following scenarios:
l
Scenario 1: Check the protocol stack on the local device. You can run the ping ipv6 IPv6loopback-address command to check whether the TCP/IP protocol stack works properly
on the local device.
Scenario 2: Check whether the destination IPv6 host is reachable on an IPv6 network. You
can run the ping ipv6 host command to send an ICMPv6 Echo Request message to the
destination host. If a reply is received, the destination host is reachable.
Scenario 3: Check whether the peer is reachable on a Layer 3 VPN. On a Layer 3 VPN,
devices may not have routing information about each other. Therefore, you cannot use the
ping ipv6 host command to check whether the peer is reachable. When a VPN instance
name is specified, you can run the ping ipv6 vpn6-instance vpn6-instance-name host
command to send an ICMPv6 Echo Request message to the peer. If the peer returns an
ICMPv6 Echo Reply message, the peer is reachable.
Scenario 4: In the case of an unstable network, you can run the ping ipv6 -c count -t
timeout { destination-ipv6-address | host } command to check the quality of the network
Issue 04 (2014-07-30)
206
between the local device and the peer. By analyzing the packet loss rate and average delay
in the command output, you can evaluate the network quality. If the network is unreliable,
set the packet transmission count (-c) and timeout (-t) to the upper limits. This makes the
test result accurate.
Prerequisites
l
Before running the ping ipv6 command, ensure that the ICMPv6 module is working
properly.
Configuration Impact
l
When the destination host is unreachable, the system displays "Request time out" indicating
that the ICMPv6 Echo Request message times out and displays statistics collected by the
IPv6 ping test.
Precautions
l
If the IPv6 address of the destination host maps the local address, specify the name of the
local outbound interface through which the ICMPv6 Echo Request message is sent.
Otherwise, reply to the ping ipv6 command times out.
If a fault occurs in the IPv6 ping process, you can press Ctrl+C to terminate the IPv6 ping
operation.
Example
# Check whether the host with the IPv6 address as 2001::1 is reachable.
<HUAWEI> ping ipv6 2001::1
PING 2001::1 : 56 data bytes, press CTRL_C to break
Reply from 2001::1
bytes=56 Sequence=1 hop limit=64 time=115 ms
Reply from 2001::1
bytes=56 Sequence=2 hop limit=64 time=1 ms
Reply from 2001::1
bytes=56 Sequence=3 hop limit=64 time=1 ms
Reply from 2001::1
bytes=56 Sequence=4 hop limit=64 time=1 ms
Reply from 2001::1
bytes=56 Sequence=5 hop limit=64 time=1 ms
---2001::1 ping statistics--5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max=1/23/115 ms
Issue 04 (2014-07-30)
Item
Description
PING HH:HH::HH:H
x data bytes
The ongoing IPv6 ping test is terminated after you press Ctrl+C.
207
Item
Description
Reply from
HH:HH::HH:H
HH:HH::HH:H ping
statistics
Statistics collected after the IPv6 ping test on the destination host.
The statistics include the following information:
l packet(s) transmitted: indicates the number of sent ICMPv6
Echo Request messages.
l packet(s) received: indicates the number of received ICMPv6
Echo Reply messages.
l % packet loss: indicates the percentage of unresponded
messages to total sent messages.
l round-trip min/avg/max: indicates the minimum, average, and
maximum RTTs.
Related Topics
11.1.2 tracert ipv6
Format
tracert ipv6 [ -a source-ip-address | -f first-hop-limit | -m max-hop-limit | -name | -p portnumber | -q probes | -s packetsize | -w timeout | vpn6-instance vpn6-instance-name ] *
{ destination-ipv6-address | host-name }
Issue 04 (2014-07-30)
208
Parameters
Parameter
Description
Value
-a source-ip-address
Issue 04 (2014-07-30)
209
Parameter
Description
Value
-m max-hop-limit
-name
-p port-number
-q probes
-s packetsize
Issue 04 (2014-07-30)
210
Parameter
Description
Value
-w timeout
Specifies the name of a VPN The value is a string of 1 to 31 caseinstance for the IPv6 address sensitive characters.
family.
destination-ipv6-address
host-name
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
When a fault occurs on the network and the peer is an IPv6 device, you can run the ping ipv6
command to check network connectivity based on the reply message, and then run the tracert
ipv6 command to locate the fault.
You can specify different parameters in the tracert ipv6 command for different scenarios:
l
To check information about nodes between the source and the IPv6 destination, run the
tracert ipv6 host command.
To check information about nodes between the source and the IPv6 destination on a Layer
3 VPN, run the tracert ipv6 vpn6-instance vpn6-instance-name host command. On a
Layer 3 VPN, devices may not have routing information about each other. Therefore, you
cannot use the tracert ipv6 host command to check whether the peer is reachable. To check
information about nodes between the source and the IPv6 destination in a specified VPN
instance, run the tracert ipv6 vpn6-instance vpn6-instance-name host command.
Issue 04 (2014-07-30)
211
On an unstable network, you can run the tracert ipv6 -q probes -w timeout host command
to check information about nodes between the source and the IPv6 destination. If the
network is unreliable, set the packet transmission count (-q) and timeout (-w) to the upper
limits. This makes the test result accurate.
To check information about nodes along a segment of a path, run the tracert ipv6 -f firsthop-limit -m max-hop-limit host command that has initial hop-limit and maximum hoplimit specified.
Prerequisites
l
The UDP module of each node is working properly; otherwise, the IPv6 tracert operation
fails.
The ICMPv6 module of each node is working properly; otherwise, " * * * " is displayed.
Procedure
The execution process of the tracert ipv6 command is as follows:
l
The source sends a packet with the hop-limit being 1. After the hop-limit times out, the
first hop sends an ICMPv6 Error message to the source, indicating that the packet cannot
be forwarded.
The source sends a packet with the hop-limit being 2. After the hop-limit times out, the
second hop sends an ICMPv6 Error message to the source, indicating that the packet cannot
be forwarded.
The source sends a packet with the hop-limit being 3. After the hop-limit times out, the
third hop sends an ICMPv6 Error message to the source, indicating that the packet cannot
be forwarded.
The preceding process proceeds until the packet reaches the destination.
When receiving an IPv6 packet, each destination hop cannot find the port specified in the IPv6
packet, and therefore returns an ICMPv6 Port Unreachable message, indicating that the
destination port is unreachable and the IPv6 tracert ends. In this manner, the result of each probe
is displayed on the source, according to which you can find the path from the source to the
destination.
Configuration Impact
If a fault occurs when you run the tracert ipv6 command, the following information may be
displayed:
l
Precautions
By default, the ICMPv6 module is automatically enabled after you enable the IPv6 module.
Issue 04 (2014-07-30)
212
Example
# Set the number of packets to be sent to 5 and timeout period to 8000 ms, and tracert the gateways
from the source to the destination at 3002::3.
<HUAWEI> tracert ipv6 -q 5 -w 8000 3002::3
traceroute to 3002::3 30 hops max,60 bytes packet
1 2002::2 26 ms 23 ms 26 ms 30 ms 29 ms
2 3002::3 3020 ms 3024 ms 4040 ms 6820 ms 5584 ms
# Tracert the gateways from the source to the destination at 3002::3 on a specified VPN.
<HUAWEI> tracert ipv6 vpn6-instance vsi6 3002::3
traceroute to vsi6 3002::3 30 hops max,60 bytes packet
1 2002::2 26 ms 23 ms 26 ms
2 3002::2 3020 ms !H 3024 ms !H 4040 ms !H
Description
traceroute to HH:HH::HH:H
x hops max
x bytes packet
2
HH:HH::HH:H
26 ms 23 ms 26 ms
RTT, in milliseconds.
Related Topics
11.1.1 ping ipv6
Format
ntp-service authentication-keyid key-id authentication-mode { md5 | hmac-sha256 }
plain password-plain
Issue 04 (2014-07-30)
213
Parameters
Parameter
Description
Value
key-id
authentication-mode md5
authentication-mode hmacsha256
Indicates HMAC-SHA256
authentication mode.
plain password-plain
NOTICE
If plain is selected, the password
is saved in the configuration file
in plain text. This brings security
risks. It is recommended that
you select cipher to save the
password in cipher text.
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Usage Scenario
On a network that requires high security, the NTP authentication must be enabled. You can
configure password authentication between client and server, which guarantee the client only to
synchronize with server successfully authenticated, and improve network security. If the NTP
authentication function is enabled, a reliable key should be configured at the same time. Keys
configured on the client and the server must be identical.
NOTE
In NTP symmetric peer mode, the symmetric active peer functions as a client and the symmetric passive
peer functions as a server.
Follow-up Procedure
You can configure multiple keys for each device. After the NTP authentication key is configured,
you need to set the key to reliable using the ntp-service reliable authentication-keyid
command. If you do not set the key to reliable, the NTP key does not take effect.
Issue 04 (2014-07-30)
214
Precautions
You can configure a maximum of 1024 keys for each device.
If the NTP authentication key is a reliable key, it automatically becomes unreliable when you
delete the key. You do not need to run the undo ntp-service reliable authentication-keyid
command.
Example
# Set authentication text to abc in MD5 authentication with plain option.
<HUAWEI> system-view
[HUAWEI] ntp-service authentication-keyid 10 authentication-mode md5 plain abc
Format
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha }
password [ privacy-mode { des56 | aes128 } encrypt-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name [ engineid engineid | local ]
Parameters
Parameter
Description
v3
user-name
group-name
Issue 04 (2014-07-30)
Value
215
Parameter
Description
Value
-
NOTE
Authentication is a process in which the
SNMP agent (or the NMS) confirms that
the message is received from an
authorized NMS (or SNMP agent) and
the message is not changed during
transmission. RFC 2104 defines KeyedHashing for Message Authentication
Code (HMAC), an effective tool that uses
the security hash function and key to
generate the message authentication
code. This tool is widely used in the
Internet. HMAC used in SNMP includes
HWAC-MD5-96 and HWAC-SHA-96.
The hash function of HWAC-MD5-96 is
MD5 that uses 128-bit authKey to
generate the key. The hash function of
HWAC-SHA-96 is SHA-1 that uses 160bit authKey to generate the key.
md5 | sha
password
Issue 04 (2014-07-30)
216
Parameter
Description
Value
privacy-mode
encrypt-password
acl acl-number
engineid engineid
local
Issue 04 (2014-07-30)
217
Views
System view
Default Level
3: Management level
Usage Guidelines
Usage Scenario
SNMPv1 and SNMPv2c have serious defects in terms of security. The security authentication
mechanism used by SNMPv1 and SNMPv2c is based on the community name. In this
mechanism, the community name is transmitted in plain text. You are not advised to use
SNMPv1 and SNMPv2c on untrusted networks.
By adopting the user-based security model, SNMPv3 eradicates the security defects in SNMPv1
and SNMPv2c and provides two services, authentication and encryption. The user-based security
model defines three security authentication levels: noAuthNoPriv, AuthNoPriv, and AuthPriv.
NOTE
The security authentication level noAuthPriv does not exist. This is because the generation of a key is based
on the authentication information and product information.
Different from SNMPv1 and SNMPv2c, SNMPv3 can implement access control, identity
authentication, and data encryption through the local processing model and user security model.
SNMPv3 can provide higher security and confidentiality than SNMPv1 and SNMPv2c. The
following table lists the difference between SNMPv1, SNMPv2c, and SNMPv3:
Table 11-3 Comparison in the security of SNMP of different versions
Protocol version
User Checksum
Encryption
Authentication
v1
Adopts the
community name.
None
None
v2c
Adopts the
community name.
None
None
v3
Yes
Yes
The snmp-agent group command can be used to configure the authentication, encryption, and
access rights for an SNMP group. The snmp-agent group command can be used to configure
the rights for users in a specified SNMP group and bind the SNMP group to a MIB view. The
MIB view is created through the snmp-agent mib-view command. For details, see the usage
guideline of this command. After an SNMP user group is configured, the MIB-view-based access
control is configured for the SNMP user group. Users cannot access objects in the MIB view
through the SNMP user group. The purpose of adding SNMP users to an SNMP user group is
to ensure that SNMP users in an SNMP user group have the same security level and access
control list. When you run the snmp-agent usm-user command to configure a user in an SNMP
Issue 04 (2014-07-30)
218
user group, you configure the MIB-view-based access rights for the user. If an SNMP user group
is configured with the AuthPriv access rights, you can configure the authentication mode and
encryption mode when configuring SNMP users. Currently, you can set the authentication
mode to MD5 or SHA and the privacy mode to AES128 or DES56. When setting the
authentication key on the managed object, you can set whether to encrypt packets. Note that the
authentication keys and encryption passwords configured on the NMS and the SNMP agent
should be the same; otherwise, authentication fails.
NOTE
Configuration Impact
If an SNMP agent is configured with a remote user, the engine ID is required during the
authentication. If the engine ID changes after the remote user is configured, the remote user
becomes invalid.
Precautions
The user security level must be higher than or equal to the security level of the SNMP user group
to which the user is added.
The security level of an SNMP user group can be (in descending order):
l
For example, if the security level of an SNMP user group is level 1, the security level of the user
that is added to the group must be level 1; if the security level of an SNMP user group is level
2, the security level of the user that is added to the group can be level 1 or level 2.
To add an SNMP user to an SNMP group, ensure that the SNMP user group is valid.
If you run the snmp-agent usm-user command multiple times, only the latest configuration
takes effect.
Keep your user name and plain-text password well when creating the user. The plain-text
password is required when the NMS accesses the device.
Example
# Configure an SNMPv3 user with user name u1, group name g1, authentication mode md5,
authentication password 8937561bc, encryption mode aes128, and encryption password
68283asd.
<HUAWEI> system-view
[HUAWEI] snmp-agent usm-user v3 u1 g1 authentication-mode md5 8937561bc privacymode aes128 68283asd
Issue 04 (2014-07-30)
219
12
12.1 explicit-path
12.2 mpls te bypass-tunnel bandwidth
12.3 snmp-agent trap enable feature-name ldp
12.4 static-cr-lsp ingress bandwidth
12.5 static-cr-lsp transit bandwidth
12.6 bandwidth (LSP attribute view)
12.7 mpls te bandwidth
Issue 04 (2014-07-30)
220
12.1 explicit-path
Function
Using the explicit-path command, you can configure an explicit path of a tunnel.
By default, no explicit path of a tunnel is configured.
Format
explicit-path path-name { enable | disable }
Parameters
Parameter Description
Value
path-name Indicates the name of an explicit path. The value is a string of 1 to 31 characters.
enable
disable
Views
System view
Default Level
2: Configuration level
Usage Guidelines
You can configure an explicit path only after MPLS TE is enabled.
The addresses of the hops along the explicit path cannot overlap or loops cannot occur. If a loop
occurs, CSPF detects the loop and fails to calculate the path.
When the explicit path is in use, you cannot perform the following operations:
l
Run the explicit-path path-name disable command to disable the explicit path.
Example
# Create an explicit path named path1.
<HUAWEI> system-view
[HUAWEI] mpls
[HUAWEI-mpls] mpls te
[HUAWEI-mpls] quit
[HUAWEI] explicit-path path1 enable
[HUAWEI-explicit-path-path1]
Issue 04 (2014-07-30)
221
Format
mpls te bypass-tunnel bandwidth { bandwidth | { bc0 | bc1 } { bandwidth | un-limited } }
Parameters
Parameter Description
Value
bandwidth
bc0
bc1
un-limited Indicates that there is no limit on the total bandwidth that can be protected.
Views
Tunnel interface view
Default Level
2: Configuration level
Usage Guidelines
The total bandwidth of LSPs protected by the bypass tunnel is not more than the bandwidth of
the primary tunnel. When multiple bypass tunnels exist, the system selects a single bypass tunnel
through the best-fit algorithm.
The total bandwidth of all the LSPs protected by the bypass tunnel is not greater than the
bandwidth of the primary tunnel. When multiple bypass tunnels exist, the system determines the
bypass tunnel through the best-fit algorithm.
Issue 04 (2014-07-30)
222
Example
# Configure Tunnel 0/0/1 to protect the LSPs that use the BC0 bandwidth and set no limit on
the bandwidth to be protected.
<HUAWEI> system-view
[HUAWEI] interface tunnel 0/0/1
[HUAWEI-Tunnel0/0/1] tunnel-protocol mpls te
[HUAWEI-Tunnel0/0/1] destination 2.2.2.2
[HUAWEI-Tunnel0/0/1] mpls te tunnel-id 100
[HUAWEI-Tunnel0/0/1] mpls te bypass-tunnel bandwidth bc0 un-limited
[HUAWEI-Tunnel0/0/1] mpls te commit
Format
snmp-agent trap enable feature-name ldp trap-name { session-down | session-up }
undo snmp-agent trap enable feature-name ldp trap-name { session-down | session-up }
Parameters
Parameter
Description
Value
trap-name
session-down Enables the trap of the event that an LDP session goes Down in the
MIB.
session-up
Enables the trap of the event that an LDP session goes Up in the MIB. -
Views
System view
Default Level
2: Configuration level
Issue 04 (2014-07-30)
223
Usage Guidelines
Run the snmp-agent trap enable feature-name ldp command to enable the LDP session trap.
Currently, all traps of the MPLS LDP module are non-excessive trap. The frequent LDP session
status changes do not trigger a large number of traps.
Example
# Enable the trap of the event that an LDP session is reestablished.
<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name ldp trap-name session-up
Format
static-cr-lsp ingress { tunnel-interface tunnel interface-number | tunnel-name } destination
destination-address { nexthop next-hop-address | outgoing-interface interface-type interfacenumber } * out-label out-label bandwidth { bc0 | bc1 } bandwidth
Parameters
Parameter
Description
tunnel-interface tunnel
interface-number
Specifies the tunnel interface of a static CR-LSP. interfacenumber indicates the tunnel
interface number.
tunnel-name
Issue 04 (2014-07-30)
Value
Parameter
Description
Value
destination destinationaddress
nexthop next-hop-address
outgoing-interface
interface-type interfacenumber
out-label out-label
bc0
bc1
bandwidth
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Before setting up an MPLS TE tunnel through a static CR-LSP, configure a static route or an
IGP to ensure connectivity between LSRs, and enable basic MPLS and MPLS TE functions.
Example
# Configure the static CR-LSP named Tunnel0/0/1, with the destination IP address being
10.1.3.1, the next-hop address being 10.1.1.2, the outgoing label being 237, and the required
bandwidth being 20 kbit/s from BC0 on the ingress.
<HUAWEI> system-view
[HUAWEI] static-cr-lsp ingress tunnel-interface Tunnel0/0/1 destination 10.1.3.1
nexthop 10.1.1.2 out-label 237 bandwidth bc0 20
Issue 04 (2014-07-30)
225
Function
Using the static-cr-lsp transit bandwidth command, you can configure a static CR-LSP and
specify its bandwidth on a transit LSR.
By default, no static CR-LSP on a transit LSR is configured.
Format
static-cr-lsp transit lsp-name incoming-interface interface-type interface-number in-label inlabel { nexthop next-hop-address | outgoing-interface interface-type interface-number } * outlabel out-label bandwidth { bc0 | bc1 } bandwidth [ description description ]
Parameters
Parameter
Description
Value
lsp-name
incoming-interface
interface-type interfacenumber
in-label in-label
nexthop next-hop-address
outgoing-interface
interface-type interfacenumber
out-label out-label
bc0
bc1
Views
System view
Default Level
2: Configuration level
Usage Guidelines
Before setting up an MPLS TE tunnel through a static CR-LSP, configure a static route or an
IGP to ensure connectivity between LSRs, and enable basic MPLS and MPLS TE functions.
Issue 04 (2014-07-30)
226
Example
# Configure the static CR-LSP named tunnel34, with the incoming interface being
VLANIF10, the incoming label being 123, the outgoing interface being VLANIF20, the
outgoing label as 253, the required BC0 bandwidth being 20 kbit/s on the transit node.
<HUAWEI> system-view
[HUAWEI] static-cr-lsp transit tunnel34 incoming-interface vlanif 10 in-label 123
outgoing-interface vlanif 20 out-label 253 bandwidth bc0 20
Format
bandwidth ct0 ct0-bandwidth ct1 ct1-bandwidth
bandwidth ct1 ct1-bandwidth ct0 ct0-bandwidth
undo bandwidth ct0 ct1
undo bandwidth ct1 ct0
Parameters
Parameter
Description
Value
Issue 04 (2014-07-30)
227
Parameter
Description
Value
Views
LSP attribute view
Default Level
2: Configuration level
Usage Guidelines
A static TE tunnel does not support the multi-CT configuration.
On a single TE tunnel interface, the multi-CT bandwidth cannot be configured with the following
features:
l
CSPF tie-breaking
The preceding constraints do not apply to the single CT configuration for a TE tunnel.
NOTE
If the bandwidth required for a CR-LSP is more than 67,105 kbit/s, it is recommended that additional one
thousandth of the required bandwidth be reserved.
Example
# Configure the bandwidth of an LSP of CT0 as 20 kbit/s in the CR-LSP attribute template.
<HUAWEI> system-view
[HUAWEI] lsp-attribute lsp-attribute-name
[HUAWEI-lsp-attribute-lsp-attribute-name] bandwidth ct0 20
228
Format
mpls te bandwidth ct0 ct0-bw-value ct1 ct1-bw-value
mpls te bandwidth ct1 ct1-bw-value ct0 ct0-bw-value
undo mpls te bandwidth ct0 ct1
undo mpls te bandwidth ct1 ct0
undo mpls te bandwidth ct0 ct0-bw-value ct1 ct1-bw-value
undo mpls te bandwidth ct1 ct1-bw-value ct0 ct0-bw-value
Parameters
Parameter
Description
Value
ct0 ct0-bw-value Specifies the bandwidth reserved for ct0-bw-value is an integer that ranges
a TE tunnel of CT0.
from 1 to 4000000000, in kbit/s.
ct1 ct1-bw-value Specifies the bandwidth reserved for ct1-bw-value is an integer that ranges
a TE tunnel of CT1.
from 1 to 4000000000, in kbit/s.
Views
Tunnel interface view
Default Level
2: Configuration level
Usage Guidelines
A static TE tunnel does not support the multi-CT configuration.
On a single TE tunnel interface, the multi-CT bandwidth cannot be configured with the following
features:
l
CSPF tie-breaking
The configured bandwidth takes effect only during tunnel establishment and protocol negotiation, and does
not limits the bandwidth for traffic forwarding.
Example
# Set the bandwidth required by Tunnel1. The bandwidth of CT0 is 2 Mbit/s.
<HUAWEI> system-view
[HUAWEI] mpls lsr-id 1.1.1.1
[HUAWEI] mpls
[HUAWEI-mpls] mpls te
Issue 04 (2014-07-30)
229
[HUAWEI-mpls] quit
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] tunnel-protocol mpls te
[HUAWEI-Tunnel1] destination 2.2.2.2
[HUAWEI-Tunnel1] mpls te tunnel-id 100
[HUAWEI-Tunnel1] mpls te bandwidth ct0 2000
[HUAWEI-Tunnel1] mpls te commit
Issue 04 (2014-07-30)
230
13
Issue 04 (2014-07-30)
231
Format
display bgp vpnv6 vpn6-instance vpn-instance-name brief
Parameters
Parameter
Description
Value
all
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After the display bgp vpnv6 brief command is used to display information about VPNv6
instances, the VPNv6 instances are displayed and arranged alphabetically by name.
Example
# Display brief information about VPNv6 and all IPv6 VPN instances.
<HUAWEI> display bgp vpnv6 vpn6-instance brief
VPN-Instance(IPv6family):
VPN-Instance Name
Num
vpna
Issue 04 (2014-07-30)
Peer Num
0
Route
0
232
Table 13-1 Description of the display bgp vpnv6 all brief command output
Item
Description
Peer Num
Number of peers.
Route Num
Number of routes.
VPN-Instance Name
Format
display bgp vpnv6 vpn6-instance vpn6-instance-namebrief
Parameters
Parameter
Description
Value
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
After the display bgp vpnv6 vpn6-instance brief command is used to display information about
VPNv6 instances, the VPNv6 instances are displayed and arranged alphabetically by name.
Example
# Display brief information about VPNv6 and all IPv6 VPN instances.
<HUAWEI> display bgp vpnv6 vpn6-instance vrf0 brief
VPN-Instance(IPv6-family):
VPN-Instance Name
Peer Num
vrf0
1
Issue 04 (2014-07-30)
Route Num
2
233
Table 13-2 Description of the display bgp vpnv6 all brief command output
Item
Description
Peer Num
Number of peers.
Route Num
Number of routes.
VPN-Instance Name
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ ipv6-address [ prefixlength ] ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table as-path-filter { as-pathfilter-number | as-path-filter-name }
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table community
[ community-number | aa:nn ] &<1-29> [ internet | no-advertise | no-export | no-exportsubconfed ] * [ whole-match ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table community-filter
{ { community-filter-name | basic-community-filter-number } [ whole-match ] | advancedcommunity-filter-number }
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table different-origin-as
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table regular-expression asregular-expression
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table peer ipv6-address
{ advertised-routes [ ipv6address [ prefix-length [ longer-prefixes ] ] ] | received-routes
[ active ] }
Parameters
Parameter
Description
Value
vpn6-instance
route-distinguisher routedistinguisher
Issue 04 (2014-07-30)
234
Parameter
Description
ipv6-address
prefix-length
as-path-filter as-path-filternumber
as-path-filter-name
community
community-number
aa:nn
internet
no-advertise
no-export
no-export-subconfed
whole-match
community-filter
community-filter-name
basic-community-filternumber
advanced-community-filternumber
Issue 04 (2014-07-30)
Value
235
Parameter
Description
Value
different-origin-as
regular-expression asregular-expression
peer ipv6-address
advertised-routes
longer-prefixes
received-routes
active
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Information about specified routes can be displayed by specifying different parameters.
Example
# Display the routes of an IPv6 address family-enabled VPN instance named vpn1 on the local
device.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number
*>i Network
NextHop
MED
Label
Path/Ogn
Issue 04 (2014-07-30)
of Routes: 2
: 2001::
: 2001::1
: 0
:
: 65410 ?
PrefixLen : 64
LocPrf
:
PrefVal
: 0
236
:
:
:
:
:
2002::
::FFFF:3.3.3.9
0
1037/NULL
?
# Display the BGP routes with a specified destination address of an IPv6 address family-enabled
VPN instance.
<HUAWEI> display bgp vpnv6 vpn6-instance vrf1 routing-table 2001::
BGP local router ID : 1.1.1.1
Local AS number : 100
Paths:
2 available, 1 best, 1 select
BGP routing table entry information of 2001::/64:
Imported route.
From: :: (0.0.0.0)
Route Duration: 1d03h46m24s
Direct Out-interface: Vlanif100
Original nexthop: ::
AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, best, select,
pre 0
Advertised to such 1 peers:
2001::1
BGP routing table entry information of 2001::/64:
From: 2001::1 (10.10.10.10)
Route Duration: 02h39m43s
Direct Out-interface: Vlanif100
Original nexthop: 2001::1
AS-path 65410, origin incomplete, MED 0, pref-val 0, external, pre 255
Not advertised to any peer yet
# Display all BGP VPNv6 routes whose AS_Path attribute contains 65420.
<HUAWEI> display bgp vpnv6 all routing-table as-path-filter 1
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*>
Network
NextHop
MED
Label
Path/Ogn
:
:
:
:
:
2001::
2001::1
0
NULL
65420 ?
PrefixLen : 64
LocPrf
:
PrefVal
: 0
VPN-Instance vpn1 :
Total Number
Network
NextHop
MED
Label
Path/Ogn
of Routes: 1
: 2001::
: 2001::1
: 0
:
: 65420 ?
PrefixLen : 64
LocPrf
:
PrefVal
: 0
# Display BGP4+ routes of the VPN instance named vpn1 whose AS path attribute contains
65420.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table as-path-filter 1
Issue 04 (2014-07-30)
237
VPN-Instance vpn1 :
Total Number
Network
NextHop
MED
Label
Path/Ogn
of Routes: 1
: 2001::
: 2001::1
: 0
:
: 65420 ?
PrefixLen : 64
LocPrf
:
PrefVal
: 0
# Display BGP4+ routes of the VPN instance named vpn1 and matching the BGP community
filter 1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table community-filter 1
whole-match
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn1 :
Total Number
Network
NextHop
MED
Label
*>i Network
NextHop
MED
Label
of Routes: 2
: 2001::
: 2001::1
: 0
:
: 2002::
: ::FFFF:3.3.3.9
: 0
: 1037/NULL
PrefixLen : 64
LocPrf
:
PrefVal
: 0
PrefixLen : 64
LocPrf
: 100
PrefVal
: 0
# Display all BGP4+ routes of the VPN instance named vpn1 and matching the AS regular
expression.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table regular-expression
^65420
VPN-Instance
Network
NextHop
MED
Label
Path/Ogn
vpn1 :
: 2001::
: 2001::1
: 0
:
: 65420 ?
PrefixLen : 64
LocPrf
:
PrefVal
: 0
# Display all BGP4+ routes of the VPN instance named vpn1 that are received from the peer at
2001::1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2001::1 receivedroutes
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
Issue 04 (2014-07-30)
238
Total Number
Network
NextHop
MED
Label
Path/Ogn
of Routes: 1
: 2001::
: 2001::1
: 0
:
: 65410 ?
PrefixLen : 64
LocPrf
:
PrefVal
: 0
Total Number
*>i Network
NextHop
MED
Label
Path/Ogn
of Routes: 1
: 2002::
: ::FFFF:3.3.3.9
: 0
: 1037/NULL
: ?
PrefixLen : 64
LocPrf
: 100
PrefVal
: 0
Table 13-3 Description of the display bgp vpnv6 vpn6-instance routing-table command output
Issue 04 (2014-07-30)
Item
Description
Network
PrefixLen
NextHop
LocPrf
MED
PrefVal
Label
Duration
Route duration.
Peer
Path/Ogn
239
Item
Description
Local AS Number
Local AS number.
From
Route Duration
Route duration.
Original nexthop
AS-path
AS_Path attribute.
Nil indicates that the attribute value is null.
origin
MED
MED of a route.
The MED is used to identify the optimal route for
the traffic entering an AS. The route with the
smallest MED is selected as the optimal route if the
other attributes of the routes are the same.
pref-val
Preferred value.
valid
external
best
select
Pre 255
240
Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics [ as-pathfilter { as-path-filter-number | as-path-filter-name } | different-origin-as ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics regularexpression as-regular-expression
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics community
[ community-number | aa:nn ] &<1-29> [ internet | no-advertise | no-export | no-exportsubconfed ] * [ whole-match ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics communityfilter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advancedcommunity-filter-number }
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table peer ipv6-address
{ advertised-routes | received-routes [ active ] } statistics
Parameters
Parameter
Description
Value
all
vpn6-instance-name
as-path-filter
as-path-filter-number
as-path-filter-name
community
community-number
aa:nn
internet
Issue 04 (2014-07-30)
241
Parameter
Description
Value
no-advertise
no-export
no-export-subconfed
whole-match
community-filter
community-filter-name
basic-community-filternumber
advanced-community-filternumber
different-origin-as
regular-expression asregular-expression
active
peer ipv6-address
advertised-routes
received-routes
Issue 04 (2014-07-30)
242
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None
Example
# Display statistics about the routes of an IPv6 address family-enabled VPN instance named
vpn1 on the local device.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table statistics
Total Number of Routes: 5
# Display statistics of BGP routes sent by the local device to peer 2000::1 of the IPv6 VPN
instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2000::1 receivedroutes statistics
Received routes total: 2
# Display statistics about the IPv6 routes sent by the local device to peer 2000::1 in a VPN
instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2000::1 advertisedroutes statistics
Advertised routes total: 2
Default originated : 0
Format
display ipv6 prefix-limit { all-vpn6-instance | vpn6-instance vpn-instance-name } statistics
Parameters
Parameter
Description
Value
all-vpn6-instance
Issue 04 (2014-07-30)
243
Parameter
Description
Value
vpn6-instance vpn-instance-name
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
You can run the display ipv6 prefix-limit statistics command to view the number of times that
a protocol re-adds or deletes routes according to the prefix limit of a specified IPv6 VPN instance.
Example
# Display the statistics of the prefix limits of all IPv6 VPN instances.
<HUAWEI> display ipv6 prefix-limit all-vpn6-instance statistics
------------------------------------------------------------------------------IPv6 VPN instance name: vrf1
DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT
0
0
0
0
0
STATIC
0
0
0
0
0
OSPFv3
11
3
1
0
5
IS-IS
106
0
1
0
5
RIPng
98
0
1
1
5
BGP
2
0
1
1
5
-----------------------------------------------------------------------------IPv6 VPN instance name: VPN123
DIRECT
STATIC
OSPFv3
IS-IS
RIPng
BGP
Table 13-4 Description of the display ipv6 prefix-limit statistics command output
Issue 04 (2014-07-30)
Item
Description
DenyAdd
TryAddInDelState
NotifyDelAll
NotifyDelFinish
244
Item
Description
NotifyAddRoute
Number of times that the RIB notifies the protocol of readding routes.
# Display the statistics of the prefix limit of the IPv6 VPN instance named vrf1.
<HUAWEI> display ipv6 prefix-limit vpn6-instance vrf1 statistics
------------------------------------------------------------------------------IPv6 VPN instance name: vrf1
DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT
0
0
0
0
0
STATIC
0
0
0
0
0
OSPFv3
11
3
1
0
5
IS-IS
106
0
1
0
5
RIPng
98
0
1
1
5
BGP
2
0
1
1
5
Format
display ipv6 routing-table limit { all-vpn6-instance | vpn6-instance vpn-instance-name }
Parameters
Parameter
Description
Value
all-vpn-instance
vpn-instance vpn-instance-name
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
None.
Issue 04 (2014-07-30)
245
Example
# Display limits on the numbers of routes and prefixes of all IPv6 VPN instances.
<HUAWEI> display ipv6 routing-table limit all-vpn-instance
Limit-Object
Limit-Type
Upper-Limit
Warning
Current
Log-Interval
---------------------------------------------------------------------------------IPv6 VPN Instance Name: VPN1
Route
Simply-Alert
5000
4223
5
Prefix
Alert-Percent 1000
800
760
5
---------------------------------------------------------------------------------IPv6 VPN Instance Name: VPN1234567890123456789123456789
Route
Alert-Percent 2000
1000
823
5
Prefix
Default
760
5
Table 13-5 Description of the display ipv6 routing-table limit command output
Item
Description
Limit-Object
Limit-Type
Upper-Limit
Warning
Current
Log-Interval
# Display limits on the numbers of routes and prefixes of the IPv6 VPN instance named vpn1.
<HUAWEI> display ipv6 routing-table limit vpn-instance vpn1
IPv6 VPN Instance Name: vpn1
Limit-Object
Limit-Type
Upper-Limit
Warning
Current
Route
Simply-Alert
5000
4223
Prefix
Alert-Percent
1000
800
760
Issue 04 (2014-07-30)
Log-Interval
5
5
246
Format
display ipv6 routing-table vpn6-instance vpn6-instance-name [ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name acl { acl6-number | acl6name } [ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address [ prefix-length ]
[ longer-match ] [ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address1 [ prefixlength1 ] ipv6-address2 prefix-length2 [ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-prefix ipv6-prefix-name
[ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name statistics
display ipv6 routing-table vpn6-instance vpn6-instance-name protocol protocol [ inactive |
verbose ]
Parameters
Parameter
Description
Value
vpn6-instance-name
verbose
acl
acl6-number
Issue 04 (2014-07-30)
247
Parameter
Description
Value
acl6-name
longer-match
ipv6-address
prefix-length
ipv6-address1 / ipv6address2
prefix-length1/prefix-length2 Specifies the length of the IPv6 The value is an integer that
address prefix.
ranges from 0 to 128.
ipv6-prefix ipv6-prefix-name Specifies the name of the IPv6 A string of 1 to 19 characters.
prefix list.
statistics
protocol
protocol
Issue 04 (2014-07-30)
248
Parameter
Description
Value
inactive
Views
All views
Default Level
1: Monitoring level
Usage Guidelines
Usage Scenario
The command output includes the destination address, prefix length, protocol type, preference,
cost, next hop, and outbound interface.
NOTE
An iterated route is counted as one route no matter how many outbound interfaces and next hops the route
finds.
This command without the parameter verbose displays the currently preferred routes only.
When using the display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address
prefix-length [ longer-match ] [ verbose ] command, you can select parameters in the command
as required.
l
If ipv6-address prefix-length is specified, the VPN routes that accurately match the
destination address are displayed.
For example, there are four routes in the routing table of the VPN instance named vpna,
2000::20/128, 2000::/100, 2000::/64, and 1000::/64.
l
If the display ipv6 routing-table vpn6-instance vpna 2000:: 64 command is used, only
2000::/64 is displayed.
If the display ipv6 routing-table vpn6-instance vpna 2000:: command is used, only
2000::/100 is displayed.
Precautions
If the specified ip-prefix ip-prefix-name does not exist, the command displays all of the currently
preferred routes.
Issue 04 (2014-07-30)
249
Example
# Display the summary of the routing table of the VPN instance named vpn1.
<HUAWEI> display ipv6 routing-table vpn6-instance vpn1
Routing Table : vpn1
Destinations : 1
Routes : 1
Destination
NextHop
Cost
RelayNextHop
Interface
:
:
:
:
:
7777:5:344::
3335::2
0
::
Vlanif10
PrefixLength
Preference
Protocol
TunnelID
Flags
:
:
:
:
:
48
255
BGP
0x0
D
Table 13-6 Description of the display ipv6 routing-table vpn6-instance command output
Item
Description
Destinations
Destination
Routes
PrefixLength
NextHop
Preference
Cost
Route cost.
Protocol
RelayNextHop
TunnelID
Tunnel ID.
The value 0x0 indicates that no tunnel is used or
the tunnel is not set up.
Interface
Flags
Route flags.
# Display detailed information about the route 200:0:1:2::1 of the VPN instance after the instance
is enabled with VPN FRR.
<HUAWEI> display ipv6 routing-table vpn6-instance vrf1 200:0:1:2::1 verbose
Routing Table : vrf1
Summary Count : 1
Destination
NextHop
Neighbour
Issue 04 (2014-07-30)
: 200:0:1:2::1
: ::FFFF:192.168.100.6
: ::192.168.100.6
PrefixLength : 128
Preference
: 255
ProcessID
: 0
250
13313
Active Adv Relied
14
1
low
0x0
::
NULL0
::FFFF:192.168.100.7
0x100c
:
:
:
:
:
BGP
0
0x80024904
0
393sec
TunnelID
Flags
BkLabel
: 0x100a
: RD
: 13313
Table 13-7 Description of the display ipv6 routing-table vpn6-instance verbose command output
Item
Description
Summary Count
Neighbour
ProcessID
Label
State
Route status:
l Active: indicates active routes.
l Invalid: indicates invalid routes.
l Inactive: indicates inactive routes.
l NoAdv: indicates the routes that cannot be
advertised.
l Adv: indicates the routes that can be advertised.
l Del: indicates the routes to be deleted.
l Relied: indicates the route that finds the next
hop and outbound interface or the route that
finds the tunnel during packet forwarding.
l Stale.: indicates the routes with the stale flag.
The routes are used in GR.
Issue 04 (2014-07-30)
Entry ID
EntryFlags
Refernce Cnt
Tag
Priority
Age
IndirectID
BkNextHop
251
Item
Description
BkLabel
Backup label.
BkPETunnelID
# Display the statistics of the routing table of the VPN instance named vpn1.
<HUAWEI> display ipv6 routing-table vpn6-instance vpn1 statistics
Summary prefixes: 6
Protocol
route
active
added
deleted
freed
DIRECT
4
4
4
0
0
STATIC
2
1
2
0
0
RIPng
0
0
0
0
0
OSPFv3
0
0
0
0
0
IS-IS
0
0
0
0
0
BGP
0
0
0
0
0
UNR
0
0
0
0
0
Total
6
5
6
0
0
Table 13-8 Description of the display ipv6 routing-table statistics command output
Item
Description
Summary prefixes
route
active
added
deleted
freed
# Display all the direct routes of the VPN instance named vpn1.
<HUAWEI> display ipv6 routing-table vpn6-instance vpn1 protocol direct
vpn1 Routing Table : Direct
Summary Count : 3
Direct Routing Table's Status : < Active >
Summary Count : 3
Issue 04 (2014-07-30)
Destination
NextHop
Cost
RelayNextHop
Interface
:
:
:
:
:
3335::
3335::1
0
::
Vlanif10
Destination
NextHop
: 3335::1
: ::1
Flags
PrefixLength
Preference
Protocol
TunnelID
: D
:
:
:
:
64
0
Direct
0x0
PrefixLength : 128
Preference
: 0
252
Flags
Destination : FE80::
NextHop
: ::
Cost
: 0
RelayNextHop : ::
Interface
: NULL0
Direct Routing Table's Status : < Inactive >
Summary Count : 0
Protocol
TunnelID
: D
: Direct
: 0x0
PrefixLength
Preference
Protocol
TunnelID
Flags
:
:
:
:
:
10
0
Direct
0x0
D
Table 13-9 Description of the display ipv6 routing-table vpn6-instance protocol command
output
Item
Description
Active
Active routes.
Inactive
Inactive routes.
Format
display ipv6 vpn6-instance [ brief | verbose ] [ vpn6-instance-name ]
Parameters
Parameter
Description
Value
brief
verbose
Displays detailed information about the IPv6 VPN instances and their
associated interfaces.
Views
All views
Default Level
1: Monitoring level
Issue 04 (2014-07-30)
253
Usage Guidelines
If a VPN instance is configured, you can check the configuration of the instance by using the
display ipv6 vpn6-instance command. You can also use this command to view the VPN
instances configured on the local device.
When no parameters are specified, the command displays brief information about all the
configured VPN instances.
Example
# View brief information about all the configured IPv6 VPN instances.
<HUAWEI> display ipv6 vpn6-instance
Total VPN-Instances configured
:
3
Total IPv4 VPN-Instances configured :
2
Total IPv6 VPN-Instances configured :
1
VPN-Instance Name
family
RD
Address-
vpn1
vpna
IPv4
vpna
IPv6
vpnb
100:1
100:3
100:2
IPv4
Issue 04 (2014-07-30)
Item
Description
VPN-Instance Name
RD
Creation Time
254
Item
Description
Address-family
VPN-Instance Name
family
RD
Address-
vpn1
vpna
IPv4
vpna
IPv6
vpnb
100:1
100:3
100:2
IPv4
Issue 04 (2014-07-30)
255
Issue 04 (2014-07-30)
Item
Description
Description
Service ID
Interfaces
Create date
Up time
Route Distinguisher
256
Item
Description
Label Policy
Label policy:
l label per instance: indicates that the same
label is allocated to routes of a VPN
instance. This field is displayed in the
command output only when the applylabel per-instance command is run in the
VPN instance view.
l label per route: indicates that each route
of a VPN instance is assigned a label.
Label allocation for routes of a VPN
instance is implemented in this mode.
Issue 04 (2014-07-30)
Per-Instance Label
Tunnel Policy
257
Item
Description
Install Mode
Log Interval
Issue 04 (2014-07-30)
258
13.9 link-alive
Function
The link-alive command enables the link-alive function on a GRE tunnel.
The undo link-alive command disables the link-alive function on a GRE tunnel.
By default, the link-alive function is disabled on a GRE tunnel.
Format
link-alive [ period period ] [ retry-times retry-times ]
undo link-alive
Parameters
Parameter
Description
Value
period
Views
Tunnel interface view
Default Level
2: Configuration level
Usage Guidelines
The link-alive function takes effect on a GRE tunnel immediately after you run the link-alive
command on the tunnel interface. After you run the undo link-alive command, the link-alive
function immediately becomes invalid. The source end of a GRE tunnel periodically sends linkalive packets. The tunnel-unreachable counter increases by 1 every time a link-alive packet is
sent. If the source end does not receive any response packet when the tunnel-unreachable counter
value reaches retry-times, the source end considers the remote end unreachable.
Example
# Enable the link-alive function on a GRE tunnel and retain the default parameter values.
<HUAWEI> system-view
[HUAWEI] interface tunnel 1
Issue 04 (2014-07-30)
259
# Enable the link-alive function on a GRE tunnel. Set the interval for sending link-alive packets
to 12 seconds and retain the default tunnel-unreachable counter value.
<HUAWEI> system-view
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] link-alive period 12
# Enable the link-alive function on a GRE tunnel. Set the interval for sending link-alive packets
to 12 seconds and the tunnel-unreachable counter to 4.
<HUAWEI> system-view
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] link-alive period 12 retry-times 4
Format
mpls l2vpn traffic-statistics capability enable
undo mpls l2vpn traffic-statistics capability
Parameters
None.
Views
System view
Default Level
2: Configuration level
Usage Guidelines
The traffic statistics function takes effect only on the VLLs created after you run the mpls l2vpn
traffic-statistics capability enable or mpls l2vpn traffic-statistics enable command.
Issue 04 (2014-07-30)
260
After you run the mpls l2vpn traffic-statistics capability enable command to enable VLL
traffic statistics, you can run the display traffic-statistics l2vpn interface command to view
the traffic statistics result.
Example
# Enable L2VPN traffic statistics.
<HUAWEI>system-view
[HUAWEI] mpls l2vpn traffic-statistics capability enable
Info: The modification can only take effect for newly created VC.
System Response
None.
Issue 04 (2014-07-30)
261