You are on page 1of 273

S2750&S5700&S6700 Series Ethernet Switches

V200R003(C00&C02&C10)

Compatible Commands Reference


Issue

04

Date

2014-07-30

HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2014. All rights reserved.


No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions


and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.


Address:

Huawei Industrial Base


Bantian, Longgang
Shenzhen 518129
People's Republic of China

Website:

http://enterprise.huawei.com

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

About This Document

About This Document

Intended Audience
This document is intended for:
l

Data configuration engineers

Commissioning engineers

Network monitoring engineers

System maintenance engineers

Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol

Description
Indicates an imminently hazardous situation
which, if not avoided, will result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in death or
serious injury.
Indicates a potentially hazardous situation
which, if not avoided, may result in minor or
moderate injury.
Indicates a potentially hazardous situation
which, if not avoided, could result in
equipment damage, data loss, performance
deterioration, or unanticipated results.
NOTICE is used to address practices not
related to personal injury.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

ii

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

About This Document

Symbol

Description
Calls attention to important information, best
practices and tips.

NOTE

NOTE is used to address information not


related to personal injury, equipment damage,
and environment deterioration.

Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention

Description

Boldface

The keywords of a command line are in boldface.

Italic

Command arguments are in italics.

[]

Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... }

Optional items are grouped in braces and separated by


vertical bars. One item is selected.

[ x | y | ... ]

Optional items are grouped in brackets and separated by


vertical bars. One item is selected or no item is selected.

{ x | y | ... }*

Optional items are grouped in braces and separated by


vertical bars. A minimum of one item or a maximum of all
items can be selected.

[ x | y | ... ]*

Optional items are grouped in brackets and separated by


vertical bars. Several items or no item can be selected.

&<1-n>

The parameter before the & sign can be repeated 1 to n times.

A line starting with the # sign is comments.

Interface Numbering Conventions


Interface numbers used in this manual are examples. In device configuration, use the existing
interface numbers on devices.

Security Conventions
l
Issue 04 (2014-07-30)

Password setting
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

iii

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

About This Document

When configuring a password in plain text, the password is saved in the configuration
file in plain text. The plain text has high security risks. The cipher text is recommended.
To ensure device security, change the password periodically.
When you configure a password in cipher text that starts and ends with %@%@ (the
password can be decrypted by the device), the password is displayed in the same manner
as the configured one in the configuration file. Do not use this setting.
l

Encryption algorithm
Currently, the device uses the following encryption algorithms: DES, AES, SHA-1, SHA-2,
and MD5. DES and AES are reversible, and SHA-1, SHA-2, and MD5 are irreversible.
The encryption algorithm depends on actual networking. If protocols are used for
interconnection, the locally stored password must be reversible. It is recommended that the
irreversible encryption algorithm be used for the administrator password.

Personal data
Some personal data may be obtained or used during operation or fault location of your
purchased products, services, features, so you have an obligation to make privacy policies
and take measures according to the applicable law of the country to protect personal data.

Mappings between Product Software Versions and NMS


Versions
The mappings between product software versions and NMS versions are as follows.
Product Software Version

eSight

V200R003C00

V200R003C01

V200R003C02

V200R003C10

V200R003C10

V200R005C00

Change History
Changes between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.

Changes in Issue 04 (2014-07-30) V200R003(C00&C02&C10)


Some contents are modified according to updates in the product.

Changes in Issue 03 (2014-03-12) V200R003(C00&C02&C10)


Some contents are modified according to updates in the product.

Changes in Issue 02 (2013-11-06) V200R003(C00&C02)


Some contents are modified according to updates in the product.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

iv

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

About This Document

Changes in Issue 01 (2013-09-29) V200R003C00


Initial commercial release.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Contents

Contents
About This Document.....................................................................................................................ii
1 Basic Configuration Compatible Commands..........................................................................1
1.1 set save-configuration backup-to-server server..............................................................................................................2
1.2 set save-configuration.....................................................................................................................................................3
1.3 super................................................................................................................................................................................4

2 Ethernet Compatible Commands...............................................................................................6


2.1 Link Aggregation Compatible Commands ....................................................................................................................7
2.1.1 load-balance.................................................................................................................................................................7
2.1.2 service-type tunnel.......................................................................................................................................................9
2.1.3 l2 field dport..............................................................................................................................................................10
2.1.4 ipv4 field dport..........................................................................................................................................................11
2.1.5 ipv6 field dport..........................................................................................................................................................12
2.1.6 mpls field dport..........................................................................................................................................................13
2.2 MAC Compatible Commands .....................................................................................................................................13
2.2.1 mac-address blackhole(interface view).....................................................................................................................14
2.2.2 mac-address static......................................................................................................................................................15
2.2.3 port-security mac-address sticky enable....................................................................................................................17
2.2.4 port-security maximum..............................................................................................................................................18
2.3 VLAN Compatible Commands ...................................................................................................................................19
2.3.1 port mux-vlan enable.................................................................................................................................................19
2.3.2 port vlan-stacking......................................................................................................................................................20
2.4 L2PT Compatible Commands .....................................................................................................................................22
2.4.1 bpdu-tunnel enable....................................................................................................................................................22
2.4.2 bpdu-tunnel vlan........................................................................................................................................................23
2.5 STP Compatible Commands .......................................................................................................................................24
2.5.1 bpdu filter..................................................................................................................................................................25
2.5.2 stp-snooping enable...................................................................................................................................................26

3 Interface Compatible Commands............................................................................................28


3.1 Ethernet Interface Compatible Commands...................................................................................................................29
3.1.1 port-down holdoff-timer............................................................................................................................................29
3.1.2 port media type..........................................................................................................................................................30
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

vi

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Contents

3.1.3 display ifnet controller-tree.......................................................................................................................................31

4 IP Service Compatible Commands..........................................................................................34


4.1 DHCP Upgrade-compatible Commands......................................................................................................................35
4.1.1 expired.......................................................................................................................................................................35
4.1.2 dhcp server expired....................................................................................................................................................36
4.1.3 dhcp server forbidden-ip............................................................................................................................................38
4.1.4 dhcp server ip-pool....................................................................................................................................................39
4.1.5 dns-suffix...................................................................................................................................................................40
4.1.6 ip relay address .........................................................................................................................................................41
4.1.7 lease...........................................................................................................................................................................43
4.1.8 policy-vlan dhcp-generic...........................................................................................................................................44
4.1.9 policy-vlan dhcp-mac................................................................................................................................................45
4.1.10 policy-vlan dhcp-port..............................................................................................................................................47

5 IP Routing Compatible Commands.........................................................................................50


5.1 display bgp group.........................................................................................................................................................51
5.2 display bgp network......................................................................................................................................................52
5.3 display bgp paths..........................................................................................................................................................53
5.4 display bgp peer............................................................................................................................................................54
5.5 display bgp routing-table dampened.............................................................................................................................55
5.6 display bgp routing-table dampening parameter..........................................................................................................56
5.7 display bgp routing-table flap-info...............................................................................................................................56
5.8 display bgp routing-table label.....................................................................................................................................58
5.9 display bgp update-peer-group.....................................................................................................................................59
5.10 display ipv6 nexthop-indirection................................................................................................................................59
5.11 display ipv6 routing-table { all-vpn6-instance | vpn6-instance } statistics................................................................60
5.12 display ipv6 routing-table time-range.........................................................................................................................62
5.13 display rm ipv6 interface............................................................................................................................................64
5.14 ipv6 route-static vpn6-instance...................................................................................................................................65
5.15 ipv6-family vpn6-instance..........................................................................................................................................68
5.16 isis vpn6-instance.......................................................................................................................................................69
5.17 reset ipv6 routing-table statistics protocol..................................................................................................................70

6 IP Multicast Compatible Commands......................................................................................72


6.1 IGMP Snooping Compatible Commands.....................................................................................................................73
6.1.1 display igmp-proxy....................................................................................................................................................73
6.1.2 display igmp-proxy configuration.............................................................................................................................75
6.1.3 display igmp-proxy port-info.....................................................................................................................................76
6.1.4 display igmp-proxy router-port.................................................................................................................................78
6.1.5 igmp-proxy enable.....................................................................................................................................................79
6.1.6 igmp-proxy group-limit.............................................................................................................................................80
6.1.7 igmp-proxy group-policy (interface view)................................................................................................................81
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

vii

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Contents

6.1.8 igmp-proxy group-policy (VLAN view)...................................................................................................................83


6.1.9 igmp-proxy lastmember-queryinterval......................................................................................................................84
6.1.10 igmp-proxy max-response-time...............................................................................................................................85
6.1.11 igmp-proxy prompt-leave........................................................................................................................................86
6.1.12 igmp-proxy query-interval.......................................................................................................................................88
6.1.13 igmp-proxy require-router-alert...............................................................................................................................89
6.1.14 igmp-proxy robust-count.........................................................................................................................................90
6.1.15 igmp-proxy router-aging-time.................................................................................................................................91
6.1.16 igmp-proxy send-query enable................................................................................................................................92
6.1.17 igmp-proxy send-query source-address...................................................................................................................93
6.1.18 igmp-proxy ssm-policy............................................................................................................................................94
6.1.19 igmp-proxy static-group..........................................................................................................................................95
6.1.20 igmp-proxy static-router-port..................................................................................................................................96
6.1.21 igmp-proxy table limit.............................................................................................................................................97
6.1.22 igmp-proxy version..................................................................................................................................................98
6.1.23 igmp-snooping group-policy (interface view).........................................................................................................99
6.1.24 igmp-snooping group-policy (VLAN view)..........................................................................................................100
6.1.25 igmp-snooping proxy enable.................................................................................................................................101
6.1.26 igmp-snooping ssm-policy....................................................................................................................................102
6.1.27 igmp-snooping static-group...................................................................................................................................103
6.1.28 igmp-snooping suppression-time...........................................................................................................................104
6.1.29 igmp-snooping table limit......................................................................................................................................105
6.1.30 multicast-source-deny interface.............................................................................................................................106
6.1.31 reset igmp-proxy group.........................................................................................................................................107
6.1.32 undo igmp-proxy router-learning..........................................................................................................................108
6.1.33 undo igmp-proxy send-router-alert........................................................................................................................109
6.2 MLD Snooping Compatible Commands....................................................................................................................110
6.2.1 mld-snooping group-policy (interface view)...........................................................................................................110
6.2.2 mld-snooping group-policy (VLAN view)..............................................................................................................112
6.3 Multicast VLAN Compatible Commands..................................................................................................................113
6.3.1 multicast user-vlan...................................................................................................................................................113

7 QoS compatible command.......................................................................................................115


7.1 cpu queue bpdu...........................................................................................................................................................116
7.2 port queue statistics enable.........................................................................................................................................117
7.3 qos drr (scheduling template view)............................................................................................................................118
7.4 qos local-precedence-queue-map................................................................................................................................119
7.5 qos queue....................................................................................................................................................................121
7.6 qos queue max-buffer.................................................................................................................................................123
7.7 qos queue max-length (tail drop template view)........................................................................................................124
7.8 qos queue statistics enable..........................................................................................................................................126
7.9 qos sred.......................................................................................................................................................................128
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

viii

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Contents

7.10 qos wrr (scheduling template view)..........................................................................................................................129

8 Security Compatible Commands............................................................................................132


8.1 AAA Compatible Commands.....................................................................................................................................133
8.1.1 adminuser-priority...................................................................................................................................................133
8.1.2 local-user level.........................................................................................................................................................133
8.1.3 local-user password old-password...........................................................................................................................134
8.1.4 radius-server test-user detect interval......................................................................................................................136
8.2 DHCP Snooping Compatible Commands..................................................................................................................137
8.2.1 dhcp option82 format...............................................................................................................................................137
8.2.2 dhcp snooping bind-table.........................................................................................................................................138
8.2.3 dhcp snooping information circuit-id......................................................................................................................139
8.2.4 dhcp snooping information remote-id.....................................................................................................................140
8.2.5 dhcp snooping information format..........................................................................................................................141
8.2.6 dhcp snooping check dhcp-rate enable....................................................................................................................142
8.2.7 dhcp snooping global max-user-number.................................................................................................................143
8.2.8 dhcp snooping sticky-mac.......................................................................................................................................144
8.2.9 dhcp snooping trust..................................................................................................................................................146
8.3 NAC Compatible Commands.....................................................................................................................................147
8.3.1 mac-authen username fixed password.....................................................................................................................147
8.3.2 web-auth-server (system view)................................................................................................................................148
8.4 Local Attack Defense Compatible Commands..........................................................................................................150
8.4.1 blacklist....................................................................................................................................................................150
8.4.2 car............................................................................................................................................................................151
8.4.3 car cpu-port..............................................................................................................................................................152
8.4.4 cpu-defend linkup-car bgp enable...........................................................................................................................153
8.4.5 deny.........................................................................................................................................................................153
8.5 IP Source Guard Compatible Commands...................................................................................................................154
8.5.1 ip anti-attack source-ip equals destinetion-ip drop..................................................................................................154
8.5.2 ip source check........................................................................................................................................................156
8.6 URPF Compatible Commands...................................................................................................................................156
8.6.1 ip urpf......................................................................................................................................................................156
8.7 Traffic Suppression Compatible Commands..............................................................................................................158
8.7.1 broadcast-suppression..............................................................................................................................................158
8.7.2 multicast-suppression..............................................................................................................................................159
8.7.3 unicast-suppression..................................................................................................................................................160
8.8 ACL Compatible Commands.....................................................................................................................................161
8.8.1 acl ipv6....................................................................................................................................................................161
8.8.2 acl (system view).....................................................................................................................................................163
8.8.3 rule (ACL6).............................................................................................................................................................164

9 Reliability Compatible Commands.......................................................................................168


9.1 Smart Link Compatible Commands...........................................................................................................................169
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

ix

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Contents

9.1.1 load-balance reference-instance...............................................................................................................................169


9.2 Ethernet OAM Compatible Commands.....................................................................................................................170
9.2.1 efm trigger if-net......................................................................................................................................................170
9.2.2 error-shutdown auto-recovery cause efm-threshold-event......................................................................................171
9.2.3 error-shutdown auto-recovery interval....................................................................................................................172

10 Device Management Compatible Commands...................................................................174


10.1 vrbd...........................................................................................................................................................................176
10.2 _shell.........................................................................................................................................................................177
10.3 backup elabel............................................................................................................................................................178
10.4 cpu-usage threshold..................................................................................................................................................179
10.5 display autosave config............................................................................................................................................180
10.6 display environment.................................................................................................................................................181
10.7 display elabel unit.....................................................................................................................................................183
10.8 display fault-management.........................................................................................................................................186
10.9 display fault-management alarm information...........................................................................................................187
10.10 display reboot-info..................................................................................................................................................188
10.11 fault-management alarm.........................................................................................................................................190
10.12 reset reboot-info......................................................................................................................................................192
10.13 display alarm urgent...............................................................................................................................................193
10.14 reset alarm urgent...................................................................................................................................................194
10.15 temperature threshold unit......................................................................................................................................195
10.16 port-mirroring to observe-port................................................................................................................................196
10.17 poe power...............................................................................................................................................................198
10.18 port-mirroring.........................................................................................................................................................199
10.19 reset fault-management...........................................................................................................................................200

11 Network Management Compatible Commands...............................................................202


11.1 Ping and Tracert Compatible Commands.................................................................................................................203
11.1.1 ping ipv6................................................................................................................................................................203
11.1.2 tracert ipv6.............................................................................................................................................................208
11.2 NTP Compatible Commands....................................................................................................................................213
11.2.1 ntp-service authentication-keyid............................................................................................................................213
11.3 SNMP Compatible Commands................................................................................................................................215
11.3.1 snmp-agent usm-user.............................................................................................................................................215

12 MPLS compatible command.................................................................................................220


12.1 explicit-path..............................................................................................................................................................221
12.2 mpls te bypass-tunnel bandwidth.............................................................................................................................222
12.3 snmp-agent trap enable feature-name ldp.................................................................................................................223
12.4 static-cr-lsp ingress bandwidth.................................................................................................................................224
12.5 static-cr-lsp transit bandwidth..................................................................................................................................225
12.6 bandwidth (LSP attribute view)................................................................................................................................227
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Contents

12.7 mpls te bandwidth.....................................................................................................................................................228

13 VPN compatible command....................................................................................................231


13.1 display bgp vpnv6 brief............................................................................................................................................232
13.2 display bgp vpnv6 vpn6-instance brief.....................................................................................................................233
13.3 display bgp vpnv6 vpn6-instance routing-table........................................................................................................234
13.4 display bgp vpnv6 vpn6-instance routing-table statistics.........................................................................................240
13.5 display ipv6 prefix-limit statistics............................................................................................................................243
13.6 display ipv6 routing-table limit................................................................................................................................245
13.7 display ipv6 routing-table vpn6-instance.................................................................................................................247
13.8 display ipv6 vpn6-instance.......................................................................................................................................253
13.9 link-alive...................................................................................................................................................................259
13.10 mpls l2vpn traffic-statistics capability enable........................................................................................................260

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

xi

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

1 Basic Configuration Compatible Commands

Basic Configuration Compatible Commands

About This Chapter


1.1 set save-configuration backup-to-server server
1.2 set save-configuration
1.3 super

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

1 Basic Configuration Compatible Commands

1.1 set save-configuration backup-to-server server


Function
The set save-configuration backup-to-server server command specifies the server where the
system periodically saves the configuration file.
By default, the system does not periodically save configurations to the server.

Format
set save-configuration backup-to-server server server-ip [ transport-type { ftp | sftp } ]
path folder user user-name password password

Parameters
Parameter

Description

server server-ip

Specifies the IP address of the server where the system periodically saves
the configuration file.

transport-type

Specifies the mode in which the


configuration file is transmitted to
the server.

The value can be ftp or sftp.

user user-name

Specifies the name of the user who


saves the configuration file on the
server.

The value is a string of 1 to 64


case-sensitive characters without
spaces.

password password Specifies the password of the user


who saves the configuration file on
the server.

The value is a string of 1 to 16 or


32 case-sensitive characters
without spaces.

path folder

Value

Specifies the relative save path on the The value is a string of 1 to 64


server.
case-sensitive characters without
spaces.

Views
System view

Default Level
3: Management level

Usage Guidelines
Usage Scenario
Run this command to periodically save the configuration file to the server.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

1 Basic Configuration Compatible Commands

Precautions
If the mode in which the configuration file is transmitted to the server is not specified, FTP is
used.
If the specified path on the server does not exist, configuration files cannot be sent to the server.
The system then sends an alarm message indicating the transmission failure to the NMS, and
the transmission failure is recorded as a log message on the device.
The user name and password must be the same as those used in FTP or SFTP login mode.

Example
# Specify the server to which the system periodically sends the configuration file, and set the
transmission mode to SFTP.
<HUAWEI> system-view
[HUAWEI] set save-configuration backup-to-server server 1.1.1.1 transport-type
sftp path d:/ftp user huawei password huawei

1.2 set save-configuration


Function
Using the set save-configuration command, you can enable automatic saving of configurations.
Using the undo set save-configuration command, you can disable automatic saving of
configurations.
By default, automatic saving of configurations is not enabled.

Format
set save-configuration nochange-time nochange-time
undo set save-configuration nochange-time [ nochange-time ]

Parameters
Parameter

Description

Value

nochange-time nochangetime

Specifies a period and configures


the system to automatically save
configurations if no
configurations are changed over
the specified period.

The value is an integer


ranging from 30 to 43200,
in minutes. The default
value is 30.

Views
System view
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

1 Basic Configuration Compatible Commands

Default Level
3: Management level

Usage Guidelines
If nochange-time nochange-time is specified in the command, the system automatically saves
configurations if no configuration changes in the period specified by nochange-time.
If the interval from the time of the last configuration to the current time is shorter than the set
interval, the system cancels the current automatic saving operation.

Example
# Configure the system to automatically save configurations at 60-minute intervals if no
configuration changes in the period.
<HUAWEI> system-view
[HUAWEI] set save-configuration nochange-time 60

1.3 super
Function
The super command changes the level of a user.

Format
super [ level ]

Parameters
Parameter Description
level

Value

Specifies the user level. The value is an integer that ranges from 0 to 15. The
default user level is 3.

Views
User view

Default Level
0: Visit level

Usage Guidelines
Usage Scenario
To prevent illegal intrusion of unauthorized users, when a user switches to a higher user level,
the system authenticates the user identity by requiring the user to input the password for the
higher user level. If the user inputs an incorrect password, the login fails.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

1 Basic Configuration Compatible Commands

NOTE

The device supports this command only when the super password command is configured in the history
version and the device has upgraded to the current version.

Precautions
Users are assigned one of 16 levels, and these levels correspond to command levels. After logging
in to the system, users can use only the commands whose levels are equal to or lower than their
user levels.
The password that the user enters is not displayed. If the user inputs the correct password within
three times, the user switches to the higher user level. If the password is incorrect, the user level
remains unchanged.

Example
# Switch users to level 3.
<HUAWEI> super 3
Password:
Now user privilege is 3 level, and only those commands whose level is equal to or
less than this level can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Ethernet Compatible Commands

About This Chapter


2.1 Link Aggregation Compatible Commands
2.2 MAC Compatible Commands
2.3 VLAN Compatible Commands
2.4 L2PT Compatible Commands
2.5 STP Compatible Commands

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

2.1 Link Aggregation Compatible Commands


2.1.1 load-balance
Function
Using the load-balance command, you can set the load balancing mode of an Eth-Trunk.

Format
load-balance { dip | dmac | sip | smac | sipxordip | smacxordmac }

Parameters
Parameter

Description

Value

dip

Indicates load balancing


based on the destination IP
addresses.

dmac

Indicates load balancing


based on the destination
MAC addresses.

sip

Indicates load balancing


based on the source IP
addresses.

smac

Indicates load balancing


based on the source MAC
addresses.

sipxordip

Indicates load balancing


based on the Exclusive-OR
result of the source and
destination IP addresses.

smacxordmac

Indicates load balancing


based on the Exclusive-OR
result of the source and
destination MAC addresses.

Views
Eth-Trunk interface view

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Default Level
2: Configuration level

Usage Guidelines
To ensure proper load balancing between the physical links of an Eth-Trunk interface and avoid
link congestion, you can use the load-balance command to set the load balancing mode of the
Eth-Trunk interface.
Load balancing is valid only for the outbound traffic; therefore, the load balancing modes for
the interfaces at both ends of the link can be different and do not affect each other.
If you run the load-balance command repeatedly, only the latest configuration takes effect.
You can set the load balancing mode according to the actual situation of the network. When a
parameter of traffic changes frequently, you can set the load balancing mode based on this
parameter to ensure that the traffic is load balanced evenly.
The device supports the following load balancing modes:
l

dip: load balancing based on the destination IP address. In this mode, the system obtains
the specified three bits from each of the destination IP address and the TCP or UDP port
number in outgoing packets to perform the Exclusive-OR calculation, and then selects the
outgoing interface from the Eth-Trunk table according to the calculation result.

dmac: load balancing based on the destination MAC address. In this mode, the system
obtains the specified three bits from each of the destination MAC address, VLAN ID,
Ethernet type, and incoming interface information to perform the Exclusive-OR
calculation, and then selects the outgoing interface from the Eth-Trunk table according to
the calculation result.

sip: load balancing based on the source IP address. In this mode, the system obtains the
specified three bits from each of the source IP address and the TCP or UDP port number
in incoming packets to perform the Exclusive-OR calculation, and then selects the outgoing
interface from the Eth-Trunk table according to the calculation result.

smac: load balancing based on the source MAC address. In this mode, the system obtains
the specified three bits from each of the source MAC address, VLAN ID, Ethernet type,
and incoming interface information to perform the Exclusive-OR calculation, and then
selects the outgoing interface from the Eth-Trunk table according to the calculation result.

sipxordip: load balancing based on the Exclusive-OR result of the source IP address and
destination IP address. In this mode, the system performs the Exclusive-OR calculation
between the Exclusive-OR results of the dip and sip modes, and then selects the outgoing
interface from the Eth-Trunk table according to the calculation result.

smacxordmac: load balancing based on the Exclusive-OR result of the source MAC address
and destination MAC address. In this mode, the system obtains three bits from each of the
source MAC address, destination MAC address, VLAN ID, Ethernet type, and incoming
interface information to perform the Exclusive-OR calculation, and then selects the
outgoing interface from the Eth-Trunk table according to the calculation result.

Example
# Set the load balancing mode of Eth-Trunk 1 to dmac.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

<HUAWEI> system-view
[HUAWEI] interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1] load-balance dmac

2.1.2 service-type tunnel


Function
Using the service-type tunnel command, you can enable the service loopback function on an
Eth-Trunk interface to loop back service packets over tunnels.
Using the undo service-type tunnel command, you can disable the service loopback function
on an Eth-Trunk interface.
By default, the service loopback function is not enabled on an Eth-Trunk interface.
NOTE

S2750, S5700LI and S5700S-LI do not support this command.

Format
service-type tunnel
undo service-type tunnel

Parameters
None

Views
Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
An IPv6 packet is encapsulated in an IPv4 packet header by a device, and then is forwarded by
the device according to the IPv4 routing table.
NOTE

After being configured as a service loopback interface, an Eth-Trunk interface can be used only to loop
back service packets over tunnels.
A device can be configured with only one service loopback interface.

Example
# Configure Eth-Trunk 0 as a service loopback interface.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk 0
[HUAWEI-Eth-Trunk0] service-type tunnel

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

2.1.3 l2 field dport


Function
The l2 field dport command sets the load balancing mode of Layer 2 packets to dport in a load
balancing profile.
The undo l2 field dport command deletes the load balancing mode of Layer 2 packets or restores
the default load balancing mode of Layer 2 packets.
Product

Support

S5700

Only the S5700HI, S5710HI, and S5710EI


support this configuration.

S6700

Not supported

Format
l2 field dport
undo l2 field dport

Parameters
None

Views
Load balancing profile view

Default Level
2: Configuration level

Usage Guidelines
None

Example
# In the enhanced load balancing mode profile a, set the load balancing mode of Layer 2 packets
to dport.
<HUAWEI> system-view
[HUAWEI] load-balance-profile a
[HUAWEI-load-balance-profile-a] l2 field dport

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

10

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

2.1.4 ipv4 field dport


Function
The ipv4 field dport command sets the load balancing mode of IPv4 packets to dportin a load
balancing profile.
The undo ipv4 field dport command deletes the load balancing mode of IPv4 packets or restores
the default load balancing mode of IPv4 packets.
Product

Support

S5700

Only the S5700HI, S5710HI, and S5710EI


support the ipv4 field command.

S6700

Not supported

Format
ipv4 field dport
undo ipv4 field dport

Parameters
None

Views
Load balancing profile view

Default Level
2: Configuration level

Usage Guidelines
None.

Example
# In the load balancing profile a, set the load balancing mode of IPv4 packets to dport.
<HUAWEI> system-view
[HUAWEI] load-balance-profile a
[HUAWEI-load-balance-profile-a] ipv4 field dport

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

11

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

2.1.5 ipv6 field dport


Function
The ipv6 field dport command sets the load balancing mode of IPv6 packets to dport in a load
balancing profile.
The undo ipv6 field dport command deletes the load balancing mode of IPv6 packets or restores
the default load balancing mode of IPv6 packets.
Product

Support

S5700

Only the S5700HI, S5710HI, and S5710EI


support the ipv6 field command.

S6700

Not supported

Format
ipv6 field dport
undo ipv6 field dport

Parameters
None

Views
Load balancing profile view

Default Level
2: Configuration level

Usage Guidelines
None

Example
# In the load balancing profile a, set the load balancing mode of IPv6 packets to dport.
<HUAWEI> system-view
[HUAWEI] load-balance-profile a
[HUAWEI-load-balance-profile-a] ipv6 field dport

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

12

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

2.1.6 mpls field dport


Function
The mpls field dport sets the load balancing mode of MPLS packets to dport in a load balancing
profile.
The undo mpls field dport command deletes the load balancing mode of MPLS packets or
restores the default load balancing mode of MPLS packets.
Product

Support

S5700

Only the S5700HI, S5710HI, and S5710EI


support the mpls field command.

S6700

Not supported

Format
mpls field dport
undo mpls field dport

Parameters
None

Views
Load balancing profile view

Default Level
2: Configuration level

Usage Guidelines
None

Example
# In the load balancing profile a, set the load balancing mode of MPLS packets to dport.
<HUAWEI> system-view
[HUAWEI] load-balance-profile a
[HUAWEI-load-balance-profile-a] mpls field dport

2.2 MAC Compatible Commands


Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

13

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

2.2.1 mac-address blackhole(interface view)


Function
Using the mac-address blackhole command, you can add a blackhole MAC address entry.

Format
mac-address blackhole mac-address [ interface-type interface-number ] vlan vlan-id1 [ cevlan vlan-id2 ]

Parameters
Parameter

Description

Value

blackhole

Indicates blackhole MAC


address entries. If the source
or destination MAC address
of a packet is a blackhole
MAC address, the device
discards the packet.

mac-address

Specifies the destination


MAC address in a MAC
address entry.

The value is in H-H-H format.


H is a hexadecimal number of
1 to 4 digits.

interface-type interfacenumber

Specifies the outbound


interface in a MAC address
entry.

l interface-type specifies
the type of the outbound
interface.
l interface-number
specifies the number of
the outbound interface.
vlan vlan-id1

Specifies the VLAN ID in


the outer VLAN tag.

The value is an integer that


ranges from 1 to 4094.

Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

14

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Blackhole MAC address entries that are manually configured. A data frame is discarded if the
source or destination MAC address matches a blackhole MAC address entry.
Functions of static and blackhole MAC address entries are: Blackhole MAC address entries
prevent untrusted devices from attacking the device.
Precautions
If you configure a blackhole MAC address entry when the MAC table is full, the device processes
the MAC address entry as follows:
l

If a dynamic MAC address entry with the same MAC address exists in the MAC address
table, the device replaces the dynamic MAC address entry with the configured entry.

If no dynamic MAC address entry with the same MAC address exists in the MAC address
table, the MAC address entries cannot be added to the MAC address table.

Example
# Configure a blackhole MAC address entry to discard the Ethernet frames whose destination
MAC address is 0004-0004-0004 and VLAN ID is VLAN 5.
<HUAWEI> system-view
[HUAWEI] interface GigabitEthernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] mac-address blackhole 4-4-4 vlan 5

2.2.2 mac-address static


Function
Using the mac-address static command, you can add a static MAC address entry .

Format
mac-address static mac-address interface-type interface-number vlan vlan-id1

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

static

Indicates static MAC


address entries, that is,
MAC address entries
configured manually.

mac-address

Specifies the destination


MAC address in a MAC
address entry.

The value is in H-H-H format.


H is a hexadecimal number of
1 to 4 digits.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

15

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Parameter

Description

Value

interface-type interfacenumber

Specifies the outbound


interface in a MAC address
entry.

l interface-type specifies
the type of the outbound
interface.
l interface-number
specifies the number of
the outbound interface.
vlan vlan-id1

Specifies the VLAN ID in


the outer VLAN tag.

The value is an integer that


ranges from 1 to 4094.

Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
Static MAC address entries that are manually configured. They take precedence over dynamic
MAC address entries.
Functions of static MAC address entries are: Static MAC address entries prevent bogus packets
with trusted device MAC addresses sent from attackers and guarantee communication between
the device and the upstream device or server.
Configuration Impact
You can configure multiple static MAC address entries by running the mac-address command
multiple times.
Precautions
If you configure a static MAC address entry when the MAC table is full, the device processes
the MAC address entry as follows:
l

If a dynamic MAC address entry with the same MAC address exists in the MAC address
table, the device replaces the dynamic MAC address entry with the configured entry.

If no dynamic MAC address entry with the same MAC address exists in the MAC address
table, the MAC address entries cannot be added to the MAC address table.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

16

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Example
# Add a static MAC address entry to the MAC address table. The destination MAC address is
0003-0003-0003. The outbound interface is GigabitEthernet0/0/1, which belongs to VLAN 4.
<HUAWEI> system-view
[HUAWEI] mac-address static 3-3-3 GigabitEthernet 0/0/1 vlan 4

2.2.3 port-security mac-address sticky enable


Function
Using the port-security mac-address sticky enable, you can enable the sticky MAC function
on an interface.
Using the undo port-security mac-address sticky enable, you can disable the sticky MAC
function on an interface.
By default, the sticky MAC function is disabled on an interface.

Format
port-security mac-address sticky enable
undo port-security mac-address sticky enable

Parameters
None

Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
After port security is enabled on an interface, MAC address entries learned by the interface are
saved in the MAC address table as secure dynamic MAC address entries.
After the sticky MAC function is enabled on an interface, the dynamic MAC addresses learned
by the interface change to sticky MAC addresses. If the number of sticky MAC addresses does
not reach the limit, the MAC addresses learned subsequently change to sticky MAC addresses.
When the number of sticky MAC addresses reaches the limit, packets whose source MAC
addresses do not match sticky MAC address entries are discarded. In addition, the system
determines whether to send a trap message or shut down the interface according to the configured
security protection action.
Prerequisites
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

17

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Port security has been enabled by using the port-security enable command on the interface.

Example
# Enable the sticky MAC function on GigabitEthernet0/0/1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-security enable
[HUAWEI-GigabitEthernet0/0/1] port-security mac-address sticky enable

2.2.4 port-security maximum


Function
The port-security maximum command sets the maximum number of MAC addresses that can
be learned on an interface.

Format
port-security maximum max-number

Parameters
Parameter

Description

max-number

Specifies the maximum


number of MAC addresses
that can be learned by an
interface.

Value

Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
After enabling port security on an interface, you can run the port-security maximum command
to limit the number of MAC addresses that the interface can learn.
Prerequisites
Port security has been enabled by using the port-security enable command on the interface.
Configuration Impact
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

18

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

If you run the port-security maximum command multiple times in the same interface view,
only the latest configuration takes effect.
Precautions
If the sticky MAC function is disabled, max-number limits the number of secure dynamic MAC
addresses learned by the interface.
If the sticky MAC function is enabled, max-number limits the number of sticky MAC addresses
learned by the interface.

Example
# Set the maximum number of MAC addresses that can be learned by GigabitEthernet0/0/1 to
5.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-security enable
[HUAWEI-GigabitEthernet0/0/1] port-security maximum 5

2.3 VLAN Compatible Commands


2.3.1 port mux-vlan enable
Function
The port mux-vlan enable command enables the MUX VLAN function on an interface.
The undo port mux-vlan enable command disables the MUX VLAN function on an interface.
By default, the MUX VLAN function is disabled on an interface.

Format
port mux-vlan enable
undo port mux-vlan enable

Parameters
None

Views
GE interface view, XGE interface view, 40GE interface view, Eth-Trunk interface view, port
group view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

19

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Usage Guidelines
Usage Scenario
The MUX VLAN function isolates Layer 2 traffic between interfaces in a VLAN. This function
involves a MUX VLAN and several subordinate VLANs. Subordinate VLANs are classified
into subordinate group VLANs and subordinate separate VLANs. Subordinate VLANs can
communicate with the principal VLAN but cannot communicate with each other. Interfaces in
a subordinate group VLAN can communicate with each other, and interfaces in a subordinate
separate VLAN are isolated from each other.
The MUX VLAN function takes effect only after it is enabled on an interface.
Prerequisites
Before enable MUX VLAN function, complete the following task:
l

The port has been added to a principal or subordinate VLAN as an access, hybrid, or trunk
interface.

The port has been added to only a VLAN. If the port has been added to multiple VLANs,
the MUX VLAN function cannot be enabled on this port.

The port has been added to a principal or subordinate VLAN in untagged mode as an access
or hybrid interface.

Precautions
Disabling MAC address learning or limiting the number of learned MAC addresses on an
interface affects the MUX VLAN function on the interface.
The MUX VLAN and port security functions conflict on an interface. That is, the port-security
enable and port mux-vlan enable commands cannot be used on the same interface.
The MUX VLAN and MAC address authentication conflict on an interface; therefore, the port
mux-vlan enable and mac-authen command cannot be used on the same interface.
The MUX VLAN and 802.1x authentication conflict on an interface; therefore, the port muxvlan enable and dot1x enable command cannot be used on the same interface.

Example
# Enable the MUX VLAN function on GE0/0/1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port mux-vlan enable

2.3.2 port vlan-stacking


Function
The port vlan-stacking command enables selective QinQ.

Format
port vlan-stacking vlan vlan-id1 [ to vlan-id2 ] push vlan vlan-id3 { remark-8021p 8021pvalue | priority-inherit }
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

20

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Parameters
Parameter

Description

Value

vlan vlan-id1 [ to vlan-id2 ]

Specifies a range of customer


VLAN (C-VLAN) IDs.

The value of vlan-id1 is an


integer that ranges from 1 to
4094.

l vlan-id1 specifies the start


C-VLAN ID.
l to vlan-id2 specifies the
last C-VLAN ID. The
value of vlan-id2 must be
greater than the value of
vlan-id1. The vlan-id1
and vlan-id2 parameters
identify a range of
VLANs.

The value of vlan-id2 is an


integer that ranges from 1 to
4094.

push vlan vlan-id3

Specifies the VLAN ID in the


outer tags added to frames.

The value is an integer that


ranges from 1 to 4094.

remark-8021p 8021p-value

Specifies the internal priority


in the stacked outer VLAN
tag.

The value is an integer that


ranges from 0 to 7. The
greater the value is, the
higher the priority is.
By default, the priority in the
stacked outer VLAN tag is
the same as the priority in the
inner VLAN tag.

priority-inherit

Indicates that the 802.1p


priority in the outer VLAN
tag of data frames inherits the
802.1p priority in the stacked
outer VLAN tag.

Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
When the user packets traverse the ISP network, you can use the port vlan-stacking command
to add a VLAN tag to the data frames sent from user VLANs so that the data frames contain
double VLAN tags.
When you configure selective QinQ, pay attention to the following points:
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

21

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Selective QinQ can be configured only on hybrid interfaces and it takes effect only in the
inbound direction.

The specified stack VLAN ID must exist and the interface must be added to the specified
stack VLAN in untagged mode.

Example
# Configure selective QinQ on GigabitEthernet 0/0/1. Add outer VLAN tag 100 to the frames
with C-VLAN IDs 10-13.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet
[HUAWEI-GigabitEthernet0/0/1] qinq
[HUAWEI-GigabitEthernet0/0/1] port
[HUAWEI-GigabitEthernet0/0/1] port
priority-inherit

0/0/1
vlan-translation enable
hybrid untagged vlan 100
vlan-stacking vlan 10 to 13 push vlan 100

2.4 L2PT Compatible Commands


2.4.1 bpdu-tunnel enable
Function
The bpdu-tunnel enable command enables Layer 2 protocol transparent transmission on an
interface.

Format
bpdu-tunnel { all | protocol-type &<1-14> } enable

Parameters
Parameter

Description

Value

all

Enables or disables
transparent transmission of
packets of all standard Layer
2 protocols and user-defined
Layer 2 protocols.

protocol-type

Enables or disables
transparent transmission of
packets of a specified Layer
2 protocol.

NOTE
You can specify multiple
protocols in the command.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

22

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Views
Ethernet interface view, XGE interface view, GE interface view, Eth-Trunk interface view, port
group view

Default Level
2: Configuration level

Usage Guidelines
After a user-side interface of a PE on an ISP network is enabled to transparently transmit Layer
2 protocol packets, the interface directly forwards Layer 2 protocol packets sent from a user
network instead of sending the packets to the CPU. In this way, Layer 2 protocol packets are
transparently transmitted through the ISP network.
Generally, the bpdu-tunnel enable command is run on user-side interfaces of PEs.

Example
# Configure GE0/0/1 to transparently transmit all Layer 2 protocols.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] bpdu-tunnel all enable

2.4.2 bpdu-tunnel vlan


Function
The bpdu-tunnel vlan command enables VLAN-based Layer 2 protocol transparent
transmission on an interface.

Format
bpdu-tunnel { all | protocol-type &<1-14> } vlan { low-id [ to high-id ] } &<1-10>

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

all

Enables or disables
transparent transmission of
packets of all standard Layer
2 protocols and user-defined
Layer 2 protocols.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

23

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Parameter

Description

Value

protocol-type

Enables or disables
transparent transmission of
packets of a specified Layer
2 protocol.

NOTE
You can specify multiple
protocols in the command.

low-id

Specifies the start VLAN ID.

The value is an integer that


ranges from 1 to 4094. The
value must be smaller than
the end VLAN ID.

high-id

Specifies the end VLAN ID.

The value is an integer that


ranges from 1 to 4094. The
value must be greater than the
start VLAN ID.

Views
Ethernet interface view, XGE interface view, GE interface view, Eth-Trunk interface view, port
group view

Default Level
2: Configuration level

Usage Guidelines
After a user-side interface of a PE on an ISP network is enabled to transparently transmit Layer
2 protocol packets, the interface directly forwards Layer 2 protocol packets sent from a user
network instead of sending the packets to the CPU. In this way, Layer 2 protocol packets are
transparently transmitted through the ISP network.
The bpdu-tunnel vlan command is usually used on user-side interfaces of PEs.

Example
# Enable GE0/0/1 to transparently transmit all Layer 2 protocols with VLAN tags ranging from
100 to 200.
<HUAWEI> system-view
[HUAWEI] vlan batch 100 to 200
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 to 200
[HUAWEI-GigabitEthernet0/0/1] bpdu-tunnel all vlan 100 to 200

2.5 STP Compatible Commands


Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

24

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

2.5.1 bpdu filter


Function
Using the bpdu filter enable command, you can configure a port as a BPDU filter port.
Using the bpdu filter disable command, you can configure a port as a non-BPDU filter port.
By default, a port is a non-BPDU filter port.

Format
bpdu filter enable
bpdu filter disable

Parameters
None

Views
Ethernet interface view, GE interface view, XGE interface view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines

CAUTION
After you run the bpdu filter enable command on a port, the port no longer process or send
BPDUs. In this case, the port cannot negotiate the STP status with the directly connected port
on the peer device; therefore, use this command with caution. It is recommended that you use
this command on edge ports.
This command is usually used on edge devices to prevent edge ports from processing and sending
BPDUs.
If this command is not used on an edge device, ports of the device are non-BPDU filter ports.
In this case, the ports can send BPDUs even if they are configured as edge ports. Then BPDUs
are sent to other networks, causing flapping of other networks.
After you run the bpdu filter disable command on a port, the port becomes a non-BPDU filter
port. This port remains a non-BPDU filter port after you run the stp bpdu-filter default
command in the system view.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

25

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Example
# Configure GE0/0/1 on an edge device as a non-BPDU filter port.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] bpdu filter disable

# Configure GE0/0/2 on an edge device as a BPDU filter port.


<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/2
[HUAWEI-GigabitEthernet0/0/2] bpdu filter enable

2.5.2 stp-snooping enable


Function
Using the stp-snooping enable command, you can enable STP snooping.
Using the stp-snooping disable command, you can disable STP snooping.
By default, STP snooping is disabled on interfaces.

Format
stp-snooping enable
stp-snooping disable

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
After the l2protocol-tunnel command is used to enable transparent transmission of Layer 2
protocol packets on untagged interfaces or the l2protocol-tunnel vlan command is used to
enable transparent transmission of Layer 2 protocol packets on tagged packets, the untagged or
tagged interfaces directly forward Layer 2 protocol packets sent from user networks over the
ISP's network rather than send them to the CPU for processing. When a device enabled with
transparent transmission of Layer 2 protocol packets receives TC packets, if the stp-snooping
enable command is used, the device clears the MAC entries and ARP entires and updates the
forwarding table.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

26

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

2 Ethernet Compatible Commands

Example
# Enable STP snooping.
<HUAWEI> system-view
[HUAWEI] stp-snooping enable

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

27

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

3 Interface Compatible Commands

Interface Compatible Commands

About This Chapter


3.1 Ethernet Interface Compatible Commands

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

28

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

3 Interface Compatible Commands

3.1 Ethernet Interface Compatible Commands


3.1.1 port-down holdoff-timer
Function
Using the port-down holdoff-timer command, you can set the delay in reporting a port status
change event.

Format
port-down holdoff-timer interval

Parameters
Parameter

Description

Value

interval

Specifies the delay timer.

The value is an integer. The


value can be 0 or in the range
of 50 to 50000, in
milliseconds.

Views
Ethernet interface view, GE interface view, XGE interface view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
When the cable connected to an interface is faulty, the interface status may change frequently.
When this occurs, the system frequently updates the matching entries. If link backup is
configured on the interface, active/standby switchovers occur frequently. To prevent frequent
status change, you can use the port-down holdoff-timer command to set the delay in reporting
a port status change event.
If an S2750&S5700&S6700 interface is connected to a wavelength division multiplexing device,
the interface becomes Down when a protective switchover occurs on the wavelength division
multiplexing device, and services are interrupted. To prevent service interruption, you can set
the delay in reporting a port Down event.
Configuration Impact
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

29

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

3 Interface Compatible Commands

If you run the port-down holdoff-timer command multiple times in the same interface view,
only the latest configuration takes effect.

Example
# Set the delay in reporting a port status change event to 1000 milliseconds on
GigabitEthernet0/0/1.
<HUAWEI> system
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-down holdoff-timer 1000

3.1.2 port media type


Function
The port media type command determines whether an interface configuration item belongs to
the optical interface or electrical interface.

Format
port media type { copper | fiber }

Parameters
Parameter

Description

Value

copper

Indicates that a configuration


item belongs to the electrical
interface.

fiber

Indicates that a configuration


item belongs to the optical
interface.

Views
GE interface view

Default Level
2: Configuration level

Usage Guidelines
This command only distinguishes optical interface configuration and electrical interface
configuration, and is not configurable. For example, an interface has the following configuration:
#
interface GigabitEthernet0/0/1
port media type copper
undo negotiation auto

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

30

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

3 Interface Compatible Commands

speed 100
port media type fiber
undo negotiation auto
#

The preceding information shows that undo negotiation auto and speed 100 are configured on
the electrical interface, and undo negotiation auto is configured on the optical interface. During
configuration restoration, these configuration items are restored for the respective interfaces.

3.1.3 display ifnet controller-tree


Function
The display ifnet controller-tree command displays information about the control interface
and related channel interfaces on devices.

Format
display ifnet controller-tree { controller-name | controller-type controller-number } [ slot slotid ]

Parameters
Parameter

Description

Value

controller-name

Specifies the name of a control interface.

controller-type controller-number Specifies the type and number of a control


interface.

slot slot-id

Specifies the slot ID.

Views
Diagnostic view

Default Level
3: Management level

Usage Guidelines
The display ifnet controller-tree command displays information about the control interface
and related channel interfaces on devices.
NOTE

The control interface must be available on a device.

Example
# Display hierarchies under a controller.
<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] display ifnet controller-tree T3 1/2/0 slot 1

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

31

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

3 Interface Compatible Commands

Controller Channel Node Information


------------------------------------------------------Channel Node Addr : 0xd2861af4 Next Node : 0xd2861c5c Prev Node: 0xd8b79fe0
Low Level Node Count : 1
Next Node : 0xd285e584 Prev Node : 0xd285e584
ID
: 0
Speed
: 64000
Type : T3
SubType : T1
Mode : NOT_SURE
Framed : FRAMED
Shutdown Flag : NOSHUTDOWN

Channel Node Addr : 0xd285e584 Next Node : 0xd2861b00 Prev Node: 0xd2861b00
Low Level Node Count : 1
Next Node: 0xd285e674 Prev Node: 0xd285e674
ID
: 1
Speed
: 0
Type : T1
SubType : NOT_SURE
Mode : CHANNELIZED
Framed : FRAMED
Shutdown Flag : NOSHUTDOWN

Channel Node Addr : 0xd285e674 Next Node : 0xd285e590 Prev Node : 0xd285e590
Low Level Node Count : 0
Next Node: 0xd285e680 Prev Node : 0xd285e680
Channel Interface
: Serial1/2/0/1:1 TimeSlot Mask : 0xe
ID
: 1
Speed
: 64000
Type : CHANNEL_SET
SubType : NOT_SURE
Mode : NOT_SURE
Framed : NOT_SURE
Shutdown Flag : NOSHUTDOWN

Table 3-1 Description of the display ifnet controller-tree command output


Item

Description

Channel Node Addr

Address of a channel node

Next Node

Next node of the current node

Prev Node

Previous node of the current node

Low Level Node Count

Number of lower-level nodes

Channel Interface

Name of a channel interface

ID

ID of the current node

Speed

Rate of the current node

Type

Channel type:
l NOT_SURE
l CPOS
l E3
l T3
l E1
l T1
l CHANNEL_SET
l PRI_SET
l TIMESLOT_LIST

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

32

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

3 Interface Compatible Commands

Item

Description

SubType

Channel sub-type:
l NOT_SURE
l CPOS
l E3
l T3
l E1
l T1
l CHANNEL_SET
l PRI_SET
l TIMESLOT_LIST
Working mode of the current node:

Mode

l NOT_SURE: indicates that the working


mode is uncertain.
l CHANNELIZED: indicates the
channelized mode.
l UNCHANNELIZED: indicates the
unchannelized mode.
l CLEAR_CHANNELIZED: indicates the
clear-channelized mode.
l PRI-SET: indicates the channelized
mode.
Whether the current node is framed:

Framed

l NOT_SURE: indicates that whether the


current node is framed is uncertain.
l UNFRAMED: indicates that the current
node is not framed.
l FRAMED: indicates that the current node
is framed.
Shutdown Flag

When a node is shut down:


l SHUTDOWN: indicates that the node is
shut down.
l NOSHUTDOWN: indicates that the node
is not shut down.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

33

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

IP Service Compatible Commands

About This Chapter


4.1 DHCP Upgrade-compatible Commands

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

34

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

4.1 DHCP Upgrade-compatible Commands


4.1.1 expired
Function
The expired command sets the lease for IP addresses in a global IP address pool.
By default, the lease of IP addresses is one day.

Format
expired { day day [ hour hour [ minute minute ] ] | unlimited }

Parameters
Parameter

Description

day day

Specifies the number of days The value is an integer


in the IP address lease.
ranging from 0 to 999, in
days. The default value is 1.

hour hour

Specifies the number of


hours in the IP address lease.

The value is an integer


ranging from 0 to 23, in
hours. The default value is 0.

minute minute

Specifies the number of


minutes in the IP address
lease.

The value is an integer


ranging from 0 to 59, in
minutes. The default value is
0.

unlimited

Indicates that the IP address


lease is unlimited.

Value

Views
IP address pool view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
The expired-hide command applies to DHCP servers. To meet different client requirements,
DHCP supports dynamic, automatic, and static address assignment. Different hosts require
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

35

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

different IP address leases. For example, if some hosts such as a DNS server need to use certain
IP addresses for a long time, configure expired as unlimited to set the IP address lease of the
specified global address pool to unlimited. If some hosts such as a portable computer just need
to user temporary IP addresses, set the IP address lease of the specified global address pool to
the required time so that the expired IP addresses can be released and assigned to other clients.
When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a
DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be
assigned to the client, the DHCP server informs a renewed IP address lease to the client. If the
IP address can no longer be assigned to this client, the DHCP server informs the client that the
IP address lease cannot be renewed and it needs to apply for another IP address.
Prerequisites
Run the ip pool command to create a global IP address pool and the dhcp enable command to
globally enable the DHCP server function.
Precautions
Different IP address leases can be specified for different global IP address pools on a DHCP
server. In a global IP address pool, all addresses have the same lease.

Example
# Specify the IP address lease of the global address pool global1 to 1 day 2 hours and 30 minutes.
<HUAWEI> system-view
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] expired

day 1 hour 2 minute 30

4.1.2 dhcp server expired


Function
The dhcp server expired command sets the lease for IP addresses in an interface IP address
pool.
By default, the lease of IP addresses is one day.

Format
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
NOTE

S5700LI does not support this commond.

Parameters

Issue 04 (2014-07-30)

Parameter

Description

day

Specifies the number of days The value is an integer


in the IP address lease.
ranging from 0 to 999, in
days. The default value is 1.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

Value

36

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Parameter

Description

Value

hour

Specifies the number of


hours in the IP address lease.

The value is an integer


ranging from 0 to 23, in
hours. The default value is 0.

minute

Specifies the number of


minutes in the IP address
lease.

The value is an integer


ranging from 0 to 59, in
minutes. The default value is
0.

unlimited

Indicates that the IP address


lease is unlimited.

Views
VLANIF interface view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
The dhcp server expired command applies to DHCP servers. To meet different client
requirements, DHCP supports dynamic, automatic, and static address assignment. Different
hosts require different IP address leases. For example, if some hosts such as a DNS server need
to use certain IP addresses for a long time, run the dhcp server expired unlimited command
to set the IP address lease of the specified VLANIF interface address pool to unlimited. If some
hosts such as a portable computer just need to user temporary IP addresses, run the dhcp server
expired command to set the IP address lease of the specified VLANIF interface address pool to
the required time so that the expired IP addresses can be released and assigned to other clients.
When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a
DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be
assigned to the client, the DHCP server informs the client of a renewed IP address lease. If the
IP address can no longer be assigned to this client, the DHCP server informs the client that the
IP address lease cannot be renewed.
Prerequisites
Run the dhcp enable command to globally enable the DHCP function. Run the dhcp select
interface command in the VLANIF interface view to enable the interface IP address pool.
Precautions
Different IP address leases can be specified for different interface IP address pools on a DHCP
server. In an interface IP address pool, all IP addresses have the same lease.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

37

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Example
# Set the IP address lease of the IP address pool on VLANIF 100 to 2 days 2 hours and 30
minutes.
<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] ip address 10.1.1.1 24
[HUAWEI-Vlanif100] dhcp select interface
[HUAWEI-Vlanif100] dhcp server expired day 2 hour 2 minute 30

4.1.3 dhcp server forbidden-ip


Function
The dhcp server forbidden-ip command specifies the range of IP addresses that cannot be
assigned to clients by the DHCP server.
By default, the system does not configure the range of IP addresses that cannot be assigned to
clients by the DHCP server.

Format
dhcp server forbidden-ip start-ip-address [ end-ip-address ]
NOTE

S5700LI does not support this commond.

Parameters
Parameter

Description

Value

start-ip-address

Specifies the start IP address


that cannot be automatically
assigned.

The value is in dotted


decimal notation.

end-ip-address

Specifies the end IP address


that cannot be automatically
assigned. If end-ip-address is
not specified, only start-ipaddress cannot be assigned to
clients.

The value is in dotted


decimal notation. end-ipaddress and start-ip-address
must be on the same network
segment and end-ip-address
must be larger than start-ipaddress.

Views
System view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

38

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Usage Guidelines
Usage Scenario
The dhcp server forbidden-ip command applies to DHCP servers. In an IP address pool, some
IP addresses need to be reserved for other services, and some IP addresses are statically assigned
to certain hosts (such as the DNS server) and cannot be automatically assigned to clients. You
can run the dhcp server forbidden-ip command to specify the range of the IP addresses that
cannot be automatically assigned to clients from the IP address pool.
Precautions
l

The excluded IP address must be in the IP address pool range.

The excluded IP address or IP address segment cannot be automatically assigned to clients


from a local address pool.

If you run the dhcp server forbidden-ip command multiple times, you can specify multiple
IP addresses or IP address segments that cannot be automatically assigned to clients from
the specified address pool.

Example
# Configure that IP addresses in the address pool 10.10.10.10 to 10.10.10.20 cannot be
automatically assigned to clients.
<HUAWEI> system-view
[HUAWEI] dhcp server forbidden-ip 10.10.10.10 10.10.10.20

4.1.4 dhcp server ip-pool


Function
The dhcp server ip-pool command creates a global IP address pool.
The undo dhcp server ip-pool command delete a global IP address pool.
By default, no IP address pool is created.

Format
dhcp server ip-pool pool-name
undo dhcp server ip-pool pool-name
NOTE

S5700LI does not support this commond.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

39

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Parameters
Parameter

Description

Value

pool-name

Specifies the name of a


global IP address pool.

The value is a string of 1 to


64 characters without spaces.
A combination of digits,
letters, underscores (_), and
dots (.) is allowed.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
The dhcp server ip-pool command applies to DHCP servers. When configuring a DHCP server,
run the dhcp server ip-pool command to create an IP address pool and set parameters for the
IP address pool, including a gateway address, the IP address lease, and a VPN instance. Then
the configured DHCP server can assign IP addresses in the IP address pool to clients. If IP
addresses in a global IP address pool are in use, this global address pool cannot be deleted.

Example
# Create a global IP address pool pool1.
<HUAWEI> system-view
[HUAWEI] dhcp server ip-pool pool1

4.1.5 dns-suffix
Function
The dns-suffix command configures the domain name suffix to be assigned by the DHCP server
to a DHCP client.
By default, no domain name suffix is configured for a DHCP client.

Format
dns-suffix domain-name
NOTE

S5700LI does not support this commond.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

40

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Parameters
Parameter

Description

Value

domain-name

Specifies the domain name


suffix to be assigned to a
DHCP client.

The value is a string of 1 to


50 characters without spaces.
A combination of digits,
letters, underscores (_), and
dots (.) is allowed.

Views
IP address pool view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
The dns-suffix command applies to DHCP servers. Each client has a domain name. To enable
DHCP clients to communicate by using their domain names and prevent IP address conflicts,
the DHCP server needs to specify domain name suffixes for these clients when allocating IP
addresses to them. On the DHCP server, the dns-suffix command specifies a domain name suffix
for each global address pool. When allocating IP addresses to clients, the DHCP server also
sends the domain name suffixes to the clients. During domain name resolution, users only need
to enter a part of the domain name, and then the system uses a complete domain name suffix for
resolution.
Precautions
If no domain name suffix is configured for a global IP address pool, the DHCP server cannot
send a domain name suffix to clients. In this situation, the clients cannot communicate.

Example
# Configure mydomain.com.cn as the domain name suffix of the IP address pool pool1.
<HUAWEI> system-view
[HUAWEI] ip pool pool1
[HUAWEI-ip-pool-pool1] dns-suffix mydomain.com.cn

4.1.6 ip relay address


Function
Using the ip relay address command, you can configure DHCP server addresses on a VLANIF
interface enabled with DHCP relay.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

41

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Using the undo ip relay address command, you can delete the configured DHCP server
addresses.
By default, no DHCP server address is configured on a VLANIF interface enabled with DHCP
relay.

Format
ip relay address ip-address
undo ip relay address { ip-address | all }

Parameters
Parameter

Description

Value

ip-address

Specifies the IP address of a


DHCP server.

The value is in dotted


decimal notation.

all

Deletes all the DHCP server


addresses configured on an
interface.

Views
VLANIF interface view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
The ip relay address command is applicable to DHCP relay agents. When a DHCP client needs
to send a DHCP request packet to a DHCP server on a different network segment by using a
DHCP relay agent, run the ip relay address command on the DHCP relay agent to configure a
DHCP server address.
Prerequisites
DHCP relay has been enabled on the VLANIF interface by using the dhcp select relay
command.
Precautions
If you run the ip relay address command multiple times, multiple DHCP server addresses are
configured.

Example
# Configure DHCP server addresses 10.2.2.2 on VLANIF 100 enabled with DHCP relay.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

42

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] dhcp select relay
[HUAWEI-Vlanif100] ip relay address 10.2.2.2

4.1.7 lease
Function
The lease command sets the lease for IP addresses in a global IP address pool.
The undo lease command restores the default lease of IP addresses in a global IP address pool.
By default, the lease of IP addresses is one day.

Format
lease day [ hour [ minute ] ]
undo lease
NOTE

S5700LI does not support this commond.

Parameters
Parameter

Description

Value

day

Specifies the number of days The value is an integer


in the IP address lease.
ranging from 0 to 999, in
days. The default value is 1.

hour

Specifies the number of


hours in the IP address lease.

The value is an integer


ranging from 0 to 23, in
hours. The default value is 0.

minute

Specifies the number of


minutes in the IP address
lease.

The value is an integer


ranging from 0 to 59, in
minutes. The default value is
0.

Views
IP address pool view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

43

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

The lease-hide command applies to DHCP servers. To meet different client requirements, DHCP
supports dynamic, automatic, and static address assignment. Different hosts require different IP
address leases. For example, if some hosts such as a DNS server need to use certain IP addresses
for a long time, set the IP address lease of the current global address pool to unlimited. If some
hosts such as a portable computer just need to use temporary IP addresses, run the lease command
to set the IP address lease of the current global IP address pool to the required time so that the
expired IP addresses can be released and assigned to other clients.
When a DHCP client starts or half of its IP address lease has passed, the DHCP client sends a
DHCP Request packet to the DHCP server to renew the lease. If the IP address can still be
assigned to the client, the DHCP server informs a renewed IP address lease to the client. If the
IP address can no longer be assigned to this client, the DHCP server informs the client that the
IP address lease cannot be renewed and it needs to apply for another IP address.
Precautions
Different IP address leases can be specified for different global address pools on a DHCP server.
In a global address pool, all addresses have the same lease.

Example
# Specify the IP address lease of the global address pool global1 to 1 day.
<HUAWEI> system-view
[HUAWEI] ip pool global1
[HUAWEI-ip-pool-global1] lease 1

4.1.8 policy-vlan dhcp-generic


Function
Using the policy-vlan dhcp-generic command, you can configure generic DHCP policy VLAN.
Using the undo policy-vlan dhcp-generic command, you can delete generic DHCP policy
VLAN.
By default, the function of generic DHCP policy VLAN is disabled on the device.

Format
policy-vlan dhcp-generic [ priority priority ]
undo policy-vlan dhcp-generic

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

priority priority

Specifies the 802.1p priority of


DHCP messages.

The value is an integer that


ranges from 0 to 7. The
default value is 0.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

44

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
You can configure three types of DHCP policy VLAN on the device at the same time. They are
listed in descending order based on priorities as follows:
l

DHCP policy VLAN based on MAC addresses

DHCP policy VLAN based on interfaces

Generic DHCP policy VLAN

User hosts that access the network for the first time apply generic DHCP policy VLAN only
when they cannot apply DHCP policy VLAN based on MAC addresses or DHCP policy VLAN
based on interfaces.

Example
# Configure generic DHCP policy VLAN to associate DHCP messages to which DHCP policy
VLAN based on MAC addresses and DHCP policy VLAN based on interfaces cannot be applied
with VLAN 2, and specify the 802.1p priority of the DHCP messages as 5.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] policy-vlan dhcp-generic priority 5

4.1.9 policy-vlan dhcp-mac


Function
Using the policy-vlan dhcp-mac command, you can configure DHCP policy VLAN based on
MAC addresses.
Using the undo policy-vlan dhcp-mac command, you can delete DHCP policy VLAN based
on MAC addresses.
By default, the function of DHCP policy VLAN based on MAC addresses is disabled on the
device.

Format
policy-vlan dhcp-mac mac-address1 [ to mac-address2 ] [ priority priority ]
undo policy-vlan dhcp-mac mac-address [ to mac-address ]

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

45

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Parameters
Parameter

Description

Value

dhcp-mac mac-address1 [ to
mac-address2 ]

Specifies the MAC addresses


of user hosts that access the
network for the first time.

mac-address1 and macaddress2 are in the format


of H-H-H. An H contains
one to four hexadecimal
numbers.

l mac-address1 specifies
the start MAC address.
l to mac-address2 specifies
the end MAC address.
mac-address2 must be
greater than macaddress1. mac-address2
and mac-address1 specify
the MAC address range. If
to mac-address2 is not
specified, DHCP policy
VLAN based on only the
MAC address specified by
mac-address1 is
configured.
priority priority

Specifies the 802.1p priority


of DHCP messages.

NOTE
The range specified by macaddress1 and mac-address2
cannot contain multicast
MAC addresses, broadcast
MAC addresses, and all 0
address.

The value is an integer that


ranges from 0 to 7. The
default value is 0.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
You can configure three types of DHCP policy VLAN on the device at the same time. They are
listed in descending order based on priorities as follows:
l

DHCP policy VLAN based on MAC addresses

DHCP policy VLAN based on interfaces

Generic DHCP policy VLAN

When multiple user hosts access the network through an interface on the device, you need to
run the policy-vlan dhcp-mac command to configure DHCP policy VLAN based on MAC
addresses so that the user hosts can obtain IP addresses from the DHCP server and be added to
specific VLANs.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

46

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Example
# Configure DHCP policy VLAN based on the MAC address of the host 0001-0001-0001 to
associate DHCP messages from this host with VLAN 2, and specify the 802.1p priority of the
DHCP messages as 5.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] policy-vlan dhcp-mac 1-1-1 priority 5

4.1.10 policy-vlan dhcp-port


Function
Using the policy-vlan dhcp-port command, you can configure DHCP policy VLAN based on
interfaces.
Using the undo policy-vlan dhcp-port command, you can delete DHCP policy VLAN based
on interfaces.
By default, the function of DHCP policy VLAN based on interfaces is disabled on the device.

Format
policy-vlan dhcp-port interface-type { interface-number1 [ to interface-number ] } &<110>
[ priority priority ]
undo policy-vlan dhcp-port interface-type { interface-number1 [ to interface-number ] } &<1
10>

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

47

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Parameters
Parameter

Description

Value

interface-type interfacenumber1 [ to interfacenumber ] &<110>

Specifies the interface type and


interface number.

interface-type can be one


of the following:

l interface-type specifies the


type of an interface.

l eth-trunk

l interface-number1 specifies
the number of the start
interface.

l xgigabitethernet

l gigabitethernet

l to interface-number specifies
the number of the end
interface. interface-number
must be greater than
interface-number1. interfacenumber and interfacenumber1 specify the interface
range. If to interface-number
is not specified, DHCP policy
VLAN based on only the
interface specified by
interface-number1 is
configured.
priority priority

Specifies the 802.1p priority of


DHCP messages.

The value is an integer that


ranges from 0 to 7. The
default value is 0.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
You can configure three types of DHCP policy VLAN on the device at the same time. They are
listed in descending order based on priorities as follows:
l

DHCP policy VLAN based on MAC addresses

DHCP policy VLAN based on interfaces

Generic DHCP policy VLAN


NOTE

DHCP policy VLAN based on interfaces is valid only for hybrid interfaces. Ensure that the interfaces are
hybrid interfaces before running the policy-vlan dhcp-port command. The interfaces to be configured
with this function are hybrid interfaces by default. If not, you can configure an interface as a hybrid interface.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

48

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

4 IP Service Compatible Commands

Example
# Configure DHCP policy VLAN based on GigabitEthernet 0/0/1 to associate DHCP messages
on this interface with VLAN 2, and specify the 802.1p priority of the DHCP messages as 5.
<HUAWEI> system-view
[HUAWEI] vlan 2
[HUAWEI-vlan2] policy-vlan dhcp-port gigabitethernet 0/0/1 priority 5

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

49

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

IP Routing Compatible Commands

About This Chapter


5.1 display bgp group
5.2 display bgp network
5.3 display bgp paths
5.4 display bgp peer
5.5 display bgp routing-table dampened
5.6 display bgp routing-table dampening parameter
5.7 display bgp routing-table flap-info
5.8 display bgp routing-table label
5.9 display bgp update-peer-group
5.10 display ipv6 nexthop-indirection
5.11 display ipv6 routing-table { all-vpn6-instance | vpn6-instance } statistics
5.12 display ipv6 routing-table time-range
5.13 display rm ipv6 interface
5.14 ipv6 route-static vpn6-instance
5.15 ipv6-family vpn6-instance
5.16 isis vpn6-instance
5.17 reset ipv6 routing-table statistics protocol

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

50

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

5.1 display bgp group


Function
Using the display bgp group command, you can display the peer group.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name group [ group-name ]

Parameters
Parameter

Description

Value

group-name

Specifies the peer group.

It is case-sensitive.

vpnv6

Displays information about BGP


VPNv6 peer groups.

vpn6-instance vpn6-instancename

Specifies the name of the IPv6 VPN It is case-sensitive.


instance.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
If the peer group is specified, the detailed information on the specified peer group is displayed.
If the peer group is not specified, the information on all peer groups is displayed.

Example
# Display information about all peer groups of the IPv6 VPN instance named vpn6 on the local
switch.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn6 group
BGP peer-group: g1
Remote AS: 65410
Type : external
PeerSession Members:
2000::2
Peer Members:
2000::2

# Display information about the peer group named g1 of the IPv6 VPN instance named vpn6 on
the local switch.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

51

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

<HUAWEI> display bgp vpnv6 vpn6-instance vpn6 group g1


BGP peer-group: g1
Remote AS: 65410
Type : external
Configured hold timer value: 180
Keepalive timer value: 60
Minimum route advertisement interval is 30 seconds
PeerSession Members:
2000::2
Peer Preferred Value: 0
No routing policy is configured
Peer Members:
Peer
V
AS MsgRcvd
2000::2
4 65410
103

MsgSent
90

OutQ Up/Down
State PrefRcv
0 01:20:55 Established
0

5.2 display bgp network


Function
Using the display bgp network command, you can view the routes to be advertised by BGP
through the network command.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name network

Parameters
Parameter

Description

Value

vpn6

Displays the VPNv6 routes that are advertised through the network command.

vpn6-instance vpn6-instance-name Displays information about the routes


advertised by the specified IPv6 VPN instance.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
This command is used to display all the configurations of the network command in the specified
address family view. Routes can be imported and then advertised by BGP only when the route
prefix satisfies the following conditions:
l
Issue 04 (2014-07-30)

It is specified in the network command.


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

52

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

It already exists in the IP routing table.

It is active.

Example
# Display the routes of the IPv6 VPN instance named vpn1 advertised by BGP through the
network command.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 network
BGP Local Router ID is 1.1.1.1
Local AS Number is 100
Route Distinguisher: 100:1
(vpn1)
Network
Prefix

Route-policy

2000::

policy1

100

5.3 display bgp paths


Function
Using the display bgp paths command, you can view the path attributes of BGP.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name paths [ as-regular-expression ]

Parameters
Parameter

Description

Value

as-regular-expression

Displays the regular express of the matching


AS-Path.

vpnv6

Displays the path attributes of BGP VPNv6.

vpn6-instance vpn6-instance-name Displays the AS-Path of the specified VPN


instance.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

53

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Example
# Display information about BGP4+ paths of IPv6 VPN instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 paths
Total routes of vpn6-instance vpn1: 4
Total Number of Paths: 4
Address
0x50EEF20
0x50EEEB8
0x50EEF88
0x50EF0C0

Refcount
1
1
1
1

MED
0
0
0

Path/Origin
?
?
i
65410?

# Display the BGP4+ paths, including AS_Path 65420, of IPv6 VPN instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 paths 65420*
Total routes of vpn6-instance vpn1: 1
Total Number of Paths: 1
Address
0x659D4A8

Refcount
1

MED
0

Path/Origin
65420?

5.4 display bgp peer


Function
Using the display bgp peer command, you can display the BGP peers.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name peer [ { group-name | ipv6-address }
log-info | [ ipv6-address ] verbose ]

Parameters
Parameter

Description

log-info

Displays the log of the peer. -

verbose

Displays the detailed


information of the peer.

ipv6-address

Specifies the address of the


IPv6 peer.

The prefix is a 128-bit hexadecimal


number, in the format of
X:X:X:X:X:X:X:X.

vpnv6

Displays information about


BGP VPNv6 peers.

vpn6-instance vpn6instance-name

Displays the peers of IPv6


VPN instance.

It is a string of 1 to 31 case-sensitive
characters without any spaces.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Value

54

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None.

Example
# Display log information about BGP peer groups of the IPv6 VPN instance.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 peer g1 log-info

5.5 display bgp routing-table dampened


Function
Using the display bgp routing-table dampened command, you can display BGP dampened
routes.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ statistics ] dampened

Parameters
Parameter

Description

Value

statistics

Displays the statistics of dampened


routes.

vpnv6

Displays BGP routes of VPNv6.

vpn6-instance vpn6-instancename

Specifies the name of the IPv6 VPN It is case-sensitive.


instance.

Views
All views

Default Level
1: Monitoring level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

55

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Usage Guidelines
None

Example
# Display dampened IPv6 routes in the VPNv6 BGP routing table.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table dampened

5.6 display bgp routing-table dampening parameter


Function
Using the display bgp routing-table dampening parameter command, you can display BGP
route dampening parameters.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table dampening parameter

Parameters
Parameter

Description

Value

vpnv6

Displays BGP route dampening parameters of


VPNv6.

vpn6-instance vpn6-instance-name Specifies route dampening parameters of the


IPv6 VPN instance.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None.

Example
# Display BGP route dampening parameters of specified IPv6 VPN instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table dampening parameter

5.7 display bgp routing-table flap-info


Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

56

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Function
Using the display bgp routing-table flap-info command, you can view information about
flapping BGP routes.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table flap-info [ regularexpression as-regular-expression ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table flap-info { as-pathfilter as-path-filter-number | network-address [ prefix-length [ longer-match ] ] }

Parameters
Parameter

Description

Value

regular-expression asregular-expression

Displays the statistics of the


The value is a string of 1 to
route flapping that matches the 80 characters.
AS-Path regular expression.

as-path-filter

Displays the statistics of the


route flapping that matches the
specified AS-Path filter.

as-path-filter-number

Specifies the number of the


matching AS-Path filter.

network-address

Displays the network address


related to the dampening
information.

mask | mask-length

Specifies the network mask or


mask length.

longer-match

Matches according to the mask longer than the specified length.

prefix-length

Specifies the length of the


prefix.

vpnv6

Displays statistics of BGP route flapping of the VPNv6.

vpn6-instance vpn6instance-name

Specifies statistics of route


flapping of the specified IPv6
VPN instance.

Views
All views

Default Level
1: Monitoring level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

57

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Usage Guidelines
None.

Example
# Display statistics of the BGP4+ route flapping of IPv6 VPN instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table flap-info

5.8 display bgp routing-table label


Function
Using the display bgp routing-table label command, you can display the labeled routes in the
BGP routing table.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ statistics ] label

Parameters
Parameter

Description

Value

statistics

Indicates the statistics of the labeled routes.

vpnv6

Displays the labeled route of VPNv6. -

vpn6-instance vpn6-instancename

Specifies the name of a IPv6 VPN


instance.

It is case-sensitive.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None.

Example
# Display the BGP4+ labeled routes of the IPv6 VPN instance named vpna.
<HUAWEI> display bgp vpnv6 vpn6-instance vpna routing-table label

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

58

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

5.9 display bgp update-peer-group


Function
Using the display bgp update-peer-group command, you can view information about BGP
update-groups.

Format
display bgp vpnv6 { vpn6-instance vpn6-instance-name } update-peer-group [ index updategroup-index ]

Parameters
Parameter

Description

Value

vpnv6

Displays information about BGP VPNv6


update-groups.

vpn6-instance vpn6-instance-name Displays information about BGP update-groups in the specified IPv6 VPN instance.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
You can specify the index of an update-group to view detailed information about the specified
update-group.

Example
# Display information about the BGP update-group with the index being 0.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 update-peer-group index 0

5.10 display ipv6 nexthop-indirection


Function
The display ipv6 nexthop-indirection command displays information about the next-hop IPv6
VPN instance iterated control block.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

59

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Format
display ipv6 nexthop-indirection vpn6-instance vpn6-instance-name [ nexthop nexthop-ipv6address | indirectid indirectid ]

Parameters
Parameter

Description

Value

vpn6-instance vpn6instance-name

Displays next-hop indirect


information about a specified
IPv6 VPN instance.

The value is a string of 1 to 31


case-sensitive characters,
spaces not supported.

nexthop nexthop-ipv6address

Specifies the next-hop IPv6


address.

The value is an IPv6 address.

indirectid indirectid

Specifies the keyword value of The value ranges from 0 to


the next-hop indirection.
FFFFFFFF, in hexadecimal
notation.

Views
Diagnosis view

Default Level
3: Management level

Usage Guidelines
None.

Example
# Display information about the IPv6 VPN instance named vpna iterated control block.
<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] display ipv6 nexthop-indirection vpn6-instance vpna indirectid 29

5.11 display ipv6 routing-table { all-vpn6-instance | vpn6instance } statistics


Function
Using the display ipv6 routing-table { all-vpn6-instance | vpn6-instance } statistics
command, you can view integrated route statistics of the routing tables of IPv6 VPN instances.

Format
display ipv6 routing-table { all-vpn6-instance | vpn6-instance vpn-instance-name } statistics
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

60

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Parameters
Parameter

Description

all-vpn6-instance

Displays integrated route


statistics of the routing tables of
all IPv6 VPN instances.

vpn6-instance vpn-instance- Specifies the name of an VPN


name
instance of an enabled IPv6
address family.

Value

The value is a string of 1 to


31 case-sensitive characters
without spaces.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Integrated route statistics include the total number of routes, the number of added routes, and
the number of deleted routes.

Example
# Display integrated route statistics of the routing tables of all IPv6 VPN instances.
<HUAWEI> display ipv6 routing-table all-vpn6-instance statistics
Summary Prefixes : 1
Protocol
route
active
added
deleted
freed
DIRECT
1
1
1
0
0
STATIC
0
0
0
0
0
RIPng
0
0
0
0
0
OSPFv3
0
0
0
0
0
IS-IS
0
0
0
0
0
BGP
0
0
0
0
0
Total
1
1
1
0
0

Table 5-1 Description of the display ipv6 routing-table all-vpn6-instance statistics command
output

Issue 04 (2014-07-30)

Item

Description

Summary Prefixes

Total number of prefixes in the current routing


table

Protocol

Routing protocol

route

Number of routes in the current routing table

active

Number of active routes in the routing table

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

61

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Item

Description

added

Number of active and inactive routes added in the


routing table

deleted

Number of routes deleted from the routing table

freed

Number of released routes that are permanently


deleted from the routing table

5.12 display ipv6 routing-table time-range


Function
The display ipv6 routing-table time-range command displays information about routes
generated in a specified time range in the IPv6 routing table of the specified VPN instance.

Format
display ipv6 routing-table vpn6-instance vpn6-instance-name time-range min-age max-age
[ verbose ]

Parameters
Parameter

Description

vpn6-instance vpn6instance-name

Displays information about


The value is a string of 1 to 31
routes generated in a specified case-sensitive characters, spaces
time range in the IPv6 routing not supported.
table of the specified VPN
instance.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Value

62

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Parameter

Description

Value

min-age

Specifies the end time of the


period when routes are
generated.

The format is xxdxxhxxmxxs.


l The d indicates days. The
value is an integer ranging
from 0 to 10000.
l The h indicates hours. The
value is an integer ranging
from 0 to 23.
l The m indicates minutes. The
value is an integer ranging
from 0 to 59.
l The s indicates seconds. The
value is an integer ranging
from 0 to 59.
For example, you can enter
5d4h30m20s to specify 5 days, 4
hours, 30 minutes, and 20
seconds.
NOTE
If the value of the d is 10000, the
values of the h, m, and s can be only
0.

max-age

Specifies the start time of the The format is xxdxxhxxmxxs.


period when routes are
l The d indicates days. The
generated.
value is an integer ranging
from 0 to 10000.
l The h indicates hours. The
value is an integer ranging
from 0 to 23.
l The m indicates minutes. The
value is an integer ranging
from 0 to 59.
l The s indicates seconds. The
value is an integer ranging
from 0 to 59.
For example, you can enter
5d4h30m20s to specify 5 days, 4
hours, 30 minutes, and 20
seconds.
NOTE
If the value of the d is 10000, the
values of the h, m, and s can be only
0.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

63

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Parameter

Description

Value

verbose

Displays detailed information about active and inactive


routes. If you do not specify
this parameter, the display
ipv6 routing-table timerange command displays
only summary information
about active routes.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Usage Scenario
If route flapping occurs on a network, you can run the display ipv6 routing-table time-range
command and specify a small time range for the command. By doing so, you can find the flapping
route in a timely manner and accelerate fault locating.
Precautions
You must make sure that max-age is greater that min-age. Otherwise, the display ipv6 routingtable time-range command does not display any information.
If the specified max-age is greater than min-age and no route was generated within this time
range, the display ipv6 routing-table time-range command displays only the table heading.

Example
# Display information about routes generated in the last 2 hours, 20 minutes, and 10 seconds in
the IPv6 routing table of the VPN instance named vpna.
<HUAWEI> display ipv6 routing-table vpn6-instance vpna time-range 0 2h20m10s

5.13 display rm ipv6 interface


Function
Using the display rm ipv6 interface command, you can view IPv6 VPN instance RM
information of interfaces, including physical and logical interfaces.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

64

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Format
display rm ipv6 interface vpn6-instance vpn6-instance-name [ interface-type interfacenumber ]

Parameters
Parameter

Description

Value

vpn6-instance vpn6instance-name

Specifies the name of an


IPv6 VPN instance.

It is case-sensitive.

ipv6-address ipv6address

Displays IPv6 RM
information with the
specified destination IPv6
address.

The value is a 32-digit


hexadecimal number, in the
X:X:X:X:X:X:X:X format.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None.

Example
# Display RM information of all interfaces bound to IPv6 VPN instance named vpna.
<HUAWEI> display rm ipv6 interface vpn6-instance vpna

5.14 ipv6 route-static vpn6-instance


Function
Using the ipv6 route-static vpn6-instance command, you can configure IPv6 static routes in a
VPN instance.
Using the undo ipv6 route-static vpn6-instance command, you can withdraw the IPv6 unicast
static routes in a VPN instance.
By default, the system does not configure IPv6 static routes for VPN instances.

Format
ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length
[ interface-type interface-number ] nexthop-ipv6-address [ preference preference | tag tag ] *
[ description text ]
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

65

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length nexthopipv6-address [ public ] [ preference preference | tag tag ] * [ description text ]
ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length vpn6instance vpn6-destination-name nexthop-ipv6-address [ preference preference | tag tag ] *
[ description text ]
ipv6 route-static dest-ipv6-address prefix-length vpn6-instance vpn6-destination-name
nexthop-ipv6-address [ preference preference | tag tag ] * [ description text ]
undo ipv6 route-static vpn6-instance vpn6-instance-name dest-ipv6-address prefix-length
[ interface-type interface-number [ nexthop-ipv6-address ] | nexthop-ipv6-address ]
[ preference preference | tag tag ] *
undo ipv6 route-static vpn6-instance vpn6-instance-name all

Parameters
Parameter

Description

vpn6-instance-name

Specifies the name of an IPv6 The name is a string of 1 to 31 caseVPN instance. Each IPv6 VPN sensitive characters without any
instance has its own unicast
spaces.
routing table, and the
configured static routes are
installed into the routing table
of the specified IPv6 VPN
instance.

dest-ipv6-address

Specifies the destination IPv6 The value is a 128-digit hexadecimal


address.
number, in the format of
X:X:X:X:X:X:X:X.

prefix-length

Specifies the length of an IPv6 It is an integer ranging from 1 to 128.


prefix, namely, the number of
consecutive 1s in the mask.

interface-type

Specifies the type of an


interface.

interface-number

Specifies the number of an


interface.

nexthop-ipv6-address

Specifies the next hop IPv6


address.

The value is a 128-digit hexadecimal


number, in the format of
X:X:X:X:X:X:X:X.

Issue 04 (2014-07-30)

Value

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

66

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Parameter

Description

5 IP Routing Compatible Commands

Value

vpn6-destination-name Specifies the name of the


The name is a string of 1 to 31 casedestination IPv6 VPN
sensitive characters without any
instance. After the destination spaces.
IPv6 VPN instance name is
configured, the switch can
search the static routing table
for the outbound interface to
the destination IPv6 VPN
instance according to the
configured gateway address.
public

Indicates that the gateway


address is a public network
address. After a switch is
configured to belong to an
IPv6 VPN instance, the next
hop or the next hop gateway
router of this switch belongs to
this IPv6 VPN instance or the
public network. If the keyword
public is specified in the
command, it indicates that the
next hop is specified as the
public network router.

preference preference Specifies the preference of a


static route.

It is an integer ranging from 1 to 255.

tag tag

Specifies the tag value of a


The value is an integer ranging from
static route. By configuring
1 to 4294967295. By default, it is 0.
different tag values, you can
classify static routes to
implement different routing
policies. For example, routing
protocols can import routes
with specified tag values
through routing policies.

description text

Specifies the description of


static routes.

The description is a string of 1 to 19


characters that can contain spaces.

all

Deletes all the static routes


configured for the specified
IPv6 VPN instance.

Views
System view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

67

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Usage Guidelines
Applicable Environment
When an VPN network is simple, you can configure static routes for this VPN by using the ipv6
route-static vpn6-instance command. Properly configuring and using static routes can improve
network performance.
l

To configure VPN users to access a public network, you can run the ipv6 route-static
vpn6-instance command with the keyword public to configure the VPN route with the
next hop being the public network address.

You can configure description text to add the description of static routes so that the
administrator can check and maintain static routes easily. You can run the display this or
display current-configuration command in the system view to view the description.

Precautions
If the destination address and the prefix length are set to all 0s, it indicates that a default route
is configured.
However, after network faults occur or the network topology changes, static routes cannot
automatically change. Therefore, configure static routes with caution.

Example
# Configure a default route with the next hop 2001::1.
<HUAWEI> system-view
[HUAWEI] ipv6 route-static vpn6-instance vpn1 :: 0 2001::1

5.15 ipv6-family vpn6-instance


Function
Using the ipv6-family vpn6-instance command, you can enter the BGP-VPN6 instance view.
Using the undo ipv6-family vpn6-instance command, you can remove all configurations in the
BGP-VPN6 instance view.

Format
ipv6-family vpn6-instance vpn6-instance-name
undo ipv6-family vpn6-instance vpn6-instance-name

Parameters
Parameter

Description

Value

vpn6-instance vpn6-instance-name Binds the specified IPv6 VPN instance with the IPv6 address family. You can enter the BGPVPN6 instance view by using the parameter.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

68

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Views
BGP view

Default Level
2: Configuration level

Usage Guidelines
None.

Example
# Enter the BGP-VPN6 instance view.
<HUAWEI> system-view
[HUAWEI] bgp 100
[HUAWEI-bgp] ipv6-family vpn6-instance vpna
[HUAWEI-bgp6-vpna]

5.16 isis vpn6-instance


Function
Using the isis vpn6-instance command, you can start the IS-IS process and the specified IPv6
VPN instance.
Using the undo isis command, you can cancel the specified IS-IS process.
By default, an IS-IS process is runs in a public network instance.

Format
isis [ process-id ] vpn6-instance vpn6-instance-name
undo isis process-id

Parameters
Parameter

Description

Value

process-id

Specifies the process ID.

The value is an integer


ranging from 1 to 65535.

vpn6-instance vpn6instance-name

Specifies the name of the IPv6


VPN instance.

The name is a string of 1 to


31 characters without
spaces. It is case-sensitive.

Views
System view
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

69

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Default Level
2: Configuration level

Usage Guidelines
To make IS-IS work normally, do as follows:
l

Enable IS-IS process by using the isis command.

Set a Network Entity Title (NET) for the switch by using the network-entity command.

Enable each interface that needs to run IS-IS process by using the isis enable command.

You can start IS-IS only when the above action is done.

Example
# Start an IS-IS routing process 1 which has the system ID 0000.0000.0002 and the area ID
01.0001.
<HUAWEI> system-view
[HUAWEI] isis 1 vpn6-instance vpna
[HUAWEI-isis-1] network-entity 01.0001.0000.0000.0002.00

5.17 reset ipv6 routing-table statistics protocol


Function
Using the reset ipv6 routing-table statistics protocol command, you can clear statistics in the
IPv6 routing table.

Format
reset ipv6 routing-table vpn6-instance vpn6-instance-name statistics protocol { all |
protocol }

Parameters
Parameter Description

Value

all

Clears the statistics of all IPv6 routing protocols in the routing table.

protocol

Clears the statistics of the specified routing protocol. This parameter can be bgp, direct, isis, ospfv3, ripng, or static.

Views
User view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

70

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

5 IP Routing Compatible Commands

Usage Guidelines
Statistics in the IPv6 routing table cannot be restored after you clear them. So, confirm the action
before using the command.

Example
# Clear the statistics of all IPv6 routing protocols in the routing table.
<HUAWEI> reset ipv6 routing-table vpn6-instance vpna statistics protocol all

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

71

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

IP Multicast Compatible Commands

About This Chapter


6.1 IGMP Snooping Compatible Commands
6.2 MLD Snooping Compatible Commands
6.3 Multicast VLAN Compatible Commands

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

72

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

6.1 IGMP Snooping Compatible Commands


6.1.1 display igmp-proxy
Function
Using the display igmp-proxy command, you can view the default and non default
configurations of IGMP proxy.

Format
display igmp-proxy [ vlan [ vlan-id ] ]

Parameters
Parameter

Description

Value

vlan vlan-id

Displays the configuration of


the IGMP proxy in the
specified VLAN. vlan-id
specifies the ID of a VLAN.

The value is an integer that


ranges from 1 to 4094.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Before running the display igmp-proxy command, run the 6.1.5 igmp-proxy enable command
to enable IGMP proxy globally and in the VLAN. Otherwise, no information is displayed.
The IGMP proxy configuration, including the default configuration, is displayed only when the
VLAN is in Up state. That is, at least one interface in the VLAN is in Up state.

Example
# Display the IGMP proxy configuration of VLAN 3.
<HUAWEI> display igmp-proxy vlan 3
IGMP Snooping Information for VLAN 3
IGMP Snooping is Enabled
IGMP Version is Set to default 2
IGMP Query Interval is Set to default 125
IGMP Max Response Interval is Set to default 10

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

73

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP
IGMP

6 IP Multicast Compatible Commands

Robustness is Set to default 2


Last Member Query Interval is Set to default 1
Router Port Aging Interval is Set to 180s or holdtime in hello
Filter Group-Policy is Set to default : Permit All
Prompt Leave Disable
Router Alert is Not Required
Send Router Alert Enable
Proxy Disable
Report Suppress Disable
Suppress Time is set to default 10 seconds
Querier Disable
Router Port Learning Enable
SSM-Mapping Disable
Limit Action Disable
Suppress-dynamic-join Disable

Table 6-1 Description of the display igmp-proxy command output

Issue 04 (2014-07-30)

Item

Description

IGMP Snooping is Enabled

IGMP snooping is enabled in the VLAN.

IGMP Version is Set to


default 2

The version of IGMP messages that can be processed in the


VLAN is the default version. Both IGMPv1 and IGMPv2
messages can be processed.

IGMP Query Interval is Set


to default 125

The interval at which IGMP General Query messages are sent


in the VLAN is set to the default value, 125 seconds.

IGMP Max Response


Interval is Set to default 10

The maximum response time for IGMP Query messages in the


VLAN is set to the default value, 10 seconds.

IGMP Robustness is Set to


default 2

The IGMP robustness variable is set to the default value 2.

IGMP Last Member Query


Interval is Set to default 1

The interval at which IGMP Group-Specific Query messages


are sent in the VLAN is set to the default value, 1 second.

IGMP Router Port Aging


Interval is Set to 180s or
holdtime in hello

The aging time of router interfaces in the VLAN is set to the


default value, 180 seconds or the holdtime in PIM Hello
messages.

IGMP Filter Group-Policy


is Set to default : Permit All

The default multicast group policy is used in the VLAN. That


is, hosts in the VLAN can join all the multicast groups.

IGMP Prompt Leave


Disable

Prompt leave is disabled for interfaces in the VLAN.

IGMP Router Alert is Not


Required

The device does not require that the IGMP messages received
in the VLAN contain the Router-Alert option in the IP header.

IGMP Send Router Alert


Enable

The device sends the IGMP messages that contain the RouterAlert option in the IP headers to the hosts in the VLAN.

IGMP Proxy Disable

IGMP proxy is disabled in the VLAN.

IGMP Report Suppress


Disable

IGMP Report message suppression is disabled in the VLAN.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

74

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Item

Description

IGMP Suppress Time is set


to default 10 seconds

The suppress duration of IGMP Report messages is set to the


default value, 10 seconds.

IGMP Querier Disable

IGMP querier is disabled in the VLAN.

IGMP Router Port


Learning Enable

Learning of IGMP router interfaces is enabled in the VLAN.

IGMP SSM-Mapping
Disable

IGMP SSM mapping is disabled in the VLAN.

IGMP Limit Action


Disable

Multicast entry overwriting is disabled in the VLAN.

IGMP Suppress-dynamicjoin Disable

The system does not send Report or Leave messages to the


upstream router interface where a static multicast group is
configured.

6.1.2 display igmp-proxy configuration


Function
Using the display igmp-proxy configuration command, you can display the non-default IGMP
proxy configuration.

Format
display igmp-proxy [ vlan [ vlan-id ] ] configuration

Parameters
Parameter

Description

Value

vlan vlan-id

Displays the non-default


IGMP proxy configuration in
the specified VLAN. vlan-id
specifies the ID of a VLAN.

The value is an integer that


ranges from 1 to 4094.

Views
All views

Default Level
1: Monitoring level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

75

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Usage Guidelines
Before running the display igmp-proxy configuration command, you must run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no
information is displayed.
If the optional parameter is not specified, the non-default IGMP proxy configurations of all
VLANs are displayed.

Example
# Display the non-default IGMP proxy configuration of VLAN 2.
<HUAWEI> display igmp-proxy vlan 2 configuration
IGMP Snooping Configuration for VLAN 2
igmp-snooping enable
igmp-snooping proxy

Table 6-2 Description of the display igmp-proxy configuration command output


Item

Description

igmp-snooping enable

IGMP snooping is enabled in the VLAN.

igmp-snooping proxy

IGMP proxy is enabled in the VLAN.

6.1.3 display igmp-proxy port-info


Function
Using the display igmp-proxy port-info command, you can view information about member
interfaces of a multicast group.

Format
display igmp-proxy port-info [ vlan vlan-id [ group group-address ] ] [ verbose ]

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

vlan vlan-id

Displays information about


the member interfaces in the
specified VLAN. vlan-id
specifies the ID of a VLAN.

The value is an integer that


ranges from 1 to 4094.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

76

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Parameter

Description

Value

group group-address

Displays information about


the member interfaces of the
specified multicast group in
the VLAN. group-address
specifies the address of a
multicast group.

The value of ranges from


224.0.1.0 to
239.255.255.255 in dotted
decimal notation.

verbose

Displays detailed
information about the
member interfaces.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
This command displays information about the member interfaces of a multicast group, including
the number of member interfaces and name of the member interfaces.
Before running the display igmp-proxy port-info command, you must run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no
information is displayed.
Information about the member interfaces (static or dynamic) is displayed only if the interfaces
are in Up state.
If vlan-id is not specified, information about member interfaces of multicast groups in all the
VLANs is displayed.

Example
# Display information about multicast member interfaces in VLAN 7.
<HUAWEI> display igmp-proxy port-info vlan 7
----------------------------------------------------------------------(Source, Group)
Port
Flag
Flag: S:Static
D:Dynamic
M: Ssm-mapping
----------------------------------------------------------------------VLAN 7, 3 Entry(s)
(1.1.1.1,225.1.1.1) GE0/0/1
D-1 port(s)
(1.1.1.1,225.1.1.2) GE0/0/2
D-1 port(s)
(1.1.1.1,225.1.1.3) GE0/0/3
D-1 port(s)

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

77

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Table 6-3 Description of the display igmp-snooping port-info command output


Item

Description

(Source, Group)

(S, G) entry, specifying the multicast source and multicast


group.

Port

Outbound interface in an (S, G) entry.

Flag

Type of an outbound interface.


l S:static member interface
l D: dynamic member interface
l M: member interface specified in an SSM mapping entry

6.1.4 display igmp-proxy router-port


Function
Using the display igmp-proxy router-port command, you can view information about router
interfaces in the specified VLAN, including the static router interface and the dynamic router
interface.

Format
display igmp-proxy router-port vlan vlan-id

Parameters
Parameter

Description

Value

vlan vlan-id

Displays information about


the router interfaces in the
specified VLAN. vlan-id
specifies the ID of a VLAN.

The value is an integer that


ranges from 1 to 4094.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
A router interface connects the S2750&S5700&S6700 to an upstream router. The router
interface can be dynamically generated after the IGMP Query message is received, or statically
configured.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

78

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Before running the display igmp-proxy router-port command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN. Otherwise, no information
is displayed.
You can run the display igmp-proxy router-port command to view information about the type,
name, age, and remaining aging time of the router interface.
NOTE

Information about a router interface is displayed only when the interface is in Up state.

Example
# Display information about router interfaces in VLAN 2.
<HUAWEI> display igmp-proxy router-port vlan 2
Port Name
UpTime
Expires
Flags
------------------------------------------------------VLAN 2, 2 router-port(s)
GE0/0/1
1d:22h
00:01:20
DYNAMIC
GE0/0/2
2d:10h
-STATIC

Table 6-4 Description of the display igmp-proxy router-port command output


Item

Description

Port Name

Type and number of an interface.

UpTime

Age of a router interface, that is, time that elapsed since the
interface became the router interface.

Expires

Remaining aging time of a router interface.


l The remaining aging time is displayed for a dynamic router
interface.
l A static router interface does not age.

Flags

Type of the router interface, which can be either of the following:


l STATIC: indicates a static router interface.
l DYNAMIC: indicates a dynamic router interface.

6.1.5 igmp-proxy enable


Function
Using the igmp-proxy enable command, you can enable IGMP proxy.
By default., IGMP proxy is disabled.

Format
igmp-proxy enable
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

79

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Parameters
None

Views
System view, VLAN view

Default Level
2: Configuration level

Usage Guidelines
The differences of using the igmp-proxy enable command in the system view and VLAN view
are as follows:
l

When you run the commands in the system view, IGMP proxy is enabled globally.

When you run the commands in the VLAN view, IGMP proxy is enabled or in the VLAN.

To enable IGMP proxy in a VLAN, you must first enable IGMP proxy globally.

Example
# Enable IGMP proxy globally.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable

# Enable IGMP proxy in VLAN 3.


<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable

6.1.6 igmp-proxy group-limit


Function
Using the igmp-proxy group-limit command, you can set the maximum number of IGMP proxy
entries on an interface.

Format
igmp-proxy group-limit limit-num vlan { vlan-id1 [ to vlan-id2 ] } & <1-10>

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

80

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Parameters
Parameter

Description

Value

limit-num

Specifies the maximum


number of IGMP proxy
entries on an interface.

The value is an integer and


the value range depends on
the product model:
l S2750: 1 to 1022
l S5700S-LI, S5700LI, and
S5700SI: 1 to 1024
l S5700EI, S5710EI,
S5700HI, S5710HI, and
S6700: 1 to 2048

vlan-id1 [ to vlan-id2 ]

Specifies the ID of a user


VLAN.

The value is an integer that


ranges from 1 to 4094.

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
After the igmp-proxy group-limit command is run, the number of IGMP proxy entries on the
interface cannot exceeds the limit.

Example
# Set the maximum number of IGMP proxy entries in VLAN 10 on GE0/0/1 to 100.
<HUAWEI> system view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-proxy group-limit 100 vlan 10

6.1.7 igmp-proxy group-policy (interface view)


Function
The igmp-proxy group-policy command configures a multicast group policy for a VLAN on
an interface. The policy specifies the multicast groups that hosts in the VLAN can join.
By default, no multicast group policy is configured for a VLAN. That is, hosts in the VLAN can
join any multicast group.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

81

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Format
igmp-proxy group-policy acl-number [ version version-number ] vlan vlan-id1 [ to vlanid2 ]
igmp-proxy group-policy acl-number vlan vlan-id1 [ to vlan-id2 ] version-number

Parameters
Parameter

Description

Value

acl-number

Specifies the number of the


ACL that limits the multicast
groups that hosts in a VLAN
can join.

The value is an integer that


ranges from 2000 to 3999.

version-number

Applies the multicast group


policy to only the IGMP
messages of the specified
version.

The value is an integer that


ranges from 1 to 3. The value
1 indicates IGMPv1, the
value 2 indicates IGMPv2
and the value 3 indicates
IGMPv3.

vlan vlan-id1 [ to vlan-id2 ]

Applies the multicast group


policy to the specified
VLANs on the interface.

vlan-id1 and vlan-id2 are


integers that range 1 from
4094.

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-proxy group-policy command, run the 6.1.5 igmp-proxy enable
command to enable IGMP proxy globally and in the specified VLANs.
By configuring a multicast group policy for a VLAN on an interface, you can prohibit hosts in
the VLAN from joining the specified IP multicast groups.
If the IGMP version is not specified, the device applies the multicast group policy to all IGMP
messages regardless of their versions.

Example
# Prohibit hosts in VLAN 3 from join multicast group 225.1.1.123 on GE0/0/10.
<HUAWEI> system-view
[HUAWEI] acl number 2008

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

82

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

[HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0


[HUAWEI-acl-basic-2008] quit
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] quit
[HUAWEI] interface gigabitehernet 0/0/10
[HUAWEI-GigabitEthernet0/0/10] igmp-proxy group-policy 2008 vlan 3

6.1.8 igmp-proxy group-policy (VLAN view)


Function
Using the igmp-proxy group-policy command, you can configure the multicast group policy
in a VLAN. The policy specifies the multicast groups that hosts in the VLAN can join.
By default, no multicast group policy is available in a VLAN. That is, hosts in a VLAN can join
any multicast group.

Format
igmp-proxy group-policy acl-number [ [ version ] version-number ]

Parameters
Parameter

Description

Value

acl-number

Specifies the number of the


ACL that limits the multicast
groups that hosts in a VLAN
can join.

The value is an integer that


ranges from 2000 to 3999.

[ version ] version-number

Applies the multicast group


policy to only the IGMP
messages of the specified
version.

The value is an integer that


ranges from 1 to 3. The value
1 indicates IGMPv1, the
value 2 indicates IGMPv2
and the value 3 indicates
IGMPv3.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-proxy group-policy command, run the 6.1.5 igmp-proxy enable
command to enable IGMP proxy globally and in the VLAN.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

83

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

By setting the multicast group policy in a VLAN, you can restrict the access of hosts in the
VLAN to multicast groups.
If the IGMP version is not specified, the device applies the multicast group policy to all IGMP
messages regardless of their versions.

Example
# Prevent hosts in VLAN 3 from joining multicast group 225.1.1.123.
<HUAWEI> system-view
[HUAWEI] acl number 2008
[HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0
[HUAWEI-acl-basic-2008] quit
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy group-policy 2008

6.1.9 igmp-proxy lastmember-queryinterval


Function
Using the igmp-proxy lastmember-queryinterval command, you can set the interval for
sending Group-Specific Query messages (last member query) in a VLAN.
By default, the interval for sending Group-Specific Query messages in a VLAN is 1 second.

Format
igmp-proxy lastmember-queryinterval lastmember-queryinterval

Parameters
Parameter

Description

Value

lastmember-queryinterval

Specifies the interval for


sending IGMP GroupSpecific Query messages.

The value is an integer that


ranges from 1 to 5, in
seconds. The default value is
1.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-proxy lastmember-queryinterval command, run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

84

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

By setting the interval for sending IGMP Group-Specific messages, you can:
l

Adjust and control the delay for hosts to leave a multicast group.
For example, when memberships change frequently on the network, you can run the igmpproxy lastmember-queryinterval command to reduce the interval for sending IGMP
Group-Specific Query messages. In this manner, the device can receive the response to the
IGMP Group-Specific Query messages quickly.

Maintain forwarding entries.


When receiving IGMP Leave messages from hosts, the device sets the aging time of
member interfaces by using the following formula: Aging time = Interval for sending
Group-Specific Query messages x IGMP robustness variable.

When the device runs IGMPv1, hosts do not send Leave messages when leaving a multicast
group. Therefore, the igmp-proxy lastmember-queryinterval command is valid only when
IGMPv2 messages are processed in a VLAN.

Example
# Set the interval for sending Group-Specific Query messages in VLAN 3 to 4 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy lastmember-queryinterval 4

6.1.10 igmp-proxy max-response-time


Function
Using the igmp-proxy max-response-time command, you can set the maximum response time
for IGMP messages in the VLAN.
By default, the maximum response time for IGMP messages is 10 seconds.

Format
igmp-proxy max-response-time max-response-time

Parameters
Parameter

Description

Value

max-response-time

Specifies the maximum


response time for IGMP
messages.

The value is an integer that


ranges from 1 to 25, in
seconds. The default value is
10.

Views
VLAN view
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

85

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-proxy max-response-time command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
By setting the maximum response time, you can:
l

Control the deadline for a host to send the IGMP Report message. A proper setting of the
maximum response time enables hosts to quickly respond to Query messages, thus
preventing the congestion caused by a large number of Response messages sent at the same
time.

Adjust the aging time of member interfaces. When receiving IGMP Report messages from
hosts, the device sets the aging time of member interfaces by using the following formula:
Aging time = IGMP robustness variable x Interval for sending IGMP General Query
messages + Maximum response time.
NOTE

The maximum response time must be shorter than the interval for sending IGMP General Query messages.

If you run the igmp-proxy max-response-time command multiple times in the same VLAN
view, the latest configuration takes effect.

Example
# Set the maximum response time in VLAN 3 to 20 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy max-response-time 20

6.1.11 igmp-proxy prompt-leave


Function
Using the igmp-proxy prompt-leave command, you can enable interfaces in a VLAN to
promptly leave multicast groups.
By default, interfaces are disabled from promptly leave multicast groups.

Format
igmp-proxy prompt-leave [ group-policy acl-number ]

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

86

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Parameters
Parameter

Description

Value

group-policy basic-aclnumber

Allows interfaces to
promptly leave the specified
multicast groups. aclnumber specifies the number
of an ACL rule.

The value is an integer that


ranges from 2000 to 3999.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
If group-policy basic-acl-number is not specified, interfaces in the VLAN can leave all multicast
groups promptly.
Before running the igmp-proxy prompt-leave command, run the 6.1.5 igmp-proxy enable
command to enable IGMP proxy globally and in the VLAN.
When an interface of the device receives an IGMP Leave message of a multicast group, the
device deletes the forwarding entry of the multicast group corresponding to the interface from
the forwarding table. This process is called prompt leave. When an interface is connected to only
one host, the prompt leave mechanism can be used to release bandwidth resources quickly.
The configuration is valid only when IGMPv2 messages can be processed in the VLAN.
NOTE

You can configure prompt leave for an interface only when each multicast member interface is connected
to only one host in a VLAN. If the interface is connected to multiple host, the multicast traffic of other
receivers in the same group is interrupted when prompt leave is enabled.

Example
# Enable interfaces in VLAN 3 to promptly leave multicast group 225.1.1.123.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] acl number 2008
[HUAWEI-acl-basic-2008] rule permit source 225.1.1.123 0
[HUAWEI-acl-basic-2000] rule deny source any
[HUAWEI-acl-basic-2008] quit
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy prompt-leave group-policy 2008

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

87

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

6.1.12 igmp-proxy query-interval


Function
Using the igmp-proxy query-interval command, you can set the interval for sending IGMP
General Query messages in a VLAN.
By default, the interval for sending Group-Specific Query messages in a VLAN is 125 seconds.

Format
igmp-proxy query-interval query-interval

Parameters
Parameter

Description

Value

query-interval

Specifies the interval for


sending IGMP General
Query messages.

The value is an integer that


ranges from 1 to 65535, in
seconds. The default value is
60.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-proxy query-interval command, run the 6.1.5 igmp-proxy enable
command to enable IGMP proxy globally and in the VLAN.
By setting interval for sending IGMP General Query messages, you can:
l

Configure the device to send IGMP General Query messages at the set intervals to maintain
memberships of interfaces. The shorter the interval is, the more sensitive the device is and
the more bandwidth and switch resources are occupied.

Adjust the aging time of member interfaces. When receiving IGMP Report messages from
hosts, the device sets the aging time of member interfaces by using the following formula:
Aging time = IGMP robustness variable x Interval for sending IGMP General Query
messages + Maximum response time.
NOTE

The maximum response time must be shorter than the interval for sending IGMP General Query messages.

If you run the igmp-proxy query-interval command multiple times in the same VLAN view,
the latest configuration takes effect.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

88

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Example
# Set the interval for sending IGMP General Query messages in VLAN 3 to 100 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy query-interval 100

6.1.13 igmp-proxy require-router-alert


Function
Using the igmp-proxy require-router-alert command, you can configure the device to process
only the IGMP messages that contain the Router-Alert option in the IP header after receiving
the messages from a VLAN.
By default, the device can process the IGMP messages that do not contain the Router-Alert
option in the IP header.

Format
igmp-proxy require-router-alert

Parameters
None

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
After you run the igmp-proxy require-router-alert command , the device checks whether
received IGMP messages contain the Router-Alert option in the IP header. If not, the device
discards the IGMP messages.
Before running the igmp-proxy require-router-alert command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.

Example
# Configure interfaces in VLAN 3 to process only the IGMP messages that contain the RouterAlert option in the IP header.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy require-router-alert

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

89

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

6.1.14 igmp-proxy robust-count


Function
Using the igmp-proxy robust-count command sets the IGMP robustness variable in a VLAN,
which specifies how many times IGMP Query messages are sent.
By default, the robustness variable in a VLAN is 2.

Format
igmp-proxy robust-count robust-value

Parameters
Parameter

Description

Value

robust-value

Specifies the IGMP


robustness variable in a
VLAN.

The value is an integer that


ranges from 2 to 5.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-proxy lastmember-queryinterval command, run the 6.1.5 igmpproxy enable command to enable IGMP proxy globally and in the VLAN.
By setting the interval for sending IGMP Group-Specific messages, you can:
l

Specify the number of times the querier sends a Group-Specific Query message, which
prevents packet loss on the network.
When receiving an IGMP Leave message for a multicast group, the switch sends a GroupSpecific Query message certain times (specified by the IGMP robustness variable) to check
whether this group has any other members. If the quality of transmission links is low,
increase the IGMP robustness variable.

Change the aging time of multicast group member ports.


When receiving an IGMP Report message from a host, the switch starts the aging timer for
the member port. The aging time is calculated using the following formula: Aging time =
IGMP robustness variable x General query interval + Maximum response time for General
Query messages. The igmp-snooping robust-count command sets the general query
count.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

90

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Example
# Set the IGMP robustness variable to 5 in VLAN 3.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy robust-count 5

6.1.15 igmp-proxy router-aging-time


Function
Using the igmp-proxy router-aging-time command, you can set the aging time of dynamic
router interfaces in a VLAN.
By default, the aging time of dynamic router interfaces in a VLAN is 180 seconds or equal to
the holdtime contained in PIM Hello messages.

Format
igmp-proxy router-aging-time router-aging-time

Parameters
Parameter

Description

Value

router-aging-time

Specifies the aging time of


dynamic router interfaces in
a VLAN.

The value is an integer that


ranges from 1 to 1000, in
seconds. The default value is
180 seconds or the holdtime
contained in PIM Hello
messages.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-proxy router-aging-time command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
When receiving IGMP Query messages or PIM Hello messages from a dynamic router interface,
the device resets the aging time of the router interface.
By default, the device resets the aging time of the router interface as follows:
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

91

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

If IGMP Query messages are received by the interface, the device resets the aging time of
the interfaces to 180 seconds.

If PIM Hello messages are received by the interface and the holdtime of the Hello messages
is greater than the remaining aging time of the interface, the device resets the aging time
of the interface to the holdtime contained in the PIM Hello messages.

Example
# Set the aging time of router interfaces in VLAN 3 to 500 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] igmp-proxy router-aging-time 500

6.1.16 igmp-proxy send-query enable


Function
Using the igmp-proxy send-query enable command, you can enable the device to send IGMP
Query messages to non-router interfaces.
By default, the device is disabled from sending IGMP Query messages to non-router interfaces.

Format
igmp-proxy send-query enable

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Before using the igmp-proxy send-query enable command, you must run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally.
In most situations, the device does not send IGMP Query messages. When the MSTP
recalculation is triggered by changes of network topologies, the device sends IGMP General
Query messages to detect whether multicast members exist on each interface. This is caused by
changes of the forwarding path of packets.
When IGMP General Query messages are sent to hosts, the hosts that remain as multicast
members reply with IGMP Report messages. The device then updates information about
multicast member interfaces according to the IGMP Report messages. In this manner, multicast
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

92

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

packets can be quickly switched to new forwarding paths. This ensures smooth transmission of
multicast services.

Example
# Enable the device to send IGMP Query messages that respond to changes of network topologies
to non-router interfaces.
<HUAWEI> system-view
[HUAWEI] igmp-proxy send-query enable

6.1.17 igmp-proxy send-query source-address


Function
Using the igmp-proxy send-query source-address command, you can set the source IP address
contained in the IGMP messages sent by the device enabled with IGMP proxy.

Format
igmp-proxy send-query source-address ip-address

Parameters
Parameter

Description

Value

ip-address

Specifies the source IP


address of IGMP messages.

The address is in dotted


decimal notation and the
default value is 192.168.0.1.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Before using the igmp-proxy send-query source-address command, you must run the 6.1.5
igmp-proxy enable command to enable IGMP proxy globally.
If 192.168.0.1 is already used by other devices on the network, you can use the command to
modify the source IP address of IGMP General Query messages and other messages sent by the
device enabled with IGMP proxy.
When multiple devices exist on a shared network, you can set the source IP address of IGMP
messages to identify the devices. For example, you must specify different source IP addresses
for different devicees when the election mechanism is applied to the devicees with different
performances.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

93

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

If the command is run for multiple times in the same view, the latest configuration overwrites
the earlier ones.

Example
# Set the source IP address of IGMP messages sent by the device enabled with IGMP proxy to
192.168.10.1.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] igmp-proxy send-query source-address 192.168.10.1

6.1.18 igmp-proxy ssm-policy


Function
The igmp-proxy ssm-policy command configures an SSM group policy for IGMP proxy.

Format
igmp-proxy ssm-policy basic-acl-number

Parameters
Parameter

Description

Value

basic-acl-number

Specifies the number of the


basic ACL that defines the
range of SSM group
addresses.

The value is an integer that


ranges from 2000 to 2999.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Before this command, enable IGMP snooping globally.
By default, SSM group addresses range from 232.0.0.0 to 232.255.255.255. You can configure
an SSM group policy to narrow or expand the range of SSM group addresses.

Example
# Configure multicast group 225.1.1.123 as an SSM group.
<HUAWEI> system-view
[HUAWEI] acl number 2008

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

94

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

[HUAWEI-acl-basic-2008] rule permit source 225.1.1.123 0


[HUAWEI-acl-basic-2008] quit
[HUAWEI] igmp-snooping enable
[HUAWEI] igmp-proxy ssm-policy 2008

6.1.19 igmp-proxy static-group


Function
The igmp-proxy static-group command adds an interface statically to a multicast group.
By default, an interface is not statically added to any multicast groups.

Format
igmp-proxy static-group group-ip-address1 [ to group-ip-address2 ] [ source-address sourceip-address ] vlan vlan-id

Parameters
Parameter

Description

Value

group-ip-address1 to groupip-address2

Adds the interface to multiple


multicast groups. The values
of group-ip-address1 and
group-ip-address2 must be in
the same network segment
(with a 24-bit mask).

source-address source-ipaddress

Specifies the IP address of a


multicast source.

The value of source-ipaddress can be any Class A,


Class B, or Class C address,
in dotted decimal notation.

vlan vlan-id

Specifies the ID of a VLAN.

The value is an integer that


ranges from 1 to 4094.

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
In addition to dynamic multicast forwarding entries generated by Layer 2 protocol protocols,
you can configure static Layer 2 multicast forwarding entries by binding interfaces to entries.
After an interface is statically added to a multicast group, users connected to this interface can
receive multicast data of the multicast group for a long time.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

95

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Example
# Add GE0/0/1 in VLAN 2 to multicast group 224.1.1.1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-proxy static-group 224.1.1.1 vlan 2

6.1.20 igmp-proxy static-router-port


Function
Using the igmp-proxy static-router-port command, you can configure an interface as a static
router interface in a specified VLAN.

Format
igmp-proxy static-router-port vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>

Parameters
Parameter

Description

Value

vlan vlan-id

Indicates a VLAN. vlan-id


specifies the ID of a VLAN.

The value is an integer that


ranges from 1 to 4094.

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-proxy static-router-port command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
If the interface is not added to the VLAN specified by vlan-id before the command is run, the
configuration is kept on the device and becomes valid until the interface is added to the specified
VLAN.
NOTE

A static router interface does not age.

Example
# Configure GE0/0/1 in VLAN 3 as a static router interface.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

96

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-proxy static-router-port vlan 3

6.1.21 igmp-proxy table limit


Function
Using the igmp-proxy table limit command, you can set the maximum number of IGMP proxy
entries on an interface.

Format
igmp-proxy table limit limit-num vlan { vlan-id1 [ to vlan-id2 ] } & <1-10>

Parameters
Parameter

Description

Value

limit-num

Specifies the maximum


number of IGMP proxy
entries on an interface.

The value is an integer and


the value range depends on
the product model:
l S2750: 1 to 1022
l S5700S-LI, S5700LI, and
S5700SI: 1 to 1024
l S5700EI, S5710EI,
S5700HI, S5710HI, and
S6700: 1 to 2048

vlan-id1 [ to vlan-id2 ]

Specifies the ID of a user


VLAN.

The value is an integer that


ranges from 1 to 4094.

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
After the igmp-proxy table limit command is run, the number of IGMP proxy entries on the
interface cannot exceeds the limit.

Example
# Set the maximum number of IGMP proxy entries in VLAN 10 on GE0/0/1 to 100.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

97

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

<HUAWEI> system view


[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-proxy table limit 100 vlan 10

6.1.22 igmp-proxy version


Function
Using the igmp-proxy version command, you can configure the version of IGMP messages that
can be processed by the IGMP proxy in a VLAN.
By default, the IGMP proxy can process both IGMPv1 messages and IGMPv2 messages in a
VLAN.

Format
igmp-proxy version version

Parameters
Parameter

Description

Value

version

Specifies the version of


IGMP messages that can be
processed in a VLAN.

The value is an integer that


ranges from 1 to 3.
l The value 1 indicates that
only IGMPv1 messages
can be processed.
l The value 2 indicates that
both IGMPv1 and
IGMPv2 messages can be
processed.
l The value 3 indicates that
the system can process
IGMPv1, IGMPv2, and
IGMPv3 messages.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Hosts in the same VLAN must run the IGMP protocol of the same version. When hosts that run
different IGMP versions exist in a VLAN, you need to run the igmp-proxy version command
to configure the IGMP version.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

98

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Before running the igmp-proxy version command, run the 6.1.5 igmp-proxy enable command
to enable IGMP proxy globally and in the VLAN.

Example
# Configure the IGMP proxy to process only IGMPv1 messages in VLAN 2.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 2
[HUAWEI-vlan2] igmp-proxy enable
[HUAWEI-vlan2] igmp-proxy version 1

6.1.23 igmp-snooping group-policy (interface view)


Function
The igmp-snooping group-policy command configures a multicast group policy for a VLAN
on an interface. The policy specifies the multicast groups that hosts in the VLAN can join.
By default, no multicast group policy is configured for a VLAN. That is, hosts in the VLAN can
join any multicast group.

Format
igmp-snooping group-policy acl-number vlan vlan-id1 [ to vlan-id2 ] version-number

Parameters
Parameter

Description

Value

acl-number

Specifies the number of the


ACL that limits the multicast
groups that hosts in a VLAN
can join.

The value is an integer that


ranges from 2000 to 3999.

version-number

Applies the multicast group


policy to only the IGMP
messages of the specified
version.

The value is an integer that


ranges from 1 to 3. The value
1 indicates IGMPv1, the
value 2 indicates IGMPv2
and the value 3 indicates
IGMPv3.

vlan vlan-id1 [ to vlan-id2 ]

Applies the multicast group


policy to the specified
VLANs on the interface.

vlan-id1 and vlan-id2 are


integers that range 1 from
4094.

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

99

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-snooping group-policy command, enable IGMP snooping globally
and in the specified VLANs.
By configuring a multicast group policy for a VLAN on an interface, you can prohibit hosts in
the VLAN from joining the specified IP multicast groups.

Example
# Prohibit hosts in VLAN 3 from join multicast group 225.1.1.123 on GE0/0/10.
<HUAWEI> system-view
[HUAWEI] acl number 2008
[HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0
[HUAWEI-acl-basic-2008] quit
[HUAWEI] igmp-snooping enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-snooping enable
[HUAWEI-vlan3] quit
[HUAWEI] interface gigabitethernet 0/0/10
[HUAWEI-GigabitEthernet0/0/10] igmp-snooping group-policy 2008 vlan 3 2

6.1.24 igmp-snooping group-policy (VLAN view)


Function
Using the igmp-snooping group-policy command, you can configure the multicast group policy
in a VLAN. The policy specifies the multicast groups that hosts in the VLAN can join.
By default, no multicast group policy is available in a VLAN. That is, hosts in a VLAN can join
any multicast group.

Format
igmp-snooping group-policy acl-number version-number

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

acl-number

Specifies the number of the


ACL that limits the multicast
groups that hosts in a VLAN
can join.

The value is an integer that


ranges from 2000 to 3999.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

100

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Parameter

Description

Value

version-number

Applies the multicast group


policy to only the IGMP
messages of the specified
version.

The value is an integer that


ranges from 1 to 3. The value
1 indicates IGMPv1, the
value 2 indicates IGMPv2
and the value 3 indicates
IGMPv3.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Before running the igmp-snooping group-policy command, enable IGMP snooping globally
and in the VLAN.
By setting the multicast group policy in a VLAN, you can restrict the access of hosts in the
VLAN to multicast groups.

Example
# Prevent hosts in VLAN 3 from joining multicast group 225.1.1.123.
<HUAWEI> system-view
[HUAWEI] acl number 2008
[HUAWEI-acl-basic-2008] rule deny source 225.1.1.123 0
[HUAWEI-acl-basic-2008] quit
[HUAWEI] igmp-snooping enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-snooping enable
[HUAWEI-vlan3] igmp-snooping group-policy 2008 2

6.1.25 igmp-snooping proxy enable


Function
Using the igmp-snooping proxy enable command, you can enable IGMP snooping globally.
By default., IGMP snooping is disabled globally.

Format
igmp-snooping proxy enable

Parameters
None
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

101

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Views
System view

Default Level
2: Configuration level

Usage Guidelines
None

Example
# Enable IGMP proxy globally.
<HUAWEI> system-view
[HUAWEI] igmp-snooping proxy enable

# Enable IGMP proxy in VLAN 3.

6.1.26 igmp-snooping ssm-policy


Function
The igmp-snooping ssm-policy command configures an SSM group policy for IGMP snooping.
All the multicast groups permitted by the SSM group policy are SSM groups.

Format
igmp-snooping ssm-policy basic-acl-number

Parameters
Parameter

Description

Value

basic-acl-number

Specifies the number of the


basic ACL that defines the
range of SSM groups.

The value is an integer that


ranges from 2000 to 2999.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Perform the following operations before using this command:
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

102

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Create a basic ACL.

Enable IGMP proxy globally.

By default, SSM group addresses range from 232.0.0.0 to 232.255.255.255. If hosts need to join
multicast groups out of this range or they are only allowed to join some of multicast groups in
the range, you can configure an SSM group policy to specify the SSM group range.

Example
# Configure multicast group 225.1.1.123 as an SSM group.
<HUAWEI> system-view
[HUAWEI] acl number 2000
[HUAWEI-acl-basic-2000] rule permit source 225.1.1.123 0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] igmp-proxy enable
[HUAWEI] igmp-snooping ssm-policy 2000

6.1.27 igmp-snooping static-group


Function
The igmp-snooping static-group command adds an interface statically to a multicast group.
By default, an interface is not statically added to any multicast groups.

Format
igmp-snooping static-group group-ip-address1 [ to group-ip-address2 ] [ source-address
source-ip-address ] vlan vlan-id

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

group-ip-address1 to groupip-address2

Adds the interface to


multiple multicast groups.
The values of group-ipaddress1 and group-ipaddress2 must be in the same
network segment (with a 24bit mask).

source-address source-ipaddress

Specifies the IP address of a


multicast source.

The value of source-ipaddress can be any Class A,


Class B, or Class C address,
in dotted decimal notation.

vlan vlanid

Specifies the ID of a VLAN.

The value is an integer that


ranges from 1 to 4094.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

103

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
In addition to dynamic multicast forwarding entries generated by Layer 2 protocol protocols,
you can configure static Layer 2 multicast forwarding entries by binding interfaces to entries.
After an interface is statically added to a multicast group, users connected to this interface can
receive multicast data of the multicast group for a long time.

Example
# Add GE0/0/1 in VLAN 2 to multicast group 224.1.1.1.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-snooping static-group 224.1.1.1 vlan 2

6.1.28 igmp-snooping suppression-time


Function
The igmp-snooping suppression-time command sets the global IGMP message suppression
time.

Format
igmp-snooping suppression-time suppression-time

Parameters
Parameter

Description

Value

suppression-time

Specifies the global IGMP


message suppression time.

The value is an integer that


ranges from 0 to 300, in
seconds. The default value is
10.

Views
System view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

104

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Usage Guidelines
To reduce the IGMP messages sent to the upstream router and protects the router from attacks,
enable the device to suppress IGMP Report and IGMP Leave messages sent by hosts. After this
function is enabled, the device processes IGMP Report and IGMP Leave messages as follows:
l

After receiving an IGMP Report message and forwarding the message, the device does not
forward the same type of messages to the router interface within the suppression time.

If the device receives an IGMP General Query message or Group-Specific message, the
device does not suppress the first IGMP Report message that responds to the General Query
message. In addition, the device resets the suppression timer when receiving the first IGMP
Report message.

The igmp-snooping suppression-time command sets the period during which IGMP Report
and IGMP Leave messages are suppressed.

Example
# Set the global IGMP message suppression time to 15 seconds.
<HUAWEI> system-view
[HUAWEI] igmp-snooping suppression-time 15

6.1.29 igmp-snooping table limit


Function
Using the igmp-snooping table limit command, you can set the maximum number of the entries
that can be configured or learnt by the IGMP snooping module on an interface.

Format
igmp-snooping table limit limit-num vlan vlan-id

Parameters
Parameter

Description

Value

limit-num

Specifies the maximum


number of the entries that can
be configured or learnt by the
IGMP snooping module on
an interface.

The value is an integer and


the value range depends on
the product model:
l S2750: 1 to 1022
l S5700S-LI, S5700LI, and
S5700SI: 1 to 1024
l S5700EI, S5710EI,
S5700HI, S5710HI, and
S6700: 1 to 2048

vlan vlan-id

Issue 04 (2014-07-30)

Specifies a VLAN ID.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

The value is an integer that


ranges from 1 to 4094.

105

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
After the igmp-snooping table limit command is used, the number of the entries that can be
configured or learnt by the IGMP snooping module on an interface cannot exceed the maximum
number.

Example
# Set the maximum number of the entries that can be configured or learnt by the IGMP snooping
module on GE0/0/1 in VLAN 4 to 100.
<HUAWEI> system view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] igmp-snooping table limit 100 vlan 4

6.1.30 multicast-source-deny interface


Function
The multicast-source-deny interface command enables the switch to filter outer multicast data
packets sent from a VLAN on specified interfaces.
By default, multicast data packets from all VLANs are accepted.

Format
multicast-source-deny interface interface-type interface-num1 [ to interface-num2 ] & <1-10>

Parameters
Parameter

Description

Value

interface-type interfacenum1 [ to interface-num2 ]

Specifies the interfaces on


which the multicast packet
filtering function needs to be
enabled.

Views
VLAN view
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

106

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Default Level
2: Configuration level

Usage Guidelines
When some interfaces need to reject multicast data packets sent from a VLAN (for example, a
user VLAN), you can run the multicast-source-deny command in this VLAN and specify these
interfaces in the command.

Example
# Filter out multicast data packets received from VLAN 10 on GE0/0/1.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-vlan10] multicast-source-deny interface gigabitethernet 0/0/1

6.1.31 reset igmp-proxy group


Function
Using the reset igmp-proxy group command, you can clear the dynamic forwarding entries
from the multicast forwarding table.

Format
reset igmp-proxy group vlan { vlan-id | all } all

Parameters
Parameter

Description

Value

vlan vlan-id

vlan-id specifies the ID of a


VLAN. If this parameter is
specified, the device clears
the dynamic forwarding
entries of the specified
VLAN.

The value is an integer that


ranges from 1 to 4094.

all

Clears the dynamic


forwarding entries of all
VLANs from the multicast
forwarding table.

Views
User view

Default Level
3: Management level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

107

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Usage Guidelines
Before running the reset igmp-proxy group command, you need to run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally.
If the command clears the dynamic forwarding entries of a VLAN from the multicast forwarding
table, the hosts in the VLAN cannot receive the multicast packets temporarily. The hosts can
receive multicast packets only when they send IGMP Report messages and the device generates
dynamic forwarding entries.
NOTE

This command cannot clear static forwarding entries.

Example
# Clear the dynamic forwarding entries of all VLANs.
<HUAWEI> reset igmp-proxy group vlan all all

# Clear all dynamic forwarding entries of VLAN 3.


<HUAWEI> reset igmp-proxy group vlan 3 all

6.1.32 undo igmp-proxy router-learning


Function
The undo igmp-proxy router-learning command disables dynamic router interface learning
in a VLAN.
By default, dynamic router interface learning is enabled in a VLAN.

Format
undo igmp-proxy router-learning

Parameters
None

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Before running the undo igmp-proxy router-learning command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.
A device running IGMP snooping considers an interface as a router interface when the interface
receives an IGMP General Query message with any source IP address except 0.0.0.0 or a PIM
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

108

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Hello message. The device records all the router interfaces in the router interface list. Too many
router interfaces make it difficult for the device to control the multicast flows that users can
receive. To control the multicast flows received by users, disable router interface learning in
VLANs.

Example
# Disable router interface learning in VLAN 3.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3
[HUAWEI-vlan3] igmp-proxy enable
[HUAWEI-vlan3] undo igmp-proxy router-learning

6.1.33 undo igmp-proxy send-router-alert


Function
Using the undo igmp-proxy send-router-alert command, you can configure the device to send
IGMP messages not containing the Router-Alert option in the IP header.
By default, the device sends IGMP messages that contain the Router-Alert option in the IP
header.

Format
undo igmp-proxy send-router-alert

Parameters
None

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
Before running the undo igmp-proxy send-router-alert command, run the 6.1.5 igmp-proxy
enable command to enable IGMP proxy globally and in the VLAN.

Example
# Configure the device to send IGMP messages that does not contain the Router-Alert option in
the IP header to VLAN 3.
<HUAWEI> system-view
[HUAWEI] igmp-proxy enable
[HUAWEI] vlan 3

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

109

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

[HUAWEI-vlan3] igmp-proxy enable


[HUAWEI-vlan3] undo igmp-proxy send-router-alert

6.2 MLD Snooping Compatible Commands


6.2.1 mld-snooping group-policy (interface view)
Function
The mld-snooping group-policy command configures an IPv6 multicast group policy on an
interface.

Format
mld-snooping group-policy acl6-number vlan vlan-id mld-version [ default-permit ]

Parameters
Parameter

Description

Value

acl6-number

Specifies the number of an


IPv6 ACL that defines a
range of multicast groups. A
basic or advanced ACL can
be used in an IPv6 multicast
group policy.

The value is an integer that


ranges from 2000 to 3999.

vlan vlan-id

Applies the IPv6 multicast


group policy to a specified
VLAN on an interface.

The value is an integer that


ranges from 1 to 4094.

mld-version

Specifies an MLD version.


The multicast group policy is
applied only to the MLD
messages of this version. If
this parameter is not
specified, the multicast group
policy applies to all MLD
messages.

The value is 1 or 2.

Configures the multicast


group policy to permit all
groups by default. That is, if
the referenced ACL has no
rules, the multicast group
policy allows hosts in the
VLAN to join all groups.

default-permit

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

l 1: MLDv1
l 2: MLDv2

110

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Views
Ethernet interface view, GE interface view, XGE interface view, 40GE interface view, port group
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
An IPv6 multicast group policy controls the multicast programs that users can order on a device
with Multicast Listener Discovery (MLD) snooping enabled. In multicast applications, user
hosts send MLD Report messages to join a group when they order programs of this group. When
the upstream Layer 2 device receives the Report messages, it processes the Report messages
differently depending on whether the group policy configured on the inbound interface has the
default-permit keyword specified:
l

If default-permit is not specified, the group policy prevents hosts in the VLAN from
joining any group by default. A filter rule must be configured by specifying the permit
keyword in the rule command. If the Report messages match the filter rule, the Layer 2
device allows the hosts in the VLAN to join the group and forwards the Report messages.
If the Report messages do not match the filter rule, the Layer 2 device prevents the hosts
from joining the group and drops the Report messages.

If default-permit is specified, the group policy allows hosts in the VLAN to join all groups
by default. A filter rule must be configured by specifying the deny keyword in the rule
command. If the Report messages match the filter rule, the Layer 2 device prevents the
hosts in the VLAN from joining the group and drops the Report messages. If the Report
messages do not match the filter rule, the Layer 2 device allows the hosts to join the group
and forwards the Report messages.

Example
# Prevent hosts in VLAN 10 on GE0/0/1 from joining IPv6 multicast group ff1c::3/32.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2000
[HUAWEI-acl6-basic-2000] rule deny source ff1c::3/32
[HUAWEI-acl6-basic-2000] quit
[HUAWEI] mld-snooping enable
[HUAWEI] vlan 10
[HUAWEI-vlan10] mld-snooping enable
[HUAWEI-vlan10] quit
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type trunk
[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[HUAWEI-GigabitEthernet0/0/1] mld-snooping group-policy 2000 vlan 10 default-permit

# Allow hosts in VLAN 10 connected to GE0/0/1 to join IPv6 multicast group ff1c::3/32.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2000
[HUAWEI-acl6-basic-2000] rule permit source ff1c::3/32
[HUAWEI-acl6-basic-2000] quit
[HUAWEI] mld-snooping enable
[HUAWEI] vlan 10
[HUAWEI-vlan10] mld-snooping enable
[HUAWEI-vlan10] quit
[HUAWEI] interface gigabitethernet 0/0/1

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

111

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

[HUAWEI-GigabitEthernet0/0/1] port link-type trunk


[HUAWEI-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[HUAWEI-GigabitEthernet0/0/1] mld-snooping group-policy 2000 vlan 10

6.2.2 mld-snooping group-policy (VLAN view)


Function
The mld-snooping group-policy command configures an IPv6 multicast group policy in a
VLAN.

Format
mld-snooping group-policy acl6-number mld-version [ default-permit ]
undo mld-snooping group-policy

Parameters
Parameter

Description

Value

acl6-number

Specifies the number of an


IPv6 ACL that defines a
range of multicast groups. A
basic or advanced ACL can
be used in an IPv6 multicast
group policy.

The value is an integer that


ranges from 2000 to 3999.

mld-version

Applies the multicast group


policy only to the MLD
messages of the specified
version. If this parameter is
not specified, the multicast
group policy applies to all
MLD messages.

The value is 1 or 3.

Configures the multicast


group policy to permit all
groups by default. That is, if
the referenced ACL has no
rules, the multicast group
policy allows hosts in the
VLAN to join all groups.

default-permit

l 1: MLDv1
l 2: MLDv2

Views
VLAN view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

112

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Usage Guidelines
An IPv6 multicast group policy controls the multicast programs that users can order on a device
with Multicast Listener Discovery (MLD) snooping enabled. In multicast applications, user
hosts send MLD Report messages to join a group when they order programs of this group. When
the upstream Layer 2 device receives the Report messages, it processes the Report messages
differently depending on whether the group policy configured in the VLAN has the defaultpermit keyword specified:
l

If default-permit is not specified, the group policy prevents hosts in the VLAN from
joining any group by default. A filter rule must be configured by specifying the permit
keyword in the rule command. If the Report messages match the filter rule, the Layer 2
device allows the hosts in the VLAN to join the group and forwards the Report messages.
If the Report messages do not match the filter rule, the Layer 2 device prevents the hosts
from joining the group and drops the Report messages.

If default-permit is specified, the group policy allows hosts in the VLAN to join all groups
by default. A filter rule must be configured by specifying the deny keyword in the rule
command. If the Report messages match the filter rule, the Layer 2 device prevents the
hosts in the VLAN from joining the group and drops the Report messages. If the Report
messages do not match the filter rule, the Layer 2 device allows the hosts to join the group
and forwards the Report messages.

Example
# Prevent hosts in VLAN 4 from joining IPv6 multicast group ff1e::1/32.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2001
[HUAWEI-acl6-basic-2001] rule deny source ff1e::1/32
[HUAWEI-acl6-basic-2001] quit
[HUAWEI] mld-snooping enable
[HUAWEI] vlan 4
[HUAWEI-vlan4] mld-snooping enable
[HUAWEI-vlan4] mld-snooping group-policy 2001 default-permit

# Allow hosts in VLAN 4 to join IPv6 multicast group ff1e::1/32.


<HUAWEI> system-view
[HUAWEI] acl ipv6 number 2001
[HUAWEI-acl6-basic-2001] rule permit source ff1e::1/32
[HUAWEI-acl6-basic-2001] quit
[HUAWEI] mld-snooping enable
[HUAWEI] vlan 4
[HUAWEI-vlan4] mld-snooping enable
[HUAWEI-vlan4] mld-snooping group-policy 2001

6.3 Multicast VLAN Compatible Commands


6.3.1 multicast user-vlan
Function
Using the multicast user-vlan command, you can set the mapping between a multicast VLAN
and a user VLAN.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

113

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

6 IP Multicast Compatible Commands

Format
multicast user-vlan { vlan-id1 [ to vlan-id2 ] } & <1-10>

Parameters
Parameter

Description

Value

vlan-id1 [ to vlan-id2 ]

Specifies the ID of a user


VLAN.

The value is an integer that


ranges from 1 to 4094.

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
A user VLAN can be mapped to only one multicast VLAN. If you configure a multicast VLAN
for a user VLAN, and then you configure another multicast VLAN for the user VLAN, the latest
configured multicast VLAN overrides the previous configuration.

Example
# Set the mapping between a multicast VLAN with the ID as 1 and a user VLAN with the ID as
2 after VLAN 1 is enabled with the multicast VLAN function.
[HUAWEI] vlan 1
[HUAWEI-vlan1] multicast user-vlan 2

# Set the mappings between a multicast VLAN with the ID as 1 and user VLANs with the IDs
ranging from 2 to 10 after VLAN 1 is enabled with the multicast VLAN function.
[HUAWEI] vlan 1
[HUAWEI-vlan1] multicast user-vlan 2 to 10

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

114

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

QoS compatible command

About This Chapter


7.1 cpu queue bpdu
7.2 port queue statistics enable
7.3 qos drr (scheduling template view)
7.4 qos local-precedence-queue-map
7.5 qos queue
7.6 qos queue max-buffer
7.7 qos queue max-length (tail drop template view)
7.8 qos queue statistics enable
7.9 qos sred
7.10 qos wrr (scheduling template view)

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

115

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

7.1 cpu queue bpdu


Function
Using the cpu queue bpdu command, you can set the bandwidth consumed by BPDUs sent to
the queues on the CPU.
NOTE

This command is only supported by S5700SI and S5700EI..

Format
cpu queue bpdu cir cir pir pir

Parameters
Parameter

Description

Value

cir cir

Specifies the Committed


Information Rate (CIR)
of BPDUs sent to the
queues on the CPU.

The value is an integer that


ranges from 64 to 512, in kbit/
s. By default, the CIR is 128
kbit/s.

pir pir

Specifies the Peak


Information Rate (PIR)
of BPDUs sent to the
queues on the CPU.

The value is an integer that


ranges from 64 to 512, in kbit/
s. By default, the PIR is 128
kbit/s.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
If packet loss occurs during the transmission of BPDUs, you can use the cpu queue bpdu
command to set the bandwidth of BPDUs sent to the queues on the CPU. In this manner, less
BPDUs are lost.

Example
# Set the CIR and PIR of BPDUs sent to the queues on the CPU to 512 kbit/s.
<Quidway> system-view
[Quidway] cpu queue bpdu cir 512 pir 512

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

116

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

7.2 port queue statistics enable


Function
Using the port queue statistics enable command, you can enable traffic statistics on a specified
queue and set parameters.
Using the undo port queue statistics enable command, you can disable traffic statistics on a
specified queue.
By default, traffic statistics on a specified queue is disabled.
NOTE

This command is only supported by S5700EI.

Format
port queue statistics enable queue-index queue-index inbound interface interface-type
interface-number
port queue statistics enable queue-index queue-index outbound interface interface-type
interface-number [ from interface interface-type interface-number ]

Parameters
Parameter

Description

Value

queue-index

Specifies a queue index.

The value is an integer that


ranges from 0 to 7. Value 0 to
value 7 correspond to queue
0 to queue 7 respectively.

interface-type interfacenumber

Specifies the type and


number of an interface.

The interface type can be


ethernet, gigabitethernet,
xgigabitethernet.

from interface interfacetype interface-number

Enables traffic statistics on a


specified queue from a
specified inbound interface
to a specified outbound
interface.

The interface type can be


ethernet, gigabitethernet,
xgigabitethernet.

Views
System view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

117

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Usage Guidelines
If you have enabled traffic statistics on a specified queue, you can view the number of passed
packets in the queue.
NOTE

port queue statistics enable queue-index queue-index outbound interface interface-type interfacenumber
The device supports traffic statistics on a maximum of eight queues.

Example
# Display traffic statistics on queue 7 on the ingress interface GigabitEthernet 0/0/1.
<Quidway> system-view
[Quidway] port queue statistics enable queue-index 7 inbound interface
gigabitethernet 0/0/1

7.3 qos drr (scheduling template view)


Function
Using the qos drr command, you can set parameters for queues on which the DRR scheduling
is used.
Using the undo qos drr command, you can restore default values of parameters for queues on
which the DRR scheduling is used.
By default, the DRR scheduling weight value of a queue is 1.
NOTE

This command can be configured only on the S5700SI.

Format
qos drr queue-index queue-index weight weight-value
undo qos drr queue-index

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

queue-index

Specifies the index of a


queue.

The value is an integer that


ranges from 0 to 7. Value 0 to
value 7 correspond to queue
0 to queue 7 respectively.

weight-value

Specifies the DRR


scheduling weight value of a
queue.

The value is an integer that


ranges from 0 to 127. The
default value is 1.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

118

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Views
Scheduling template view

Default Level
2: Configuration level

Usage Guidelines
You can set parameters for queues on which the DRR scheduling is used only when the
scheduling mode in the scheduling template view is DRR; otherwise, you need to run the qos
(scheduling template view) command to change the scheduling mode on an interface to DRR
first. By default, the scheduling mode of the device is WRR.
If the qos drr command is repeatedly run in the same scheduling template view for the same
queue, the later configuration overrides the previous configuration.

Example
# Set the scheduling mode of queue 3 to DRR, and then set the scheduling weight value to 20
in global scheduling template a.
<Quidway> system-view
[Quidway] qos schedule-profile a
[Quidway-qos-schedule-profile-a] qos drr
[Quidway-qos-schedule-profile-a] qos drr queue-index 3 weight 20

7.4 qos local-precedence-queue-map


Function
Using the qos local-precedence-queue-map command, you can configure the mapping between
a local precedence and a queue.
Using the undo qos local-precedence-queue-map command, you can restore the default
mapping between a local precedence and a queue.
NOTE

This command is only supported by S5700EI and S5700SI.

Format
qos local-precedence-queue-map local-precedence queue-index
undo qos local-precedence-queue-map

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

119

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Parameters
Parameter

Description

Value

local-precedence

Specifies a local precedence.

The value is an integer that


ranges from 0 to 7. The
greater the value, the higher
the priority.

queue-index

Specifies the index of a


queue.

The value is an integer that


ranges from 0 to 7. Value 0 to
value 7 correspond to queue
0 to queue 7 respectively.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
If the qos local-precedence-queue-map command is run repeatedly in the same system view,
the later configuration overrides the previous configuration.
The device sends packets to the specified queue according to the mapping between a local
precedence and a queue.
By default, the mapping between a local precedence and a queue is shown in the following table.
Table 7-1 Mapping between a local precedence and a queue

Issue 04 (2014-07-30)

Local Precedence

Queue Index

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

120

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Example
# Map queue 3 to local precedence 4.
<Quidway> system-view
[Quidway] qos local-precedence-queue-map 4 3

7.5 qos queue


Function
Using the qos queue command, you can configure scheduling parameters for queues of each
class of service on an interface.
Using the undo qos queue command, you can restore the default scheduling parameters for
queues of each class of service on an interface.

Format
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } cir cir-value pir pir-value [ cbs cbs-value
pbs pbs-value ]
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef }
NOTE

This command is only supported by S5700SI and S5700EI.

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

af1, af2, af3, af4

Indicates queues that


guarantee bandwidths,
corresponding to queues Q1,
Q2, Q3, and Q4 respectively.

be

Indicates the best effort (BE) queue, corresponding to


queue Q0.

cs6, cs7

Indicates high priority


queues that correspond to
queue Q6 and queue Q7
respectively.

ef

Indicates the low-delay


queue that corresponds to
queue Q5.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

121

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Parameter

Description

Value

cir cir-value

Specifies a CIR, that is,


guaranteed bandwidth of an
interface.

It is an integer ranging from


64 to the interface bandwidth,
in kbit/s. For example, the
bandwidth of a GE interface
is 1000000 kbit/s, and that of
a 10GE interface is 10000000
kbit/s.

pir pir-value

Specifies a PIR, that is,


restricted bandwidth of an
interface.

It is an integer ranging from


64 to the interface bandwidth,
in kbit/s. For example, the
bandwidth of a GE interface
is 1000000 kbit/s, and that of
a 10GE interface is 10000000
kbit/s. The default value is
the interface bandwidth.

cbs cbs-value

Specifies a Committed Burst


Size (CBS), that is, the
committed traffic size that
can pass at a burst of traffic.

It is an integer ranging from


4096 bytes to 16773120
bytes. The default cbs-value
is related to the configured
cir-value.

pbs pbs-value

Specifies a Peak Burst Size


(PBS), that is, the peak traffic
size that can pass at a burst of
traffic.

It is an integer ranging from


4096 bytes to 16773120
bytes. The default pbs-value
is related to the configured
pir-value.

NOTE

The priorities of queues Q7, Q6, , Q1, and Q0 are 7, 6, , 1, and 0 respectively, in an descending order
on an interface.

Views
GE interface view, 10GE interface view

Default Level
2: Configuration level

Usage Guidelines
When the rate of an interface on a downstream device is lower than the rate of an interface on
an upstream device, traffic congestion may occur on the interface of the upstream device. In this
case, you can configure traffic shaping for queues on the outbound interface of the upstream
device and adjust the sending rate of the interface.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

122

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Example
# Configure traffic shaping for queue 2 on GE0/0/1. Set the CIR to 300 kbit/s and the PIR to
500 kbit/s.
<Quidway> system-view
[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] qos queue af2 cir 300 pir 500

7.6 qos queue max-buffer


Function
Using the qos queue max-buffer command, you can set the maximum buffer size of all packets
in a specified queue for a tail drop template.
Using the qos queue green max-buffer command, you can set the maximum buffer size of
green packets in a specified queue for a tail drop template.
Using the undo qos queue max-buffer command, you can delete the maximum buffer size of
all packets in a specified queue set for a tail drop template.
Using the undo qos queue green max-buffer command, you can delete the maximum buffer
size of green packets in a specified queue set for a tail drop template.

Format
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } max-buffer cell-number [ green maxbuffer cell-number ]
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } green max-buffer cell-number
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } max-buffer [ green maxbuffer ]
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } green max-buffer
NOTE

Only the S5700SI supports this command.

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

af1, af2, af3, af4

Indicates bandwidth
guaranteed queues that
correspond to queues Q1, Q2,
Q3, and Q4 respectively.

be

Indicates the BE queue that


corresponds to queue Q0.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

123

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Parameter

Description

Value

cs6, cs7

Indicates high priority


queues that correspond to
queues Q6 and Q7
respectively.

ef

Indicates the low-delay


queue that corresponds to
queue Q5.

max-buffer cell-number

Specifies the maximum


buffer size of all packets in a
specified queue.

The value is an integer that


ranges from 1 to 5134, in
cells. The size of a cell is 256
bytes. The default value is 24.

green max-buffer cellnumber

Specifies the maximum


buffer size of green packets
in a specified queue.

The value is an integer that


ranges from 1 to 5134, in
cells. The size of a cell is 256
bytes. The default value is 12.

Views
Tail drop template view

Default Level
2: Configuration level

Usage Guidelines
After running the qos tail-drop-profile command to create a tail drop template, you can run the
qos queue max-buffer command to set the maximum buffer size of all packets or green packets
in a specified queue for a tail drop template.

Example
# Create a global tail drop template named a, and then set the maximum buffer size of all packets
in a BE queue for the global tail drop template to 200, in cells.
<Quidway> system-view
[Quidway] qos tail-drop-profile a
[Quidway-qos-tail-drop-profile-a] qos queue be max-buffer 200

7.7 qos queue max-length (tail drop template view)


Function
Using the qos queue max-length command, you can set the maximum length of all packets in
a specified queue for a tail drop template.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

124

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Using the qos queue green max-length command, you can set the maximum length of green
packets in a specified queue for a tail drop template.
Using the undo qos queue max-length command, you can delete the maximum length of all
packets in a specified queue set for a tail drop template.
Using the undo qos queue green max-length command, you can delete the maximum length
of green packets in a specified queue set for a tail drop template.
NOTE

Only the S5700SI supports this command.

Format
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } max-length packet-number [ green maxlength packet-number ]
qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef } green max-length packet-number
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } max-length [ green maxlength ]
undo qos queue { af1 | af2 | af3 | af4 | be | cs6 | cs7 | ef | all } green max-length

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

af1, af2, af3, af4

Indicates bandwidth
guaranteed queues that
correspond to queues Q1, Q2,
Q3, and Q4 respectively.

be

Indicates the BE queue that


corresponds to queue Q0.

cs6, cs7

Indicates high priority


queues that correspond to
queues Q6 and Q7
respectively.

ef

Indicates the low-delay


queue that corresponds to
queue Q5.

max-length packet-number

Specifies the maximum


length of all packets in a
specified queue.

The value is an integer that


ranges from 1 to 5134, in
packets. The default value is
22.

green max-length packetnumber

Specifies the maximum


length of green packets in a
specified queue.

The value is an integer that


ranges from 1 to 5134, in
packets. The default value is
11.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

125

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Views
Tail drop template view

Default Level
2: Configuration level

Usage Guidelines
After running the qos tail-drop-profile command to create a tail drop template, you can run the
qos queue max-length command in the tail drop template view to set the maximum length of
all packets or green packets in a specified queue for the tail drop template.

Example
# Create a global tail drop template named a, and then set the maximum length of all packets in
a BE queue for the global tail drop template to 200, in packets.
<Quidway> system-view
[Quidway] qos tail-drop-profile a
[Quidway-tail-drop-profile-a] qos queue be max-length 200

7.8 qos queue statistics enable


Function
Using the qos queue statistics enable command, you can enable the queue statistics function
on a specified outbound interface.
Using the undo qos queue statistics enable command, you can disable the queue statistics
function on a specified outbound interface.
By default, the queue statistics function is disabled.
NOTE

This command is only supported by S5700EI.

Format
qos queue statistics enable interface interface-type interface-number
undo qos queue statistics enable

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

interface interface-type
interface-number

Specifies the type and


number of an interface.

The interface type can be


ethernet, gigabitethernet,
xgigabitethernet.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

126

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Views
System View

Default Level
2: Configuration level

Usage Guidelines
After enabling the queue statistics function on a specified outbound interface, you can view the
number of packets in the queue.
When you repeatedly run the qos queue statistics enable command in the system view, the
latest configuration overrides the previous ones.
The function of the qos queue statistics enable command is similar to that of the port queue
statistics enable command, but the port queue statistics enable command can flexibly
configure the statistics function of eight queues according to the interface, queue, and direction.
The port queue statistics enable command provides powerful functions, but the configuration
is complicated. The qos queue statistics enable command simplifies the configuration and can
take the statistics on packets entering the queue and discarded in the queue on the specified
interface. For problems of packet scheduling and packet loss in the queue, the qos queue
statistics enable command provides initial location information.

NOTICE
The qos queue statistics enable command is exclusive with the port queue statistics enable
command.
l

If the port queue statistics enable command has been used, the following error message
is displayed on the device when the qos queue statistics enable command is used:
Error: Can't perform this operation because the port-queue-statistics is
enabled.

If the qos queue statistics enable command has been used, the following error message is
displayed on the device when the port queue statistics enable command is used:
Error: Can't perform this operation because the qos-queue-statistics is
enabled.

After the qos queue statistics enable command is used, the statistics on discarded packets in
queues on other interfaces except for the specified interface are not taken. The output of the
display hol-drop command is affected. Therefore, the output of the display hol-drop command
is inaccurate. After the undo qos queue statistics enable command is run, the statistics on
discarded packets in queues on all the interfaces are taken.

Example
# Take the statistics on outgoing packets of the queue on GE 0/0/1.
<Quidway> system-view
[Quidway] qos queue statistics enable interface gigabitethernet 0/0/1

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

127

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

7.9 qos sred


Function
Using the qos sred command, you can set the SRED threshold and drop probability for queues
on an outbound interface.
Using the undo qos sred command, you can restore the default configuration. By default, the
SRED threshold and drop probability for queues on an outbound interface are not set.
NOTE

This command is only supported by S5700EI.

Format
qos sred queue-index queue-index red start-discard-point discard-probability discardprobability yellow start-discard-point discard-probability discard-probability
undo qos sred [ queue queue-index ]

Parameters
Parameter

Description

Value

queue-index

Specifies the index of a


queue.

The value is an integer that


ranges from 0 to 7. Value 0 to
value 7 correspond to queue
0 to queue 7 respectively.

start-discard-point

Specifies a threshold for


discarding packets.

The value ranges from 4 to


2047.

discard-probability

Specifies a probability for


discarding packets.

The value ranges from 0 to 7.


The mapping between the
values and percentages is as
follows:
l 0: 100%
l 1: 6.25%
l 2: 3.125%
l 3: 1.5625%
l 4: 0.78125%
l 5: 0.390625%
l 6: 0.1953125%
l 7: 0.09765625%

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

128

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Views
System view

Default Level
2: Configuration level

Usage Guidelines
NOTE

Using the trust 8021p command, you can configure an interface to trust priorities carried in packets. Then,
the device colors the packets red or yellow according to the 802.1p priorities of the packets; the device sets
a threshold for dropping red packets and a threshold for dropping yellow packets. When congestion
avoidance based on the SRED is configured,
l

A threshold for discarding red packets and the drop probability that are set for queues 0 to 4 take
effect.

A threshold for discarding yellow packets and the drop probability that are set for queues 0 to 4 do
not take effect.

A threshold for discarding yellow packets and the drop probability that are set for queues 5 to 7 take
effect.

A threshold for discarding red packets and the drop probability that are set for queues 5 to 7 do not
take effect.

Using the trust 8021p command, you can configure an interface to trust DSCP values of packets. Then,
the device colors the packets red or yellow according to drop precedences of packets; packets enter different
queues according to mappings between DSCP values and 802.1p priorities; the device drops packets
according to thresholds for dropping packets and drop precedences that are set in queues.

Configuring an SRED threshold impacts on thresholds for discarding packets in all queues on
an interface. When you repeatedly run the qos sred command for the same queue, the later
configuration overwrites the previous configuration.
When the number of packets in a queue is greater than a threshold for discarding packets,
conformed packets are dropped from the tail of the queue according to the drop probability set
by a user.

Example
# Configure queue 0 in the system view. Set a threshold for discarding red packets to 10. Set the
drop probability for red packets to 5. Set a threshold for discarding yellow packets to 20. Set the
drop probability for yellow packets to 4.
<Quidway> system-view
[Quidway] qos sred queue-index 0 red 10 discard-probability 5 yellow 20 discardprobability 4

7.10 qos wrr (scheduling template view)


Function
Using the qos wrr command, you can set parameters for queues on which the WRR scheduling
is used.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

129

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

Using the undo qos wrr command, you can restore default values of parameters for queues on
which WRR scheduling is used.
By default, the WRR scheduling weight value of a queue is 1.
NOTE

Only the S5700SI supports this command.

Format
qos wrr queue-index queue-index weight weight-value
undo qos wrr queue-index

Parameters
Parameter

Description

Value

queue-index

Specifies the index of a


queue.

The value is an integer that


ranges from 0 to 7. Value 0 to
value 7 correspond to queue
0 to queue 7 respectively.

weight-value

Specifies the WRR


scheduling weight value of a
queue.

The value is an integer that


ranges from 0 to 127. The
default value is 1.

Views
Scheduling template view

Default Level
2: Configuration level

Usage Guidelines
The device forwards packets of queues round according to values of WRR scheduling
parameters. The ratio of WRR weight values refers to the ratio of the number of packets in queues
for forwarding.
If the qos wrr command is repeatedly run in the same scheduling template view for the same
queue, the later configuration overrides the previous configuration.

Example
# In global scheduling template a, set the scheduling mode of queue 3 to WRR, and then set the
scheduling weight value to 20.
<Quidway> system-view
[Quidway] qos schedule-profile a

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

130

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

7 QoS compatible command

[Quidway-qos-schedule-profile-a] qos wrr


[Quidway-qos-schedule-profile-a] qos wrr queue-index 3 weight 20

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

131

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Security Compatible Commands

About This Chapter


8.1 AAA Compatible Commands
8.2 DHCP Snooping Compatible Commands
8.3 NAC Compatible Commands
8.4 Local Attack Defense Compatible Commands
8.5 IP Source Guard Compatible Commands
8.6 URPF Compatible Commands
8.7 Traffic Suppression Compatible Commands
8.8 ACL Compatible Commands

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

132

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

8.1 AAA Compatible Commands


8.1.1 adminuser-priority
Function
The adminuser-priority command configures a user as an administrator to log in to the device
and sets the administrator level during login.

Format
adminuser-priority level

Parameters
Parameter Description
level

Value

Specifies the level of an administrator. The value is an integer ranging from 0


to 15. After logging in to the device, a
user can run only the commands of the
same level or lower levels.

Views
Service scheme view

Default Level
2: Configuration level

Usage Guidelines
The adminuser-priority command configures a user as an administrator to log in to the device
and sets the administrator level during login.

Example
# Configure a user as an administrator to log in to the device and set the administrator level to
15.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] service-scheme svcscheme1
[HUAWEI-aaa-service-svcscheme1] adminuser-priority 15

8.1.2 local-user level


Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

133

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Function
The local-user level command sets the level of a local user.

Format
local-user user-name level level

Parameters
Parameter

Description

Value

user-name

Specifies the user name.

The value is a string of 1 to


64 case-insensitive
characters without spaces.

level

Specifies the user level.

The value is an integer that


ranges from 0 to 15. A greater
value indicates a higher level
of a user. The default user
level is 3.
After logging in to the device,
a user can run only the
commands of the same level
or lower levels.

Views
AAA view

Default Level
2: Configuration level

Usage Guidelines
The local-user level command sets the level of a local user.

Example
# Set the level of local user hello@huawei.net to 6.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] local-user hello@huawei.net level 6

8.1.3 local-user password old-password


Function
The local-user password old-password command changes the password for a local user.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

134

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Format
local-user user-name password { cipher | irreversible-cipher } password old-password oldpassword

Parameters
Parameter

Description

Value

user-name

Specifies a user name. If the


user name contains a domain
name delimiter such as @,
the character string before @
is the user name and the
character string behind @ is
the domain name. If the user
name does not contain @, the
entire character string is the
user name and the domain
name is the default one.

The value is a string of 1 to


64 case-sensitive characters
without spaces. The value is
in format user@domain.
When querying and
modifying user names, you
can use the wildcard *, for
example, *@isp, user@*,
and *@*.

cipher password

Indicates a password
encrypted through the
reversible algorithm.

The value is a string of casesensitive characters without


spaces. The length of a plaintext password ranges from 8
to 16, and the length of a
cipher-text password is 32.

It is recommended that you


set the user password when
creating a user.
cipher indicates that the
password is encrypted
through the reversible
algorithm. That is,
unauthorized users can
decrypt the passwords of
authorized users. This mode
has low security.
irreversible-cipher
password

Indicates a password
encrypted through the
irreversible algorithm.
irreversible-cipher
indicates that the password is
encrypted through the
irreversible algorithm. That
is, unauthorized users cannot
decrypt the passwords of
authorized users. This mode
has high security.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

The value is a string of casesensitive characters without


spaces. The length of a plaintext password ranges from 8
to 16, and the length of a
cipher-text password is 56.

135

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameter

Description

Value

old-password old-password

Indicates the old password of


a local user.

The value is a string of casesensitive characters without


spaces. The length of a plaintext password ranges from 8
to 16, and the length of a
cipher-text password is 32 or
56.

Views
AAA view

Default Level
3: Management level

Usage Guidelines
It is recommended that you change user passwords in the following situations:
l

Unauthorized users use the default user name and password to log in to the device.

A password has been used for a long time, so it is prone to disclosing and deciphering.

Example
# Change the password of the local user user1@vipdomain from admin@12345 to
huawei@1234.
<HUAWEI> system-view
[HUAWEI] aaa
[HUAWEI-aaa] local-user user1@vipdomain password cipher huawei@1234 old-password
admin@12345

8.1.4 radius-server test-user detect interval


Function
The radius-server test-user detect interval command sets the interval for automatic user status
detection.

Format
radius-server test-user detect interval interval-time

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

136

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

interval-time

Specifies the interval for


automatic user status
detection.

The value is an integer that


ranges from 5 to 3600, in
seconds.

Views
RADIUS server template view

Default Level
2: Configuration level

Usage Guidelines
You can use this command to set the interval for automatic user status detection.

Example
# Set the interval for automatic user status detection to 360 seconds.
<HUAWEI> system-view
[HUAWEI] radius-server template huawei
[HUAWEI-radius-huawei] radius-server test-user detect interval 360

8.2 DHCP Snooping Compatible Commands


8.2.1 dhcp option82 format
Function
The dhcp option82 format command configures the format of the Option 82 field in DHCP
messages.

Format
dhcp option82 [ circuit-id | remote-id ] format userdefined text

Parameters
Parameter

Description

Value

circuit-id

Specifies the format of the circuit-id


(CID).

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

137

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameter

Description

Value

remote-id

Specifies the format of the remote-id


(RID).

userdefined text Indicates the user-defined format of the text is the user-defined character
Option 82 field.
string of the Option 82 field.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
You can use the dhcp option82 format command to configure the format of the Option 82 field
in DHCP messages.

Example
# Configure the user-defined string for the CID in the Option 82 field and use the hexadecimal
format to encapsulate the CID type (0, indicating the hexadecimal format), length (excluding
the length of the CID type and the length keyword itself), outer VLAN ID, slot ID (5 bits), subslot
ID (3 bits), and port number (8 bits).
<HUAWEI> system-view
[HUAWEI] dhcp option82 circuit-id format userdefined 0 %length %svlan %5slot %
3subslot %8port

8.2.2 dhcp snooping bind-table


Function
The dhcp snooping bind-table command configures a device to automatically back up DHCP
snooping binding entries in a specified file.

Format
dhcp snooping bind-table autosave file-name [ write-delay delay-time ]

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

138

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

file-name

Specifies the path for storing


the file that backs up DHCP
snooping binding entries and
the file name. You must
specify both the path and
name of the file supported by
the system.

The value is a string of 1 to


51 characters.

write-delay delay-time

Specifies the interval for


local automatic backup of the
DHCP snooping binding
table.

The value is an integer that


ranges from 60 to
4294967295, in seconds. By
default, the system backs up
the DHCP snooping binding
table every two days.

If this parameter is not


specified, the backup interval
is the default value.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
You can use the dhcp snooping bind-table command to back up DHCP snooping binding entries
in a specified file.

Example
# Configure a device to automatically back up DHCP snooping binding entries in the file
backup.tbl in the flash memory.
<HUAWEI> system-view
[HUAWEI] dhcp snooping enable
[HUAWEI] dhcp snooping bind-table autosave flash:/backup.tbl

8.2.3 dhcp snooping information circuit-id


Function
The dhcp snooping information circuit-id command configures the Option 82 circuit-id
format.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

139

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Format
System view:
dhcp snooping information circuit-id string string
Interface view:
dhcp snooping information vlan vlan-id circuit-id string string

Parameters
Parameter

Description

Value

string string

Specifies the circuit-id


format.

The value is a string of 1 to


63 characters.

vlan vlan-id

Specifies a VLAN ID.

The value is an integer that


ranges from 1 to 4094.

Views
System view, Ethernet interface view, GE interface view, XGE interface view, 40GE interface
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
You can use the dhcp snooping information circuit-id command to configure the Option 82
circuit-id format.

Example
# Configure the Option 82 circuit-id format.
<Quidway> system-view
[Quidway] dhcp snooping information circuit-id string teststring

8.2.4 dhcp snooping information remote-id


Function
The dhcp snooping information remote-id command configures the Option 82 remote-id
format.

Format
System view:
dhcp snooping information remote-id { sysname | string string }
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

140

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Interface view:
dhcp snooping information vlan vlan-id remote-id string string

Parameters
Parameter

Description

Value

sysname

System name.

string string

Specifies the remote-id


format.

The value is a string of 1 to


63 characters.

vlan vlan-id

Specifies a VLAN ID.

The value is an integer that


ranges from 1 to 4094.

Views
System view, Ethernet interface view, GE interface view, XGE interface view, 40GE interface
view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
You can use the dhcp snooping information remote-id command to configure the Option 82
remote-id format.

Example
# Configure the Option 82 remote-id format.
<Quidway> system-view
[Quidway] dhcp snooping information remote-id string teststring

8.2.5 dhcp snooping information format


Function
The dhcp snooping information format command configures the Option 82 field format.

Format
dhcp snooping information format { hex | ascii }

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

141

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

hex

Sets the Option 82 format to


hexadecimal.

ascii

Sets the Option 82 format to


ASCII.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
You can use the dhcp snooping information format command to configure the Option 82 field
format.

Example
# Set the Option 82 format to ASCII.
<HUAWEI> system-view
[HUAWEI] dhcp snooping information format ascii

8.2.6 dhcp snooping check dhcp-rate enable


Function
The dhcp snooping check dhcp-rate enable command enables the alarm function for checking
the rate of sending DHCP packets to the DHCP stack.

Format
dhcp snooping check dhcp-rate enable rate rate [ alarm { enable | [ enable ] threshold
threshold } | vlan { vlanstart_id [ to vlanend_id ] } &<1-10>]

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

142

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

rate rate

Specifies the rate of sending DHCP


messages to the CPU.

The value is an integer that


ranges from 1 to 100.

The value is an integer that ranges


from 1 to 4094.
threshold threshold Specifies the alarm threshold for the
number of DHCP packets sent to the
CPU. After DHCP packet check is
enabled, an alarm is generated if the
number of discarded DHCP packets
reaches the alarm threshold.

The value is an integer that


ranges from 1 to 1000.

Views
System view, VLAN view, Ethernet interface view, GE interface view, XGE interface view,
40GE interface view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
You can use the dhcp snooping check dhcp-rate enable command to enable the alarm function
for checking the rate of sending DHCP packets to the DHCP stack.
This command can only be used during a configuration restoration.

Example
# Enable DHCP packet rate check in the system view.
<HUAWEI> system-view
[HUAWEI] dhcp snooping enable
[HUAWEI] dhcp snooping check dhcp-rate enable

8.2.7 dhcp snooping global max-user-number


Function
The dhcp snooping global max-user-number command sets the maximum number of global
DHCP users.
By default, the maximum number of global DHCP users is 1024.

Format
dhcp snooping global max-user-number max-user-number
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

143

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

max-user-number

Specifies the maximum


number of global DHCP
users.

The value is an integer that


ranges from 1 to 1024.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
The dhcp snooping global max-user-number command takes effect only when DHCP
snooping is enabled globally and is valid for only DHCP users. When the number of global
DHCP users reaches the threshold set by this command, no more users can access.
You can use the dhcp snooping global max-user-number command to set the maximum
number of global users.

Example
# Set the maximum number of global DHCP users to 100.
<HUAWEI> system-view
[HUAWEI] dhcp snooping enable
[HUAWEI] dhcp snooping global max-user-number 100

8.2.8 dhcp snooping sticky-mac


Function
The dhcp snooping sticky-mac command enables the device to generate static MAC address
entries based on dynamic DHCP snooping binding entries.
The undo dhcp snooping sticky-mac command disables the device from generating static MAC
address entries based on dynamic DHCP snooping binding entries.
By default, the device is disabled to generate static MAC address entries based on dynamic
DHCP snooping binding entries.

Format
dhcp snooping sticky-mac
undo dhcp snooping sticky-mac
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

144

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
None

Views
Ethernet interface view, 40GE interface view, GE interface view, XGE interface view, port group
view, Eth-trunk view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
Dynamic MAC address entries are learned and generated by the device, and static MAC address
entries are configured by command lines. A MAC address entry consists of the MAC address,
VLAN ID, and port number of a DHCP client. The device implements Layer 2 forwarding based
on MAC address entries.
After the dhcp snooping sticky-mac command is executed on an interface, the device generates
static MAC address entries (snooping type) of DHCP users on the interface based on the
corresponding dynamic binding entries, clears all the dynamic MAC address entries on the
interface, disables the interface to learn dynamic MAC address entries, and enables the device
to match the source MAC address based on MAC address entries. Then only the message with
the source MAC address matching the static MAC address entry can pass through the interface;
otherwise, messages are discarded. Therefore, the administrator needs to manually configure
static MAC address entries (the static type) for non-DHCP users on the interface so that messages
sent from non-DHCP users can pass through; otherwise, DHCP messages are discarded. This
prevents attacks from non-DHCP users.
NOTE

l If a DHCP snooping binding entry is updated, the corresponding static MAC address entry is
automatically updated.
l If you run the dhcp snooping sticky-mac command on the interface, DHCPv6 users cannot go online.
Run the nd snooping enable command in the system view and interface view to enable ND snooping
and the savi enable command in the system view to enable SAVI.

Prerequisites
DHCP snooping has been enabled on the device using the dhcp snooping enable command.
Precautions
The dhcp snooping sticky-mac command cannot be used with the following commands on an
interface.

Issue 04 (2014-07-30)

Command

Description

dot1x enable

Enables 802.1x authentication on an


interface.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

145

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Command

Description

mac-authen

Enables MAC address authentication on an


interface.

mac-address learning disable

Enables MAC address learning.

mac-limit

Sets the maximum number of MAC addresses


to be learned.

port vlan-mapping vlan map-vlan

Enables VLAN mapping.

port vlan-mapping vlan inner-vlan


port-security enable

Enables port security.

Example
# Enable the device to generate static MAC address entries based on DHCP snooping binding
entries on GE0/0/1.
<HUAWEI> system-view
[HUAWEI] dhcp enable
[HUAWEI] dhcp snooping enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dhcp snooping sticky-mac

8.2.9 dhcp snooping trust


Function
The dhcp snooping trust command configures an interface as a trusted interface.
The undo dhcp snooping trust command configures an interface as an untrusted interface.
By default, all interfaces are untrusted interfaces.

Format
dhcp snooping trust interface interface-type interface-number
undo dhcp snooping trust interface interface-type interface-number

Parameters
Parameter

Description

Value

interface interface-type interfacenumber

Specifies the type and number of an


interface.

l interface-type specifies the interface


type.
l interface-number specifies the interface
number.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

146

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
To enable DHCP clients to obtain IP addresses from authorized DHCP servers, DHCP snooping
supports the trusted interface and untrusted interfaces. The trusted interface forwards DHCP
messages while untrusted interfaces discard received DHCP ACK messages and DHCP Offer
messages.
An interface directly or indirectly connected to the DHCP server trusted by the administrator
needs to be configured as the trusted interface, and other interfaces are configured as untrusted
interfaces. This ensures that DHCP clients obtain IP addresses from authorized DHCP servers.

Example
# Configure GE0/0/1 in VLAN 100 as the trusted interface.
<HUAWEI> system-view
[HUAWEI] vlan 100
[HUAWEI-vlan100] dhcp snooping trust interface gigabitethernet 0/0/1

8.3 NAC Compatible Commands


8.3.1 mac-authen username fixed password
Function
The mac-authen username fixed password command configures the fixed user name and
password for MAC address authentication.
The undo mac-authen username fixed password command deletes the fixed user name and
password for MAC address authentication.
By default, no fixed user name and password is configured for MAC address authentication.

Format
mac-authen username fixed username password simple password
undo mac-authen username fixed username password simple password

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

147

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

fixed username Specifies the fixed user name for MAC The value is a string of 1 to 64
characters.
address authentication.
simple

Indicates the password in plain text.

password

Specifies the password for MAC


address authentication.

The value is a string of 1 to 16


characters.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
You can use the mac-authen username fixed password command to configure the fixed user
name and password for MAC address authentication.

Example
# Configure the fixed user name and password for MAC address authentication.
<HUAWEI> system-view
[HUAWEI] mac-authen username fixed tester password simple 123456

8.3.2 web-auth-server (system view)


Function
The web-auth-server command configures a web authentication server in the system view.
By default, no web authentication server is configured in the system view.

Format
web-auth-server server-name ip-address [ port port [ all ] ] [ key password | shared-key
{ simple password | cipher password } ] [ url url-string ]

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

148

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

server-name

Specifies the name of a web


authentication server
template.

The value is a string of 1 to


31 case-insensitive
characters.

ip-address

Specifies the IP address of a


web authentication server.

The value is in dotted


decimal notation.

port port

Specifies the port number


that the Portal server uses to
receive and encapsulate UDP
packets from the device.

The value is an integer that


ranges from 1 to 65535.

all

Indicates that the device


always uses the destination
port number specified by
port-number to encapsulate
UDP packets.

key password

Specifies the shared key that


the device uses to exchange
information with a Portal
server.

The value is a string of 1 to


16 characters.

shared-key

Specifies the shared key that


the device uses to exchange
information with a Portal
server.

simple password

Displays a shared key in plain


text.

The value is a string of 1 to


16 characters.

cipher password

Displays a shared key in


cipher text.

The value is a string of 1 to


256 characters.

url url-string

Specifies the URL of a portal


server. Portal authentication
users can visit this URL to
access the Portal server.

The value is a string of 1 to


200 characters.

Views
System view

Default Level
2: Configuration level

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

149

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Usage Guidelines
When an unauthenticated user goes online, a device forces the user to log in to a special website
(namely, the Portal website) so that the user can access the service on the Portal for free. To
access the Internet, the user must pass the authentication on the Portal.

Example
# Set the IP address of web authentication server huawei to 10.1.1.1.
<HUAWEI> system-view
[HUAWEI] web-auth-server huawei 10.1.1.1

8.4 Local Attack Defense Compatible Commands


8.4.1 blacklist
Function
The blacklist command configures an ACL-based blacklist.
By default, no blacklist is configured.

Format
blacklist acl { acl-number } &<1-4>

Parameters
Parameter

Description

acl acl-number Indicates the ACL ID. The ACL


referenced by a blacklist on the device
can be a basic ACL, an advanced ACL,
or a Layer 2 ACL.

Value
The value is an integer that ranges
from 2000 to 4999.

Views
System view, Attack defense policy view

Default Level
2: Configuration level

Usage Guidelines
A maximum of eight blacklists can be configured on the device. You can set the attributes of a
blacklist by defining ACL rules.
The packets sent from users in the blacklist are discarded after reaching the device.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

150

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Example
# Reference ACL 2001 in the blacklist.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] blacklist acl 2001

8.4.2 car
Function
The car command sets the rate at which packets are sent to the CPU.

Format
car packet-type bpdu cir cir-value [ cbs cbs-value ]
car packet-type ftp-dynamic cir cir-value [ cbs cbs-value ]
undo car packet-type bpdu
undo car packet-type ftp-dynamic

Parameters
Parameter

Description

Value

packet-type bpdu

Limits the rate of bpdu packets. -

packet-type ftp-dynamic Limits the rate of ftp-dynamic


packets.

cir cir-value

Indicates the committed


information rate (CIR).

The value is an integer that


ranges from 8 to 4294967295, in
kbit/s.

cbs cbs-value

Indicates the committed burst


size (CBS).

The value is an integer that


ranges from 10000 to
4294967295, in bytes.

Views
Attack defense policy view

Default Level
2: Configuration level

Usage Guidelines
The default CARs for packets of each type range from 64 kbit/s to 512 kbit/s. You can run the
display cpu-defend configuration command to query the default CAR.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

151

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

If you run the deny and car commands for the same type of packets sent to the CPU, the command
that runs later takes effect.
NOTE

If packets are sent to the CPU at a high rate and a large CAR value is configured on the device, the CPU
usage may be too high. This may degrade the device performance or even cause the stack split.

Example
# Set the CAR of packets in defense policy test as follows: Set the packet type to bpdu, CIR to
64 kbit/s, and CBS to 33000 bytes.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] car packet-type bpdu cir 64 cbs 33000

8.4.3 car cpu-port


Function
The car cpu-port command configures the CIR of all the packets to be sent to the CPU.
By default, the CIR value of all the packets to be sent to the CPU is 1024 kbit/s on the device.

Format
car cpu-port cir cir-rate

Parameters
Parameter

Description

Value

cir cir-rate

Sets the CIR of all the packets


to be sent to the CPU.

The value is an integer that


ranges from 64 to 2048, in
kbit/s.

Views
Attack defense policy view

Default Level
2: Configuration level

Usage Guidelines
The car cpu-port command limits the total rate of all protocol packets sent to the CPU. The
car packet-type command limits the rate of packets of a specified protocol. However, the total
CIR of packets of specified protocols cannot exceed the CIR of all the packets sent to the CPU.
When the CIR is exceeded, excess packets including unicast, multicast, and broadcast packets
are not sent to the CPU. In addition, the unicast packets are discarded directly.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

152

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Example
# Set the CIR of all the packets to be sent to the CPU to 512 kbit/s on the device.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] car cpu-port cir 512

8.4.4 cpu-defend linkup-car bgp enable


Function
The cpu-defend linkup-car bgp enable command enables the BGP protocol association.
The undo cpu-defend linkup-car bgp enable command disables the BGP protocol association.
By default, the BGP protocol association is disabled.

Format
cpu-defend linkup-car bgp enable
undo cpu-defend linkup-car bgp enable

Parameters
None

Views
System view

Default Level
2: Configuration level

Usage Guidelines
This command is provided for compatibility with earlier versions.

Example
# Enable the BGP protocol association.
<HUAWEI> system-view
[HUAWEI] cpu-defend linkup-car bgp enable

8.4.5 deny
Function
The deny command sets the discard action taken for packets sent to the CPU.
The undo deny command restores the default action taken for packets sent to the CPU.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

153

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

By default, the device limits the rate of protocol packets and user-defined flows based on the
CAR configuration.

Format
deny packet-type bpdu
deny packet-type ftp-dynamic
undo deny packet-type bpdu
undo deny packet-type ftp-dynamic

Parameters
Parameter

Description

Value

packet-type bpdu

Discards bpdu packets .

packet-type ftp-dynamic

Discards ftp-dynamic packets.

Views
Attack defense policy view

Default Level
2: Configuration level

Usage Guidelines
If you run the deny and car commands for the same type of packets sent to the CPU, the command
that runs later takes effect. The undo deny command restores the default action taken for packets
sent to the CPU. After you run this command, the system limits the rate of packets sent to the
CPU based on the configured CIR and CBS values.

Example
# Set the discard action taken for bpdu packets sent to the CPU attack in defense policy test.
<HUAWEI> system-view
[HUAWEI] cpu-defend policy test
[HUAWEI-cpu-defend-policy-test] deny packet-type bpdu

8.5 IP Source Guard Compatible Commands


8.5.1 ip anti-attack source-ip equals destinetion-ip drop
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

154

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Function
The ip anti-attack source-ip equals destinetion-ip drop command enables the device to
discard IP packets with the same source and destination IP addresses.
The undo ip anti-attack source-ip equals destinetion-ip drop command disables the device
from discarding IP packets with the same source and destination IP addresses.
By default, the device does not discard IP packets with the same source and destination IP
addresses.

Format
ip anti-attack source-ip equals destinetion-ip drop { all | slot slot-id }
undo ip anti-attack source-ip equals destinetion-ip drop { all | slot slot-id }

Parameters
Parameter

Description

Value

all

All the devices.

slot slot-id

l The value is 0 if stacking


is not configured.

Set the value according to the


device configuration.

l Specifies the stack ID if


stacking is configured.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Generally, IP packets with the same source and destination IP addresses can be forwarded. When
you determine that the IP packets are attack packets, you can use the ip anti-attack source-ip
equals destinetion-ip drop command to enable the device to discard the IP packets.

Example
# Enable the device to discard IP packets with the same source and destination IP addresses.
<HUAWEI> system-view
[HUAWEI] ip anti-attack source-ip equals destinetion-ip drop all

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

155

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

8.5.2 ip source check


Function
The ip source check command enables dynamic IP source guard.
By default, dynamic IP source guard is disabled on the device.

Format
ip source check { ip-address | mac-address | interface } *

Parameters
None

Views
VLAN view

Default Level
2: Configuration level

Usage Guidelines
After dynamic IP source guard is enabled on a VLAN, the device checks packets according to
the entries in the DHCP snooping binding table specified by the ip source check command.
Packets that do not match the specified entries in the DHCP snooping binding table are discarded.
Therefore, access control is implemented and unauthorized users are not allowed to access the
network.
Dynamic IP source guard does not generate binding entries. Packets are checked according to
the specified entries in the DHCP snooping binding table. Therefore, you must enable the device
to check IP and ARP packets before enabling the dynamic IP source guard. Dynamic IP source
guard configured independently does not take effect.

Example
# Enable dynamic IP source guard in VLAN 10 to check the IP address and MAC address of a
packet according to the DHCP snooping binding table. View the DHCP snooping binding table.
<HUAWEI> system-view
[HUAWEI] vlan 10
[HUAWEI-Vlan10] ip source check ip-address mac-address

8.6 URPF Compatible Commands


8.6.1 ip urpf
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

156

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Function
The ip urpf command enables URPF check on the interface and configure the URPF check
mode.
The undo ip urpf command disables URPF check on the interface.
NOTE

TheS2750, S5700SI, S5700LI, and S5700S-LI do not support this command.

Format
ip urpf { loose | strict } [ allow-default-route ]
undo ip urpf

Parameters
Parameter

Description

loose

Indicates URPF loose check. In this mode, the device forwards a packet as long as the source address of the packet exists in the
routing table or ARP table, regardless of whether the matching
outbound interface in the routing table or ARP table is the same
as the inbound interface of the packet.

strict

Indicates URPF strict check. In this mode, the device forwards a packet only when the source address of the packet exists in
the routing table or ARP table, and the matching outbound
interface in the routing table or ARP table is the same as the
inbound interface of the packet.

allow-default-route Allows special process for the default route.

Value

Views
GE interface view, XGE interface view, 40GE interface view, Eth-Trunk interface view, port
group view

Default Level
2: Configuration level

Usage Guidelines
The URPF check mode configured on an interface is valid only after the URPF is enabled on
the LPU.
The URPF determines how to process the default route based on whether the allow-defaultroute parameter is specified in the command.
l

Issue 04 (2014-07-30)

If allow-default-route is set but the source address of a packet does not exist in the routing
table or ARP table, the packet is discarded even if the default route is found, regardless of
the strict or loose check. If allow-default-route is set and the source address of a packet
exists in the routing table or ARP table:
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

157

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

In the strict check mode, the device forwards a packet when the outbound interface in
the default route is the same as the inbound interface of the packet. When the outbound
interface in the default route is different from the inbound interface of the packet, the
packet is discarded.
In the loose check mode, the device forwards a packet regardless of whether the
outbound interface in the default route is the same as the inbound interface of the packet.
l

If allow-default-route is not set, the default route is not processed.

Example
# Enable the strict URPF check on GE0/0/1 and allow the special process for the default route.
<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] ip urpf strict allow-default-route

8.7 Traffic Suppression Compatible Commands


8.7.1 broadcast-suppression
Function
The broadcast-suppression command sets the maximum traffic rate of broadcast packets that
can pass through an interface.
The undo broadcast-suppression command restores the default traffic rate of broadcast packets
that can pass through an interface.

Format
broadcast-suppression { broadcast-pct | packets packets-per-second }
undo broadcast-suppression

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

broadcast-pct

Specifies the maximum


percentage of broadcast
traffic on an interface.

The value ranges from 0 to


100. The default value is 100.
By default, broadcast traffic
is not suppressed on
interfaces.

packets packets-per-second

Specifies the maximum


number of broadcast packets
allowed to pass through an
interface per second.

The value of packets-persecond is an integer.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

158

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Views
Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
When the traffic rate of broadcast packets exceeds the maximum value, the system discards
excess broadcast packets to control the traffic rate and ensure normal operation of network
services.

Example
# Set the maximum percentage of broadcast traffic to 20% of interface bandwidth on Eth-Trunk1.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk 1
[HUAWEI-Eth-Trunk1] broadcast-suppression 20

8.7.2 multicast-suppression
Function
The multicast-suppression command sets the maximum traffic rate of multicast packets that
can pass through an interface.
The undo multicast-suppression command restores the default traffic rate of multicast packets
that can pass through an interface.

Format
multicast-suppression { multicast-pct | packets packets-per-second }
undo multicast-suppression

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

multicast-pct

Specifies the maximum


percentage of multicast
traffic on an Ethernet
interface.

The value ranges from 0 to


100. The default value is 100.
By default, multicast traffic is
not suppressed on interfaces.

packets packets-per-second

Specifies the maximum


number of multicast packets
allowed to pass through an
interface per second.

The value of packets-persecond is an integer.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

159

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Views
Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
When the traffic rate of multicast packets exceeds the maximum value, the system discards
excess multicast packets to control the traffic rate and ensure normal operation of network
services.

Example
# Set the maximum percentage of multicast traffic to 20% of interface bandwidth on Eth-Trunk1.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk 1
[HUAWEI-Eth-Trunk1] multicast-suppression 20

8.7.3 unicast-suppression
Function
The unicast-suppression command sets the maximum traffic rate of unknown unicast packets
that can pass through an interface.
The undo unicast-suppression command restores the default traffic rate of unknown unicast
packets that can pass through an interface.

Format
unicast-suppression { unicast-pct | packets packets-per-second }
undo unicast-suppression

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

unicast-pct

Specifies maximum
percentage of unknown
unicast traffic on an Ethernet
interface.

The value ranges from 0 to


100. The default value is 100.
By default, unknown unicast
traffic is not suppressed on
interfaces.

packets packets-per-second

Specifies the maximum


number of unknown unicast
packets allowed to pass
through an interface per
second.

The value of packets-persecond is an integer.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

160

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Views
Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
When the traffic rate of unknown unicast packets exceeds the maximum value, the system
discards excess unknown unicast packets to control the traffic rate and ensure normal operation
of network services.

Example
# Set the maximum percentage of unknown unicast traffic to 20% of interface bandwidth on
Eth-Trunk1.
<HUAWEI> system-view
[HUAWEI] interface eth-trunk1
[HUAWEI-Eth-Trunk1] unicast-suppression 20

8.8 ACL Compatible Commands


8.8.1 acl ipv6
Function
The acl ipv6 command creates an ACL6 and enters the ACL6 view.
The undo acl ipv6 command deletes an ACL.

Format
acl ipv6 [ number ] acl6-number [ name acl6-name ]
undo acl ipv6 { all | [ number ] acl6-number | name acl6-name }

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

161

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

number acl6-number

Indicates the ID of an ACL6.

The value of acl6-number is


an integer that ranges from
2000 to 3999. In these
options,
l ACL6s numbered from
2000 to 2999 are basic
ACL6s.
l ACL6s numbered from
3000 to 3999 are
advanced ACL6s.

name acl6-name

Specifies a named ACL6.

The value of acl6-name is a


string of 1 to 32 casesensitive characters without
spaces. The name starts with
a letter (lowercase a to z or
uppercase A to Z) and can
contain letters, digits, and
symbols such as the number
sign (#), percentage symbol
(%), and hyphen (-).

all

Deletes all ACL6s.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
None

Example
# Create an ACL6 named test and numbered 3100.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 3100 name test
[HUAWEI-acl6-adv-test]

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

162

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

8.8.2 acl (system view)


Function
The acl command creates an ACL and enters the ACL view.
The undo acl command deletes a specified ACL.

Format
acl [ number ] acl-number [ name acl-name ]
undo acl { all | [ number ] acl-number | name acl-name }

Parameters
Parameter

Description

Value

number acl-number

Indicates the ID of an ACL.

The value of acl-number is an


integer that ranges from 2000
to 5999.
l ACLs numbered from
2000 to 2999 are basic
ACLs.
l ACLs numbered from
3000 to 3999 are
advanced ACLs.
l ACLs numbered from
4000 to 4999 are Layer 2
ACLs.
l ACLs numbered from
5000 to 5999 are
customized ACLs.

name acl-name

Specifies a named ACL.

The value of acl-name is a


string of 1 to 32 casesensitive characters without
spaces. The name starts with
a letter (lowercase a to z or
uppercase A to Z) and can
contain letters, digits, and
symbols such as the number
sign (#), percentage symbol
(%), and hyphen (-).

all

Deletes all ACLs.

Views
System view
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

163

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Default Level
2: Configuration level

Usage Guidelines
An ACL consists of a list of rules. Each rule contains a permit or deny clause. Before creating
an ACL rule, you must create an ACL.

Example
# Create an ACL named test and numbered 3100.
<HUAWEI> system-view
[HUAWEI] acl number 3100 name test
[HUAWEI-acl-adv-test]

8.8.3 rule (ACL6)


Function
The rule command adds or modifies advanced ACL6 rules.
The undo rule command deletes IPv6 ACL rules.

Format
rule [ rule-id ] { deny | permit } ipv6-AH [ destination { destination-ipv6-address prefixlength | destination-ipv6-address/prefix-length | destination-ipv6-address postfix postfixlength | any } | dscp dscp | fragment | logging | precedence precedence | source { source-ipv6address prefix-length | source-ipv6-address/prefix-length | source-ipv6-address postfix postfixlength | any } | time-range time-name | tos tos | vpn-instance vpn-instance-name ] *
rule [ rule-id ] { deny | permit } ipv6-ESP [ destination { destination-ipv6-address prefixlength | destination-ipv6-address/prefix-length | destination-ipv6-address postfix postfixlength | any } | dscp dscp | fragment | logging | precedence precedence | source { source-ipv6address prefix-length | source-ipv6-address/prefix-length | source-ipv6-address postfix postfixlength | any } | time-range time-name | tos tos | vpn-instance vpn-instance-name ] *

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

164

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameters
Parameter

Description

Value

rule-id

Indicates the ID of an ACL6


rule.

The value ranges from 0 to 2047.


l If the ID of a rule is specified and the
rule exists, the new rule is added to the
rule with this ID, that is, the old rule is
modified.
l If the rule associated with a rule ID does
not exist, a rule can be created with this
rule ID and its position in the ACL is
determined by the rule ID.
l If no rule ID is specified, the device
allocates an ID to the new rule. The rule
IDs are sorted in ascending order.

Issue 04 (2014-07-30)

deny

Discards packets that do not


match ACL rules.

permit

Allows packets to pass.

ipv6-AH

Indicates the protocol type.

ipv6-ESP

Indicates the protocol type.

destination
{ destinationipv6-address
prefix-length |
destinationipv6-address/
prefix-length |
any }

Indicates the destination


address and prefix of a packet.

destination-ipv6-address is expressed in
hexadecimal notation. The value of prefixlength is an integer that ranges from 1 to
128. You can also use any to represent any
destination address.

destination
destinationipv6-address
postfix
postfix-length

Indicates the destination


address and the length of
destination address postfix.

destination-ipv6-address indicates the


destination address and is expressed in
hexadecimal notation. postfix-length is an
integer that ranges from 1 to 64.

dscp dscpvalue

Specifies the value of a


Differentiated Services
CodePoint (DSCP).

The value ranges from 0 to 63.

fragment

Indicates that the rule is valid


for only non-initial
fragments.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

165

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Parameter

Description

Value

logging

Indicates whether to record


logs for packets that meet
ACL rules.

Log contents include the ACL rule ID, pass


or discard of packets, type of the protocol
over IP, source or destination address,
source or destination port number, and
number of packets.

precedence

Filters packets by priority.

The value is a name or a digit that ranges


from 0 to 7.

source
{ source-ipv6address
prefix-length |
source-ipv6address/
prefix-length |
any }

Indicates the source address


and prefix of a packet.

source-ipv6-address indicates the source


address and is expressed in hexadecimal
notation. prefix-length is an integer that
ranges from 1 to 128. You can also use
any to represent any source address.

source
source-ipv6address
postfix
postfix-length

Indicates the source address


and the length of source
address postfix.

source-ipv6-address indicates the source


address and is expressed in hexadecimal
notation. postfix-length is an integer that
ranges from 1 to 64.

time-range
time-name

Specifies the time range only


in which ACL6 rules are
effective.

The value is a string of 1 to 32 characters.

time-name indicates the name


of the time range.
tos tos

Filters packets by Type of


Service (ToS).

The value is a name or a digit that ranges


from 0 to 15.

vpn-instance
vpn-instancename

Specifies the name of a VPN


instance.

The value is a string of 1 to 31 characters


without spaces. Letters, digits, underscores
(_), and dots (.) are allowed.

Views
Advanced ACL6 view

Default Level
2: Configuration level

Usage Guidelines
This command is used in the IPv6 ACL configuration mode. When adding a rule, specify the
source IPv6 address in the rule. To delete or modify an existing rule, specify the rule ID.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

166

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

8 Security Compatible Commands

Example
# Create an advanced ACL6 with ID 3000 and configure a rule that allows only IPv6 ESP packets
with the source IPv6 address 2030:5060::9050 and mask 64 to pass.
<HUAWEI> system-view
[HUAWEI] acl ipv6 number 3000
[HUAWEI-acl6-adv-3000] rule 0 permit ipv6-esp source 2030:5060::9050/64

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

167

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

9 Reliability Compatible Commands

Reliability Compatible Commands

About This Chapter


9.1 Smart Link Compatible Commands
9.2 Ethernet OAM Compatible Commands

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

168

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

9 Reliability Compatible Commands

9.1 Smart Link Compatible Commands


9.1.1 load-balance reference-instance
Function
The load-balance reference-instance command sets the load balancing mode of a Smart Link
group.
The undo load-balance reference-instance command deletes a load balancing instance of a
Smart Link group.

Format
load-balance reference-instance instance-id slave
undo load-balance reference-instance [ slave ]

Parameters
Parameter

Description

Value

instance-id

Specifies the ID of a Smart


Link instance.

The value is an integer that


ranges from 0 to 48.

slave

Specifies the slave interface


for transmitting packets of a
Smart Link instance.

Views
Smart Link group view

Default Level
2: Configuration level

Usage Guidelines
Before you run the load-balance instance command in a Smart Link group, the Smart Link
group must be disabled.
After configuring load balancing in a Smart Link group, you can use the display smart-link
group command to verify the configuration.
When the links of all Smart Link group members are Up, the inactive link transmits the traffic
from the VLANs mapping the specified instance.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

169

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

9 Reliability Compatible Commands

Example
# Set the load balancing mode of the Smart Link group whose ID is 3.
<Quidway> system-view
[Quidway] smart-link group 3
[Quidway-smlk-group3] load-balance reference-instance 1 slave

9.2 Ethernet OAM Compatible Commands


9.2.1 efm trigger if-net
Function
The efm trigger if-net command associates EFM with an interface.

Format
efm trigger if-net

Parameters
None

Views
GE interface view, XGE interface view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
EFM can be associated with interfaces. On a scenario with primary and backup links, if EFM
detects a fault on the primary link, it will set the protocol status of the associated interface to
ETHOAM Down, speeding up routing convergence. Traffic can be fast switched to the backup
link.
Prerequisites
EFM has been enabled globally and on an interface, and is in detect state.
Precautions
If EFM is associated with an interface and detects a link fault, the protocol status of the interface
becomes ETHOAM Down, and no packet except EFM OAMPDUs can be forwarded by the
interface, and all Layer 2 and Layer 3 services are blocked. Therefore, associating EFM with an
interface may greatly affect services. When the interface detects link recovery using EFM, the
interface can forward all packets and unblocks Layer 2 and Layer 3 services.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

170

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

9 Reliability Compatible Commands

Example
# Associate EFM with GE0/0/1.
<HUAWEI> system-view
[HUAWEI] efm enable
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] efm enable
[HUAWEI-GigabitEthernet0/0/1] efm trigger if-net

9.2.2 error-shutdown auto-recovery cause efm-threshold-event


Function
The error-shutdown auto-recovery cause efm-threshold-event command enables an
interface in error-shutdown state to go Up.
NOTE

An interface enters the error-shutdown state after being shut down due to an error.

Format
error-shutdown auto-recovery cause efm-threshold-event

Parameters
Parameter

Description

Value

cause

Indicates the cause for an


interface in error-down state.

efm-threshold-event

Indicates that a threshold


crossing event occurs.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
When link monitoring is configured for an interface on a link, the link is considered unavailable,
if the number of errored frames, errored codes, or errored frame seconds detected by the interface
reaches or exceeds the threshold within a period. You can associate an EFM crossing event with
an interface. Then the system sets the administrative status of the interface to Down. In this
manner, all services on the interface are interrupted.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

171

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

9 Reliability Compatible Commands

By default, an interface can only be resumed by a network administrator after being shut down.
To configure the interface to restore to the Up state automatically, run the error-down autorecovery command to set an auto recovery.

Example
# Set the auto recovery after an EFM threshold crossing event is associated with an interface.
<HUAWEI> system-view
[HUAWEI] error-shutdown auto-recovery cause efm-threshold-event

9.2.3 error-shutdown auto-recovery interval


Function
The error-shutdown auto-recovery interval command sets the auto recovery delay.
NOTE

An interface enters the error-shutdown state after being shut down due to an error.

Format
error-shutdown auto-recovery interval interval-value

Parameters
Parameter

Description

Value

interval interval-value

Specifies the auto recovery


delay.

The value is an integer that


ranges from 30 to 86400, in
seconds.
l A smaller value indicates
a higher frequency at
which an interface
alternates between Up
and Down states.
l A larger value indicates
longer traffic
interruption.

Views
System view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

172

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

9 Reliability Compatible Commands

Usage Guidelines
Usage Scenario
By default, an interface can only be resumed by a network administrator after being shut down.
To configure the interface to restore to the Up state automatically, run the error-shutdown autorecovery interval command to set an auto recovery delay. After the delay, the interface goes
Up automatically.

Example
# Set the auto recovery delay to 50s.
<HUAWEI> system-view
[HUAWEI] error-shutdown auto-recovery interval 50

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

173

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10

10 Device Management Compatible Commands

Device Management Compatible


Commands

About This Chapter


10.1 vrbd
10.2 _shell
10.3 backup elabel
10.4 cpu-usage threshold
10.5 display autosave config
10.6 display environment
10.7 display elabel unit
10.8 display fault-management
10.9 display fault-management alarm information
10.10 display reboot-info
10.11 fault-management alarm
10.12 reset reboot-info
10.13 display alarm urgent
10.14 reset alarm urgent
10.15 temperature threshold unit
10.16 port-mirroring to observe-port
10.17 poe power
10.18 port-mirroring

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

174

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

10.19 reset fault-management

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

175

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

10.1 vrbd
Function
The vrbd command displays the compiling time and version of the system software.

Format
vrbd

Parameters
None

Views
Diagnosis view

Default Level
3: Management level

Usage Guidelines
You can run the command to view the compiling time and version of the system software.

Example
# Display the compiling time and version of the system software.
<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] vrbd
S5700 Version V200R003C00SPC300
VRP Software Version F100S100
Copyright (C) 2000-2011 Huawei Technologies Co., Ltd.
Compiled Mar 26 2012 17:30:56 By S5700 CMO
CPLD Ver 257, Date Aug 8
2013
Board 0 SoftWare Version
V200R003C00
SPC300B440
Board 0 SoftWare for user V200R003C00SPC300

Table 10-1 Description of the vrbd command output

Issue 04 (2014-07-30)

Item

Description

S5700 Version V200R003C00SPC300

Device model and system software version.

VRP Software Version

VRP software version.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

176

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Item

Description

Copyright (C) 2000-2011 Huawei


Technologies Co., Ltd.

Enterprise copyright declaration.

Compiled Mar 26 2012 17:30:56 By S5700


CMO

System software compiling time.

CPLD Ver 257, Date Aug 8 2013

CPLD version and compiling time. A larger


version number indicates a newer CPLD
version.

SoftWare Version

System software internal version.

SoftWare for user

System software release version.

10.2 _shell
Function
The _shell command displays the shell mode.
The _shell show command displays the shell mode status.
The _shell slot-id [ kick-out ] command enables you to exit from the shell mode.

Format
_shell { slot-id [ kick-out ] | show }

Parameters
Parameter Description

Value

slot-id

Specifies the destination slot ID.

The value must be set according to the


device configuration.

kick-out

Indicates that users exit from the shell


mode.

show

Displays the shell mode status.

Views
Diagnosis view

Default Level
2: Configuration level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

177

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Usage Guidelines
None

Example
# Display the shell mode status.
<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] _shell
[HUAWEI-diagnose] _shell show
User-ID
User-Intf
Slot
0
con0
2

Username
Unspecified

# Enable slot 0 to exit from the shell mode.


<HUAWEI> system-view
[HUAWEI] diagnose
[HUAWEI-diagnose] _shell 0 kick-out

10.3 backup elabel


Function
Using the backup elabel command, you can save the electronic label of the
S2750&S5700&S6700 to the File Transfer Protocol (FTP) server or to the Flash memory.

Format
backup elabel [ ftp ip-address filename username password ] [ unit unit-id ]

Parameters

Issue 04 (2014-07-30)

Parameter

Description

Value

ip-address

Specifies the IP address of


the FTP server that stores the
electronic label.

The value is in dotted


decimal notation.

filename

Specifies the name of the file


that stores the electronic label
on the FTP server.

The value is a string of 1 to


20 case-sensitive characters
without spaces.

username

Specifies user name used to


log in to the FTP server.

The value is a string of 0 to


20 case-sensitive characters
without spaces.

password

Specifies the password used


to log in to the FTP server.

The value is a string of 0 to


20 case-sensitive characters
without spaces.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

178

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameter

Description

Value

unit unit-id

l Specifies the slot ID if


stacking is not
configured.

The value an integer that is 0


if stacking is not configured;
the value ranges from 0 to 8
if stacking is configured.

l Specifies the stack ID if


stacking is configured.

Views
User view

Default Level
1: Monitoring level

Usage Guidelines
You can use this command to save the electronic label of the S2750&S5700&S6700 to a file in
the flash memory or on the FTP server. If the electronic label is saved in the flash memory, the
file name is elabel.fls by default.

Example
# Save the electronic label of the S2750&S5700&S6700 with the stack ID being 0 to the
elabel.fls file in the flash memory.
<HUAWEI> backup elabel unit 0
Info: Output information to file: flash:/elabel.fls. Please wait for a moment...
Info: Put file to flash successfully.

10.4 cpu-usage threshold


Function
The cpu-usage threshold command sets the upper and lower CPU usage alarm thresholds.
The undo cpu-usage threshold command restores the default setting.

Format
cpu-usage threshold unit unit-id { high | low } threshold-value

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

179

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameters
Parameter Description

Value

high

Specifies the upper CPU usage alarm


threshold.

low

Specifies the lower CPU usage alarm


threshold.

unit unit-id l Specifies the slot ID if stacking is not The value is 0 if stacking is not
configured; the value ranges from 0 to
configured.
l Specifies the stack ID if stacking is 8 if stacking is configured.
configured.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
When the CPU usage is not within the allowed range, a log is recorded. You can conveniently
know CPU usage through log information.

Example
# Set the upper CPU usage alarm threshold of a switch to 85%.
<HUAWEI> system-view
[HUAWEI] cpu-usage threshold unit 0 high 85

10.5 display autosave config


Function
The display autosave config command displays the configuration about the autosave function,
including the status of the autosave function, time for autosave check, threshold of the CPU
usage, and interval during which configurations are not changed.

Format
display autosave config

Parameters
None
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

180

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
After the autosave function is configured, you can run the display autosave config command
to check whether the configured parameters are correct. You can also run this command to check
whether the parameters about the autosave function are properly configured when autosave
cannot function normally. If not, run the set save-configuration command to adjust the
parameters to restore the normal state of the autosave function.

Example
# Display the configuration about the autosave function.
<HUAWEI> display autosave config
Auto save function status: enable
Auto save checking interval: 60 minutes
The threshold of the CPU usage: 50%
The interval of the configuration not changing: 30 minutes

Table 10-2 Description of the display autosave config command output


Item

Description

Auto save function status

Indicates the status of the autosave function:


l Enable
l Disable

Auto save checking interval

Indicates the time for autosave check.

The threshold of the CPU usage

Indicates the threshold of the CPU usage


during the autosave operation.

The interval of the configuration not


changing

Indicates the interval during which system


configurations are not changed.

10.6 display environment


Function
Using the display environment command, you can view the temperature of the
S2750&S5700&S6700.

Format
display environment unit unit-id
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

181

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameters
Parameter

Description

Value

unit unit-id

l Specifies the slot ID if


stacking is not
configured.

The value is an integer that is


0 if stacking is not
configured; the value ranges
from 0 to 8 if stacking is
configured.

l Specifies the stack ID if


stacking is configured.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
You can set the temperature alarm threshold of the S2750&S5700&S6700 or a temperature
sensing board.
When the temperature of the S2750&S5700&S6700 exceeds the threshold, check the working
environment of the S2750&S5700&S6700 to ensure that the environment is suitable for the
S2750&S5700&S6700.

Example
# Display the temperature of the S2750&S5700&S6700 that unit id is 0.
<HUAWEI> display environment unit 0
Environment information:
Temperature information:
SlotID
CurrentTemperature LowLimit HighLimit
(deg c )
(deg c)
(deg c )
1
33
0
70

Table 10-3 Description of the display environment command output

Issue 04 (2014-07-30)

Item

Description

SlotID

Stack ID of the S2750&S5700&S6700.

CurrentTemperature

Temperature of the S2750&S5700&S6700.


It is expressed in Celsius.

LowLimit

Lower temperature threshold of the


S2750&S5700&S6700. It is expressed in
Celsius.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

182

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Item

Description

HighLimit

Upper temperature threshold of the


S2750&S5700&S6700. It is expressed in
Celsius.

10.7 display elabel unit


Function
The display elabel unit command displays the electronic label of the device.

Format
display elabel unit unit-id [ subcard-id ]

Parameters
Parameter

Description

Value

slot slot-id

Specifies the stack ID of the


device.

The value ranges from 0 to 8


if stacking is configured. The
value is 0 if stacking is not
configured.

subcard-id

Specifies the subcard ID.


This parameter can be
specified if any subcard is
used on the device.

The value is an integer that


ranges from 1 to 8.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Electronic labels identify the hardware. You can use the display elabel command to view the
electronic label information.

Example
# Display the electronic label of the device with stack ID 0.
<HUAWEI> display elabel slot 0

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

183

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

/$[System Integration Version]


/$SystemIntegrationVersion=3.0

[Slot_0]
/$[Board Integration Version]
/$BoardIntegrationVersion=3.0

[Main_Board]
[Main_Board]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0

[Board Properties]
BoardType=LS52T52C
BarCode=2102353169107C800132
Item=02353169
Description=S5752c-EI Mainframe(48 10/100 BASE-T ports and 4 SFP XGE (100/1000 B
ASE-X) ports (SFP Req.) and DC -48V)
Manufactured=2011-08-24
VendorName=Huawei
IssueNumber=00
CLEICode=
BOM=02353169

[Port_1]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0

[Board Properties]
BoardType=VAHS-28-0029
BarCode=5529900015
Item=
Description=1Gbps-0nm-Copper Pigtail-2(copper)
Manufactured=2010-04-09
/$VendorName=Volex Inc.
IssueNumber=
CLEICode=
BOM=

[Port_2]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0

[Board Properties]
BoardType=
BarCode=
Item=
Description=
Manufactured=
/$VendorName=
IssueNumber=
CLEICode=
BOM=

[Port_3]

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

184

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0

[Board Properties]
BoardType=04050017
BarCode=GEC42100170065
Item=
Description=1Gbps-0nm-Unknown or UnspecifiedManufactured=2010-10-22
/$VendorName=Amphenol
IssueNumber=
CLEICode=
BOM=

[Port_4]
/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0

[Board Properties]
BoardType=
BarCode=
Item=
Description=
Manufactured=
/$VendorName=
IssueNumber=
CLEICode=
BOM=

/$[ArchivesInfo Version]
/$ArchivesInfoVersion=3.0

[Board Properties]
BoardType=CX7M1PWA
BarCode=2102316783P0B1002502
Item=02316783
Description=S5300C,CX7M1PWA,AC Power Module
Manufactured=2011-01-16
VendorName=Huawei
IssueNumber=00
CLEICode=
BOM=

Table 10-4 Description of the display elabel command output

Issue 04 (2014-07-30)

Item

Description

BoardType

Board model of the specified component.

BarCode

Bar code of the specified component.

Item

BOM code of the specified component.

Description

English description of the specified


component.

Manufactured

Production date of the specified component.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

185

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Item

Description

VendorName

Vendor name of the specified component.

IssueNumber

Issuing number of the specified component.

CLEICode

CLEI code of the specified component.

BOM

Sales BOM code of the specified


component.

10.8 display fault-management


Function
The display fault-management command displays the contents of an alarm message, active
alarm message, or event.

Format
display fault-management { alarm | active-alarm | event } [ sequence-number sequencenumber ]

Parameters
Parameter

Description

Value

sequence-number
sequence-number

Specifies the number of an


alarm message, active alarm
message, or event.

The value is an integer ranging


from 0 to 2147483647. When
the value is 0, information
about all alarm messages,
active messages, or events is
displayed.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
This command helps you obtain the contents of all alarm messages or one alarm message on a
device.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

186

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Example
# Display the contents of active alarm messages in the system.
<HUAWEI> display fault-management active-alarm
A/B/C/D/E/F/G/H/I/J
A=Sequence, B=RootKindFlag(Independent|RootCause|nonRootCause)
C=Generating time, D=Clearing time
E=ID, F=Name, G=Level, H=State
I=Description information for locating(Para info, Reason info)
J=RootCause alarm sequence(Only for nonRootCause alarm)
1/Independent/2008-10-13 01:49:45+08:00/-/0x41932001/hwLldpEnabled/Warning/Sta
rt/OID: 1.3.6.1.4.1.2011.5.25.134.2.1 Global LLDP is enabled.
2/Independent/2008-10-13 01:50:06+08:00/-/0x41932000/lldpRemTablesChange/Warni
ng/Start/OID: 1.0.8802.1.1.2.0.0.1 Neighbor information is changed. (LldpStatsRe
mTablesInserts=1, LldpStatsRemTablesDeletes=0, LldpStatsRemTablesDrops=0, LldpSt
atsRemTablesAgeouts=0)
5/Independent/2008-10-13 02:22:52+08:00/-/0x40c12014/hwPortPhysicalEthHalfDupl
exAlarm/Minor/Start/OID 1.3.6.1.4.1.2011.5.25.129.2.5.11 The port works in half
duplex mode. (EntityPhysicalIndex=10, BaseTrapSeverity=3, BaseTrapProbableCause=
1024, BaseTrapEventType=8, EntPhysicalName=GigabitEthernet0/0/5, RelativeResourc
e=interface GigabitEthernet0/0/5)

10.9 display fault-management alarm information


Function
The display fault-management alarm information command displays registration
information about an alarm message.

Format
display fault-management alarm information [ alarm-name ]

Parameters
Parameter Description

Value

alarm-name Specifies the name of an alarm message. The value is a case-sensitive string of
1 to 256 characters without spaces.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
If alarm-name is not specified, registration information about all alarm messages is displayed.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

187

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

To view registration information about an alarm message, you can run the display faultmanagement alarm information command; to modify registration information about an alarm
message, including alarm level, you can run the fault-management alarm command.

Example
# Check registration information about the alarm message named linkUp.
<HUAWEI> display fault-management alarm information linkUp
**********************************
AlarmName: linkUp
AlarmType: Resume Alarm
AlarmLevel: Cleared
Suppress Period: NA
CauseAlarmName: linkDown
Match VB Name: ifIndex
**********************************

Table 10-5 Description of the display fault-management alarm information command output
Item

Description

AlarmName

Name of an alarm message

AlarmType

Type of an alarm

AlarmLevel

Level of an alarm

Suppress Period

Suppress period of an alarm

CauseAlarmName

Name of the corresponding root alarm

Match VB Name

Contents of the matching rule set for the alarm messages

Related Topics
10.11 fault-management alarm

10.10 display reboot-info


Function
Using the display reboot-info command, you can view the information of restarting the
S2750&S5700&S6700.

Format
display reboot-info unit unit-id

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

188

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameters
Parameter

Description

Value

unit unit-id

l Specifies the slot ID if


stacking is not
configured.

The value is an integer that is


0 if stacking is not
configured; the value ranges
from 0 to 8 if stacking is
configured.

l Specifies the stack ID if


stacking is configured.

Views
All views

Default Level
2: Configuration level

Usage Guidelines
None

Example
# Display the information about restarting the S2750&S5700&S6700 that unit id is 0.
<HUAWEI> display reboot-info unit 0
Slot ID
Times
Reboot Type
Reboot Time(DST)
===========================================================================
0
1
MANUAL
2012/10/13 01:48:28
0
2
MANUAL
2012/10/08 06:43:35
0
3
MANUAL
2012/10/01 01:34:32
0
4
POWER
2012/10/01 00:01:26
0
5
POWER
2012/10/01 00:01:25
0
6
POWER
2012/10/01 00:01:24
0
7
POWER
2012/10/01 00:01:25
0
8
POWER
2012/10/01 00:01:28
0
9
POWER
2012/10/01 00:01:24
0
10
POWER
2012/10/01 00:01:23
0
11
MANUAL
2012/10/03 00:42:32
0
12
POWER
2012/10/01 00:01:21
0
13
MANUAL
2012/10/05 07:12:18
0
14
POWER
2012/10/01 00:01:21
0
15
POWER
2012/10/01 00:01:21
0
16
POWER
2012/10/01 00:01:19
0
17
MANUAL
2012/10/04 07:02:23
0
18
MANUAL
2012/10/03 00:37:50
0
19
MANUAL
2012/10/01 03:21:56
0
20
POWER
2012/10/01 00:01:23
0
21
MANUAL
2012/10/10 02:55:49
0
22
MANUAL
2012/10/10 01:28:13
0
23
POWER
2012/10/01 00:01:19
0
24
MANUAL
2012/10/03 23:49:02
===========================================================================
Total
24

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

189

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Table 10-6 Description of the display reboot-info command output


Item

Description

Slot ID

Specifies the stack ID if the stacking function is enabled or the


slot ID if the stacking function is not enabled.

Times

Indicates the times of restarting the S2750&S5700&S6700.

Reboot Type

Indicates the types of restarting the S2750&S5700&S6700:


l MANUAL
l POWERR
l SCHEDU
l OTHER

Reboot Time (DST)

Indicates the time of restarting the S2750&S5700&S6700.

10.11 fault-management alarm


Function
The fault-management alarm command configures the type or level of an alarm message or
event.
The undo fault-management alarm command cancels the type or level of an alarm message
or event.

Format
fault-management alarm alarm-name level alarm-level
undo fault-management alarm alarm-name [ level ]

Parameters
Parameter

Description

alarm alarm-name Specifies the name of an alarm


message or event.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Value
The value is a case-sensitive
string of 1 to 64 characters
without spaces.

190

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameter

Description

Value

level alarm-level

Specifies the level of an alarm


The value is a character string. In
message or event. Mappings between the X.733 standard, according to
alarm levels and severity levels:
the severity level and emergency
level, alarm messages are
1. Critical: Indicates that a service
affecting condition has occurred classified into six levels. The
more serious event an alarm
and an immediate corrective
action is required. Such a severity message indicates, the smaller
alarm-level is. Critical indicates
can be reported. For example,
when a managed object becomes the alarm level 1; whereas
totally out of service, its capability Cleared indicates the alarm level
6.
must be restored.
2. Major: Indicates that a service
affecting condition has developed
and an urgent corrective action is
required. Such a severity can be
reported. For example, when there
is a severe degradation in the
capability of a managed object, its
full capability must be restored.
3. Minor: Indicates the existence of a
non-service affecting fault
condition and that corrective
action should be taken in order to
prevent a more serious (for
example, service affecting) fault.
Such a severity can be reported.
For example, when the detected
alarm condition is not currently
degrading the capacity of the
managed object.
4. Warning: Indicates the detection
of a potential or impending service
affecting fault, before any
significant effects have been felt.
Action should be taken to further
diagnose (if necessary) and correct
the problem in order to prevent it
from becoming a more serious
service affecting fault.
5. Indeterminate: Indicates that the
severity level cannot be
determined.
6. Cleared: Indicates the clearing of
one or more previously reported
alarms. This alarm clears all
alarms for this managed object that
have the same Alarm type,

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

191

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Parameter

10 Device Management Compatible Commands

Description

Value

Probable cause and Specific


problems (if given). Multiple
associated notifications may be
cleared by using the Correlated
notifications parameter.

Views
System view

Default Level
3: Management

Usage Guidelines
Alarm messages can be classified into root alarm messages and resume-alarm messages. All the
alarms are saved on the device.
Events can be classified into critical events and events. Critical events are saved on a device and
can be obtained by the NMS. Events are not saved on a device.
The fault-management alarm command can be used to promote or degrade the level of an
alarm message according to the severity level and emergency level of the alarm message.

Example
# Set the alarm level of the alarm message named hwCfgManEventlog to major respectively.
<HUAWEI> system-view
[HUAWEI] fault-management alarm hwCfgManEventlog level major

10.12 reset reboot-info


Function
Using the reset reboot-info command, you can clear the reboot information.

Format
reset reboot-info unit unit-id

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

192

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameters
Parameter

Description

Value

unit unit-id

l Specifies the slot ID if


stacking is not
configured.

The value is an integer that is


0 if stacking is not
configured; the value ranges
from 0 to 8 if stacking is
configured.

l Specifies the stack ID if


stacking is configured.

Views
User view

Default Level
2: Configuration level

Usage Guidelines
None.

Example
# clear the reboot information of device that unit id is 0.
<HUAWEI> reset reboot-info unit 0

10.13 display alarm urgent


Function
Using the display alarm urgent command, you can view alarms on the
S2750&S5700&S6700.

Format
display alarm urgent unit unit-id

Parameters
Parameter

Description

Value

unit unit-id

l Specifies the slot ID if


stacking is not
configured.

The value is an integer thatis


0 if stacking is not
configured; the value ranges
from 0 to 8 if stacking is
configured.

l Specifies the stack ID if


stacking is configured.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

193

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
You can use the command to view alarms, including alarms about the abnormality of the
temperature, the fan, and the chip.
If no parameter is specified, the command displays all the alarms.

Example
# Display alarms of the device that unit id is 0.
<HUAWEI> display alarm urgent unit 0
Alarm
Slot
Date
Time
Location
------------------------------------------------------------------Power abnormal
0
2008/08/01 00:00:46
slot 0
Power plugged out
0
2008/08/01 00:00:46
slot 0

Table 10-7 Description of the display alarm urgent command output


Item

Description

Alarm

Details about an alarm.

Slot

Stack ID of the S2750&S5700&S6700 where alarms are generated.

Date

Date when alarms are generated.

Time

Time when alarms are generated.

Location

Position where alarms are generated.

10.14 reset alarm urgent


Function
The reset alarm urgent command clears all alarm messages.

Format
reset alarm urgent unit unit-id

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

194

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameters
Parameter

Description

Value

unit unit-id

l Specifies the slot ID if


stacking is not
configured.

The value is an integer that is


0 if stacking is not
configured. The value ranges
from 0 to 8 if stacking is
configured.

l Specifies the stack ID if


stacking is configured.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
None

Example
# Clear all alarm messages of the device that unit id is 0.
<HUAWEI> system-view
[HUAWEI] reset alarm urgen unit 0

10.15 temperature threshold unit


Function
The temperature threshold unitcommand sets the temperature thresholds.
The undo temperature threshold unitcommand cancels the temperature thresholds.

Format
temperature threshold unit unit-id lower-limit low-temperature upper-limit high-teperature
undo temperature threshold unit unit-id lower-limit low-temperature upper-limit highteperature

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

195

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameters
Parameter

Description

Value

unit-id

l Specifies the slot ID if


stacking is not
configured.
l Specifies the stack ID if
stacking is configured.

The value is an integer that is


0 if stacking is not
configured. The value ranges
from 0 to 8 if stacking is
configured.

lower-limit low-temperature

Specify the lower


temperature alarm threshold.

The value is an integer that


ranges from 0 to 300.

upper-limit high-teperature

Specify the upper


temperature alarm threshold.

The value is an integer that


ranges from 0 to 300.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
This command sets the upper and lower temperature thresholds for a device. If the device
temperature is out of the specified range, an alarm is generated.

Example
# Set the upper temperature alarm threshold of the device with stack ID 3 to 40.
<HUAWEI> system-view
[HUAWEI] temperature threshold unit 3 lower-limit 0 upper-limit 40

10.16 port-mirroring to observe-port


Function
The port-mirroring to observe-port command configures a mirroring action on an interface.
NOTE

Only S5700EI and S5700SI support this command.

Format
port-mirroring to observe-port index { both | inbound | outbound } remote vlan-id
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

196

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Parameters
Parameter

Description

Value

index

Specifies the index of a


global observing port.

For the S5700EI series, the


value ranges from 1 to 4,
whereas for the S5700SI
series, the value is 1.

both

Indicates that port mirroring


is configured for both
incoming and outgoing
packets.

inbound
incoming

Indicates that port mirroring


is configured for incoming
packets.

outbound

Indicates that port mirroring


is configured for outgoing
packets.

remote vlan-id

Specifies the VLAN ID used


in remote mirroring.

The value is an integer that


ranges from 1 to 4094.

Views
GE interface view, 10GE interface view, Eth-Trunk interface view

Default Level
2: Configuration level

Usage Guidelines
NOTE

The mirrored port cannot be added to the RSPAN VLAN.

In the process of port mirroring, the S2750&S5700&S6700 copies the packets passing through
an observed port to a specified observing port. To ensure information integrity during port
mirroring, it is recommended that the observing port and observed port be of the same type and
enjoy the same bandwidth.
On the S2750&S5700&S6700, port mirroring is implemented by the Layer 2 switch chip. Ensure
that the Layer 2 header, Layer 3 header, and data of each packet copied to the observing port
remain unchanged. Port mirroring can be configured for the incoming traffic, outgoing traffic,
or both.
To configure an Eth-Trunk as a mirrored interface, you must run the interface eth-trunk trunkid command to create the Eth-Trunk first.
l

Issue 04 (2014-07-30)

If an Eth-Trunk is configured as a mirrored interface, its member interfaces cannot be


configured as mirrored interfaces.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.

197

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

If a member interface of an Eth-Trunk is configured as a mirrored interface, the Eth-Trunk


cannot be configured as a mirrored interface.

Example
# Configure GE 0/0/1 as the observed interface and GE0/0/2 as the observing port with the index
as 1. Mirror the incoming traffic of GE0/0/1 to GE0/0/2.
<HUAWEI> system-view
[HUAWEI] observe-port 1 interface gigabitethernet 0/0/2
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port-mirroring to observe-port 1 inbound remote 10

10.17 poe power


Function
The poe power command sets the maximum output power of an interface.
The undo poe power command restores the default maximum output power of an interface.
By default, the maximum output power of an interface is 30000 mW.

Format
poe power port-max-power
undo poe power

Parameters
Parameter

Description

Value

port-max-power

Specifies the maximum


output power of an interface.

The value is an integer that


ranges from 0 to 30000, in
mW.

Views
GE interface view, Ethernet interface view, port group view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenarios
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

198

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

The PD negotiation power may be different from the power required by some non-standard PDs
or PDs that cannot be classified. You can run the poe power command to set the maximum
output power of the interface, which prevents power overload for PDs and saves energy.
Prerequisites
The PoE function has been enabled on the interface using the poe enable command.

Example
# Set the maximum output power on GigabitEthernet0/0/5 to 20000 mW.
<HUAWEI> system-view
[HUAWEI] interface gigabitEthernet 0/0/5
[HUAWEI-GigabitEthernet0/0/5] poe power 20000

10.18 port-mirroring
Function
The port-mirroring command configures a mirroring behavior on an interface.
NOTE

The S5700SI and S5700LI do not support this command.

Format
port-mirroring to observe-port index remote vlan-id

Parameters
Parameter

Description

Value

index

Specifies the index of a


global observing interface.

On an S5700EI, the value


ranges from 1 to 4.

remote vlan-id

Specifies the VLAN ID used


in remote mirroring.

The value is an integer that


ranges from 1 to 4094.

Views
Traffic behavior view

Default Level
2: Configuration level

Usage Guidelines
During flow mirroring, the device copies the packets of an observed flow and then sends the
copy to a specified observing interface. The device implements flow mirroring for the incoming
flows on an interface through traffic classification.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

199

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

On the S-switch, flow mirroring is implemented by the Layer 2 switch chip. Ensure that the
Layer 2 header, Layer 3 header, and data of each packet copied to the observing interface remain
unchanged.
You can only specify an existing VLAN for remote mirroring. This VLAN must be configured
as an RSPAN VLAN.

Example
# Mirror traffic to observing interface with index 1.
<HUAWEI> system-view
[HUAWEI] traffic behavior b1
[HUAWEI-traffic-behavior-b1] port-mirroring to observe-port 1 remote 1

10.19 reset fault-management


Function
The reset fault-management command clears all alarm messages.

Format
reset fault-management { active-alarm | event } [ sequence-number sequence-number ]

Parameters
Parameter

Description

Value

sequence-number
sequence-number

Specifies the number of an


alarm message.

The value is an integer ranging


from 0 to 2147483647. If the
value is 0, it indicates that all
alarm messages are cleared.

Views
System view

Default Level
3: Management

Usage Guidelines
If sequence-number is not specified, the system clears all the alarm messages on the device.

NOTICE
After this command is run, all alarm messages on a device are cleared and cannot be restored.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

200

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

10 Device Management Compatible Commands

Example
# Clear all active alarm messages.
<HUAWEI> system-view
[HUAWEI] reset fault-management active-alarm

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

201

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11

11 Network Management Compatible Commands

Network Management Compatible


Commands

About This Chapter


11.1 Ping and Tracert Compatible Commands
11.2 NTP Compatible Commands
11.3 SNMP Compatible Commands

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

202

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

11.1 Ping and Tracert Compatible Commands


11.1.1 ping ipv6
Function
The ping ipv6 command checks whether a specified IPv6 IP address is reachable and exports
corresponding statistics.

Format
ping ipv6 [ -a source-ipv6-address | -c count | -h ttl-value | -m time | -name | -s packetsize | -t
timeout | -tc traffic-class-value | vpn6-instance vpn6-instance-name ] * { destination-ipv6address | host } [ -i interface-type interface-number ]

Parameters
Parameter

Description

Value

-a source-ipv6-address

The value is a 32-digit hexadecimal


Specifies a source IPv6
address for sending ICMPv6 number, in the format of
X:X:X:X:X:X:X:X.
Echo Request messages.
If no source IPv6 address is
specified, the IPv6 address
of the outbound interface is
used as the source address
for sending ICMPv6 Echo
Request messages.

-c count

Specifies the number of


times for sending ICMPv6
Echo Request messages.

The value is an integer that ranges


from 1 to 4294967295. The default
value is 5.

You can increase the number


of outgoing packets to detect
the network quality based on
the packet loss rate.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

203

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Parameter

Description

-h ttl-value

Specifies the TTL value.

-m time

Specifies the time to wait


before sending the next
ICMPv6 Echo Request
message.

Value

The value is an integer that ranges


from 1 to 255. The default value is
If the TTL field is reduced to 255.
0 during message
forwarding, the Layer 3
switch that the message
reaches sends an ICMPv6
timeout message to the
source host, indicating that
the destination host is
unreachable.
The value is an integer that ranges
from 1 to 10000, in milliseconds.
The default value is 2000.

Each time the source sends


an ICMPv6 Echo Request
message using the ping
ipv6 command, the source
waits a period of time (2000
ms by default) before
sending the next ICMPv6
Echo Request message. You
can set the time to wait
before sending the next
ICMPv6 Echo Request
message using the parameter
time. In the case of poor
network condition, the value
should be equal to or larger
than 2000, in milliseconds.
-name

Displays the name of the


destination host.

-s packetsize

Specifies the length of an


The value is an integer that ranges
ICMPv6 Echo Request
from 20 to 9600, in bytes. The
message, excluding the IP default value is 56.
header and ICMPv6 header.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

204

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Parameter

Description

Value

-t timeout

Specifies the timeout period The value is an integer that ranges


to wait for an ICMPv6 Echo from 0 to 65535, in milliseconds.
The default value is 2000.
Reply message after an
ICMPv6 Echo Request
message is sent.
After the ping ipv6
command is run, the source
sends an ICMPv6 Echo
Request message to a
destination and waits for an
ICMPv6 Echo Reply
message. If the destination,
after receiving the ICMPv6
Echo Request message,
returns an ICMPv6 Echo
Reply message to the source
within the period specified
by the parameter timeout, the
destination is reachable. If
the destination does not
return an ICMPv6 Echo
Reply message within the
specified period, the source
displays that the message
times out. Normally, the
source receives an ICMPv6
Echo Reply message within
1 to 10 seconds after sending
an ICMPv6 Echo Request
message. If the transmission
speed is low, properly
prolong the timeout period.

-tc traffic-class-value

The value is an integer that ranges


Specifies the traffic
classification in the ICMPv6 from 0 to 255. The default value is
0.
Echo Request message.
To configure traffic control
for ICMPv6 packets, set the
parameter traffic-classvalue.

vpn6-instance vpn6instance-name

Issue 04 (2014-07-30)

Specifies the name of a VPN The value is a string of 1 to 31


instance for the IPv6 address characters without spaces.
family.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

205

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Parameter

Description

destination-ipv6-address

The value is a 32-digit hexadecimal


Specifies the IPv6 address of
number, in the format of
the destination host.
X:X:X:X:X:X:X:X.

host

Specifies the name of the


destination host.

-i interface-type interface- Specifies the outbound


number
interface for sending
ICMPv6 Echo Request
messages.

Value

The value is a string of 1 to 46


characters.
-

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Usage Scenario
The ping ipv6 command is a widely used debugging tool for checking network connectivity and
host reachability on an IPv6 network by transmitting ICMPv6 messages. It can detect the
following items:
l

Availability of the remote device

Round-trip delay in communication between the local and remote devices

Packet loss rate

You can run the ping ipv6 command to check the IPv6 network connectivity or line quality in
the following scenarios:
l

Scenario 1: Check the protocol stack on the local device. You can run the ping ipv6 IPv6loopback-address command to check whether the TCP/IP protocol stack works properly
on the local device.

Scenario 2: Check whether the destination IPv6 host is reachable on an IPv6 network. You
can run the ping ipv6 host command to send an ICMPv6 Echo Request message to the
destination host. If a reply is received, the destination host is reachable.

Scenario 3: Check whether the peer is reachable on a Layer 3 VPN. On a Layer 3 VPN,
devices may not have routing information about each other. Therefore, you cannot use the
ping ipv6 host command to check whether the peer is reachable. When a VPN instance
name is specified, you can run the ping ipv6 vpn6-instance vpn6-instance-name host
command to send an ICMPv6 Echo Request message to the peer. If the peer returns an
ICMPv6 Echo Reply message, the peer is reachable.

Scenario 4: In the case of an unstable network, you can run the ping ipv6 -c count -t
timeout { destination-ipv6-address | host } command to check the quality of the network

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

206

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

between the local device and the peer. By analyzing the packet loss rate and average delay
in the command output, you can evaluate the network quality. If the network is unreliable,
set the packet transmission count (-c) and timeout (-t) to the upper limits. This makes the
test result accurate.
Prerequisites
l

Before running the ping ipv6 command, ensure that the ICMPv6 module is working
properly.

If -vpn6-instance is specified, ensure that the VPN module is working properly.

Configuration Impact
l

When the destination host is unreachable, the system displays "Request time out" indicating
that the ICMPv6 Echo Request message times out and displays statistics collected by the
IPv6 ping test.

Precautions
l

If an intermediate device is disabled from responding to ICMPv6 messages, detection on


this node fails.

If the IPv6 address of the destination host maps the local address, specify the name of the
local outbound interface through which the ICMPv6 Echo Request message is sent.
Otherwise, reply to the ping ipv6 command times out.

If a fault occurs in the IPv6 ping process, you can press Ctrl+C to terminate the IPv6 ping
operation.

Example
# Check whether the host with the IPv6 address as 2001::1 is reachable.
<HUAWEI> ping ipv6 2001::1
PING 2001::1 : 56 data bytes, press CTRL_C to break
Reply from 2001::1
bytes=56 Sequence=1 hop limit=64 time=115 ms
Reply from 2001::1
bytes=56 Sequence=2 hop limit=64 time=1 ms
Reply from 2001::1
bytes=56 Sequence=3 hop limit=64 time=1 ms
Reply from 2001::1
bytes=56 Sequence=4 hop limit=64 time=1 ms
Reply from 2001::1
bytes=56 Sequence=5 hop limit=64 time=1 ms
---2001::1 ping statistics--5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max=1/23/115 ms

Table 11-1 Description of the ping ipv6 command output

Issue 04 (2014-07-30)

Item

Description

PING HH:HH::HH:H

IPv6 address of the destination host.

x data bytes

Length of a sent ICMPv6 Echo Request message.

press CTRL_C to break

The ongoing IPv6 ping test is terminated after you press Ctrl+C.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

207

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Item

Description

Reply from
HH:HH::HH:H

The destination host responds to the ICMPv6 Echo Request


message with an ICMPv6 Echo Reply message that contains the
following items:
l bytes: indicates the length of the ICMPv6 Echo Reply message.
l sequence: indicates the sequence number of the ICMPv6 Echo
Reply message.
l hop limit: indicates the TTL of the ICMPv6 Echo Reply
message.
l time: indicates the RTT, in milliseconds.
If no ICMPv6 Echo Reply message is received after the timeout
period, the system displays "Request time out".

HH:HH::HH:H ping
statistics

Statistics collected after the IPv6 ping test on the destination host.
The statistics include the following information:
l packet(s) transmitted: indicates the number of sent ICMPv6
Echo Request messages.
l packet(s) received: indicates the number of received ICMPv6
Echo Reply messages.
l % packet loss: indicates the percentage of unresponded
messages to total sent messages.
l round-trip min/avg/max: indicates the minimum, average, and
maximum RTTs.

Related Topics
11.1.2 tracert ipv6

11.1.2 tracert ipv6


Function
The tracert ipv6 command checks the path of packets from the source to the destination, checks
IPv6 network connectivity, and locates a network fault.

Format
tracert ipv6 [ -a source-ip-address | -f first-hop-limit | -m max-hop-limit | -name | -p portnumber | -q probes | -s packetsize | -w timeout | vpn6-instance vpn6-instance-name ] *
{ destination-ipv6-address | host-name }

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

208

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Parameters
Parameter

Description

Value

-a source-ip-address

Specifies the source address


of a tracert packet.

The value is a 32-digit


hexadecimal number, in the format
of X:X:X:X:X:X:X:X.

If this parameter is not


specified, the IP address of
the outbound interface is used
as the source IP address for
sending tracert packets.
-f first-hop-limit

Specifies the initial hop-limit. The value is an integer that ranges


from 1 to 255. The default value is
Carried in the IPv6 header,
1.
the hop-limit (time to live)
indicates the lifetime of IPv6
packets and specifies the
maximum number of hops
that the IPv6 packets can pass
through. The hop-limit field
in IPv6 packets is similar to
the TTL field in the IPv4
packets. The hop-limit value
is set on the source and
reduced by 1 each time the
packet passes through a Layer
3 device. When the hop-limit
value is reduced to 0 on a
Layer 3 device, the Layer 3
device discards the packet
and sends an ICMPv6
Timeout message to the
source.
If first-hop-limit is specified
and the number of hops is
smaller than the specified
value, the hop-limit value will
be greater than 0 after the
packet passes through all the
nodes. Therefore, no ICMPv6
Timeout message is sent to
the source.
If max-hop-limit is specified,
the value of first-hop-limit
must be smaller than the value
of max-hop-limit.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

209

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Parameter

Description

Value

-m max-hop-limit

Specifies the maximum hop- The value is an integer that ranges


limit.
from 1 to 255. The default value is
30.
Usually, the maximum hoplimit is set to the number of
hops that a packet passes
through. To change the hoplimit value, you need to use
this parameter.
If first-hop-limit is specified,
the value of max-hop-limit
must be greater than the value
of first-hop-limit.

-name

Displays the name of the


destination host.

-p port-number

Specifies the UDP port


number of the destination.

The value is an integer that ranges


from 1 to 65535. The default value
l If no UDP port number is is 33434.
specified for the
destination, when you run
the tracert ipv6
command, a port with the
port number greater than
32768 is randomly chosen
for the destination to
receive tracert packets.
l Before specifying the
UDP port number for the
destination, ensure that
the port is not in use;
otherwise, the tracert fails.

-q probes

Specifies the number of


The value is an integer that ranges
tracert packets sent each time. from 1 to 65535. The default value
is 3.
In the case of poor network
quality, you can set probes to
a comparatively large value
to ensure that tracert packets
can reach the destination.

-s packetsize

Specifies the length of an


ICMPv6 Echo Request
message, excluding the IP
header and ICMPv6 header.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

The value is an integer that ranges


from 20 to 9600, in bytes. The
default value is 56.

210

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Parameter

Description

Value

-w timeout

Sets the timeout period to


wait for a reply.

The value is an integer that ranges


from 1 to 65535, in milliseconds.
The default value is 5000.

If a tracert packet times out


when reaching a gateway, an
asterisk (*) is displayed.
In the case of poor network
quality and a low network
transmission rate, you are
advised to prolong the
timeout period.
vpn6-instance vpn6instance-name

Specifies the name of a VPN The value is a string of 1 to 31 caseinstance for the IPv6 address sensitive characters.
family.

destination-ipv6-address

The value is a 32-digit


Specifies the IPv6 address of
hexadecimal number, in the format
the destination host.
of X:X:X:X:X:X:X:X.

host-name

Specifies the name of the


destination host.

The value is a string of 1 to 46


characters.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Usage Scenario
When a fault occurs on the network and the peer is an IPv6 device, you can run the ping ipv6
command to check network connectivity based on the reply message, and then run the tracert
ipv6 command to locate the fault.
You can specify different parameters in the tracert ipv6 command for different scenarios:
l

To check information about nodes between the source and the IPv6 destination, run the
tracert ipv6 host command.

To check information about nodes between the source and the IPv6 destination on a Layer
3 VPN, run the tracert ipv6 vpn6-instance vpn6-instance-name host command. On a
Layer 3 VPN, devices may not have routing information about each other. Therefore, you
cannot use the tracert ipv6 host command to check whether the peer is reachable. To check
information about nodes between the source and the IPv6 destination in a specified VPN
instance, run the tracert ipv6 vpn6-instance vpn6-instance-name host command.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

211

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

On an unstable network, you can run the tracert ipv6 -q probes -w timeout host command
to check information about nodes between the source and the IPv6 destination. If the
network is unreliable, set the packet transmission count (-q) and timeout (-w) to the upper
limits. This makes the test result accurate.

To check information about nodes along a segment of a path, run the tracert ipv6 -f firsthop-limit -m max-hop-limit host command that has initial hop-limit and maximum hoplimit specified.

Prerequisites
l

The UDP module of each node is working properly; otherwise, the IPv6 tracert operation
fails.

The VPN module of each node is working properly if vpn6-instance is specified.

The ICMPv6 module of each node is working properly; otherwise, " * * * " is displayed.

Procedure
The execution process of the tracert ipv6 command is as follows:
l

The source sends a packet with the hop-limit being 1. After the hop-limit times out, the
first hop sends an ICMPv6 Error message to the source, indicating that the packet cannot
be forwarded.

The source sends a packet with the hop-limit being 2. After the hop-limit times out, the
second hop sends an ICMPv6 Error message to the source, indicating that the packet cannot
be forwarded.

The source sends a packet with the hop-limit being 3. After the hop-limit times out, the
third hop sends an ICMPv6 Error message to the source, indicating that the packet cannot
be forwarded.

The preceding process proceeds until the packet reaches the destination.

When receiving an IPv6 packet, each destination hop cannot find the port specified in the IPv6
packet, and therefore returns an ICMPv6 Port Unreachable message, indicating that the
destination port is unreachable and the IPv6 tracert ends. In this manner, the result of each probe
is displayed on the source, according to which you can find the path from the source to the
destination.
Configuration Impact
If a fault occurs when you run the tracert ipv6 command, the following information may be
displayed:
l

!H: The host is unreachable.

!N: The network is unreachable.

!: The port is unreachable.

!P: The protocol type is incorrect.

!F: The packet is incorrectly fragmented.

!S: The source route is incorrect.

Precautions
By default, the ICMPv6 module is automatically enabled after you enable the IPv6 module.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

212

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Example
# Set the number of packets to be sent to 5 and timeout period to 8000 ms, and tracert the gateways
from the source to the destination at 3002::3.
<HUAWEI> tracert ipv6 -q 5 -w 8000 3002::3
traceroute to 3002::3 30 hops max,60 bytes packet
1 2002::2 26 ms 23 ms 26 ms 30 ms 29 ms
2 3002::3 3020 ms 3024 ms 4040 ms 6820 ms 5584 ms

# Tracert the gateways from the source to the destination at 3002::3 on a specified VPN.
<HUAWEI> tracert ipv6 vpn6-instance vsi6 3002::3
traceroute to vsi6 3002::3 30 hops max,60 bytes packet
1 2002::2 26 ms 23 ms 26 ms
2 3002::2 3020 ms !H 3024 ms !H 4040 ms !H

Table 11-2 Description of the tracert ipv6 command output


Item

Description

traceroute to HH:HH::HH:H

IPv6 address of the destination host.

x hops max

Maximum hop-limit value.

x bytes packet

Length of a tracert packet.

Sequence number of the received ICMPv6


Echo Reply message.

2
HH:HH::HH:H

Address of the IPCMPv6 Echo Reply


message.

26 ms 23 ms 26 ms

RTT, in milliseconds.

Related Topics
11.1.1 ping ipv6

11.2 NTP Compatible Commands


11.2.1 ntp-service authentication-keyid
Function
The ntp-service authentication-keyid command sets NTP authentication key.
By default, no authentication key is set.

Format
ntp-service authentication-keyid key-id authentication-mode { md5 | hmac-sha256 }
plain password-plain
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

213

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Parameters
Parameter

Description

Value

key-id

Indicates the key number.

Key ID is an integer and


ranges from 1 to
4294967295.

authentication-mode md5

Indicates MD5 authentication mode.

authentication-mode hmacsha256

Indicates HMAC-SHA256
authentication mode.

plain password-plain

Indicates that the configured The password is a string of 1


password is displayed in plain to 255 case-sensitive
text, and specifies the plain- characters without spaces.
text password.

NOTICE
If plain is selected, the password
is saved in the configuration file
in plain text. This brings security
risks. It is recommended that
you select cipher to save the
password in cipher text.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Usage Scenario
On a network that requires high security, the NTP authentication must be enabled. You can
configure password authentication between client and server, which guarantee the client only to
synchronize with server successfully authenticated, and improve network security. If the NTP
authentication function is enabled, a reliable key should be configured at the same time. Keys
configured on the client and the server must be identical.
NOTE

In NTP symmetric peer mode, the symmetric active peer functions as a client and the symmetric passive
peer functions as a server.

Follow-up Procedure
You can configure multiple keys for each device. After the NTP authentication key is configured,
you need to set the key to reliable using the ntp-service reliable authentication-keyid
command. If you do not set the key to reliable, the NTP key does not take effect.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

214

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Precautions
You can configure a maximum of 1024 keys for each device.
If the NTP authentication key is a reliable key, it automatically becomes unreliable when you
delete the key. You do not need to run the undo ntp-service reliable authentication-keyid
command.

Example
# Set authentication text to abc in MD5 authentication with plain option.
<HUAWEI> system-view
[HUAWEI] ntp-service authentication-keyid 10 authentication-mode md5 plain abc

11.3 SNMP Compatible Commands


11.3.1 snmp-agent usm-user
Function
The snmp-agent usm-user command adds a user to an SNMP user group.
The undo snmp-agent usm-user command deletes a user from an SNMP user group.
By default, the SNMP user group has no users added.

Format
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha }
password [ privacy-mode { des56 | aes128 } encrypt-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name [ engineid engineid | local ]

Parameters
Parameter

Description

v3

Indicates that the security mode in v3 is adopted.

user-name

Specifies the name of a user.

It is a string of 1 to 32 casesensitive characters without


spaces.

group-name

Specifies the name of the group to


which a user belongs.

It is a string of 1 to 32 casesensitive characters without


spaces.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Value

215

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Parameter

11 Network Management Compatible Commands

Description

authentication-mode Sets the authentication mode.

Value
-

NOTE
Authentication is a process in which the
SNMP agent (or the NMS) confirms that
the message is received from an
authorized NMS (or SNMP agent) and
the message is not changed during
transmission. RFC 2104 defines KeyedHashing for Message Authentication
Code (HMAC), an effective tool that uses
the security hash function and key to
generate the message authentication
code. This tool is widely used in the
Internet. HMAC used in SNMP includes
HWAC-MD5-96 and HWAC-SHA-96.
The hash function of HWAC-MD5-96 is
MD5 that uses 128-bit authKey to
generate the key. The hash function of
HWAC-SHA-96 is SHA-1 that uses 160bit authKey to generate the key.

md5 | sha

Indicates the authentication protocol. l md5: Specifies HMAC-MD5-96


as the authentication protocol.
l sha: Specifies HMAC-SHA-96 as
the authentication protocol.

password

Specifies the password for user


authentication.

For plain-text password, the


value is a string of 6 to 64
characters by default, and the
minimum length is 6
characters. If the set password
min-length command is run to
set the minimum length of
passwords to a value greater
than 6, the minimum length is
the value configured using the
set password min-length
command. For cipher-text
password, the value is a string
of 32 to 104 characters.
NOTE
The password cannot be the same
as the user name or reverse of the
user name. The password must
contain at least two types of
characters, including letters,
digits, and special characters. The
special characters cannot be
question mark (?) or space.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

216

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Parameter

Description

Value

privacy-mode

Specifies the authentication with


encryption.

The system adopts the cipher block


chaining (CBC) code of the data
encryption standard (DES) and uses
128-bit privKey to generate the key.
The NMS uses the key to calculate the
CBC code and then adds the CBC
code to the message while the SNMP
agent fetches the authentication code
through the same key and then
obtains the actual information. Like
the identification authentication, the
encryption requires the NMS and the
SNMP agent to share the same key to
encrypt and decrypt the message.
des56 | aes128

Indicates the encryption protocol.

encrypt-password

Indicates the encryption password.

For plain-text password, the


value is a string of 6 to 64
characters by default, and the
minimum length is 6
characters. If the set password
min-length command is run to
set the minimum length of
passwords to a value greater
than 6, the minimum length is
the value configured using the
set password min-length
command. For cipher-text
password, the value is a string
of 32 to 104 characters.
NOTE
The password cannot be the same
as the user name or reverse of the
user name. The password must
contain at least two types of
characters, including letters,
digits, and special characters. The
special characters cannot be
question mark (?) or space.

acl acl-number

Specifies the ACL number of the


access view.

The value is an integer that


ranges from 2000 to 2999.

engineid engineid

Specifies the ID of the engine


associated with a user.

The value is a string of 10 to 64


case-insensitive characters
without spaces.

local

Indicates the local entity user.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

217

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

Views
System view

Default Level
3: Management level

Usage Guidelines
Usage Scenario
SNMPv1 and SNMPv2c have serious defects in terms of security. The security authentication
mechanism used by SNMPv1 and SNMPv2c is based on the community name. In this
mechanism, the community name is transmitted in plain text. You are not advised to use
SNMPv1 and SNMPv2c on untrusted networks.
By adopting the user-based security model, SNMPv3 eradicates the security defects in SNMPv1
and SNMPv2c and provides two services, authentication and encryption. The user-based security
model defines three security authentication levels: noAuthNoPriv, AuthNoPriv, and AuthPriv.
NOTE

The security authentication level noAuthPriv does not exist. This is because the generation of a key is based
on the authentication information and product information.

Different from SNMPv1 and SNMPv2c, SNMPv3 can implement access control, identity
authentication, and data encryption through the local processing model and user security model.
SNMPv3 can provide higher security and confidentiality than SNMPv1 and SNMPv2c. The
following table lists the difference between SNMPv1, SNMPv2c, and SNMPv3:
Table 11-3 Comparison in the security of SNMP of different versions
Protocol version

User Checksum

Encryption

Authentication

v1

Adopts the
community name.

None

None

v2c

Adopts the
community name.

None

None

v3

Adopts user namebased encryption/


decryption.

Yes

Yes

The snmp-agent group command can be used to configure the authentication, encryption, and
access rights for an SNMP group. The snmp-agent group command can be used to configure
the rights for users in a specified SNMP group and bind the SNMP group to a MIB view. The
MIB view is created through the snmp-agent mib-view command. For details, see the usage
guideline of this command. After an SNMP user group is configured, the MIB-view-based access
control is configured for the SNMP user group. Users cannot access objects in the MIB view
through the SNMP user group. The purpose of adding SNMP users to an SNMP user group is
to ensure that SNMP users in an SNMP user group have the same security level and access
control list. When you run the snmp-agent usm-user command to configure a user in an SNMP
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

218

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

11 Network Management Compatible Commands

user group, you configure the MIB-view-based access rights for the user. If an SNMP user group
is configured with the AuthPriv access rights, you can configure the authentication mode and
encryption mode when configuring SNMP users. Currently, you can set the authentication
mode to MD5 or SHA and the privacy mode to AES128 or DES56. When setting the
authentication key on the managed object, you can set whether to encrypt packets. Note that the
authentication keys and encryption passwords configured on the NMS and the SNMP agent
should be the same; otherwise, authentication fails.
NOTE

AES128 algorithm is recommeded to improve data transmission security.

Configuration Impact
If an SNMP agent is configured with a remote user, the engine ID is required during the
authentication. If the engine ID changes after the remote user is configured, the remote user
becomes invalid.
Precautions
The user security level must be higher than or equal to the security level of the SNMP user group
to which the user is added.
The security level of an SNMP user group can be (in descending order):
l

Level 1: privacy (authentication and encryption)

Level 2: authentication (without encryption)

Level 3: none (neither authentication nor encryption)

For example, if the security level of an SNMP user group is level 1, the security level of the user
that is added to the group must be level 1; if the security level of an SNMP user group is level
2, the security level of the user that is added to the group can be level 1 or level 2.
To add an SNMP user to an SNMP group, ensure that the SNMP user group is valid.
If you run the snmp-agent usm-user command multiple times, only the latest configuration
takes effect.
Keep your user name and plain-text password well when creating the user. The plain-text
password is required when the NMS accesses the device.

Example
# Configure an SNMPv3 user with user name u1, group name g1, authentication mode md5,
authentication password 8937561bc, encryption mode aes128, and encryption password
68283asd.
<HUAWEI> system-view
[HUAWEI] snmp-agent usm-user v3 u1 g1 authentication-mode md5 8937561bc privacymode aes128 68283asd

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

219

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12

12 MPLS compatible command

MPLS compatible command

About This Chapter


NOTE

Only the S5700HI, S5710HI, and S5710EI support MPLS.

12.1 explicit-path
12.2 mpls te bypass-tunnel bandwidth
12.3 snmp-agent trap enable feature-name ldp
12.4 static-cr-lsp ingress bandwidth
12.5 static-cr-lsp transit bandwidth
12.6 bandwidth (LSP attribute view)
12.7 mpls te bandwidth

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

220

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

12.1 explicit-path
Function
Using the explicit-path command, you can configure an explicit path of a tunnel.
By default, no explicit path of a tunnel is configured.

Format
explicit-path path-name { enable | disable }

Parameters
Parameter Description

Value

path-name Indicates the name of an explicit path. The value is a string of 1 to 31 characters.
enable

Enables the explicit path of a tunnel.

disable

Disables the explicit path of a tunnel. -

Views
System view

Default Level
2: Configuration level

Usage Guidelines
You can configure an explicit path only after MPLS TE is enabled.
The addresses of the hops along the explicit path cannot overlap or loops cannot occur. If a loop
occurs, CSPF detects the loop and fails to calculate the path.
When the explicit path is in use, you cannot perform the following operations:
l

Run the explicit-path path-name disable command to disable the explicit path.

Run the undo explicit-path command to delete the explicit path.

Example
# Create an explicit path named path1.
<HUAWEI> system-view
[HUAWEI] mpls
[HUAWEI-mpls] mpls te
[HUAWEI-mpls] quit
[HUAWEI] explicit-path path1 enable
[HUAWEI-explicit-path-path1]

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

221

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

12.2 mpls te bypass-tunnel bandwidth


Function
Using the mpls te bypass-tunnel bandwidth command, you can configure the bypass LSP
bandwidth.
By default, no bypass LSP bandwidth is configured.

Format
mpls te bypass-tunnel bandwidth { bandwidth | { bc0 | bc1 } { bandwidth | un-limited } }

Parameters
Parameter Description

Value

bandwidth

Specifies the bandwidth that the bypass


tunnel can protect.

The value is an integer that ranges


from 1 to 32000000, in kbit/s.

bc0

Indicates the BC0 bandwidth (global


bandwidth) that the bypass tunnel can
protect.

bc1

Indicates the BC1 bandwidth


(subaddress pool bandwidth) that the
bypass tunnel can protect.

un-limited Indicates that there is no limit on the total bandwidth that can be protected.

Views
Tunnel interface view

Default Level
2: Configuration level

Usage Guidelines
The total bandwidth of LSPs protected by the bypass tunnel is not more than the bandwidth of
the primary tunnel. When multiple bypass tunnels exist, the system selects a single bypass tunnel
through the best-fit algorithm.
The total bandwidth of all the LSPs protected by the bypass tunnel is not greater than the
bandwidth of the primary tunnel. When multiple bypass tunnels exist, the system determines the
bypass tunnel through the best-fit algorithm.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

222

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

Example
# Configure Tunnel 0/0/1 to protect the LSPs that use the BC0 bandwidth and set no limit on
the bandwidth to be protected.
<HUAWEI> system-view
[HUAWEI] interface tunnel 0/0/1
[HUAWEI-Tunnel0/0/1] tunnel-protocol mpls te
[HUAWEI-Tunnel0/0/1] destination 2.2.2.2
[HUAWEI-Tunnel0/0/1] mpls te tunnel-id 100
[HUAWEI-Tunnel0/0/1] mpls te bypass-tunnel bandwidth bc0 un-limited
[HUAWEI-Tunnel0/0/1] mpls te commit

12.3 snmp-agent trap enable feature-name ldp


Function
The snmp-agent trap enable feature-name ldp command enables the trap for the MPLS LDP
module.
The undo snmp-agent trap enable feature-name ldp command disables the trap for the MPLS
LDP module.
By default, the trap is disabled for the MPLS LDP module.

Format
snmp-agent trap enable feature-name ldp trap-name { session-down | session-up }
undo snmp-agent trap enable feature-name ldp trap-name { session-down | session-up }

Parameters
Parameter

Description

Value

trap-name

Enables the trap of MPLS LDP events of a specified type.

session-down Enables the trap of the event that an LDP session goes Down in the
MIB.
session-up

Enables the trap of the event that an LDP session goes Up in the MIB. -

Views
System view

Default Level
2: Configuration level

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

223

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

Usage Guidelines
Run the snmp-agent trap enable feature-name ldp command to enable the LDP session trap.
Currently, all traps of the MPLS LDP module are non-excessive trap. The frequent LDP session
status changes do not trigger a large number of traps.

Example
# Enable the trap of the event that an LDP session is reestablished.
<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name ldp trap-name session-up

12.4 static-cr-lsp ingress bandwidth


Function
Using the static-cr-lsp ingress bandwidth command, you can configure a static CR-LSP and
specify its bandwidth on the ingress LSR.
By default, no static CR-LSP on the ingress LSR is configured.

Format
static-cr-lsp ingress { tunnel-interface tunnel interface-number | tunnel-name } destination
destination-address { nexthop next-hop-address | outgoing-interface interface-type interfacenumber } * out-label out-label bandwidth { bc0 | bc1 } bandwidth

Parameters
Parameter

Description

tunnel-interface tunnel
interface-number

Specifies the tunnel interface of a static CR-LSP. interfacenumber indicates the tunnel
interface number.

tunnel-name

Specifies the name of a CRLSP.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Value

The name is a string of 1 to


19 case-sensitive characters,
spaces and abbreviation not
supported. If you use the
interface Tunnel 0/0/2
command to create a tunnel
interface for a static CR-LSP,
the tunnel name in the staticcr-lsp ingress command must
be formatted as
"Tunnel0/0/2", otherwise, the
tunnel cannot be created.
There is no such a limit for the
transit node and egress node.
224

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

Parameter

Description

Value

destination destinationaddress

Specifies the destination IP


address of a static CR-LSP.

nexthop next-hop-address

Specifies the next-hop IP


address of a static CR-LSP.

outgoing-interface
interface-type interfacenumber

Specifies the type and number of an outgoing interface. This


parameter is only applicable to
a P2P link.

out-label out-label

Specifies the value of an


outgoing label.

bc0

Specifies BC0 bandwidth of a static CR-LSP.

bc1

Specifies BC1 bandwidth of a static CR-LSP.

bandwidth

Specifies the bandwidth


required by a CR-LSP.

out-label is an integer ranging


from 16 to 1048575.

The value ranges from 0 to


4000000000, in kbit/s. The
default value is 0.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Before setting up an MPLS TE tunnel through a static CR-LSP, configure a static route or an
IGP to ensure connectivity between LSRs, and enable basic MPLS and MPLS TE functions.

Example
# Configure the static CR-LSP named Tunnel0/0/1, with the destination IP address being
10.1.3.1, the next-hop address being 10.1.1.2, the outgoing label being 237, and the required
bandwidth being 20 kbit/s from BC0 on the ingress.
<HUAWEI> system-view
[HUAWEI] static-cr-lsp ingress tunnel-interface Tunnel0/0/1 destination 10.1.3.1
nexthop 10.1.1.2 out-label 237 bandwidth bc0 20

12.5 static-cr-lsp transit bandwidth

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

225

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

Function
Using the static-cr-lsp transit bandwidth command, you can configure a static CR-LSP and
specify its bandwidth on a transit LSR.
By default, no static CR-LSP on a transit LSR is configured.

Format
static-cr-lsp transit lsp-name incoming-interface interface-type interface-number in-label inlabel { nexthop next-hop-address | outgoing-interface interface-type interface-number } * outlabel out-label bandwidth { bc0 | bc1 } bandwidth [ description description ]

Parameters
Parameter

Description

Value

lsp-name

Specifies the CR-LSP name.

The name is a string of 1 to


19 case-sensitive characters,
spaces not supported.

incoming-interface
interface-type interfacenumber

Specifies the name of an


incoming interface.

in-label in-label

Specifies the value of an


incoming label.

An integer ranging from 16


to 1023

nexthop next-hop-address

Specifies the next-hop address. -

outgoing-interface
interface-type interfacenumber

Specifies the name of an


outgoing interface.

out-label out-label

Specifies the value of an


outgoing label.

An integer ranging from 16


to 1048575.

bc0

Obtains the bandwidth from


BC0.

bc1

Obtains the bandwidth from


BC1.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
Before setting up an MPLS TE tunnel through a static CR-LSP, configure a static route or an
IGP to ensure connectivity between LSRs, and enable basic MPLS and MPLS TE functions.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

226

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

Example
# Configure the static CR-LSP named tunnel34, with the incoming interface being
VLANIF10, the incoming label being 123, the outgoing interface being VLANIF20, the
outgoing label as 253, the required BC0 bandwidth being 20 kbit/s on the transit node.
<HUAWEI> system-view
[HUAWEI] static-cr-lsp transit tunnel34 incoming-interface vlanif 10 in-label 123
outgoing-interface vlanif 20 out-label 253 bandwidth bc0 20

12.6 bandwidth (LSP attribute view)


Function
The bandwidth command configures the bandwidth in the CR-LSP attribute template.
The undo bandwidth command deletes the bandwidth in the CR-LSP attribute template.
By default, no bandwidth in the CR-LSP attribute template is configured.

Format
bandwidth ct0 ct0-bandwidth ct1 ct1-bandwidth
bandwidth ct1 ct1-bandwidth ct0 ct0-bandwidth
undo bandwidth ct0 ct1
undo bandwidth ct1 ct0

Parameters
Parameter

Description

Value

ct0 ct0-bandwidth Specifies the bandwidth of an LSP


of CT0.

The value is an integer that ranges


from 1 to 4000000000, in kbit/s. By
default, the bandwidth is 0 kbit/s.

ct1 ct1-bandwidth Specifies the bandwidth of an LSP


of CT1.

The value is an integer that ranges


from 1 to 4000000000, in kbit/s. By
default, the bandwidth is 0 kbit/s.

ct2 ct2-bandwidth Specifies the bandwidth of an LSP


of CT2.

The value is an integer that ranges


from 1 to 4000000000, in kbit/s. By
default, the bandwidth is 0 kbit/s.

ct3 ct3-bandwidth Specifies the bandwidth of an LSP


of CT3.

The value is an integer that ranges


from 1 to 4000000000, in kbit/s. By
default, the bandwidth is 0 kbit/s.

ct4 ct4-bandwidth Specifies the bandwidth of an LSP


of CT4.

The value is an integer that ranges


from 1 to 4000000000, in kbit/s. By
default, the bandwidth is 0 kbit/s.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

227

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

Parameter

Description

12 MPLS compatible command

Value

ct5 ct5-bandwidth Specifies the bandwidth of an LSP


of CT5.

The value is an integer that ranges


from 1 to 4000000000, in kbit/s. By
default, the bandwidth is 0 kbit/s.

ct6 ct6-bandwidth Specifies the bandwidth of an LSP


of CT6.

The value is an integer that ranges


from 1 to 4000000000, in kbit/s. By
default, the bandwidth is 0 kbit/s.

ct7 ct7-bandwidth Specifies the bandwidth of an LSP


of CT7.

The value is an integer that ranges


from 1 to 4000000000, in kbit/s. By
default, the bandwidth is 0 kbit/s.

Views
LSP attribute view

Default Level
2: Configuration level

Usage Guidelines
A static TE tunnel does not support the multi-CT configuration.
On a single TE tunnel interface, the multi-CT bandwidth cannot be configured with the following
features:
l

CSPF tie-breaking

Bypass tunnel attributes

The preceding constraints do not apply to the single CT configuration for a TE tunnel.
NOTE

If the bandwidth required for a CR-LSP is more than 67,105 kbit/s, it is recommended that additional one
thousandth of the required bandwidth be reserved.

Example
# Configure the bandwidth of an LSP of CT0 as 20 kbit/s in the CR-LSP attribute template.
<HUAWEI> system-view
[HUAWEI] lsp-attribute lsp-attribute-name
[HUAWEI-lsp-attribute-lsp-attribute-name] bandwidth ct0 20

12.7 mpls te bandwidth


Function
The mpls te bandwidth command sets the bandwidth of an MPLS TE tunnel.
The undo mpls te bandwidth command restores the default settings.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

228

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

The bandwidth of an MPLS TE tunnel is not set by default.

Format
mpls te bandwidth ct0 ct0-bw-value ct1 ct1-bw-value
mpls te bandwidth ct1 ct1-bw-value ct0 ct0-bw-value
undo mpls te bandwidth ct0 ct1
undo mpls te bandwidth ct1 ct0
undo mpls te bandwidth ct0 ct0-bw-value ct1 ct1-bw-value
undo mpls te bandwidth ct1 ct1-bw-value ct0 ct0-bw-value

Parameters
Parameter

Description

Value

ct0 ct0-bw-value Specifies the bandwidth reserved for ct0-bw-value is an integer that ranges
a TE tunnel of CT0.
from 1 to 4000000000, in kbit/s.
ct1 ct1-bw-value Specifies the bandwidth reserved for ct1-bw-value is an integer that ranges
a TE tunnel of CT1.
from 1 to 4000000000, in kbit/s.

Views
Tunnel interface view

Default Level
2: Configuration level

Usage Guidelines
A static TE tunnel does not support the multi-CT configuration.
On a single TE tunnel interface, the multi-CT bandwidth cannot be configured with the following
features:
l

CSPF tie-breaking

Bypass tunnel attributes


NOTE

The configured bandwidth takes effect only during tunnel establishment and protocol negotiation, and does
not limits the bandwidth for traffic forwarding.

Example
# Set the bandwidth required by Tunnel1. The bandwidth of CT0 is 2 Mbit/s.
<HUAWEI> system-view
[HUAWEI] mpls lsr-id 1.1.1.1
[HUAWEI] mpls
[HUAWEI-mpls] mpls te

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

229

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

12 MPLS compatible command

[HUAWEI-mpls] quit
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] tunnel-protocol mpls te
[HUAWEI-Tunnel1] destination 2.2.2.2
[HUAWEI-Tunnel1] mpls te tunnel-id 100
[HUAWEI-Tunnel1] mpls te bandwidth ct0 2000
[HUAWEI-Tunnel1] mpls te commit

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

230

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13

13 VPN compatible command

VPN compatible command

About This Chapter


13.1 display bgp vpnv6 brief
13.2 display bgp vpnv6 vpn6-instance brief
13.3 display bgp vpnv6 vpn6-instance routing-table
13.4 display bgp vpnv6 vpn6-instance routing-table statistics
13.5 display ipv6 prefix-limit statistics
13.6 display ipv6 routing-table limit
13.7 display ipv6 routing-table vpn6-instance
13.8 display ipv6 vpn6-instance
13.9 link-alive
13.10 mpls l2vpn traffic-statistics capability enable

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

231

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

13.1 display bgp vpnv6 brief


Function
The display bgp vpnv6 brief command displays brief information about IPv6 VPN instances.

Format
display bgp vpnv6 vpn6-instance vpn-instance-name brief

Parameters
Parameter

Description

Value

all

Displays information about all


VPNv6 instances.

vpn6-instance vpn-instance- Specifies the name of a VPNv6 The value is a string of 1 to


name
instance.
31 case-sensitive characters
without spaces.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
After the display bgp vpnv6 brief command is used to display information about VPNv6
instances, the VPNv6 instances are displayed and arranged alphabetically by name.

Example
# Display brief information about VPNv6 and all IPv6 VPN instances.
<HUAWEI> display bgp vpnv6 vpn6-instance brief

VPN-Instance(IPv6family):
VPN-Instance Name
Num
vpna

Issue 04 (2014-07-30)

Peer Num
0

Route
0

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

232

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Table 13-1 Description of the display bgp vpnv6 all brief command output
Item

Description

Peer Num

Number of peers.

Route Num

Number of routes.

VPN-Instance Name

Name of a VPN instance.

13.2 display bgp vpnv6 vpn6-instance brief


Function
The display bgp vpnv6 vpn6-instance brief command displays brief information about IPv6
VPN instances.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-namebrief

Parameters
Parameter

Description

Value

vpn6-instance-name Specifies the name of a IPv6 VPNv6 The value is a string of 1 to 31


instance.
case-sensitive characters without
spaces.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
After the display bgp vpnv6 vpn6-instance brief command is used to display information about
VPNv6 instances, the VPNv6 instances are displayed and arranged alphabetically by name.

Example
# Display brief information about VPNv6 and all IPv6 VPN instances.
<HUAWEI> display bgp vpnv6 vpn6-instance vrf0 brief
VPN-Instance(IPv6-family):
VPN-Instance Name
Peer Num
vrf0
1

Issue 04 (2014-07-30)

Route Num
2

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

233

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Table 13-2 Description of the display bgp vpnv6 all brief command output
Item

Description

Peer Num

Number of peers.

Route Num

Number of routes.

VPN-Instance Name

Name of a VPN instance.

13.3 display bgp vpnv6 vpn6-instance routing-table


Function
The display bgp vpnv6 vpn6-instance routing-table command displays BGP VPNv6 routes.

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table [ ipv6-address [ prefixlength ] ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table as-path-filter { as-pathfilter-number | as-path-filter-name }
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table community
[ community-number | aa:nn ] &<1-29> [ internet | no-advertise | no-export | no-exportsubconfed ] * [ whole-match ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table community-filter
{ { community-filter-name | basic-community-filter-number } [ whole-match ] | advancedcommunity-filter-number }
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table different-origin-as
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table regular-expression asregular-expression
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table peer ipv6-address
{ advertised-routes [ ipv6address [ prefix-length [ longer-prefixes ] ] ] | received-routes
[ active ] }

Parameters
Parameter

Description

Value

vpn6-instance

Displays the BGP routes of a


specified an IPv6 address
family-enabled VPN instance
on the local end.

The value is a string of 1 to


31 case-sensitive characters
without spaces.

route-distinguisher routedistinguisher

Displays the BGP routes with


the specified RD.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

234

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Parameter

Description

ipv6-address

Specifies the IPv6 address of a peer to be displayed.

prefix-length

Specifies the prefix length of


an IPv6 address.

as-path-filter as-path-filternumber

Specifies the number of an


AS_Path filter.

The value of as-path-filternumber is an integer that


ranges from 1 to 256.

as-path-filter-name

Specifies the name of the


matching AS-Path filter.

The value is case-sensitive.

community

Displays the routes carrying


the specified BGP community
attribute in the routing table.

community-number

Specifies the community


number.

aa:nn

Specifies the community


number. A maximum of 29
community numbers can be
set.

internet

Displays the BGP routes


carrying the Internet
community attribute.

no-advertise

Displays the BGP routes


carrying the No-Advertise
community attribute.

no-export

Displays the BGP routes


carrying the No-Export
community attribute.

no-export-subconfed

Displays the BGP routes


carrying the No-ExportSubconfed community
attribute.

whole-match

Indicates exact matching.

community-filter

Displays the routes that match a specified BGP community


filter.

community-filter-name

Specifies the name of a


community filter.

basic-community-filternumber

Specifies the number of a basic community filter.

advanced-community-filternumber

Specifies the number of an


advanced community filter.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Value

235

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Parameter

Description

Value

different-origin-as

Displays the routes that have


the same destination address
but different source AS
numbers.

regular-expression asregular-expression

Specifies the regular


expression used to match the
AS_Path information.

The value is a string of 1 to


80 characters.

peer ipv6-address

Displays the BGP routes of a


specified peer.

advertised-routes

Displays the routes advertised to a specified peer.

longer-prefixes

Matches any route whose


prefix mask is longer than the
specified length.

received-routes

Displays the routes received


from a specified peer.

active

Displays the active routes


received from a specified peer.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Information about specified routes can be displayed by specifying different parameters.

Example
# Display the routes of an IPv6 address family-enabled VPN instance named vpn1 on the local
device.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number
*>i Network
NextHop
MED
Label
Path/Ogn

Issue 04 (2014-07-30)

of Routes: 2
: 2001::
: 2001::1
: 0
:
: 65410 ?

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

PrefixLen : 64
LocPrf
:
PrefVal
: 0

236

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference
*>i Network
NextHop
MED
Label
Path/Ogn

:
:
:
:
:

2002::
::FFFF:3.3.3.9
0
1037/NULL
?

13 VPN compatible command


PrefixLen : 64
LocPrf
: 100
PrefVal
: 0

# Display the BGP routes with a specified destination address of an IPv6 address family-enabled
VPN instance.
<HUAWEI> display bgp vpnv6 vpn6-instance vrf1 routing-table 2001::
BGP local router ID : 1.1.1.1
Local AS number : 100
Paths:
2 available, 1 best, 1 select
BGP routing table entry information of 2001::/64:
Imported route.
From: :: (0.0.0.0)
Route Duration: 1d03h46m24s
Direct Out-interface: Vlanif100
Original nexthop: ::
AS-path Nil, origin incomplete, MED 0, pref-val 0, valid, local, best, select,
pre 0
Advertised to such 1 peers:
2001::1
BGP routing table entry information of 2001::/64:
From: 2001::1 (10.10.10.10)
Route Duration: 02h39m43s
Direct Out-interface: Vlanif100
Original nexthop: 2001::1
AS-path 65410, origin incomplete, MED 0, pref-val 0, external, pre 255
Not advertised to any peer yet

# Display all BGP VPNv6 routes whose AS_Path attribute contains 65420.
<HUAWEI> display bgp vpnv6 all routing-table as-path-filter 1
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total number of routes from all PE: 1


Route Distinguisher: 100:1

*>

Network
NextHop
MED
Label
Path/Ogn

:
:
:
:
:

2001::
2001::1
0
NULL
65420 ?

PrefixLen : 64
LocPrf
:
PrefVal
: 0

VPN-Instance vpn1 :
Total Number
Network
NextHop
MED
Label
Path/Ogn

of Routes: 1
: 2001::
: 2001::1
: 0
:
: 65420 ?

PrefixLen : 64
LocPrf
:
PrefVal
: 0

# Display BGP4+ routes of the VPN instance named vpn1 whose AS path attribute contains
65420.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table as-path-filter 1

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

237

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

BGP Local router ID is 1.1.1.9


Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

VPN-Instance vpn1 :
Total Number
Network
NextHop
MED
Label
Path/Ogn

of Routes: 1
: 2001::
: 2001::1
: 0
:
: 65420 ?

PrefixLen : 64
LocPrf
:
PrefVal
: 0

# Display BGP4+ routes of the VPN instance named vpn1 and matching the BGP community
filter 1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table community-filter 1
whole-match
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

VPN-Instance vpn1 :
Total Number
Network
NextHop
MED
Label
*>i Network
NextHop
MED
Label

of Routes: 2
: 2001::
: 2001::1
: 0
:
: 2002::
: ::FFFF:3.3.3.9
: 0
: 1037/NULL

PrefixLen : 64
LocPrf
:
PrefVal
: 0
PrefixLen : 64
LocPrf
: 100
PrefVal
: 0

# Display all BGP4+ routes of the VPN instance named vpn1 and matching the AS regular
expression.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table regular-expression
^65420

BGP Local router ID is 1.1.1.9


Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

VPN-Instance
Network
NextHop
MED
Label
Path/Ogn

vpn1 :
: 2001::
: 2001::1
: 0
:
: 65420 ?

PrefixLen : 64
LocPrf
:
PrefVal
: 0

# Display all BGP4+ routes of the VPN instance named vpn1 that are received from the peer at
2001::1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2001::1 receivedroutes
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

238

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

h - history, i - internal, s - suppressed, S - Stale


Origin : i - IGP, e - EGP, ? - incomplete

Total Number
Network
NextHop
MED
Label
Path/Ogn

of Routes: 1
: 2001::
: 2001::1
: 0
:
: 65410 ?

PrefixLen : 64
LocPrf
:
PrefVal
: 0

# Display BGP4+ routes sent to the peer at 2001::1.


<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2001::1 advertisedroutes
BGP Local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete

Total Number
*>i Network
NextHop
MED
Label
Path/Ogn

of Routes: 1
: 2002::
: ::FFFF:3.3.3.9
: 0
: 1037/NULL
: ?

PrefixLen : 64
LocPrf
: 100
PrefVal
: 0

Table 13-3 Description of the display bgp vpnv6 vpn6-instance routing-table command output

Issue 04 (2014-07-30)

Item

Description

BGP Local router ID

ID of the local BGP router. The ID is in the same


format as an IPv4 address.

Total number of routes from all PE

Total number of BGP VPNv6 routes received by


the switch from its peer PEs.

Network

Destination network or host address of the route.

PrefixLen

Prefix length of the destination network or host


address of the route.

NextHop

IPv6 address of the next hop.

LocPrf

Local preference of the BGP route. The default


value is 100.

MED

MED of the route. The default value is 0.

PrefVal

Preferred value of the route.

Label

Label carried by the data packet destined for the


destination network or host address of the route.

Duration

Route duration.

Peer

IP addresses of the peer.

Path/Ogn

AS_Path number and Origin attribute of the route.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

239

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Item

Description

Local AS Number

Local AS number.

BGP routing table entry information of

Information about a specified BGP routing entry.

From

IPv6 address of the route originator.

Route Duration

Route duration.

Original nexthop

Original next hop.

AS-path

AS_Path attribute.
Nil indicates that the attribute value is null.

origin

Origin attribute of the BGP route.


The value can be IGP (for example, the routes
imported into the BGP routing table by using the
network (BGP) command), EGP (the routes
obtained by EGP), or Incomplete (the routes whose
origin cannot be identified, for example, the routes
imported into the BGP routing table by using the
import-route command).

MED

MED of a route.
The MED is used to identify the optimal route for
the traffic entering an AS. The route with the
smallest MED is selected as the optimal route if the
other attributes of the routes are the same.

pref-val

Preferred value.

valid

The BGP route is a valid route.

external

The BGP route is a external route.

best

The BGP route is the optimal route.

select

The BGP route is a preferred route.

Pre 255

The preference of the BGP route is 255.

Not advertised to any peer yet

The BGP route has not been advertised to any peer.

13.4 display bgp vpnv6 vpn6-instance routing-table


statistics
Function
The display bgp vpnv6 vpn6-instance routing-table statistics command displays statistics
about BGP VPNv6 routes.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

240

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Format
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics [ as-pathfilter { as-path-filter-number | as-path-filter-name } | different-origin-as ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics regularexpression as-regular-expression
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics community
[ community-number | aa:nn ] &<1-29> [ internet | no-advertise | no-export | no-exportsubconfed ] * [ whole-match ]
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table statistics communityfilter { { community-filter-name | basic-community-filter-number } [ whole-match ] | advancedcommunity-filter-number }
display bgp vpnv6 vpn6-instance vpn6-instance-name routing-table peer ipv6-address
{ advertised-routes | received-routes [ active ] } statistics

Parameters
Parameter

Description

Value

all

Displays statistics about all


BGP VPNv6 routes.

vpn6-instance-name

Displays statistics about the


It is a string of 1 to 31 caseBGP routes of a specified VPN sensitive characters without
instance.
any spaces.

as-path-filter

Displays the routes that match the specified filter.

as-path-filter-number

Specifies the number of the


matching AS-Path filter.

It is an integer that ranges


from 1 to 256.

as-path-filter-name

Specifies the name of the


matching AS-Path filter.

The name is a string of 1 to 51


characters without any space.
It is case-sensitive.

community

Displays statistics about the


routes carrying the specified
BGP community attribute in
the routing table.

community-number

Specifies the community


number.

It is an integer ranging from 0


to 4294967295.

aa:nn

Specifies the community


number.

Both aa and nn are integers


ranging from 0 to 65535.

internet

Displays statistics about the


BGP routes carrying the
Internet community attribute.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

241

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Parameter

Description

Value

no-advertise

Displays statistics about the


BGP routes carrying the NoAdvertise community
attribute.

no-export

Displays statistics about the


BGP routes carrying the NoExport community attribute.

no-export-subconfed

Displays statistics about the


BGP routes carrying the NoExport-Subconfed community
attribute.

whole-match

Indicates exact matching.

community-filter

Displays statistics about the


routes that match a specified
BGP community filter.

community-filter-name

Specifies the name of a


community filter.

The name is a string of 1 to 51


characters without any space.
It is case-sensitive.

basic-community-filternumber

Specifies the number of a basic It is an integer ranging from 1


community filter.
to 99.

advanced-community-filternumber

Specifies the number of an


advanced community filter.

different-origin-as

Displays statistics about the


routes that have the same
destination address but
different source AS numbers.

regular-expression asregular-expression

Specifies the regular


expression used to match the
AS_Path information.

active

Specifies the number of active routes.

peer ipv6-address

Displays statistics about the


BGP routes of a specified peer.

advertised-routes

Displays statistics about the


routes advertised to a specified
peer.

received-routes

Displays statistics about the


routes received from a
specified peer.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

It is an integer ranging from


100 to 199.

The value is a string of 1 to 80


characters.

242

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None

Example
# Display statistics about the routes of an IPv6 address family-enabled VPN instance named
vpn1 on the local device.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table statistics
Total Number of Routes: 5

# Display statistics of BGP routes sent by the local device to peer 2000::1 of the IPv6 VPN
instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2000::1 receivedroutes statistics
Received routes total: 2

# Display statistics about the IPv6 routes sent by the local device to peer 2000::1 in a VPN
instance named vpn1.
<HUAWEI> display bgp vpnv6 vpn6-instance vpn1 routing-table peer 2000::1 advertisedroutes statistics
Advertised routes total: 2
Default originated : 0

13.5 display ipv6 prefix-limit statistics


Function
The display ipv6 prefix-limit statistics command displays the statistics of the prefix limits of
IPv6 VPN instances.

Format
display ipv6 prefix-limit { all-vpn6-instance | vpn6-instance vpn-instance-name } statistics

Parameters
Parameter

Description

Value

all-vpn6-instance

Indicates all IPv6 VPN instances.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

243

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Parameter

Description

Value

vpn6-instance vpn-instance-name

Specifies the name of an IPv6 VPN instance.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
You can run the display ipv6 prefix-limit statistics command to view the number of times that
a protocol re-adds or deletes routes according to the prefix limit of a specified IPv6 VPN instance.

Example
# Display the statistics of the prefix limits of all IPv6 VPN instances.
<HUAWEI> display ipv6 prefix-limit all-vpn6-instance statistics
------------------------------------------------------------------------------IPv6 VPN instance name: vrf1
DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT
0
0
0
0
0
STATIC
0
0
0
0
0
OSPFv3
11
3
1
0
5
IS-IS
106
0
1
0
5
RIPng
98
0
1
1
5
BGP
2
0
1
1
5
-----------------------------------------------------------------------------IPv6 VPN instance name: VPN123

DIRECT
STATIC
OSPFv3
IS-IS
RIPng
BGP

DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute


0
0
0
0
0
0
0
0
0
0
11
3
1
0
5
106
0
1
0
5
98
0
1
1
5
2
0
1
1
5

Table 13-4 Description of the display ipv6 prefix-limit statistics command output

Issue 04 (2014-07-30)

Item

Description

DenyAdd

Number of routes that the protocol fails to add to the RIB


because of the prefix limit.

TryAddInDelState

Number of routes that the protocol fails to add to the RIB


because the RIB is in the process of deleting routes.

NotifyDelAll

Number of times that the RIB notifies the protocol of deleting


routes when the prefix limit is decreased.

NotifyDelFinish

Number of times that the protocol notifies the RIB of


completion of deleting routes.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

244

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Item

Description

NotifyAddRoute

Number of times that the RIB notifies the protocol of readding routes.

# Display the statistics of the prefix limit of the IPv6 VPN instance named vrf1.
<HUAWEI> display ipv6 prefix-limit vpn6-instance vrf1 statistics
------------------------------------------------------------------------------IPv6 VPN instance name: vrf1
DenyAdd TryAddInDelState NotifyDelAll NotifyDelFinish NotifyAddRoute
DIRECT
0
0
0
0
0
STATIC
0
0
0
0
0
OSPFv3
11
3
1
0
5
IS-IS
106
0
1
0
5
RIPng
98
0
1
1
5
BGP
2
0
1
1
5

13.6 display ipv6 routing-table limit


Function
The display ipv6 routing-table limit command displays limits on the numbers of routes and
prefixes of the IPv6 VPN instance.

Format
display ipv6 routing-table limit { all-vpn6-instance | vpn6-instance vpn-instance-name }

Parameters
Parameter

Description

Value

all-vpn-instance

Indicates all IPv6 VPN instances.

vpn-instance vpn-instance-name

Specifies the name of an IPv6 VPN instance.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
None.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

245

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Example
# Display limits on the numbers of routes and prefixes of all IPv6 VPN instances.
<HUAWEI> display ipv6 routing-table limit all-vpn-instance
Limit-Object
Limit-Type
Upper-Limit
Warning
Current
Log-Interval
---------------------------------------------------------------------------------IPv6 VPN Instance Name: VPN1
Route
Simply-Alert
5000
4223
5
Prefix
Alert-Percent 1000
800
760
5
---------------------------------------------------------------------------------IPv6 VPN Instance Name: VPN1234567890123456789123456789
Route
Alert-Percent 2000
1000
823
5
Prefix
Default
760
5

Table 13-5 Description of the display ipv6 routing-table limit command output
Item

Description

Limit-Object

Indicates the object whose total number is limited:


l Prefix
l Route

Limit-Type

Indicates the limit mode for the routes and prefixes in


the current routing table:
l Simply-Alert: indicates that only alarms are
generated after the number of routes or prefixes
exceeds the upper limit.
l Alert-Percent: indicates the percentage of the
alarm threshold of routes.
l Default: indicates that the number of routes or
prefixes is not limited by default.

Upper-Limit

Indicates the upper limit of routes or prefixes in the


current routing table.

Warning

Indicates the alarm threshold of routes or prefixes in


the current routing table.

Current

Indicates the number of routes or prefixes in the


current routing table.

Log-Interval

Indicates the frequency of displaying logs when the


number of routes or prefixes in the current routing
table exceeds the upper limit, in seconds.

# Display limits on the numbers of routes and prefixes of the IPv6 VPN instance named vpn1.
<HUAWEI> display ipv6 routing-table limit vpn-instance vpn1
IPv6 VPN Instance Name: vpn1
Limit-Object
Limit-Type
Upper-Limit
Warning
Current
Route
Simply-Alert
5000
4223
Prefix
Alert-Percent
1000
800
760

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

Log-Interval
5
5

246

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

13.7 display ipv6 routing-table vpn6-instance


Function
The display ipv6 routing-table vpn6-instance command displays the routing table of the VPN
instance.

Format
display ipv6 routing-table vpn6-instance vpn6-instance-name [ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name acl { acl6-number | acl6name } [ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address [ prefix-length ]
[ longer-match ] [ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address1 [ prefixlength1 ] ipv6-address2 prefix-length2 [ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-prefix ipv6-prefix-name
[ verbose ]
display ipv6 routing-table vpn6-instance vpn6-instance-name statistics
display ipv6 routing-table vpn6-instance vpn6-instance-name protocol protocol [ inactive |
verbose ]

Parameters
Parameter

Description

Value

vpn6-instance-name

Specifies the name of an VPN


instance.

The value is a string of 1 to


31 case-sensitive characters
without spaces.

verbose

Displays detailed information about active and inactive routes


in the routing table of the
current VPN instance.

acl

Uses ACL6 to filter the


command output. If the
specified ACL6 does not exist,
information about all active
routes is displayed.

acl6-number

Specifies the number of a basic The value is an integer that


ACL6.
ranges from 2000 to 2999.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

247

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Parameter

Description

Value

acl6-name

Specifies the name of a Named The value is a string of 1 to


ACL6.
32 case-sensitive characters
without spaces, begin with
a~z or A~Z.

longer-match

Displays only the VPN routes


that match the specified
network and mask.

ipv6-address

Specifies the destination IPv6


address.

prefix-length

Specifies the length of the IPv6 The value is an integer that


address prefix.
ranges from 0 to 128.

ipv6-address1 / ipv6address2

Specifies the IPv6 address.


ipv6-address1 and ipv6address2 together determine an
address range. Only the VPN
routes in the address range are
displayed.

prefix-length1/prefix-length2 Specifies the length of the IPv6 The value is an integer that
address prefix.
ranges from 0 to 128.
ipv6-prefix ipv6-prefix-name Specifies the name of the IPv6 A string of 1 to 19 characters.
prefix list.
statistics

Displays integrated route


statistics in the routing table of
the VPN instance.

protocol

Displays the routes of a


specified protocol.

protocol

Displays the routes of a


specified protocol. It can be one
of the following keywords:

l direct: displays direct IPv6


routes.
l static: displays IPv6 static
routes.
l bgp: displays BGP4+
routes.
l isis: displays IS-IS IPv6
routes.
l ospfv3: displays OSPFv3
routes.
l ripng: displays RIPng
routes.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

248

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Parameter

Description

Value

inactive

Displays the summary of


inactive routes only.

Views
All views

Default Level
1: Monitoring level

Usage Guidelines
Usage Scenario
The command output includes the destination address, prefix length, protocol type, preference,
cost, next hop, and outbound interface.
NOTE

An iterated route is counted as one route no matter how many outbound interfaces and next hops the route
finds.

This command without the parameter verbose displays the currently preferred routes only.
When using the display ipv6 routing-table vpn6-instance vpn6-instance-name ipv6-address
prefix-length [ longer-match ] [ verbose ] command, you can select parameters in the command
as required.
l

If ipv6-address prefix-length is specified, the VPN routes that accurately match the
destination address are displayed.

If ipv6-address prefix-length longer-match is specified, the IPv6 routes with the


destination address within the specified address range are displayed. If the prefix length is
0, all routes in the routing table of the VPN instance are displayed.

For example, there are four routes in the routing table of the VPN instance named vpna,
2000::20/128, 2000::/100, 2000::/64, and 1000::/64.
l

If the display ipv6 routing-table vpn6-instance vpna 2000:: 64 command is used, only
2000::/64 is displayed.

If the display ipv6 routing-table vpn6-instance vpna 2000:: command is used, only
2000::/100 is displayed.

If the display ipv6 routing-table vpn6-instance vpna 2000:: 127 longer-match


command is used, only 2000::/100 and 2000::/64 are displayed.

If the display ipv6 routing-table vpn6-instance vpna 2000:: 0 longer-match command


is used, four routes are displayed.

Precautions
If the specified ip-prefix ip-prefix-name does not exist, the command displays all of the currently
preferred routes.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

249

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Example
# Display the summary of the routing table of the VPN instance named vpn1.
<HUAWEI> display ipv6 routing-table vpn6-instance vpn1
Routing Table : vpn1
Destinations : 1
Routes : 1
Destination
NextHop
Cost
RelayNextHop
Interface

:
:
:
:
:

7777:5:344::
3335::2
0
::
Vlanif10

PrefixLength
Preference
Protocol
TunnelID
Flags

:
:
:
:
:

48
255
BGP
0x0
D

Table 13-6 Description of the display ipv6 routing-table vpn6-instance command output
Item

Description

Routing Table : vpn1

VPN routing table named vpn1.

Destinations

Total number of destination networks or hosts.

Destination

Address of the destination network or host.

Routes

Total number of routes.

PrefixLength

Length of the prefix.

NextHop

IPv6 address of the adjacent next hop through


which the packet reaches the destination.

Preference

Preference of the route.

Cost

Route cost.

Protocol

Routing protocol name.

RelayNextHop

Iterated next hop.

TunnelID

Tunnel ID.
The value 0x0 indicates that no tunnel is used or
the tunnel is not set up.

Interface

Outbound interface through which the next hop is


reachable.

Flags

Route flags.

# Display detailed information about the route 200:0:1:2::1 of the VPN instance after the instance
is enabled with VPN FRR.
<HUAWEI> display ipv6 routing-table vpn6-instance vrf1 200:0:1:2::1 verbose
Routing Table : vrf1
Summary Count : 1
Destination
NextHop
Neighbour

Issue 04 (2014-07-30)

: 200:0:1:2::1
: ::FFFF:192.168.100.6
: ::192.168.100.6

PrefixLength : 128
Preference
: 255
ProcessID
: 0

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

250

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference
Label
:
State
:
Entry ID
:
Reference Cnt:
Priority
:
IndirectID
:
RelayNextHop :
Interface
:
BkNextHop
:
BkPETunnelID :

13313
Active Adv Relied
14
1
low
0x0
::
NULL0
::FFFF:192.168.100.7
0x100c

13 VPN compatible command


Protocol
Cost
EntryFlags
Tag
Age

:
:
:
:
:

BGP
0
0x80024904
0
393sec

TunnelID
Flags
BkLabel

: 0x100a
: RD
: 13313

Table 13-7 Description of the display ipv6 routing-table vpn6-instance verbose command output
Item

Description

Summary Count

Total number of route prefixes.

Neighbour

IP address of the neighbor interface.

ProcessID

Process ID of the routing protocol.

Label

Label value carried by the route.

State

Route status:
l Active: indicates active routes.
l Invalid: indicates invalid routes.
l Inactive: indicates inactive routes.
l NoAdv: indicates the routes that cannot be
advertised.
l Adv: indicates the routes that can be advertised.
l Del: indicates the routes to be deleted.
l Relied: indicates the route that finds the next
hop and outbound interface or the route that
finds the tunnel during packet forwarding.
l Stale.: indicates the routes with the stale flag.
The routes are used in GR.

Issue 04 (2014-07-30)

Entry ID

Keyword of the retrieval index of routes in the


routing table.

EntryFlags

Information about route flags.

Refernce Cnt

Number of times that the route is referenced.

Tag

Tag for importing routes. The value is an integer


ranging from 0 to 4294967295.

Priority

Priority of the route.

Age

Time since the route is generated.

IndirectID

Indirect ID of the next hop.

BkNextHop

Backup next hop.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

251

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Item

Description

BkLabel

Backup label.

BkPETunnelID

Backup Tunnel ID.

# Display the statistics of the routing table of the VPN instance named vpn1.
<HUAWEI> display ipv6 routing-table vpn6-instance vpn1 statistics
Summary prefixes: 6
Protocol
route
active
added
deleted
freed
DIRECT
4
4
4
0
0
STATIC
2
1
2
0
0
RIPng
0
0
0
0
0
OSPFv3
0
0
0
0
0
IS-IS
0
0
0
0
0
BGP
0
0
0
0
0
UNR
0
0
0
0
0
Total
6
5
6
0
0

Table 13-8 Description of the display ipv6 routing-table statistics command output
Item

Description

Summary prefixes

Total number of prefixes in the current routing


table.

route

Indicates the total number of active and inactive


routes in the current routing table.

active

Number of active routes.

added

Number of active and inactive routes added in the


routing table.

deleted

Number of routes deleted from the routing table.

freed

Number of released routes that are permanently


deleted from the routing table.

# Display all the direct routes of the VPN instance named vpn1.
<HUAWEI> display ipv6 routing-table vpn6-instance vpn1 protocol direct
vpn1 Routing Table : Direct
Summary Count : 3
Direct Routing Table's Status : < Active >
Summary Count : 3

Issue 04 (2014-07-30)

Destination
NextHop
Cost
RelayNextHop
Interface

:
:
:
:
:

3335::
3335::1
0
::
Vlanif10

Destination
NextHop

: 3335::1
: ::1

Flags

PrefixLength
Preference
Protocol
TunnelID
: D

:
:
:
:

64
0
Direct
0x0

PrefixLength : 128
Preference
: 0

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

252

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference
Cost
: 0
RelayNextHop : ::
Interface
: Vlanif10

13 VPN compatible command

Flags

Destination : FE80::
NextHop
: ::
Cost
: 0
RelayNextHop : ::
Interface
: NULL0
Direct Routing Table's Status : < Inactive >
Summary Count : 0

Protocol
TunnelID
: D

: Direct
: 0x0

PrefixLength
Preference
Protocol
TunnelID
Flags

:
:
:
:
:

10
0
Direct
0x0
D

Table 13-9 Description of the display ipv6 routing-table vpn6-instance protocol command
output
Item

Description

Active

Active routes.

Inactive

Inactive routes.

13.8 display ipv6 vpn6-instance


Function
The display ipv6 vpn6-instance command displays information about an IPv6 VPN instance.

Format
display ipv6 vpn6-instance [ brief | verbose ] [ vpn6-instance-name ]

Parameters
Parameter

Description

Value

brief

Displays summary information


about an IPv6 VPN instance.

verbose

Displays detailed information about the IPv6 VPN instances and their
associated interfaces.

vpn6-instance-name Specifies the name of an IPv6 VPN The name is a string of 1 to 31


instance.
case-sensitive characters.

Views
All views

Default Level
1: Monitoring level
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

253

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Usage Guidelines
If a VPN instance is configured, you can check the configuration of the instance by using the
display ipv6 vpn6-instance command. You can also use this command to view the VPN
instances configured on the local device.
When no parameters are specified, the command displays brief information about all the
configured VPN instances.

Example
# View brief information about all the configured IPv6 VPN instances.
<HUAWEI> display ipv6 vpn6-instance
Total VPN-Instances configured
:
3
Total IPv4 VPN-Instances configured :
2
Total IPv6 VPN-Instances configured :
1

VPN-Instance Name
family

RD

Address-

vpn1
vpna
IPv4
vpna
IPv6
vpnb

100:1
100:3
100:2

IPv4

Table 13-10 Description of the display ip vpn-instance command output

Issue 04 (2014-07-30)

Item

Description

Total VPN-Instances configured

Total number of VPN instances configured


on the local end.

Total IPv4 VPN-Instances configured

Total number of locally configured VPN


instances for which IPv4 address families are
enabled.

Total IPv6 VPN-Instances configured

Total number of locally configured VPN


instances for which IPv6 address families are
enabled.

VPN-Instance Name

Name of the VPN instance.

RD

RD of the VPN instance IPv4 address


family or IPv6 address family.

Creation Time

Time when an IPv4 or IPv6 address family is


enabled for the VPN instance.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

254

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Item

Description

Address-family

Address family enabled for the VPN instance.


The address family can be:
l Null, if no address family is enabled.
l ipv4, if only the IPv4 address family is
enabled.
l ipv6, if only the IPv6 address family is
enabled.

<HUAWEI> display ipv6 vpn6-instance brief


Total VPN-Instances configured
:
3
Total IPv4 VPN-Instances configured :
2
Total IPv6 VPN-Instances configured :
1

VPN-Instance Name
family

RD

Address-

vpn1
vpna
IPv4
vpna
IPv6
vpnb

100:1
100:3
100:2

IPv4

# View detailed information about all IPv6 VPN instances.


<HUAWEI> display ipv6 vpn6-instance verbose
Total VPN-Instances configured
: 1
Total IPv4 VPN-Instances configured : 1
Total IPv6 VPN-Instances configured : 1
VPN-Instance Name and ID : vpna, 6
Description : vpna-1
Service ID : 12
Interfaces : Vlanif10
Address family ipv4
Create date : 2012/12/3 15:36:20 UTC+08:00
Up time : 6 days, 04 hours, 41 minutes and 57 seconds
Route Distinguisher : 100:1
Export VPN Targets : 1:1
Import VPN Targets : 1:1
Label Policy : label per instance
Per-Instance Label : 1024
IP FRR Route Policy : 20
VPN FRR Route Policy : 12
Import Route Policy : 10
Export Route Policy : 20
Tunnel Policy : bindTE
Maximum Routes Limit : 2000
Threshold Routes Limit : 80%
Maximum Prefixes Limit : 1024
Threshold Prefixes Limit : 50%
Install Mode : route-unchanged
Log Interval : 10
Address family ipv6

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

255

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Create date : 2012/12/3 15:36:20 UTC+08:00


Up time : 6 days, 04 hours, 41 minutes and 57 seconds
Log Interval : 5

Table 13-11 Description of the display ip vpn-instance verbose command output

Issue 04 (2014-07-30)

Item

Description

Total VPN-Instances configured

Total number of VPN instances configured


on the local end.

Total IPv4 VPN-Instances configured

Total number of locally configured VPN


instances for which IPv4 address families are
enabled.

Total IPv6 VPN-Instances configured

Total number of locally configured VPN


instances for which IPv6 address families are
enabled.

VPN-Instance Name and ID

Name and ID of the VPN instance. The ID is


assigned by the system, which facilitates
indexing.

Description

Description of the VPN instance. This field is


displayed in the command output only when
the description (VPN instance view)
command is used.

Service ID

Service ID of the VPN instance. This item is


displayed only after the service-id (VPN
instance view) command is run in the VPN
instance view.

Interfaces

Interfaces bound to the VPN instance. This


field is displayed only after the ip binding
vpn-instance command is configured on
these interfaces.

Address family ipv4

Information about the IPv4 address family


enabled for the VPN instance.

Address family ipv6

Information about the IPv6 address family


enabled for the VPN instance.

Create date

Time when the VPN instance is created.

Up time

Period during which the VPN instance


maintains in the Up state.

Route Distinguisher

RD of the VPN instance IPv4 address family


or IPv6 address family

Export VPN Targets

Route Target list in the outbound direction.


To set the VPN target, run the vpn-target
command.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

256

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Item

Description

Import VPN Targets

Route Target list in the inbound direction. To


set the VPN target, run the vpn-target
command.

Label Policy

Label policy:
l label per instance: indicates that the same
label is allocated to routes of a VPN
instance. This field is displayed in the
command output only when the applylabel per-instance command is run in the
VPN instance view.
l label per route: indicates that each route
of a VPN instance is assigned a label.
Label allocation for routes of a VPN
instance is implemented in this mode.

Issue 04 (2014-07-30)

Per-Instance Label

Label value used when all VPN routes of the


VPN instance address family share one
label. This field is displayed only after the
apply-label per-instance command is run in
the VPN instance address family view.

IP FRR Route Policy

IP FRR route policy used for the address


family. This item is displayed only after the
ip frr command is run in the VPN instance
IPv4 address family view.

VPN FRR Route Policy

VPN FRR route policy used for the address


family. This item is displayed only after the
vpn frr command is run in the VPN instance
IPv4 address family view.

Import Route Policy

Import Route-Policy applied to the VPN


instance. This field is displayed only after the
import route-policy command is run in the
VPN instance address family view.

Export Route Policy

Export Route-Policy applied to the VPN


instance. This field is displayed only after the
export route-policy command is run in the
VPN instance address family view.

Tunnel Policy

Tunnel policy applied to the VPN instance.


This field is displayed only after the tnlpolicy command is run in the VPN instance
address family view.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

257

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

Item

Description

Maximum Routes Limit

Maximum number of routes supported by the


current address family. This field is displayed
only after the routing-table limit command
is run in the VPN instance address family
view.

Threshold Routes Limit

Percentage of the maximum number of routes


specified for the current address family.
When the maximum number of routes
reaches the percentage threshold, an alarm is
generated.This field is displayed only after
the routing-table limit command is run in the
VPN instance address family view.

Maximum Prefixes Limit

Maximum number of prefixes supported by


the current address family of the VPN
instanceThis field is displayed only after the
prefix limit command is run in the VPN
instance address family view.

Threshold Prefixes Limit

Percentage of the maximum number of


prefixes specified for the current address
family of the VPN instance. When the
maximum number of prefixes reaches the
percentage threshold, an alarm is
generated.This field is displayed only after
the prefix limit command is run in the VPN
instance address family view.

Install Mode

Method of processing routes. The prefix


limit command can be used to specify the
route processing method when the threshold
is lowered due to the number of route prefixes
exceeding the upper threshold.
l If route-unchanged is configured, routes
in the routing information base (RIB)
table remain unchanged.
l If route-unchanged is not configured, all
routes in the RIB table are deleted and the
routes are re-installed in the RIB table.

Log Interval

Issue 04 (2014-07-30)

Interval for displaying log messages when the


number of VPN instance routes exceeds the
maximum value. The default interval is 5
seconds. The value can be set by the
command limit-log-interval.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

258

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

13.9 link-alive
Function
The link-alive command enables the link-alive function on a GRE tunnel.
The undo link-alive command disables the link-alive function on a GRE tunnel.
By default, the link-alive function is disabled on a GRE tunnel.

Format
link-alive [ period period ] [ retry-times retry-times ]
undo link-alive

Parameters
Parameter

Description

Value

period

Specifies the interval for sending


link-alive packets.

The value is an integer that


ranges from 1 to 32767, in
seconds. The default value is 5.

retry-times retry-times Specifies the tunnel-unreachable


counter value.

The value is an integer that


ranges from 1 to 255. The
default value is 3.

Views
Tunnel interface view

Default Level
2: Configuration level

Usage Guidelines
The link-alive function takes effect on a GRE tunnel immediately after you run the link-alive
command on the tunnel interface. After you run the undo link-alive command, the link-alive
function immediately becomes invalid. The source end of a GRE tunnel periodically sends linkalive packets. The tunnel-unreachable counter increases by 1 every time a link-alive packet is
sent. If the source end does not receive any response packet when the tunnel-unreachable counter
value reaches retry-times, the source end considers the remote end unreachable.

Example
# Enable the link-alive function on a GRE tunnel and retain the default parameter values.
<HUAWEI> system-view
[HUAWEI] interface tunnel 1

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

259

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

[HUAWEI-Tunnel1] tunnel-protocol gre


[HUAWEI-Tunnel1] link-alive

# Disable the link-alive function on a GRE tunnel.


<HUAWEI> system-view
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] undo link-alive

# Enable the link-alive function on a GRE tunnel. Set the interval for sending link-alive packets
to 12 seconds and retain the default tunnel-unreachable counter value.
<HUAWEI> system-view
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] link-alive period 12

# Enable the link-alive function on a GRE tunnel. Set the interval for sending link-alive packets
to 12 seconds and the tunnel-unreachable counter to 4.
<HUAWEI> system-view
[HUAWEI] interface tunnel 1
[HUAWEI-Tunnel1] link-alive period 12 retry-times 4

13.10 mpls l2vpn traffic-statistics capability enable


Function
The mpls l2vpn traffic-statistics capability enable command enables VLL traffic statistics.
The undo mpls l2vpn traffic-statistics capability command disables VLL traffic statistics.
By default, VLL traffic statistics function is disabled..

Format
mpls l2vpn traffic-statistics capability enable
undo mpls l2vpn traffic-statistics capability

Parameters
None.

Views
System view

Default Level
2: Configuration level

Usage Guidelines
The traffic statistics function takes effect only on the VLLs created after you run the mpls l2vpn
traffic-statistics capability enable or mpls l2vpn traffic-statistics enable command.
Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

260

S2750&S5700&S6700 Series Ethernet Switches


Compatible Commands Reference

13 VPN compatible command

After you run the mpls l2vpn traffic-statistics capability enable command to enable VLL
traffic statistics, you can run the display traffic-statistics l2vpn interface command to view
the traffic statistics result.

Example
# Enable L2VPN traffic statistics.
<HUAWEI>system-view
[HUAWEI] mpls l2vpn traffic-statistics capability enable
Info: The modification can only take effect for newly created VC.

System Response
None.

Issue 04 (2014-07-30)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd.

261

You might also like