3COM Switch 7700 Command Refference Guide

Switch 7700Command Reference Guide - Version 3.0

http://www.3com.com/

Part number: 10014297Published: November 2004

3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064

Copyright © 2004, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com and the 3Com logo are registered trademarks of 3Com Corporation.

ntel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.

IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.

All other company and product names may be trademarks of the respective companies with which they are associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.

CONTENTS

ABOUT THIS GUIDE

About This Software Version 21Organization of this Manual 21Intended Readership 22Conventions 22Related Manuals 23

1 USING SYSTEM ACCESS COMMANDS

Logging in Commands 26authentication-mode 26auto-execute command 26command-privilege level 27databits 28display history-command 29display user-interface 29display users 31flow-control 31free user-interface 32header 32history-command max-size 33idle-timeout 34lock 35modem 35modem auto-answer 35modem timer answer 36parity 36protocol inbound 37quit 38return 38screen-length 38send 39service-type 39set authentication password 41shell 41speed 42stopbits 42super 43super password 44

sysname 44system-view 45telnet 45user-interface 46user privilege level 46

2 USING PORT COMMANDS

Ethernet Port Configuration Commands 50broadcast-suppression 50copy configuration 50description 51display interface 52display mirroring-group 54display port 55duplex 55flow-control 56interface 56jumboframe enable 57mac-address max-mac-count 58mdi 58port access vlan 59port hybrid pvid vlan 59port hybrid vlan 60port link-type 61port trunk permit vlan 62port trunk pvid vlan 62reset counters interface 63shutdown 64speed 64vlan-vpn 65

Ethernet Port Link Aggregation Commands 65display link-aggregation 66link-aggregation 66

3 USING VLAN COMMANDS

VLAN Configuration Commands 69broadcast-suppression 70description 70display interface VLAN-interface 71display vlan 71interface VLAN-interface 73shutdown 73vlan 74

Port-Based Configuration Commands 74port 74

Protocol-Based VLAN Configuration Commands 75

display vlan-protocol interface 75display protocol-vlan 76port hybrid protocol-vlan 77protocol-vlan 78

GARP Configuration Commands 78display garp statistics 78display garp timer 80garp timer 81garp timer leaveall 81reset garp statistics 82

GVRP Configuration Commands 83display gvrp statistics 83display gvrp status 84gvrp 84gvrp registration 85

4 USING NETWORK PROTOCOL COMMANDS

IP Address Configuration Commands 89display ip host 89display ip interface vlan-interface 89ip address 90ip host 91

ARP Configuration Commands 91arp check enable 92arp static 92arp timer aging 93debugging arp 93display arp 94display arp timer aging 95gratuitous-arp-learning enable 95reset arp 96

DHCP Relay Configuration Commands 98address-check disable 98address-check enable 98debugging dhcp-relay 98dhcp-security static 99dhcp-server 100dhcp-server ip 100display dhcp-security 101display dhcp-server 102display dhcp-server interface vlan-interface 102

IP Performance Configuration Commands 103display fib 103display icmp statistics 104display ip socket 105display ip statistics 106display tcp statistics 107

display tcp status 108display udp statistics 109ip 109ip forward-broadcast 110reset ip statistics 110reset tcp statistics 111reset udp statistics 111tcp timer fin-timeout 112tcp timer syn-timeout 112tcp window 113

IPX Configuration Commands 113display ipx interface 113display ipx routing-table 114display ipx service table 117display ipx statistics 118ipx enable 119ipx encapsulation 120ipx netbios-propagation 120ipx network 121ipx rip import-route static 121ipx rip mtu 122ipx rip multiplier 122ipx rip timer update 123ipx route-static 123ipx route load-balance-path 124ipx route max-reserve-path 125ipx sap disable 125ipx sap gns-disable-reply 126ipx sap gns-load-balance 126ipx sap max-reserve-servers 127ipx sap mtu 127ipx sap multiplier 128ipx sap timer update 128ipx service 129ipx split-horizon 129ipx tick 130ipx update-change-only 130reset ipx statistics 131reset ipx routing-table statistics protocol 131

5 USING ROUTING PROTOCOL COMMANDS

Routing Table Display Commands 139display ip routing-table 139display ip routing-table acl 139display ip routing-table ip_address 141display ip routing-table ip_address1 ip_address2 142display ip routing-table ip-prefix 143

display ip routing-table protocol 144display ip routing-table radix 146display ip routing-table statistics 146display ip routing-table verbose 147

Static Route Configuration Command 148delete static-routes all 148ip route-static 149

RIP Configuration Commands 150checkzero 151default cost 151display rip 152filter-policy export 152filter-policy import 153host-route 154import-route 154network 155peer 156preference 157reset 157rip 157rip authentication-mode 158rip input 159rip metricin 160rip metricout 161rip output 161rip split-horizon 162rip version 162rip work 163summary 164timers 164

OSPF Configuration Commands 165abr-summary 165area 166asbr-summary 166authentication-mode 167default cost 168default interval 168default limit 169default tag 169default type 170default-cost 171default-route-advertise 171display debugging ospf 172display ospf abr-asbr 173display ospf asbr-summary 173display ospf brief 174display ospf cumulative 175display ospf error 176

display ospf interface 176display ospf lsdb 177display ospf nexthop 178display ospf peer 179display ospf request-queue 180display ospf retrans-queue 181display ospf routing 181display ospf vlink 182filter-policy export 183filter-policy import 183import-route 184network 185nssa 185ospf 186ospf authentication-mode 187ospf cost 188ospf dr-priority 188ospf mib-binding 189ospf mtu-enable 189ospf network-type 190ospf timer dead 191ospf timer hello 192ospf timer poll 192ospf timer retransmit 193ospf trans-delay 193peer 194preference 195reset ospf all 195router id 196silent-interface 197snmp-agent trap enable ospf 197spf-schedule-interval 198stub 199vlink-peer 199

Integrated IS-IS Configuration Commands 200area-authentication- mode 200cost-style 201default-route-advertise 202display isis interface 203display isis lsdb 204display isis mesh-group 204display isis peer 205display isis route 206display isis spf-log 206domain-authentication-mode 207filter-policy export 208filter-policy import 208

ignore-lsp-checksum- error 209import-route 210isis 211isis authentication-mode 211isis circuit-level 212isis cost 213isis dis-priority 214isis enable 214isis mesh-group 215isis timer csnp 216isis timer dead 217isis timer hello 218isis timer lsp 218isis timer retransmit 219is-level 219log-peer-change 220md5-compatible 221network-entity 221preference 222reset isis all 222reset isis peer 223set-overload 223silent-interface 224spf-delay-interval 224spf-slice-size 225summary 226timer lsp-max-age 227timer lsp-refresh 227timer spf 228

BGP Configuration Commands 228aggregate 229bgp 229compare-different-as- med 230confederation id 230confederation nonstandard 231confederation peer-as 232dampening 232debugging bgp 233default local-preference 234default med 235display bgp group 235display bgp network 236display bgp paths 237display bgp peer 238display bgp routing-table 239display bgp routing-table as-path-acl 240

display bgp routing-table cidr 241display bgp routing-table community 241display bgp routing-table community-list 242display bgp routing-table dampened 243display bgp routing-table different-origin-as 244display bgp routing-table flap-info 244display bgp routing-table peer 246display bgp routing-table regular-expression 247filter-policy export 248filter-policy import 248group 249import-route 250ip as-path acl 250ip community-list 251network 252peer advertise-community 252peer allow-as-loop 253peer as-number 253peer as-path-acl export 254peer as-path-acl import 254peer connect-interface 255peer default-route-advertise 256peer description 256peer ebgp-max-hop 257peer enable 257peer filter-policy export 258peer filter-policy import 259peer group 259peer ip-prefix export 260peer ip-prefix import 260peer next-hop-local 261peer password 262peer public-as-only 262peer reflect-client 263peer route-policy export 264peer route-policy import 264peer route-update-interval 265peer timer 265preference 266reflect between-clients 267reflector cluster-id 267refresh bgp 268reset bgp 268reset bgp flap-info 269reset bgp group 269reset dampening 270summary automatic 270timer 271

undo synchronization 271IP Routing Policy Configuration Commands 272

apply as-path 272apply community 272apply cost 273apply cost-type 274apply ip next-hop 274apply isis 275apply local-preference 275apply origin 276apply tag 277display ip ip-prefix 277display route-policy 278filter-policy export 278filter-policy import 279if-match 280if-match as-path 280if-match community 281if-match cost 282if-match interface 282if-match ip next-hop 283if-match tag 284ip ip-prefix 284route-policy 286

Route Capacity Configuration Commands 287display memory limit 287memory auto-establish disable 288memory auto-establish enable 288memory 289

6 USING MULTICAST PROTOCOL COMMANDS

GMRP Configuration Commands 292debugging gmrp 292display gmrp statistics 293display gmrp status 294gmrp 294

IGMP Snooping Configuration Commands 295display igmp-snooping configuration 295display igmp-snooping group 295display igmp-snooping statistics 296igmp-snooping 297igmp-snooping host-aging-time 297igmp-snooping max-response-time 298igmp-snooping router-aging-time 299reset igmp-snooping statistics 299

Multicast Common Configuration Commands 300debugging multicast forwarding 300

debugging multicast kernel-routing 300debugging multicast status-forwarding 300display multicast forwarding-table 301display multicast routing-table 301multicast route-limit 302multicast routing-enable 303reset multicast forwarding-table 303reset multicast routing-table 304

IGMP Configuration Commands 305debugging igmp 305display igmp group 306display igmp interface 306igmp enable 307igmp group-limit 308igmp group-policy 308igmp host-join 309igmp lastmember-query interval 310igmp max-response-time 311igmp robust-count 311igmp timer other-querier-present 312igmp timer query 313igmp version 313reset igmp group 314

PIM Configuration Commands 315bsr-policy 315c-bsr 316c-rp 316crp-policy 317debugging pim common 318debugging pim dm 319debugging pim sm 319display pim bsr 320display pim interface 320display pim neighbor 321display pim routing-table 322display pim rp-info 322pim 323pim bsr-boundary 323pim dm 324pim neighbor-limit 325pim neighbor-policy 325pim sm 326pim timer hello 326reset pim neighbor 327reset pim routing-table 327source-policy 328static-rp 329

7 USING QOS/ACL COMMANDS

ACL Configuration Command List 332acl 332acl mode 333display acl config 334display acl mode 335display acl running-packet-filter 335display time-range 336packet-filter 336reset acl counter 338rule 338time-range 342

QoS Configuration Commands List 343display mirroring-group 343display priority-trust 343display qos cos-local-precedence- map 343display qos-interface all 344display qos-interface line-rate 344display qos-interface traffic-bandwidth 345display qos-interface traffic-limit 346display qos-interface traffic-priority 346display qos-interface traffic-red 347display qos-interface traffic-redirect 347display qos-interface traffic-statistic 348line-rate 349mirroring-group 349priority 350priority trust 351qos 352qos cos-local-precedence- map 353reset traffic-statistic 354traffic-bandwidth 355traffic-limit 357traffic-priority 358traffic-red 360traffic-redirect 361traffic-statistic 362

Logon User’s ACL Control Command 363acl 363snmp-agent community 364snmp-agent group 364snmp-agent usm-user 366

8 USING STP COMMANDS

MSTP Configuration Commands 370

active region-configuration 370check region-configuration 371display stp 371display stp region-configuration 373instance 374region-name 375reset stp 375revision-level 376stp 376stp bpdu-protection 377stp bridge-diameter 378stp edged-port 379stp instance cost 380stp instance port priority 380stp instance root primary 381stp instance root secondary 382stp interface 383stp interface edged-port 384stp interface instance cost 385stp interface instance port priority 386stp interface loop-protection 387stp interface mcheck 387stp interface point-to-point 388stp interface root-protection 389stp interface transit-limit 390stp loop-protection 390stp max-hops 391stp mcheck 392stp mode 392stp pathcost-standard 393stp point-to-point 393stp priority 394stp region-configuration 395stp root-protection 395stp tc-protection 396stp timer forward-delay 396stp timer hello 397stp timer max-age 398stp transit-limit 399vlan-mapping modulo 400

9 USING AAA AND RADIUS COMMANDS

802.1x Configuration Commands 402display dot1x 402dot1x 404dot1x authentication-method 405dot1x dhcp-launch 406

dot1x max-user 406dot1x port-control 407dot1x port-method 408dot1x quiet-period 409dot1x retry 410dot1x supp-proxy-check 411dot1x timer 412dot1x timer handshake-period 413reset dot1x statistics 413

AAA Configuration Commands 414access-limit 414attribute 415cut connection 416display connection 417display domain 418display local-user 419domain 420idle-cut 421local-user 422local-user password-display-mode 422password 423radius-scheme 424service-type 424state 425

RADIUS Protocol Configuration Commands 426accounting optional 426data-flow-format 427display local-server statistics 427display radius 428display radius statistics 429display stop-accounting-buffer 430key 431local-server 432primary accounting 433primary authentication 434radius scheme 434reset stop-accounting-buffer 435retry 436retry realtime-accounting 437retry stop-accounting 438secondary accounting 439secondary authentication 439server-type 440state 441stop-accounting-buffer enable 442timer 442timer realtime-accounting 443user-name-format 444

10 USING RELIABILITY COMMANDS

VRRP Configuration Commands 447debugging vrrp 447display vrrp 448vrrp authentication-mode 448vrrp method 449vrrp ping-enable 450vrrp vrid preempt-mode 451vrrp vrid priority 451vrrp vrid timer 452vrrp vrid track 452vrrp vrid virtual-ip 453

Redundant Fabric Configuration Commands 454display switch state 454slave restart 454slave switchover 455slave update config 455

11 USING SYSTEM MANAGEMENT COMMANDS

File System Management Commands 461cd 461copy 462delete 463dir 463file prompt 464format 465mkdir 465more 465move 466pwd 467rename 467reset recycle-bin 468rmdir 468undelete 469

Configuration File Management Commands 470display this 470display startup 470reset saved-configuration 471save 472startup saved configuration 472

FTP Server Configuration Commands 473display ftp-server 473display ftp-user 473ftp server 474ftp timeout 474local-user 475password 476

service-type 476FTP Client Commands 477

ascii 477binary 477bye 478cd 478cdup 479close 479delete 479dir 480disconnect 480ftp 481get 481lcd 481ls 482mkdir 482passive 483put 483pwd 483quit 484remotehelp 484rmdir 485user 485verbose 485

TFTP Configuration Commands 486tftp get 486tftp put 486

MAC Address Table Management Commands 487display mac-address aging-time 487display mac-address 488mac-address 488mac-address max-mac-count 489mac-address timer 490

Device Management Commands 491boot bootloader 491bootrom-update security-check enable 491boot bootrom 492display backboard view 492display bootloader 493display cpu 493display device 494display environment 495display fan 495display memory 495display power 496display schedule reboot 496schedule reboot at 497schedule reboot delay 498

reboot 499reboot slot 499temperature-limit 500

Basic System Configuration and Management Commands 501clock datetime 501clock summer-time 501clock timezone 502sysname 503

System Status and System Information Display Commands 504display clock 504display current-configuration 504display debugging 506display saved-configuration 507display users 509display version 509

System Debug Commands 510debugging 510display diagnostic-information 511

Network Connection Test Commands 511ping 511tracert 513

Log Commands 515display channel 515display info-center 516info-center channel name 516info-center console channel 517info-center enable 517info-center logbuffer 518info-center loghost 519info-center loghost source 519info-center monitor channel 520info-center snmp channel 521info-center source 521info-center timestamp 523info-center trapbuffer 523reset logbuffer 524reset trapbuffer 525terminal debugging 525terminal logging 525terminal monitor 526terminal trapping 527

SNMP Configuration Commands 527display snmp-agent community 527display snmp-agent 528display snmp-agent group 528display snmp-agent mib-view 529display snmp-agent statistics 530display snmp-agent sys-info 531

display snmp-agent usm-user 532enable snmp trap 532snmp-agent community 533snmp-agent group 534snmp-agent local-engineid 535snmp-agent mib-view 535snmp-agent packet max-size 536snmp-agent sys-info 536snmp-agent target-host 537snmp-agent trap enable 538snmp-agent trap life 539snmp-agent trap queue-size 540snmp-agent trap source 540snmp-agent usm-user 540undo snmp-agent 542

RMON Configuration Commands 542display rmon alarm 542display rmon event 543display rmon eventlog 544display rmon history 545display rmon prialarm 546display rmon statistics 546rmon alarm 547rmon event 548rmon history 549rmon prialarm 549rmon statistics 551

NTP Configuration Commands 551debugging ntp-service 551display ntp-service sessions 552display ntp-service status 553display ntp-service trace 554ntp-service access 554ntp-service authentication enable 555ntp-service authentication-keyid 555ntp-service broadcast-client 556ntp-service broadcast-server 556ntp-service max-dynamic sessions 557ntp-service multicast-client 558ntp-service multicast-server 558ntp-service refclock-master 559ntp-service reliable authentication-keyid 560ntp-service source-interface 560ntp-service in-interface disable 561ntp-service unicast-peer 561ntp-service unicast-server 562

ABOUT THIS GUIDE

This guide provides all the information you need to use the configuration commands supported by version 2.0 software on the 3Com Switch 7700.

About This Software Version

The software in the 3Com Switch 7700 is a subset of that used in other 3Com products. Depending on the capabilities of your hardware platform, some commands described in this guide may not be available on your Switch, although the unavailable commands may still display on the command line interface (CLI). If you try to use an unavailable command, an error message displays.

CAUTION: Any command that displays on the CLI, but is not described in this guide, is not supported in version 2.0 software. 3Com only supports the commands described in this guide. Other commands may result in the loss of data, and are entered at the user’s risk.

Organization of this Manual

The 3Com Switch 7700 Command Reference Guide consists of the following chapters:

■ Using System Access Commands — Introduces the commands used for accessing the Switch 7700.

■ Using Port Commands — Introduces the commands used for configuring Ethernet port and link aggregation.

■ Using VLAN Commands — Introduces the commands used for configuring VLANs.

■ Using Network Protocol Commands — Introduces the commands used for configuring network protocols.

■ Using Routing Protocol Commands — Introduces the commands used for configuring routing protocols.

■ Using Multicast Protocol Commands — Introduces the commands used for configuring multicast protocols.

■ Using QoS and ACL Commands — Introduces the commands used for configuring QoS/ACL.

■ Using STP Commands — Introduces the commands used for configuring STP.

■ Using AAA and RADIUS Commands — Introduces the commands used for configuring 802.1x, AAA and RADIUS.

■ Using Reliability Commands — Introduces the commands used for configuring VRRP.

■ Using System Management Commands — Introduces the commands used for system management and maintenance.

22 ABOUT THIS GUIDE

Intended Readership The manual is intended for the following readers:

■ Network administrators

■ Network engineers

■ Users who are familiar with the basics of networking

Conventions This manual uses the following conventions:

Table 1 Icons

Icon Notice Type Description

Information note Information that describes important features or instructions.

Caution Information that alerts you to potential loss of data or potential damage to an application, system, or device.

Warning Information that alerts you to potential personal injury.

Table 2 Text conventions

Convention Description

Screen displays This typeface represents text as it appears on the screen.

Keyboard key names If you must press two or more keys simultaneously, the key names are linked with a plus sign (+), for example:

Press Ctrl+Alt+Del

The words “enter” and type”

When you see the word “enter” in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says “type.”

Fixed command text

This typeface indicates the fixed part of a command text. You must type the command, or this part of the command, exactly as shown, and press Return or Enter when you are ready to enter the command.

Example: The command display history-command must be entered exactly as shown.

Variable command text

This typeface indicates the variable part of a command text. You must type a value here, and press Return or Enter when you are ready to enter the command.

Example: in the command super level, a value in the range 0 to 3 must be entered in the position indicated by level

{ x | y | ... } Alternative items, one of which must be entered, are grouped in braces and separated by vertical bars. You must select and enter one of the items.

Example: in the command flow-control {hardware | none | software}, the braces and the vertical bars combined indicate that you must enter one of the parameters. Enter either hardware, or none, or software.

Related Manuals 23

Related Manuals The Switch 7700 Installation Guide provides information about system installation and maintenance.

The Switch 7700 Configuration Guide provides information about configuring your network using the commands described in this guide.

[ ]

Items shown in square brackets [ ] are optional.

Example 1: in the command display users [all], the square brackets indicate that the parameter all is optional. You can enter the command with or without this parameter.

Example 2: in the command user-interface [type] first-number [last-number] the square brackets indicate that the parameters [type] and [last-number] are both optional. You can enter a value in place of one, both or neither of these parameters.

Alternative items, one of which can optionally be entered, are grouped in square brackets and separated by vertical bars. Example 3: in the command header [shell | incoming | login] text, the square brackets indicate that the parameters shell, incoming and login are all optional. The vertical bars indicate that only one of the parameters is allowed.

Table 2 Text conventions

24 ABOUT THIS GUIDE

1
USING SYSTEM ACCESS COMMANDS
This chapter describes how to use the following commands:

Logging in Commands

■ authentication-mode

■ auto-execute command

■ command-privilege level

■ databits

■ display history-command

■ display user-interface

■ display users

■ flow-control

■ free user-interface

■ header

■ history-command max-size

■ idle-timeout

■ lock

■ modem

■ modem auto-answer

■ modem timer answer

■ parity

■ protocol inbound

■ quit

■ return

■ screen-length

■ send

■ service-type

■ set authentication password

■ shell

■ speed

■ stopbits

■ super

■ super password

26 CHAPTER 1: USING SYSTEM ACCESS COMMANDS

■ sysname

■ system-view

■ telnet

■ user-interface

■ user privilege level

Logging in Commands This section describes the commands that you can use to configure system access and system security.

authentication-mode Syntaxauthentication-mode { password | scheme | none }

View

User interface view

Parameter

password: Requires local authentication of password at log in.

scheme: Requires local or remote authentication of username and password at log in.

none: Allows users to log in without username or password.

Description

This command configures the authentication method for a user at log in.

■ Use the command authentication-mode password to prompt a user for local password authentication at login. To set the password, use set authentication password.

■ Use the command authentication-mode scheme to prompt a user to provide local or remote user name and password authentication at login. The type of the authentication depends on your network configuration. For further information, see “AAA and RADIUS”.

■ Use the command authentication-mode none to allow a user to log in without username or password authentication.

By default, users logging in using the console port do not need to pass any terminal authentication. Users logging in via modem or Telnet are required to provide password authentication when they log in.

Example

To configure local password authentication, enter the following command:

[SW7700-ui-aux0]authentication-mode password

auto-execute command Syntax

auto-execute command text

undo auto-execute command

Logging in Commands 27

View

User interface view

Parameter

command: Enter the command you want to run automatically at user login.

Description

Enter auto-execute command command to configure the Switch 7700 to automatically run a specified command. When the user logs in, the command will be executed automatically, after which the user will be disconnected. This command is usually used to connect the user to a specified device using Telnet. See the example below.

CAUTION: If you execute this command, the user-interface can no longer be used to perform routine configurations on the local system. Ensure that you can log in to the system in another way to cancel the configuration, before you configure the auto-execute command.

■ Enter undo auto-execute command to cancel the auto-execute command, and return the Switch 7700 to its default settings.

By default, auto-execute is disabled.

Example

To configure the Switch 7700 to automatically Telnet to device 10.110.100.1 after the user logs in via VTY 0, enter the following command:

[SW7700]auto-execute command telnet 10.110.100.1

command-privilege level Syntax

command-privilege level level view view command

undo command-privilege view view command

View

System view

Parameter

level: Enter the command level you want to assign to this command, ranging from 0 to 3.

view: Enter the name of the view that contains the command. This can be any of the views supported by the Switch.

command: Enter the command to be configured.

Description

Use the command-privilege level command to configure the priority level assigned to any command within a selected view.

The command levels are, from lowest to highest:

■ 0 – Visit


■ 1 – Monitoring

■ 2 – Configuration

■ 3 – Management

You can assign a priority level depending on user requirements. The commands that a user can access depend first on the access level assigned to the command and second on the access level assigned to the user interface. If the two levels are different, the access level assigned to the command has priority. For example, if the access level of a user interface is 1, but a specific user can access commands at level 3, the user can log in from this user interface, but can access commands up to and including level 3.

By default:

■ ping, tracert, and telnet are at level 0

■ display and debugging are at level 1

■ all configuration commands are at level 2

■ FTP, XMODEM, TFTP and commands for file system operations are at level 3

Use the undo command-privilege view command to restore the default priority to a command.

Example

To assign a command level of 0 to the “interface” command in “system” view, enter the following:

[SW7700]command-privilege level 0 view system interface

databits Syntax

databits { 7 | 8 }

undo databits

View

User interface view

Parameter

7 – Sets the data bits to 7.

8 – Sets the data bits to 8.

Description

Use the databits command to configure the data bits for the AUX (Console) port to either 7 or 8. By default, the value is 8. Use the undo databits command to restore the default value (8).

This command can only be performed in the AUX user interface view.

Example

To configure the data bits of the AUX (Console) port to 7 bits, enter the following:

[SW7700-ui-aux0]databits 7


display history-command

Syntaxdisplay history-command

View

All views

Parameter

None

Description

Use the display history-command command to view the commands previously entered during this login session, up to a specified maximum.

To set the maximum number of commands to display, see history-command max-size.

Example

To display previously entered commands, enter the following.

<SW7700>display history-command

The commands display on screen.

display user-interface Syntaxdisplay user-interface [ type number | index_number ] [summary]

View

All views

Parameter

type number: Enter the type and number of the user interface you want to display details on, for example VTY 3.

index_number: Enter the index number of the user interface you want to display details on.

summary: Display the summary of a user interface.

Description

Use the display user-interface command to view information on a user interface. You can choose to access this information by user interface type and type number, or by user interface index number. The information displayed is the same whichever access method you use.

This command without the summary parameter displays user interface type, absolute/relative index, transmission speed, priority, authentication methods, and physical location. This command with the summary parameter displays one user interface in use with user interface name and other user interface information.

Example

To display information on a user interface with an index number of 0, enter the following.


<SW7700>display user-interface 0 summary

The information is displayed in the following format:

Idx Type Tx/Rx Modem Privi AuthI 0 AUX 0 9600 3 N+ : Current user-interface is active.I : Current user-interface is active and work in async mode.Idx : Absolute index of user-interface.Type : Type and relative index of user-interface.Privi: The privilege of user-interface.Auth : The authentication mode of user-interface.A: Authenticate use AAA.L: Authenticate use local database.N: Current user-interface need not authentication.P: Authenticate use current UI's password.

The categories of information displayed are as follows:

Display the summary information of user interface 0.

<SW7700> display user-interface 0 summary0: U

1 character mode users. (U)1 total UIs in use.UI's name: aux0

Table 1 Output description of the display user-interface command

Field Description

+ Indicates that the user interface is in use

F Current user interface is in use and working in asynchronous mode

Idx Displays the index number of the user interface

Type Displays the type and type number of the user interface

Tx/Rx Displays the user interface speed

Modem Displays the modem operation mode

Privi Indicates the command level that can be accessed from this user interface

Auth Indicates the user interface authentication method

Int Indicates the physical location of the user interface

Table 2 Output Description of the Display User-Interface Summary Command

Field Description

0: U Indicates the user interface type

1 character mode users Indicates the number of a type of user interface

1 total UIs in use Indicates the total number of user interfaces in use

UI’s name Name of the user interface


display users Syntaxdisplay users [ all ]

View

All views

Parameter

all: Enter to display information on all user interfaces.

Description

■ Use the display users command to view information on the current user interface.

■ Use the display users all command to view the information on all user interfaces.

Example

To display information on the current user interface, enter the following

[SW7700]display users

The information displays in the following format:

UI Delay Type IPaddress UsernameF 0 AUX 0 192.168.1.250

The categories of information displayed are as follows:

flow-control Syntax

flow-control { hardware | none | software }

undo flow-control

View

User interface view

Parameter

hardware: Enter to set hardware flow control.

Table 3 Output description of the display users command

Field Description

F Indicates that the user interface is in use and is working in asynchronous mode.

UI The first number in the column is the Index number of the interface.

The three letter identifier and the number that follows are the type and type number of the user interface.

Delay Indicates the interval from the latest input until now, in minutes.

Type Indicates the user interface type.

IPaddress Displays the host IP address of the incoming connection.

Username Display the login name of the user who is using this interface


none: Enter to set no flow control.

software: Enter to set software flow control.

Description

■ Use the flow-control command to configure the flow control mode on the AUX (Console) port to hardware, software or none.

■ Use the undo flow-control command to restore the default flow control mode (no flow control).


Example

To configure software flow control on the AUX (Console) port, enter the following:

[SW7700-ui-aux0]flow-control software

free user-interface Syntaxfree user-interface { type number | index_number }

View

User view

Parameter

type number: Enter the type and type number of the user interface to be reset.

index_number: Enter the index number of the user interface to be reset.

Description

Using this command to reset a specified user interface to its default settings. The user interface will be disconnected after the reset.

■ Use free user-interface type number to reset the interface with the specified type and type number to its default settings.

■ Use free user-interface index_number to reset the interface with the specified index number to its default settings.

You cannot use this command on the current user interface.

Example

To reset user interface AUX 1 from another user interface on the Switch 7700, enter the following:

<SW7700>free user-interface aux 1

After the command is executed, user interface AUX 1 is disconnected. When you next log in using user interface AUX 1, it opens using the default settings .

header Syntaxheader { shell | incoming | login } text

undo header { shell | incoming | login }


View

System view

Parameter

shell: Configures the system to display a header on setting up a session for the user.

incoming: Configures the system to display a login header.

login: Configures the system to display login information.

text: Enter the text that you want to appear in the header.

Description

■ Use the header command to configure the system to display a header during user log in.

■ Use the undo header { shell | incoming | login } command to delete the specified header.

When the user logs in, and a connection is activated, the login header displays. After the user successfully logs in, the shell header displays.

The first English characters in the text is regarded as the start and stop characters. After you type in the stop character, the system will exit the header command automatically.

If you do not want to use the control characters, you can type in text with the same English characters at the beginning and end, and press Enter.

Example

To configure a header to display after connection using the control character method, enter the following.

[SW7700]header shell %Enter TEXT message. End with the character '%'.SHELL : Hello! Welcome %

The header text displays on the terminal when a user next logs in. To test this, quit from the session, and press Enter to restart.

[SW7700]quit<SW7700>quitPress ENTER to get startedSHELL : Hello! Welcome <SW7700>

history-command max-size

Syntaxhistory-command max-size value

undo history-command max-size

View

User interface view


Parameter

value: Enter the number of previously entered commands that you want the Switch to save.

Description

■ Use the command history-command max-size to specify the amount of previously entered commands that you want the Switch to save. Enter any value between 0 and 256. The default is 10, that is, the 10 most recently entered commands are saved.

■ Use the undo history-command max-size command to restore the default value.

To display the most recently-entered commands, up to the specified maximum, use the command display history-command.

Example

To set the history buffer to 20, that is to save the 20 most recently-entered commands, enter the following:

[SW7700]history-command max-size 20

idle-timeout Syntaxidle-timeout minutes [ seconds ]

undo idle-timeout

View

User interface view

Parameter

minutes: Enter the number of minutes you want to allow a user interface to remain idle before it is disconnected. This can be in the range 0 to 35791.

seconds: Enter the number of seconds in addition to the number of minutes. Optional.

Description

■ Use the idle-timeout command to configure the amount of time you want to allow a user interface to remain idle before it is disconnected.

■ Use the undo idle-timeout command to restore the default idle-timeout. By default, idle-timeout is set to 10 minutes.

To disable idle timeout, set the idle-timeout value to 0.

Example

To configure the timeout value to 1 minute on the AUX user interface, enter the following:

[SW7700-ui-aux0]idle-timeout 1


lock Syntaxlock

View

User View

Parameter

None

Description

Use the lock command to lock the current user interface and prevent unauthorized users from accessing it. An authorized user must enter a valid password to access the interface.

Example

To lock the current user interface, enter the following:

<SW7700>lockPassword: xxxxAgain: xxxx

modem Syntaxmodem { call-in | both }

undo modem { call-in | both }

View

AUX user interface view

Parameter

call-in: Enter to enable (or disable) modem call-in.

both: Enter to enable (or disable) modem call-in and call-out.

Description

Using this command to configure the call-in and call-out attributes of the modem.

■ The modem call-in command allows modem call-in only.

■ The modem both command allows both modem call-in and call-out

■ The undo modem call-in command denies modem call-in.

■ The undo modem both command denies both modem call-in and call-out

Example

To allow call-in and call-out of the modem on the AUX (Console) port, enter the following:

[SW7700-ui-aux0]modem both

modem auto-answer Syntaxmodem auto-answer


undo modem auto-answer

View


Parameter

None

Description

■ Use the modem auto-answer command to configure the modem to auto-answer.

■ Use the undo modem auto-answer command to configure the modem to manual answer

By default, the answer mode is set to manual.

Example

To configure the answer mode of the Modem on the AUX (Console) port as auto-answer, enter the following:

[SW7700-ui-aux0]modem auto-answer

modem timer answer Syntaxmodem timer answer seconds

undo modem timer answer

View


Parameter

seconds: Specifies the time between lifting the receiver and detecting the carrier, in the range 1 second to 60 seconds. The default value is 30.

Description

■ Use the modem timer answer seconds command to configure the timer answer period, in seconds, from off-hook to carrier detected when establishing a call-in connection.

■ Use the undo modem timer answer command to restore the default timeout value (30 seconds).

Example

To set the timer answer of AUX 0 to 45 seconds, enter the following:

[SW7700-ui-aux0]modem timer answer 45

parity Syntaxparity { even | mark | none | odd | space }

undo parity


View

User interface view

Parameter

even: Sets the Switch to even parity.

mark: Sets the Switch to mark parity (1)

none: Sets the Switch to perform no parity checking.

odd: Sets the Switch to odd parity.

space: Sets the Switch to zero parity (0)

Description

■ Use the parity command to configure the parity mode on the AUX (Console) port.

■ Use the undo parity command to restore the default parity mode (no parity checking).


Example

To set mark parity on the AUX (Console) port, enter the following:

[SW7700-ui-aux0]parity mark

protocol inbound Syntax

protocol inbound { all| ssh | telnet }

View

VTY user interface view

Parameter

all: Supports both Telnet and SSH protocols.

ssh: Supports only SSH protocol.

telnet: Supports only Telnet protocol.

Description

■ Use the protocol inbound command to configure the protocols supported by a designated user interface.

By default, the user interface only supports Telnet protocol.

For the related commands, see user-interface vty.

Example

Configure SSH protocol supported by VTY0 user interface.

[SW7700-ui-vty0] protocol inbound ssh


quit Syntaxquit

View

All views

Parameter

None

Description

Use the quit command to exit from the current view to the next highest view. If the current view is user view, this command quits the system.

There are three levels of view, which are, from high to low:

■ user view

■ system view

■ menu views, for example VLAN view, Ethernet port view, and so on.

Related commands: return, system-view.

Example

To return to user view from system view, enter the following:

[SW7700]quit<SW7700>

return Syntaxreturn

View

System view or higher

Parameter

None

Description

Use the return command to return to user view from any other view.

Ctrl+Z performs the same function as the return command.

To return to the next highest level of view, use quit.

Example

To return to user view from any other view (the example below shows the command entered from the system view), enter the following.

[SW7700]return<SW7700>

screen-length Syntaxscreen-length screen-length


undo screen-length

View

User interface view

Parameter

screen-length: Enter the maximum number of information lines that you want to display on a terminal screen, ranging from 0 to 512. The default is 24.

Description

■ Use the command screen-length to configure how many information lines (maximum) will be displayed on the screen of a terminal.

■ Use the command undo screen-length to restore the default of 24 lines.

To disable this function, that is to allow an unlimited number of information lines, enter the parameter as 0.

Example

To configure a terminal to display 20 lines of information, enter the following:

[SW7700-ui-aux0]screen-length 20

send Syntaxsend { all | number | index }

View

User view

Parameter

all: Sends a message to all user interfaces.

type number: Enter the type and type number of the user interface that you want to send a message to.

index: Enter the index number of the interface that you want to send a message to.

Description

Use the send command to send messages to other user interfaces.

Example

To send a message to all the user interfaces, enter the following:

<SW7700>send all

service-type Syntax

service-type { telnet [ level level ] | telnet [ level level ] }

undo service-type { telnet [ level ] ] | telnet [ level ] }


View

Local-user view

Parameter

telnet: Specifies user type as Telnet.

level level: Enter the command level that a user can enter after Telnet login, in the range 0 to 3. The default is level 1.

Description

■ Use the command service-type to configure which level of command a user can access after login.

■ Use the command undo service-type to restore the default level of command (level 1).

Commands are classified into four levels, as follows:

■ 0 - Visit level. Users at this level have access to network diagnosis tools (such as ping and tracert), and the Telnet commands. A user at this level cannot save the configuration file.

■ 1 - Monitoring level. Users at this level can perform system maintenance, service fault diagnosis, and so on. A user at this level cannot save the configuration file.

■ 2 - Configuration level. Users at this level can perform service configuration operations, including routing, and can enter commands that affect each network layer. Configuration level commands are used to provide direct network service to the user.

■ 3 - Management level. Users at this level can perform basic system operations, and can use file system commands, FTP commands, TFTP commands, XModem downloading commands, user management commands and level setting commands.

Example

To allow a user zbr to configure commands a level 0 after login, enter the following:

[SW7700]local-user zbr[SW7700-luser-zbr]service-type telnet level 0

To activate these settings, quit the system and login with the username zbr. Now only the commands at level 0 are listed on the terminal.

[SW7700]quit<SW7700>?User view commands: ping Ping function quit Exit from current command view super Privilege specified user priority level telnet Establish one TELNET connection tracert Trace route function


set authentication password

Syntaxset authentication password { cipher | simple } password

undo set authentication password

View

User interface view

Parameter

cipher: Sets the authentication mode to cipher text. The password displays as encrypted text if you use this option.

simple: Sets the authentication mode to plain text. The password must be in plain text. A plain text password is a sequential character string of no more than 16 digits, for example, 3Com918

password: Enter the required password text.

Description

■ Use the set authentication password command to configure the password for local authentication.

■ Use the undo set authentication password command to cancel local authentication password.

The password in plain text is required when performing authentication, regardless of whether the configuration is plain text or cipher text.

By default, a password is required for users connecting over Modem or Telnet. If a password has not been set, the following prompt is displayed: password required, but none set.

Example

To configure the local authentication password on VTY 0 to 3Com, enter the following:

[SW7700-ui-vty0]set authentication password simple 3com

shell Syntaxshell

undo shell

View

User interface view

Parameter

None

Description

Use the shell command to enable the terminal service for a user interface. The terminal service is enabled by default. Use the undo shell command to disable the terminal service for a user interface.


When using the undo shell command, note the following points.

■ For reasons of security, the undo shell command can only be used on user interfaces other than the AUX user interface.

■ You cannot use this command on the current user interface.

■ You are asked to confirm the command.

Example

To disable the terminal service on the VTY user interfaces 0 to 4, enter the following from another user interface:

[SW7700]user-interface vty 0 4[SW7700-ui-vty0-4]undo shell

The following message will be displayed on the Telnet terminal after login:

Connection to host lost.

speed Syntaxspeed speed-value

undo speed

View

User interface view

Parameter

speed-value: Specify the transmission rate on the AUX (Console) port in bits per second (b/s). This can be any of the following values: 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200 or 4096000.

The default rate is 9600 b/s.

Description

Use the speed command to configure the transmission rate on the AUX (Console) port.

Use the undo speed command to restore the default rate.

This command can only be performed in AUX user interface view.

Example

To configure the transmission speed on the AUX (Console) port as 9600 b/s, enter the following:

[SW7700]speed 9600

stopbits Syntaxstopbits { 1 | 1.5 | 2 }

undo stopbits


View

User interface view

Parameter

1: Sets the stop bits to 1.

1.5: Sets the stop bits to 1.5.

2: Sets the stop bits to 2.

Description

■ Use the stopbits command to configure the stop bits on the AUX (Console) port.

■ Use the undo stopbits command to restore the default stop bits (the default is 1).

This command can only be performed in AUX user interface view.

Example

To configure the stop bits to 2, enter the following from the AUX (Console) port:

[SW7700]stopbits 2

super Syntaxsuper [ level ]

View

All views

Parameter

level: Enter a user level in the range 0 to 3. The default is 3.

Description

The super command gives a user access to a higher level than their currently assigned user level.

To ensure that only an authorized user can access the higher level, use the super password command to set a password for the higher level. If the user does not enter a valid password, the user level does not change.

Login users are classified into four levels that correspond to the four command levels. A user can only use commands at the levels that are equal to or lower than their user level.

Related commands: super password, quit.

Example

To change to user level 3 from the current user level.

<SW7700>super 3Password:


The password prompt displays only if you set a password using the super password command.

super password Syntaxsuper password level level { simple | cipher } password

undo super password level level

View

System view

Parameter

level: Enter a user level in the range 1 to 3. The default is 3. The password you enter is set for the specified level.

simple: Sets the password to plain text. A plain text password is a sequential character string of no more than 16 characters, for example, 3Com918.

cipher: Sets the password to cipher text. The password displays as encrypted text if you use this option.

password: Enter the required password.

Description

■ Use the super password command to set the password that a user must enter before changing to a higher access level. A user must input the correct password three times before they can access the required level.

■ Use the undo super password command to cancel the password settings.

The password in plain text is required when performing authentication, regardless of whether the configuration is plain text or encrypted text.

Example

To set the password for level 3 to zbr, type the following:.

[SW7700]super password level 3 simple zbr

sysname Syntaxsysname text

undo sysname

View

System view

Parameter

text: Enter the host name of the Switch 7700. The host name must be no more than 30 characters long. The default is SW7700.

Description

■ Use the sysname command to configure the host name of the Switch 7700.


■ Use the undo sysname command to restore the host name to the default of SW7700.

Changing the hostname of the Ethernet switch will affect the prompt of command line interface. For example, if the hostname of the Ethernet switch is MyHost, the prompt in user view will be <MyHost>.

Example

To configure the hostname of the Switch 7700 to 3Com, enter the following:

[SW7700]sysname 3Com[3Com]

system-view Syntaxsystem-view

View

User view

Parameter

None

Description

Enter system-view to enter the system view from the user view.

Related commands: quit, return.

Example

To enter system view from user view, enter the following:

<SW7700>system-viewEnter system view, return user view with Ctrl+Z.[SW7700]

telnet Syntaxtelnet host_ip_address [ service_port ]

View

User view

Parameter

host_ip_address: Enter the IP address or the host name of the remote Switch. If you enter the host name, the Switch must be set to static resolution.

service_port: Designates the management port on the remote switch, in the range 0 to 65535. Optional.

Description

Use the telnet command to log in to another Ethernet switch from the current switch via Telnet for remote management. To terminate the Telnet logon, press Ctrl+].


If you do not specify a service_port, the default Telnet port number of 23 is used.

Related command: display tcp status.

Example

To log in to the Ethernet switch Switch32 at IP address 129.102.0.1 from the current Switch (Switch01), enter the following:

<Switch01>telnet 129.102.0.1Trying 129.102.0.1Connected to 129.102.0.1<Switch32>

user-interface Syntaxuser-interface [ type ] first_number [ last_number ]

View

System view

Parameter

type: Enter the user interface type, which can be AUX or VTY. Optional.

first_number: Enter the number of the first (or only) user interface view to be configured. If you enter a type, this is the type number of the interface. If you do not enter a type, this is the index number of the interface.

last_number: Enter the number of the last user interface view to be configured, if you want to configure a range of interfaces. Optional.

Description

Use the user-interface command to select a single user interface view or a range of user interface views. After you have selected the user interface views to configure, use the user privilege level command to assign access levels to the selected interface(s).

Example

To configure the user interfaces with index numbers 0 to 3, enter the following

[SW7700]user-interface 0 3[SW7700]

This example command selects one AUX (Console) port user interface and three VTY user interfaces (VTY 1, VTY 2, VTY 3). You can now assign access levels to these interfaces using the user privilege level command.

user privilege level Syntaxuser privilege level level

undo user privilege level

View

User interface view


Parameter

level: Enter the level of command that a user can access, in the range 0 to 3.

Description

■ Use the user privilege level level command to configure the command level that a user can access from the specified user interface. The user can use all the available commands at this command level.

■ Use the undo user privilege level command to restore the default command level. By default, a user can access all commands at Level 3 after logging in through the AUX user interface, and all commands at Level 0 after logging in through a VTY user interface.

Example

To configure a user to access command level 0 after logging in from the VTY 0 user interface, enter the following:

[SW7700]user privilege level 0

When the user Telnets from the VTY 0 user interface to the switch, the terminal displays commands at level 0, as shown below:

<SW7700>?User view commands: ping Ping function quit Exit from current command view super Enter the command workspace with specified user priority level telnet Establish one TELNET connection tracert Trace route function


2
USING PORT COMMANDS

Ethernet Port Configuration Commands

■ broadcast-suppression

■ copy configuration

■ description

■ display interface

■ display mirroring-group

■ display port

■ duplex

■ flow-control

■ interface

■ jumboframe enable

■ mac-address max-mac-count

■ mdi

■ port access vlan

■ port hybrid pvid vlan

■ port hybrid vlan

■ port link-type

■ port trunk permit vlan

■ port trunk pvid vlan

■ reset counters interface

■ shutdown

■ speed

■ vlan-vpn

Ethernet Port Link Aggregation Commands

■ display link-aggregation

■ link-aggregation

50 CHAPTER 2: USING PORT COMMANDS

Ethernet Port Configuration Commands

This section describes the commands you can use to configure and manage the ports on your Switch 7700.

broadcast-suppression Syntax

broadcast-suppression pct

undo broadcast-suppression

View

Ethernet port view

Parameter

pct: Specifies the maximum wire speed ratio of the broadcast traffic allowed on the port. The value ranges from 5 to 100. The step is 5. By default, the value is 100. The smaller the ratio is, the smaller the broadcast traffic is allowed.

Description

■ Use broadcast-suppression command to configure the broadcast traffic size enabled on port. Once the broadcast traffic exceeds the value set by the user, the system will discard some broadcast to ensure network service so that the traffic ratio of broadcast is maintained in a proper range.

■ Use the undo broadcast-suppression command to restore the default broadcast traffic enabled on port as 100 so that 100% broadcast traffic is allowed to pass through.

Note that in the Switch 7700, you can only use the command at the port on 20-port 10/100/1000Base-T Gigabit Ethernet card or 20-port 1000Base-X Gigabit Ethernet card.

Example

Enable 20% broadcast cast to pass so that 80% broadcast storm suppression is made on broadcast traffic of port.

[SW7700-Ethernet1/0/1] broadcast-suppression 20

copy configuration Syntaxcopy configuration source { interface-type interface-number | interface-name | aggregation-group agg-id } destination { interface_list [ aggregation-group agg-id ] | aggregation-group agg-id }

View

System view

Parameter

interface_type: Source port type.

interface_num: Source port number.

Ethernet Port Configuration Commands 51

interface_name: Source port name, in the format of interface_name = interface_type interface_num. For more information, see the parameter item for the interface command.

interface_list: Destination port list, interface_list1 = { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] &<1-10>. &<1-10> indicates that the former parameter can be input 10 times repeatedly at most.

agg-id: Source or destination aggregation group ID. If it is a source aggregation group, the port with the smallest port number is the source port; if it is a destination aggregation group, the configurations of all its member ports changes to be consistent with that of the source.

Description

■ Use the copy configuration command to copy the VLAN, STP, speed, and duplex configuration of a specific port to other ports, to ensure consistent configuration.

For greatest success, copy between ports of the same type. However, you can copy between different port types if the port speeds are the same.

Example

Copy the configuration of aggregation group 1 to aggregation group 2.

[SW7700] copy configuration source aggregation-group 1 destination aggregation-group 2

Copy the configuration of aggregation group 1 to interface group 1.

[SW7700] copy configuration source aggregation-group 1 destination

gig 2/0/1 to gig 2/0/4

description Syntaxdescription text

undo description

View

Ethernet port view

Parameter

text: Enter a description of the Ethernet port. This can be a maximum of 80 characters.

Description

■ Use the description command to enter a description of an Ethernet port.

■ Use the undo description command to cancel the description.

By default, an Ethernet port does not have a description.


Example

To give the Ethernet port “Ethernet0/0/1” a description of “switch-interface” enter the following:

[SW7700-Ethernet0/0/1]description switch-interface

display interface Syntaxdisplay interface [ interface_type|interface_type interface_number ]

View

All views

Parameter

interface_type: Enter the interface type. This can be either Ethernet, GigabitEthernet or M-Ethernet. M-Ethernet describes the out-of-band Ethernet Management port located on the Fabric module. Other interface types are covered in the appropriate interface section.

interface_number: Enter the interface number, in the format slot-number/subslot-number/port-number. On the Switch 7700 7-slot chassis:

■ The slot number is a number in the range 0 to 8 (the Fabric slot is 0 on 4- and 7-slot chassis and 1 or 0 on 8-slot chassis).

■ The subslot number on the Fabric 32 is set to 1.

■ The port number is a number in the range 1 to 4 (on a Fabric 32 submodule), 1 to 8 (on an 8-port module), 1 to 24 (on a 24-port module), or 1 to 48 (on a 48-port module).

■ The M-Ethernet interface is always set to 0/0/0.

You can use the interface_name at this command. This is made up of interface_type and interface_number parameters combined as a single parameter, for example Ethernet0/0/1.

Description

■ Use display interface command to view the configuration information on the selected interface.

■ Use the command display interface to display information on all ports.

■ Use the command display interface interface_type to display information on all ports of the specified type.

■ Use the command display interface interface_type interface_number to display information on a specific port.

Example

To display configuration information on Ethernet port 1/0/1, enter the following:

<SW7700>display interface Ethernet 1/0/1


Ethernet1/0/1 current state : UP


IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc00-0010The Maximum Transmit Unit is 1500Media type is twisted pair, loopback not setPort hardware type is 100_BASE_TX100Mbps-speed mode, full-duplex modeLink speed type is autonegotiation, link duplex type is autonegotiationFlow-control is not enabledThe Maximum Frame Length is 1536Broadcast MAX-ratio: 100%Allow jumbo frame to passPVID: 1Mdi type: autoPort link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1Last 300 seconds input: 0 packets/sec 0 bytes/secLast 300 seconds output: 0 packets/sec 0 bytes/secInput(total): 0 packets, 0 bytes - broadcasts, - multicasts Input(normal): 0 packets, 0 bytes 0 broadcasts, 0 multicasts Input: 0 input errors, 0 runts, 0 giants, 0 throttles, 0 CRC 0 frame, - overruns, - aborts, - ignored, - parity errors Output(total): 0 packets, 0 bytes - broadcasts, - multicasts, - pauses Output(normal): 0 packets, 0 bytes 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures - aborts, 0 deferred, 0 collisions, 0 late collisions - lost carrier, - no carrier

Table 4 Output Description of the Display Interface Command

Field Description

Ethernet1/0/1 current state Indicates the current state of the Ethernet port (enabled or disabled)

IP Sending frames’ format Displays the Ethernet frame format

Hardware address Displays the port hardware address

Description Displays the port description

The Maximum Transmit Unit Indicates the maximum transmit unit

Media type Indicates the type of media

loopback not set Displays the port loopback test state

Port hardware type Displays the port hardware type

100Mbps-speed mode, full-duplex mode, link speed type is autonegotiation, link duplex type is autonegotiation

Indicates that the duplex mode and the rate have been auto-negotiated with the connected device, and have been set to 100Mbps full-duplex.

Flow control is not enabled Port flow control state

The Maximum Frame Length Indicates the maximum length of the Ethernet frames that can pass through the port

Broadcast MAX ratio Port broadcast storm suppression ratio

Allow jumbo frame to pass Indicates that jumbo frame are allowed to pass through the port


display mirroring-group Syntaxdisplay mirroring-group [ mirror_group_number ]

View

System view

Parameter

None

Description

Use the display mirroring-group command to display the ports assigned to a specific mirror group.

Example

To display information on mirroring group 1 enter the following:

[SW7700]display mirroring-group 1

PVID Indicates the port default VLAN ID.

Mdi type Indicates the cable type

Port link-type Indicates the port link type

Tagged VLAN ID Indicates the VLANs with packets tagged

Untagged VLAN ID Indicates the VLANs with packets untagged

Last 300 minutes input rate: 0 packets/sec, 0 bytes/sec

Last 300 minutes output rate: 0 packets/sec, 0 bytes/sec

Displays the input/output rate and the number of packets that were passed on this port in the last 300 seconds

Input(total): 0 packets, 0 bytes

- broadcasts, - multicasts

Input(normal): 0 packets, 0 bytes

0 broadcasts, 0 multicasts

Input: 0 input errors, 0 runts, 0 giants, 0 throttles, 0 CRC

0 frame, - overruns, - aborts, - ignored, - parity errors

Output(total): 0 packets, 0 bytes

- broadcasts, - multicasts, - pauses

Output(normal): 0 packets, 0 bytes

0 broadcasts, 0 multicasts, 0 pauses

Output: 0 output errors, - underruns, - buffer failures

- aborts, 0 deferred, 0 collisions, 0 late collisions

- lost carrier, - no carrier

The statistics information of input/output packets and errors on this port. A “-” indicates that the item isn't supported by the switch.

Table 4 Output Description of the Display Interface Command



mirroring-group 1 inbound Ethernet3/0/47 mirrored-to Ethernet3/0/48

This indicates that mirror-group 1 is only capturing incoming packets to port Ethernet3/0/47 and mirroring these packet to the egress port Ethernet3/0/48

display port Syntaxdisplay port { hybrid | trunk }

View

All Views

Parameter

hybrid: Enter to display the hybrid ports.

trunk: Enter to display the trunk ports.

Description

■ Use the display port hybrid command to view the ports with the hybrid link type.

■ Use the display port trunk command to view the ports with the trunk link type.

Example

To display the currently configured hybrid ports, enter the following:

<SW7700>display port hybrid

The details display in the following format:

The following hybrid ports exist: Ethernet1/0/1 Ethernet1/0/2

This example indicates that the current configuration has two hybrid ports, Ethernet1/0/1 and Ethernet1/0/2.

duplex Syntaxduplex { auto | full | half }

undo duplex

View

Ethernet port view

Parameters

auto: Enter to set the port to auto-negotiation.

full: Enter to set the port to full-duplex.

half: Enter to set the port to half-duplex.


Description

Use the duplex command to configure the duplex mode of an Ethernet port to auto-negotiation, full duplex or half-duplex.

Use the undo duplex command to restore the duplex mode of a port to the default mode (auto-negotiation).

Related command: speed.

Example

To configure the Ethernet port “Ethernet1/0/1” to auto-negotiation, enter the following:

[SW7700-Ethernet1/0/1]duplex auto

flow-control Syntaxflow-control

undo flow-control

View

Ethernet port view

Parameters

None

Description

■ Use the flow-control command to enable flow control on an Ethernet port. This avoids discarding data packets due to congestion.

■ Use the undo flow-control command to disable flow control.

By default, flow control is disabled.

Example

To enable flow control on port “Ethernet1/0/1”, enter the following.

[SW7700-Ethernet1/0/1]flow-control

interface Syntaxinterface interface_type interface_number

View

System view

Parameter

interface_type: Enter the port type. This can be either Ethernet, GigabitEthernet or M-Ethernet. M-Ethernet describes the out-of-band Ethernet Management port located on the Fabric module. Other interface types are covered in the appropriate interface section.

interface_number: Enter the interface number, in the format slot-number/subslot-number/port-number. On the Switch 7700 7-slot chassis:







Description

Use the command interface interface_type interface_number to enter the interface of the specified port.

If you want to configure the parameters of an Ethernet port, you must first use this command to enter the Ethernet port view.

Example

To enter the interface for port “Ethernet1/0/1”, enter the following:

[SW7700]interface ethernet1/0/1 [SW7700 ethernet1/0/1]

jumboframe enable Syntaxjumboframe enable [ jumboframe-value ]

undo jumboframe enable

View

Ethernet port view

Parameter

jumboframe-value: The size, in bytes, of the jumbo frames that are allowed to pass through the current Ethernet port. The value ranges from 1523 bytes to 9216 bytes.

Description

■ Use the jumboframe enable jumboframe_value command to allow “jumbo” frames, of the specified size, to pass through the specified Ethernet port.

■ Use the undo jumboframe enable command to prevent jumbo frames from passing through an Ethernet port. By default, jumbo frames are disabled.

Jumbo frames are only allowed for packets with an ether type field set to “Ethernet Type II”. Caution should be used when using jumbo frames in a network because any device that does not support these packets will automatically filter these packets.


Packets up to 1522 bytes, including the IEEE 802.1Q tagging are always allowed to pass through Ethernet ports.

Example

Allow jumbo frames of up to 9216 bytes to pass through GigabitEthernet port 2/0/1.

[SW7700-GigabitEthernet2/0/1]jumboframe enable 9216

mac-address max-mac-count

Syntaxmac-address max-mac-count count

undo mac-address max-mac-count

View

Ethernet port view

Parameter

count: Enter to specify how many MAC addresses a port can learn. This can be in the range 0 to 32768 on the Fabric 64 and 0 to 16384 on the Fabric 32. 0 means that the port is not allowed to learn MAC addresses.

Description

■ Use the mac-address max-mac-count command to configure the maximum number of MAC addresses that can be learned by a specified Ethernet port. The port stops learning MAC addresses when the specified limit is reached.

■ Use the undo mac-address-table max-mac-count command to cancel the maximum limit on the number of MAC addresses learned by an Ethernet port. This is the default. If you set no maximum limit, the MAC address table controls the number of MAC addresses a port can learn.

Related commands: mac-address, mac-address timer, mac-address mac-learning disable

Examples

To configure the port “Ethernet 1/0/3” to learn at most 600 MAC addresses, enter the following:

[SW7700-Ethernet1/0/3]mac-address max-mac-count 600

To cancel the maximum limit on the number of MAC addresses learned by the port “Ethernet1/0/3”, enter the following:

[SW7700-Ethernet1/0/3]undo mac-address max-mac-count

mdi Syntaxmdi { across | auto | normal }

undo mdi

View

Ethernet port view


Parameter

across: Enter to configure the network cable type to cross-over cable. Not available on the Switch 7700.

auto: Enter to configure the use of either straight-through cable or cross-over cable.

normal: Enter to configure the network cable type to straight-through cable. Not available on the Switch 7700.

Description

■ Use the mdi command to configure the network cable type for an Ethernet port.

■ Use the undo mdi command to restore the default type. By default, the network cable type is recognized automatically (the mdi auto command).

Note that this command only has effect on 10/100BASE-T and 10/100/1000BASE-T ports. The Switch 7700 only supports auto (auto-sensing). If you enter another type, an error message displays.

Example

To configure the network cable type of port “Ethernet1/0/1” as cross-over cable, enter the following:

[SW7700-Ethernet1/0/1]mdi across

port access vlan Syntaxport access vlan vlan_id

undo port access vlan

View

Ethernet port view

Parameter

vlan_id: Enter a VLAN ID in the range 2 to 4094, as defined in IEEE 802.1Q.

Description

■ Use the port access vlan command to assign the access port to a specified VLAN.

■ Use the undo port access vlan command to remove the access port from the VLAN.

Example

To assign Ethernet port 1/0/1 to VLAN3, enter the following.

[SW7700-Ethernet1/0/1]port access vlan 3

port hybrid pvid vlan Syntaxport hybrid pvid vlan vlan_id


undo port hybrid pvid

View

Ethernet port view

Parameter

vlan_id: Enter a VLAN ID in the range 2 to 4094, as defined in IEEE 802.1Q. The default is 1.

Description

■ Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port.

■ Use the undo port hybrid pvid command to restore the default VLAN ID of the hybrid port.

Hybrid port can be configured together with the isolate-user-vlan. But if the default VLAN has set mapping in the isolate-user-vlan, the default VLAN ID cannot be modified. If you want to modify it, cancel the mapping first.

The default VLAN ID of local hybrid port must be consistent with that of the peer one, otherwise, the packets cannot be properly transmitted.

Related command: port link-type.

Example

To configure the default VLAN of the hybrid port Ethernet1/0/1 to VLAN100, enter the following.

[SW7700-Ethernet1/0/1]port hybrid pvid vlan 100

port hybrid vlan Syntaxport hybrid vlan vlan_id [ to last_vlan_id ]] { tagged | untagged }

undo port hybrid vlan [ vlan_id_1 ] [ to vlan_id_2 ]

View

Ethernet port view

Parameter

vlan_id: Enter a VLAN ID, or more than one VLAN ID, in the range 2 to 4094. The hybrid port will be added to the specified VLANs. This can be a single VLAN, a series of individual VLANs separated by a space, or the the first VLAN in a range of VLANs. If this is the first VLAN in a range use the last_ vlan_id parameter to indicate the last VLAN in the range.

to last_vlan_id: Enter a VLAN ID in the range 2 to 4094. If you want to add the hybrid port to a range of VLANs, use this parameter to indicate the last VLAN in the range. Optional.

You can enter up to ten vlan_id parameters at one port hybrid vlan command.


tagged: Enter to tag the packets of the specified VLAN(s).

untagged: Enter to leave the packets of the specified VLAN(s) untagged.

Description

■ Use the command port hybrid vlan to add the hybrid port to a single VLAN, a series of individual VLANs or a range of VLANs.

■ Use the port hybrid vlan vlan_id command to join the hybrid port to a single VLAN.

■ Use the port hybrid vlan vlan_id vlan_id command to join the hybrid port to two or more individual VLANs. Separate the number of each VLAN ID with a space.

■ Use the port hybrid vlan vlan_id to last_vlan_id command to join the hybrid port to a range of VLANs.

You can use the above parameters in any combination, for example a single VLAN followed by a range of VLANs. See the Example below.

■ Use the undo port hybrid vlan command to remove the hybrid port from the specified VLAN(s).


Example

To add the hybrid port Ethernet1/0/1 to VLAN2, VLAN4 and all VLANs in the range 50 to 100, and to tag the VLAN packets, enter the following:

[SW7700-Ethernet1/0/1]port hybrid vlan 2 4 50 to 100 tagged

port link-type Syntaxport link-type { access | hybrid | trunk }

undo port link-type

View

Ethernet port view

Parameter

access: Enter to configure the port as an access port.

hybrid: Enter to configure the port as a hybrid port

trunk: Enter to configure the port as a trunk port.

Description

■ Use the port link-type command to configure the link type of the Ethernet port.

■ Use the undo port link-type command to restore the port as default status. By default, a port is an access port.


A port on a switch can be configured as an access port, a hybrid port, or a trunk port. However, to reconfigure between hybrid and trunk link types, you must first restore the default, or access, link type.

Example

To configure the Ethernet port Ethernet1/0/1 as a trunk port, enter the following:

[SW7700-Ethernet1/0/1]port link-type trunk

port trunk permit vlan Syntaxport trunk permit vlan { vlan_id [to last_vlan_id ] | all}

undo port trunk permit vlan { vlan_id [ to last_vlan_id ] | all }

View

Ethernet port view

Parameter

vlan_id: Enter a VLAN ID, or more than one VLAN ID, in the range 2 to 4094. The trunk port will be added to the specified VLANs. This can be a single VLAN, a series of individual VLANs separated by a space, or the first VLAN in a range of VLANs. If this is the first VLAN in a range use the last_vlan_id parameter to indicate the last VLAN in the range.

to last_vlan_id: Enter a VLAN ID in the range 2 to 4094. If you want to add the trunk port to a range of VLANs, use this parameter to indicate the last VLAN in the range. Optional.

You can enter up to ten vlan_id parameters at one port trunk permit vlan command.

all: Enter to add the trunk port to all VLANs.

Description

■ Use the port trunk permit vlan command to add a trunk port to one VLAN, a selection of VLANs or all VLANs.

■ Use the undo port trunk permit vlan command to remove a trunk port from one VLAN, a selection of VLANs or all VLANs.

A trunk port can belong to multiple VLANs. If the port trunk permit vlan command is used many times, then the VLAN enabled to pass on trunk port is the set of these vlan_id_list.


Example

To add the trunk port Ethernet1/0/1 to VLAN 2, VLAN 4 and all VLANs in the range 50-100, enter the following:

[SW7700-Ethernet1/0/1]port trunk permit vlan 2 4 50 to 100

port trunk pvid vlan Syntaxport trunk pvid vlan vlan_id


undo port trunk pvid

View

Ethernet port view

Parameter

vlan_id: Enter a VLAN ID in the range 2 to 4094, as defined in IEEE802.1Q. This is the VLAN that you want to be the default VLAN for a trunk port. The default is 1.

Description

■ Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port.

■ Use the undo port trunk pvid command to restore the default VLAN ID for a trunk port.

The default VLAN ID of local trunk port should be consistent with that of the peer one, otherwise packets cannot be properly transmitted.


Example

To configure the trunk port Ethernet1/0/1 to the default VLAN of 100, enter the following:

[SW7700-Ethernet1/0/1]port trunk pvid vlan 100

reset counters interface Syntaxreset counters interface [ interface_type | interface_type interface_number ]

View

User view

Parameter

interface_type: Enter to reset statistical information on all ports of the specified type. This can be either Ethernet, GigabitEthernet or M-Ethernet. M-Ethernet describes the out-of-band Ethernet management port located on the Fabric module.

interface_number: Enter to reset statistical information on a specific port type and number. Enter the port number, in the format slot-number/subslot-number/port-number. On the Switch 7700 7-slot chassis:






You can use the interface_name at this command. This is made up of interface_type and interface_number parameters combined as a single parameter, for example Gigabit0/1/1.

Description

Use the reset counters interface command to reset the statistical information on the port and count the related information again on the port for the user.

If you do not enter a port type, or port type and port number, information is cleared from all ports on the Switch.

Example

To reset statistical information on the Ethernet port Ethernet1/0/1, enter the following:

<SW7700>reset counters interface ethernet1/0/1

shutdown Syntaxshutdown

undo shutdown

View

Ethernet port view

Parameter

None

Description

■ Use the shutdown command to disable an Ethernet port.

■ Use the undo shutdown command to enable an Ethernet port.

By default, the Ethernet port is enabled.

Example

To enable Ethernet port Ethernet1/0/1, enter the following:

[SW7700-Ethernet1/0/1]undo shutdown

speed Syntax

For a 100 Mbps Ethernet port, the command is:

speed { 10 | 100 | auto }

For a 1000 Mbps Ethernet port, the command is:

speed { 10 | 100 | 1000 | auto }

undo speed

View

Ethernet port view

Ethernet Port Link Aggregation Commands 65

Parameter

10: Set the port speed to 10 Mbps.

100: Set the port speed to 100 Mbps.

1000: Set the port speed to 1000 Mbps. (Only available on 10/100/1000 ports).

auto: Set the port speed to auto-negotiation.

Description

■ Use the speed command to configure the port speed.

■ Use the undo speed command to restore the default speed. By default, the speed is auto.

Related command: duplex.

Example

To configure the port speed of port Ethernet1/0/1 to 10Mbps, enter the following:

[SW7700-Ethernet1/0/1]speed 10

vlan-vpn Syntaxvlan-vpn { enable | disable }

undo vlan-vpn

View

Ethernet port view

Parameters

enable: Enables port VLAN VPN.

disable: Disables port VLAN VPN.

Description

■ Use the vlan-vpn command to enable or disable port VLAN VPN.

■ Use the undo vlan-vpn command to restore the default status, which is VLAN VPN disabled.

You can not enable VLAN VPN on a port if any of the following are enabled: GVRP, GMRP, STP, 802.1x .

Example

To enable VLAN VPN on Ethernet port 1/0/1, enter the following:

[SW7700-Ethernet1/0/1]vlan-vpn enable

Ethernet Port Link Aggregation Commands

This section describes the commands you can use to configure Ethernet Port LInk Aggregation on the Switch 7700.


display link-aggregation Syntaxdisplay link-aggregation [ interface | summary | verbose groupnumber ]

View

All views

Parameter

interface: Specifies the interface.

summary: Provides summary information on the link aggregation group.

verbose groupname: Provides detailed information on the specified group.

Description

Use the display link-aggregation command to view information on all link aggregations, or the link aggregation of a specified master port.

If you enter the command with a master port number, information on the specific link aggregation group will be displayed. If you enter the command without a master port number, information on all link aggregation groups is displayed.

Related command: link-aggregation.

Example

To display information on the aggregation group with the master port number Ethernet1/0/1, enter the following:

<SW7700>display link-aggregation ethernet1/0/1

The information display in the following format:

Master port: Ethernet1/0/1 Other sub-ports: Ethernet1/0/2 Mode: both

link-aggregation Syntax

link-aggregation start_port_number to end_port_number { both }

undo link-aggregation { master_port_number | all }

View

System view

Table 5 The description of link aggregation

Field Description

Master port Indicates the number of the master port

Other sub-ports Indicates other member ports.

Mode Indicates the aggregation mode

Ethernet Port Link Aggregation Commands 67

Parameter

start_port_number: Enter the first port in the range of ports that you want to add to the link aggregation. This becomes the master port in the link aggregation.

end_port_number: Enter the last port in the range of ports that you want to add to the link aggregation.

both: Enter to configure the sub-ports in the link aggregation to share the outgoing load on the port, depending on the source address and destination MAC address.

master_port_number: Enter the master port number in a link aggregation to cancel the link aggregation.

all: Enter to cancel all aggregated ports.

Description

■ Use the link-aggregation command to add a series of ports to the aggregation link. The port with the smallest port number is designated the master port.

■ Use the undo link-aggregation command to cancel a link aggregation, or all link aggregations.

Note that the Ethernet ports to be added to the aggregated link must all operate with the same speed and duplex settings. The possible settings are 10 Mbps full duplex, 100 Mps full duplex, or 1000 Mbps full duplex.

Related command: display link-aggregation.

Example

Configure outgoing traffic on two aggregated ports:

[SW7700]link-aggregation ethernet1/0/1 to ethernet1/0/2 both


3
USING VLAN COMMANDS

VLAN Configuration Commands

■ broadcast-suppression

■ description

■ display interface VLAN-interface

■ display vlan

■ interface VLAN-interface

■ shutdown

■ vlan

Port-Based VLAN Configuration Command

■ port

Protocol-Based VLAN Configuration Commands

■ display vlan-protocol interface

■ display protocol-vlan

■ port hybrid protocol-vlan

■ protocol-vlan

GARP Configuration Commands

■ display garp statistics

■ display garp timer

■ garp timer

■ garp timer leaveall

■ reset garp statistics

GVRP Configuration Commands

■ display gvrp statistics

■ display gvrp status

■ gvrp

■ gvrp registration

VLAN Configuration Commands

This section describes the commands you can use to configure and manage the VLANs and VLAN interfaces on your system.

70 CHAPTER 3: USING VLAN COMMANDS

broadcast-suppression Syntaxbroadcast-suppression max-ratio

undo broadcast-suppression

View

VLAN view

Parameter

max-ratio: Enter the broadcast suppression ratio for the current VLAN as a percentage, in the range 0 to 100. The smaller the percentage, the less broadcast traffic is allowed through the VLAN. If you do not want to perform broadcast suppression on the VLAN, enter 100, the default value.

Description

■ Use the broadcast-suppression command, to configure the broadcast suppression ratio for VLAN. When the traffic exceeds a certain threshold, the system will drop packets to guarantee the network service and reduce the broadcast traffic to a rational scale.

■ Use the undo broadcast-suppression command to restore the default ratio to 100, namely no VLAN broadcast suppression

Note that in the Switch 7700, you cannot use the command at the port on the 20-Port 10/100/1000BASE-T or the 20-port 1000BASE-X-SFP I/O modules.

Related Command: display vlan.

Example

To set the broadcast suppression ratio for VLAN2 to 50%, enter the following:

[SW7700-vlan2]broadcast-suppression 50

description Syntaxdescription string

undo description

View

VLAN view

Parameter

string: Enter a description of the current VLAN, up to a maximum of 32 characters. For a description of a VLAN interface, the maximum is 80 characters.

Description

■ Use the description command to set a description for the current VLAN.

■ Use the undo description command to cancel the description of current VLAN.

Related command: display vlan.

VLAN Configuration Commands 71

Example

To give VLAN3 the description “RESEARCH”, enter the following:

[SW7700-vlan3]description RESEARCH

display interface VLAN-interface

Syntaxdisplay interface vlan-interface [ vlan_id ]

View

All views

Parameter

vlan_id: Enter the ID number of the VLAN interface, ranging from 1 to 4094.

Description

■ Use the display interface Vlan-interface command to view the information about a specific VLAN interface, or all VLAN interfaces. The information displayed includes:

■ Current status of the interface

■ Current status of the line protocol

■ VLAN interface description

■ Maximum Transmit Unit (MTU)

■ IP address and subnet mask

■ Format of the IP frames

■ MAC hardware address.

■ Use display interface Vlan-interface to display information on all VLAN interfaces.

■ Use display interface Vlan-interface vlan_id to display information on a specific VLAN interface

Related command: interface Vlan-interface.

Example

To display information on VLAN interface 2, enter the following:

<SW7700>display interface vlan-interface 2


VLAN-Interface2 is up line protocol is upDescription : 3COM, SW7700, VLAN-Interface2 InterfaceThe Maximum Transmit Unit is 1500Internet Address is 1.1.1.1/8IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0.fc00.5517

display vlan Syntaxdisplay vlan [ vlan_id | all | static | dynamic ]


View

All views

Parameter

vlan_id: Enter to display information on a specified VLAN.

all: Enter to display information on all VLANs.

static: Enter to display information on VLANs created statically by the system.

dynamic: Enter to display information on VLANs created dynamically by the system.

Description

■ Use the display vlan command to view related information about specific VLANs, specific types of VLAN or all VLANs. The information includes: VLAN type, whether the Route interface has been configured on the VLAN, the Broadcast Suppression max-ratio, the VLAN description, and a list of the tagged and untagged ports that belong to the VLAN.

■ Use the command display vlan to display a summary of the VLAN IDs of all VLANs configured on the system.

■ Use the command display vlan vlan_id to display information on a specific VLAN.

■ Use the command display vlan all to display information on all the VLANs.

■ Use the command display vlan dynamic to display information on VLANs created dynamically by the system.

■ Use the command display vlan static to display information of VLAN created statically by the system.

Related command: vlan.

Examples

To display a summary of the VLAN IDs of all VLANs configured on the system, enter the following:

[SW7700]display vlan


The following vlan exist(s): 1 (default), 2, 3

To display information on VLAN2, enter the following:

[SW7700]display vlan 2


Vlan ID: 2 Vlan Type: static Route interface: not configured

VLAN Configuration Commands 73

Broadcast Max-ratio: 100% Description: 3COM Tagged Ports: none Untagged Ports: Ethernet1/0/1 Ethernet1/0/5 Ethernet1/0/7

interface VLAN-interface Syntaxinterface vlan-interface vlan_id

undo interface vlan-interface vlan_id

View

System view

Parameter

vlan_id: Enter the ID of the VLAN interface you want to configure, in the range 1 to 4094. Note that VLAN1 is the default VLAN and cannot be deleted.

Description

■ Use the interface VLAN-interface command to enter a VLAN interface view and use the related configuration commands.

■ Use the undo interface VLAN-interface command to exit the current VLAN interface.

Related command: display interface VLAN-interface.

Example

To enter the interface view of VLAN1, enter the following:

[SW7700]interface vlan-interface 1

shutdown Syntaxshutdown

undo shutdown

View

VLAN interface view

Parameter

None

Description

■ Use the shutdown command to disable the VLAN interface.

■ Use the undo shutdown command to enable the VLAN interface.

By default, when all Ethernet ports are in DOWN status in VLAN interface, the VLAN interface is in DOWN status and is disabled. When there is one or more Ethernet ports in VLAN interface are in UP status, the VLAN interface is UP.

This command can be used to start the interface after the related parameters and protocols of VLAN interface are set. Or when the VLAN interface fails, the


interface can be shut down first and then restarted, in this way, the interface may be restored to normal status. Shutting down or starting VLAN interface will not take any effect on any Ethernet port of this VLAN.

Example

Restart interface after shutting down the interface.

[SW7700-Vlan-interface1] shutdown

[SW7700-Vlan-interface1] undo shutdown

vlan Syntaxvlan vlan_id

undo vlan vlan_id [ to vlan_id | all }

View

System view

Parameter

vlan_id: Enter the ID of the VLAN you want to configure, in the range 1 to 4094.

Description

■ Use the vlan command to enter the VLAN view, and use the related configuration commands.

■ Use the undo vlan command to exit from the specified VLAN. VLAN 1 is default VLAN and cannot be deleted.

Related commands: display vlan.

Example

To enter VLAN 3, enter the following:

[SW7700]vlan 3

Port-Based Configuration Commands

This section describes the command for adding a port to a VLAN.

port Syntaxport interface_type interface_number [ to interface_type interface_number ]

undo port interface_type interface_number [ to interface_type interface_number ]

View

VLAN view


Parameter

interface_type: Enter the interface type of the port or ports you want to add to the VLAN. This can be either Ethernet or GigabitEthernet.

interface_number: Enter the interface number of the port you want to add to the VLAN. This must not be a trunk port. If you want to add a range of ports, enter the interface number of the first port in the range. Enter this number in the format slot-number/subslot-number/port-number. On the Switch 7700:






to interface_type interface_name: If you are adding a range of ports to the VLAN, use this parameter to indicate the last port in the range. Ensure that the range does not include a trunk port. This parameter is optional.

You can enter up to ten interface_type and interface_number parameters at one port command.

Description

■ Use the port command to add one port or a group of ports to a VLAN.

■ Use the undo port command to remove one port or a group of ports from a VLAN.

Related command: display vlan.

Example

To add the interfaces from Ethernet 1/0/1 through Ethernet 1/0/3 to VLAN 2, enter the following:

[SW7700-vlan2]port ethernet 1/0/1 to ethernet 1/0/3

Protocol-Based VLAN Configuration Commands

This section describes the commands you can use to configure a protocol-based VLAN.

Protocol-based VLANs are supported only in the 48-port 10/100BASE-T Auto-sensing FE, 24-port 100BASE-FX MMF FE, 8-port 1000BASE-X GE, and 8-port 10/100/1000BASE-T GE I/O modules.

display vlan-protocol interface

Syntaxdisplay vlan-protocol interface { interface_list | all }


View

Any view

Parameters

interface_list: Displays the protocol information of the specific port, interface_list = { interface_num [ to interface_num2 ] }. interface_num refers to the number of the port whose protocol information is to be displayed. interface_num and interface_num 2 specify the range of the port numbers.

all: Displays the protocol information of all ports.

Description

■ Use the display vlan-protocol interface command to view the protocol information and protocol index configured on the specific port, to which you can refer when you use the protocol-based VLAN and add/delete a protocol.

Related command: display interface.

Example

Display the protocol information and protocol index configured on Ethernet1/0/1 and Ethernet1/0/2.

[SW7700] display vlan-protocol interface ethernet1/0/1 to ethernet1/0/2 Interface Number: Ethernet1/0/1Vlan-ID Protocol-Index Protocol-type50 1 ip 192.168.10.1 255.255.255.080 2 ip 101.120.34.0 255.255.0.0100 1 ip 104.232.43.0 255.255.255.0100 2 ipx ethernetiiInterface Number: Ethernet1/0/250 5 ipx raw80 1 at100 3 mode snap etype 0x0abc100 5 mode llc dsap 0xac ssap 0xbd ... ...

display protocol-vlan Syntaxdisplay protocol-vlan { vlan_list | all }

View

Any view

Parameter

vlan_list: Displays the protocol information of the specific VLAN, vlan_list = { vlan_id [ to vlan_id2 }. vlan_id refers to the ID of the VLAN whose protocol information is to be displayed. vlan_id and vlan_id2 specify the range of VLAN IDs.

all: Displays the protocol information of all VLANs.


Description

■ Use the display protocol-vlan command to view the protocol information and protocol index configured on a VLAN, to which you can refer when you use the protocol-based VLAN and add/delete a protocol.

Related commands: display vlan

Example

Display the protocol information and protocol index configured on the VLANs from VLAN10 to VLAN20

[SW7700] display protocol-vlan 10 to 20VLAN ID: 10VLAN Type: Protocol-based VLAN ProtocolIndex Protocol-VLAN type 1 IP 101.120.34.0/24 2 IP 104.232.43.0/24 3 IPX ETH II 4 ATVLAN ID: 15VLAN Type: Protocol-based VLAN Protocol-Index Protocol-type 1 ip 192.168.10.1 255.255.255.0 2 mode snap etype 0x0abc……..

port hybrid protocol-vlan

Syntaxport hybrid protocol-vlan protocol-vlan_list

undo port hybrid protocol-vlan protocol-vlan_list

View

Ethernet port view

Parameter

protocol-vlan_list: The list of VLAN protocols that is added to or deleted from a port, protocol-vlan_list = { protocol_index [ to protocol_end ]. protocol_index refers to the first value of the protocol index. protocol_end refers to the last value of the protocol index.

Description

■ Use the port hybrid protocol-vlan command to associate a protocol-based VLAN with the specified port.

■ Use the undo port hybrid protocol-vlan command to delete the association between the port and the protocol-based VLAN.

Note that only the Hybrid port supports this feature at present. The port must belong to the VLAN before you associate it with the protocol-based VLAN. Otherwise, it cannot be associated with the VLAN.

Related commands: display vlan-protocol interface


Example

Associate Ethernet1/0/1 with protocols 10 to 20 in VLAN 3

[SW7700-Ethernet1/0/1] port hybrid protocol-vlan 10 to 20

protocol-vlan Syntaxprotocol-vlan [ protocol-index ] { ip [ ip_address [ net_mask ] ] | ipx { ethernetii | llc | raw | snap } | at | mode { ethernetii | llc | snap } }

undo protocol-vlan { protocol_index [ to protocol_end ] | all }

View

VLAN view

Parameter

ip_address: IP address

net_mask: Mask of the IP address. It defaults to 255.255.255.0.

protocol_index: Initial value of the protocol index, ranging from 0 to 4. It must be smaller than protocol_end.

protocol_end: End value of the protocol index, ranging form 0 to 4.

Description

■ Use the protocol-vlan command to specify parameters for a VLAN based on protocols, such as IP and IPX.

■ Use the undo protocol-vlan command to remove the configuration.

Related commands: display protocol-vlan

Example

Specify VLAN 3 to be based on IP protocol.

[SW7700-vlan3] protocol-vlan ip

Specify VLAN 5 to be based on the 123.34.56.0 network segment.

[SW7700-vlan5] protocol-vlan ip 123.34.56.0

GARP Configuration Commands

This section describes the commands you can use to configure and manage the Generic Attribute Registration Protocol (GARP) on your Switch 7700.

display garp statistics Syntaxdisplay garp statistics [ interface interface_type interface_number [ to interface_type interface_number ]]

View

All views

GARP Configuration Commands 79

Parameter

interface_type: Enter an interface type. This can be either Ethernet or GigabitEthernet.

interface_number: Enter an interface number. If you want to display statistics on a range of ports, enter the first port in the range here. Enter this in the format slot-number/subslot-number/port-number. On the Switch 7700 7-slot chassis:






to interface_type interface_number: If you want to display statistics on a range of ports, use this parameter to indicate the last port in the range. This parameter is optional.

You can enter up to ten interface_type and interface_number parameters at one display garp statistics command.

Description

■ Use the display garp statistics command to view the GARP statistics information for a specified port, a range of ports or all ports.

This command displays GARP statistics information, including the number of GVRP and GMRP packets received and sent, and the number of discarded packets.

Example

To display the GARP statistics information on Ethernet port Ethernet 1/0/1, enter the following:

<SW7700>display garp statistics interface ethernet 1/0/1


GARP statistics on port Ethernet1/0/1 Number Of GMRP Frames Received : 0 Number Of GVRP Frames Received : 0 Number Of GMRP Frames Transmitted : 0 Number Of GVRP Frames Transmitted : 0 Number Of Frames Discarded : 0

The above table indicates that the number of GVRP and GMRP packets received and sent on Ethernet port 1/0/1 is 0, and that the number of discarded packets is 0.


display garp timer Syntaxdisplay garp timer [ interface interface_type interface_number [ to interface_type interface_number ]]

View

All views

Parameter

interface_type: Enter an interface type. This can be either Ethernet or GigabitEthernet.

interface_number: Enter an interface number, in the format slot-number/subslot-number/port-number. On the Switch 7700 7-slot chassis:






to interface_type interface_number: If you want to display timer statistics on a range of ports, use this parameter to indicate the last port in the range. This parameter is optional.

You can enter up to ten interface_type and interface_number parameters at one display garp timer command.

Description

■ Use the display garp timer command to view the GARP timer statistics on a port, a range of ports or all ports.

CAUTION: The GARP timers on all connected Layer 2 devices must have the same timer values set. If the timer values do not match, GARP applications may not operate successfully.

This command displays the following GARP timer statistics: Join time, Leave time, LeaveAll time and Hold time.

Related commands: garp timer, garp timer leaveall.

Example

To show the GARP timer statistics on Ethernet port 1/0/2, enter the following:

<SW7700>display garp timer interface ethernet 1/0/2


GARP Configuration Commands 81

GARP timers on port Ethernet1/0/2 GARP JoinTime : 20 centiseconds GARP Leave Time : 60 centiseconds GARP LeaveAll Time : 1000 centiseconds GARP Hold Time : 10 centiseconds

garp timer Syntaxgarp timer { hold | join | leave } timer_value

undo garp timer { hold | join | leave }

View

Ethernet port view

Parameter

hold: Sets the GARP Hold timer. By default, the hold timer is set to 10 centiseconds, that is 100 ms.

join: Sets the GARP Join timer. By default, the join timer is set to 20 centiseconds, that is 200 ms.

leave: Sets the GARP Leave timer. By default, the leave timer is set to 60 centiseconds, that is 600 ms.

timer_value: Enter the value of either the Hold timer, Join timer or Leave timer in centiseconds, in the range 10 to 32765. You must enter the value in units of 5 centiseconds.

Description

■ Use the garp timer command to configure the GARP timer values for Hold, Join, Leave and LeaveAll. For details on configuring the LeaveAll timer, refer to the garp timer leaveall section.

CAUTION: The GARP timers on all connected Layer 2 devices must have the same timer values set. If the timer values do not match, GARP applications may not operate successfully.

■ Use the undo garp timer command to restore the default values of the GARP timer.

Related commands: display garp timer, garp timer leaveall.

Example

To set the Join timer of GARP to 30 centiseconds (300 ms) on port Ethernet 1/0/1, enter the following:

[SW7700-Ethernet1/0/1]garp timer join 30

garp timer leaveall Syntaxgarp timer leaveall timer_value

undo garp timer leaveall


View

System view

Parameter

timer_value: Enter the value of the GARP LeaveAll timer in centiseconds, in the range 10 to 32765. By default, the LeaveAll timer is set to 1000 centiseconds, that is 10 seconds.

Description

■ Use the garp timer leaveall command to configure the GARP leaveall timer.

■ Use the undo garp timer leaveall command to restore the default value of 1000 centiseconds.

Related command: display garp timer, garp timer.

Example

To set the GARP LeaveAll timer to 1 second (100 centiseconds), enter the following:

[SW7700]garp timer leaveall 100

reset garp statistics Syntaxreset garp statistics [ interface interface_type interface_number [ to interface_type interface_number ]]

View

User view

Parameter

interface_type Enter an interface type. This can be either Ethernet or GigabitEthernet

interface_number: Enter an interface number, in the format slot-number/subslot-number/port-number. On the Switch 7700 7-slot chassis:






to interface_type interface_number If you want to display timer statistics on a range of ports, use this parameter to indicate the last port in the range. This parameter is optional.

GVRP Configuration Commands 83

You can enter up to ten interface_type and interface_number parameters at one reset garp statistics command.

Description

■ Use the reset garp statistics command to reset the GARP statistics information for a port, a range of ports or all ports.

This command clears the GARP statistics information, that is the number of GVRP and GMRP packets received or sent, and the number of discarded packets.

Related command: display garp statistics

Example

To clear GARP statistics information for all ports, enter the following:

<SW7700>reset garp statistics

GVRP Configuration Commands

This section describes the commands you can use to configure and manage the GARP VLAN Registration Protocol (GVRP) on your Switch 7700.

display gvrp statistics Syntaxdisplay gvrp statistics [ interface interface_type interface_number [ to interface_type interface_number ]]

View

All views

Parameter

interface_type Enter an interface type. This can be either Ethernet or GigabitEthernet

■ The slot number is a number in the range 0 to 6 (the Fabric slot is 0). interface_number: Enter an interface number, in the format slot-number/subslot-number/port-number. On the Switch 7700 7-slot chassis:

■ The subslot number is set to 0.

■ The port number is a number in the range 1 to 8 (on an 8-port Gigabit module), 1 to 24 (on a 24-port 100BASE-FX module), or 1 to 48 (on a 48-port 10/100/BASE-TX modules).


to interface_type interface_number If you want to display statistics on a range of ports, use this parameter to indicate the last port in the range. This parameter is optional.

You can enter up to ten interface_type and interface_number parameters at one display gvrp statistics command.


Description

Using the display gvrp statistics command, you can display GVRP statistics information on a specified port, and range of ports or all ports.

■ Use the display gvrp statistics interface_type interface_number command to display information on a specific port.

■ Use the display gvrp statistics interface_type interface_number to interface_type interface_number command to display information on a range of ports.

■ Use the display gvrp statistics command to display information on all ports.

This command displays the GVRP status, failed GVRP registration entries, last GVRP data unit origin and the GVRP registration type.

Example

To display the GVRP statistics information on Ethernet port 1/0/3, enter the following:

<SW7700>display gvrp statistics interface ethernet 1/0/3


GVRP statistics on port Ethernet1/0/3GVRP Status : EnabledGVRP Failed Registrations : 0GVRP Last Pdu Origin : 0000-0000-0000GVRP Registration Type : Normal

display gvrp status Syntaxdisplay gvrp status

View

All views

Parameter

None

Description

Using the display gvrp status command, you can check the status of GVRP.

Example

To display GVRP status, enter the following:

<SW7700>display gvrp status GVRP is enabled

gvrp Syntaxgvrp

undo gvrp

GVRP Configuration Commands 85

View

System view/Ethernet port view

Parameter

None

Description

■ Use the gvrp command to enable GVRP. You must enable GVRP globally from System view before you can enable GVRP per port from Ethernet port view. GVRP can only be enabled on a trunk port; in addition, GVRP must be enabled on both ends of a trunk link.

■ Use the undo gvrp command to disable GVRP. This can be done globally from System view, or it can be done per port, from Ethernet port view. If you want to disable GVRP on a port, you can only do this when GVRP is enabled globally.

Related command: display gvrp status.

Example

To enable global GVRP, enter the following:

[SW7700]gvrp

gvrp registration Syntaxgvrp registration { fixed | forbidden | normal }

undo gvrp registration

View

Ethernet port view

Parameter

fixed: Enables the registration of manual VLANs. If you enter this command, dynamic VLAN registration is disabled.

forbidden: Blocks all VLANs except VLAN 1, and blocks the creation of new VLANs on the port.

normal: Enables VLANs to be created manually or dynamically on the port.

Description

■ Use the gvrp registration command to configure the GVRP registration type.

■ Use the undo gvrp registration command to restore the default type. By default, the registration type is normal.

This command can be only used on a trunk port.

Related commands: display gvrp statistics.


Example

To set the GVRP registration type of Ethernet port 1/0/4 to fixed, enter the following:

[SW7700-Ethernet1/0/4]gvrp registration fixed

4
USING NETWORK PROTOCOL COMMANDS

IP Address Configuration Commands

■ display ip host

■ display ip interface vlan-interface

■ ip address

■ ip host

ARP Configuration Commands

■ arp check enable

■ arp static

■ arp timer aging

■ debugging arp

■ display arp

■ display arp timer aging

■ gratuitous-arp-learning enable

■ reset arp

DHCP Relay Configuration Commands

■ address-check disable

■ address-check enable

■ debugging dhcp-relay

■ dhcp-security static

■ dhcp-server

■ dhcp-server ip

■ display dhcp-security

■ display dhcp-server

■ display dhcp-server interface vlan-interface

IP Performance Configuration Commands

■ display fib

■ display icmp statistics

■ display ip socket

■ display ip statistics

88 CHAPTER 4: USING NETWORK PROTOCOL COMMANDS

■ display tcp statistics

■ display tcp status

■ display udp statistics

■ ip

■ ip forward-broadcast

■ reset ip statistics

■ reset tcp statistics

■ reset udp statistics

■ tcp timer fin-timeout

■ tcp timer syn-timeout

■ tcp window

IPX Configuration Commands

■ display ipx interface

■ display ipx routing-table

■ display ipx service table

■ display ipx statistics

■ ipx enable

■ ipx encapsulation

■ ipx netbios-propagation

■ ipx network

■ ipx rip import-route static

■ ipx rip mtu

■ ipx rip multiplier

■ ipx rip timer update

■ ipx route-static

■ ipx route load-balance-path

■ ipx route max-reserve-path

■ ipx sap disable

■ ipx sap gns-disable-reply

■ ipx sap gns-load-balance

■ ipx sap max-reserve-servers

■ ipx sap mtu

■ ipx sap multiplier

■ ipx sap timer update

■ ipx service

■ ipx split-horizon

■ ipx tick

■ ipx update-change-only

IP Address Configuration Commands 89

■ reset ipx statistics

■ reset ipx routing-table statistics protocol

IP Address Configuration Commands

This section describes the commands you can use to configure and manage IP Addressing on your Switch 7700.

display ip host Syntax

display ip host

View

All views

Parameter

None

Description

Use the display ip host command to display all host names and their corresponding IP addresses.

Example

To display all host names and their corresponding IP addresses, type the following:

<SW7700>display ip host


Host Age Flags AddressMy 0 static1.1.1.1Aa 0 static2.2.2.4

display ip interface vlan-interface

Syntaxdisplay ip interface vlan-interface vlan_id

View

All views

Parameter

vlan_id: Enter the identifier of the vlan interface.

Description

■ Use the display ip interface vlan-interface vlan_id command to view information on the specified interface.

Example

To display information on VLAN-Interface 1, enter the following:

<SW7700>display ip interface vlan-interface 1



Vlan-interface1 current state : DOWNLine protocol current state : DOWNInternet Address is 1.1.1.1/8 PrimaryBroadcast address : 1.255.255.255The Maximum Transmit Unit : 1500 bytesinput packets : 0, bytes : 0, multicasts : 0output packets : 0, bytes : 0, multicasts : 0TTL invalid packet number: 0ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0

ip address Syntaxip address ip_address ip_mask [ sub ]

undo ip address [ ip-address { mask | mask_length } [ sub ] ]

View

VLAN interface view

Parameter

ip_address: Enter the IP address of the VLAN interface.

ip_mask: Enter the IP subnet mask of the VLAN interface.

sub: Enter if the specified IP address and subnet mask are a secondary IP address and subnet mask for this VLAN interface. Optional.

Description

■ Use the ip address ip_address ip_mask command to configure the primary IP address and IP subnet mask for a VLAN interface.

■ Use the ip address ip_address ip_mask sub command to configure a secondary address and IP subnet mask for a VLAN interface. Usually, only one IP address is required for each interface. If you want to connect the interface to several subnets, you can configure an IP addresses for each subnet.

■ Use the undo ip address ip_address ip_mask sub command to cancel a secondary IP address and IP subnet mask of a VLAN interface.

■ Use the undo ip address ip_address ip_mask command to cancel the primary IP address and IP subnet mask of a VLAN interface. Before you can

ARP Configuration Commands 91

cancel the primary IP address of an interface, you must cancel any secondary IP addresses.

■ Use the undo ip address command without any parameters to delete the primary and secondary IP addresses of an interface.

By default, the IP address of a VLAN interface is set to null.

The subnet address of an IP address can be identified by subnet mask. For instance, the IP address of an interface is 202.38.10.102, and the mask is 255.255.0.0. You can confirm that the subnet address is 202.38.0.0 by performing the logic operation “AND” on the IP address and mask.

Related commands: ip route, display ip interface, display interface.

Example

To configure VLAN-Interface 2 to have an IP address of 202.38.10.66, and a subnet mask of 255.255.255.0, enter the following:

[SW7700-vlan-interface2]ip address 202.38.10.66 255.255.255.0

ip host Syntaxip host hostname ip_address

undo ip host hostname [ ip_address ]

View

System view

Parameter

hostname: Enter the host name of the connecting device. This is a character string of up to 20 characters.

ip_address: Enter the host’s IP address.

Description

■ Use the ip host command to configure the host name and the host IP address in the Switch 7700’s host table. This allows you to ping or Telnet a local device by host name.

■ Use the undo ip host command to remove the host name and the host IP address from the host table.

By default, the host name and corresponding IP address are null.

Example

To enter a host name of Lanswitch1 for the IP address 202.38.0.8, enter the following .

[SW7700]ip host Lanswitch1 202.38.0.8

ARP Configuration Commands

This section describes the commands you can use to configure and manage the Address Resolution Protocol (ARP) operations on your Switch 7700.


arp check enable Syntaxarp check enable

undo arp check enable

View

System view

Parameter

none

Description

Use the arp check enable command to enable the checking of an ARP entry so the device does not learn the ARP entry where the MAC address is a multicast MAC address. Use the undo arp check enable command to disable the checking of ARP entry so the device learns the ARP entry where the MAC address is a multicast MAC address.

By default, the checking of ARP entry is enabled and the device does not learn the ARP entry where the MAC address is a multicast MAC address.

Example

Configure that the device learns the ARP entry where the MAC address is multicast MAC address.

[SW7700] undo arp check enable

arp static Syntaxarp static ip_address mac_address [ vlan-id { interface_type interface_number } ]

undo arp static ip_address

View

System view

Parameter

ip_address: Enter the IP address of the ARP mapping entry.

mac_address: Enter the MAC address of the ARP mapping entry, in the format H-H-H (H indicates a four digit hexadecimal number, for example 00e0-fc01-0000).

vlan_id: Enter the ID number of the local VLAN that you want to use to send frames to this address. The VLAN ID can be in the range 1 to 4094. Optional.

interface_type: Enter the type of the port that you want to use to send frames to this address. Optional, but must be entered if a VLAN ID is specified.

interface_number: Enter the number of the port that you want to use to send frames to this address. Optional, but must be entered if a VLAN ID is specified.


Description

■ Use the arp static command to manually configure the static ARP mapping entries in the ARP mapping table. You must enter an IP address and MAC address with this command. You can optionally enter a VLAN ID, which also requires entry of an interface type and interface number. The aggregation port or port with LACP enabled cannot be set as the egress port of static ARP.

■ Use the undo arp static ip_address command to remove a static ARP mapping entry from the ARP table.

To remove all static ARP entries, use the reset arp static command. Note that the reset arp static command removes all static ARP entries permanently.

By default, the ARP mapping table is empty, and the Switch uses dynamic ARP to maintain its address mapping.

Related commands: reset arp, display arp, debugging arp.

Example

To establish a mapping between IP address 129.102.0.1 and MAC address 00e0-fc01-0000, and to send frames to this address through VLAN 1, Ethernet port 1/0/1, enter the following:

[SW7700]arp static 202.38.0.10 00e0-fc01-0000 1 Ethernet1/0/1

arp timer aging Syntax

arp timer aging aging_time

undo arp timer aging

View

System view.

Parameter

aging_time: Enter the aging time of dynamic ARP aging timer, in the range 1 to 1440 minutes. The default is 20 minutes.

Description

■ Use the arp timer aging command to configure the dynamic ARP aging timer.

■ Use the undo arp timer aging command to restore the default time of 30 minutes.

Related commands: display arp timer aging

Example

To configure the dynamic ARP aging timer to 10 minutes, enter the following:

[SW7700]arp timer aging 10

debugging arp Syntaxdebugging arp { packet | status }


undo debugging arp { packet | status }

View

User view

Parameter

packet: Enter to enable ARP packet debugging.

status: Enter to enable ARP status debugging.

Description

■ Use the debugging arp command to enable ARP packet debugging or ARP status debugging.

■ Use the undo debugging arp command to disable ARP packet debugging or ARP status debugging. By default, ARP debugging is disabled.

This command helps you to diagnose and troubleshoot ARP related faults.

Related command: arp static, display arp.

Example

To set ARP to packet debugging, enter the following:

<SW7700>debugging arp packet

display arp Syntaxdisplay arp [ ip-address | [ dynamic | static ] [ | { begin | include | exclude } text ]]

View

All views

Parameter

dynamic: Enter to display the dynamic ARP entries in the ARP mapping table.

static: Enter to display the static ARP entries in the ARP mapping table.

begin: Start displaying from the first ARP entry that contains the specified character string “text”.

include: Display only the ARP entries that contain the specified character string “text”.

exclude: Display only the ARP entries that do not contain the specified character string “text”.

text: A character string. The ARP entries that contain this character string are displayed.

Description

Use the display arp command to display the ARP mapping table entries by entry type, or by a specified IP address.


Related commands: arp static, reset arp, debugging arp.

Example

To display all ARP entries in the mapping table, enter the following:

[SW7700]display arpType: S-Static D-Dynamic

--- 2 entries found ---

display arp timer aging Syntaxdisplay arp timer aging

View

All views.

Parameter

None

Description

Use the display arp timer aging command to view the current setting of the dynamic ARP aging timer.

Example

To display the current setting of the dynamic ARP aging timer, enter the following:

[SW7700] display arp timer aging


Current ARP aging time is 10 minute(s)

gratuitous-arp-learning enable

Syntax gratuitous-arp-learning enable

undo gratuitous-arp-learning enable

IP Address MAC Address VLAN ID Port Name Aging Type

10.1.1.2 00e0-fc01-0102 N/A N/A N/A S

10.110.91.175 0050-ba22-6fd7 1 Ethernet1/0/1 20 D

Table 6 Output Description of the display arp Command

Field Description

IP Address IP address of the ARP mapping entryMAC Address MAC address of the ARP mapping entryVLAN ID VLAN to which the static ARP entry belongsPort Name Port to which the static ARP entry belongsAging Aging time of dynamic ARP entry in minutesType Type of ARP entry


View

System view

Parameters

None

Description

■ Use the gratuitous-arp-learning enable command to allow the switch to learn gratuitous ARPs.

■ Use the undo gratuitous-arp-learning enable command to disable a switch from learning gratuitous ARPs.

By default, the switch does not learn gratuitous ARPs.

Example

Enable the switch to learn gratuitous ARPs.

[SW7700] gratuitous-arp-learning enable

reset arp Syntaxreset arp [ dynamic | static | interface interface_type interface_number ]

View

User view

Parameter

dynamic: Enter to clear the dynamic ARP mapping entries. Note that dynamic ARP entries start re-learning immediately.

static: Enter to clear the static ARP mapping entries. Note that static ARP entries are deleted permanently.

interface interface_type interface_number: Enter to clear the ARP mapping entries for the specified. port.

Description

■ Use the reset arp command to remove information that is no longer required from the ARP mapping table. You can remove entries of a specified type, or from a specified port.

■ Use the reset arp command to clear all ARP entries. You are asked to confirm this entry.

■ Use the reset arp dynamic command to clear all dynamic ARP entries.

■ Use the reset arp static command to clear all static ARP entries.

■ Use the display arp interface command to clear all entries for the specified port.

Related command: arp static, display arp.


Example

To clear static ARP entries, enter the following:

<SW7700>reset arp static


DHCP Relay Configuration Commands

This section describes the commands you can use to configure and manage the Dynamic Host Configuration Protocol (DHCP) operations on your Switch 7700.

address-check disable Syntaxaddress-check disable

View

VLAN interface view

Parameter

None

Description

Use the address-check disable command to disable the security features of DHCP relay and disable the user address validity check on a VLAN interface.

Related command: address-check enable.

Example

To disable the security features of DHCP on interface VLAN2, enter the following:

[SW7700-vlan-interface2]address-check disable

address-check enable Syntaxaddress-check enable

View

VLAN interface view

Parameter

None

Description

Use the address-check enable command to enable the security features of DHCP relay and enable the user address validity check on a VLAN interface. If the MAC address and IP address of incoming traffic is not in the DHCP security table, the traffic is discarded.

Related command: address-check disable, dhcp-security static

Example

To enable the security features of DHCP relay on interface VLAN2, enter the following:

[SW7700-vlan-interface2]address-check enable

debugging dhcp-relay Syntaxdebugging dhcp-relay

DHCP Relay Configuration Commands 99

undo debugging dhcp-relay

View

User view

Parameter

None

Description

■ Use the debugging dhcp-relay command to enable DHCP relay debugging.

■ Use the undo debugging dhcp-relay command to disable DHCP relay debugging. By default, DHCP relay debugging is disabled.

Related commands: dhcp-server ip, dhcp-server, display dhcp-server vlan.

Example

To enable DHCP relay debugging, enter the following:

<SW7700>debugging dhcp-relay

dhcp-security static Syntaxdhcp-security static ip_address mac_address

undo dhcp-security { ip_address | all | dynamic | static }

View

System view

Parameterstatic: Specifies a static address.

ip_address: Enter the client’s static IP address.

mac_address: Enter the client’s MAC address.

all: Cancel all address table entry.

dynamic: Cancel dynamic address table entry.

static: Cancel static address table entry.

Description

■ Use the dhcp-security command to configure a static address table entry for a DHCP Server group.

■ Use the undo dhcp-security command to cancel a address table entry for a DHCP Server group.

You can use the display dhcp-security command to view the static IP address information.

Related command: display dhcp-security, dhcp-server.


Example

To assign the IP address 1.1.1.1 to the MAC address 0005-5D02-F2B3, and add this information to the static address table, enter the following:

[SW7700]dhcp-security static 1.1.1.1 0005-5D02-F2B3

dhcp-server Syntaxdhcp-server group_number

undo dhcp-server

View

VLAN interface view

Parameter

group_number: Enter the DHCP Server group number.

Description

■ Use the dhcp-server command to associate a VLAN interface with a DHCP Server group. DHCP Server requests are forward to the server associated with this group from the specified interface.

■ Use the undo dhcp-server command to remove the VLAN interface from the selected DHCP Server group. By default, DHCP Server requests are not forwarded.

You can only add the primary VLAN interface to a DHCP Server group. The primary VLAN interface is the first interface that you configure.

This command has more parameters when entered in system view. Refer to dhcp-server ip below for details.

Related commands: dhcp-server ip, display dhcp-server vlan, debugging dhcp-relay.

Example

To add VLAN-Interface 1 to DHCP Server group1, enter the following:

[SW7700-Vlan-interface1]dhcp-server 1

dhcp-server ip Syntaxdhcp-server group_number ip ip_address_primary [ ip_address_secondary ]

undo dhcp-server group_number

View

System view

Parameter

group_number: Enter the DHCP server group number, in the range 0 to 19.

ip_address_primary: Enter the IP address of the primary Server in the group.

DHCP Relay Configuration Commands 101

ip_address_secondary: Enter the IP address of the secondary Server in the group. Optional.

Description

■ Use the dhcp-server ip command to configure the IP address of the DHCP Server used by the DHCP Server group.

■ Use the undo dhcp-server ip command to delete the IP addresses of all DHCP Servers in DHCP Server group.

This command has fewer parameters when entered in VLAN interface view. Refer to dhcp-server for details.

Related commands: dhcp-server, debugging dhcp-relay.

Example

To configure the primary and secondary IP addresses of DHCP Server group 1 as 1.1.1.1 and 2.2.2.2 respectively, enter the following:

[SW7700]dhcp-server 1 ip 1.1.1.1 2.2.2.2

To delete the IP addresses of DHCP Server group1, enter the following:

[SW7700]undo dhcp-server 1

display dhcp-security Syntaxdisplay dhcp-security [ ip_address | dynamic | static ]

View

All views

Parameter

ip_address: Enter the client IP address.

dynamic: Display the dynamic address table entry.

static: Display the static address table entry.

Description

■ Use the display dhcp-security command to display information on all clients.

■ Use the display dhcp-security ip_address command to display information on a specific client. Use the IP address to identify the client.

Example

To display the IP addresses for each client, enter the following:

<SW7700>display dhcp-security


IP Address MAC Address Type2.2.2.2 0005.5d02.f2b2 Static3.3.3.3 0005.5d02.f2b3 Dynamic--- 1 dhcp-security item(es) found ---


display dhcp-server Syntaxdisplay dhcp-server group_number

View

All views.

Parameter

group_number: Enter a DHCP Server group number.

Description

Use the display dhcp-server command to view information on a selected DHCP Server group.

Related commands: dhcp-server ip, dhcp-server, display dhcp-server interface vlan-interface, debugging dhcp-relay.

Example

To view information on DHCP Server group 0, enter the following:

<SW7700>display dhcp-server 0


The first IP address of DHCP Server group 0: 1.1.1.1The second IP address of DHCP Server group 0: 1.1.1.2Messages from this server group: 0Messages to this server group: 0Messages from clients to this server group: 0Messages from this server group to clients: 0DHCP_OFFER messages: 0DHCP_ACK messages: 0DHCP_NAK messages: 0DHCP_DECLINE messages: 0DHCP_DISCOVER messages: 0DHCP_REQUEST messages: 0DHCP_INFORM messages: 0DHCP_RELEASE messages: 0

display dhcp-server interface vlan-interface

Syntaxdisplay dhcp-server interface vlan-interface vlan_id

Views

All views

Table 7 Description of the display dhcp-security information

Field Description

IP Address IP address of the DHCP Server group

MAC Address User MAC address of the DHCP Server group

Type Type of user address table entry, can be either dynamic or static.

IP Performance Configuration Commands 103

Parameter

vlan_id: Enter the VLAN interface number.

Description

Use the display dhcp-server interface vlan-interface command to display the information on the DHCP Server group corresponding to a specific VLAN interface.

Related commands: dhcp-server, debugging dhcp-relay.

Example

To view the information on the DHCP Server group corresponding to VLAN-Interface 2, enter the following:

<SW7700>display dhcp-server interface vlan-interface 2


The DHCP server group of this interface is 0

The information shown above indicates that vlan-interface 2 is configured with a DHCP Server group whose ID is 0.

IP Performance Configuration Commands

This section describes the commands you can use to configure and manage the IP performance of your Switch 7700.

display fib Syntaxdisplay fib

View

Any view

Parameter

None

Description

Use the display fib command to view the summary of the Forwarding Information Base. The information includes: destination address/mask length, next hop, current flag and outbound interface.

Example

Display the summary of the Forwarding Information Base.

<SW7700> display fibFlag D:Direct, I:Indirect, B:BlackHole, R:Reject, N:Not Use Destination/Mask Nexthop Flag Interface 127.0.0.0/8 127.0.0.1 D InLoopBack0


display icmp statistics Syntaxdisplay icmp statistics

View

Any view

Parameter

none

Description

Use the display icmp statistics command to view the statistics information about ICMP packets.

Related command: display interface

Example

Display statistics about ICMP packets.

<SW7700> display icmp statistics

Input: bad formats 0 bad checksum 0

echo 5 destination unreachable 0

source quench 0 redirects 0

echo reply 10 parameter problem 0

timestamp 0 information request 0

mask requests 0 mask replies 0

time exceeded 0

Output:echo 10 destination unreachable 0

source quench 0 redirects 0

echo reply 5 parameter problem 0

timestamp 0 information reply 0

mask requests 0 mask replies 0

time exceeded 0

Table 8 Description of the output information of the display icmp statistics command

Field Description

Input: bad formats Number of input packets in bad format

bad checksum Number of input packets with wrong checksum

echo Number of input/output echo request packets

destination unreachable Number of input/output packets with unreachable destination

source quench Number of input/output source quench packets

redirects Number of input/output redirected packets


display ip socket Syntaxdisplay ip socket [ socktype sock-type ] [ task-id socket-id ]

View

Any view

Parameter

sock-type: The type of a socket: (tcp: 1, udp 2, raw ip 3).

task-id: The ID of a task, with the value ranging from 1 to 100.

socket-id: The ID of a socket, with the value ranging from 0 to 3072.

Description

■ Use the display ip socket command to display the information about the sockets in the current system.

Example

Display the information about the socket of TCP type.

<SW7700> display ipsocket socktype 1

SOCK_STREAM:

Task = VTYD(18), socketid = 1, Proto = 6,

LA = 0.0.0.0:23, FA = 0.0.0.0:0,

sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,

socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE,

socket state = SS_PRIV SS_ASYNC


LA = 10.153.17.99:23, FA = 10.153.17.56:1161,


echo reply Number of input/output echo reply packets

parameter problem Number of input/output packets with parameter problems

timestamp Number of input/output timestamp packets

information request Number of input information request packets

mask requests Number of input/output mask request packets

mask replies Number of input/output mask reply packets

information reply Number of output information reply packets

time exceeded Number of time exceeded packets

Table 8 Description of the output information of the display icmp statistics command

Field Description


socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,

socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC


LA = 10.153.17.99:23, FA = 10.153.17.82:1121,


socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,

socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC

display ip statistics Syntaxdisplay ip statistics

View

All views.

Parameter

None

Description

Use the display ip statistics command to view statistics information on IP packets.

For the related commands see, display interface, display ip interface, and reset ip statistics.

Example

Display IP packet information.

Table 9 Output description of the display ip socket display

Field Description

SOCK_STREAM The socket type

Task The ID of a task

socketid The ID of a socket

Proto The protocol number used by the socket

sndbuf The sending buffer size of the socket

rcvbuf The receiving buffer size of the socket

sb_cc The current data size in the sending buffer. The value makes sense only for the socket of TCP type, because only TCP is able to cache data

rb_cc The current data size in the receiving buffer

socket option The option of the socket

socket state The state of the socket


<SW7700>display ip statisticsInput: sum 7120 local 112 bad protocol 0 bad format 0 bad checksum 0 bad options 0 Output: forwarding 0 local 27 dropped 0 no route 2 compress fails 0 Fragment:input 0 output 0 dropped 0 fragmented 0 couldn't fragment 0 Reassembling:sum 0 timeouts 0

display tcp statistics Syntaxdisplay tcp statistics

View

All views.

Parameter

None.

Description

Use the display tcp statistics command to view statistics information on TCP packets.

The statistics information is divided into two major categories: Received packets and Sent packets. These two categories are then divided into further types of

Table 10 Description of the Output Information of the display ip statistics Command

Field Description

Input: sum Sum of input packets

local Number of received packets whose destination is the local device

bad protocol Number of packets with wrong protocol number

bad format Number of packets in bad format

bad checksum Number of packets with wrong checksum

bad options Number of packets that have wrong options

Output: forwarding Number of forwarded packets

local Number of packets that are sent by the local device

dropped Number of dropped packets during transmission

no route Number of packets that cannot be routed

compress fails Number of packets that cannot be compressed

Fragment: input Number of input fragments

output Number of output fragments

dropped number of dropped fragments

fragmented Number of packets that are fragmented

couldn’t fragment Number of packets that cannot be fragmented

Reassembling: sum Number of packets that are reassembled

time exceeded Number of time exceeded packets


information, for example window probe packets, window update packets, duplicate packets and out-of-order packets.

Related commands: display tcp status, reset tcp statistics

To view information on TCP packets, enter the following:

[SW7700]display tcp statistics


Received packets:Total: 753packets in sequence: 412 (11032 bytes)window probe packets: 0, window update packets: 0checksum error: 0, offset error: 0, short error: 0duplicate packets: 4 (88 bytes), partially duplicate packets: 5 (7 bytes)out-of-order packets: 0 (0 bytes)packets of data after window: 0 (0 bytes)packets received after close: 0ACK packets: 481 (8776 bytes)duplicate ACK packets: 7, too much ACK packets: 0

Sent packets:Total: 665urgent packets: 0control packets: 5 (including 1 RST)window probe packets: 0, window update packets: 2data packets: 618 (8770 bytes) data packets retransmitted: 0 (0bytes)ACK-only packets: 40 (28 delayed)

Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disconnected : 0Initiated connections: 0, accepted connections: 0, established connections: 0Closed connections: 0 (dropped: 0, initiated dropped: 0)Packets dropped with MD5 authentication: 0Packets permitted with MD5 authentication: 0

display tcp status Syntaxdisplay tcp status

View

All views

Parameter

None

Description

Use the display tcp status command to display the TCP connection status.


Example

To display the status of TCP connections, enter the following:

<SW7700>display tcp status


TCPCB Local Add:port Foreign Add:port State03c82754 129.102.100.142:23 129.102.001.092:1038 ESTABLISHED03c661d4 0.0.0.0:23 0.0.0.0:0 LISTEN

TCPCB is the TCP Control Block information, including sequence numbers, window sizes, TCP state and other TCP related information.

display udp statistics Syntaxdisplay udp statistics

View

Any view

Parameter

None

Description

■ Use the display udp statistics command to view UDP traffic statistic information.

Related command: reset udp statistics

Example

Display the UDP traffic statistic information.

<SW7700> display udp statistics

Received packet:

Total:0

checksum error:0

shorter than header:0, data length larger than packet:0

no socket on port:0

broadcast:0

not delivered, input socket full:0

input packets missing pcb cache:0

Sent packet:

Total:0

ip Syntaxip { redirects | ttl-expires | unreachables }


undo ip { redirects | ttl-expires | unreachables }

View

System view.

Parameters

redirects: Enter to send redirection packets to CPU.

ttl-expires: Enter to send TTL timeout packets to CPU.

unreachables: Enter to send route unreachable packets to CPU.

Description

■ Use the ip command to configure the Switch 7700 to send redirection packets, TTL timeout packets or route unreachable packets to CPU for further processing. By default, TTL timeout packets are sent to CPU.

■ Use the undo ip command to prevent the sending of redirection packets, TTL timeout packets or route unreachable packets to CPU.

Example

To configure the Switch 7700 to send redirection packets to the CPU for further processing, enter the following:

[SW7700]ip redirects

ip forward-broadcast Syntaxip forward-broadcastundo ip forward-broadcast

View

System view

Parameter

None

Description

Use the ip forward-broadcast command to configure to forward L3 broadcast packets. Use the undo ip forward-broadcast command to disable to forward broadcast packets.

By default, L3 broadcast packets is forwarded.

Example

Enable the switch to forward broadcast packets.

[SW7700]ip forward-broadcast

reset ip statistics Syntaxreset ip statistics


View

User view.

Parameter

None.

Description

Use the reset ip statistics command to reset the IP statistics information.

Related commands: display ip interface vlan-interface, display ip statistics

Example

To reset the IP statistics information, enter the following:

<SW7700>reset ip statistics

reset tcp statistics Syntaxreset tcp statistics

View

User view.

Parameter

None.

Description

Use the reset tcp statistics command to reset the TCP statistics information.

Related commands: display tcp statistics

Example

To reset the TCP statistics information, enter the following:

<SW7700>reset tcp statistics

reset udp statistics Syntaxreset udp statistics

View

None

Parameter

None

Description

■ Use the reset udp statistics command to clear the UDP statistics information.

Example

Clear the UDP traffic statistics information.


<SW7700> reset udp statistics

tcp timer fin-timeout Syntaxtcp timer fin-timeout wait_time

undo tcp timer fin-timeout

View

System view

Parameter

wait_time: Enter the TCP fin-wait time in seconds, in the range 76 to 3600. The default is 675 seconds.

Description

■ Use the tcp timer fin-timeout command to set the TCP fin-wait time.

■ Use the undo tcp timer fin-timeout command to restore the default TCP fin-wait time.

When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the fin-wait timer is enabled. If the switch does not receive a FIN packet within the time specified using this command, the TCP connection is terminated.

Related commands: tcp timer syn-timeout, tcp window.

Example

To configure the TCP finwait timer value as 800 seconds.

[SW7700]tcp timer fin-timeout 800

tcp timer syn-timeout Syntaxtcp timer syn-timeout wait_time

undo tcp timer syn-timeout

View

System view

Parameter

wait_time: Enter the TCP syn-wait time in seconds, in the range 2 to 600. The default is 75 seconds.

Description

■ Use the tcp timer syn-timeout command to configure the TCP syn-wait time.

■ Use the undo tcp timer syn-timeout command to restore the default value of the timer.

TCP will enable the synwait timer when a SYN packet is sent. The TCP connection will be terminated if the response packet is not received before the timer expires.

IPX Configuration Commands 113

Related command: tcp timer fin-timeout, tcp window.

Example

To configure the TCP synwait timer to 80 seconds, enter the following:

[SW7700]tcp timer syn-timeout 80

tcp window Syntaxtcp window window_size

undo tcp window

View

System view

Parameter

window_size: The size of the receiver’s buffer, in kilobytes (KB), in the range 1 to 32. By default, this is set to 4KB.

Description

■ Use the tcp window command to configure the size of the buffer used for TCP connections.

■ Use the undo tcp window command to restore the default size of the buffer.

Related commands: tcp timer fin-timeout, tcp timer syn-timeout.

Example

To configure the size of the transceiving buffer to 3KB, enter the following:

[SW7700]tcp window 3



display ipx interface Syntaxdisplay ipx interface [ vlan-interface vlan_id ]

View

Any view

Parameter

vlan_id: Specifies a VLAN interface by specifying its VLAN ID.

Description

■ Use the display ipx interface command to view the IPX information of the specified VLAN interface.


If no vlan_id is specified, the IPX information of all IPX-enabled VLAN interfaces is displayed.

Example

Display the IPX information of VLAN interface 1.

<SW7700> display ipx interface Vlan-interface 1

Vlan-interface1 is down

IPX address is 1.0020-9c68-448e [down]

SAP is enabled

Split horizon is enabled

Update change only is disabled

Forwarding of IPX type 20 propagation packet is disabled

Delay of this IPX interface, in ticks is 1

SAP GNS response is enabled

RIP packet maximum size is 432 bytes

SAP packet maximum size is 480 bytes

IPX encapsulation is Netware 802.3

0 received, 0 sent

0 bytes received, 0 bytes sent

0 RIP received, 0 RIP sent, 0 RIP discarded

0 RIP specific requests received, 0 RIP specific responses sent

0 RIP general requests received, 0 RIP general responses sent

0 SAP received, 0 SAP sent, 0 SAP discarded

0 SAP requests received, 0 SAP responses sent

display ipx routing-table Syntaxdisplay ipx routing-table [ network [ verbose ] | protocol { default | direct | rip | static } [ inactive | verbose ] | statistics | verbose ]

View

Any view

Parameter

network: Displays IPX routing information by specifying a destination network number, which comprises eight hexadecimal numbers and is in the range 0x1 to 0xFFFFFFFE.

protocol: Displays the IPX routing information by route type.


default: Displays information of all the default routes.

direct: Displays information of all the direct routes.

rip: Displays all the IPX RIP routing information.

static: Displays all the IPX static routing information.

inactive: Displays the inactive routing information.

verbose: Displays the detailed IPX routing information, including the active and inactive routes.

statistics: Displays the IPX routing statistics.

Description

■ Use the display ipx routing-table command to view the IPX routing information.

If no parameters are specified, information of all the active IPX routes is displayed.

Example

Display information of the active IPX routes.

[SW7700] display ipx routing-table

Routing tables:

Summary count: 2

Dest_Ntwk_IDProto Pre Ticks Hops Nexthop Interface

0x1 Direct 0 1 0 0.0000-0000-0000 Vlan-interface1

0x2 Static 60 1 1 1.000e-0001-0000 Vlan-interface1

Display the detailed IPX routing information, including the active and inactive routes.

<SW7700> display ipx routing-table verbose

Routing tables:

Table 11 Display information of the display ipx routing-table command

Field Description

Dest_Ntwk_ID Destination network number of the route

Proto Protocol type of the route

Pre Preference of the route

Ticks Tick count of the route

Hops Hop count of the route

Nexthop Next hop of the route

interface Outgoing interface of the route


Destinations: 2 Routes: 3

Destination Network ID: 0x1

Protocol: Direct Preference: 0

Ticks: 1 Hops: 0

Nexthop: 0.0000-0000-0000 Time: 0

Interface: 1.0020-9c68-448e(Vlan-interface1)

State: <Active>

Protocol: Static Preference: -60

Ticks: 1 Hops: 1

Nexthop: 2.000e-0001-0000 Time: 0

Interface: 2.0020-9c68-448f(Vlan-interface2)

State: <Inactive>

Destination Network ID: 0x2

Protocol: Static Preference: 60

Ticks: 1 Hops: 1

Nexthop: 1.000e-0001-0000 Time: 0

Interface: 1.0020-9c68-448e(Vlan-interface1)

State: <Active>

Display the IPX routing statistics.

<SW7700> display ipx routing-table statisticsRouting tables:Proto/State route active added deleted freedDirect 1 1 2 1 1Static 2 1 2 0 0RIP 0 0 0 0 0Default 0 0 0 0 0

Total 3 2 4 1 1

Table 12 Display information of the display ipx routing-table verbose command

Field Description

Time Route aging time; it is 0 for the direct and static routes, meaning they never time out

State The state of the route. It can be active, inactive, or delete (meaning the route is being deleted)


display ipx service table Syntax

display ipx service-table [ inactive | name name | network network | order { network | type } | type service-type ] [ verbose ]

View

Any view

Parameter

inactive: Displays information of the inactive services.

name name: Displays service information by specifying a server name.

network network: Displays service information on the server with a specified network number.

order { network | type }: Displays the service information by network number or by service type.

type service-type: Displays the service information with a specified service type.

verbose: Displays the detailed service information.

Description

■ Use the display ipx service-table command to view the contents of the IPX server information table.

Example

Display the contents of the IPX server information table.

[SW7700] display ipx service-table

Abbreviation: S - Static, Pref - Preference(Decimal), NetId - Network number,

NodeId - Node address, hop - Hops(Decimal), Recv-If - Interface from which the service is received

Number of Static Entries: 2

Table 13 Display information of the display ipx routing-table statistics command

Field Description

Proto/State Routing protocol

Route Number of routes, including the active and inactive routes

Active Number of the active routes

Added Number of the added routes

Deleted Number of the deleted, yet not released routes

Freed Number of the released routes


Number of Dynamic Entries: 0

Name Type NetId

S Prn1 0005 000d

S Prn2 0005 0008

Display the details about the IPX server information table.

[SW7700] display ipx service-table verbose

Abbreviation: S - Static, Pref - Preference(Decimal), NetId - Network number,

NodeId - Node address, hop - Hops(Decimal), Recv-If - Interface from which the service is received

Number of Static Entries: 2

Number of Dynamic Entries: 0

NameType NetIdNodeIdSock Pref HopsRecv-If

S Prn10005 000d000a-000a-000a0452 500 02 Vlan-interface1

S Prn20005 0008000a-000a-000a0452 500 03 Vlan-interface1

display ipx statistics Syntax

display ipx statistics

View

Any view

Parameter

None

Description

■ Use the display ipx statistics command to view the IPX packet statistics.

Example

Display the IPX statistics.

<SW7700> display ipx statistics

Received: 0 total, 0 packets pitched

0 packets size errors, 0 format errors

0 bad hops(>16), 0 discarded(hops=16)

0 other errors, 0 local destination

0 can not be dealed

Sent: 0 forwarded, 0 generated


0 no route, 0 discarded

RIP: 0 sent, 0 received

0 responses sent, 0 responses received

0 requests received, 0 requests dealt

0 requests sent, 0 periodic updates

SAP: 0 general requests received

0 specific requests received

0 GNS requests received

0 general responses sent

0 specific responses sent

0 GNS responses sent

0 periodic updates, 0 errors

PING: 0 requests sent, 0 requests received

0 responses sent, 0 responses received

0 responses in time, 0 responses time out

ipx enable Syntaxipx enable

undo ipx enable

View

System view

Parameter

None

Description

■ Use the ipx enable command to enable IPX.

■ Use the undo ipx enable command to disable IPX and delete all the IPX configurations.

After the undo ipx enable command is executed, the IPX configurations are not recoverable with the ipx enable command.

Example

Enable IPX.

[SW7700] ipx enable


ipx encapsulation Syntax

ipx encapsulation [ dot2 | dot3 | ethernet-2 | snap ]

undo ipx encapsulation

View

VLAN interface view

Parameter

dot2: Sets the encapsulation format to Ethernet_802.2.

dot3: Sets the encapsulation format to Ethernet_802.3.

ethernet-2: Sets the encapsulation format to Ethernet_II.

snap: Sets the encapsulation format to Ethernet_SNAP.

Description

■ Use the ipx encapsulation command to configure an IPX frame encapsulation format on the current VLAN interface.

■ Use the undo ipx encapsulation command to restore the encapsulation format to the default.

By default, the IPX frame encapsulation format is Ethernet_802.3 (dot3).

Example

Set the IPX frame encapsulation format to Ethernet_II on VLAN interface 1.

[SW7700-Vlan-interface1] ipx encapsulation ethernet-2

ipx netbios-propagation Syntax

ipx netbios-propagation

undo ipx netbios-propagation

View

VLAN interface view

Parameter

None

Description

■ Use the ipx netbios-propagation command to enable the current VLAN interface to forward type 20 broadcast packets.

■ Use the undo ipx netbios-propagation command to disable the current VLAN interface to forward type 20 broadcast packets.

By default, type 20 broadcast packets are not forwarded.


Example

Allow the current interface to forward type 20 broadcast packets.

[SW7700-Vlan-interface1] ipx netbios-propagation

ipx network Syntaxipx network network-number

undo ipx network

View

VLAN interface view

Parameter

network-number: Hexadecimal IPX network number in the range 0x1 to 0xFFFFFFFD. The leading 0s can be omitted when you input a network number.

Description

■ Use the ipx network command to assign an IPX network number to the VLAN interface.

■ Use the undo ipx network command to delete the IPX network number of the VLAN interface.

By default, no network number is assigned to VLAN interfaces; therefore, IPX is disabled on all the VLAN interfaces even after it is enabled globally.

Example

Assign the network number 675 to VLAN interface 1.

[SW7700-Vlan-interface1] ipx network 675

ipx rip import-route static

Syntax

ipx rip import-route static

undo ipx rip import-route static

View

System view

Parameter

None

Description

■ Use the ipx rip import-route static command to enable RIP to import static routes. The imported routes are included in the update packets of RIP.

■ Use the undo ipx rip import-route static command to disable RIP to import static routes.

By default, IPX RIP does not import static routes.


RIP imports only active static routes; inactive static routes are neither imported nor forwarded.

Example

Import the static routes into RIP.

[SW7700] ipx rip import-route static

ipx rip mtu Syntaxipx rip mtu bytes

undo ipx rip mtu

View

VLAN interface view

Parameter

bytes: The maximum size of RIP update packets in bytes. It is in the range 432 to 1500 and defaults to 432.

Description

■ Use the ipx rip mtu command to configure the RIP update packet size.

■ Use the undo ipx rip mtu command to restore the default.

Example

Set the maximum RIP update packet size to 500 bytes on VLAN interface 1.

[SW7700-Vlan-interface1] ipx rip mtu 500

ipx rip multiplier Syntaxipx rip multiplier multiplier

undo ipx rip multiplier

View

System view

Parameter

multiplier: A multiplier of the update interval, decides the aging period of the RIP routing entries together with the update interval. It is in the range 1 to 1000 and defaults to 3. Multiply the update interval by the multiplier to get the actual aging period.

Description

■ Use the ipx rip multiplier command to configure the aging period of the RIP routing entries.

■ Use the undo ipx rip multiplier command to restore the default.

For the related command, see ipx rip timer update.


Example

Set the RIP aging period of the routing entries to five times the update interval.

[SW7700] ipx rip multiplier 5

ipx rip timer update Syntaxipx rip timer update seconds

undo ipx rip timer update

View

System view

Parameter

seconds: RIP update interval in seconds. It is in the range 10 to 60000 and defaults to 60.

Description

■ Use the ipx rip timer update command to configure a RIP update interval.

■ Use the undo ipx rip timer update command to restore the default.

For the related command, see ipx rip multiplier.

Example

Set the RIP update interval to 30 seconds.

[SW7700] ipx rip timer update 30

ipx route-static Syntaxipx route-static network network.node [ preference value ] [ tick ticks hop hops ]

undo ipx route-static { network [ network.node ] | all }

View

System view

Parameter

network: Destination network number of an IPX static route. It comprises eight hexadecimal numbers and is in the range 1 to 0xFFFFFFFE.

network.node: Next hop address of the IPX static route. network defines the network number; node defines the node address using 12 hexadecimal numbers that are separated into three parts using “-”, each part in the range 1 to 0xFFFF.

preference value: Route preference in the range 0 to 255. A smaller value indicates a higher preference. By default, the preference values of the static routes, direct routes, and dynamic RIP IPX routes are 60 (user-configurable), 0, and 100.

ticks ticks: Time that a packet must take to reach the destination network. It is in the range 1 to 65534 and defaults to 1, with 1 tick = 1/18 seconds. When the tick


value of a VLAN interface is modified, the tick value of the static route also changes. You must configure both the tick value and the hop count.

hop hops: Number of the switches on the way to the destination network. It is in the range 1 to 15 and defaults to 1. You must configure both the hop count and tick value.

all: All the IPX static routes.

Description

■ Use the ipx route-static command to configure an IPX static route.

■ Use the undo ipx route-static command to delete the static route.

The IPX static routes with the destination network number of 0xFFFFFFFE are default routes.

Example

Configure an IPX static route, setting the destination network number to 0x5a, next hop to 1000.0-0c91-f61f, tick value to 10 and hop count to 2.

[SW7700] ipx route-static 5a 1000.0-0c91-f61f 10 2

ipx route load-balance-path

Syntax

ipx route load-balance-path paths

undo ipx route load-balance-path

View

System view

Parameter

paths: The maximum number of equivalent routes to the same destination. It is in the range 1 to 64 and defaults to 1.

Description

■ Use the ipx route load-balance-path command to configure the number of equivalent routes to the same destination.

■ Use the undo ipx route load-balance-path command to restore the default.

The number of equivalent routes configured using this command is the maximum number of active equivalent routes to the same destination in the current system. If the new number is less than the number of the current active routes, the system deactivates those excessive.

Example

Set the number of equivalent routes to the same destination to 30.

[SW7700] ipx route load-balance-path 30


ipx route max-reserve-path

Syntax

ipx route max-reserve-path paths

undo ipx route max-reserve-path

View

System view

Parameter

paths: The maximum number of dynamic routes to the same destination. It is in the range 1 to 255 and defaults to 4.

Description

■ Use the ipx route max-reserve-path command to configure the maximum number of dynamic routes to the same destination.

■ Use the undo ipx route max-reserve-path command to restore the default.

When the number of dynamic routes to the same destination exceeds the specified maximum value, the new dynamic routes are dropped directly without being added into the routing table. When the configured new value is less than the old one, the switch, however, does not delete the excessive route entries. These route entries either time out or are manually deleted.

Example

Set the maximum number of dynamic routes to the same destination to 200.

[SW7700] ipx route max-reserve-path 200

ipx sap disable Syntax

ipx sap disable

undo ipx sap disable

View

VLAN interface view

Parameter

None

Description

■ Use the ipx sap disable command to disable SAP on the current VLAN interface.

■ Use the undo ipx sap disable command to enable SAP on the current VLAN interface.

By default, SAP is enabled on the VLAN interface when IPX is enabled.

Example

Disable SAP on VLAN interface 1.


[SW7700-Vlan-interface1] ipx sap disable

ipx sap gns-disable-reply Syntax

ipx sap gns-disable-reply

undo ipx sap gns-disable-reply

View

VLAN interface view

Parameter

None

Description

■ Use the ipx sap gns-disable-reply command to disable IPX GNS reply on the current VLAN interface.

■ Use the undo ipx sap gns-disable-reply command to enable IPX GNS reply on the current VLAN interface.

By default, GNS reply is enabled on the VLAN interface.

Example

Disable GNS reply on VLAN interface 1.

[SW7700-Vlan-interface1] ipx sap gns-disable-reply

ipx sap gns-load-balance Syntax

ipx sap gns-load-balance

undo ipx sap gns-load-balance

View

System view

Parameter

None

Description

■ Use the ipx sap gns-load-balance command to configure the switch to respond to GNS requests through round robin polling.

■ Use the undo ipx sap gns-load-balance command to configure the switch to respond to GNS requests with information of the nearest server.

By default, the switch responds to SAP GNS requests using the known server information in turn. This prevents a server from getting overloaded.

For the related command, see ipx sap gns-disable-reply.

Example

Respond to GNS requests with information of the nearest server.


[SW7700] undo ipx sap gns-load-balance

ipx sap max-reserve-servers

Syntax

ipx sap max-reserve-servers length

undo ipx sap max-reserve-servers

View

System view

Parameter

length: The maximum length of the service information reserve-queue for one service type. It is in the range 1 to 2048 and defaults to 2048.

Description

■ Use the ipx sap max-reserve-servers command to configure the maximum length of the service information reserve-queue for one service type.

■ Use the undo ipx sap max-reserve-servers command to restore the default.

Example

Set the maximum length of the service information reserve-queue for one service type to 1024.

[SW7700] ipx sap max-reserve-servers 1024

ipx sap mtu Syntaxipx sap mtu bytes

undo ipx sap mtu

View

VLAN interface view

Parameter

bytes: The maximum SAP packet size in bytes. It is in the range 480 to 1500 and defaults to 480.

Description

■ Use the ipx sap mtu command to configure the maximum size of SAP update packets.

■ Use the undo ipx sap mtu command to restore the default.

Example

Set the maximum size of SAP update packets to 674 bytes, allowing 10 service entries on VLAN interface 1.

[SW7700-Vlan-interface1] ipx sap mtu 674


ipx sap multiplier Syntaxipx sap multiplier multiplier

undo ipx sap multiplier

View

System view

Parameter

multiplier: A multiplier of the update interval, decides the aging period of the SAP service entries together with the update interval. It is in the range 1 to 1000 and defaults to 3. Multiply the update interval by the multiplier to get the actual aging period.

Description

■ Use the ipx sap multiplier command to configure the aging period of the SAP service entries.

■ Use the undo ipx sap multiplier command to restore the default.

For the related command, see ipx sap timer update.

Example

Set the aging period of the SAP service entries to five times the update interval.

[SW7700] ipx sap multiplier 5

ipx sap timer update Syntaxipx sap timer update seconds

undo ipx sap timer update

View

System view

Parameter

seconds: SAP update interval in the range 10 to 60000 seconds. By default, the value is 60 seconds.

Description

■ Use the ipx sap timer update command to configure a SAP update interval.

■ Use the undo ipx sap timer update command to restore the default.

This command is invalid if the triggered updates feature is applied on VLAN interface.

For the related commands, see ipx sap multiplier and ipx update-change-only.

Example

Set the SAP update interval to 300 seconds.

[SW7700] ipx sap timer update 300


ipx service Syntaxipx service service-type name network.node socket hop hopcount [ preference preference ]

undo ipx service { service-type [ name [ network.node ] ] [ preference preference ] | all }

View

System view

Parameter

service-type: A 4-byte hexadecimal number. 0 indicates all service types.

name: Specifies the server providing the specified service, a string of 1 to 47 characters.

network.node: Network number and node value of the server. A network number comprises eight hexadecimal numbers and is in the range 0x1 to 0xFFFFFFFD. A node address identifies a node in the network; it is 48 bits long and comprises 12 hexadecimal numbers that are separated into three parts by “-”. The leading 0s can be omitted when you input network/node numbers.

socket: Comprises four hexadecimal numbers and is in the range 0x1 to 0xFFFF.

hop-count: Number of hops to the server, written in decimal and in the range 1 to 15. The hop count equal to or exceeding 16 implies that the service is unreachable.

preference: Service preference value in the range 1 to 255, with a smaller number indicating higher preference. By default, the preference value of the static service entries is 60 (modifiable); the preference value of the dynamic service entries is fixed to 500.

all: Deletes all the static service entries.

Description

■ Use the ipx service command to add a static service entry to the server information table.

■ Use the undo ipx service command to delete a static service entry from the server information table.

Example

Add a static service entry, setting service type to 4, server name to FileServer, server network number to 130, node number to 0000-0a0b-abcd, hop count to 1 and server preference to 60.

[SW7700] ipx service 4 FileServer 130.0000-0a0b-abcd 451 hop 1 preference 60

ipx split-horizon Syntaxipx split-horizon

undo ipx split-horizon


View

VLAN interface view

Parameter

None

Description

■ Use the ipx split-horizon command to enable split horizon on the current VLAN interface.

■ Use the undo ipx split-horizon command to disable split horizon on the current VLAN interface.

By default, the split horizon of IPX is enabled.

Example

Enable split horizon on VLAN interface 1.

[SW7700-Vlan-interface1] ipx split-horizon

ipx tick Syntaxipx tick ticks

undo ipx tick

View

VLAN interface view

Parameter

ticks: Delay in ticks; it is in the range 0 to 30000 and defaults to 1.

Description

■ Use the ipx tick command to configure an IPX packet forwarding delay on the VLAN interface.

■ Use the undo ipx tick command to restore the default.

Example

Configure VLAN interface 1 to experience a delay of five ticks before forwarding IPX packets.

[SW7700-Vlan-interface1] ipx tick 5

ipx update-change-only Syntax

ipx update-change-only

undo ipx update-change-only

View

VLAN interface view


Parameter

None

Description

■ Use the ipx update-change-only command to enable update by trigger on the current VLAN interface.

■ Use the undo ipx update-change-only command to restore the default.

By default, update by trigger is disabled.

Example

Enable the update by trigger feature of IPX on VLAN interface 1.

[SW7700-Vlan-interface1] ipx update-change-only

reset ipx statistics Syntaxreset ipx statistics

View

User view

Parameter

None

Description

■ Use the reset ipx statistics command to clear the IPX statistics.

Example

Clear the IPX statistics.

<SW7700> reset ipx statistics

reset ipx routing-table statistics protocol

Syntaxreset ipx routing-table statistics protocol { all | default | direct | rip | static }

View

User view

Parameter

all: Clears the statistics of all the IPX routes.

default: Clears the statistics of the default IPX routes.

direct: Clears the statistics of the direct IPX routes.

rip: Clears the statistics of the IPX RIP routes.

static: Clears the statistics of the static IPX routes.


Description

■ Use the reset ipx routing-table statistics protocol command to clear the statistics on the IPX routes of a specific routing type.

For the related command, see display ipx routing-table statistics.

Example

Clear the statistics of the IPX static routes.

<SW7700> reset ipx routing-table statistics protocol static

5
USING ROUTING PROTOCOL COMMANDS

Routing Table Display Commands

■ display ip routing-table

■ display ip routing-table acl

■ display ip routing-table ip_address

■ display ip routing-table ip_address1 ip_address2

■ display ip routing-table ip-prefix

■ display ip routing-table protocol

■ display ip routing-table radix

■ display ip routing-table statistics

■ display ip routing-table verbose

Static Route Configuration Command

■ delete static-routes all

■ ip route-static

RIP Configuration Commands

■ checkzero

■ default cost

■ display rip

■ filter-policy export

■ filter-policy import

■ host-route

■ import-route

■ network

■ peer

■ preference

■ rip

■ rip authentication-mode

■ rip input

■ rip metricin

134 CHAPTER 5: USING ROUTING PROTOCOL COMMANDS

■ rip metricout

■ rip output

■ rip split-horizon

■ rip version

■ rip work

■ summary

■ timers

OSPF Configuration Commands

■ abr-summary

■ area

■ asbr-summary

■ authentication-mode

■ default cost

■ default interval

■ default limit

■ default tag

■ default type

■ default cost

■ default-route-advertise

■ display debugging ospf

■ display ospf abr-asbr

■ display ospf asbr-summary

■ display ospf brief

■ display ospf cumulative

■ display ospf error

■ display ospf interface

■ display ospf lsdb

■ display ospf nexthop

■ display ospf peer

■ display ospf request-queue

■ display ospf retrans-queue

■ display ospf routing

■ display ospf vlink



■ import-route

■ network

135

■ nssa

■ ospf

■ ospf authentication-mode

■ ospf cost

■ ospf dr-priority

■ ospf mib-binding

■ ospf mtu-enable

■ ospf network-type

■ ospf timer dead

■ ospf timer hello

■ ospf timer poll

■ ospf timer retransmit

■ ospf trans-delay

■ peer

■ preference

■ reset ospf all

■ router id

■ silent-interface

■ snmp-agent trap enable ospf

■ spf-schedule-interval

■ stub

■ vlink-peer

Integrated IS-IS Configuration Commands

■ area-authentication- mode

■ cost-style

■ default-route-advertise

■ display isis interface

■ display isis lsdb

■ display isis mesh-group

■ display isis peer

■ display isis route

■ display isis spf-log

■ domain-authentication-mode



■ ignore-lsp-checksum- error

■ import-route

■ isis


■ isis authentication-mode

■ isis circuit-level

■ isis cost

■ isis dis-priority

■ isis enable

■ isis mesh-group

■ isis timer csnp

■ isis timer dead

■ isis timer hello

■ isis timer lsp

■ isis timer retransmit

■ is-level

■ log-peer-change

■ md5-compatible

■ network-entity

■ preference

■ reset isis all

■ reset isis peer

■ set-overload

■ silent-interface

■ spf-delay-interval

■ spf-slice-size

■ summary

■ timer lsp-max-age

■ timer lsp-refresh

■ timer spf

BGP Configuration Commands

■ aggregate

■ bgp

■ compare-different-as- med

■ confederation id

■ confederation nonstandard

■ confederation peer-as

■ dampening

■ debugging bgp

■ default local-preference

■ default med

■ display bgp group

137

■ display bgp network

■ display bgp paths

■ display bgp peer

■ display bgp routing-table

■ display bgp routing-table as-path-acl

■ display bgp routing-table cidr

■ display bgp routing-table community

■ display bgp routing-table community-list

■ display bgp routing-table dampened

■ display bgp routing-table different-origin-as

■ display bgp routing-table flap-info

■ display bgp routing-table peer

■ display bgp routing-table regular-expression



■ group

■ import-route

■ ip as-path acl

■ ip community-list

■ network

■ peer advertise-community

■ peer allow-as-loop

■ peer as-number

■ peer as-path-acl export

■ peer connect-interface

■ peer default-route-advertise

■ peer description

■ peer ebgp-max-hop

■ peer enable

■ peer filter-policy export

■ peer group

■ peer ip-prefix export

■ peer next-hop-local

■ peer public-as-only

■ peer reflect-client

■ peer route-policy export

■ peer route-update-interval

■ peer timer


■ reflect between-clients

■ reflector cluster-id

■ reset bgp

■ reset bgp flap-info

■ reset bgp group

■ reset dampening

■ summary automatic

■ timer

IP Routing Policy Commands

■ apply as-path

■ apply community

■ apply cost

■ apply cost-type

■ apply ip next-hop

■ apply isis

■ apply local-preference

■ apply origin

■ apply tag

■ display ip ip-prefix

■ display route-policy



■ if-match

■ if-match as-path

■ if-match community

■ if-match cost

■ if-match interface

■ if-match ip next-hop

■ if-match tag

■ ip ip-prefix

■ route-policy

Route Capacity Configuration Commands

■ display memory limit

■ memory auto-establish disable

■ memory auto-establish enable

■ memory

Routing Table Display Commands 139

Routing Table Display Commands

This section describes the commands you can use to display routing table information.

When the Switch 7700 runs a routing protocol, it is able to perform the functions of a router. The term router in this section can refer either to a physical router, or to the Switch 7700 running a routing protocol.

display ip routing-table Syntaxdisplay ip routing-table

View

All views

Parameter

None

Description

■ Use the display ip routing-table command to view a summary of routing table information

Each line in the table represents one route. The displayed information includes destination address/mask length, protocol, preference, cost, next hop and output interface.

Only the currently used route, that is the best route, is displayed.

Example

To view a summary of routing table information, enter the following:

<SW7700>display ip routing-table


Routing Table: public netDestination/Mask Proto Pre Cost Nexthop Interface1.1.1.0/24 DIRECT0 0 1.1.1.1 Vlan-interface11.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack02.2.2.0/24 DIRECT 0 0 2.2.2.1 Vlan-interface22.2.2.1/32 DIRECT 0 0 127.0.0.1 InLoopBack03.3.3.0/24 DIRECT 0 0 3.3.3.1 Vlan-interface33.3.3.1/32 DIRECT 0 0 127.0.0.1 InLoopBack04.4.4.0/24 DIRECT 0 0 4.4.4.1 Vlan-interface44.4.4.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0

display ip routing-table acl

Syntaxdisplay ip routing-table acl { acl_number | acl_name } [ verbose ]

View

All views.


Parameter

acl_number Enter the number of the basic ACL, in the range 2000 to 2999.

acl_name Enter the name of the ACL. This can be up to 32 characters in length.

verbose Enter to display verbose information about both the active and inactive routes that passed filtering rules. If you do not enter this parameter, the command only displays a summary of the active routes that passed filtering rules.

Description

■ Use the display ip routing-table acl command to view the route filtered through the specified ACL.

This command is used to display the routes that passed the filtering rules in the specified ACL.

The command only displays routes that passed basic ACL filtering rules.

Example

To display a summary of the active routes filtered through IP ACL 2000, enter the following:

<SW7700>display ip routing-table acl 2000


Routes matched by access-list 2000:Summary count: 4Destination/Mask Proto Pre Cost Nexthop Interface127.0.0.0/8 Direct 0 0 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoopBack0169.0.0.0/8 Static 60 0 2.1.1.1 LoopBack1169.0.0.0/15 Static 60 0 2.1.1.1 LoopBack1

To display the verbose information of the active and inactive routes that are filtered through IP ACL 2000.

<SW7700>display ip routing-table acl 2000 verbose


Routes matched by access-list 2000:Generate Default: no+ = Active Route, - = Last Active, # = Both* = Next hop in useSummary count:5**Destination: 127.0.0.0 Mask: 255.0.0.0

Protocol: #Direct Preference: 0*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)Vlinkindex: 0State: <NoAdvise Int ActiveU Retain Multicast Unicast>Age: 3:47Metric: 0/0Tag: 0

**Destination: 127.0.0.1 Mask: 255. 255. 255. 255Protocol: #Direct Preference: 0*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)

Vlinkindex: 0


State: <NotInstall NoAdvise Int ActiveU Retain Gateway Multicast Unicast>

Age: 3:47Metric: 0/0**Destination: 179.0.0.0 Mask: 255.0.0.0

Protocol: #Static Preference: -60*NextHop: 4.1.1.1Vlinkindex: 0State: <Int Hidden Static Unicast>Age: 3:47Metric: 0/0

**Destination: 169.0.0.0 Mask: 255.0.0.0Protocol: #Static Preference: 60*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47Metric: 0/0

**Destination: 169.0.0.0 Mask: 255.254.0.0Protocol: #Static Preference: 60*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47Metric: 0/0

display ip routing-table ip_address

Syntaxdisplay ip routing-table ip_address [ ip_mask ] [ longer-match ] [ verbose ]

View

All views

Parameter

ip_address Enter the destination IP address.

ip_mask Enter either the IP subnet mask (in x.x.x.x format), or the subnet mask length (in the range 0 to 32). Optional.

longer-match Enter to display an address route that matches the destination IP address in natural mask range . Optional.

verbose Enter to display verbose information about both active and inactive routes. Without this parameter, this command only displays a summary of active routes. Optional.

Description

■ Use the display ip routing-table ip_address command to view routing information on a specific IP address, and you can also choose the type of information to display. If the destination address, ip_address, has a corresponding route in natural mask range, this command will display all subnet routes or only the route best matching the destination address, ip_address, is displayed. And only the active matching route is displayed.

■ Use the display ip routing-table ip_address ip_mask command to display the route that matches the specified IP destination address and subnet mask.


■ Use the display ip routing-table ip_address longer-match command to display all destination address routes that match destination IP addresses in natural mask range.

■ Use the display ip routing-table ip_address verbose command to display verbose information about both active and inactive routes.

Example

There is corresponding route in natural mask range. Display the summary.

<SW7700>display ip routing-table 169.0.0.0Routing Tables:Summary count:1Destination/Mask Proto Pre Cost Nexthop Interface169.0.0.0/16 Static 60 0 2.1.1.1 LoopBack1

There are corresponding routes in the natural mask range. Display the detailed information.

<SW7700>display ip routing-table 169.0.0.0 verboseRouting Tables:Generate Default: no+ = Active Route, - = Last Active, # = Both* = Next hop in useSummary count:2**Destination: 169.0.0.0 Mask: 255.0.0.0

Protocol: #Static Preference: 60*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47 Metric: 0/0

**Destination: 169.0.0.0 Mask: 255.254.0.0Protocol: #Static Preference: 60*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47 Metric: 0/0

display ip routing-table ip_address1 ip_address2

Syntaxdisplay ip routing-table ip_address1 ip_mask1 ip_address2 ip_mask2 [ verbose ]

View

All views

Parameter

ip_address1 ip_mask1 Enter the destination IP address and subnet mask that you want to start the address range. This command displays the route for your chosen address range. The subnet mask can be entered as either a dotted decimal notation (x.x.x.x), or an integer in the range 0 to 32.

ip_address2 ip_mask2 Enter the IP address and subnet mask that you want to end the address range. The subnet mask can be entered as either a dotted decimal notation (x.x.x.x), or an integer in the range 0 to 32.


verbose: Enter to display the verbose information of both the active and inactive routes. Without this parameter, the command only displays a summary of active routes. Optional.

Description

Use the display ip routing-table ip_address1 ip_address2 command to view the route information for the specified address range.

Example

To display the routing information of destination addresses ranging from 1.1.1.0 to 2.2.2.0., with a subnet mask of 24, enter the following:

<SW7700>display ip routing-table 1.1.1.0 24 2.2.2.0 24


Routing tables: Summary count: 3Destination/Mask Proto Pre Cost Nexthop Interface1.1.1.0/24 DIRECT 00 1.1.1.1 Vlan-interface11.1.1.1/32 DIRECT 00 127.0.0.1 InLoopBack02.2.2.0/24 DIRECT 00 2.2.2.1 Vlan-interface2

display ip routing-table ip-prefix

Syntaxdisplay ip routing-table ip-prefix ip_prefix_name [ verbose ]

View

All views

Parameter

ip_prefix_name Enter the ip prefix list name.

verbose Enter to display verbose information about both the active and inactive routes that passed filtering rules. Without this parameter, this command displays the summary of active routes that passed filtering rules.

Description

■ Use the command display ip routing-table ip-prefix ip_prefix_name to view information on the routes that passed filtering rules for the specified IP prefix name.

■ Use the command display ip routing-table ip-prefix ip_prefix_name verbose to display both the active and inactive routes that passed filtering rules. Without the verbose parameter, this command displays the summary of the active routes that passed filtering rules.

Example

To display the summary information for ip prefix list abc2, active route only, enter the following:

<SW7700>display ip routing-table ip-prefix abc2



Routes matched by ip-prefix abc2:Summary count: 4

Destination/Mask Proto Pre Cost Nexthop Interface127.0.0.0/8 Direct 0 0 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 127.0.0.1 InLoopBack0169.0.0.0/8 Static 60 0 2.1.1.1 LoopBack1169.0.0.0/15 Static 60 0 2.1.1.1 LoopBack1

To display the information on the active and inactive routes for prefix list abc2, enter the following:

<SW7700>display ip routing-table ip-prefix abc2 verbose


Routes matched by ip-prefix abc2:Generate Default: no+ = Active Route, - = Last Active, # = Both* = Next hop in use

Summary count:4**Destination: 127.0.0.0 Mask: 255.0.0.0

Protocol: #Direct Preference: 0*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)Vlinkindex: 0State: <NoAdvise Int ActiveU Retain Multicast Unicast>Age: 3:47 Metric: 0/0

**Destination: 127.0.0.1 Mask: 255. 255. 255. 255Protocol: #Direct Preference: 0*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)Vlinkindex: 0

State: <NotInstall NoAdvise Int ActiveU Retain Gateway Multicast Unicast>

Age: 3:47Metric: 0/0**Destination: 179.0.0.0 Mask: 255.0.0.0

Protocol: #Static Preference:-60*NextHop: 4.1.1.1Vlinkindex: 0State: <Int Hidden Static Unicast>Age: 3:47 Metric: 0/0

**Destination: 169.0.0.0 Mask: 255.0.0.0Protocol: #Static Preference: 60*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47 Metric: 0/0**Destination: 169.0.0.0 Mask: 255.254.0.0Protocol: #Static Preference: 60*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47 Metric: 0/0

display ip routing-table protocol

Syntaxdisplay ip routing-table protocol protocol [ inactive | verbose ]

View

All views


Parameter

protocol Enter one of the following:

■ direct: Displays the direct connection route information

■ static: Displays the static route information.

■ ospf: Displays OSPF route information.

■ ospf-ase: Displays OSPF ASE route information.

■ ospf-nssa: Displays OSPF NSSA route information.

■ rip: Displays RIP route information.

inactive: Enter to display inactive route information. Without this parameter, the command displays both active and inactive route information. Optional.

verbose: Enter to display verbose route information. Without this parameter, the command displays the route summary. Optional.

Description

Use the display ip routing-table protocol command to view the route information for a specified protocol.

Example

To display a summary of all direct connection routes, enter the following:

<SW7700>display ip routing-table protocol direct


DIRECT Routing tables:Summary count: 4DIRECT Routing tables status:<active>:Summary count: 3Destination/Mask Proto Pre Cost Nexthop Interface:20.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0DIRECT Routing tables status:<inactive>:Summary count: 1Destination/Mask Proto Pre Cost Nexthop Interface210.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0

To display a summary of all static route information, enter the following:

<SW7700>display ip routing-table protocol static


STATIC Routing tables: Summary count: 1STATIC Routing tables status:<active>: Summary count: 0STATIC Routing tables status:<inactive>: Summary count: 1Destination/Mask Proto Pre Cost Nexthop Interface1.2.3.0/24 STATIC 60 0 1.2.4.5 Vlan-interface2


The displayed information helps you to confirm whether the configuration of the static routing is correct.

display ip routing-table radix

Syntaxdisplay ip routing-table radix

View

All views

Parameter

None

Description

Use the display ip routing-table radix command to view the route information in a tree structure.

Example

To display the route information, enter the following:

<SW7700>display ip routing-table radix


Radix tree for INET (2) inodes 7 routes 5:+-32+--{210.0.0.1

+--0+ | | +--8+--{127.0.0.0 | | | +-32+--{127.0.0.1 | +--1+ | +--8+--{20.0.0.0 | +-32+--{20.1.1.1

display ip routing-table statistics

Syntaxdisplay ip routing-table statistics

View

All views

Parameter

None

Description

■ Use the display ip routing-table statistics command to display the routing information for all protocols.

The information includes the number of routes per protocol, the number of active routes per protocol, the number of routes added and deleted per protocol, and the number of routes that are labeled deleted but that are not deleted per protocol. The total number of routes in each of these categories is also displayed.

Example

To display the integrated route information., enter the following:


<SW7700>display ip routing-table statistics

Routing tables:Proto route active added deletedDIRECT 24 4 25 1STATIC 4 1 4 0BGP 0 0 0 0RIP 0 0 0 0IS-IS 0 0 0 0OSPF 0 0 0 0O_ASE 0 0 0 0O_NSSA 0 0 0 0AGGRE 0 0 0 0Total 28 5 29 1

display ip routing-table verbose

Syntaxdisplay ip routing-table verbose

View

All views

Parameter

None

Description

Use the display ip routing-table verbose command to display the verbose routing table information.

The information displayed includes the route state, the verbose description of each route and the statistics of the entire routing table.

All current routes, including inactive routes and invalid routes, are displayed.

Example

To display the verbose routing table information, enter the following:

<SW7700>display ip routing-table verbose


Routing Tables: Generate Default: no + = Active Route, - = Last Active, # = Both * = Next hop in use

Table 14 Information Generated by the Display IP Routing-Table Statistics Command

Field Description

Proto Routing protocol

route Number of routes

active Number of active routes

added Number of added routes after the router is rebooted or the routing table is cleared last time.

deleted Number of deleted routes (such routes will be freed in a period of time)


Destinations: 3 Routes: 3 Holddown: 0 Delete: 62 Hidden: 0**Destination: 1.1.1.0 Mask: 255.255.255.0 Protocol: #DIRECT Preference: 0 *NextHop: 1.1.1.1 Interface: 1.1.1.1(Vlan-interface1) State: <Int ActiveU Retain Unicast> Age: 20:17:41 Metric: 0/0**Destination: 1.1.1.1 Mask: 255.255.255.255 Protocol: #DIRECT Preference: 0 *NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0) State: <NoAdvise Int ActiveU Retain Gateway Unicast> Age: 20:17:42 Metric: 0/0**Destination: 2.2.2.0 Mask: 255.255.255.0 Protocol: #DIRECT Preference: 0 *NextHop: 2.2.2.1 Interface: 2.2.2.1(Vlan-interface2) State: <Int ActiveU Retain Unicast> Age: 20:08:05 Metric: 0/0

The parameters are defined in Table 15

Static Route Configuration Command

This section describes the command you can use to configure a static route.

delete static-routes all Syntax

delete static-routes all

View

System view

Parameter

None

Description

Use the delete static-routes all command to delete all the static routes.

Table 15 Routing Table Information

Descriptor Meaning

Holddown The number of holddown routes.

This refers to a route advertising policy that some distance vector routing protocols (such as RIP) use to avoid expansion of error routes and to improve the transmission speed and accuracy of unreachable routes. It usually advertises a static route at an interval, regardless of the changes to dynamic routes to the same destination. For details, see the specific routing protocol.

Delete The number of deleted routes.

Hidden The number of hidden routes, that is routes not available at present but still required. They can be hidden for future use.

Static Route Configuration Command 149

The system requests your confirmation before it deletes all the configured static routes.

Related commands: ip route-static and display ip routing-table.

Example

Delete all the static routes in the router.

[SW7700] delete static-routes allThis will erase all unicast static routes and their configurations, you must reconfigure all static routesAre you sure to delete all the static routes?[Y/N]

ip route-static Syntaxip route-static ip_address { mask | mask-length } { interface_name | gateway_address } [ preference preference_value ] [ reject | blackhole ]

undo ip route-static ip-address { mask | mask_length } [ interface_name | gateway_address ] [ preference preference_value ]

View

System view

Parameter

ip-address: Destination IP address in dotted decimal notation.

mask: Mask.

mask-length: The number of consecutive 1s in the mask. Because 1s in the 32-bit mask must be consecutive, the mask in dotted decimal format can be replaced by mask-length.

interface_name . Specify the transmission interface name of the route.Packets that are sent to a NULL interface, are discarded immediately which decreases the system load.

gateway_address . Specify the next hop IP address of the route.

preference_value . The preference level of the route in the range 1 to 255. The default is 60.

reject: Indicates an unreachable route.

blackhole: Indicates a blackhole route.

Description

■ Use the ip route-static command to configure a static route.

■ Use the undo ip route-static command to delete the configured static route.

By default, the system can access the subnet route directly connected to the router. If you do not use the parameters preference, reject or blackhole, the


route will be reachable by default with a preference level of 60. If it is not specified as reject or blackhole, the route will be reachable by default.

A static route is a special route. You can set up an interconnecting network with the static route configuration. The problem for such configuration is when a fault occurs to the network, the static route cannot change automatically to steer away from the node causing the fault without the help of an administrator.

In a relatively simple network, you only need to configure the static routes to make the router work normally. The proper configuration and usage of the static route can improve the network performance and ensure the bandwidth of the important applications.

All the following routes are static routes:

■ Reachable route — A normal route is of this type. That is, the IP packet is sent to the next hop via the route marked by the destination. It is a common type of static routes.

■ Unreachable route — When a static route to a destination has the “reject” attribute, all the IP packets to this destination will be discarded, and the originating host will be informed destination unreachable.

■ Blackhole route — When a static route to a destination is of the “blackhole” attribute, all the IP packets to this destination will be discarded, and the originating host will not be informed.

The attributes reject and blackhole are usually used to control the range of reachable destinations of this router and to help troubleshoot the network.

Use the following precautions when configuring a static route:

■ When the destination IP address and subnet mask are both set to 0.0.0.0, this is the configured default route. A packet is forwarded along the default route if a routing table is not detected.

■ As an alternative way to configure preference level, a flexible routing protocol can be adopted.

Related command: display ip routing-table.

Example

To configure the next hop of the default route as 129.102.0.2, enter the following:

[SW7700]ip route-static 0.0.0.0 0.0.0.0 129.102.0.2

RIP Configuration Commands

This section describes the commands you can use to configure the Routing Information Protocol (RIP).

When the Switch 7700 runs a routing protocol, it is able to perform the functions of a router. The term router in this section can refer either to a physical router or to the Switch 7700 running a routing protocol.

RIP Configuration Commands 151

checkzero Syntaxcheckzero

undo checkzero

View

RIP view

Parameter

None

Description

■ Use the checkzero command to check the zero field of RIP-1 packets. By default, RIP-1 performs zero field checking.

■ Use the undo checkzero command to disable the checking of the zero fields.

According to the RFC1058 protocol specifications, some fields in RIP-1 packets must be set to zero. These are called zero fields. During the zero check operation, if a RIP-1 packet is received in which the zero fields are not zeros, it will be rejected. Use the checkzero command to enable or disable the zero check operation on RIP-1.

This command does not work with RIP-2 packets, since RIP-2 packets have no zero fields.

Example

To configure the Switch not to perform zero checking for RIP-1 packet, enter the following:

[SW7700-rip]undo checkzero

default cost Syntaxdefault cost value

undo default cost

View

RIP view

Parameter

value Enter the default routing cost, in the range 1 to 16. The default is 1.

Description

■ Use the default cost command to set the default routing cost of an imported route.

■ Use the undo default cost command to restore the default value.

If you do not specify a routing cost when using the import-route command, the default cost you specify here is used.

Related command: import-route.


Example

To set the default routing cost of the imported route of another routing protocol to 3, enter the following:

[SW7700-rip]default cost 3

display rip Syntaxdisplay rip

View

All views

Parameter

None

Description

■ Use the display rip command to view the current RIP running state and its configuration information.

Example

To display the current running state and configuration information of the RIP, enter the following:

<SW7700>display ripRIP is running public net VPN-Instance Checkzero is on Default cost : 1 Summary is on Preference : 100 Period update timer : 30 Timeout timer : 180 Garbage-collection timer : 120 No peer router Network : 202.38.168.0

The information shown above indicates that RIP is running, the default-metric is 1, no unicast address is specified, the interface of the network segment 202.38.168.0 is enabled and the RIP preference is 100.

filter-policy export Syntaxfilter-policy { acl_number | ip-prefix ip_prefix_name } export [ routing_protocol ]

undo filter-policy { acl_number | ip-prefix ip_prefix-name } export [ routing_protocol ]

View

RIP view

Parameter

acl_number: Enter the number of the ACL that you want to use to filter the destination addresses of the routing information.


ip_prefix_name: Enter the name of the address prefix list that you want to use to filter the destination addresses of the routing information.

routing_protocol: Enter the routing protocol whose routing information is to be filtered. This can be one of the following:

■ direct - Specifies direct routes

■ bgp - Specifies Border Gateway Protocol (BGP).

■ ospf- Specifies Open Shortest Path First (OSPF).

■ ospf-ase - Specifies OSPF external routes.

■ ospf-nssa - Specifies OSPF NSSA external routes.

■ static - Specifies static routes.

Description

■ Use the filter-policy export command to configure RIP to filter the advertised routing information.

■ Use the undo filter-policy export command to configure RIP not to filter the advertised routing information. This is the default.

Related commands: acl, filter-policy import, ip ip-prefix.

Example

To filter the advertised route information using acl 2003, enter the following:

[SW7700-rip]filter-policy 2003 export

filter-policy import Syntaxfilter-policy gateway ip_prefix_name import

undo filter-policy gateway ip_prefix_name import

filter-policy { acl_number | ip-prefix ip_prefix_name gateway ip-prefix-name ] } import

undo filter-policy { acl_number | ip-prefix ip_prefix_name [ gateway ip-prefix-name ]} import

View

RIP view

Parameter

gateway ip_prefix_name Enter the name of the address prefix list. This is used to filter the addresses of this neighboring routers advertising the routing information.

acl_number Enter an ACL number. This is used to filter the destination addresses of the routing information.

ip_prefix_name Enter the name of the address prefix list. This is used to filter the destination addresses of the routing information.


Description

■ Use the filter-policy gateway import command to configure the switch to filter the routing information received from a specified address.

■ Use the undo filter-policy gateway import command to configure the switch not to filter the routing information received from the specified address.

■ Use the filter-policy import command to configure the switch to filter global routing information.

■ Use the undo filter-policy import command to disable filtering of received global routing information.

By default, RIP does not filter the received routing information.

Related commands: acl, filter-policy export, ip ip-prefix.

Example

To configure the filtering of the global routing information using ACL 2003, enter the following:

[SW7700-rip]filter-policy 2003 import

host-route Syntaxhost-route

undo host-route

View

RIP view

Parameter

None

Description

■ Use the host-route command to configure RIP to accept host routes. This is the default.

■ Use the undo host-route command to configure RIP to reject host routes.

Example

To configure RIP to reject a host route, enter the following:

[SW7700-rip]undo host-route

import-route Syntaximport-route protocol [ cost value | route-policy route-policy-name ]*

undo import-route protocol

View

RIP view


Parameterprotocol Enter the routing protocol to be imported. This can be one of the following: direct, bgp, isis, ospf, ospf-ase, ospf-nssa or static.

value Enter the cost value of the route to be imported.

route-policy route_policy_name Enter a route-policy name. Only routes that match the conditions of the specified policy are imported.

Description

■ Use the import-route command to import the routes of other protocols into RIP.

■ Use the undo import-route command to cancel the import of routes from other protocols. By default, RIP does not import any other route.

The import-route command is used to import the route of another protocol. If you do not specify a cost value , routes are imported according to the current value of the default cost command, which must be in the range 1 to 16. If the default cost is larger than or equal to 16, RIP regards this an unreachable and the transmission is stopped within 120 seconds.

If you specify a cost value RIP regards the imported route as its own route and transmits it with the specified cost value.

This command can greatly enhance the capability of RIP to obtain routes, and therefore increases the performance of RIP.

Related commands: default cost.

Example

To import a static route with a cost of 4, enter the following:

[SW7700-rip]import-route static cost 4

To set the default cost, and then import an OSPF route with this default cost, enter the following two commands:

[SW7700-rip]default cost 3[SW7700-rip]import-route ospf

network Syntaxnetwork network_address

undo network network_address

View

RIP view

Parameter

network_address: Enter the IP network address of an interface.


Description

■ Use the network command to enable Routing Information Protocol (RIP) on the interface of a specified network segment connected to the router.

■ Use the undo network command to disable RIP on the interface. By default, RIP is disabled on an interface.

After you have enabled RIP, you must also enable RIP for a specified interface using this command. RIP only operates on the interface of specified network segments.

The undo network command is similar to the undo rip work command, in that an interface using either command will not receive/transmit RIP routes. However, if you use undo rip work, other interfaces will still forward the routes of the interfaces set to undo rip work. If you use undo network, other interfaces will not forward the routes of interfaces set to undo network.

When the network command is used on an IP address, the interface on this network segment is enabled. For example, if you view the network 129.102.1.1 with both the display current-configuration command and the display rip, the IP address is shown as 129.102.0.0.

Related commands: rip work.

Example

To enable RIP on the interface with the network address 129.102.0.0., enter the following:

[SW7700-rip]network 129.102.0.0

peer Syntaxpeer ip_address

undo peer ip_address

View

RIP view

Parameter

ip_address Enter the IP address of the peer router.

Description

■ Use the peer command to configure the destination address of the peer device.

■ Use the undo peer command to cancel the set destination address. By default, there is no destination address.

3Com recommends that you do not use this command. RIP can use unicast to exchange information with non-broadcasting networks. If required, you can use this command to specify the destination address of the peer device.

Example

To specify the sending destination address as 202.38.165.1, enter the following:

[SW7700-rip]peer 202.38.165.1


preference Syntaxpreference value

undo preference

View

RIP view

Parameter

value Enter the preference level, in the range 1 to 255. By default, the value is 100.

Description

■ Use the preference command to configure the route preference of RIP.

■ Use the undo preference command to restore the default preference.

The default value of each routing protocol is determined by the specific routing policy. This “preference” determines the optimal route in the IP routing table. You can use this command to modify the RIP preference.

Example

To specify an RIP preference of 20, enter the following:

[SW7700-rip]preference 20

reset Syntaxreset

View

RIP view

Parameter

None

Description

Use the reset command to reset the system configuration parameters of RIP.

When you need to re-configure parameters of RIP, this command can be used to restore to the default setting.

Example

Reset the RIP system.

[SW7700-rip]reset

rip Syntaxrip

undo rip


View

System view

Parameter

None

Description

■ Use the rip command to enable RIP and enter the RIP command view. From here, you can configure RIP using the other commands described in this section.

■ Use the undo rip command to disable RIP. By default, RIP is disabled.

Enabling RIP does not affect interface configurations.

Example

To enable RIP, and enter RIP view, enter the following:

[SW7700]rip[SW7700-rip]

rip authentication-mode Syntaxrip authentication-mode { simple password | md5 { usual key-string | nonstandard key-string key-id } }

undo rip authentication-mode

View

Interface View

Parameter

simple: Enter to specify simple text authentication mode.

password: Enter the simple text authentication key.

md5: Enter to specify MD5 cipher text authentication mode.

key-string: Enter the MD5 cipher text authentication key. If it is entered in plain text, the MD5 key is a character string not exceeding 16 characters. This key is displayed in a cipher text form in a length of 24 characters when display current-configuration command is executed. Inputting the MD5 key in cipher text form with 24 characters long is also supported.

id: Enter an MD5 cipher text authentication identifier, ranging from 1 to 255.

nonstandard: Enter to set the MD5 cipher text authentication packet to use a nonstandard packet format (as described in RFC2082).

usual: Enter to set the MD5 cipher text authentication packet to use the general packet format (as described in RFC1723).


Description

Use the rip authentication-mode command to configure the RIP-2 authentication mode and its parameters for the Switch 7700.

■ Use the rip authentication-mode simple command to configure the RIP-2 simple text authentication key.

■ Use the rip authentication-mode md5 key-string to configure the MD5 cipher text authentication key for RIP-2.

■ Use the rip authentication-mode md5 key-id command to configure the MD5 cipher text authentication ID for RIP-2.

■ Use the rip authentication-mode md5 type command to configure the format type of the MD5 cipher text authentication packet for RIP-2.

■ Use the undo rip authentication-mode command to cancel RIP-2 authentication.

There are two RIP-2 authentication modes: simple authentication and MD5 cipher text authentication. When you use MD5 cipher text authentication mode, two types of packet formats are available. The standard format (set using the usual parameter), is described in RFC 1723. The non-standard format (set using the nonstandard parameter), is described in RFC 2082.

RIP-1 does not support authentication.

Related command: rip version.

Example

To specify the interface “Vlan-interface 1” to use simple authentication with the key set to “aaa”, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]rip version 2[SW7700-Vlan-interface1]rip authentication-mode simple aaa

To specify the interface Vlan-interface 1 to use MD5 cipher text authentication with the key set to “aaa” and the packet type as nonstandard, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]rip version 2[SW7700-Vlan-interface1]rip authentication-mode md5 key-string aaa[SW7700-Vlan-interface1]rip authentication-mode md5 type nonstandard

To set MD5 authentication on Vlan-interface 1 with the key string set to “aaa” and the packet type set to usual, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]rip version 2[SW7700-Vlan-interface1]rip authentication-mode md5 key-string aaa[SW7700-Vlan-interface1]rip authentication-mode md5 type usual

rip input Syntaxrip input

undo rip input


View

Interface View

Parameter

None

Description

■ Use the rip input command to allow an interface to receive RIP packets. By default, all interfaces except loopback interfaces are able to receive RIP packets.

■ Use the undo rip input command to block an interface from receiving RIP packets.

This command is used in conjunction with two other two commands: rip output and rip work. The rip input and rip output commands control, respectively, the receipt and the transmission of RIP packets on an interface. The rip work command allows both receipt and transmission of RIP packets.

Related commands: rip output, rip work.

Example

To set the interface Vlan-interface 1 not to receive RIP packets, enter the following:

[SW7700-Vlan-interface1]undo rip input

rip metricin Syntaxrip metricin value

undo rip metricin

View

Interface View

Parameter

value: Enter an additional route metric to be added when receiving a packet, ranging from 0 to 16. By default, the value is 0.

Description

Use the rip metricin command to configure an additional route metric to be added to the route when an interface receives RIP packets.

Use the undo rip metricin command to restore the default value of this additional route metric.

Related command: rip metricout.

Example

To set the additional route metric to 2 when the interface Vlan-interface 1 receives RIP packets, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]rip metricin 2


rip metricout Syntaxrip metricout value

undo rip metricout

View

Interface View

Parameter

value: Enter an additional route metric added when transmitting a packet, ranging from 1 to 16. By default, the value is 1.

Description

■ Use the rip metricout command to configure an additional route metric to be added to a route when an interface transmits RIP packets.

■ Use the undo rip metricout command to restore the default value of the additional route metric.

Related command: rip metricin.

Example

To set the additional route metric to 2 when the interface Vlan-interface 1 transmits RIP packets, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]rip metricout 2

rip output Syntaxrip output

undo rip output

View

Interface View

Parameter

None

Description

■ Use the rip output command to allow an interface to transmit RIP packets.

■ Use the undo rip output command to disable an interface to transmit RIP packets.

By default, all interfaces except loopback interfaces are able to transmit RIP packets.

This command is used in conjunction with two other commands: rip input and rip work. rip input and rip output control, respectively, the receipt and the transmission of RIP packets on an interface. rip work allows both receipt and transmission of RIP packets.


Related commands; rip input, rip work.

Example

To prevent the interface Vlan-interface 1 from transmitting RIP packets, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]undo rip output

rip split-horizon Syntaxrip split-horizonundo rip split-horizon

View

Interface View

Parameter

None

Description

■ Use the rip split-horizon command to configure an interface to use split horizon when transmitting RIP packets. This is the default.

■ Use the undo rip split-horizon command to configure an interface not to use split horizon when transmitting RIP packets.

Normally, split horizon is necessary for reducing router loops. You may need to disable split horizon to ensure proper operation of protocols.

Example

To set the interface Vlan-interface 1 not to use split horizon when processing RIP packets, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]undo rip split-horizon

rip version Syntaxrip version 1rip version 2 [ broadcast | multicast ]undo rip version

View

Interface View

Parameter

1 Enter to set the interface version to RIP-1.

2 Enter to set the interface version to RIP-2.

broadcast Enter to set the transmission mode of an RIP-2 packet to broadcast.

multicast Enter to set the transmission mode of an RIP-2 packet to multicast.


Description

■ Use the rip version command to configure the version number of RIP packets on an interface.

■ Use the undo rip version command to restore the default RIP packet version on the interface. The interface RIP version is RIP-1.

By default, RIP-1 transmits packets in broadcast mode, while RIP-2 transmits packets in multicast mode.

When running RIP-1, the interface receives and transmits RIP-1 packets, and can also receive RIP-2 broadcast packets.

When running RIP-2 in broadcast mode, the interface receives and transmits RIP-2 broadcast packets, and can also receive both RIP-1 packets and RIP-2 multicast packets.

When running RIP-2 in multicast mode, the interface receives and transmits RIP-2 multicast packets, and can also receive RIP-2 broadcast packets. The interface can not receive RIP-1 packets.

Example

To configure the interface Vlan-interface 1 to RIP-2 broadcast mode, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]rip version 2 broadcast

rip work Syntaxrip work

undo rip work

View

Interface View

Parameter

None

Description

■ Use the rip work command to enable the RIP on an interface. This is the default.

■ Use the undo rip work command to disable RIP on an interface.

This command is used in conjunction with the rip input, rip output and network commands. Refer to the descriptions of these commands for details.

Related commands: network, rip input, rip output.

Example

To disable the running of RIP on interface Vlan-interface 1, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]undo rip work


summary Syntaxsummary

undo summary

View

RIP view

Parameter

None

Description

■ Use the summary command to activate RIP-2 automatic route summarization. This is the default.

■ Use the undo summary command to disable RIP-2 automatic route summarization.

Route aggregation can be performed to reduce the routing traffic on the network as well as to reduce the size of the routing table. RIP-1 does not support subnet masks. Forwarding subnet routes may cause ambiguity. Networks that use RIP-1 should always use the natural mask. Therefore, RIP-1 uses route summarization all the time. If RIP-2 is used, route summarization function can be disabled with the undo summary command, when it is necessary to broadcast the subnet route.

Related command: rip

Example

To set the RIP version on the interface Vlan-interface 1 to RIP-2, and then disable the route aggregation, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]rip version 2[SW7700-Vlan-interface1]quit[SW7700]rip[SW7700-rip]undo summary

timers Syntaxtimers { update update-timer-length | timeout timeout-timer-length } *

undo timers { update | timeout } *

View

RIP view

Parameter

update-timer-length: Value of the period update timer, ranging from 1 to 3600 seconds. The default value is 30 seconds.

timeout-timer-length: Value of the timeout timer, ranging from 1 to 3600 seconds. The default value is 180 seconds.

OSPF Configuration Commands 165

Description

■ Use the timers command to modify the values of the three RIP timers: period update, timeout, and garbage-collection.

■ Use the undo timers command to restore the default settings.

By default, the values of period update, timeout, and garbage-collection timers are 30 seconds, 180 seconds, and 120 seconds, respectively.

Generally, the value of garbage-collection timer is fixed to 4 times the value of period update timer. However, before RIP completely deletes an unreachable route from the routing table, it advertises the route by sending four period update packets, to acknowledge to all the neighbors that the route is unreachable. Therefore, the actual value of garbage-collection timer is 3 to 4 times of that of period update timer. Adjusting period update timer will affect garbage-collection timer.

The modification of RIP timers takes effect immediately.

Related Command: display rip

Example

Set the values of Period Update timer and Timeout timer of RIP to 10 seconds and 30 seconds respectively.

[SW7700] rip[SW7700] timers update 10 timeout 30

OSPF Configuration Commands

This section describes the commands you can use to configure the Open Shortest Path First (OSPF) routing protocol.


abr-summary Syntaxabr-summary ip_address ip_mask [ advertise | not-advertise ]

undo abr-summary ip_address ip_mask

View

OSPF Area view

Parameter

ip_address Enter a network segment IP address.

ip_mask Enter the subnet mask.

Description

■ Use the abr-summary command to configure the route aggregation on the area border router.


■ Use the undo abr-summary command to disable the route aggregation on the area border router. This is the default.

This command is applicable only to the area border router (ABR) and is used for the route aggregation in an area. The ABR only transmits an aggregated route to other areas. Route aggregation refers to the routing information that is processed in the ABR. For each network segment configured with route aggregation, there is only one route transmitted to other areas.

Example

To enter area 1, and then aggregate the network segments, 66.48.10.0 and 66.48.120.0 into the summary route 66.48.0.0, enter the following:

[SW7700-ospf-1]area 1[SW7700-ospf-1-area-0.0.0.1]network 66.48.10.0 0.0.0.255[SW7700-ospf-1-area-0.0.0.1]network 66.48.120.0 0.0.0.255[SW7700-ospf-1-area-0.0.0.1]abr-summary 66.48.0.0 255.255.0.0

area Syntaxarea area_id

undo area area_id

View

OSPF view

Parameter

area_id: Enter the ID of the OSPF area. This can either be in IP address format, or as a number in the range 0 to 4294967295.

Description

■ Use the area command to enter an OSPF area view.

■ Use the undo area command to exit from the OSPF area view.

Example

To enter the OSPF area view 0, enter the following:

[SW7700-ospf]area 0[SW7700-ospf-area-0.0.0.0]

asbr-summary Syntaxasbr-summary ip_address mask [ not-advertise | tag value ]

undo asbr-summary ip-address mask

View

OSPF view

Parameter

ip_address Enter the matched IP address.

ip_mask Enter the IP subnet mask.


not-advertise Enter this parameter if you do not want to advertise routes matching the specified IP address and mask.

tag value: Enter a tag value, which is mainly used to control advertisement of routes via route-policy. This value can be in the range 0 to 4294967295. The default is 1.

Description

■ Use the asbr-summary command to configure a summary of imported routes for OSPF.

■ Use the undo asbr-summary command to cancel the summary. This is the default.

After the summarization of imported routes is configured, if the local router is an autonomous system border router (ASBR), this command summarizes the imported Type-5 LSAs in the summary address range. When NSSA is configured, this command will also summarize the imported Type-7 LSAs in the summary address range.

If the local router acts as both an ABR and a router in the NSSA, this command summarizes Type-5 LSAs transformed from Type-7 LSAs. If the router is not the router in the NSSA, the summarization is disabled.

Related commands: display ospf asbr-summary.

Example

To summarize the OSPF imported routes, enter the following:

[SW7700-ospf]asbr-summary 10.2.0.0 255.255.0.0 not-advertise

authentication-mode Syntaxauthentication-mode [ simple | md5 ]

undo authentication-mode

View

OSPF Area view

Parameter

simple: Enter to configure simple text authentication mode.

md5: Enter to configure MD5 cipher text authentication mode.

Description

■ Use the authentication-mode command to configure an OSPF area to use a specified authentication mode.

■ Use the undo authentication-mode command to cancel the authentication mode for this area. By default, an area does not support an authentication mode.


All the routers in one area must use the same authentication mode (no authentication, simple text authentication or MD5 cipher text authentication). In addition, all routers on the same segment must use the same authentication key.

To configure a simple text authentication key, use the ospf authentication-mode simple command.

To configure an MD5 cipher text key, use the ospf authentication-mode md5 command.

Related command: ospf authentication-mode.

Example

To set the OSPF area 0 to support MD5 cipher text authentication, enter the following:

[SW7700-ospf-area-0.0.0.0]authentication-mode md5

default cost Syntaxdefault cost value

undo default cost

View

OSPF view

Parameter

value Enter the default routing cost of the external route imported by OSPF, in the range 0 to 16777215.

Description

■ Use the default cost command to configure the default routing cost of an external route imported by OSPF.

■ Use the undo default cost command to restore the default routing cost of an external route imported by OSPF. By default, the routing cost of an external route imported by OSPF is 1.

OSPF requires a default cost when redistributing a route found by other routing protocols.

Example

To specify a default routing cost of 10 for an external route imported by OSPF, enter the following:

[SW7700-ospf]default cost 10

default interval Syntaxdefault interval seconds

undo default interval


View

OSPF view

Parameter

seconds Enter the default interval, in seconds, for redistributing external routes. This can be in the range 1 to 2147483647. The default is 1 second.

Description

■ Use the default interval command to configure the default interval for OSPF to import external routes.

■ Use the undo default interval command to restore the default value of 1 second.

OSPF requires a default interval when redistributing a route found by other routing protocols.

Example

To specify a default interval of 10 seconds for OSPF to import external routes, enter the following:

[SW7700-ospf]default interval 10

default limit Syntaxdefault limit routes

undo default limit

View

OSPF view

Parameter

routes Enter a limit on the number of imported external routes, in the range 200 to 2147483647. By default, the limit is 1000.

Description

■ Use the default limit command to configure maximum number of allowed imported routes.

■ Use the undo default limit command to restore the default value.

OSPF requires a default limit when redistributing a route found by other routing protocols.

Related commands: default interval.

Example

To specify a limit of 200 imported external routes, enter the following:

[SW7700-ospf]default limit 200

default tag Syntaxdefault tag tag


undo default tag

View

OSPF view

Parameter

tag Enter a tag number, in the range 0 to 4294967295.

Description

Use the default tag command to configure the default tag of OSPF when it redistributes an external route.

Use the undo default tag command to restore the default tag of OSPF when it redistributes the external route.

OSPF requires a default tag when redistributing a route found by other routing protocols.

Related command: default type.

Example

To set a default tag of 10 to OSPF imported external routes, enter the following:

[SW7700-ospf]default tag 10

default type Syntaxdefault type { 1 | 2 }

undo default type

View

OSPF view

Parameter

1 Enter to set the default to external routes of type 1.

2 Enter to set the default to external routes of type 2.

Description

■ Use the default type command to configure the default type when OSPF redistributes external routes.

■ Use the undo default type command to restore the default type. By default, external routes of type 2 are imported.

OSPF requires a default type when redistributing a route found by other routing protocols.

Related command: default tag.


Example

To specify the default type as type 1 when OSPF imports an external route, enter the following:

[SW7700-ospf]default type 1

default-cost Syntaxdefault-cost value

undo default-cost

View

OSPF Area view

Parameter

value Enter the cost value of the default route transmitted by OSPF to the STUB or NSSA area, in the range 0 to 16777215. The default value is 1.

Description

■ Use the default-cost command to configure the cost of the route transmitted by OSPF to the STUB or NSSA area.

■ Use the undo default-cost command to restore the default cost of the default route transmitted by OSPF to the STUB or NSSA.

Related commands: stub, nssa.

Example

To set area 1 as the STUB area, and to set the cost of the default route transmitted to this STUB area to 60, enter the following commands:

[SW7700-ospf-1]area 1[SW7700-ospf-1-area-0.0.0.1]network 20.0.0.0 0.255.255.255[SW7700-ospf-1-area-0.0.0.1]stub[SW7700-ospf-1-area-0.0.0.1]default-cost 60

default-route-advertise Syntaxdefault-route-advertise [ always | cost value | type type_value | route-policy route-policy-name ]*

undo default-route-advertise [ always | cost | type | route-policy ]*

View

OSPF view

Parameter

always This parameter will generate an ASE LSA which describes the default route and advertise it if the local router is not configured with the default route. If this parameter is not set, the local router cannot import the ASE LSA, which generates the default route only when it is configured with the default route.

cost value: Enter the cost value of the ASE LSA, in the range 0 to 16777215. The default value is 1.


type type_value Enter the cost type of this ase lsa, which can be either 1 or 2. The default value is 2.

route-policy route_policy_name: if the default route match the route-policy specified by route-policy-name, route-policy will affect the value in the ase lsa. The length of route_policy_name parameter ranges from 1 to 16 character string.

Description

■ Use the default-route-advertise command to import the default route to the OSPF route area.

■ Use the undo default-route-advertise command to cancel the import of default route. This is the default.

The import-route command cannot import the default route. When local router is not configured with default route, the keyword always should be used by ase lsa to generate default route.

Related command: import-route.

Example

If a local route has no default route, the ASE LSA of the default route will be generated.

[SW7700-ospf]default-route-advertise

The ASE LSA of the default route will be generated and advertised to OSPF route area even if the local router has no default route.

[SW7700-ospf]default-route-advertise always

display debugging ospf Syntaxdisplay debugging ospf

View

Any view

Description

■ Use the display debugging ospf command to view the debugging states of global OSPF and all processes.

Related command: debugging ospf

Example

Display the debugging states of global OSPF and all processes.

<SW7700> display debugging ospfOSPF global debugging state:OSPF SPF debugging is onOSPF LSA debugging is onOSPF process 100 debugging state:OSPF SPF debugging is on

OSPF process 200 debugging state:OSPF SPF debugging is on


OSPF LSA debugging is on

display ospf abr-asbr Syntaxdisplay ospf [ process-id ] abr-asbr

View

All views

Parameter

process-id: Process ID of OSPF, ranging from 1 to 65535. The command is applied to all current OSPF processes if you do not specify a process ID.

Description

■ Use the display ospf abr-asbr command to view information about the Area Border Router (ABR) and Autonomous System Border Router (ASBR) of OSPF.

Example

To display information on the ABR and ASBR of OSPF, enter the following:

<SW7700>display ospf abr-asbr

OSPF Process 1 with Router ID 10.110.98.138

Routing Table to ABR and ASBR

I = Intra i = Inter A = ASBR B = ABR S = SumASBR

Destination Area Cost Nexthop Interface

IA 2.2.2.2 0.0.0.0 10 10.153.17.89 Vlan-interface1

display ospf asbr-summary

Syntaxdisplay ospf [ process-id ] asbr-summary [ ip-address ip-mask ]

View

All views

Parameter


ip_address Enter an IP address.

ip_mask Enter an IP subnet mask.

Description

■ Use the display ospf asbr-summary command to view the summary information of an OSPF imported route, or all OSPF imported routes.

If you do not specify an IP address and subnet mask, the summary information of all OSPF imported routes is displayed.


Related command: asbr-summary.

Example

To display the summary information of all OSPF imported routes, enter the following:

<SW7700>display ospf asbr-summaryOSPF Process 1 with Router ID 1.1.1.1Summary AddressesTotal summary address count: 2

Summary Addressnet : 168.10.0.0mask : 255.254.0.0tag : 1status : AdvertiseThe Count of Route is 0

Summary Addressnet : 1.1.0.0mask : 255.255.0.0tag : 100status : DoNotAdvertise

The Count of Route is 0

display ospf brief Syntaxdisplay ospf [ process-id ] brief

View

All views

Parameter


Description

■ Use the display ospf brief command to view OSPF summary information.

Example

To display OSPF summary information, enter the following:

<SW7700>display ospf briefOSPF Process 1 with Router ID 10.110.95.189OSPF Protocol Information


RouterID: 10.110.95.189 Border Router: AS spf-schedule-interval: 5 Routing preference: Inter/Intra: 10 External: 150 Default ASE parameters: Metric: 1 Tag: 0.0.0.1 Type: 2 SPF computation count: 16 Area Count: 1 Nssa Area Count: 0

Area 0.0.0.0:


Authtype: none Flags: <> SPF scheduled: <> Interface: 201.1.1.4 (Vlan-interface1) Cost: 1 State: DR Type: Broadcast Priority: 1 Designated Router: 201.1.1.4 Backup Designated Router: 201.1.1.3Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1

display ospf cumulative Syntaxdisplay ospf [ process-id ] cumulative

View

All views

Parameter

process-id: Process ID of OSPF, ranging from 1 to 65535. The command is applied to all current OSPF processes if you do not specify a process ID>

Description

■ Use the display ospf cumulative command to view the OSPF cumulative information.

Example

To display the OSPF cumulative information, enter the following:

<SW7700>display ospf cumulativeOSPF Process 1 with Router ID 1.1.1.1


Cumulations

IO StatisticsType Input OutputHello 225 437DB Description 78 86Link-State Req 18 18Link-State Update 48 53Link-State Ack 25 21ASE: 1 Checksum Sum: FCAF LSAs originated by this router

Router: 50 SumNet: 40SumASB: 2LSAs Originated: 92 LSAs Received: 33Area 0.0.00.0:

Neighbors: 1 Interfaces: 1Spf: 54 Checksum Sum F020rtr: 2 net: 0 sumasb: 0 sumnet: 1

Area 0.0.0.1:Neighbors: 0 Interfaces: 1Spf: 19 Checksum Sum 14EAD rtr: 1 net: 0sumasb: 1sumnet: 1

Routing Table:Intra Area: 2 Inter Area: 0ASE: 1


display ospf error Syntaxdisplay ospf [ process-id ] error

View

All views

Parameter


Description

■ Use the display ospf error command to view OSPF error information.

Example

To display the OSPF error information, enter the following:

<SW7700>display ospf errorOSPF Process 1 with Router ID 1.1.1.1


OSPF packet error statistics:0: IP: received my own packet 0: OSPF: bad packet type0: OSPF: bad version 0: OSPF: bad checksum0: OSPF: bad area id 0: OSPF: area mismatch0: OSPF: bad virtual link 0: OSPF: bad authentication type0: OSPF: bad authentication key 0: OSPF: packet too small0: OSPF: packet size > ip length 0: OSPF: transmit error0: OSPF: interface down 0: OSPF: unknown neighbor0: HELLO: netmask mismatch 0: HELLO: hello timer mismatch0: HELLO: dead timer mismatch 0: HELLO: extern option mismatch0: HELLO: router id confusion 0: HELLO: virtual neighbor unknown0: HELLO: NBMA neighbor unknown 0: DD: neighbor state low0: DD: router id confusion 0: DD: extern option mismatch0: DD: unknown LSA type 0: LS ACK: neighbor state low0: LS ACK: bad ack 0: LS ACK: duplicate ack0: LS ACK: unknown LSA type 0: LS REQ: neighbor state low0: LS REQ: empty request 0: LS REQ: bad request0: LS UPD: neighbor state low 0: LS UPD: newer self-generate LSA0: LS UPD: LSA checksum bad 0: LS UPD:received less recent LSA0: LS UPD: unknown LSA type 0: OSPF routing: next hop not exist0: DD: MTU option mismatch

display ospf interface Syntaxdisplay ospf [ process-id ] interface [ interface-type interface-number ]

View

All views

Parameter



interface_type Enter the interface type.

interface_number Enter the port number.

Description

Use the display ospf interface command to view OSPF interface information for a specified port, or for all ports.

The information displayed includes OSPF configuration and running state.

Example

To display OSPF interface information, enter the following:

<SW7700>display ospf interface vlan-interface 1OSPF Process 1 with Router ID 1.1.1.1


Interfaces

Interface: 10.110.10.2 (Vlan-interface1) Cost: 1 State: BackupDR Type: Broadcast Priority: 1 Designated Router: 10.110.10.1 Backup Designated Router: 10.110.10.2 Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1

display ospf lsdb Syntaxdisplay ospf [ process-id ] [ area_id ] lsdb [ brief | [ asbr | ase | network | nssa | router | summary ] [ ip_address ] [ originate-router ip_address | self-originate ] ]

View

All views

Parameter


area_id Enter the ID of the OSPF area, as either an ID number or an IP address.

Description

■ Use the display ospf lsdb command to view database information about the OSPF connecting state.

Example

To display database information about the OSPF connecting state, enter the following:

<SW7700>display ospf lsdbOSPF Process 1 with Router ID 1.1.1.1


Link State Database


Area: 0.0.0.0TypeLinkStateID AdvRouter Age Len Sequence Metric WhereStub 10.10.0.0 0.0.0.1 388 24 0 0 SpfTreeRtr 0.0.0.1 0.0.0.1 362 48 8000002f 0 SpfTreeRtr 0.0.0.2 0.0.0.2 389 48 8000002e 0 SpfTreeSNet 10.110.0.0 0.0.0.1 193 28 80000003 10 Inter ListArea: 0.0.0.1TypeLinkStateID AdvRouter Age Len Sequence Metric WhereStub 10.110.0.0 0.0.0.1 2074 24 0 0 SpfTreeRtr 0.0.0.1 0.0.0.1 363 36 80000003 0 SpfTreeSNet 10.10.0.0 0.0.0.1 193 28 80000002 10 Inter ListASB 0.0.0.2 0.0.0.1 193 28 80000002 10 SumAsb ListAS External DatabaseTypeLinkStateIDAdvRouter Age Len Sequence Metric WhereASE 2.2.0.0 0.0.0.2 278 36 80000001 1 initialized<SW7700> display ospf lsdb aseOSPF Process 1 with Router ID 1.1.1.1

Link State Data Base type : ASE ls id : 2.2.0.0adv rtr: 0.0.0.2ls age: 349len:36seq#:80000001chksum: 0xfcaf Options: (DC) Net mask:255.255.0.0

Tos 0 metric: 1E type :2Forwarding Address: 0.0.0.0Tag: 1

display ospf nexthop Syntaxdisplay ospf [ process-id ] nexthop

View

All views

Parameter


Description

■ Use the display ospf nexthop command to view the information about the next-hop.

Example

To display the OSPF next-hop information, enter the following:

<SW7700>display ospf nexthopOSPF Process 1 with Router ID 1.1.1.1



Address Type Refcount Intf Addr Intf Name--------------------------------------------------------------------202.38.160.1 Direct 3 202.38.160.1 Vlan-interface2202.38.160.2 Neighbor 1 202.38.160.1 Vlan-interface2

display ospf peer Syntaxdisplay ospf [ process-id ] peer [ brief ]

View

All views

Parameter


Description

■ Use the display ospf peer command to view detailed OSPF peer information.

■ Use the display ospf peer brief command to view brief information of every peer in OSPF, in particular the peer number of all states in every area.

Example

To view the information on an SPF peer, enter the following:

<SW7700>display ospf peerOSPF Process 1 with Router ID 1.1.1.1


NeighborsArea 0.0.0.0 interface 10.153.17.88(Vlan interface1)’s neighbor(s)

RouterID: 2.2.2.2 Address: 10.153.17.89 State: Full Mode: Nbr is Master Priority: 1 DR: 10.153.17.89 BDR: 10.153.17.88 Dead times expires in 31sNeighbor has been up for 01:14:14

Table 16 Description of Information Generated by the Command display ospf peer

Field Description

RouterID Router ID of neighbor route

Address Address of the interface, through which neighbor router communicates with the router

State State of adjacency relation

Mode Master/Slave mode formed by negotiation in exchanging DD packet

Priority Priority of DR/BDR for neighbor election

DR IP address of the interface of elected DR

BDR IP address of the interface of elected BDR

Dead timer expires in 31 seconds

Time of hello packet received from the neighbor last time


To view brief information for every peer, enter the following:

<SW7700>display ospf peer briefOSPF Process 1 with Router ID 1.1.1.1Neighbor StatisticsArea ID Down Attempt Init 2-Way ExStart Exchange Loading Full Total0.0.0.0 0 0 0 0 0 0 0 1 10.0.0.1 0 0 0 0 0 0 0 1 1Total 0 0 0 0 0 0 0 2 2

display ospf request-queue

Syntaxdisplay ospf [ process-id ] request-queue

View

All views

Parameter


Neighbor has been up for 01:14:14

Time of neighbor connection

Table 17 Description of Information Generated by the Command Display OSPF Peer Brief

Field Description

Area ID Area ID

Down The initial state for OSPF to establish neighbor relation, which indicates that the OSPF router has not received the message from a certain neighbor router within a period of time.

Attempt Enabled in the NBMA environment, such as Frame Relay, X.25 or ATM. It indicates that OSPF router has not received the message from a certain neighbor router within a period of time, but still attempts to send a Hello packet to the adjacent routers for their communications with a lower frequency.

Init Indicates that the OSPF router has received a Hello packet from a neighbor router, but its IP address is not contained in the Hello packet. Therefore, a two-way communication between them has not been established..

2-Way It indicates that a two-way communication between an OSPF router and a neighbor router has been established. DR and BDR can be selected in this state (or higher state)

ExStart In this state, the router determines the sequence number of the initial database description (DD) packet used for data exchange, so that it can obtain the latest link state information.

Exchange Indicates that the OSPF router sends DD packet to its neighbor routers to exchange link state information.

Loading In this state, OSPF router requests neighbor routers based on the updated link state information from neighbor routers and its expired information, and waits for response from neighbor routers.

Full Indicates that database synchronization between the routers that has established neighbor relations has been completed, and their link state databases have been consistent.

Table 16 Description of Information Generated by the Command display ospf peer

Field Description


Description

■ Use the display ospf request-queue command to view information about the OSPF request-queue.

Example

To display the information on the OSPF request-queue, enter the following:

<SW7700>display ospf request-queue


The Router's Neighbors is RouterID: 1.1.1.1 Address: 1.1.1.1 Interface: 1.1.1.3 Area: 0.0.0.0 LSID:1.1.1.3 AdvRouter:1.1.1.3 Sequence:80000017 Age:35

display ospf retrans-queue

Syntaxdisplay ospf [ process-id ] retrans-queue

View

All views

Parameter


Description

■ Use the display ospf retrans-queue command to view information on the OSPF retransmission queue.

Example

To display information on the OSPF retransmission queue, enter the following:

<SW7700>display ospf retrans-queueOSPF Process 200 with Router ID 103.160.1.1


The Router's Neighbors is RouterID: 1.1.1.3 Address: 1.1.1.3 Interface: 1.1.1.1 Area: 0.0.0.0 Retrans list: Type: Net LSID:1.1.1.1 AdvRouter:1.1.1.1

display ospf routing Syntaxdisplay ospf [ process-id ] routing

View

All views

Parameter

pcrocess-id: Process ID of OSPF, ranging from 1 to 65535. The command is applied to all current OSPF processes if you do not specify a process ID.


Description

Use the display ospf routing command to view the information about the OSPF routing table.

Example

To view information on the OSPF routing table, enter the following:

<SW7700>display ospf routingOSPF Process 1 with Router ID 1.1.1.1


Routing tables

Routing for NetworkDestination Cost Type NextHop AdvRouter Area 10.110.0.0 10 Stub 10.110.10.1 0.0.0.1 110.10.0.0 10 Stub 10.10.0.1 0.0.0.1 0Routing for ASEsDestination Cost Type Tag NextHop AdvRotue2.2.0.0 1 2 1 10.10.0.1 0.0.0.2Total Nets: 2Intra Area: 2 Inter Area: 0 ASE: 1 NSSA: 0

display ospf vlink Syntaxdisplay ospf [ process-id ] vlink

View

All views

Parameter


Description

■ Use the display ospf vlink command to view the information about OSPF virtual links.

Example

To view OSPF virtual links information, enter the following:

<SW7700>display ospf vlinkOSPF Process 1 with Router ID 1.1.1.1


Virtual links

Virtual-link Neighbor-id -> 2.2.2.2, State: Full Cost: 0 State: Full Type: Virtual Transit Area: 0.0.0.2 Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1


filter-policy export Syntaxfilter-policy { acl_number | ip-prefix ip_prefix_name } export [ routing_protocol ]

undo filter-policy {acl_number | ip-prefix ip_prefix-name} export [ routing_protocol ]

View

OSPF view

Parameter

acl_number Enter an access control list number.

ip_prefix_name: Enter the name of the address prefix list.

routing_protocol Enter the protocol advertising the routing information. This can be one of the following: direct, bgp, rip and static.

Description

Using the filter-policy export command, you can configure how OSPF filters the advertised routing information. Only the routing information that meets these conditions is advertised.

Using the undo filter-policy export command, you can cancel the filtering rules. By default, no filtering of the distributed routing information is performed.

Related commands: acl, ip ip-prefix.

Example

To configure OSPF to only advertise the routing information permitted by acl 1, enter the following commands:

[SW7700]acl number 1[SW7700-acl-basic-1]rule permit source 11.0.0.0 0.255.255.255[SW7700-acl-basic-1]rule deny source any[SW7700-ospf]filter-policy 1 export

filter-policy import Syntaxfilter-policy { acl_number | ip-prefix ip_prefix_name | gateway prefix_list_name } import

undo filter-policy { acl_number | ip-prefix ip_prefix_name | gateway ip-prefix-name } import

View

OSPF view

Parameter

acl_number Enter the access control list number used for filtering the destination addresses of the routing information.

ip_prefix_name Enter the name of address prefix list used for filtering the destination addresses of the routing information.


gateway ip_prefix_name Enter the name of address prefix list used for filtering the addresses of the neighboring routers advertising the routing information.

Description

Using the filter-policy import command, you can configure how OSPF filters the routing information received. Only the routing information that meets these conditions can be received.

Using the undo filter-policy import command, you can cancel the filtering of the received routing information received. By default, no filtering of the received routing information is performed.

Example

To filter the received routing information using the rules defined by access control list 2, enter the following commands:

[SW7700]acl number 2[SW7700-acl-basic-2]rule permit source 20.0.0.0 0.255.255.255[SW7700-acl-basic-2]rule deny source any[SW7700-ospf]filter-policy 2 import

import-route Syntaximport-route protocol [ cost value | type value | tag value | route-policy route-policy-name ]


View

OSPF view

Parameter

protocol Enter the source routing protocol to be imported. This can be one of the following: direct, rip, and static.

route-policy route_policy_name Enter a route policy name. Only routes that match the specified route policy are imported.

cost value Enter the cost of the imported route.

type value Enter the cost type of imported routes. The value can be 1 or 2.

tag value Enter the tag value for imported external routes.

Description

Using the import-route command, you can import the external routing information of another routing protocol.

Using the undo import-route command, you can cancel the import of external routing information. By default, the routing information of other protocols is not imported.


Example

To configure an imported RIP route with the route of type 2, a route tag of 33 and a route cost of 50, enter the following:

[SW7700-ospf]import-route rip type 2 tag 33 cost 50

network Syntaxnetwork ip-address ip-mask

undo network ip-address ip-mask

View

OSPF Area view

Parameter

ip_address Enter the IP address of the network segment where the interface is located.

ip_mask Enter the IP subnet mask, which is similar to the reversed form of the mask of IP address.

Description

Using the network command, you can configure the interface running OSPF protocol to which the interface belongs.

Using the undo network command, you can cancel the interface running OSPF. By default, the interface does not belong to any area.

With the two parameters, ip_address and ip_mask, one or more interfaces can be configured as an area. To run the OSPF protocol on one interface, the master IP address of this interface must be in the range of the network segment specified by this command. If the slave IP address of the interface is in the range of the network segment specified by this command, this interface will not run OSPF protocol.

Related command: ospf.

Example

To configure the interfaces whose master IP addresses are in the segment range of 10.110.36.0 to run the OSPF protocol, and to specify the number of the OSPF area where these interfaces are located as 6, enter the following:

[SW7700-ospf]area 6[SW7700-ospf-area-0.0.0.6]network 10.110.36.0.0 0.0.0.255

nssa Syntaxnssa [ default-route-advertise ] [ no-import-route ] [ no-summary ]undo nssa

View

OSPF Area view


Parameter

default-route-advertise Imports the default route to the NSSA area.

no-import-route Blocks the import of the default route to the NSSA area.

no-summary: Disables ABR from transmitting summary_net LSAs to the NSSA area.

Description

Using the nssa command, you can configure the type of an OSPF area as an NSSA area. Using the undo nssa command, you can cancel the function.

By default, NSSA area is not configured.

For all the routers connected to the NSSA area, the command nssa must be used to configure the area as the NSSA attribute.

The default-route-advertise parameter is used to generate a default type-7 LSA. No matter whether there is route 0.0.0.0 in the routing table on an ABR, type-7 LSA default route will always be generated. Only when there is route 0.0.0.0 in routing table on ASBR, will a type-7 LSA default route be generated.

On ASBR, the no-import-route parameter disables an external route that is imported by OSPF with the import-route command from being advertised to the NSSA area.

Example

To configure area 1 as an NSSA area, enter the following:

[SW7700-ospf]area 1[SW7700-ospf-area-0.0.0.1]network 36.0.0.0 0.255.255.255[SW7700-ospf-area-0.0.0.1]nssa

ospf Syntaxospf [ process-id [ router-id router-id ] ]

undo ospf [ router-id ]

View

System view

Parameter

process-id: The id of the OSPF process, ranging from 1 to 65535. By default, the process ID is 1.

router-id: Router ID that is a 32-bit unsigned integer.

Description

Using the ospf command, you can enable the OSPF protocol.

Using the undo ospf command, you can disable the OSPF protocol. By default, the system does not run the OSPF protocol.


After enabling the OSPF protocol, you can configure OSPF operations using the commands described in the “OSPF Configuration Commands” section.

Related command: network.

Example

Enable the OSPF protocol.

[SW7700] router id 10.110.1.8[SW7700] ospf[SW7700-ospf-1]

Enable the OSPF protocol with a process ID of 120.

[SW7700] router id 10.110.1.8[SW7700] ospf 120[SW7700-ospf-120]

ospf authentication-mode

Syntaxospf authentication-mode { simple password | md5 key_id key }

undo ospf authentication-mode { simple | md5 }

View

VLAN interface view

Parameter

simple password Enter a password of no more than 8 characters.

key_id Enter the ID of the MD5 authentication key, in the range from 1 to 255.

key Enter the MD5 authentication key. You can enter this either as plain text in 16 characters or less. The key is displayed in a cipher text form in 24 characters. You can also enter the MD5 key in a cipher text form in 24 characters or less.

Description

Using the ospf authentication-mode command, you can configure the authentication mode and key between adjacent routers.

Using the undo ospf authentication-mode command, you can cancel the set authentication key. By default, the interface does not authenticate the OSPF packets.

The passwords for the authentication keys of routers on the same network segment must be identical. In addition, if you use this command with the authentication-mode command, you can set the authentication type of an area (see the example below).

Related command: authentication-mode.

Example

Area 1 is where the network segment 131.119.0.0 of Interface Vlan-interface 1 is located. To set this area to support MD5 cipher text authentication, with an


authentication key identifier of 15 and an authentication key of 3Com, enter the following:

[SW7700-ospf]area 1[SW7700-ospf-area-0.0.0.1]network 131.119.0.0 0.0.255.255[SW7700-ospf-area-0.0.0.1]authentication-mode md5[SW7700-Vlan-interface1]ospf authentication-mode md5 15 3Com

ospf cost Syntaxospf cost value

undo ospf cost

View

VLAN interface view

Parameter

value Enter the cost for running the OSPF protocol, in the range 1 to 65535.

Description

Using the ospf cost command, you can configure the cost of sending messages from each interface.

Using the undo ospf cost command, you can restore the default costs.

Example

To specify a cost of 33 when the interface vlan-interface 1 runs OSPF, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]ospf cost 33

ospf dr-priority Syntaxospf dr-priority value

undo ospf dr-priority

View

VLAN interface view

Parameter

value Enter the interface priority for electing the “designated router”, ranging from 0 to 255. The default value is 1.

Description

Using the ospf dr-priority command, you can configure the priority for electing the "designated router" on an interface. Using the undo ospf dr-priority command, you can restore the default value.

The priority of the interface determines the qualification of the interface when the “designated router” is elected. The interface with higher priority will be considered first if a vote collision occurs.


Example

To set a priority of 8 for interface Vlan-interface 1 to 8, when electing the DR, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]ospf dr-priority 8

ospf mib-binding Syntaxospf mib-binding process-id

undo ospf mib-binding

View

System view

Parameter

process-id: Process ID of OSPF, ranging from 1 to 65535. By default, the process ID is 1.

Description

Using the ospf mib-binding command, you can bind the MIB operation to the specified OSPF process. Using the undo ospf mib-binding command, you can restore the default settings.

When OSPF protocol enables the first process, it always binds MIB operation to this process. You can use this command to bind MIB operation to another OSPF process. Execute the undo ospf mib-binding command if you want to cancel the setting. OSPF will automatically re-bind MIB operation to the first process that it enables.

By default, MIB operation is bound to the first enabled OSPF process.

Example

Bind MIB operation to OSPF process 100.

[SW7700] ospf mib-binding 100

Bind MIB operation to OSPF process 200.

[SW7700] ospf mib-binding 200

Cancel the binding of MIB operation.

[SW7700] undo ospf mib-binding

ospf mtu-enable Syntaxospf mtu-enable

undo ospf mtu-enable

View

VLAN interface view


Parameter

None.

Description

Using the ospf mtu-enable command, you can enable the interface to write the MTU value when sending DD packets.

Using the undo ospf mtu-enable command, you can restore the default. By default, the MTU value is 0 when sending DD packets, that is the MTU value of the interface is not written.

DD packets (Database Description Packet) are sent by the router to describe its own LSDB when the router running OSPF protocol is synchronizing the database.

Example

To set interface Vlan-interface 3 to write the MTU value when sending DD packets, enter the following:

[SW7700]interface Vlan-interface 3[SW7700-Vlan-interface 3]ospf mtu-enable

ospf network-type Syntaxospf network-type { broadcast | nbma | p2mp | p2p }

undo ospf network-type

View

VLAN interface view

Parameter

broadcast: Change the interface network type to broadcast.

nbma: Change the interface network type to NBMA.

p2mp: Change the interface network type to p2mp.

p2p: Change the interface network type to point-to-point.

Description

■ Use the ospf network-type command to configure the network type of OSPF interface.

■ Use the undo ospf network-type command to restore the default network type of the OSPF interface.

OSPF divides networks into four types by link layer protocol:

■ Broadcast: If Ethernet or FDDI is adopted, OSPF defaults the network type to broadcast.

■ Non-Broadcast Muli-access (nbma): If Frame Relay, ATM, HDLC or X.25 is adopted, OSPF defaults the network type to NBMA.

■ Point-to-Multipoint (p2mp): OSPF will not default the network type of any link layer protocol to p2mp. The general undertaking is to change a partially


connected NBMA network to p2mp network if the NBMA network is not fully-meshed.

■ Point-to-point (p2p): If PPP, LAPB or POS is adopted, OSPF defaults the network type to p2p.

NBMA means that a network is non-broadcast and multi-accessible. ATM is a typical example. A user can configure the polling interval to specify the interval of sending polling hello packets before the adjacency of the neighboring routers is formed.

Configure the interface type to nonbroadcast on a broadcast network without multi-access capability.

Configure the interface type to p2mp if not all the routers are directly accessible on an NBMA network.

Change the interface type to p2p if the router has only one peer on the NBMA network.

When the network type of an interface is NBMA or it is changed to NBMA manually, the peer command must be used to configure the neighboring point.

Related command: ospf dr-priority.

Example

Set the interface Vlan-interface 1 to NBMA type.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]ospf network-type nbma

ospf timer dead Syntaxospf timer dead seconds

undo ospf timer dead

View

VLAN interface view

Parameter

seconds Enter the amount of dead time allowed, in seconds, in the range 1 to 65535.

Description

Using the ospf timer dead command, you can configure the amount of dead time allowed to OSPF neighbors, in seconds.

Using the undo ospf timer dead command, you can restore the default value. By default, the dead time allowed to OSPF neighbors is 40 seconds.

If no Hello message is received from a neighbor in the specified time, the neighbor is considered invalid. The timer dead value should be at least four times that of the timer hello value. The timer dead value for routers on the same network segment must be identical.


Related commands: ospf timer hello.

Example

To set the dead time to 80 seconds on interface Vlan-interface 1, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]ospf timer dead 80

ospf timer hello Syntaxospf timer hello seconds

undo ospf timer hello

View

VLAN interface view

Parameter

seconds Enter the Hello interval time allowed, in seconds, in the range 1 to 255.

Description

Using the ospf timer hello command, you can configure the Hello interval time allowed for an interface.

Using the undo ospf timer hello command, you can restore the interval to the default value. By default, the amount of time allowed is 10 seconds for an interface of p2p or broadcast type, and 30 seconds for an interface of nbma or p2mp type.

Related command: ospf timer dead.

Example

To set a time interval of 20 seconds for transmitting Hello messages on the interface Vlan-interface 1, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]ospf timer hello 20

ospf timer poll Syntaxospf timer poll seconds

undo ospf timer poll

View

VLAN interface view

Parameter

seconds Enter the poll Hello interval in seconds, in the range 1 to 65535. The default value is 120 seconds.


Description

Using the ospf timer poll command, you can configure the Hello packet poll interval.

Using the undo ospf timer poll command, you can restore the default poll interval.

The Poll interval should be at least three times the Hello interval.

Example

To set the transmit poll Hello packet interval to 130 seconds for interface Vlan-interface 2, enter the following:

[SW7700-Vlan-interface2]ospf timer poll 130

ospf timer retransmit Syntaxospf timer retransmit interval

undo ospf timer retransmit

View

VLAN interface view

Parameter

interval Enter the interval allowed before LSA re-transmission. This time is set for an interface, in seconds, in the range 1 to 65535. The default value is 5 seconds.

Description

Using the ospf timer retransmit command, you can configure the interval before LSA re-transmission on an interface.

Using the undo ospf timer retransmit command, you can restore the default interval value for LSA re-transmission on an interface.

When a router transmits a Link State Advertisement (LSA) to the peer, it waits for the acknowledgement packet. If no acknowledgement is received from the neighbor within the time you set using this command, the LSA is re-transmitted.

According to RFC2328, the LSA retransmit between adjacent routers should not be set too short to avoid unexpected re-transmission.

Example

To set the retransmit interval between the interface Vlan-interface 1 and the adjacent routers to 12 seconds, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]ospf timer retransmit 12

ospf trans-delay Syntaxospf trans-delay value

undo ospf trans-delay


View

VLAN interface view

Parameter

value Enter the LSA transmission delay, in seconds, in the range 1 to 3600. By default, the value is 1 second.

Description

Using the ospf trans-delay command, you can configure the LSA transmission delay on an interface.

Using the undo ospf trans-delay command, you can restore the default value of the LSA transmission delay.

LSA will age in the “link state database” (LSDB) of the router as time goes by (add 1 for every second), but it will not age during network transmission. Therefore, it is necessary to add a period of time set by this command to the aging time of LSA before transmitting it.

Example

To set the LSA transmission delay to three seconds on interface Vlan-interface 1, enter the following:

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]ospf trans-delay 3

peer Syntaxpeer ip-address [ dr-priority dr-priority-number ]

undo peer ip-address

View

OSPF view

Parameter

ip_address Enter the IP address of the neighboring router.

dr_priority_number The priority value represents the corresponding priority value of the network neighbor. The range is from 0 to 255. The default value is 1.

Description

Using the peer command, you can configure the neighboring point if a router is connected to a network of NBMA type. Using the undo peer command, you can cancel the configured neighboring point.

Example

To configure the IP address of the neighboring router to 10.1.1.1, enter the following:

[SW7700]peer 10.1.1.1.


preference Syntaxpreference [ ase ] value

undo preference [ ase ]

View

OSPF view

Parameter

value Enter the OSPF protocol route preference, ranging from 1 to 255.

ase Enter to indicate the preference of an imported external route of the AS.

Description

Using the preference command, you can configure the OSPF protocol route preference.

Using the undo preference command, you can restore the default value of the OSPF protocol route. By default, the preference of an OSPF protocol internal route is 10 and the preference of an external route is 150.

Because multiple dynamic routing protocols could be running on a router at any one time, priority needs to be assigned to each protocol. Using this command, you can set a default preference for each routing protocol. The protocol with the higher preference has priority.

Example

To set the preference of an imported external route of the AS to 160, enter the following:

[SW7700-ospf]preference ase 160

reset ospf all Syntaxreset ospf [ statistics ] { all | process-id }

View

User view

Parameter

all: Reset all OSPF processes

process-id: Process ID of OSPF, ranging from 1 to 65535. By default, the process ID is 1.

statistics: Reset OSPF statistics.

Description

Using the reset ospf all command, you can reset the OSPF process, as follows:

■ Invalid LSAs are cleared immediately without waiting for LSA timeout.

■ If the Router ID changes, a new Router ID takes effect to execute the command.


■ Re-elect DR and BDR.

■ OSPF configuration before the restart will not be lost.

After you enter the command, you are asked to confirm that the OSPF protocol should be re-enabled.

Example

Reset all the OSPF processes:

<SW7700>reset ospf all

router id Syntaxrouter id router_id

undo router id

View

System view

Parameter

router_id Enter the router ID as a 32-bit unsigned integer.

Description

Using the router id command, you can configure the ID of a router running the OSPF protocol.

Using the undo router id command, you can cancel the router ID that has been set.

To discover the router ID, use the display ospf brief command to read the selected interface. You can also use the router id command to select the router ID interface manually.

The router ID is a 32-bit unsigned integer that uniquely identifies a router in an OSPF system. You can specify the ID for a router. If a router ID isn’t specified, the router automatically selects one of the configured IP address as the router ID. If an IP address is not configured for any interface, the router ID must be configured in OSPF view. Otherwise, OSPF protocol cannot be enabled.

When the router ID is configured manually, the IDs of any two routers cannot be the same in the autonomous system. So, the IP address of one interface can be selected as the router ID.

The modified router ID will not be valid unless OSPF is re-enabled.

Related command: ospf.

Example

To set the router ID to 10.1.1.3., enter the following:

[SW7700]router id 10.1.1.3


silent-interface Syntaxsilent-interface interface_type interface_number

undo silent-interface interface_type interface_number

View

OSPF view

Parameter

interface_type Enter the interface type

interface_number Enter the interface number.

Description

Using the silent-interface command, you can prevent an interface from transmitting OSPF packets.

Using the undo silent-interface command, you can restore the default setting. By default, the interface transmits OSPF packets.

You can use this command to stop the transmission of OSPF packets on an interface. This prevents the router on some network from receiving the OSPF routing information.

Example

To stop interface Vlan-interface 2 from transmitting OSPF packets, enter the following:

[SW7700-ospf]silent-interface Vlan-interface 2

snmp-agent trap enable ospf

Syntaxsnmp-agent trap enable ospf [ process-id ] [ ifstatechange | virifstatechange | nbrstatechange | virnbrstatechange | ifcfgerror | virifcfgerror | ifauthfail | virifauthfail | ifrxbadpkt | virifrxbadpkt | txretransmit | viriftxretransmit | originatelsa | maxagelsa | lsdboverflow | lsdbapproachoverflow ]

undo snmp-agent trap enable ospf [ process-id ] [ ifstatechange | virifstatechange | nbrstatechange | virnbrstatechange | ifcfgerror | virifcfgerror | ifauthfail | virifauthfail | ifrxbadpkt | virifrxbadpkt | txretransmit | viriftxretransmit | originatelsa | maxagelsa | lsdboverflow | lsdbapproachoverflow ]

View

System view

Parameter

process-id: Process ID of OSPF. The command is applied to all current OSPF processes if you do not specify a process ID.

ifstatechange, virifstatechange, nbrstatechange, virnbrstatechange,

ifcfgerror, virifcfgerror, ifauthfail, virifauthfail, ifrxbadpkt,

virifrxbadpkt, txretransmit, viriftxretransmit, originatelsa,


maxagelsa, lsdboverflow, lsdbapproachoverflow: Types of TRAP packets that the switch produces in case of OSPF anomalies.

Description

Use the snmp-agent trap enable ospf command to enable the OSPF TRAP function. Use the undo snmp-agent trap enable ospf command to disable the OSPF TRAP function.

This command cannot be applied to the OSPF processes that are started after the command is executed.

By default, the switch does not send TRAP packets in case of OSPF anomalies.

For detailed configuration of SNMP TRAP, see “Using System Management Commands” on page 133.

Example

Enable the TRAP function for OSPF process 100.

<SW7700> snmp-agent trap enable ospf 100

spf-schedule-interval Syntaxspf-schedule-interval interval

undo spf-schedule-interval

View

OSPF view

Parameter

interval Enter the SPF route calculation interval for OSPF, in seconds, in the range 1 to 10. The default value is 5 seconds.

Description

Using the spf-schedule-interval command, you can configure the route calculation interval of OSPF.

Using the undo spf-schedule-interval command, you can restore the default setting.

According to the Link State Database (LSDB), the router running OSPF can calculate the shortest path tree, with itself as the root, and determine the next hop to the destination network according to the shortest path tree. By adjusting the SPF calculation interval, you can decrease the frequency of network changes and unnecessary consumption of bandwidth and router resources.

Example

To set the OSPF route calculation interval of the Switch 7700 to 6 seconds, enter the following:

[SW7700-ospf]spf-schedule-interval 6


stub Syntaxstub [ no-summary ]

undo stub

View

OSPF Area view

Parameter

no-summary Enter to prevent the transmission of Summary LSAs to the STUB area.

Description

Using the stub command, you can configure the type of an OSPF area as “stub”.

Using the undo stub command, you can cancel the setting. By default, no OSPF areas are set as STUB areas.

If the router is an ABR, it will send a default route to the connected stub area. Using the default-cost command, you can configure the default route cost.

Related commands: default-cost.

Example

To set the type of OSPF area 1 to STUB, enter the following:

[SW7700-ospf]area 1[SW7700-ospf-area-0.0.0.1]stub

vlink-peer Syntaxvlink-peer router_id [ hello seconds | retransmit seconds | trans-delay seconds | dead seconds | simple password | md5 keyid key ]*

undo vlink-peer router-id

View

OSPF Area view

Parameter

router_id Enter the Router ID of a virtual link neighbor.

hello seconds Enter the interval for the transmission of hello packets, in the range 1 to 8192 seconds. This must equal the hello seconds value of the router virtually linked to the interface. The default value is 10 seconds.

retransmit seconds Enter the interval for the retransmission of LSA packets on an interface, in the range 1 to 8192 seconds. The default value is 5 seconds.

trans-delay seconds Enter the delay interval for transmitting LSA packets on an interface, in the range 1 to 8192 seconds. The default value is 1 second.


dead seconds Enter the dead time interval, in the range 1 to 8192 seconds. This value must equal the dead time of the virtually linked router, and must be at least four times that of the hello interval. The default value is 40 seconds.

simple password Enter the simple text authentication key of the interface, in eight characters or less. This must equal the authentication key of the virtually linked neighbor.

md5 keyid Enter the MD5 authentication key ID, in the range 1 to 255. This must be equal to the authentication key ID of the virtually linked peer.

key Enter the MD5 authentication key, in a character string not exceeding 16 characters. This must be equal to the authentication key of the virtually linked peer. It is displayed in cipher text format, 24 characters in length. Entering the key in cipher text format with 24 characters is also supported.

Description

Using the vlink-peer command, you can create and configure a virtual link.

Using the undo vlink-peer command, you can cancel an existing virtual link.

RFC2328 recommends that an OSPF area should be connected to the backbone network. You can use vlink-peer command to set up the connectivity. Virtual link can be regarded as a common interface that uses OSPF so that you can easily understand how to configure parameters such as hello, retransmit, and trans-delay.

When configuring virtual link authentication, use the authentication-mode command to set the authentication type to MD5 cipher text or plain text on the backbone network.

Related commands: authentication-mode, display ospf.

Example

To create a virtual link to 10.110.0.3, and use the MD5 cipher authentication mode, enter the following:

[SW7700-ospf]area 10.0.0.0[SW7700-ospf-area-10.0.0.0]vlink-peer 10.110.0.3 md5 3 345

Integrated IS-IS Configuration Commands

This section describes the commands you can use to configure Integrated Intermediate System-to-Intermediate System (IS-IS) on your Switch 7700.

When an Ethernet switch runs a routing protocol, it can perform router functions. The router that is referred to in the following and its icon represent a generalized router or an Ethernet switch running routing protocols.

area-authentication- mode

Syntaxarea-authentication-mode { simple | md5 } password [ ip | osi ]

undo area-authentication-mode { simple | md5 } [ ip | osi ]

Integrated IS-IS Configuration Commands 201

View

IS-IS view

Parameter

password: Specify the authentication password which can be a character string with 1 to 16 characters. If md5 is specified, the password is displayed in a cipher text form with 24 characters when the display current-configuration command is executed. Entering a password in a cipher text form with 24 characters is also supported.

simple: Configure to transmit the password in simple text.

md5: Configure to transmit the password encrypted with MD5 algorithm.

ip: Specify the IP authentication password.

osi: Specify the OSI authentication password.

The configuration of an IP or an OSI authentication password is independent of the real network environment.

Description

■ Use the area-authentication-mode command to configure ISIS to authenticate received level-1 routing information packets (LSP, CSNP and PSNP), according to the pre-defined mode and password.

■ Use the undo area-authentication-mode command to configure ISIS not to authenticate the received level-1 routing information packets.

In default configuration, the system will not authenticate received level-1 routing packets, and there is no password. By setting authentication, you can reject all the level-1 routing packets, whose area authentication passwords are not consistent with the one set by this command. At the same time, this command makes ISIS insert the area authentication password, hashed or plain-text, into all the level-1 routing packets sent by this node.

Related commands: reset isis all, domain-authentication-mode, isis authentication-mode.

Example

Set the area authentication password to hello and the authentication type to simple.

[SW7700]isis[SW7700-isis]area-authentication-mode simple hello

cost-style Syntaxcost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] }

undo cost-style

View

IS-IS view


Parameter

narrow: Only receive/send packets whose cost type is narrow

wide: Only receive/send packets whose cost type is wide.

compatible: Receive/send packets whose cost type is narrow or wide.

narrow-compatible: Receive packets whose cost type is narrow or wide, but only send packets whose cost type is narrow

wide-compatible: Receive packets whose cost type is narrow or wide, but only send packets whose cost type is wide.

relax-spf-metric: Receive routes whose cost value is larger than 1024. If this item is not set, routes whose metrics value is larger than 1024 will be discarded. This setting is only valid for compatible and narrow-compatible.

Description

Using cost-style command, you can set the cost type of an IS-IS packet received/sent by the router. Using undo cost-style command, you can restore the default settings.

By default, IS-IS only receives/sends packets whose cost type is narrow.

Example

Set IS-IS to receive packets whose cost type is narrow or wide, but only send packets whose cost type is narrow.

[SW7700] isis[SW7700-isis] cost-style narrow-compatible

default-route-advertise Syntaxdefault-route-advertise [ route-policy route_policy_name ]

undo default-route-advertise [ route-policy route_policy_name ]

View

IS-IS view

Parameter

route-policy route_policy_name: Only the route that matches the requirements of the specified Route-policy can generate a default route.

Description

■ Use the default-route-advertise command to create the default route of L1, L2 router.

■ Use the undo default-route-advertise command to cancel this configuration.

By default, an L2 router generates a default route for an attached L1 area.


This command can be set on L1 router or L2 router. By default, the command generates a default route on L2 LSPs. If level level-1 is set in Route-policy view, the default route will be generated on L1 LSP. If level level-2 is set in Route-policy view, the default route will be generated on L2 LSP. If level level-1-2 is set in Route-policy view, the default route will be generated on both L1 LSP and L2 LSP.

Example

Set the router to create the default route in the LSP of the corresponding level.

[SW7700]default-route-advertise

display isis interface Syntaxdisplay isis interface [ verbose ]

View

All views

Parameter

verbose: If this parameter is used, the details of the interface will be displayed.

Description

Use the display isis interface command to view information on the enabled IS-IS interface.

This command displays information on the enabled IS-IS interface, including interface name, IP address of the interface, link state of the interface and so on. Besides displaying all the information shown by the display isis interface command, the display isis interface verbose command displays information about the IS-IS parameters of the interface, such as the CSNP packet broadcast interval, Hello packet broadcast interval and the cost of the interface.

Example

Display information about the enabled IS-IS interfaces.

<SW7700>display isis interfaceInterface IP Address Id Link.Sta IP.Sta MTU Type DISVlan-interface3 2.1.1.12 001 Up Up 1497 L12 No/No

Display details of the IS-IS enabled interfaces.

<SW7700>display isis interface verboseInterface IP Address Id Link.Sta IP.Sta MTU Type DISVlan-interface3 2.1.1.12 001 Up Up 1497 L12 No/No Secondary IP Address(es): Csnp-Interval : L1 10 L2 10 Hello-Interval: L1 10 L2 10Hold Time : L1 30 L2 30 Lsp Interval: 1 Cost : L1 10 L2 10 Priority : L1 64 L2 64 Retransmit Interval: 5


display isis lsdb Syntaxdisplay isis lsdb [ [ l1 | l2 | level-1 | level-2 ]|[ [ LSPID | local ] | verbose ]* ]*

View

All views

Parameter

l1 and level-1: Both refer to the link state database of level-1.

l2 and level-2: Both refer to the link state database of level-2.

local: Display the information from the link state database.

verbose: Display the verbose (detailed) information from the link state database.

LSPID: Specify the ID of the LSP of the Network-entity-title. The ID is derived from the Network Entity Title of the router originating the LSP.

Description

Use the display isis lsdb command to view the link state database of the IS-IS.

Example

Display verbose information for an LSP.

<SW7700>display isis lsdb 0050.0500.5005.00-00 verbose IS-IS Level-1 Link State DatabaseLsp ID Sequence Holdtime A-P-O Checksum 0050.0500.5005.00-00 0x00000328 780 0-0-0 0xf211

The table below gives an explanation of the A-P-O column:

display isis mesh-group Syntaxdisplay isis mesh-group

View

All views

Parameter

None

Table 18 Description of A-P-O in the IS-IS Link State Database

Heading Meaning

A The Attach bit. Indicates that the router is also a Level 2 router, and it can reach other areas. Level 1 routers, and Level 2 routers that have lost connection to other Level 2 routers, use the Attach bit to find the closest Level 2 router.

P The P bit. This detects if the IS is “area partition repair” capable.

O The Overload bit. This determines if the IS is congested. If the Overload bit is set, other routers do not use this system as a transit router when calculating routes. Only packets for destinations directly connected to the overloaded router are sent to this router.


Description

Use the display isis mesh-group command to view the configuration of the IS-IS mesh group of the current router interface.

Example

Add Interface Vlan-interface 1 and Interface Vlan-interface 2 running IS-IS into mesh group 100.

[SW7700-Vlan-interface1]isis mesh-group 100[SW7700]interface Vlan-interface 2[SW7700-Vlan-interface2]isis mesh-group 100

Display information for the IS-IS mesh-group.

[SW7700-Vlan-interface2]display isis mesh-groupInterface Mesh-group/BlockedVlan-interface 1 100Vlan-interface 2 100

display isis peer Syntaxdisplay isis peer [ verbose ]

View

All views

Parameter

verbose: When this parameter is configured, the area address carried in the Hello packet from the neighbor will be displayed. Otherwise, only the universal information will be displayed.

Description

Use the display isis peer command to view IS-IS peer information.

The display isis peer verbose command yields not only all the outputs of the display isis peer command, but also the area address, Uptime and IP address of the directly connected interface of the peer.

Example

Output more information, using the verbose parameter.

<SW7700>display isis peer verboseSystem ID Interface Circuit ID State HoldTimeTypePri0001.0002.0002Vlan-interface10001.0002.0008.01Up 23s L1(L12)64 System ID Interface Circuit ID State HoldTimeTypePriArea Address: 49.0055 IP Address: 175.1.19.36 Period: 00:25:300001.0002.0002Vlan-interface20001.0002.002.02 Up 26s L1 0 Area Address: 49.0055 IP Address: 175.1.19.22 Period: 00:00:51

View IS-IS peer information.

<SW7700>display isis peerSystem ID Interface Circuit ID State HoldTimeTypePri0001.0002.0002Vlan-interface1 0001.0002.0008.01Up 26s L1(L12)640001.0002.0002Vlan-interface20001.0002.002.02 Up 29s L1 0


display isis route Syntaxdisplay isis route

View

All views

Parameter

None

Description

Use display isis route command to view IS-IS routing information.

Example

View IS-IS routing information.

<SW7700>display isis route ISIS Level - 1 Forwarding Table : Type - D -Direct, C -Connected, I -ISIS, S -Static, O -OSPF B -BGP, R -RIP Flags: R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit SetDestination/Mask In.Met Ex.Met NextHop Interface Flags --------------------------------------------------------------------D 4.0.0.0/8 10 NULL Direct Vlan-interface2 R/L/-ISIS Level - 2 Forwarding Table : Type - D -Direct, C -Connected, I -ISIS, S -Static, O -OSPF B -BGP, R -RIP Flags: R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit SetDestination/Mask In.Met Ex.Met NextHop Interface Flags-------------------------------------------------------------------D 4.0.0.0/8 10 NULL Direct Vlan-interface2 R/L/-

display isis spf-log Syntaxdisplay isis spf-log

View

All views

Parameter

None

Description

Use the display isis spf-log command to view SPF calculation log information for IS-IS.

Example

View the SPF calculation log of IS-IS.

<SW7700>display isis spf-logDetails of Level 1 SPF Run:-------------------------------Trig.Event No.Of Nodes Duration StartTimeIS_SPFTRIG_ADJDOWN 2 0 23:10:54IS_SPFTRIG_NEWADJ 3 0 23:10:54


IS_SPFTRIG_LSPCHANGE 3 0 23:10:54IS_SPFTRIG_PERIODIC 2 0 23:10:37IS_SPFTRIG_PERIODIC 2 0 23:10:52IS_SPFTRIG_CIRC_UP 3 0 23:10:53IS_SPFTRIG_CIRC_UP 3 0 23:10:53IS_SPFTRIG_LSPCHANGE 3 0 23:10:53Details of Level 2 SPF Run:-------------------------------Trig.Event No.Of Nodes Duration StartTimeIS_SPFTRIG_NEWADJ 4 0 23:10:54IS_SPFTRIG_LSPCHANGE 4 0 23:10:54IS_SPFTRIG_PERIODIC 4 0 23:10:37IS_SPFTRIG_PERIODIC 4 0 23:10:52IS_SPFTRIG_PERIODIC 4 0 23:10:52IS_SPFTRIG_CIRC_UP 5 0 23:10:53IS_SPFTRIG_LSPCHANGE 5 0 23:10:53IS_SPFTRIG_CIRC_UP 7 0 23:10:53IS_SPFTRIG_LSPCHANGE 7 0 23:10:53IS_SPFTRIG_LSPCHANGE 7 0 23:10:53IS_SPFTRIG_ADJDOWN 4 0 23:10:54IS_SPFTRIG_ADJDOWN 4 0 23:10:54

domain-authentication-mode

Syntaxdomain-authentication-mode { simple | md5 } password [ ip | osi ]

undo domain-authentication-mode { simple | md5 } [ ip | osi ]

View

IS-IS view

Parameter

simple: Configure to transmit the password in plain text.


password: Specify the password, ranging from 1 to 16 characters. If you specify md5, the password is displayed in a cipher text form with 24 characters when the display current-configuration command is executed. You can also enter the password in a cipher text form with 24 characters.



The configuration of an IP or an OSI authentication password is independent of the real network environment.

Description

■ Use the domain-authentication-mode command to configure IS-IS to authenticate received level-2 routing packets (LSP, CSNP, PSNP), according to the pre-defined mode and password.

■ Use the undo domain-authentication-mode command to configure IS-IS not to authenticate the received level-2 routing packets.


In a default configuration, the system will not authenticate the received level-2 routing packets, and there is no password. By setting authentication, you can reject all the level-2 routing packets, whose domain authentication passwords are are inconsistent with the password set by this command. At the same time, this command makes IS-IS insert the domain authentication password, hashed or plain-text, into all the level-2 routing packets sent by this node.

Related commands: area-authentication-mode, isis authentication-mode.

Example

To authenticate the level-2 routing packets, select the simple mode, and set the password to 3Com.

[SW7700]isis[SW7700-isis]domain-authentication-mode simple 3Com

filter-policy export Syntaxfilter-policy acl-number export [ protocol ]

undo filter-policy acl-number export [ protocol ]

View

IS-IS view

Parameter

acl-number: Specify the number of the access control list, ranging 1 to 199.

protocol: Specify the protocols that distribute routing information, including direct, static, rip, bgp, ospf, and ospf-ase etc. If no protocols are specified, the distributed routes of all the protocols will be filtered.

Description

■ Use the filter-policy export command to configure to filter the routes distributed by IS-IS.

■ Use the undo filter-policy export command to cancel the filtering of exported routes.

By default, IS-IS does not filter any distributed routing information.

In some cases, only the routing information meeting the specified conditions will be distributed. You can configure the filter-policy to specify the filter conditions so as to distribute the desired routing information only.

Related command: filter-policy import.

Example

Use acl 6 to filter the routes distributed by IS-IS.

[SW7700-isis]filter-policy 6 export

filter-policy import Syntaxfilter-policy acl-number import


undo filter-policy acl-number import

View

IS-IS view

Parameter

acl-number: Specify the number of the access control list, ranging 1 to 199.

Description

■ Use the filter-policy import command to filter the routes received by IS-IS.

■ Use the undo filter-policy import command to prevent filtering of received routes.

By default, IS-IS does not filter the received routing information.

In some cases, only the routing information meeting the specified conditions will be accepted. You can configure the filter-policy to specify the filter conditions so as to accept the desired routing information only.

Related command: filter-policy export.

Example

Filter the received routes by using acl 3.

[SW7700-isis]filter-policy 3 import

ignore-lsp-checksum- error

Syntaxignore-lsp-checksum-error

undo ignore-lsp-checksum-error

View

IS-IS view

Parameter

None

Description

■ Use the ignore-lsp-checksum-error command to require the IS-IS to discard LSPs with checksum errors.

■ Use the undo ignore-lsp-checksum-error command to requires the IS-IS to process LSPs with checksum errors.

By default, the LSP checksum errors are retained.

After receiving an LSP packet, the local IS-IS calculates its checksum and compare the result with the checksum in the LSP packet. By default, if the checksum in the packet is not consistent with the calculated result, the LSP is processed and rejected. A network purge of the corrupted LSP can then be initiated. However, if the ignore-lsp-checksum-error command is used, an LSP with a checksum error is discarded silently.


Example

Discard the LSPs with checksum errors.

[SW7700-isis]ignore-lsp-checksum-error

import-route Syntaximport-route protocol [ cost value | type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ]*

undo import-route protocol [ cost value | type { external | internal } | [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ]*

View

IS-IS view

Parameter

protocol: Specify the source protocol for importing the routing information, which can be direct, static, rip, bgp, and ospf etc.

value: Specify the metric of the imported route, ranging from 0 to 63.

type external: Configure to set external cost type for routes imported by IS-IS.

type internal: Configure to set internal cost type for routes imported by IS-IS.

level-1: Configure to import the route into the Level-1 routing table.

level-2: Configure to import the route into the Level-2 routing table. If the level is not specified, it defaults to importing the routes into level-2.

level-1-2: Configure to import the route into Level-1 and Level-2 routing table.

route-policy route-policy-name: Configure to import the routes matching the conditions defined in the specified route-policy only.

Description

■ Use the import-route command to configure IS-IS to import the routing information of other protocols.

■ Use the undo import-route command to cancel this function.

By default, IS-IS does not import the routing information of other protocols.

For IS-IS, the routes discovered by other routing protocols are processed as routes outside the routing domain. When importing the routes of other protocols, you can specify their routing metric.

When IS-IS imports routes, you can also specify whether to import the routes into Level-1, Level-2 or Level-1-2.

IS-IS regards all the routes imported into the routing domain as external routes, which describe routing outside the IS-IS routing domain.


Example

Configure IS-IS to import routing information from OSPF.

[SW7700-isis]import-route ospf

isis Syntaxisis [ tag ]

undo isis [ tag ]

View

System view

Parameter

tag: the name given to the ISIS process. The name length should be no longer than 128 characters, and it can be 0, which means null.

Description

■ Use the isis command to start the corresponding IS-IS routing process and enter the ISIS view.

■ Use the undo isis command to delete the specified IS-IS routing process.

By default, the IS-IS routing process is not started

For the normal operation of the IS-IS protocol, the isis command must be used to enable the IS-IS process. Then the network-entity command is used to set a Network Entity Title (NET) for the router. Finally, the isis enable command is used to enable each interface on which the IS-IS process runs. The IS-IS protocol is actually enabled upon the completion of these configurations.

Only one IS-IS routing process can be started on one router.

Related commands: isis enable, network-entity.

Example

Start an IS-IS routing process, in which the system ID is 0000.0000.0002 and the area ID is 01.0001.

[SW7700]isis[SW7700-isis]network-entity 01.0001.0000.0000.0002.00

isis authentication-mode Syntaxisis authentication-mode { simple | md5 } password [ { level-1 | level-2 } [ ip | osi ] ]

undo isis authentication-mode { simple | md5 } password [ { level-1 | level-2 } [ ip | osi ] ]

View

VLAN interface view


Parameter

password: Specify the authentication password which can be a character string of 1 to 16 characters. If you specify md5, the password is displayed in a cipher text form with 24 characters when the display current-configuration command is executed. Inputting the password in a cipher text form with 24 characters is also supported.


simple: Configure to transmit the password in plain text.

level-1: Configure authentication password for L1.

level-2: Configure authentication password for L2.



The configuration of ip or osi authentication password is independent of the real network environment.

Description

■ Use the isis authentication-mode command to configure IS-IS to authenticate hello packets of the corresponding level, in the specified mode and with the specified password on the IS-IS interface.

■ Use the undo isis authentication-mode command to cancel authentication and delete the password at the same time.

By default, the password is not set and no authentication is executed.

If the password is set, but no parameter is specified, the default settings are level-1, and osi.

Related commands: area-authentication-mode, domain-authentication-mode.

Example

Set the authentication password tangier in plain text for the Level-1 hello packets on Interface Vlan-interface 1.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis authentication-mode simple tangier level-1

isis circuit-level Syntaxisis circuit-level [ level-1 | level-1-2 | level-2 ]

undo isis circuit-level

View

VLAN interface view


Parameter

level-1: Configure the current interface to send only Level-1 hello packets and to form only Level-1 adjacencies.

level-1-2: Configure the current interface to send Level-1 and Level-2 hello packets and to form Level-1 and Level-2 adjacencies.

level-2: Configure the current interface to send only Level-2 hello packets and to form only Level-2 adjacencies.

Description

Use the isis circuit-level command to configure the circuit type.

Use the undo isis circuit-level command to restore the default setting.

By default, the value is level-1-2.

This command is only applicable to a level-1-2 router. If the local router is a level-1-2 router and it is required to establish an adjacency with the peer router on a certain level (level-1 or level-2), this command can specify that the interface send and receive hello packets of this level. Certainly, only one type of hello packet is sent and received on the point-to-point link. In this way, excessive processing is avoided, and the bandwidth is saved.

Related commands: is-level.

Example

When interface Vlan-interface 1 is connected with a non-backbone router in the same area, you can set this interface as level-1, prohibiting the sending and receiving of level-2 hello packets.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis enable[SW7700-Vlan-interface1]isis circuit-level level-1

isis cost Syntaxisis cost value [ level-1 | level-2 ]undo isis cost [ level-1 | level-2 ]

View

VLAN interface view

Parameter

value: Specify the link cost used in the SPF calculation of corresponding level. Its range is 0 to 63 for cost-style narrow. By default, the value is 10.

level-1: indicate that the link cost corresponds to level-1.

level-2: indicate that the link cost corresponds to level-2

Description

■ Use the isis cost command to configure the link cost of this interface when performing SPF calculation.


■ Use the undo isis cost command to restore the default link cost.

If neither Level 1 nor Level 2 is specified in the configuration, level-1 will be the default value.

We recommend that you configure the appropriate link cost for all the interfaces. Otherwise, the link cost in the calculation of IS-IS routes cannot reflect the desired link cost.

Example

Set the link cost of the Level-2 link on Interface Vlan-interface 1 to 5.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis cost 5 level-2

isis dis-priority Syntaxisis dis-priority value [ level-1 | level-2 ]

undo isis dis-priority [ level-1 | level-2 ]

View

VLAN interface view

Parameter

value: The priority used when selecting the designated intermediate system (DIS). Its value ranges 0 to 127, and the default priority is 64.

level-1: Specify the priority when selecting level-1 DIS.

level-2: Specify the priority when selecting level-2 DIS.

If the level is not specified, it defaults to setting the Level-1 priority.

Description

■ Use the isis dis-priority command to configure the priority of an interface for the DIS election.

■ Use the undo isis dis-priority command to restore the default priority.

The IS-IS protocol does not include the concept of a backup DIS. In addition, the router with the priority 0 can become the DIS, which is different from the DR election of OSPF.


Example

Set the priority of Interface Vlan-interface 1 to 127.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis dis-priority 127 level-2

isis enable Syntaxisis enable [ tag ]


undo isis enable [ tag ]

View

VLAN interface view

Parameter

tag: the name given to an IS-IS routing process, when the isis command in system view was executed. If not specified, it is null.

Description

■ Use the isis enable command to configure the interface to activate the corresponding IS-IS routing process.

■ Use the undo isis enable command to cancel this designation.

By default, the IS-IS routing process is not enabled on an interface.

For normal operation of the IS-IS protocol, the isis command must be used to enable the IS-IS process. Then the network-entity command is used to set a Network Entity Title (NET) for the router. Finally, the isis enable command is used to enable each interface on which the IS-IS process runs. The IS-IS protocol is actually enabled upon the completion of these configurations.

Related commands: isis, network-entity.

Example

Create an IS-IS routing process named “3Com”, and activate this routing process on interface Vlan-interface 1.

[SW7700]isis 3Com[SW7700-isis]network-entity 10.0001.1010.1020.1030.00[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis enable 3Com

isis mesh-group Syntaxisis mesh-group { mesh_group_number | mesh-blocked }

undo isis mesh-group

View

VLAN interface view

Parameter

mesh_group_number: Specify the mesh group number, ranging from 1 to 4294967295.

mesh-blocked: Configure to block a specified interface, so that it will not flood the received LSP to other interfaces.

Description

■ Use the isis mesh-group command to add an interface to a specified mesh group.


■ Use the undo isis mesh-group command to delete this interface from the mesh group.

By default, the interface does not belong to any mesh group and floods LSPs normally.

The interface beyond the mesh group floods the received LSP to other interfaces, following the normal procedure. This processing method applies to an NBMA network with higher connectivity, where redundant, point-to-point links cause repeated LSP flooding and waste bandwidth.

The interface joining a mesh group only floods the received LSP to the interfaces beyond the local mesh group.

Be sure to provide some redundancy when adding an interface to a mesh group or blocking it. This will minimize the potential for a loss of routing information that can occur when there is a link failure.

Example

Add interface Vlan-interface 1 to mesh group 3.

[SW7700-Vlan-interface1]isis mesh-group 3

isis timer csnp Syntaxisis timer csnp seconds [ level-1 | level-2 ]

undo isis timer csnp [ level-1 | level-2 ]

View

VLAN interface view

Parameter

seconds: Specify the complete sequence number packet (CSNP) packet interval on the broadcast network, ranging from 1 to 65535 and measured in seconds. By default, the value is 10 seconds.

level-1: Specify the Level-1 CSNP packet interval.

level-2: Specify the Level-2 CSNP packet interval.

Description

■ Use the isis timer csnp command to configure the interval of sending CSNP packets on the broadcast network.

■ Use the undo isis timer csnp command to restore the default value, that is, 10 seconds.

Only the DIS can periodically send CSNP packets, therefore, this command is valid only for the router that is selected as the DIS. Furthermore, the DIS are elected separately for level-1 and level-2, and their intervals of sending CSNP packets must be set respectively.


Example

Set the CSNP packet of Level-2 to be transmitted every 15 seconds on the interface Vlan-interface 1.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis timer csnp 15 level-2

isis timer dead Syntaxisis timer dead seconds [ level-1 | level-2 ]

undo isis timer dead [ level-1 | level-2 ]

View

VLAN interface view

Parameter

seconds: Specify the Hello failure interval for IS-IS neighbors, ranging from 9 to 65535 and measured in seconds. The default value is 30 seconds.

level-1: Specify the Hello failure interval for Level-1 IS-IS neighbors.

level-2: Specify the Hello failure interval for Level-2 IS-IS neighbors.

If the level is not specified, it defaults to setting the Hello failure interval of Level-1.

Description

■ Use the isis timer dead command to set the failure interval for an IS-IS neighbor.

■ Use the undo isis timer dead command to restore the default setting.

For the broadcast network, you can configure the neighbor Hello failure interval of Level-1 or Level-2 separately. However, it is not necessary for point-to-point links, because only one kind of Hello packet is applied.

The Hello failure interval is the hold-down time. If a router has not received a hello packet from a peer within the hold-down time, the link between the router and the peer is considered invalid. The hold-down time is based on the interface configuration, and the different routers in the same area can be configured with different hold-down values.

The dead-time value that is set on router A is the hold-down time that is used by neighboring router B to decide when to tear down their peer relationship.

Related command: isis timer hello.

Example

Set the failure interval for receiving Hello packets from an IS-IS neighbor on Vlan-interface 1 to 30s

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis enable[SW7700-Pos 1/0/0]isis timer dead 30 level-2


isis timer hello Syntaxisis timer hello seconds [ level-1 | level-2 ]

undo isis timer hello [ level-1 | level-2 ]

View

VLAN interface view

Parameter

seconds: Specify the Hello interval, ranging from 3 to 255 and measured in seconds. The default value is 10 seconds.

level-1: Specify the Level-1 Hello interval.

level-2: Specify the Level-2 Hello interval.

If the level is not specified, it defaults to Level-1.

Description

■ Use the isis timer hello command to configure the interval for sending hello packets.

■ Use the undo isis timer hello command to restore the default value of 10 seconds.

On a broadcast link, both level-1 and level-2 hello packets can be sent and their intervals should also be set. Such settings are unnecessary on point-to-point links. The shorter the sending interval is, the more system resources are occupied to send hello packets. Therefore, the interval should be set according to actual conditions.

Related command: isis timer dead.

Example

Set the Level-2 Hello packet to be transmitted every 20 seconds on Interface Vlan-interface 1.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis timer hello 20 level-2

isis timer lsp Syntaxisis timer lsp time

undo isis timer lsp

View

VLAN interface view

Parameter

time: Specify the LSP interval, ranging from 1 to 1000 and measured in milliseconds. The default value is 33 milliseconds.


Description

■ Use the isis timer lsp command to configure the IS-IS LSP interval on the interface.

■ Use the undo isis timer lsp command to restore the default setting.

Related command: isis timer retransmit.

Example

Set the LSP interval on Interface Vlan-interface 1 to 500 milliseconds.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis timer lsp 500

isis timer retransmit Syntaxisis timer retransmit seconds

undo isis timer retransmit

View

VLAN interface view

Parameter

seconds: Specify the retransmission interval of LSP packets, in seconds, in the range of 1 to 300 and a default value of 5 seconds.

Description

■ Use the isis timer retransmit command to configure the LSP retransmission interval over a point-to-point link.

■ Use the undo isis timer retransmit command to restore the default setting.

Use caution when setting this parameter to avoid unnecessary retransmission.

The response is required when sending LSP packets on a point-to-point link but not on a broadcast link. This command is unnecessary for a broadcast link.

Related command: isis timer lsp.

Example

Set the LSP retransmission interval to 10 seconds on Interface Vlan-interface 1.

[SW7700]interface Vlan-interface 1[SW7700-Vlan-interface1]isis timer retransmit 10

is-level Syntaxis-level { level-1 | level-1-2 | level-2 }

undo is-level

View

IS-IS view


Parameter

level-1: Configure the router to operate at Level-1, only calculate the intra-area routes and maintain the L1 LSDB.

level-1-2: Configure the router to operate at Level-2, calculate both the L1 and L2 routes and maintain an L1 and L2 LSDB.

level-2: Configure the router to operate at Level-2, only flood L2 LSPs and calculate L2 routes and maintain an L2 LSDB.

Description

■ Use the is-level command to configure the IS-IS level.

■ Use the undo is-level command to restore the default value.

By default, the value is level-1-2.

3Com recommends setting the system Level when you configure IS-IS.

If there is only one area, you are advised to set the level of all the routers to Level-1 or Level-2, because it is not necessary for all the routers to maintain two identical databases. You are advised to set all the routers to Level-2 for convenient future extension, when applying them to an IP network.

Related command: isis circuit-level.

Example

Set the current router to operate at Level-1.

[SW7700]isis[SW7700-isis]is-level level-1

log-peer-change Syntaxlog-peer-change

undo log-peer-change

View

IS-IS view

Parameter

None

Description

■ Use the log-peer-change command to log peer changes.

■ Use the undo log-peer-change command to prevent log peer changes.

By default, logging of peer changes is disabled.

After peer changes log is enabled, the IS-IS peer changes will be output on the configuration terminal until the log is disabled.


Example

Configure to output the IS-IS peer changes on the current router.

[SW7700-isis]log-peer-change

md5-compatible Syntaxmd5-compatibleundo md5-compatible

View

IS-IS view

Parameter

None

Description

Using the md5-compatible command, you can set the IS-IS to use the MD5 algorithm which is compatible with that of the other vendors. Using the undo md5-compatible command, you can return to the defaults.

By default, the system uses the MD5 algorithm in IS-IS which is compatible with that of 3Com.

You must configure this command when the switch needs to authenticate the devices of other vendors using MD5 algorithm in IS-IS.

Example

Set the IS-IS to use the MD5 algorithm compatible with that of the other vendors

[SW7700-isis] md5-compatible

network-entity Syntaxnetwork-entity NET

undo network-entity NET

View

IS-IS view

Parameter

NET: Specify the Network Entity Title in the X…X.XXXX....XXXX.00 format, in which the first “X…X” is the area address, the twelve Xs in the middle is the System ID of the router, and the 00 in the end is SEL.

Description

■ Use the network-entity command to configure the name of Network Entity Title (NET) of the IS-IS routing process.

■ Use the undo network-entity command to delete a NET.

By default, the value is No NET.

NET means the Network Service Access Point (NSAP). It consists of three parts. Part one is area ID, which is variable (1 to 13 bytes), and the area IDs of the routers in


the same area are identical. Part two is system ID (6 bytes) of this router, which must be unique in the whole area and backbone area. Part three, the last byte “SEL”, whose value must be “00”. So the NET field of IS-IS is 8 to 20 bytes. Usually, one router can be configured with one NET. When the area is redesigned by combination, separation, or after reconfiguration, the correctness and uniqueness of the NETs must be ensured.

Related commands: isis, isis enable.

Example

Specify NET as “10.0001.1010.1020.1030.00”, in which the system ID is “1010.1020.1030”, area ID is “10.0001”.

[SW7700]isis[SW7700-isis]network-entity 10.0001.1010.1020.1030.00

preference Syntaxpreference valueundo preference

View

IS-IS view

Parameter

value: Specify the preference, ranging from 1 to 255. By default, the value is 15.

Description

■ Use the preference command to configure the preference of IS-IS protocol.

■ Use the undo preference command to restore the default value.

Several dynamic routing protocols could run simultaneously on a router. In this case, there is an issue of sharing and selecting the routing information among all the routing protocols. The system sets a preference for each routing protocol; 1 is the highest preference and 255 the lowest. When various routing protocols find the route to the same destination, the protocol with the higher preference takes effect.

Example

Configure the preference of IS-IS to 25.

[SW7700-isis]preference 25

reset isis all Syntaxreset isis all

View

User view

Parameter

None


Description

Use the reset isis all command to reset all the IS-IS data structures.

This command is used when LSPs need refreshing immediately. For example, after area-authentication-mode and domain-authentication-mode commands are executed, the old LSPs still remain on the router. This command can be used to clear them.


Example

Reset all the IS-IS data structures.

<SW7700>reset isis all

reset isis peer Syntaxreset isis peer system-id

View

User view

Parameter

system-id: Specifies the system ID of IS-IS neighbor.

Description

Use the reset isis peer command to reset the specified IS-IS peer.

This command is used when you want to reset the peer relationship with a certain neighbor.

Example

Clear the IS-IS neighbor whose system ID is 0000.0c11.1111.

<SW7700>reset isis peer 0000.0c11.1111

set-overload Syntaxset-overload

undo set-overload

View

IS-IS view

Parameter

None

Description

■ Use the set-overload command to set overload flag for the current router.

■ Use the undo set-overload command to cancel the overload flag.


By default, no overload flag is set.

If a router is configured with the overload flag, the routes it calculates will be ignored by other routers in SPF calculation. (However the directly connected routes will not be ignored.) And other routers should not send this router the packets which would normally be forwarded by it.

Example

Set overload flag on the current router.

[SW7700-isis]set-overload

silent-interface Syntaxsilent-interface silent_interface_type silent_interface_number

undo silent-interface silent_interface_type silent_interface_number

View

IS-IS view

Parameter

silent_interface_type: Specifies the interface type.

silent_interface_number: Specifies the interface number.

Description

■ Use the silent-interface command to disable transmission of IS-IS packets on the specified interface.

■ Use the undo silent-interface command to enable transmission of IS-IS packets.

By default, all interfaces are allowed to transmit/receive IS-IS packets.

The silent-interface command is only used to suppress transmission of IS-IS packets on the interface, but the routing information for this interface will still be transmitted from other interfaces.

Example

Prohibit transmission of IS-IS packets to be transmitted via Interface Vlan-interface 3.

[SW7700-isis]silent-interface Vlan-interface 3

spf-delay-interval Syntaxspf-delay-interval number

undo spf-delay-interval

View

IS-IS view


Parameter

number: Specify number of routes, from 1000 to 50000, to process before releasing the CPU. The default value is 5000 routes.

Description

■ Use the spf-delay-interval command to configure the number of routes to process before releasing the CPU.

■ Use the undo spf-delay-interval command to restore the default setting.

When there are a large number of routes in the routing table, this command can be used to insure that CPU resources are released after a certain number of routes are processed. Processing of the unprocessed routes continues after one second. In this way, SPF calculation does not consume system resources for a long time or degrade the response time of the console.

The value of the parameter number can be adjusted according to the capacity of the routing table. If the spf-slice-size command is also configured, the SPF calculation will be paused when any limit is met.

By default, the CPU is released when 5000 routes are processed.

Related command: spf-slice-size.

Example

Set IS-IS to release CPU once after processing every 3000 routes.

[SW7700-isis]spf-delay-interval 3000

spf-slice-size Syntaxspf-slice-size seconds

undo spf-slice-size

View

IS-IS view

Parameter

seconds: Duration, in seconds, of one SPF calculation cycle in the range of 0 to 120. When the calculation duration time reaches or exceeds the set value, this slice of the calculation ends. If seconds is set to 0, it indicates that SPF calculation is not divided into slices and it will operate until the end. By default, the value is 0.

Description

■ Use the spf-slice-size command to configure whether to set slice and the duration time of one cycle when IS-IS performs SPF route calculation.

■ Use the undo spf-slice-size command to restore the default setting.

When there are a large number of routes in the routing table, this command can be used to enable the SPF calculation in slices to prevent it from occupying the system resources for an extended time.


The user is recommended to use the command when the number of routes reaches 150,000 or 200,000 and the value of seconds is recommended to be 1. In other cases, the default setting should be used, that is, SPF runs to the end with no slice.

If the spf-delay-interval command is also configured, when SPF calculation is run, the SPF calculation is paused if any limit is met.

Related command: spf-delay-interval.

Example

Set the SPF duration time to 1 second.

[SW7700-isis]spf-slice-size 1

summary Syntaxsummary ip-address mask [ level-1 | level-1-2 | level-2 ]

undo summary ip-address mask [ level-1 | level-1-2 | level-2 ]

View

IS-IS view

Parameter

ip-address: Aggregated network segment address.

mask: Aggregated network mask.

level-1: Configure to aggregate the routes imported into Level-1.

level-2: Configure to aggregate the routes imported into Level-2 routing table.

level-1-2: Configure to aggregate the routes imported into Level-1 and Level-2.

Description

■ Use the summary command to configure IS-IS route summary.

■ Use the undo summary command to cancel the summary.

By default, no routes are summarized.

Multiple routes with a “long” subnet mask and the same next hop can be aggregated into one route with a shorter subnet mask. For example, 11.1.1.0/24, 11.1.2.0/24, and 11.2.0.0/16 can be aggregated into 11.0.0.0/8. In this way, the sizes of the routing table, LSP packets and LSDB are reduced. The aggregated route can be either a route found by IS-IS protocol, or an imported route. Furthermore, the cost value of the aggregated route adopts the smallest cost of the routes aggregated.

Example

Set a route summary of 202.0.0.0/8.

[SW7700-isis]summary 202.0.0.0 255.0.0.0


timer lsp-max-age Syntaxtimer lsp-max-age seconds

undo timer lsp-max-age

View

IS-IS view

Parameter

seconds: Specifies the maximum lifetime of LSP, measured in seconds. The range is 1 to 65535. The default value is 1200 seconds.

Description

■ Use the timer lsp-max-age command to configure the maximum lifetime of an LSP generated by the current router.

■ Use the undo timer lsp-max-age command to restore the default value.

When the router generates an LSP for the system, it adds the maximum lifetime to it. When other routers receive this LSP, the lifetime decreases continuously as time goes. If an updated LSP has not been received before the old one times out, this LSP will be deleted from the LSDB.

Related commands: timer lsp-refresh.

Example

Set the lifetime of an LSP generated by the current system to 25 minutes, i.e., 1500 seconds.

[SW7700-isis]timer lsp-max-age 1500

timer lsp-refresh Syntaxtimer lsp-refresh seconds

undo timer lsp-refresh

View

IS-IS view

Parameter

seconds: Specifies the LSP refresh interval, measured in seconds. The range is 1 to 65535. The default value is 900 seconds.

Description

■ Use the timer lsp-refresh command to configure the refresh interval of LSP.

■ Use the undo timer lsp-refresh command to restore the default value, that is, 900 seconds.

Using this mechanism, the latest synchronization of the LSP within the entire area can be maintained.

Related command: timer lsp-max-age.


Example

Set the LSP refresh interval of the current system to 25 minutes, that is, 1500 seconds.

[SW7700-isis]timer lsp-refresh 1500

timer spf Syntaxtimer spf seconds [ level-1 | level-2 ]

undo timer spf [ level-1 | level-2 ]

View

IS-IS view

Parameter

seconds: Specifies the SPF calculation interval, ranging from 1 to 120 and measured in seconds. The default value is 5 seconds.

level-1: Sets Level-1 SPF calculation interval only.

level-2: Sets Level-2 SPF calculation interval only.

If the level is not specified, it defaults to setting the Level-1 SPF calculation interval.

Description

■ Use the timer spf command to configure the interval for the SPF calculation of corresponding level.

■ Use the undo timer spf command to restore the system default value, that is, 5 seconds.

Usually, when the LSDB of the corresponding level is changed, an SPF calculation is required. However, when the network is unstable and the LSDB changes frequently, if the SPF calculation is performed too frequently, the system efficiency will be lowered. In a severe condition, other services will be affected. By setting a proper interval for performing the SPF calculation, you can avoid the above situation. The interval for SPF calculation should not be set too long, because a long interval will prevent the current routing table from showing the actual network condition. The setting must be made according to actual conditions.

Example

Set the SPF calculation interval of the router to 3 seconds.

[SW7700-isis]timer spf 3

BGP Configuration Commands

This section describes the commands you can use to configure Border Gateway Protocol (BGP) on your Switch 7700.

For the commands defining routing policies in BGP, refer to the “Routing Policy” of the next chapter.

BGP Configuration Commands 229

aggregate Syntaxaggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]

undo aggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]

View

BGP view

Parameter

address: Address of the aggregated route.

mask: Network mask of the aggregated route.

Description

■ Using aggregate command, you can establish an aggregated record in the BGP routing table.

■ Using undo aggregate command, you can disable the function.

By default, there is no route aggregation.

Example

Create an aggregated record in BGP routing table.

[SW7700-bgp]aggregate 168.328.0.0 255.255.0.0

bgp Syntaxbgp as_number

undo bgp [ as_number ]

View

System view

Parameter

as_number: The specified local AS number.

Description

■ Use the bgp command to enable BGP and enter the BGP view.

■ Use the undo bgp command to disable BGP.

By default, the system does not run BGP.

This command is used to enable and disable BGP as well as to specify the local AS number of BGP.

Example

Enable BGP.


[SW7700]bgp 100[SW7700-bgp]

compare-different-as- med

Syntaxcompare-different-as-med

undo compare-different-as-med

View

BGP view

Parameter

none

Description

■ Use the compare-different-as-med command to enable comparison of MED values from different AS neighboring routes when determining the best route.

■ Use the undo compare-different-as-med command to disable the comparison.

By default, the comparison of MED attribute values from the routing paths of different AS peers is disabled.

If there are several routes available to one destination address, the route with smaller MED parameter can be selected as the final route item.

Do not use this command unless it is determined that the same IGP and routing selection mode are adopted by different autonomous systems.

Example[SW7700-bgp]compare-different-as-med

confederation id Syntaxconfederation id as_number

undo confederation id

View

BGP view

Parameter

as_number: The ID of BGP AS confederation. It is equal to the AS number which contains the AS numbers of multiple sub-ASs. The range is 1 to 65535.

Description

■ Use the confederation id command to configure confederation identifier.

■ Use the undo confederation id command to cancel the BGP confederation specified by as-number parameter.

By default, the confederation ID is not configured.


Confederation can be adopted to solve the problem of too many IBGP full connections in a large AS domain. The solution is, first dividing the AS domain into several smaller sub-ASs, and each sub-ASs remains full-connected. These sub-ASs form a confederation. Key IGP attributes of the route, such as next hop, MED, local preference, are not discarded across each sub-ASs. The sub-ASs still look like a whole from the point of view of a confederation although these sub-ASs have EBGP relations. This can assure the integrity of the former AS domain, and ease the problem of too many connections in the domain

Related commands: confederation nonstandard, confederation peer-as.

Example

Confederation 9 consists of four sub-ASs, namely, 38, 39, 40 and 41. Here, the peer 10.1.1.1 is an internal member of the AS confederation while the peer 200.1.1.1 is an external member of the AS confederation. For external members, Confederation 9 is a unified AS domain.

[SW7700]bgp 41[SW7700-bgp]confederation id 9[SW7700-bgp]confederation peer-as 38 39 40 [SW7700-bgp]group Confed38 external[SW7700-bgp]peer Confed38 as-number 38[SW7700-bgp]peer 10.1.1.1 group Confed38[SW7700-bgp]group Remote98 external[SW7700-bgp]peer Remote98 as-number 98[SW7700-bgp]peer 200.1.1.1 group Remote98

confederation nonstandard

Syntaxconfederation nonstandard

undo confederation nonstandard

View

BGP view

Parameter

None

Description

■ Use the confederation nonstandard command to configure the router to be compatible with routers not following RFC1965.

■ Use the undo confederation nonstandard command to disable this function.

By default, it is in accordance with RFC1965.

Related commands: confederation id, confederation peer-as.

Example

AS100 contains routers following nonstandard, which is composed of two sub-ASs, 64000 and 65000.

[SW7700]bgp 64000[SW7700-bgp]confederation id 100[SW7700-bgp]confederation peer-as 65000


[SW7700-bgp]confederation nonstandard

confederation peer-as Syntaxconfederation peer-as as_number-1 [... as_number_n ]

undo confederation peer-as [ as-number-1 ] [... as-number_n]

View

BGP view

Parameter

as-number_1...as-number_n: Sub-AS number. The range is 1 to 65535. 0 to 32 sub-autonomous systems can be configured.

Description

■ Use the confederation peer-as command to configure a confederation consisting of which sub-ASs.

■ Use the undo confederation peer-as command to cancel the specified sub-AS in the confederation.

By default, no autonomous system is configured as a member of the confederation.

Before this command is performed, the confederation ID should be configured by the confederation id command. Otherwise this configuration is invalid. The configured ASs in this command are inside the confederation and each AS uses fully meshed network. The confederation appears as a single AS to the routers outside it.

Related commands: confederation nonstandard, confederation id.

Example

Configure the confederation contains AS 2001 and 2002.

[SW7700-bgp]confederation peer-as 2000 2001

dampening Syntaxdampening [ half_life_reachable half_life_unreachable reuse suppress ceiling ] [ route-policy policy_name ]

undo dampening

View

BGP view

Parameter

half_life_reachable: Specify the semi-dampening when the route is reachable. The range is 1 to 45 minutes. By default, the value is 15 minutes.

half_life_unreachable: Specify the semi-dampening when the route is unreachable. The range is 1 to 45 minutes. By default, the value is 15 minutes.


reuse: The penalty value of a route when it start to be reused. The range is 1 to 20000. By default, the value is 750.

suppress: The penalty threshold of a route when it start to be suppressed. The range is 1 to 20000. By default, the value is 2000.

ceiling: The upper threshold of the penalty. The range is 1001 to 20000. By default, the value is 16000.

policy_name: Configure route policy name.

If the parameters are not set, the BGP route attenuation is valid and each parameter is taken as the default value. The parameters are mutually dependent. Once any parameter is configured, all other parameters should also be specified.

Description

■ Use the dampening command to make BGP route attenuation valid or modify various BGP route attenuation parameters.

■ Use the undo dampening command to make the characteristics invalid.

By default, no route attenuation is configured.

Related commands: reset dampening, reset bgp flap-info, display bgp routing-table dampening, display bgp routing-table flap-info.

Example[SW7700-bgp]dampening 15 15 1000 2000 10000

debugging bgp Syntaxdebugging bgp { all | event | normal | { keepalive | mp-update | open | packet | route-refresh | update } [ receive | send ] [ verbose ]

undo debugging bgp { all | event | normal | keepalive | mp-update | open | packet | route-refresh | update }

View

User view

Parameter

all: Indicating to enable all BGP information debugging.

event: Indicating to enable BGP event information debugging.

normal: Indicating to enable information debugging of BGP normal functions.

keepalive: Indicating to enable BGP Keepalive packet information debugging.

mp-update: indicating to enable MBGP Update packet information debugging.

open: Indicating to enable BGP Open packet information debugging.

packet: Indicating to enable BGP packet information debugging.


route-refresh: Indicating to enable BGP route-refresh packet information debugging.

update: Indicating to enable BGP Update packet information debugging.

receive: Information of receiving packets.

send: Information of sending packets.

verbose: Detailed information.

Description

■ Use the debugging bgp all command to enable all the information debugging of BGP packet and events.

■ Use the debugging bgp event command to enable the information debugging of BGP events

■ Use the debugging bgp keepalive command, to enable the information debugging of BGP Keepalive packets.

■ Use the debugging bgp packet command to enable the information debugging of BGP packets.

■ Use the undo debugging bgp command to disable the debugging functions.

Example

# Enable the information debugging of BGP packets.

<SW7700>debugging bgp packet

default local-preference Syntaxdefault local-preference value

undo default local-preference

View

BGP view

Parameter

value: Default local preference to be configured. The range is 0 to 4294967295. By default, its value is 100.

Description

■ Use the default local-preference command to configure the default local preference.

■ Use the undo default local-preference command to restore the default value.

Configuring different local preferences will affect BGP routing selection. When a router running BGP gets routes with the same destination address but different next hops through different internal peers, it will select the route of highest local preference to this destination.


Example

The two routers RTA and RTB in the same autonomous area use X.25 and Frame Relay protocols separately to connect with external autonomous areas. The command can be used to configure the default local preference of RTB as 180 so that the route via RTB is selected first when the same route goes through RTA and RTB at the same time.

[SW7700-bgp]default local-preference 180

default med Syntaxdefault med med_value

undo default med

View

BGP view.

Parameter

med_value: MED value to be specified. The range is 0 to 4294967295. By default, the med-value is 0.

Description

■ Use the default med command to configure the default system metric.

■ Use the undo default med command to restore the default metric of the system.

In the case that all other conditions are the same, the system first selects the route with the smaller MED value as the external route of the autonomous system.

Example

Routers RTA and RTB belong to AS100 and router RTC belongs to AS200. RTC is the peer of RTA and RTB. The network between RTA and RTC is X.25 network and the network between RTB and RTC is Ethernet. So the MED of RTA can be configured as 25 to allow RTC to select the route transmitted by RTB first.

[SW7700-bgp]default med 25

display bgp group Syntaxdisplay bgp group [ group_name ]

View

All views

Parameter

group_name: Specified a peer group.

Description

Use the display bgp group command to view the information of peer groups.


Example

View the information of the peer group aaa.

<SW7700>display bgp group aaaGroup : aaa type : external as-number : 200members in this group : 10.1.1.1 11.1.1.1 configuration within the group : no export policy route-policy no export policy filter-policy no export policy acl no export policy ip-prefix route-policy specified in import policy : aaa no import policy filter-policy no import policy acl no import policy ip-prefix no default route produce

display bgp network Syntaxdisplay bgp network

View

All views

Parameter

none

Description

Use the display bgp network command to view the routing information that has been configured.

Example

Display the routing information that has been configured.

<SW7700>display bgp network Network Mask Route-policy133.1.1.0 255.255.255.0 None112.1.0.0 255.255.0.0 None

Table 19 Information Generated by the display bgp group Command

Field Description

Group Name of peer group

type Type of peer group: IBGP or EBGP

as-number AS number of peer group

members in this group Members in this peer group

route-policy Name of configured route policy

filter-policy Configured export and import route filter for BGP

acl Configured access control list

ip-prefix Configured IP address prefix list


display bgp paths Syntaxdisplay bgp paths as-regular-expression

View

All views

Parameter

as_regular_expression: Matched AS path regular expression.

Description

Use the display bgp paths command to view the information about AS paths

Example

Display the information about the AS paths.

<SW7700>display bgp paths ^600$Flags: # - valid, ^ - best,

D - damped, H - history, I - internal, S aggregate suppressed

Id Hash-Index References Aggregator Origin As-Path--------------------------------------------------------------------6 90 15 <null> IGP 600

Table 20 Information Generated by the display bgp network Command

Field Description

Network Network address

Mask Mask

Route-policy Configured route policy

Table 21 Information Generated by the display bgp paths Command

Field Description

Flags State flags: # - valid (valid) ^ - best (selected) D - damped (discarded) H - history (history) I - internal (interior gateway protocol) S - aggregate suppressed (suppressed)

Id Value of sequence number

Hash-Index Value of Hash-index

References Number of routes with reference

Aggregator Mask length of aggregate route

Origin Origin attribute of route, which indicates that the route updates its origin relative to the route originating it from AS. It has three optional values:

IGP: The route belongs to inside of AS. BGP treats aggregate route and the route defined by the command network as inside of AS, and origin type as IGP.

EGP The route is learned from exterior gateway protocol (EGP).

INC Short for INCOMPLETE: indicates that the original source of the route information is unknown (learned by other methods). BGP sets the origin of the route imported through other IGP protocols as INCOMPLETE


display bgp peer Syntaxdisplay bgp peer peer_address verbose

display bgp peer [ verbose ]

View

All views

Parameter

peer_address: Specify the peer to be displayed.

Description

Use the display bgp peer command to view the information about BGP peers.

Example

Display the detail information of the peer 10.110.25.20.

<SW7700>display bgp peer 10.110.25.20 verbose Peer: 10.110.25.20 Local: Unspecified Type: External State: Idle Flags: <Idled> Last State: NoState Last Event: NoEvent Last Error: None Options: <>

Configuration within the peer : no export policy route-policy no export policy ip-prefix no export policy filter-policy no export policy acl no import policy route-policy no import policy ip-prefix no import policy filter-policy no import policy aclno default route produce

As-path AS-path attribute of route, which records all AS areas that the route passes. With it, routing loops can be avoided

Table 21 Information Generated by the display bgp paths Command

Table 22 Information Generated by the display bgp peer verbose Command

Field Description

Peer IP address of peer and port number used by the peer to establish TCP connection

Local IP address and port number used to establish TCP connection of local end

Type Type of peer: Internal for IBGP and External for EBGP

State State of peer

Flags Flags of peer

Last State Last state before entering current state

Last Event Last event of neighbor state machine


display bgp routing-table

Syntaxdisplay bgp routing-table [ ip-address [ ip-mask ]]

View

All views

Parameter

ip_address: Destination of the network.

ip_mask: Mask of the network.

Description

Use the display bgp routing-table command to view all the BGP routing information.

Example

Display all the BGP routing information.

<SW7700>display bgp routing-tableFlags: # - valid, ^ - best,


Dest/Mask Pref Next-Hop Med Local-Pref Origin As-Path--------------------------------------------------------------------*> 1.1.1.0/24 10.10.10.1 IGP 200 *> 1.1.2.0/24 10.10.10.1 IGP 200 *> 1.1.3.0/24 10.10.10.1 IGP 200 *> 2.2.3.0/24 10.10.10.1 INC 200 *> 4.4.4.0/24 10.10.10.1 IGP 200 *> 9.9.9.0/24 10.10.10.1 INC 200 *> 10.10.10.0/24 0.0.0.0 IGP * 10.10.10.1 IGP 200

Last Error Last error of neighbor state machine

Options Options

Table 22 Information Generated by the display bgp peer verbose Command

Table 23 Information Generated by the display bgp routing-table Command

Field Description


Dest/Mask Destination address/Mask

Pref Preference

Next Hop IP address of next hop

Med MULTI_EXIT_DISC attribute value, which ranges from 0 to 4294967295

Local-Pref Local preference, which ranges from 0 to 4294967295


display bgp routing-table as-path-acl

Syntaxdisplay bgp routing-table as-path-acl acl_number

View

All views

Parameter

acl_number: Specify matched AS path list number ranging from 1 to 199.

Description

Use the display bgp routing-table as-path-acl command to view routes that match an as-path acl

Example

Display routes that match the as-path-acl 1.

<SW7700>display bgp routing-table as-path-acl 1Flags: # - valid, ^ - best,


Dest/Mask Pref Next-Hop Med Local-pref Origin As-path--------------------------------------------------------------------#^ 1.1.1.0/24 256 10.10.10.1 0 IGP 200 #^ 1.1.2.0/24 256 10.10.10.1 0 IGP 200 #^ 1.1.3.0/24 256 10.10.10.1 0 IGP 200#^ 2.2.3.0/24 256 10.10.10.1 0 INC 200#^ 4.4.4.0/24 256 10.10.10.1 0 INC 200#^ 9.9.9.0/24 256 10.10.10.1 0 INC 200#^ 10.10.10.0/24 256 10.10.10.1 0 IGP 200#^ 22.1.0.0/16 256 200.1.7.2 100 INC 200 # 88.1.0.0/16 60 0.0.0.0 IGP


IGP The route belongs to inside of AS. BGP treats aggregate route and the route defined by the command network as inside of AS, and origin type as IGP.




Table 23 Information Generated by the display bgp routing-table Command

Table 24 Information Generated by the display bgp routing-table as-path-acl Command

Field Description

Dest/Mask Destination address/Mask

Pref Preference


display bgp routing-table cidr

Syntaxdisplay bgp routing-table cidr

View

All views

Parameter

None

Description

Use the display bgp routing-table cidr command to view the routing information about the non-natural mask (namely the classless interdomain routing, CIDR).

Example<SW7700>display bgp routing-table cidrFlags: # - valid, ^ - best,


Dest/Mask Pref Next-Hop Med Local-prefOrigin As-path-------------------------------------------------------------------- #^ 22.1.0.0/16 256 200.1.7.2 100 INC 200# 88.1.0.0/16 60 0.0.0.0 IGP

For detailed description of the output information, see Table 23.


community

Syntaxdisplay bgp routing-table community [ aa:nn | no-export-subconfed | no-advertise | no-export ]* [ whole-match ]

View

All views

Nexthop IP address of next hop

Med MULTI_EXIT_DISC attribute value

Local-pref Local preference






Table 24 Information Generated by the display bgp routing-table as-path-acl Command


Parameter

aa:nn: Specify a community number.

no-export-subconfed: Do not send matched routes outside AS.

no-advertise: Send matched route to no peers.

no-export: Do not pass a route through AS but advertise it to other sub ASs.

whole-match: Display the exactly matched routes.

Description

Use the display bgp routing-table community command to view the routing information related to the specified BGP community number in the routing table.

Example

Display the routing information matching BGP community number 11:22.

<SW7700>display bgp routing-table community 11:22Flags: # - valid, ^ - best,


Dest/Mask Pref Next-Hop Med Local-prefOrigin As-path--------------------------------------------------------------------#^ 1.0.0.0/8 256 172.10.0.2 100 IGP #^ 2.0.0.0/8 256 172.10.0.2 100 IGP

For a detailed description of the output information, see Table 23.


community-list

Syntaxdisplay bgp routing-table community-list community_list_number [ whole-match ]

View

All views

Parameter

community_list_number: Specify a community-list.

whole-match: Display routes that are exact matches.

Description

Use the display bgp routing-table community-list command to view the routing information matching the specified BGP community list.

Example

Display the routing information matching BGP community list 1.

[SW7700]display bgp routing-table community-list 1Flags: # - valid, ^ - best,



Destination/MaskPref Next-hop Med Local-PrefOrigin As-Path-------------------------------------------------------------------1.1.1.0/24 256 10.10.10.1 0 IGP 2001.1.2.0/24 256 10.10.10.1 0 IGP 2001.1.3.0/24 256 10.10.10.1 0 IGP 2002.2.3.0/24 256 10.10.10.1 0 INC 2004.4.4.0/24 256 10.10.10.1 0 INC 2009.9.9.0/24 256 10.10.10.1 0 INC 20010.10.10.0/24 0 10.10.10.2 0 IGP10.10.10.0/24 256 10.10.10.1 0 IGP 200


display bgp routing-table dampened

Syntaxdisplay bgp routing-table dampening

View

All views

Parameter

None

Description

Use the display bgp routing-table dampened command to view BGP dampened routes.

Example

View BGP dampened information.

<SW7700>display bgp routing-table dampenedFlags: # - valid, ^ - best, D - damped, H - history, I - internal, S aggregate suppressed

Dest/Mask Source Damping-limit Origin As-path-----------------------------------------------------------------#D 11.1.0.0/16 133.1.1.2 1:20:00 IGP 200

Table 25 Information Generated by the display bgp routing-table dampened Command

Item Description


#D The valid and damped route

Dest/Mask The dampened route to the destination network 11.1.0.0

Source The nexthop of the route

Damping-limit The time before dampening turns invalid and the route can be reused.




different-origin-as

Syntaxdisplay bgp routing-table different-origin-as

View

All views

Parameter

none

Description

Use the display bgp routing-table different-origin-as command to view routes that have different source autonomous systems

Example

View the routes that have different source ASs.

<SW7700>display bgp routing-table different-origin-asFlags: # - valid, ^ - best,

D - damped, H - history, I - internal, S – aggregate suppressed

Destination/MaskPref Next-hop Med Local-Pref Origin As-Path------------------------------------------------------------------10.10.10.0/24 0 10.10.10.2 0 IGP 10.10.10.0/24256 10.10.10.1 0 IGP 200


display bgp routing-table flap-info

Syntaxdisplay bgp routing-table flap-info [ { regular-expression as_regular_expression } | { as-path-acl acl_number } | { network_address [ mask [ longer-match ] ] } ]

View

All views

Parameter

as_regular_expression: The route flap-info matching AS path regular expression.





Table 25 Information Generated by the display bgp routing-table dampened Command


acl_number: Number of the specified AS path to be matched, ranging 1 to 199.

network_address: Network IP address related to the dampening information to be shown

mask: Network mask.

longer-match: Show the route flap-info that is more specific than address, mask.

Description

Use the display bgp routing-table flap-info command to view BGP flap-info.


Example

Display BGP flap-info.

<SW7700>display bgp routing-table flap-infoFlags: # - valid, ^ - best,


Dest/Mask Source Keepup-timeDamping-limitFlap-timesOriginAs-path--------------------------------------------------------------------#D 11.1.0.0/16133.1.1.2 48 1:20:30 4 IGP 200

display bgp routing-table peer

Syntaxdisplay bgp routing-table peer peer_address { advertised | received } [ network-address [ mask ] | statistic ]

View

All views

Parameter

peer_address: Specifies the peer to be displayed.

advertised: Routing information advertised by the specified peer.

received: Routing information the specified peer received.

Table 26 Description of Information Generated by the display bgp routing-table flap-info Command

Item Description


#D The valid and damped route

Dest/Mask The dampened route to the destination network 11.1.0.0

Source The nexthop of the route

Keepup-time The time that route damping has continued

Damping-limit The time before dampening turns invalid and the route can be reused.

Flap-times The times of the route flap







network-address mask: IP address and address mask of the destination network.

statistic: Statistic routing information of the peer.

Description

Use the display bgp routing-table peer command to view the routing information the specified BGP peer advertised or received.

Example

Display the routing information advertised by BGP peer 10.10.10.1.

[SW7700]display bgp routing table peer 10.10.10.1 advertisedFlags: # - valid, ^ - best,


Dest/mask Next-Hop Med Local-pref Origin As-path*>10.10.10.0/24 0.0.0.0 INC



regular-expression

Syntaxdisplay bgp routing-table regular-expression as-regular-expression

View

All views

Parameter

as-regular-expression: Matched AS regular expression.

Description

Use the display bgp routing-table regular-expression command to view the routing information matching the specified AS regular expression

Example

Display the routing information matched with ^200$.

<SW7700>display bgp routing-table regular-expression ^200$Flags: # - valid, ^ - best,


Destination/MaskPref Next-hop Med Local-PrefOriginPath--------------------------------------------------------------------1.1.1.0/24 256 10.10.10.1 0 IGP 200 1.1.2.0/24 256 10.10.10.1 0 IGP 200 1.1.3.0/24 256 10.10.10.1 0 IGP 200 2.2.3.0/24 256 10.10.10.1 0 INC 200 4.4.4.0/24 256 10.10.10.1 0 IGP 200 9.9.9.0/24 256 10.10.10.1 0 INC 200 10.10.10.0/24 256 0.10.10.1 0 IGP 200



filter-policy export Syntaxfilter-policy { acl_number | ip-prefix ip_prefix_name } export [ protocol ]

undo filter-policy { acl_number | ip-prefix ip_prefix_name } export [ protocol ]

View

BGP view

Parameter

acl_number: Number of IP access control list.

ip_prefix_name: Number of ip prefix list.

protocol: Specified protocols advertising routing information which include direct, ospf, ospf-ase, ospf-nssa, rip and static.

Description

■ Use the filter-policy export command to filter the advertised routes and only the routes passing the filter can be advertised by BGP.

■ Use the undo filter-policy export command to cancel filtering of advertised routes.

By default, filtration of the received routing information is not configured.

If the parameter protocol is specified, only the imported route generated by the specified protocol is filtered and the imported routes generated by other protocols are not affected. If the parameter protocol is not specified, the imported route generated by any protocol will be filtered.

Example

Use acl 3 to filter the routing information advertised by BGP.

[SW7700-bgp]filter-policy 3 export

filter-policy import Syntaxfilter-policy gateway ip_prefix_name import

undo filter-policy gateway ip_prefix_name import

filter-policy { acl-number | ip-prefix ip_prefix_name } import

undo filter-policy { acl-number | ip-prefix ip_prefix_name } import

View

BGP view

Parameter

acl_number: Number of IP access control list.

ip_prefix_name: Number of address prefix list.


Description

■ Use the filter-policy gateway import command to filter the learned routing information advertised by the specified address.

■ Use the undo filter-policy gateway import command to cancel the filtration to the routing information advertised by the specified address.

■ Use the filter-policy import command to filter the received global routing information.

■ Use the undo filter-policy import command to remove the filtration to the received global routing information.

By default, filtration to the received routing information is not configured.

This command can be used to filter the routes received by BGP and determines whether to add the routes to the BGP routing table.

Example

Use acl 3 to filter the routing information received by BGP.

[SW7700-bgp]filter-policy 3 import

group Syntaxgroup group_name [ internal | external ]

undo group group_name

View

BGP view

Parameter

group-name: Specify the name of the peer group.

internal: Specify the type of the peer group as IBGP.

external: Specify the type of the peer group as EBGP.

Description

■ Use the group group_name command to establish a peer group.

■ Use the undo group group_name command to cancel the configured peer group.

The default type of BGP peer group is internal.

The external peer group members must be in the same network segment. Otherwise, some EBGP peers may discard the transmitted route update.

Example

Create a BGP group named test.

[SW7700-bgp]group test


import-route Syntaximport-route protocol [ med med_value | route-policy route_policy_name ]*


View

BGP view

Parameter

protocol: Specify source routing protocols which can be imported, which include direct, ospf, ospf-nssa , ospf-ase, rip, isis and static at present.

med med_value: Specify the MED value loaded by a redistributes route, ranging from 0 to 4294967295.

route-policy route_policy_name: Specify a route-policy.

Description

■ Use the import-route command to import routes of other protocols.

■ Use the undo import-route command to cancel redistributing routes of other protocols.

By default, BGP does not import routes of other protocols.

Example

Import routes of RIP.

[SW7700-bgp]import-route rip

ip as-path acl Syntaxip as-path acl acl_number { permit | deny } as_regular_expression

undo ip as-path acl acl_number

View

System view

Parameter

acl_number: Number of AS path list ranging from 1 to 199.

as_regular_expression: AS regular expression.

Description

■ Use the ip as-path acl command to configure an AS path regular expression.

■ Use the undo ip as-path acl command to disable the defined regular expression.

The configured AS path list can be used in BGP policy.


Related commands: peer as-path-acl, display bgp routing-table as-path-acl.

Example

Configure an AS path list.

[SW7700]ip as-path acl 10 permit 200,300

ip community-list Syntaxip community-list stand-comm-list-number { permit | deny } [ aa:nn | internet | no-export-subconfed | no-advertise | no-export ]

ip community-list ext-comm-list-number { permit | deny } as-regular-expression

undo ip community-list { stand-comm-list-number | ext-comm-list-number }

View

System view

Parameter

stand_comm_list_number: Number of the standard community list ranging from 1 to 99.

ext_comm_list_number: Number of the extended community list ranging from 100 to 199.

permit: Permit those that match conditions to access.

deny: Deny those that match conditions to access.

aa:nn: Community number.

internet: Advertise all routes.

no-export-subconfed: Used not to advertise the matched route beyond the confederation.

no-advertise: Used not to send the matched route to any peer.

no-export: Advertise routes to other autonomous sub-systems rather than the system outside of the autonomous system.

as_regular_expression: Community attribute of the regular expression.

Description

■ Use the ip community-list command to configure a BGP community list.

■ Use the undo ip community-list command to cancel the configured BGP community list.

The configured community list can be used in BGP policy.


Related commands: apply community, display bgp routing-table community-list.

Example

Define a community attribute list which does not advertise routes with the community attribute beyond the confederation.

[SW7700]ip community-list 6 permit no-export-subconfed

network Syntaxnetwork ip_address [ address_mask ] [ route-policy route_policy_name ]undo network ip_address [ address_mask ] [ route-policy route-policy-name ]

View

BGP view

Parameter

ip_address: Network address that BGP advertises.

address_mask: Mask of the network address.

route_policy_name: Route-policy applied to advertised routes.

Description

■ Use the network command to configure the network routes advertised by the local BGP.

■ Use the undo network command to cancel the existing configuration.

By default, no networks are sent through BGP

Example

Advertise routes to network segment 10.0.0.0/16.

[SW7700-bgp]network 10.0.0.1 255.255.0.0

peer advertise-community

Syntaxpeer group_name advertise-community

undo peer group_name advertise-community

View

BGP view

Parameter

group_name: Name of peer group.

Description

■ Use the peer advertise-community command to enable the transmission of the community attribute to a peer group.


■ Use the undo peer advertise-community command to cancel the existing configuration.

By default, the community attribute is not transmitted to any peer group.

Related commands: if-match community-list, apply community.

Example

Transmit community attribute to the peer group name test.

[SW7700-bgp]peer test advertise-community

peer allow-as-loop Syntaxpeer { group-name | peer_address } allow-as-loop [ number ]

undo peer { group_name | peer_address } allow-as-loop

View

BGP view

Parameter

group_name: Specify name of the peer group.

peer_address: Specify IP address of the peer.

number: Specify the repeating times of local AS, ranging from 1 to 10.

Description

■ Use the peer allow-as-loop command to configure the repeating time of local AS.

■ Use the undo peer allow-as-loop command to remove the repeating time of local AS.

Related commands: display current-configuration, display bgp routing-table peer, display bgp routing-table group

Example

Specify to configure the repeating times of local AS to 2.

[SW7700-bgp]peer 1.1.1.1 allow-as-loop 2

peer as-number Syntaxpeer group-name as-number as-number

undo peer group-name as-number

View

BGP view

Parameter



as_number: The AS number of the peer/peer group, the range is 1 to 10.

Description

■ Use the peer as-number command to configure the AS number of peer group.

■ Use the undo peer as-number command to delete the AS number of peer group.

By default, no AS number of the peer group is configured.

Example

Specify the peer AS number for the peer test as 100.

[SW7700-bgp]peer test as-number 100

peer as-path-acl export Syntaxpeer group-name as-path-acl acl-number export

undo peer group-name as-path-acl acl-number export

View

BGP view

Parameter

group_name: Specify name of the peer group.

acl_number: Specify the filter list number of an AS regular expression. The range is 1 to 199.

export: For the advertised routes.

Description

■ Use the peer as-path-acl export command to configure the filtering Policy of BGP advertised routes based on the AS path list.

■ Use the undo peer as-path-acl export command to cancel the existing configuration.

By default, the peer group has no AS path list.

This command can only be configured on a peer group.

Related commands: peer as-path-acl import.

Example

Set the AS path ACL of the peer group test.

[SW7700-bgp]peer test as-path-acl 3 export

peer as-path-acl import Syntax

peer { group-name | peer-address } as-path-acl acl-number import

undo peer { group-name | peer-address } as-path-acl acl-number import


View

BGP view

Parameter

group-name: Specify name of the peer group.

peer-address: Specify IP address of the peer.

acl-number: Specify the filter list number of an AS regular expression. The range is 1 to 199.

import: For the received routes.

Description

Using the peer as-path-acl import command, you can configure filtering Policy of BGP received routes based on AS path list. Using the undo peer as-path-acl import command, you can cancel the existing configuration.

By default, the peer/peer group has no AS path list.

Related commands: peer as-path-acl export

Example

Set the AS path ACL of the peer group test to filter BGP received routes.

[SW7700-bgp] peer test as-path-acl 3 import

peer connect-interface Syntaxpeer { group_name | peer_address } connect-interface interface_name

undo peer { group_name | peer_address } connect-interface interface_name

View

BGP view

Parameter

group_name: Specified peer group.

peer_address: IP address of the peer.

interface_name: Interface name.

Description

■ Use the peer connect-interface command to specify the source interface of a route update packet.

■ Use the undo peer connect-interface command to restore the best source interface.

By default, BGP uses the best source interface.


Usually, BGP uses the optimal route to update the source interface of the packets. However, you can set the mode of the interface to Loopback in order to send route updates even if the interface is not working normally.

Example

Specify Vlan-interface1 as the source interface of a route update packet.

[SW7700-bgp]peer test connect-interface vlan-interface 1

peer default-route-advertise

Syntaxpeer group-name default-route-advertise

undo peer group-name default-route-advertise

View

BGP view

Parameter

group-name: Specify name of the peer group.

Description

■ Use the peer default-route-advertise command to configure a peer group to generate a default route for a peer.

■ Use the undo peer default-route-advertise command to cancel the existing configuration.

By default, a peer group does not import the default route.

For this command, no default route needs to exist in the routing table. A default route is sent unconditionally to a peer with the next hop as itself.

Related command: default-route-advertise.

Example

Configure a peer group named test to generate a default route.

[SW7700-bgp]peer test default-route-advertise

peer description Syntaxpeer { group_name | peer_address } description description_line

undo peer { group_name | peer_address } description

View

BGP view

Parameter

group_name: Group name.

peer_address: Address of the peer.


description_line: Description information configured, which can be letters or figures.

Description

■ Use the peer description command to configure the description information of the peer/peer group.

■ Use the undo peer description command to cancel the description information of the peer/peer group.

By default, description information of peers/peer group is not configured.

Related commands: display current-configuration, display bgp routing-table peer, display bgp routing-table group.

Example

Set the description information of the peer whose name is group1 to marlborough1.

[SW7700-bgp]peer group1 description marlborough1

peer ebgp-max-hop Syntaxpeer group-name ebgp-max-hop [ ttl ]

undo peer group-name ebgp-max-hop

View

BGP view

Parameter

group_name: Specify Name of the peer group.

ttl: Maximum hop value. The range is 1 to 255. By default, the value is 64.

Description

■ Use the peer ebgp-max-hop command to allow to establishing EBGP connections with the peers on indirectly connected networks.

■ Use the undo peer ebgp-max-hop command to cancel the existing configuration.

By default, this feature is disabled.

Example

Allow to establish an EBGP connection with the peer group names “test” that is indirectly connected.

[SW7700-bgp]peer test ebgp-max-hop

peer enable Syntaxpeer { group_name | peer_address } enable

undo peer { group_name | peer_address } enable


View

BGP view

Parameter

group_name: Specify the name of the peer group which specifies the entire peer group.

peer_address: IP address of a peer, which specifies a certain peer.

Description

■ Use the peer enable command to enable the specified peer/peer group.

■ Use the undo peer enable command to disable the specified peer/peer group.

By default, BGP peer/peer group is enabled.

If the specified peer/peer group is disabled, the router will not exchange routing information with the specified peer/peer group.

Example

Disable the specified peer.

[SW7700]peer 18.10.0.9 group group1[SW7700-bgp]undo peer 18.10.0.9 enable

peer filter-policy export Syntaxpeer group_name filter-policy acl-number export

undo peer group_name filter-policy acl-number export

View

BGP view

Parameter

group_name: Specify the name of the peer group.

peer_address: Specify the IP address of the peer.

acl_number: Specify an IP acl number ranging from 1 to 199.

export: Egress filter policy.

Description

■ Use the peer filter-policy export command to configure the filter-policy list of routes advertised by a peer group.

■ Use the undo peer filter-policy export command to cancel the existing configuration.

By default, a peer/peer group has no access control list (acl).

Related commands: peer filter-policy import, ip as-path-acl, peer as-path-acl export and peer as-path-acl import.


Example

Set the filter-policy list of a peer group test.

[SW7700-bgp]peer test filter-policy 3 export

peer filter-policy import Syntaxpeer { group-name | peer-address } filter-policy acl-number import

undo peer { group-name | peer-address } filter-policy acl-number import

View

BGP view

Parameter


peer-address: Specify the IP address of the peer.

acl-number: Specify an IP acl number, ranging from 1 to 199.

import: Ingress filter policy.

Description

Using the peer filter-policy import command, you can configure the filter-policy list of the routes received by a peer/peer group. Using the undo peer filter-policy import command, you can cancel the existing configuration.

By default, a peer/peer group has no access control list (acl).

Related commands: peer filter-policy export, ip as-path-acl, peer as-path-acl export and peer as-path-acl import.

Example

Set the filter-policy list of a peer group test.

[SW7700-bgp] peer test as-number 100[SW7700-bgp] peer test filter-policy 3 import

peer group Syntaxpeer peer_address group group_name [ as-number as-number ]

undo peer peer_address group

View

BGP view

Parameter


peer_address: Specify the IP address of the peer.


Description

■ Use the peer group command to add a peer to the existing peer group.

■ Use the undo peer group command to delete the specified peer.

When adding a peer to a EBGP peer group without an AS number, you should also specify the peer’s AS number. While adding a peer to a IBGP peer group or to a EBGP peer group with an AS number, you do not need to specify the AS number for the peer

Example

Add a peer to the peer group TEST.

[SW7700-bgp]group TEST [SW7700-bgp]peer TEST as-number 2004[SW7700-bgp]peer 10.1.1.1 group TEST

peer ip-prefix export Syntaxpeer group_name ip-prefix prefixname export

undo peer group_name ip-prefix prefixname export

View

BGP view

Parameter


prefixname: Name of the specified ip-prefix.

export: Apply the filtering policy on the route transmitted to the specified peer/peer group.

Description

■ Use the peer ip-prefix export command to configure the route filtering policy of routes advertised by the peer group based on the ip-prefix.

■ Use the undo peer ip-prefix export command to cancel the route filtering policy of the peer group based on the ip-prefix.

By default, the route filtering policy of the peer group is not specified.

Related command: ip ip-prefix, peer ip-prefix import.

Example

Configure the route filtering policy of the peer group based on the ip-prefix 1.

[SW7700-bgp]peer group1 ip-prefix list1 export

peer ip-prefix import Syntaxpeer { group-name | peer-address } ip-prefix prefixname import

undo peer { group-name | peer-address } ip-prefix prefixname import


View

BGP view

Parameter

group-name: Name of peer group.

peer-address: IP address of the peer.

prefixname: Name of the specified ip-prefix.

import: Apply the filtering policy on the route received by the specified peer/peer group.

Description

Use the peer ip-prefix import command to configure the route filtering policy of routes received by the peer/peer group based on the ip-prefix.

Use the undo peer ip-prefix import command to cancel the route filtering policy of the peer/peer group based on the ip-prefix.

By default, the route filtering policy of the peer/peer group is not specified.

For the related commands, see ip ip-prefix, peer ip-prefix export.

Example

Configure the route filtering policy of the peer group based on the ip-prefix 1.

[SW7700-bgp] peer group1 ip-prefix list1 import

peer next-hop-local Syntaxpeer group_name next-hop-local

undo peer group_name next-hop-local

View

BGP view

Parameter


Description

■ Use the peer next-hop-local command to perform the process of the next hop in the route that is advertised to the peer group and take the address of itself as the next hop.

■ Use the undo peer next-hop-local command to cancel the existing configuration.


Example

When BGP distributes the routes to the peer group “test”, it will take its own address as the next hop.

[SW7700-bgp]peer test next-hop-local

peer password Syntaxpeer { group-name | peer-address } password { cipher | simple } passwordundo peer { group-name | peer-address } password

View

BGP view

Parameter

group-name: Name of a peer group.


cipher: Specifies to display passwords in cipher text.

simple: Specifies to display passwords in simple text.

password: Defines a password, which is a character string of up to 16 characters if it is in simple text and up to 24 characters if it is in cipher text.

Description

Use the peer password command to configure an MD5 authentication password.

Use the undo peer password command to cancel MD5 authentication.

In BGP, no MD5 authentication is performed in setting up TCP connections by default.

BGP uses TCP as its transport layer. For the sake of high security, you can configure MD5 authentication password when setting up TCP connection. In other words, BGP MD5 authentication just sets password for TCP connection, but not for authenticating BGP packets. The authentication is implemented by TCP.

peer public-as-only Syntaxpeer group-name public-as-only

undo peer group-name public-as-only

View

BGP view

Parameter

group_name: Name of a peer group.


Description

■ Use the peer public-as-only command to prevent BGP from carrying the AS number when transmitting BGP update packets.

■ Use the undo peer public-as-only command to configure BGP to carry the AS number when transmitting BGP update packets.

By default, a private AS number is carried when transmitting BGP update packets.

Generally, BGP transmits BGP update packets with the AS number (either public AS number or private AS number). To enable some outbound routers to ignore the AS number when transmitting update packets, you can configure not to carry the AS number when transmitting BGP update packets.

Example

Prevent BGP from carrying the private AS number when transmitting BGP update packets to the peer named test.

[SW7700-bgp]peer test public-as-only

peer reflect-client Syntaxpeer group-name reflect-client

undo peer group-name reflect-client

View

BGP view

Parameter


Description

■ Use the peer reflect-client command to configure a peer/peer group as the route reflector client.

■ Use the undo peer reflect-client command to cancel the existing configuration.

Use the peer reflect-client command to configure a peer group as the route reflector client.

Use the undo peer reflect-client command to cancel the existing configuration.

This command is only applicable to a peer group.

Related commands: reflect between-clients, reflector cluster-id.

Example

Configure the peer group “test” as the route reflector client.

[SW7700-bgp]peer test reflect-client


peer route-policy export Syntaxpeer group-name route-policy route-policy-name export

undo peer group-name route-policy route-policy-name export

View

BGP view

Parameter



route_policy_name: The specified Route-policy.

Description

■ Use the peer route-policy export command to assign the Route-policy to the routes advertised to the peer group.

■ Use the undo peer route-policy export command to delete the specified Route-policy.

By default, the peer/peer group has no Route-policy association.

Related commands: peer route-policy import.

Example

Apply the Route-policy named test-policy to the route coming from the peer/peer group test.

[SW7700-bgp]peer test route-policy test-policy export

peer route-policy import Syntaxpeer { group-name | peer-address } route-policy route-policy-name importundo peer { group-name | peer-address } route-policy route-policy-name import

View

BGP view

Parameter

group-name: Name of peer group.


route-policy-name: The specified Route-policy.

Description

Use the peer route-policy import command to assign the Route-policy to the route coming from the peer/peer group.


Use the undo peer route-policy import command to delete the specified Route-policy.

By default, the peer/peer group has no Route-policy association.

Related command: peer route-policy export.

Example

Apply the Route-policy named test-policy to the route coming from the peer/peer group test.

[SW7700-bgp] peer test route-policy test-policy import

peer route-update-interval

Syntaxpeer group_name route-update-interval secondsundo peer group_name route-update-interval

View

BGP view

Parameter

group_name: Specify the name of the configured peer group.

seconds: The minimum interval of sending BGP update packets. The range is 0 to 600. By default, the advertisement interval is 5 seconds for an internal peer/peer group, and 30 seconds for an external peer/peer group.

Description

■ Use the peer route-update-interval command to configure the interval for the transmission route of a peer group.

■ Use the undo peer route-update-interval command to restore the interval to the default value.

Example

Set the interval for route update packet transmission to 10 seconds in the BGP peer group test.

[SW7700-bgp]peer test as-number 100[SW7700-bgp]peer test route-update-interval 10

peer timer Syntaxpeer { group_name | peer_address } timer keep-alive keepalive_interval hold holdtime-interval }

undo peer { group_name | peer_address } timer

View

BGP view

Parameter




keepalive_interval: Keepalive interval to be specified. The range is 1 to 4294967295. By default, its value is 60 seconds.

holdtime_interval: Holdtime interval to be specified. The range is 3 to 4294967295. By default, its value is 180 seconds.

Description

■ Use the peer timer command to configure the timers for a peer/peer group.

■ Use the undo peer timer command to restore the timer to the default value.

The timer configured by using this command has a higher priority than the one configured by using the timer command.

Example

Configure Keepalive and Holdtime intervals of the peer group “test”.

[SW7700-bgp]peer test timer keep-alive 60 hold 180

preference Syntaxpreference ebgp-value ibgp-value local-value

undo preference

View

BGP view

Parameter

ebgp-value: Set preference value for routes learned from external peers.

ibgp-value: Set preference value for routes learned from internal peers.

local-value: Set preference value for routes that originate locally.

The ebgp-value, ibgp-value and local-value parameters are in the range of 1 to 256. The default for ebgp-value and ibgp-value is 256. The default for local-value is 130.

Description

Use preference command to configure BGP preference.

Use the undo preference command to restore the default preference.

Three types of routes may be involved in BGP: routes learned from external peers, routes learned from internal peers and routes that originate locally. You can set preference values for the three types of route.

You can set different BGP preference values for different sub address families. Currently the system supports unicast and multicast address families.


Example

Disable route learning between peers.

[SW7700-bgp]disable preference

reflect between-clients Syntaxreflect between-clients

undo reflect between-clients

View

BGP view

Parameter

none

Description

■ Use the reflect between-clients command to configure the between-client reflection of a route.

■ Use the undo reflect between-clients command to disable this function.

By default, the reflection between clients is enabled.

Related commands: reflector cluster-id, peer reflect-client.

Example

Disable the reflection between clients.

[SW7700-bgp]undo reflect between-clients

reflector cluster-id Syntaxreflector cluster-id { cluster-id | address }

undo reflector cluster-id

View

BGP view

Parameter

cluster_id: Specify the cluster ID of the route reflector with the range from 1 to 4294967295.

address: Used as the interface address of the route reflector’s cluster ID.

Description

■ Use the reflector cluster-id command to configure the cluster ID of the route reflector.

■ Use the undo reflector cluster-id command to delete the cluster ID of the route reflector.


By default, each route reflector uses its Router ID as the cluster ID.

Related commands: reflect between-clients, peer reflect-client.

Example

Set the cluster ID of the route reflector to 80.

[SW7700-bgp]reflector cluster-id 80

refresh bgp Syntaxrefresh bgp { all | peer-address | group group-name } { import | export }

View

User view

Parameter

all: Reset all the connections with BGP.

peer-address: Reset connection with a specified BGP peer.

group-name: Reset connection with a specified BGP peer group.

import: Refresh the routes learned from the peers

export: Refresh routes advertised to the peers.

Description

Use the refresh bgp peer-address command to refresh general BGP routes.

When BGP routing policy changes, associated route information must be re-computed. This command can refresh general BGP routes.

Example

Refresh all BGP routes.

<SW7700>refresh bgp all

reset bgp Syntaxreset bgp { all | peer_address [ flap-info ] }

View

User view

Parameter

peer_address: Reset connection with a specified BGP peer.

all: Reset all BGP connections.


Description

■ Use the reset bgp peer_address command to reset the connection of BGP with a specified BGP peer.

■ Use the reset bgp all command to reset all the connections with BGP.

Example

Reset all the BGP connections to enable the new configuration (after configuring the new Keepalive interval and Holdtime interval using the timer command).

<SW7700>reset bgp all

reset bgp flap-info Syntaxreset bgp flap-info [ regular-expression as_regular_expression | as-path-acl acl-number | network_address [ mask ] ]

View

User view

Parameter

regular-expression as_regular_expression: Reset the flap-info matching the AS path regular expression.

as-path-acl acl_number: Reset the flap-info to be consistent with a specified filter list. The range of the parameter acl-number is 1 to 199.

network_address: Reset the flap-info of a record at this IP address.

mask: Network mask.

Description

Use the reset bgp flap-info command to reset the flap-info of a route.

Related command: dampening.

Example

Reset the flap-info of all the routes that go through filter list 10.

<SW7700>reset bgp flap-info as-path-acl 10

reset bgp group Syntaxreset bgp group group_name

View

User view

Parameter


Description

Use the reset bgp group command to reset the connections between BGP and all the members of a group.


Related command: peer group.

Example

Reset BGP connections of all members from group1.

<SW7700>reset bgp group group1

reset dampening Syntaxreset dampening [ network_address [ mask ] ]

View

User view

Parameter

network_address: Network IP address related to the clearing attenuation information.

mask: Network mask.

Description

Use the reset dampening command to reset the attenuation information of a route and release the suppression of a suppressed route.

Related commands: dampening, display bgp routing-table dampened.

Example

Reset the route attenuation information of the specified route.

<SW7700>reset dampening 20.1.0.0 255.255.0.0

summary automatic Syntaxsummary automatic

undo summary automatic

View

BGP view

Parameter

none

Description

■ Use the summary automatic command to configure auto aggregation of sub-network routes.

■ Use the undo summary automatic command to disable auto aggregation of sub-network routes.

By default, no auto aggregation of sub-network routes is executed.


After the summary automatic is configured, BGP cannot receive the sub-network routes imported from the IGP, so the amount of the routing information can be reduced.

Example

Set the auto aggregation of the sub-network routes.

[SW7700-bgp]summary automatic

timer Syntaxtimer keep-alive keepalive_interval hold holdtime_interval

undo timer

View

BGP view

Parameter

keepalive_interval: Set the interval time value for keepalive time. By default, its value is 60 seconds.

holdtime_interval: Set the interval time value for hold time. By default, its value is 180 seconds.

Description

■ Use the timer command to configure the Keep-alive and Hold-time timer of BGP.

■ Use the undo timer command to restore the default value of the Keep-alive and Hold-time of the timer.

Example

Set the Keep-alive timer to 30 seconds and the Hold-time timer to 90 seconds.

[SW7700-bgp]timer keep-alive 30 hold 90

undo synchronization Syntaxundo synchronization

View

BGP view

Parameter

None

Description

Use the undo synchronization command to cancel the synchronization of BGP and IGP.

By default, BGP doesn’t synchronize with IGP.


This command means BGP does not synchronize with IGP in the current system. You do not need to configure it for the Switch 7700.

Example

Cancel the synchronization of BGP and IGP.

[SW7700-bgp]undo synchronization

IP Routing Policy Configuration Commands

This section describes the commands you can use to configure IP Routing Policy. These commands operate across all routing protocols.


apply as-path Syntaxapply as-path as_number_1 [ as_number_2 [ as_number_3 ... ] ]

undo apply as-path

View

Route policy view

Parameter

as_number_1... as_number_n: AS number to be added.

Description

■ Use the apply as-path command to configure AS number to be added in front of the original AS path in Route-policy.

■ Use the undo apply as-path command to cancel the AS sequence number added in front of the original AS path.

By default, no AS number is set.

If the match condition of Route-policy is matched, the AS attribute of the transmitting route will be changed.

Example[SW7700-route-policy]apply as-path 200

apply community Syntaxapply community { { { aa:nn | no-export-sunconfed | no-export | no-advertise } … [ additive ] } | additive | none }

undo apply community

View

Route policy view

IP Routing Policy Configuration Commands 273

Parameter

aa:nn: Community number.

no-export-subconfed: The matched route is not sent outside the AS.

no-advertise: The matched route is not sent to any peer.

no-export: The route is not passed through the AS but is advertised to other sub ASs.

additive: Additional known community attribute.

none: Deleted route community attribute.

Description

■ Use the apply community command to configure the set BGP community attribute of Route-policy.

■ Use the undo apply community command to cancel the set BGP community attribute.

By default, BGP community attribute is not set.

Related commands: ip community-list, if-match community-list, route-policy, display bgp routing-table community.

Example

Configure one Route-policy apply community, whose node serial number is 16 and match mode is permit, and enter Route policy view to set the match conditions and attribute modifications to be executed.

[SW7700]route-policy applycommunity permit node 16[SW7700-route-policy]if-match as-path 8[SW7700-route-policy]apply community no-export

apply cost Syntaxapply cost value

undo apply cost

View

Route policy view

Parameter

value: Specify the route cost value of route information.

Description

■ Use the apply cost command to configure the route cost value of route information. This command is one of the apply sub-statements of the Route-policy attribute set.

■ Use the undo apply cost command to cancel the apply sub-statement.


Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply local-preference, apply origin and apply tag.

Example

Define one apply sub-statement. When it is used for setting route information attribute, it sets the route metric value of route information to 120.

[SW7700-route-policy]apply cost 120

apply cost-type Syntaxapply cost-type [ internal | external ]

undo apply cost-type

View

Route policy View

Parameter

internal: Use the cost type of IGP as MED value of BGP to advertise route to EBGP peer.

external: external cost type of IS-IS.

Description

■ Use the apply cost-type command to configure the route cost type of route information. This command is one of the apply sub-statements of the Route-policy attribute set.

■ Use the undo apply cost-type command to cancel the apply sub-statement.

By default, route cost type is not set.

Example

Set the cost type of IGP as MED value of BGP to advertise route to EBGP peer.

[SW7700-route-policy]apply cost-type internal

apply ip next-hop Syntaxapply ip next-hop ip_address

undo apply ip next-hop

View

Route policy view

Parameter

ip_address: The next-hop address. A maximum of two next-hop addresses can be specified.


Description

■ Use the apply ip next-hop command to configure the next hop address of route information. This command is one of the apply sub-statements of the Route-policy attribute set.

■ Use the undo apply ip next-hop command to cancel the apply sub-statement.

By default, no apply sub-statement is defined.

Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply local-preference, apply cost, apply origin and apply tag.

Example

Set the next hop address of route information as 193.1.1.8 when it is used for setting route information attribute.

[SW7700-route-policy]apply ip next-hop 193.1.1.8

apply isis Syntaxapply isis [ level-1 | level-2 | level-1-2 ]

undo apply isis

View

Route policy view

Parameter

level-1: Set to import the matched route to Level-1 area.

level-2: Set to import the matched route to Level-2 area.

level-1-2: Set to import the matched route to both Level-1 and Level-2 area.

Description

■ Use the apply isis command to apply the level of a matched route that is imported to Level-1, Level-2 or Level-1-2.

■ Use the undo apply isis command to cancel the apply sub-statement.

By default, no apply clause is defined.

Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply origin, apply tag.

Example

Define a set clause to import the route to level-2.

[SW7700-route-policy]apply isis level-2

apply local-preference Syntaxapply local-preference local-preference


undo apply local-preference

View

Route policy view

Parameter

local_preference: New set local preference.

Description

■ Use the apply local-preference command to configure to apply the local preference of route information. This command is one of the apply sub-statements of the Route-policy attribute set.

■ Use the undo apply local-preference command to cancel the apply sub-statement.

Related command: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply local-preference, apply origin and apply tag.

Example

Apply the local preference level of route information as 130 when this apply sub-statement is used for setting route information attribute.

[SW7700-route-policy]apply local-preference 130

apply origin Syntaxapply origin { igp | egp as_number | incomplete }

undo apply origin

View

Route policy view

Parameter

igp: Set the BGP route information source as internal route

egp: Set the BGP route information source as external route

as_number: Specifies AS number of external route.

incomplete: Setting the BGP route information source as unknown source.

Description

■ Use the apply origin command to configure to apply the route source. This command is one of the apply sub-statements of the Route-policy attribute set.

■ Use the undo apply origin command to cancel the apply sub-statement.

Related command: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply local-preference, apply cost and apply tag.


Example

Define one apply sub-statement. When it is used for setting route information attribute, it sets the route source of BGP route information as igp.

[SW7700-route-policy]apply origin igp

apply tag Syntaxapply tag value

undo apply tag

View

Route policy view

Parameter

value: Specifies the tag value of route information.

Description

■ Use the apply tag command to configure to set the tag area of OSPF route information. This command is one of the apply sub-statements of the Route-policy attribute set.

■ Use the undo apply tag command to cancel the apply sub-statement.

Related command: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply local-preference, apply cost and apply origin.

Example

Define one apply sub-statement. When it is used for setting route information attribute, it sets the tag area of route information to 100.

[SW7700-route-policy]apply tag 100

display ip ip-prefix Syntaxdisplay ip ip-prefix [ ip-prefix-name ]

View

All views

Parameter

ip_prefix_name: Specifies displayed address prefix list name.

Description

Use the display ip ip-prefix command to view the address prefix list.

Related command: ip ip-prefix.


Example

Display the information of the address prefix list named to p1.

<SW7700>display ip ip-prefix p1ip-prefix p1 index 10: permit 192.168.10.10/16 greater-equal 17 less-equal 18

display route-policy Syntaxdisplay route-policy [ route-policy-name ]

View

All views

Parameter

route_policy_name: Specifies displayed Route-policy name.

Description

Use the display route-policy command to view the configured Route-policy

Related command: route-policy.

Example

Display the information of Route-policy named as policy1.

<SW7700>display route-policy policy1Route-policy : policy1 Permit 10 : if-match (prefixlist) p1 apply cost 100 matched : 0 denied : 0

filter-policy export Syntaxfilter-policy { acl_number | ip-prefix ip_prefix_name } export [ protocol ]

undo filter-policy { acl_number | ip-prefix ip_prefix_name } export [ protocol ]

View

Routing protocol view

Parameter

acl_number: Number of the access control list used for matching the destination address field of the routing information.

ip_prefix_name: Address prefix list used for matching the routing information destination address field.

protocol: The routing information of which kind of route protocol to be filtered.


Description

■ Use the filter-policy export command to configure to set the filtering conditions of the routing information advertised by a certain type of routing protocols.

■ Use the undo filter-policy export command to cancel the filtering conditions set.

By default, the advertised routing information is not filtered.

It may be necessary that only the routing information that meets special conditions can be advertised. Then, the filter-policy command can be used to set the filtering conditions for the advertised routing information. Only the routing information passing the filter can be advertised.

Related command: filter-policy import.

Example

Define the filtering rules for advertising the routing information of RIP. Only the routing information passing the filtering of address prefix list p1 will be advertised by RIP.

[SW7700-rip]filter-policy ip-prefix p1 export

filter-policy import Syntaxfilter-policy { acl_number | ip-prefix ip-prefix-name | gateway ip- prefix-name }* import

undo filter-policy { acl_number | ip-prefix ip-prefix-name | gateway ip-prefix-name }* import

View

Routing protocol view

Parameter

acl_number: The access control list number used for matching the destination address field of the routing information.

ip-prefix ip_prefix_name: The prefix address list name. Its matching object is the destination address field of the routing information.

gateway ip_prefix_name: The prefix address list name of the neighbor router address. Its matching object is the routing information advertised by the specified neighbor router.

Description

■ Use the filter-policy gateway import command to filter the received routing information advertised by a specified router.

■ Use the undo filter-policy gateway import command to cancel the setting of the filtering condition.

■ Use the filter-policy import command to set the condition for filtering the routing information.


■ Use the undo filter-policy import command to cancel the setting of filter condition

By default, the received routing information is not filtered.

It may be necessary that only the routing information that meets special conditions can be received. Then, the filter-policy command can be used to set the filtering conditions for the received routing information. Only the routing information passing the filtration can be received.

Related command: filter-policy export.

Example

Define the filtering rule for receiving routing information of RIP. Only the routing information filtered through the address prefix list p1 can be received by RIP.

[SW7700-rip]filter-policy ip-prefix p1 import

if-match Syntaxif-match { acl acl_number | ip-prefix ip-prefix-name }

undo if-match [ acl | ip-prefix ]

View

Route policy view

Parameter

acl_number: Specify the number of the access control list used for filtration

ip_prefix_name: Specify the prefix address list used for filtration

Description

■ Use the if-match { acl | ip-prefix } command to configure the IP address range to match the Route-policy.

■ Use the undo if-match { acl | ip-prefix } command to cancel the setting of the match rule.

Filtration is performed by quoting an ACL or a prefix address list.

Related command: if-match interface, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply local-preference, apply origin and apply tag.

Example

Define one if-match sub-statement. When the sub-statement is used for filtering route information, the route information filtered by the route destination address through address prefix list p1 can pass the if-match sub-statement.

[SW7700-route-policy]if-match ip-prefix p1

if-match as-path Syntaxif-match as-path acl_number


undo if-match as-path

View

Route policy view

Parameter

acl_number: AS path list number, ranging from 1 to 199.

Description

■ Use the if-match as-path command to configure the matched AS path list number of Route-policy.

■ Use the undo if-match as-path command to delete the matched path list number.

By default, AS path list number is not matched.

Example

An as-path, numbered 2, is defined first which allows the routing information of AS 100 and 200. Then the route-policy named test is defined. The node No.10 of this route-policy defines an if-match sub-statement, which quotes the definition of as-path.

[SW7700]ip as-path acl 2 permit 100:200[SW7700]route-policy test permit node 10[SW7700-route-policy]if-match as-path 2

if-match community Syntaxif-match community { standard-community-number [ whole-match ] | extended_community_number }

undo if-match community

View

Route policy view

Parameter

standard_community_list_number: Standard community list number, ranging from 1 to 99.

extended_community_list_number: Extended community list number, ranging from 100 to 199.

whole-match: Fully matching.

Description

■ Use the if-match community command to configure the community list number to be matched in the Route-policy.

■ Use the undo if-match community command to cancel the configuration of the matched community list number.


One of the if-match sub-statements of route-policy is used to filter BGP routing information. The if-match condition is specified according to the community attributes of the routing information.

Related command: route-policy, ip community-list.

Example

A community-list numbered as 1 is defined first, allowing the autonomous system number to contain the routing information of 100 and 200. Then, the route-policy named test is defined. The node No.10 of the route-policy defines a match sub-statement, which quotes the definition of the community-list.

[SW7700]ip community-list 1 permit 100:200[SW7700]route-policy test permit node 10[SW7700-route-policy]if-match community 1

if-match cost Syntaxif-match cost value

undo if-match cost

View

Route policy view

Parameter

value: Specifies the required route metric value, ranging from 0 to 4294967295.

Description

■ Use the if-match cost command to configure one of the match rules of route-policy to match the cost of the routing information.

■ Use the undo if-match cost command to cancel the configuration of the match rule.

By default, no match sub-statement is defined.

Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match tag, route-policy, apply ip next-hop, apply local-preference, apply cost, apply origin, apply tag.

Example

A match sub-statement is defined, which allows the routing information with routing cost 8 to pass this match sub-statement.

[SW7700-route-policy]if-match cost 8

if-match interface Syntaxif-match interface { interface_name | interface_type interface_number }

undo if-match interface


View

Route policy view

Parameter

interface_type: Specify interface type.

interface_number: Specify interface number.

interface_name: Specify interface name.

Description

■ Use the if-match interface command to match the route whose next hop is the designated interface.

■ Use the undo if-match interface command to cancel the setting of matching condition.

By default, no match sub-statement is defined.

Related command: if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply local-preference, apply origin, apply tag.

Example

Define one match sub-statement to match the route whose next hop interface is Vlan-interface 1.

[SW7700-route-policy]if-match interface Vlan-interface 1

if-match ip next-hop Syntaxif-match ip next-hop { acl acl_number | ip-prefix ip_prefix_name }

undo if-match ip next-hop [ ip-prefix ]

View

Route policy view

Parameter

acl_number: Specify the number of the access control list used for filtration. The range is 1 to 99.

ip_prefix_name: Specify the name of the prefix address list used for filtration.

Description

■ Use the if-match ip next-hop command to configure one of the match rules of route-policy on the next hop address of the routing information.

■ Use the undo if-match ip next-hop command to cancel the setting of the ACL matching condition. Use the undo if-match ip next-hop ip-prefix command to cancel the setting of the address prefix list matching condition.

Filtration is performed by quoting an ACL or a address prefix list.


Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply local-preference, apply origin, apply tag.

Example

Define a match sub-statement. It permits the routing information, whose route next hop address passes the filtration of the prefix address list p1, to pass this match sub-statement.

[SW7700-route-policy]if-match ip next-hop ip-prefix p1

if-match tag Syntaxif-match tag value

undo if-match tag

View

Route policy view

Parameter

value: Specify the value in tag field of OSPF route information.

Description

■ Use the if-match tag command to match the tag field of OSPF route information.

■ Use the undo if-match tag command to cancel the existing matching rules.

Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, route-policy, apply ip next-hop, apply cost, apply local-preference, apply origin, apply tag.

Example

Define one match sub-statement and enable the OSPF route information whose value of tag is 8 to pass the match sub-statement.

[SW7700-route-policy]if-match tag 8

ip ip-prefix Syntaxip ip-prefix ip-prefix-name [ index index_number ] { permit | deny } network-len [ greater-equal greater-equal | less-equal less_equal ]

undo ip ip-prefix ip-prefix-name [ index index-number | permit | deny ]

View

System view

Parameter

ip_prefix_name: The specified address prefix list name. It identifies one address prefix list uniquely.


index_number: Identify an item in the prefix address list. The item with smaller index-number will be tested first.

permit: Specify the match mode of the defined address prefix list items as permit mode.

deny: Specify the match mode of the defined address prefix list items as deny mode.

network: The IP address prefix range (IP address). If it is 0.0.0.0 0, all the IP addresses are matched.

len: The IP address prefix range (mask length). If it is 0.0.0.0 0, all the IP addresses are matched.

greater_equal, less_equal: The address prefix range [greater-equal, less-equal] to be matched after the address prefix network len has been matched. The meaning of greater-equal is “larger than or equal to’ , and the meaning of less-equal is “less than or equal to”. The range is len <= greater-equal <= less-equal <= 32. When only greater-equal is used, it denotes the prefix range [greater-equal, 32]. When only less-equal is used, it denotes the prefix range [len, less-equal].

Description

■ Use the ip ip-prefix command to configure an address prefix list or one of its items.

■ Use the undo ip ip-prefix command to delete an address prefix list or one of its items.

By default, there’s no address prefix list.

The address prefix list is used for IP address filtering. An address prefix list may contain several items, and each item specifies one address prefix range. The inter-item filtering relation is Boolean OR, so an item must pass the filtering of this address prefix list. Not passing the filtering of any item means not passing the filtration of this prefix address list.

The address prefix range may contain two parts, which are determined by len and [greater-equal, less-equal] respectively. If the prefix ranges of these two parts are both specified, the IP to be filtered must match the prefix ranges of these two parts.

If you specify network len as 0.0.0.0 0, it only matches the default route.

Example

The prefix address list of this address indicates to match the bits 1 to 8 and the bits 17 to 18 for filtering the IP address with the bits 1 to 8 and the bits 17 to 18 of the specified IP network segment 10.0.192.0.

[SW7700]ip ip-prefix p1 permit 10.0.192.0 8 greater-equal 17 less-equal 18


route-policy Syntaxroute-policy route-policy-name { permit | deny } node { node-number }

undo route-policy route-policy-name [ permit | deny | node node-number ]

View

System view

Parameter

route_policy_name: Specifies the Route-policy name to identify one Route-policy uniquely.

permit: Specify the match mode of the defined Route-policy node as permit mode.

deny: Specifies the match mode of the defined Route-policy node as deny mode.

node: Node of the route policy.

node_number: Index of the node in the route-policy. When this route-policy is used for routing information filtration, the node with smaller node-number will be tested first.

Description

■ Use the route-policy command to create and enter the Route-policy view.

■ Use the undo route-policy command to delete the established Route-policy.

By default, no Route-policy is defined.

The route-policy command is used for route information filtration or route policy. One Route-policy comprises some nodes and each node comprises some match and apply sub-statements. The match sub-statement defines the match rules of this node and the apply sub-statement defines the actions after passing the filtration of this node. The filtering relationship between the match sub-statements of the node is “and”, that is, all match sub-statements that meet the node. The filtering relation between route-policy nodes is Boolean OR, so to pass the filtering, a node must pass the filtering of this Route-policy. If the information does not pass the filtering of any nodes, it cannot pass the filtering of this route-policy.

Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, apply ip next-hop, apply local-preference, apply cost, apply origin, apply tag.

Example

Configured one Route-policy policy1, whose node number is 10 and if-match mode is permit, and enter Route policy view.

[SW7700]route-policy policy1 permit node 10[SW7700-route-policy]

Route Capacity Configuration Commands 287

Route Capacity Configuration Commands

This section describes the commands you can use to configure route capacity on the Switch 7700.

display memory limit Syntaxdisplay memory limit

Mode

All views

Parameter

None

Description

Use the display memory limit command to display the memory setting and state information related to the Ethernet switch capacity, including available memory and state information about connections, such as times for disconnecting connections, times for reestablishing connections, and the current state of the system.

Example

Display the current memory setting and state information.

<SW7700>display memory limitCurrent memory limit configuration information: system memory safety: 4 system memory limit: 2 auto-establish enabled

Free Memory: 17781708 (Byte)

The state information about connection: The times of disconnect: 0 The times of reconnect: 0 The current state: Normal

The displayed information is defined in Table 27.

Table 27 Description of Information Displayed by the display memory limit Command

Item Description

system memory safety:4 The safety value of the Ethernet switch memory is 4Mbytes

system memory limit: 2 The lower limit of the Ethernet switch memory is 2Mbytes.

auto-establish enabled The system allows recovering the connection automatically. If automatic recovery is disabled, the “auto-establish disabled” message is displayed.)

Free Memory: 17781708 (Byte)

The size of the current idle memory is 17781708 bytes, that is, 17,782Mbytes.

The times of disconnect: 0 The times of the connection disconnecting of the Ethernet switch is 0.

The times of reconnect: 0 The times of the connection reestablishment of the Ethernet switch is 0.


memory auto-establish disable

Syntaxmemory auto-establish disable

View

System view

Parameter

None

Description

Use the memory auto-establish disable command to disable the routing protocol connection that is forcibly disconnected to recover automatically when the idle memory of the Ethernet switch reaches this value. Thus, connections of all the routing protocols will not recover when the idle memory of the Ethernet switch recovers to a safety value. In this case, you need to restart the routing protocol to recover the connections.

By default, when the idle memory of the Ethernet switch recovers to a safety value, connections of all the routing protocols will always recover (when the idle memory of the Ethernet switch reduces to a lower limit, the connection will be disconnected forcibly).

Use this command cautiously.

Related commands: memory auto-establish enable, memory { safety | limit }, display memory limit.

Example

Disable memory resume of the current Ethernet switch and recover connections of all the protocols automatically.

[SW7700]memory auto-establish disable

memory auto-establish enable

Syntaxmemory auto-establish enable

View

System view

Parameter

None

Description

Use the memory auto-establish enable command to allow the routing protocol connection that is forcibly disconnected to recover automatically when the idle memory of the Ethernet switch reaches this value.

The current state: Normal The current state is normal.

Table 27 Description of Information Displayed by the display memory limit Command

Route Capacity Configuration Commands 289

By default, when the idle memory of the Ethernet switch recovers to a safety value, connections of all the routing protocols will always recover (when the idle memory of the Ethernet switch reduces to a lower limit, the connection will be disconnected forcibly).

Related commands: memory auto-establish disable, memory { safety | limit }, display memory limit.

Example

Enable memory resume of the current Ethernet switch and recover connections of all the protocols automatically.

[SW7700]memory auto-establish enable

memory Syntaxmemory { safety safety-value | limit limit-value }*

undo memory [ safety | limit ]

View

System view

Parameter

safety safety_value: The safety value of the Ethernet switch idle memory, in Mbytes. Its value range depends on the idle memory of the active Ethernet switch. The default value is 4Mbytes.

limit limit_value: The lower limit of the Ethernet switch idle memory, in Mbytes. Its value range depends on the idle memory of the active Ethernet switch. The default value is 2Mbytes.

default: Set the safety value and lower limit of the Ethernet switch idle memory to the default value.

Description

■ Use the memory limit limit_value command to configure the lower limit of the Ethernet switch idle memory. When the idle memory of the Ethernet switch is less than this limit, all the routing protocol connections will be disconnected forcibly. The limit_value in the command must be less than the current idle memory safety value or the configuration will fail.

■ Use the memory safety safety_value command to configure the safety value of the Ethernet switch idle memory. If you use the memory auto-establish enable command (the default configuration), the routing protocol connection that is forcibly disconnected will automatically recover when the idle memory of the Ethernet switch reaches this value. The safety_value in the command must be more than the current idle memory lower limit or the configuration will fail.

■ Use the memory safety safety_value limit limit_value command to change both of the safety value and lower limit of the Ethernet switch idle memory. The safety_value must be more than the limit_value or the configuration will fail.


■ Use the memory default command to configure the safety value and the lower limit of the Ethernet switch idle memory to the default configuration.

Related commands: memory auto-establish disable, memory auto-establish enable, display memory limit.

Example

Set the lower limit of the Ethernet switch idle memory to 1Mbytes and the safety value to 3Mbytes.

[SW7700]memory safety 3 limit 1

6
USING MULTICAST PROTOCOL COMMANDS

GMRP Configuration Commands

■ debugging gmrp

■ display gmrp statistics

■ display gmrp status

■ gmrp

IGMP Snooping Configuration Commands

■ display igmp-snooping configuration

■ display igmp-snooping group

■ display igmp-snooping statistics

■ igmp-snooping

■ igmp-snooping host-aging-time

■ igmp-snooping max-response-time

■ igmp-snooping router-aging-time

■ reset igmp-snooping statistics

Multicast Common Configuration Commands

■ debugging multicast forwarding

■ debugging multicast kernel-routing

■ debugging multicast status-forwarding

■ display multicast forwarding-table

■ display multicast routing-table

■ multicast route-limit

■ multicast routing-enable

■ reset multicast forwarding-table

■ reset multicast routing-table

IGMP Configuration Commands

■ debugging igmp

■ display igmp group

■ display igmp interface

■ igmp enable

292 CHAPTER 6: USING MULTICAST PROTOCOL COMMANDS

■ igmp group-limit

■ igmp group-policy

■ igmp host-join

■ igmp lastmember-query interval

■ igmp max-response-time

■ igmp robust-count

■ igmp timer other-querier-present

■ igmp timer query

■ igmp version

■ reset igmp group

PIM Configuration Commands

■ bsr-policy

■ c-bsr

■ c-rp

■ debugging pim common

■ debugging pim dm

■ debugging pim sm

■ display pim bsr

■ display pim interface

■ display pim neighbor

■ display pim routing-table

■ display pim rp-info

■ pim

■ pim bsr-boundary

■ pim dm

■ pim sm

■ pim timer hello

■ reset pim neighbor

■ reset pim routing-table

■ source-policy

■ static-rp

GMRP Configuration Commands

This section describes how to use the Group Multicast Registration Protocol (GMRP) configuration commands on your Switch 7700.

debugging gmrp Syntaxdebugging gmrp { event | packet }

GMRP Configuration Commands 293

undo debugging gmrp { event | packet }

View

User view

Parameter

event: GMRP event.

packet: GMRP packet.

Description

■ Use the debugging gmrp command to enable GMRP debugging.

■ Use the undo debugging gmrp to disable GMRP debugging.

Example

Enable GMRP packet debugging.

<SW7700>debugging gmrp packetGMRP: Max number of GMRP entries reached

display gmrp statistics Syntaxdisplay gmrp statistics [ interface interface-list ]

View

All views

Parameter

interface interface-list: Specifies Ethernet port list, expressed as interface-list = { { interface_type interface_num | interface_name }

[ to { interface_type interface_num | interface_name } ]}&<1-10>. For meanings and value ranges of interface-type, interface-number and interface-name, refer to the syntax description in “Using Port Commands” on page 49.

Description

Use the display gmrp statistics command to display the statistics information about GMRP.

This command is used for displaying the statistics information about GMRP, including the list of ports with GMRP enabled, GMRP status information, GMRP failed registrations and last origin of GMRP packet data unit (PDU).

Example

Display the statistics information about GMRP on Ethernet 1/0/1.

<SW7700>display gmrp statistics interface Ethernet 1/0/1

Table 28 Description of information generated by the command debugging gmrp event

Field Description

GMRP: Max number of GMRP entries reached

Maximum number of entries reached for GMRP local database


GMRP statistics on port Ethernet1/0/1Gmrp Status : EnabledGmrp Failed Registrations: 0Gmrp Last Pdu Origin : 0000-0000-0000

display gmrp status Syntaxdisplay gmrp status

View

All views

Parameter

None

Description

Use the display gmrp status command to display the status of global GMRP.

This command can be used for displaying the enabled/disabled status of global GMRP.

Example

Display the status of global GMRP.

<SW7700>display gmrp statusGMRP is enabled

gmrp Syntaxgmrp

undo gmrp

View

System view/Ethernet port view

Parameter

None

Description

■ Use the gmrp command to enable global GMRP or enable GMRP on a port.

■ Use the undo gmrp command to set the GMRP back to the default setting, namely disabled.

By default, GMRP is disabled

Executed in system view, this command will enable the global GMRP. After performing this command in Ethernet port view, GMRP will be enabled on a port.

Table 29 Global GMRP status information

Field Description

GMRP is enabled GMRP is enabled globally.

IGMP Snooping Configuration Commands 295

Before enabling GMRP on a port, you shall enable GMRP globally.

Related commands: display gmrp status, display gmrp statistics.

Example

Enable GMRP globally.

[SW7700]gmrp

IGMP Snooping Configuration Commands

This section describes how to use the Internet Group Management Protocol (IGMP) configuration commands on your Switch 7700.

display igmp-snooping configuration

Syntaxdisplay igmp-snooping configuration

View

All views

Parameter

None

Description

Use the display igmp-snooping configuration command to view the IGMP Snooping configuration information.

This command is used to display the IGMP Snooping configuration information of the switch. The information displayed includes whether IGMP Snooping is enabled, router port timeout, maximum response timeout of a query and the member port timeout.

Related command: igmp-snooping.

Example

Display the IGMP Snooping configuration information of the switch.

<SW7700>display igmp-snooping configurationEnable IGMP-Snooping.The router port timeout is 300 second(s).The max response timeout is 50 second(s).The member port timeout is 500 second(s).

The information above tells us that: IGMP Snooping is enabled; the router port timer is set to be 300 seconds; the max response timer is set to be 50 seconds; the aging timer of multicast group member is set to be 500 seconds.

display igmp-snooping group

Syntaxdisplay igmp-snooping group [ vlan vlanid ]

View

All views


Parameter

vlan vlanid: Specifies the VLAN where the multicast group to be viewed is located. When the parameter is omitted, the command will display the information about all the multicast groups on the VLAN.

Description

Use the display igmp-snooping group command to view the IP multicast groups and MAC multicast groups under VLAN.

This command displays the IP multicast group and MAC multicast group information of a VLAN or all the VLAN where the Ethernet switch is located. It displays the information such as VLAN ID, router port, IP multicast group address, member ports in the IP multicast group, MAC multicast group, MAC multicast group address, and the member ports in the MAC multicast group.

Example

Display the multicast group information about VLAN2.

<SW7700>display igmp-snooping group vlan 2***************Multicast group table***************Vlan(id):2.Router port(s):Ethernet1/0/1IP group(s):the following ip group(s) match to one mac group.IP group address:230.45.45.1Member port(s):Ethernet1/0/12MAC group(s):MAC group address:01-00-5e-2d-2d-01Member port(s):Ethernet1/0/12

We can know from the information listed above that :

■ There is a multicast group in VLAN 2;

■ The router port is Ethernet 1/0/1;

■ The address of the multicast group is 230.45.45.1;

■ The member of the IP multicast group is Ethernet 1/0/12;

■ MAC multicast group is 0100-5e2d-2d01;

■ The member of the MAC multicast group is Ethernet 1/0/12。

display igmp-snooping statistics

Syntaxdisplay igmp-snooping statistics

View

All views

Parameter

None

Description

Use the display igmp-snooping statistics command to view the statistics information on IGMP Snooping.


This command displays the statistics information about IGMP Snooping of Ethernet switch. It displays the information such as number of received general IGMP query packets, received IGMP specific query packets, received IGMP Version 1 and Version 2 report packets, received IGMP leave packets and error packets, and sent IGMP specific query packets.


Example

Display statistics information about IGMP Snooping.

<SW7700>display igmp-snooping statisticsReceived IGMP general query packet(s) number:0.Received IGMP specific query packet(s) number:0.Received IGMP V1 report packet(s) number:0.Received IGMP V2 report packet(s) number:0.Received IGMP leave packet(s) number:0.Received error IGMP packet(s) number:0.Sent IGMP specific query packet(s) number:0.

igmp-snooping Syntaxigmp-snooping { enable | disable }

undo igmp-snooping

View

System, then VLAN view

Parameter

enable: Enable IGMP Snooping.

disable: Disables IGMP Snooping; By default, the switch disables IGMP Snooping feature.

Description

■ Use the igmp-snooping command to enable/disable IGMP Snooping. To enable IGMP snooping, you must execute the igmp-snooping enable command in system view, then execute it again in vlan view.

■ Use the undo igmp-snooping command to restore the default setting.

This command is used to enable or disable IGMP Snooping on the switch.

Example

Enable IGMP Snooping.

[SW7700]igmp-snooping enable

igmp-snooping host-aging-time

Syntaxigmp-snooping host-aging-time seconds

undo igmp-snooping host-aging-time


View

System view

Parameter

seconds: Specifies the port aging time of the multicast group member, ranging from 200 to 1000 and measured in seconds; By default, 260.

Description

■ Use the igmp-snooping host-aging-time command to configure the port aging time of the multicast group members.

■ Use the undo igmp-snooping host-aging-time command to restore the default value.

This command sets the aging time of the multicast group member so that the refresh frequency can be controlled. When the group members change frequently, the aging time should be comparatively short, and vice versa.


Example

Set the aging time to 300 seconds.

[SW7700]igmp-snooping host-aging-time 300

igmp-snooping max-response-time

Syntaxigmp-snooping max-response-time seconds

undo igmp-snooping max-response-time

View

System view

Parameter

seconds: Maximum response time for a query ranging from 1 to 25 and measured in seconds; By default, 10.

Description

■ Use the igmp-snooping max-response-time command to configure the maximum response time for a query.

■ Use the undo igmp-snooping max-response-time command to restore the default value.

The set maximum response time decides the time limit for the switch to respond to IGMP Snooping general query packets.

Related commands: igmp-snooping, igmp-snooping router-aging-time.

Example

Configure to respond the IGMP Snooping packet within 50s.

[SW7700]igmp-snooping max-response-time 50


igmp-snooping router-aging-time

Syntaxigmp-snooping router-aging-time seconds

undo igmp-snooping router-aging-time

View

System view

Parameter

seconds: Specifies the router port aging time, ranging from 1 to 1000 measured in seconds; By default, 105.

Description

■ Use the igmp-snooping router-aging-time command to configure the router port aging time of IGMP Snooping.

■ Use the undo igmp-snooping router-aging-time command to restore the default value.

The port here refers to the Ethernet switch port connected to the router. The Layer-2 Ethernet switch receives general query packets from the router via this port. The timer should be set to about 2.5 times of the general query period of the router.

Related commands: igmp-snooping, igmp-snooping max-response-time.

Example

Set the aging time of the IGMP Snooping router port to 500 seconds.

[SW7700]igmp-snooping router-aging-time 500

reset igmp-snooping statistics

Syntaxreset igmp-snooping statistics

View

User view

Parameter

None

Description

Use the reset igmp-snooping statistics command to reset the IGMP Snooping statistics information.


Example

Clear IGMP Snooping statistics information.

<SW7700>reset igmp-snooping statistics


Multicast Common Configuration Commands

This section describes how to use the Multicast Common configuration commands on your Switch 7700.

debugging multicast forwarding

Syntaxdebugging multicast forwarding

undo debugging multicast forwarding

View

User view

Parameter

None

Description

■ Use the debugging multicast forwarding to enable multicast packet forwarding debugging functions.

■ Use the undo debugging multicast forwarding to disable the debugging functions.

By default, the debugging function is disabled.

debugging multicast kernel-routing

Syntaxdebugging multicast kernel-routing

undo debugging multicast kernel-routing

View

User view

Parameter

None

Description

■ Use the debugging multicast kernel-routing to enable multicast kernel routing debugging functions.

■ Use the undo debugging multicast kernel-routing to disable the debugging functions.

debugging multicast status-forwarding

Syntaxdebugging multicast status-forwarding

undo debugging multicast status-forwarding

View

User view

Multicast Common Configuration Commands 301

Parameter

None

Description

■ Use the debugging multicast status-forwarding to enable multicast forwarding status debugging functions.

■ Use the undo debugging multicast status-forwarding to disable the debugging functions.

display multicast forwarding-table

Syntaxdisplay multicast forwarding-table [ group-address [ mask { mask | mask-length } ] | source-address [ mask { mask | mask-length } ] | incoming-interface register ]*

View

All views

Parameter

group-address: Multicast group address, used to specify a multicast group, ranging from 224.0.0.0 to 239.255.255.255.

source-address: Unicast IP address of the multicast source.

incoming-interface: Incoming interface of the multicast forwarding table.

register: Register interface of PIM-SM.

Description

Use the display multicast forwarding-table to view the information of IP multicast forwarding table.

Related command: display multicast routing-table.

Example

View the multicast forwarding table information.

<SW7700>display multicast forwarding-table

display multicast routing-table

Syntaxdisplay multicast routing-table [ group-address [ mask { mask | mask-length } ] | source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type interface-number | register } ]*

View

All views

Parameter

group-address: Multicast group address, used to specify a multicast group and display the corresponding routing table information of the group. The value ranges from 224.0.0.0 to 239.255.255.255.


source-address: Unicast IP address of the multicast source.

incoming-interface: Incoming interface of the multicast route entry.

register: Register interface of PIM-SM.

Description

Use the display multicast routing-table to view the information of IP multicast routing table.

This command displays the multicast routing table information, while the display multicast forwarding-table command displays the multicast forwarding table information.

Example

View the route entry information corresponding to multicast group 225.1.1.1 in the multicast routing table.

<SW7700>display multicast routing-table 225.1.1.1

multicast route-limit Syntaxmulticast route-limit limitundo multicast route-limit

View

System view

Parameter

limit: Limits the capacity of multicast routing table, in the range of 0 to 512.

Description

■ Use the multicast route-limit command to limit the capacity of multicast routing table. When the preset capacity is exceeded, the router will discard new (S, G) protocol and data packets.

■ Use the undo multicast route-limit command to restore the limit to the default value.

By default, the capacity of multicast routing table is set to 512.

If the existing route entries exceed the capacity value you configured during using this command, the system will not delete the existing entries, but prompts the information “Existing route entries exceed the configured capacity value”.

The new configuration overwrites the old one if you run the command for a second time.

Example

Limit multicast routing table capacity at 256.

[SW7700]multicast route-limit 256

Multicast Common Configuration Commands 303

multicast routing-enable Syntaxmulticast routing-enable

undo multicast routing-enable

View

System view

Parameter

None

Description

■ Use the multicast routing-enable to enable IP multicast routing.

■ Use the undo multicast routing-enable to disable IP multicast routing.

By default, IP multicast routing is disabled.

The system will not forward any multicast packet when IP multicast routing is disabled.

Related commands: pim dm, pim sm.

Example

Enable IP multicast routing.

<SW7700>system-view[SW7700]multicast routing-enable

reset multicast forwarding-table

Syntaxreset multicast forwarding-table [ statistics ] { all | { group-address [ mask { group-mask | group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] | incoming-interface interface-type interface-number } * }

View

User view

Parameter

statistics: If it is selected, the system clears the statistic information of MFC forward entries. Otherwise, the system clears MFC forward entries.

all: All MFC forward entries.

group-address: Specifies group address.

group-mask: Specifies Mask of group address

group-mask-length: Specifies mask length of group address.

source-address: Specifies source address.

source-mask: Specifies mask of source address.


source-mask-length: Specifies mask length of source address.

incoming-interface: Specifies incoming interface for the forward entry.

interface-type interface-number: Interface type and interface number.

Description

■ Use the reset multicast forwarding-table command to clear MFC forwarding entries or statistic information of MFC forwarding entries.

You can type in source address first and group address after in the command, as long as they both are valid addresses. The system prompts error information if you type in invalid addresses.

Related commands: reset pim routing-table, reset multicast routing-table and display multicast forwarding-table.

Example

Clear the forwarding entry with address of 225.5.4.3 from the MFC forwarding table.

<SW7700>reset multicast forwarding-table 225.5.4.3

Clear statistic information of the forwarding entry with address of 225.5.4.3 from the MFC forwarding table.

<SW7700>reset multicast forwarding-table statistics 225.5.4.3

reset multicast routing-table

Syntaxreset multicast routing-table { all | { group-address [ mask { group-mask | group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] | { incoming-interface interface-type interface-number } } * }

View

User view

Parameter

all: All route entries in the core multicast routing table.


group-mask: Specifies Mask of group address

group-mask-length: Specifies mask length of group address.


source-mask: Specifies mask of source address.

source-mask-length: Specifies mask length of source address.

incoming-interface: Specifies incoming interface for the forward entry.

IGMP Configuration Commands 305

interface-type interface-number: Interface type and interface number.

Description

■ Use the reset multicast routing-table command to clear route entries from the core multicast routing table, as well as MFC forwarding entries.

You can type in source address first and group address after in the command, as long as they both are valid addresses. The system prompts error information if you type in invalid addresses.

Related commands: reset pim routing-table, reset multicast forwarding-table and display multicast forwarding-table.

Example

Clear the route entry with address of 225.5.4.3 from the core multicast routing table.

<SW7700>reset multicast routing-table 225.5.4.3

Clear statistic information of the forward entry with address of 225.5.4.3 from the MFC forwarding table.

<SW7700>reset multicast forwarding-table statistics 225.5.4.3

IGMP Configuration Commands

debugging igmp Syntax

debugging igmp { all | event | host | packet | timer }

undo debugging igmp { all | event | host | packet | timer }

View

User view

Parameter

all: Enables all the debugging information for IGMP functions.

event: Enables debugging information for IGMP events.

host: Enables debugging information for IGMP hosts

packet: Enables debugging information for IGMP packets.

timer: Enables debugging information for IGMP timers.

Description

■ Use the debugging igmp command to enable IGMP debugging functions.

■ Use the undo debugging igmp command to disable the debugging functions.

By default, IGMP debugging functions are disabled.


Example

Enable all IGMP debugging functions

<SW7700>debugging igmp all

display igmp group Syntax

display igmp group [ group-address | interface interface-type interface-number ]

View

Any view

Parameter

group-address: Address of the multicast group.

interface-type interface-number: Interface type and interface number of the router, used to specify the specific interface.

Description

Using display igmp group command to view the member information of the IGMP multicast group.

You can specify to show the information of a group or the member information of the multicast group on an interface. The information displayed contains the multicast groups which are joined by the downstream hosts through IGMP or through command line.

Related command: igmp host-join.

Example

View the member information of multicast group in the system.

<SW7700>display igmp groupLoopBack0 (20.20.20.20): Total 3 IGMP Groups reported: Group Address Last Reporter Uptime Expires 225.1.1.1 20.20.20.20 00:02:04 00:01:15 225.1.1.3 20.20.20.20 00:02:04 00:01:15 225.1.1.2 20.20.20.20 00:02:04 00:01:17

display igmp interface Syntaxdisplay igmp interface [ interface-type interface-number ]

Table 30 Output Display of the display igmp group Command

Field Description

Group address Multicast group address

Last Reporter The last host reporting to join in the multicast group

Uptime Time passed since multicast group is discovered (hh: mm: ss)

Expires Specifies when the member will be removed from the multicast group (hh: mm: ss).


View

Any view

Parameter

interface-type interface-number: Interface type and interface number of the router, used to specify the interface. If the parameters are omitted, information about all the interfaces running IGMP will be displayed.

Description

Using display igmp interface command to view the IGMP configuration and running information on an interface.

Example

View the IGMP configuration and running information of all interfaces.

<SW7700>display igmp interfaceVLAN-interface1:IGMP is enabled on interfaceCurrent IGMP version is 2IGMP query interval is 60 secondsIGMP querier timeout is 120 secondsIGMP max query response time is 10 secondsIGMP querying router is 10.110.91.129No IGMP group reported

igmp enable Syntax

igmp enable

undo igmp enable

View

VLAN interface view

Parameter

None

Description

■ Use the igmp enable command to enable IGMP on an interface.

■ Use the undo igmp enable command to disable IGMP on the interface.

By default, IGMP is not enabled.

The igmp enable command can be executed only if the multicast function is enabled. After multicast is enabled, you can initiate the IGMP feature configuration.

Related command: multicast routing-enable

Example

Enable IGMP on Vlan-interface 10.

[SW7700-Vlan-interface10]igmp enable


igmp group-limit Syntax

igmp group-limit number

undo igmp group-limit

View

VLAN interface view

Parameter

number: Number of multicast groups, in the range of 0 to 1024.

Description

■ Use the igmp group-limit command to limit multicast groups on an interface.

■ Use the undo igmp group-limit command to restore the default setting.

If the existing IGMP groups exceed the quantity limit you configured during using this command, the system will not delete the existing entries.


Example

Limit the maximum IGMP groups at Vlan-interface10 to 100.

[SW7700-Vlan-interface10] igmp group-limit 100

igmp group-policy Syntaxigmp group-policy acl-number [ 1 | 2 | port { interface_type interface_ num | interface_name } [ to { interface_type interface_ num | interface_name } ] ]

undo igmp group-policy [ port { interface_type interface_ num | interface_name } [ to { interface_type interface_ num | interface_name } ] ]

View

VLAN interface view

Parameter

acl-number: Number of the basic ACL number, defining a multicast group range. The value ranges from 2000 to 2999.

1: IGMP version 1.

2: IGMP version 2. If IGMP version is not specified, version 2 will be used as default.

port: Packets received and sent by the port(s) and applied to the conditions set by the ACL will be filtered. And the port(s) must belong to the VLAN interface being configured by this command.


Description

Using igmp group-policy command, you can set the filter of multicast groups on an interface to control the accessing to the IP multicast groups. Using undo igmp group-policy command, you can remove the filter configured.

By default, no filter is configured, that is, a host can join any multicast group.

If you do not want the hosts on the network that the interface is on to join some multicast groups and receive the packets from the multicast groups, you can use this command to limit the range of the multicast groups serviced by the interface.

Related command: igmp host-join.

Example

Configure the ACL 2000.

[SW7700]acl number 2000 [SW7700-acl-basic-2000]rule permit source 225.0.0.0 0.255.255.255

Configure so that only the hosts contained in the ACL 2000 connected to the VLAN-interface10 can be added to the multicast group, which is configured to use IGMP version 2.

[SW7700-vlan-interface10]igmp group-policy 2000 2

igmp host-join Syntax

igmp host-join group-address port { interface_type interface_ num | interface_name } [ to { interface_type interface_ num | interface_name } ]

undo igmp host-join group-address port { interface_type interface_ num | interface_name } [ to { interface_type interface_ num | interface_name } ]

View

VLAN interface view

Parameter

group-address: Multicast address of the multicast group that an interface will join.

port: Specifies the port in the VLAN interface.

Description

■ Use the igmp host-join command to enable a port in the VLAN interface of an ethernet switch to join a multicast group.

■ Use the undo igmp host-join command to disable the configuration.

By default, an interface does not join any multicast group.

Related command: igmp group-policy


Example

Add port Ethernet 2/0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.

[SW7700-vlan-interface10]igmp host-join 225.0.0.1 port Ethernet 2/0/1

igmp lastmember-query interval

Syntax

igmp lastmember-queryinterval seconds

undo igmp lastmember-queryinterval

View

VLAN interface view

Parameter

seconds: Time interval before IGMP query router sends the IGMP group query message after it receives the IGMP Leave message from the host. It is in the range of 1 to 5 seconds. By default, it is 1 second.

Description

■ Use the igmp lastmember-queryinterval command to set the time interval before IGMP query router sends the IGMP group query message after it receives the IGMP Leave message from the host.

■ Use the undo igmp lastmember-queryinterval command to restore the default value.

In the shared network, that is, a same network segment including multiple hosts and multicast routers, the query router is responsible for maintaining the IGMP group membership on the interface. When the IGMP v2 host leaves a group, it sends a IGMP Leave message. When receiving the IGMP Leave message, the IGMP query router must send the IGMP group query message for a specified number of times (by the robust-value parameter in the igmp robust-count command, with default value as 2) in a specified time interval (by the seconds parameter in the igmp lastmember-queryinterval command, with default value as 1 second).

If other hosts which are interested in the specified group receive the IGMP query message from the IGMP query router, they send back the IGMP Membership Report message within the specified maximum response time interval. If it receives the IGMP Membership Report message within the defined period (equal to robust-value seconds), the IGMP query router continue to maintain the membership of this group. When receiving no IGMP Membership Report message from any hosts within the defined period, the IGMP query router considers it a timeout and stops membership maintenance for the group.

This command is only available on the IGMP query router running IGMP v2. For the host running IGMP v1, this command cannot take effect because the host cannot send the IGMP Leave message when it leaves a group.

Related command: igmp robust-count and display igmp interface.

Example

Set the query interval on Vlan-interface10 as 3 seconds.


[SW7700-Vlan-interface10]igmp lastmember-queryinterval 3

igmp max-response-time Syntax

igmp max-response-time seconds

undo igmp max-response-time

View

VLAN interface view

Parameter

seconds: Maximum response time in the IGMP query messages in second in the range from 1 to 25. By default, the value is 10 seconds.

Description

Use the igmp max-response-time command to configure the maximum response time contained in the IGMP query messages.

Use the undo igmp max-response-time command to restore the default value.

The maximum query response time determines the period for a router to quickly detect that there are no more directly connected group members in a LAN.

Related command: display igmp group

Example

Set the maximum response time carried in host-query message to 8 seconds.

[SW7700-vlan-interface10]igmp max-response-time 8

igmp robust-count Syntax

igmp robust-count robust-value

undo igmp robust-count

View

VLAN interface view

Parameter

robust-value: IGMP robust value, number of sending the IGMP group query message after the IGMP query router receives the IGMP Leave message from the host. It is in the range of 2 to 5. The default is 2.

Description

■ Use igmp robust-count command to set the number of sending the IGMP group query message after the IGMP query router receives the IGMP Leave message from the host.

■ Use the undo igmp robust-count command to restore the default value.

In the shared network, that is, a same network segment including multiple hosts and multicast routers, the query router is responsible for maintaining the IGMP


group membership on the interface. When the IGMP v2 host leaves a group, it sends a IGMP Leave message. When receiving the IGMP Leave message, the IGMP query router must send the IGMP group query message for specified times (by the robust-value parameter in the igmp robust-count command, with default value as 2) in a specified time interval (by the seconds parameter in the igmp lastmember-queryinterval command, with default value as 1 second).

If other hosts which are interested in the specified group receive the IGMP query message from the IGMP query router, they will send back the IGMP Membership Report message within the specified maximum response time interval. If it receives the IGMP Membership Report message within the defined period (equal to robust-value seconds), the IGMP query router continue to maintain the membership of this group. When receiving no IGMP Membership Report message from any hosts within the defined period, the IGMP query router considers it as timeout and stops membership maintenance for the group.

This command is only available on the IGMP query router running IGMP v2. For the host running IGMP v1, this command cannot take effect for the host may not send the IGMP Leave message when it leaves a group.

Related command: igmp lastmember-queryinterval and display igmp interface

Example

Set the robust value at the Vlan-interface 10 as 3.

[SW7700-Vlan-interface10]igmp robust-count 3

igmp timer other-querier-present

Syntax

igmp timer other-querier-present seconds

undo igmp timer other-querier-present

View

VLAN interface view

Parameter

seconds: IGMP querier present timer value in second ranging from 1 to 131070. By default, the value is twice the value of IGMP query message interval, i.e., 120 seconds.

Description

Use the igmp timer other-querier-present command to configure the timer of presence of the IGMP querier.

Use the undo igmp timer other-querier-present command to restore the default value.

On a shared network, where there are multiple multicast routers on the same network segment, the query router (querier for short) takes charge of sending query messages periodically on the interface. If other non-queriers receive no query messages within the valid period, the router will consider the previous query to be invalid and the router itself becomes a querier.


In IGMP version 1, the selection of a query is determined by the multicast routing protocol. In IGMP version 2, the router with the lowest IP address on the shared network segment acts as the querier.

Related commands: igmp timer query and display igmp interface

Example

Set querier to expire after 300 seconds.

[SW7700-vlan-interface10]igmp timer other-querier-present 300

igmp timer query Syntax

igmp timer query seconds

undo igmp timer query

View

VLAN interface view

Parameter

seconds: The interval, in seconds, at which a router transmits IGMP query messages in the range from 1 to 65535. By default, the value is 60 seconds.

Description

■ Use the igmp timer query command to configure the interval at which a router interface sends IGMP query messages.

■ Use the undo igmp timer query command to restore the default value.

A multicast router periodically sends out IGMP query messages to attached segments to find hosts that belong to different multicast groups. The query interval can be modified according to the practical conditions of the network.

Related command: igmp timer other-querier-present

Example

Configure to transmit the host-query message every 60 seconds via VLAN-interface2.

[SW7700-vlan-interface2]igmp timer query 60

igmp version Syntax

igmp version { 1 | 2 }

undo igmp version

View

VLAN interface view

Parameter

1: IGMP Version 1.

2: IGMP Version 2. By default, IGMP Version 2 is used.


Description

■ Use the igmp version command to specify the version of IGMP that a router uses.

■ Use the undo igmp version command to restore the default value.

All routers on a subnet must support the same version of IGMP. After detecting the presence of IGMP Version 1 system, a router cannot automatically switch to Version 2.

Example

Run IGMP Version 1 on VLAN-interface10.

[SW7700-vlan-interface10]igmp version 1

reset igmp group Syntaxreset igmp group { all | interface interface-type interface-number { all | group-address [ group-mask ] } }

View

User view

Parameter

all: All IGMP groups.

interface interface-type interface-number: Interface type and interface number.

group-address: IGMP group address.

group-mask: Mask of IGMP group address.

Description

■ Use the reset igmp group command to delete an existing IGMP group from the interface. The deleted group can added again on the interface.

Example

Delete all IGMP groups on all the interfaces.

<SW7700>reset igmp group all

Delete all IGMP groups on the Vlan-interface10.

<SW7700>reset igmp group interface Vlan-interface10 all

Delete the group 225.0.0.1 from the Vlan-interface10.

<SW7700>reset igmp group interface Vlan-interface10 225.0.0.1

Delete the IGMP groups ranging from 225.1.1.0 to 225.1.1.255 on the Vlan-interface10.

<SW7700>reset igmp group interface Vlan-interface10 225.1.1.0 255.255.255.0

PIM Configuration Commands 315

PIM Configuration Commands

This section describes how to use the Protocol Independent Multicast (PIM) configuration commands on your Switch 7700.

bsr-policy Syntax

bsr-policy acl-number

undo bsr-policy

View

PIM view

Parameter

acl-number: ACL number imported in BSR filtering policy, in the range of 2000 to 2999.

Description

■ Use the bsr-policy command to limit the range of legal BSRs to prevent BSR proofing.

■ Use the undo bsr-policy command to restore the default setting so that no range limit is set and all received messages are taken as legal.

In the PIM SM network using BSR (bootstrap router) mechanism, every router can set itself as C-BSR (candidate BSR) and take the authority to advertise RP information in the network once it wins in the contention. To prevent malicious BSR proofing in the network, the following two measures need to be taken:

■ Prevent the router from being spoofed by hosts though faking legal BSR messages to modify RP mapping. BSR messages are of multicast type and their TTL is 1, so this type of attacks often hit edge routers. Fortunately, BSRs are inside the network, while assaulting hosts are outside, therefore neighbor and RPF checks can be used to stop this type of attacks.

■ If a router in the network is manipulated by an attacker, or an illegal router is accessed into the network, the attacker may set itself as C-BSR and try to win the contention and gain authority to advertise RP information among the network. Since the router configured as C-BSR shall propagate BSR messages, which are multicast messages sent hop by hop with TTL as 1, among the network, then the network cannot be affected as long as the peer routers do not receive these BSR messages. One way is to configure bsr-policy on each router to limit legal BSR range, for example, only 1.1.1.1/32 and 1.1.1.2/32 can be BSR, thus the routers cannot receive or forward BSR messages other than these two. Even legal BSRs cannot contest with them.

Problems may still exist if a legal BSR is attacked, though these two measures can effectively guarantee high BSR security.

The source parameter in the rule command is translated as BSR address in the bsr-policy command.

Related commands: acl and rule


Example

Configure BSR filtering policy on routers, only 1.1.1.1/32 can be BSR.

[SW7700-pim]bsr-policy 1[SW7700-pim]quit[SW7700]acl number 2000[SW7700-acl-basic-2000]rule 0 permit source 1.1.1.1 0

c-bsr Syntax

c-bsr interface-type interface-number hash-mask-len [ priority ]

undo c-bsr

View

PIM view

Parameter

interface-type interface-number: Interface type and interface number of a router. The candidate BSR is configured on the interface. PIM-SM must be enabled on the interface first.

hash-mask-len: Length of the mask. The value ranges from 0 to 32.

priority: Priority of the candidate BSR. The larger the value of the priority, the higher the priority of the BSR. The value ranges from 0 to 255. The default value is 0.

Description

■ Use the c-bsr to configure a candidate BSR.

■ Use the undo c-bsr to remove the candidate BSR configured.

By default, no candidate BSR is set.

When using this command to configure the candidate BSR, the larger bandwidth should be guaranteed since a great amount of information will be exchanged between BSR and other devices in the PIM domain.

Related command: pim sm.

Example

Configure the Ethernet switch as C-BSR with priority 2 (and the C-BSR address is designated as the IP address of VLAN-interface10).

[SW7700] pim[SW7700-pim]c-bsr vlan-interface 10 24 2

c-rp Syntaxc-rp vlan-interface-type vlan-interface-number [ group-policy acl-number | priority priority-value ]*

undo c-rp { interface-type interface-number | all }


View

PIM view

Parameter

interface-type interface-number: Specified interface with the IP address advertised as a candidate RP address.

acl-number: Number of the basic ACL that defines a group range, which is the service range of the advertised RP. The value ranges from 2000 to 2999.

priority-value: Priority value of candidate RP, in the range of 0 to 255. By default, it is 0. The greatest value corresponds to the lowest priority level

all: Remove all candidate RP configurations.

Description

■ Use the c-rp to configure the router to advertise itself as a candidate RP.

■ Use the undo c-rp to remove the configuration.

By default, no candidate RP is configured.

When configuring the candidate RP, a relatively large bandwidth should be reserved for the router and other devices in the PIM domain.

Related command: c-bsr.

Example

Configure the Switch 7700 to advertise to the BSR that it is the C-RP in the PIM. The standard ACL 2005 defines the groups related to the RP. The address of C-RP is designated as the IP address of VLAN-interface10.

[SW7700]acl number [SW7700-acl-basic-2005]rule permit source 225.0.0.0 0.255.255.255[SW7700]pim[SW7700-pim]c-rp vlan-interface 10 group-list 2005

crp-policy Syntaxcrp-policy acl-number

undo crp-policy

View

PIM view

Parameter

acl-number: ACL number imported in C-RP filtering policy, ranging from 2000 to 2999.

Description

■ Use the crp-policy command to limit the range of legal C-RP, as well as target service group range of each C-RP, prevent C-RP proofing.


■ Use the undo crp-policy command to restore the default setting so that no range limit is set and all received messages are taken as legal.

In the PIM SM network using BSR mechanism, every router can set itself as C-RP (candidate rendezvous point) servicing particular groups. If elected, a C-RP becomes the RP servicing the current group.

In BSR mechanism, a C-RP router unicasts C-RP messages to the BSR, which then propagates the C-RP messages among the network by BSR message. To prevent C-RP spoofing, you need to configure crp-policy on the BSR to limit legal C-RP range and their service group range. Since each C-BSR has the chance to become BSR, you must configure the same filtering policy on each C-BSR router.

This command uses the ACLs numbered between 2000 and 2999. The source parameter in the rule command is translated as C-RP address in the crp-policy command, and the destination parameter as the service group range of this C-RP address. For the C-RP messages received, only when their C-RP addresses match the source address and their server group addresses are subset of those in ACL, can the be considered as matched.

Related commands: acl and rule

Example

Configure C-RP filtering policy on the C-BSR routers, allowing only 1.1.1.1/32 as C-RP and to serve only for the groups 225.1.0.0/16.

[SW7700-pim]crp-policy 100[SW7700-pim]quit[SW7700]acl number 2000[SW7700-acl-adv-2000]rule 0 permit source 1.1.1.1 0 destination 225.1.0.0 0.0.255.255

debugging pim common Syntaxdebugging pim common { all | event | packet | timer }

undo debugging pim common { all | event | packet | timer }

View

User view

Parameter

all: all the common debugging information of PIM.

event: debugging information of common PIM event.

packet: debugging information of PIM hello packet.

timer: debugging information of common PIM timer.

Description

■ Use the debugging pim common to enable common PIM debugging functions.

■ Use the undo debugging pim common to disable the debugging functions.


By default, common PIM debugging functions are disabled.

debugging pim dm Syntaxdebugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert | graft | graft-ack | join | prune } }

undo debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert | graft | graft-ack | join | prune } }

View

User view

Parameter

alert: interoperation event debugging information of PIM-DM

all: all the debugging information of PIM-DM.

mrt: debugging information of PIM-DM multicast routing table.

timer: debugging information of PIM-DM timer.

warning: debugging information of PIM-DM warning message.

recv: debugging information of PIM-DM receiving packets.

send: debugging information of PIM-DM sending packets.

all | assert | graft | graft-ack | join | prune: packets type.

Description

■ Use the debugging pim dm to enable PIM-DM debugging functions.

■ Use the undo debugging pim dm to disable the debugging functions.

By default, PIM-DM debugging functions are disabled.

debugging pim sm Syntaxdebugging pim sm { all | mbr | register-proxy | mrt | timer | warning | { recv | send } { assert | graft | graft-ack | join | prune } }

undo debugging pim sm { all | mbr | register-proxy | mrt | timer | warning | { recv | send } { assert | graft | graft-ack | join | prune } }

View

User view

Parameter

mbr: debugging information of PIM-SM multicast border router event.

register-proxy: debugging information of PIM-SM IO registry proxy.

mrt: debugging information of PIM-SM multicast routing table.


timer: debugging information of PIM-SM timer.

warning: debugging information of PIM-SM warning message.

recv: debugging information of PIM-SM receiving packets.

send: debugging information of PIM-SM sending packets.

assert | graft | graft-ack | join | prune: packets type.

Description

■ Use the debugging pim sm to enable PIM-SM debugging functions.

■ Use the undo debugging pim sm to disable the debugging functions.

By default, PIM-SM debugging functions are disabled.

display pim bsr Syntaxdisplay pim bsr

View

All views

Parameter

None

Description

Use the display pim bsr to display the information about BSR.

This command is used for displaying the information about BSR, including the information about the elected BSR and the information advertised by the local RP candidates.

Related command: c-bsr, c-rp.

Example<SW7700>display pim bsrCurrent BSR Address: 192.168.1.1Priority: 0Expires: 1:52

display pim interface Syntaxdisplay pim interface [ interface-type interface-number ]

View

All views

Parameter

interface-type: Specifies the interface type.

interface-number: Specifies interface number.


Description

Use the display pim interface to display the PIM configuration information about an interface.

If the interface type and number are not specified, the PIM configuration information about all the interfaces will be displayed, otherwise the information about the specified interface will be displayed.

Example<SW7700>display pim interfaceAddress Interface Ver/Mode Nbr Cnt Query Intvl DR8.8.8.8 VLAN-interface1v2/S 1 30 8.8.8.8192.168.1.1 VLAN-interface2v2/S 0 30 192.168.1.1

display pim neighbor Syntaxdisplay pim neighbor [ interface interface-type interface-number ]

View

All views

Parameter

interface-type interface-number: Interface type and interface number, used to specify the interface.

Description

Use the display pim neighbor to view the PIM neighbor information.

This command is used for displaying the information about the PIM neighbors discovered by the Ethernet switch interface. When the parameters are configured, only the PIM neighbors of the specified interface will be displayed.

Example<SW7700>display pim neighborNeighbor Address Interface Uptime Expires8.8.8.6 VLAN-interface1 1637 89

Table 31 Output Description of the display pim interface Command

Field Description

Mode Interface mode (DM or PM)

Query Intvl Hello packet interval

DR Designated router

Nbr Cnt Number of adjacent routers

Table 32 Output description about PIM neighbors

Field Description

Neighbor Address Neighbor address

Interface Interface where the neighbor has been discovered

Uptime Time passed since the multicast group has been discovered

Expires Specifies when the member will be removed from the group


display pim routing-table

Syntaxdisplay pim routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] | **rp [ rp-address [ mask { mask-length | mask } ] ] } | { group-address [ mask { mask-length | mask } ] | source-address [ mask { mask-length | mask } ] } * } | incoming-interface { interface-type interface-num | interface-name | null } | { dense-mode | sparse-mode } ] *

View

All views

Parameter

**rp: (*, *, RP) route entry.

*g: (*, G) route entry.

group-address: Address of the multicast group.

source-address: IP address of the multicast source.

incoming-interface: Router entry with the specified incoming interface.

Description

Use the display pim routing-table to view the contents of the PIM multicast routing table.

Related command: display multicast routing-table.

Example

View the contents of the PIM multicast routing table on the router.

<SW7700>display pim routing-tablePIMSM Routing TableTotal 0 (*,*,RP), 0 (*,G), 2 (S,G)

(192.168.1.2, 224.2.178.130),Protocol 0x20: PIMSM, Flag 0x4: SPTUpTime: 23:59, Timeout after 196 secondsUpstream interface: VLAN-interface2, RPF neighbor: NULLDownstream interface list: NULL

(192.168.1.2, 224.2.181.90),Protocol 0x20: PIMSM, Flag 0x4: SPTUpTime: 23:59, Timeout after 196 secondsUpstream interface: VLAN-interface2, RPF neighbor: NULLDownstream interface list: NULL

Total 2 entries listed

display pim rp-info Syntaxdisplay pim rp-info [ group-address ]

View

All views


Parameter

group-address: Specify the group address to be showed. If no multicast group is specified, the RP information about all multicast groups will be displayed.

Description

Use the display pim rp-info to view the RP information of multicast group.

In addition, this command can also show the BSR and static RP information.

Example<SW7700>display pim rp-infoPIM-SM RP-SET information:BSR is: 192.168.1.1Group/MaskLen: 224.0.0.0/4RP 192.168.1.1, Version 2priority: 0uptime(from last update): 29:11, to expire in: 2:02

pim Syntaxpim

undo pim

View

System view

Parameter

None

Description

■ Use the pim to enter the PIM view.

■ Use the undo pim to clear the configurations in PIM view.

The global parameters of PIM can only be configured in PIM view.

Example

Enable multicast and enter the PIM view.

<SW7700>system-view[SW7700]multicast routing-enable[SW7700]pim[SW7700-pim]

pim bsr-boundary Syntaxpim bsr-boundary

undo pim bsr-boundary

View

Interface view


Parameter

None

Description

■ Use the pim bsr-boundary to configure an interface to be the PIM domain border.

■ Use the undo pim bsr-boundary to remove the border.

By default, no domain border is set.

You can use this command to set border of bootstraps messages, that is to say, bootstrap messages cannot pass interfaces that are configured with pim bsr-boundary command while other PIM messages can. In this way, the network is divided into different BSR domains.

It should be noted that this command cannot set up multicast boundaries. It only sets up a PIM domain bootstrap message border.

Related command: c-bsr.

Example

Configure domain border on VLAN-interface10.

[SW7700-vlan-interface10]pim bsr-boundary

pim dm Syntaxpim dm

undo pim dm

View

Interface view

Parameter

None

Description

■ Use the pim dm to enable PIM-DM.

■ Use the undo pim dm to disable PIM-DM.

By default, PIM-DM is disabled.

Once enabled PIM-DM on an interface, PIM-SM cannot be enabled on the same interface and vice versa.

Example

Enable PIM DM on VLAN-interface10 of the Ethernet switch.

[SW7700]multicast routing-enable[SW7700-vlan-interface10]pim dm


pim neighbor-limit Syntax

pim neighbor-limit limit

undo pim neighbor-limit

View

VLAN interface view

Parameter

limit: Limits of PIM neighbors on the interface, in the range of 0~128.

Description

■ Use the pim neighbor-limit command to limit the PIM neighbors on an interface. No neighbor can be added any more when the limit is reached.

■ Use the undo pim neighbor-limit command to restore the default setting.

By default, the PIM neighbors on the interface are limited to 128.

If the existing PIM neighbors exceed the configured value during configuration, they will not be deleted.

Example

Limit the PIM neighbors on the Vlan-interface10 to 50.

[SW7700-Vlan-interface10]pim neighbor-limit 50

pim neighbor-policy Syntax

pim neighbor-policy acl-number

undo pim neighbor-policy

View

VLAN interface view

Parameter

acl-number: Basic ACL number, in the range of 2000 to 2999.

Description

■ Use the pim neighbor-policy command to filter the PIM neighbors on the current interface.

■ Use the undo pim neighbor-policy command to remove the filter.

Only the routers that match the filtering rule in the ACL can serve as a PIM neighbor of the current interface.


Example

Configure that 10.10.1.2 can serve as a PIM neighbor of the Vlan-interface1, but not 10.10.1.1.


[SW7700-Vlan-interface1]pim neighbor-policy 1[SW7700-Vlan-interface1]quit[SW7700]acl number 2000[SW7700-acl-basic-2000]rule permit source 10.10.1.2 0[SW7700-acl-basic-2000]rule deny source 10.10.1.1 0

pim sm Syntaxpim sm

undo pim sm

View

Interface view

Parameter

None

Description

■ Use the pim sm to enable the PIM-SM protocol on an interface.

■ Use the undo pim sm to disable the PIM-SM protocol.

By default, PIM-SM is disabled.

Once enabled PIM-SM on an interface, PIM-DM cannot be enabled on the same interface and vice versa.

Example

Enable PIM-SM on VLAN-interface10.

[SW7700-vlan-interface10]pim sm

pim timer hello Syntaxpim timer hello seconds

undo pim timer hello

View

Interface view

Parameter

seconds: Interval of sending Hello messages in second ranging from 1 to 18000. By default, the interval value is 30 seconds.

Description

■ Use the pim timer hello to configure the interval of sending PIM router Hello messages.

■ Use the undo pim timer hello to restore the default interval value.

Example

Configure to transmit Hello packet via VLAN-interface10 every 40 seconds.

[SW7700-vlan-interface10]pim timer hello 40


reset pim neighbor Syntaxreset pim neighbor { all | { neighbor-address | interface vlan-interface vlan-interface-number } * }

View

User view

Parameter

all: All PIM neighbors

neighbor-address: Specifies neighbor address.

interface Vlan-interface Vlan-interface-number: Specifies VLAN interface.

Description

■ Use the reset pim neighbor command to clear a PIM neighbor.

Related command: display pim neighbor

Example

Clear the PIM neighbor 25.5.4.3.

<SW7700>reset pim neighbor 25.5.4.3

reset pim routing-table Syntaxreset pim routing-table { all | { group-address [ mask { group-mask | group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] | { incoming-interface { interface-type interface-number | null } } } * }

View

User view

Parameter

all: All PIM neighbors


mask group-mask: Specifies group mask.

mask-length group-mask-length: Specifies mask length of the group address.


mask source-mask: Specifies source mask.

mask-length source-mask-length: Specifies mask length of the group address.

incoming-interface: Specifies incoming interface for the route entry in PIM routing table.

Vlan-interface Vlan-interface-number: Specifies VLAN interface.


null: Specifies the incoming interface of the route entry as null.

Description

■ Use the reset pim routing-table command to clear a PIM route entry.

You can type in source-address first and group-address after in the command, as long as they are valid. Error information will be given if you type in invalid addresses.

If in this command, the group-address is 224.0.0.0/24 and source-address is the RP address (where group address can have a mask, but the resulted IP address must be 224.0.0.0, and source address has no mask), then it means only the (*, *, RP) item will be cleared.

If in this command, the group-address is any a group address, and source-address is 0 (where group address can have a mask, and source address has no mask), then only the (*, G) item will be cleared.

This command clears multicast route entries from PIM routing table, as well as the corresponding route entries and forward entries in the multicast core routing table and MFC.

Related commands: reset multicast routing-table, reset multicast forwarding-table and display pim routing-table.

Example

Clear the route entries with group address 225.5.4.3 from the PIM routing table.

<SW7700>reset pim routing-table 225.5.4.3

source-policy Syntax

source-policy acl-number

undo source-policy

View

PIM view

Parameter

acl-number: Basic or advanced ACL, in the range of 2000 to 3999.

Description

Using source-policy command, you can set to filter the source (and group) address of multicast data packets. Using undo static-rp command, you can remove the configuration.

If resource address filtering is configured, as well as basic ACLs, then the router filters the resource addresses of all multicast data packets received. Those not matched will be discarded.

If resource address filtering is configured, as well as advanced ACLs, then the router filters the resource and group addresses of all multicast data packets received. Those not matched will be discarded.


When this feature is configured, the router filters not only multicast data, but the multicast data encapsulated in the registration packets.


Example

Set to receive the multicast data packets from source address 10.10.1.2, but discard those from 10.10.1.1.

[SW7700]multicast routing-enable[SW7700]pim[SW7700-pim]source-policy 1[SW7700-pim]quit[SW7700]acl number 2000[SW7700-acl-basic-2000]rule permit source 10.10.1.2 0[SW7700-acl-basic-2000]rule deny source 10.10.1.1 0

static-rp Syntax

static-rp rp-address [ acl-number ]

undo static-rp

View

PIM view

Parameter

rp-address: Static RP address, only being legal unicast IP address.

acl-number: Basic ACL, used to control the range of the multicast group served by the static RP, which ranges from 2000 to 2999. If an ACL is not specified at configuration, static RP will serve all multicast groups; if an ACL is specified, static RP will only serve the multicast group passing the ACL.

Description

■ Use the static-rp command to configure static RP.

■ Use the undo static-rp command to remove the configuration.

Static RP functions as the backup of dynamic RP so as to improve the network robustness. If the RP elected by BSR mechanism is valid, static RP will not work.

All routers in the PIM domain should be configured with this command and be specified with the same RP address.


Related command: display pim rp-info

Example

Configure 10.110.0.6 as a static RP.

[SW7700]multicast routing-enable


[SW7700]pim[SW7700-pim]static-rp 10.110.0.6

7
USING QOS/ACL COMMANDS

ACL Configuration Command List

■ acl

■ acl mode

■ display acl config

■ display acl mode

■ display acl running-packet-filter

■ display time-range

■ packet-filter

■ reset acl counter

■ rule

■ time-range

QoS Configuration Commands List

■ display mirroring-group

■ display priority-trust

■ display qos cos-local-precedence- map

■ display qos-interface all

■ display qos-interface line-rate

■ display qos-interface traffic-bandwidth

■ display qos-interface traffic-limit

■ display qos-interface traffic-priority

■ display qos-interface traffic-red

■ display qos-interface traffic-redirect

■ display qos-interface traffic-statistic

■ line-rate

■ mirroring-group

■ priority

■ priority trust

■ qos

■ qos cos-local-precedence- map

■ reset traffic-statistic

332 CHAPTER 7: USING QOS/ACL COMMANDS

■ traffic-bandwidth

■ traffic-limit

■ traffic-priority

■ traffic-red

■ traffic-redirect

■ traffic-statistic

Logon user’s ACL Control Command

■ acl

■ snmp-agent community

■ snmp-agent group

■ snmp-agent usm-user

ACL Configuration Command List

This section describes how to use the ACL configuration commands on your Switch 7700.

acl Syntaxacl { number acl-number | name acl-name [ advanced | basic | link | user ] } [ match-order { config | auto } ]

undo acl { number acl-number | name acl-name | all }

View

System view

Parameter

number acl-number: ACL number, ranging from:

2000 to 2999: Basic ACL.

3000 to 3999: Advanced ACL.

4000 to 4999: Layer-2 ACL.

5000 to 5999: User defined ACL

name acl-name: Specifies an ACL with a character string, beginning with English letters [a-z, A-Z] only, excluding space and quotation marks, and not case sensitive. The all and any keywords are not allowed.

advanced: Advanced ACL.

basic: Basic ACL.

link: Layer-2 ACL.

user: User-defined ACL.

config: Follow the user configuration order to match ACL rules.

ACL Configuration Command List 333

auto: Follow the depth-first order to match ACL rules.

all ( for the undo command): Configures to delete all the ACLs (including numbered and named ACLs).

Description

■ Use the acl command to configure a numbered or named ACL, and enter the corresponding ACL view.

■ Use the undo acl command to cancel all the rules of a numbered or named ACL or all the ACLs.

By default, the ACLs are matched in config order.

Use the acl command to create an ACL and specify its name with “acl-name” and its type with the keywords “advanced”, ”basic”, ”user”, or ”link”. For both numbered and named ACL, you can use the rule command to add rules for them after entering ACL view. (Use the quit command to exit ACL view.) An ACL may contain multiple rules and the traffic classification rules concern different ranges, which brings forward the issue of match order when a data packet matches more than one rule.

Use the match-order command to follow the user configuration order (as defaulted) or depth-first order (matching the rule with smaller range first) to match the rules. After specifying the match order of an ACL, you cannot change it, unless you delete all its rules and specify the order again. Note that the match order is user defined and can only be effective for the data that is treated by the software of the switch.

On the Switch 7700, each ASIC supports up to 128 ACLs. Therefore, on a 7- or 8-slot chassis, with six 48-port I/O modules (and two ASICS on each module), you can configure up to 1536 ACLs. On a 4-slot chassis, with three 48-port I/O modules, you can configure up to 768 ACLs.

For related configurations, refer to the command rule.

User-defined ACLs can only be activated on the 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK I/O modules.

Example

Configure to follow depth-first order to match the rules of ACL 2000.

[SW7700]acl number 2000 match-order auto

acl mode Syntaxacl mode { ip-based | link-based }

undo acl mode

View

System view


Parameter

ip-based: Configures to use L3 traffic classification rules. In this case only L3 rules take effect.

link-based: Configures to use L2 traffic classification rules. In this case only L2 rules take effect.

Description

■ Use the acl mode command to select the ACL mode used by the switch between L2 and L3 traffic rules.

■ Use the undo acl mode command to restore the ACL mode used by the switch.

For the L2 and L3 traffic classification rules configured globally, there is an issue about discriminate usage. You can use this command to select between the L2 and L3 traffic classification rules.

This command is not effective on the 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK I/O modules.

Example

Configures to run L2 traffic classification rule.

[SW7700]acl mode link-based

display acl config Syntaxdisplay acl config { all | acl-number | acl-name }

View

All views

Parameter

all: Configures to display all the ACLs (including numbered and named ACLs).

acl-number: Specifies the sequence number of the ACL.

acl-name: Specifies the name of the ACL to be displayed with a character string starting with English letters ([a-z, A-Z]) only and excluding space or quotation mark.

Description

Use the display acl config command to view the detail configuration information about the ACL, including all the statements and sequence numbers and how many packets and bytes matched these statements. The matched information is the information treated by switch’s CPU. The matched information of transmitted data can be displayed by the display qos-info traffic-statistic command.

Example

Display the content of all the ACLs.

<SW7700>display acl config all


Basic acl 2010, 1 rule, rule 1 permit 10.0.0.1 0 (0 times matched)

Basic acl 2020, 1 rule, rule 2 permit 20.0.0.1 0 (0 times matched)

Basic acl std1, 2 rules, rule 1 permit 20.0.0.1 0 (0 times matched)rule 2 permit 30.0.0.1 0 (0 times matched)

display acl mode Syntaxdisplay acl mode

View

All views

Parameter

None

Description

Use the display acl mode command to view the ACL mode chosen by the switch.

Example

Display the ACL mode chosen by the switch.

<SW7700>display acl modeACL mode: ip-based

display acl running-packet-filter

Syntaxdisplay acl running-packet-filter { all | interface { interface-name | interface-type interface-num } }

View

All views

Parameter

all: Displays all the ACLs (including numbered and named ACLs).

interface { interface-name | interface-type interface-num }: Specifies a port of the switch. For detailed information, refer to the “Using Port Commands” on page 49.

Description

Use the display acl running-packet-filter all command to view the information about the running state of the ACL. The displayed information includes ACL name, rule name and running state.

Example

Display the ACL running state on all the interfaces.

<SW7700>display acl running-packet-filter all


acl std1 rule 0 runningacl std1 rule 1 running

The display information shows all the activated ACLs of the switch.

display time-range Syntaxdisplay time-range [ all | name ]

View

All views

Parameter

name: Specifies the name of the time range.

Description

Use the display time-range command to view the configuration and status of the current time range. You will see the active or inactive state outputs.

Note that the system has a delay of about 1 minute when updating the ACL state, while the display time-range command applies the current time. Therefore, when display time-range displays that a time range is active, the ACL using it may not have been activated. This is normal.

Example

Display the configuration of all the time ranges.

<SW7700>display time-range allCurrent time is 14:36:36 4-3-2003 Thursday

Time-range : hhy ( Inactive ) from 08:30 2-5-2005 to 18:00 2-19-2005

Time-range : hhy1 ( Inactive ) from 08:30 2-5-2003 to 18:00 2-19-2003

Display the time range named tm1.

<SW7700>display time-range tm1Current time is 14:37:31 4-3-2003 Thursday

Time-range : tm1 ( Inactive ) from 08:30 2-5-2005 to 18:00 2-19-2005

packet-filter Syntax for 48-port 10/100BASE-T Auto-sensing FE, 8-port 1000BASE-X GE, 8-port 10/100/1000BASE-T GE, and 24-port 100BASE-FX MMF FE I/O Modules:packet-filter inbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } [ not-care-for-interface ]

undo packet-filter inbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }


Syntax for 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK I/O Modules

packet-filter inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] |

link-group { acl-number | acl-name } [ rule rule ] }* }

undo packet-filter inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] |

link-group { acl-number | acl-name } [ rule rule ] }* }

NOTE: Activating both IP ACL and Layer-2 ACL is supported by 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK I/O modules. However, the sum of the bytes number defined by the IP ACL and the Layer-2 ACL can not exceed 32 bytes.

View

QoS view.

Parameter

inbound: Filters the traffic received by the Ethernet port.

ip-group { acl-number | acl-name }: Activates the IP ACLs. IP ACLs include basic and advanced ACLs. acl-number specifies the sequence number of the ACL, ranging from 2000 to 3999. acl-name specifies the ACL name with a character string starting with a to z, A to Z, excluding spaces and quotation marks.

link-group { acl-number | acl-name }: activates the Layer-2 ACLs. acl-number specifies the ACL number, ranging from 4000 to 4999. acl-name specifies the ACL name with a character string started with a to z, A to Z, excluding spaces and quotation marks.

user-group { acl-number | acl-name }: activates the user-defined ACL. acl-number specifies the ACL number, ranging from 5000 to 5999. acl-name specifies the ACL name with a character string started with a to z or A to Z, excluding spaces and quotation marks.

rule rule: Specifies the rule in the ACL to be activated, ranging from 0 to 127. If it is not specified, all the rules in the ACL are activated.

not-care-for-interface: For non-48-port interface modules, the packet-filtering function occurs on the interface card where the current port resides after the parameter is chosen. On the 48-port interface, if the number of the current port is 1 to 24, the packet filtering takes effect on port 1 to port 24 after the parameter is chosen. If the number of the current port is 25 to 48, the packet filtering takes effect on port 25 to port 48 after the parameter is chosen.

Description

■ Use the packet-filter command to activate the ACL.

■ Use the undo packet-filter command to disable the ACL.

NOTE: ARP packets are allowed to pass by default on the Switch 7700. You cannot use the packet-filter command to filter ARP packets, even though you have


used the rule command to define a Layer 2 ACL, in which the parameter protocol is defined as ARP.

Example

Activate ACL 2000.

[SW7700-qoss-Ethernet3/0/1]packet-filter inbound ip-group 2000

reset acl counter Syntaxreset acl counter { all | acl-number | acl-name }

View

User view

Parameter

all: All the ACLs (including numbered and named ACLs).

acl-number: Specifies an ACL by its number.

acl-name: Specifies an ACL with a character string, beginning with English letters [a-z, A-Z] only, excluding space and quotation marks, and not case sensitive. The all and any keywords are not allowed.

Description

Use the reset acl counters command to reset the statistics information of the ACL and reset the counters of packet and byte matching the ACL.

Example

Clear the statistics information of ACL 2000.

<SW7700>reset acl counters 2000

rule Syntax

Define or delete a rule for basic ACL:

rule [ rule-id ] { permit | deny } [ source source-addr source-wildcard | any ] [ fragment ] [ time-range name ]

undo rule rule-id [ source ] [ fragment ] [ time-range ]

Define or delete a rule for advanced ACL:

rule [ rule-id ] { permit | deny } protocol [ source source-addr source-wildcard | any ] [ destination dest-addr dest-mask | any ] [ source-port operator port1 [ port2 ] ] [ destination-port operator port1 [ port2 ] ] [ icmp-type type-code ] [ established ] [ precedence precedence ] [ tos tos ] [ dscp dscp ] [ fragment ] [ time-range name ]

undo rule rule-id [ source ] [ destination ] [ source-port ] [ destination-port ] [ precedence ] [ tos ] [ dscp ] [ fragment ] [ time-range ]


Define or delete a rule for a Layer-2 ACL:

rule [ rule-id ] { permit | deny } [ protocol-type ] [ format-type ] ingress { { [ source-vlan-id ] [ source-mac-addr ] | any } egress { [ dest-mac-addr ] [ destination-vlan-id ] | any } [ time-range name ]

undo rule rule-id

Define or delete a rule for user-defined ACL:

rule [ rule-id ] { permit | deny } { rule-string rule-mask offset }&<1-8> [ time-range name ]

undo rule rule-id

NOTE: User-defined ACLs can only be activated on 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK modules.

View

ACL view

Parameter

rule-id: Specifies a rule of an ACL with a number in the range of 0 to 127.

permit: Indicates to let the matched packets through.

deny: Indicates to reject the matched packets to pass through.

time-range name: Name of a time range, during which a rule takes effect.

The following parameters are attributes carried by the data packets. The ACL rules are defined according to the values of these parameters.

■ Parameters for a basic ACL:

source-addr source-wildcard | any: source-addr source-wildcard is the source IP address and source address wildcard, expressed in dotted decimal notation. any represents any source address.

fragment: Indicates that the rule takes effect on fragmented packets only and will be ignored for other packets.

■ Parameters for an advanced ACL:

protocol: This parameter is to define protocol type, which can be indicated by name, or digit. This parameter can be icmp, igmp, tcp, udp, ip, gre, ospf or ipinip. If this parameter takes ip, it means all the IP protocols. This parameter can be 1 ~ 255 if indicated by digit.

source source-addr source-wildcard | any: source-addr

source-wildcard is the source IP address and source address wildcard, expressed in dotted decimal notation. any represents any source address.

destination dest-addr dest-wildcard | any: dest-addr dest-wildcard is the destination IP address and destination address wildcard, expressed in dotted decimal notation. any represents any destination address.


source-port operator port1 [ port2 ]: This parameter is to define the source TCP or UDP port number. Here, operator represents port operation character, including eq (equal to), gt (greater than), lt (less than), neq (not equal to), and range (in certain range).

This parameter is available only when protocol parameter takes TCP or UDP. port1 [ port2 ]: TCP or UDP port number of packets, expressed with characters or numbers. The numbers are in the range of 0 to 65535 and refer to mnemonic symbol table for character values.

destination-port operator port1 [ port2 ]: This parameter is to define the destination TCP or UDP port number. The meaning of operator port1 [port2] is same as upper parameter.

icmp-type type-code: Used when protocol is specified as icmp. icmp-type icmp-code specifies an ICMP packet. icmp-type specifies the ICMP packet type with a number in the range of 0 to 255 or characters. icmp-code, ranging from 0 to 255, is used for icmp when the ICMP packet type is not specified with characters.

established: Used when protocol is tcp to indicate that the rule takes effect on the first SYN packet to establish TCP connection.

precedence precedence: Specifies IP precedence with a number in the range of 0 to 7 or a name.

dscp dscp: Classifies the data packets with a number in the range of 0 to 63 or a name.

tos tos: Classifies the data packets with a number in the range of 0 to 15 or a name.

fragment: Indicates that the rule takes effect on fragmented packets only and will be ignored for other packets.

The switch does not support to deliver rules that configured with icmp-type type code, tos tos, fragment parameters to hardware.

The TCP/UDP port number has the following restrictions:

■ The operator “gt” means the port number is greater than a specified port number. The parameter after “gt” can only be 32767, that is to designate port number within the range of [32768,65535] ( or notated as 32768-65535).

■ The operator ”lt” means the port number is less than a specified port number. The parameter after lt can only be the nth power of 2, i.e., 2^n ( neN, ne[1,15] ), for instance: lt 2, lt 512.

■ If the operator is ”neg”, the system delivery will fail and prompt ”Not support!”, because the chip does not support the operator ”neg”.

■ If the operator is ”range”, the system will deliver normally only when the sequent parameters port 1 and port 2 meet the following requirements (suppose that: port-range= port2-port1+1):

■ port-range must be the power of 2.

■ port1 must be the integral multiple of port-range.


■ Parameters for a Layer 2 ACL:

protocol-type: (Optional) Protocol type carried by Ethernet frame, can be:ip, arp, rarp, ipx, nbx.

ARP packets are allowed to pass by default on the Switch 7700. You cannot configure filtering of ARP packets. If you have configured to choose ARP as the protocol type when defining Layer2 ACL rules, you cannot activate this ACL to make it effective by using the packet-filter command.

format-type: 802.3/802.2, 802.3, ether_ii, snap.

ingress { { source-vlan-id | source-mac-addr }* | any }: The source information of a packet, source-vlan-id represents source VLAN of the packet, source-mac-addr represents source MAC address of the packet, any represents all the packets received from all ports.

egress { dest-mac-addr | any }: The destination information of a packet, dest-mac-addr represents the packet's destination MAC address. any represents all the packets forwarded from all ports.

■ Parameters for user-defined ACL

{ rule-string rule-mask offset }&<1-8>: rule-string is a character string of a rule defined by a user. It only consists of hexadecimal numbers of even digits. rule-mask offset is used to extract the packet information. Here, rule-mask is rule mask, used for logical AND operation with data packets, and offset determines to perform AND operation from which bytes apart from the packet header. rule-mask offset extracts a character string from the packet and compares it with the user-defined rule-string to get and process the matched packets. &<1-8> indicates that you can define up to 8 such rules at a time.

Description

■ Use the rule command to add a subrule to an ACL.

■ Use the undo rule command to cancel a subrule from an ACL.

You can define several subrules for an ACL. If you include parameters when using the undo rule command, the system only deletes the corresponding content of the subrule.

Related command: acl

Example

Add a rule to an advanced ACL.

[SW7700-acl-adv-3000]rule 1 permit tcp established source 1.1.1.1 0 destination 2.2.2.2 0

Add a rule to a basic ACL.

[SW7700-acl-basic-2000]rule 1 permit source 1.1.1.1 0 fragment

Add a rule to an L2 ACL.

[SW7700-acl-link-4000]rule 1 permit ingress 1 egress any


time-range Syntaxtime-range time-name [ start-time to end-time days-of-the-week [ from start-time start-date ] [ to end-time end-date ] | from start-time start-date ] [ to end-time end-date ] ]

undo time-range time-name [ start-time to end-time days-of-the-week [ from start-time start-date ] [ to end-time end-date ] | from start-time start-date ] [ to end-time end-date ] ]

View

System view

Parameter

time-name: Name of a special time range to be referenced.

start-time: Start time of the special time range, format as hh:mm.

end-time: End time of the special time range, format as hh:mm.

days-of-the-week: Determines on which day(s) of a week in the special time range a command takes effect. The command takes effect everyday within the time range, if this parameter is omitted. You can specify this parameter with any of the following values:

■ Numbers (ranging from 0 to 6);

■ Monday, Tuesday, Wednesday, Thursday, Friday, Saturday or Sunday;

■ working-day, representing 5 working days, from Monday to Friday;

■ off-day, representing Saturday and Sunday;

from start-date: Start date of the special time range, determining effective days of the time range with the end-date, format as hh:mm MM-DD-YYYY.

to end-date: End date of the special time range, determining effective days of the time range with the start-date, format as hh:mm MM-DD-YYYY.

If the above two parameters are omitted, there is no limit to the effective date.

Description

■ Use the time-range command to configure a time range.

■ Use the undo time-range command to delete a time range.

If you input the parameter when using the undo time-range command, the system will delete the corresponding content of the time range according to the parameter input.

Example

Configure a time range being effective since zero hour on January 1, 2000 and forever.

[SW7700]time-range test from 0:0 1-1-2000

QoS Configuration Commands List 343

QoS Configuration Commands List

This section describes how to use the Quality of Service (QoS) configuration commands on your Switch 7700.

display mirroring-group Syntaxdisplay mirroring-group [ groupid ]

View

All views

Parameter

groupid: mirroring group number, range from 1 to 20.

Description

Use the display mirroring-group command to view the parameter settings of port mirror. The displayed information includes the port to be monitored, direction of the monitored packets, observing port, and so on.

Related command: mirroring-group.

Example

Display parameter settings of port mirror.

[SW7700]display mirroring-groupmirroring-group 1 inbound Ethernet6/0/1 mirrored-to Ethernet6/0/2

display priority-trust Syntaxdisplay priority-trust

View

All views

Parameter

None

Description

Use the display priority-trust command to view the settings of priority used for putting the packet into the sending queue.

Related command: priority-trust.

Example

Display the settings of priority used for putting the packet into the sending queue.

<SW7700>display priority-trustPriority trust mode: local-precedence

display qos cos-local-precedence-

map

Syntaxdisplay qos cos-local-precedence-map


View

All views

Parameter

None

Description

Use the display qos cos-local-precedence-map command to view “COS->Local-precedence” map.

Example

Display “COS->Local -precedence” map.

<SW7700>display qos cos-local-precedence-mapcos-local-precedence-map:cos : 0 1 2 3 4 5 6 7--------------------------------------------------------------------local-precedence : 2 0 1 3 4 5 6 7

display qos-interface all Syntaxdisplay qos-interface [ interface-name | interface-type interface-num ] all

View

All views

Parameter

interface-name | interface-type interface-num: Specifies a port of the switch. For more information, refer to the “Using Port Commands” on page 331.

Description

Use the display qos-interface all command to view the QoS setting of all the ports.

If you do not input the port parameters, the command will display all the QoS settings on the switch, including rate limit and line rate etc. If you set the port parameters, the configuration information about the specified port will be displayed.

Example

Display the QoS settings of all the ports.

<SW7700>display qos-interface allEthernet1/0/2: traffic-limit Input: Matches: access-list 2000 rule 0 running Target rate: 4 Mbps

display qos-interface line-rate

Syntaxdisplay qos-interface [ interface-name | interface-type interface-num ] line-rate


View

Any view

Parameter

interface-name | interface-type interface-num: Interface of the switch, for a detailed description see “Using Port Commands” on page 49.

Description

Use the display qos-interface line-rate command to view the traffic rate limitations of the interface output. If you do not specify interface parameters, you will view the traffic rate limitations of all interfaces’ output. If you enter interface parameters, you will view the parameter settings of traffic rate limitations of the specified interfaces’ output.

Example

Display the parameter configuration of interface traffic rate limitation.

[SW7700-Ethernet3/0/4]display qos-interface line-rate Ethernet3/0/2: line-rate Line rate: 3 Mbps Ethernet3/0/4: line-rate Line rate: 5 Mbps

display qos-interface traffic-bandwidth

Syntaxdisplay qos-interface [ interface-name | interface-type interface-num ] traffic-bandwidth

View

All views

Parameter

interface-name | interface-type interface-num: Specifies a port of the switch. For more information, refer to the “Using Port Commands” on page 331.

Description

Use the display qos-interface traffic-bandwidth command to view the settings of bandwidth.

Related command: traffic-bandwidth.

Example

Display the settings of traffic bandwidth assurance.

<SW7700>display qos-interface traffic-bandwidth

Table 33 Field Description

Field Description

Ethernet3/0/2: line-rate

Line rate: 3 Mbps

Rate limitation configuration at interface Ethernet3/0/2:

The maximum sum of all the packets rates at the Ethernet3/0/2 interface is 3Mbps


display qos-interface traffic-limit

Syntaxdisplay qos-interface [ interface-name | interface-type interface-num ] traffic-limit

View

All views

Parameter

interface-name | interface-type interface-num: Specifies a port of the switch. For more information, refer to the “Using QoS/ACL Commands” on page 331.

Description

Use the display qos-interface traffic-limit command to view the settings of rate limit. The information displayed includes the ACL of the traffic to be limited, the limited average rate and the settings of some related policing action.

Related commands: traffic-limit.

Example

Display the settings of traffic limit.

<SW7700>display qos-interface traffic-limitEthernet1/0/1: traffic-limit Input: Matches: access-list 2000 rule 0 running Target rate: 10 Mbps Ethernet1/0/2: traffic-limit Input: Matches: access-list 2000 rule 0 running Target rate: 100 Mbps

display qos-interface traffic-priority

Syntaxdisplay qos-interface [ interface-name | interface-type interface-num ] traffic-priority

View

All views

Parameter

interface-name | interface-type interface-num: Specifies a port of the switch.

Description

Use the display qos-interface traffic-priority command to view the settings of traffic priority.

This command is used for displaying the settings of traffic priority. The information displayed includes the ACL corresponding to the traffic tagged with priority, priority type and value.

Related command: traffic-priority.


Example

Display the settings of traffic priority.

<SW7700>display qos-interface traffic-priority traffic-priority Matches: access-list std1 rule 0 running Priority action: dscp ef Matches: access-list std1 rule 1 running Priority action: dscp ef

display qos-interface traffic-red

Syntaxdisplay qos-interface [ interface-name | interface-type interface-num ] traffic-red

View

All views

Parameter


Description

Use the display qos-interface traffic-red command to view the settings of RED operation.

Related command: traffic-red.

Example

Display the settings of RED.

<SW7700>display qos-interface traffic-red

display qos-interface traffic-redirect

Syntaxdisplay qos-interface [ interface-name | interface-type interface-num ] traffic-redirect

View

Any view

Parameter

interface-name | interface-type interface-num: Interface of the switch, for more detail, see “Using Port Commands” on page 49.

Description

Use the display qos-interface traffic-redirect command to view the settings of the redirection parameters. The displayed content includes the corresponding ACLs of the traffic to be redirected, the redirected interfaces, etc.

Related command: traffic-redirect.

Example

Display the redirection parameter configuration.


<SW7700>display qos-interface traffic-redirect traffic-redirect Matches: acl std1 rule 0 running Redirected to: interface Ethernet5/0/2 Matches: acl std1 rule 1 running Redirected to: interface Ethernet5/0/2

display qos-interface traffic-statistic

Syntaxdisplay qos-interface [ interface-name | interface-type interface-num ] traffic-statistic

View

All views

Parameter


Description

Use the display qos-interface traffic-statistic command to view the traffic statistics information.

This command is used for displaying the traffic statistics information. The information displayed includes the ACL corresponding to the traffic to be counted and the number of packets counted.

Related command: traffic-statistic.

Example

Display the traffic statistics information.

<SW7700>display qos-interface traffic-statistic traffic-statistic Matches: access-list std1 rule 0 running 0 packets Matches: access-list std1 rule 1 running 0 packets

Table 34 Field Explanation

Field Explanation

traffic-redirect

Matches: acl std1 rule 0 running

Redirected to: interface Ethernet5/0/2 Matches: acl std1 rule 1 running Redirected to: interface Ethernet5/0/2

Packet redirection configuration:

Matches: acl std1 rule 0 running Redirected to: interface Ethernet5/0/2 means the packets that match with subrule 0 of the ACL std1 will be redirected to the interface Ethernet5/0/2.

Matches: acl std1 rule 1 running Redirected to: interface Ethernet5/0/2 means the packets that match with subrule1 of the ACL std1 will be redirected to the interface Ethernet5/0/2.


line-rate Syntaxline-rate target-rate

undo line-rate

View

Ethernet interface view

Parameter

target-rate: The total limited rate of the packets sent by interfaces, ranging from 1 to 1000, in Mbps.

Description

Use the line-rate command to limit the total rate of the packets delivered by interfaces. Use the undo line-rate command to cancel the limit rate .

NOTE: Only the 20-Port 10/100/1000BASE-T and 20-Port 1000BASE-X-SFP I/O modules support the port rate limitation.

Example

Set the rate limitation of interface GigabitEthernet7/0/1 to 10 Mbps.

[SW7700-qosb-GigabitEthernet7/0/1]line-rate 10

mirroring-group Syntaxmirroring-group groupId { inbound | outbound } mirroring-port-list &<1-8> mirrored-to monitor-port

undo mirroring-group groupId

View

System view

Parameter

groupId: mirroring group number, range from 1 to 20.

inbound: Indicates the direction of the monitored packets. inbound means to monitor the packets received through the port.

outbound: Indicates the direction of the monitored packets. outbound means to monitor the packets sent from the port.

mirroring-port-list&<1-8>: Ethernet port list, containing multiple Ethernet ports and expressed as port-list = { { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] }. For detailed information about interface_type, interface_num and interface_name, refer to corresponding descriptions of interface command in “Using Port Commands” on page 49. &<1-8> means that you can input the preceding parameters up to 8 times.

mirrored-to monitor-port: Indicates the monitor port.


Description

■ Use the mirroring-group command to configure the mirroring group of the switch.

■ Use the undo mirroring-group command to cancel the configuration of mirroring group.

The Switch 7700 implements the mirroring function by configuring a mirroring group. Every mirroring group has one monitor port and a group of monitored ports. The packets received or sent by monitored ports will monitored by monitor port. The direction of the monitored packets can be also specified.

A port mirroring configuration has the following limitations:

■ The monitor port and the monitored ports must be the ports in the same interface card.

■ For the 48-ports FE interface card, the monitor port and the monitored ports must be within port 1 to port 24 or within port 25 to port 48.

Example

Configure mirroring group 1, ethernet3/0/1 to ethernet3/0/3 as the monitored port, ethernet3/0/4 as monitor port, and receiving packets at the ports will be monitored.

[SW7700]mirroring-group 1 inbound ethernet3/0/1 to ethernet3/0/3 mirrored-to ethernet3/0/4

priority Syntaxpriority priority-level

undo priority

View

Ethernet Port views

Parameter

priority-level: Specifies the priority level of the port, ranging from 0 to 7.

Description

■ Use the priority command to configure the priority of Ethernet port.

■ Use the undo priority command to restore the default port priority.

By default, the priority level of the port is 0.

If an untagged packet is received on the port, the switch tags the packet and assigns a 802.1p priority which matches the port's priority setting. When the packet is transmitted it assumes the 802.1Q characteristics of the transmitting port. If the transmitting port is tagged 801.Q, the packet retains the 802.1p priority it received from the inbound port. If the transmitting port is not tagged 802.1Q, the packet is transmitted with no 802.1Q tag and no 802.1p priority.


If a tagged packet is received on the port with or without 802.1p priority, no action is taken and the priority is carried through the switch. If the transmitting port is tagged 801.Q, the packet is transmitted with its original 802.1p priority. If the transmitting port is not tagged 802.1Q, the packet is transmitted with no 802.1Q tag and no 802.1p priority.

Example

Set the priority of Ethernet1/0/1 port to 7.

[SW7700-Ethernet1/0/1]priority 7

priority trust Syntaxpriority trust { dscp | ip-precedence | cos | local-precedence }

View

System view

Parameter

dscp: Sets the queue scheduling based on dscp priority.

ip-precedence: Sets the queue scheduling based on IP precedence.

cos: Sets the queue scheduling based on cos priority.

local-precedence: Sets the queue scheduling based on local-precedence.

Description

Use the priority trust command to add the packet to the corresponding sending queue based on the priority set for queue scheduling.

By default, switch chooses the local preference as the base priority.

This command is not supported by the 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK modules. For these modules, the packets are added to the port output queue by 802.1p priority only.

The Switch 7700 only supports strict precedence queue scheduling mode, but it can choose different levels of precedence when it puts the packets into the port output queue.

The Switch 7700 supports 8 output queues with different priorities. The packets in the higher-priority queue will be transmitted first. The switch puts the packets into the corresponding output queues according to their priorities as follows:

1 Based on dscp priority: The dscp priorities cover the range from 0 to 63. The packets with priorities ranging from 0 to 7 will be put into the queue 0, the packets with priorities ranging from 8 to 15 will be put into the queue 1, so on and so forth.

2 Based on ip-precedence: The ip-precedence cover the range from 0 to 15. The packets with priorities ranging from 0 to 1 will be put into the queue 0, the packets with priorities ranging from 2 to 3 will be put into the queue 1, so on and so forth.


3 Based on cos priority: The cos priorities cover the range from 0 to 7. The packets with priority 0 will be put into the queue 0, so on and so forth.

4 Based on local-precedence: The local-precedence priorities cover the range from 0 to 7. The packets with priority 0 will be put in the queue 0, so on and so forth.

You can configure the packet priority basis for the queue scheduling in accordance with the actual situation.

Example

Configure the queue scheduling based on dscp priority.

[SW7700]priority trust dscp

qos Syntax

qos

View


Parameter

None

Description

Use the qos command to enter QoS view and perform the QoS configuration.

NOTE: Switch 7700 I/O modules support different QoS functions. You can use ”?” to query the supported QoS configurations after entering different QoS views.

Example

Enter QoS view and query the QoS configuration supported by the interface card.

[SW7700-GigabitEthernet7/0/1]qos[SW7700-qosb-GigabitEthernet7/0/1]?Qosb view commands: display Display current system information line-rate Limit the rate of the outbound packets of the interface packet-filter Filter packets based on acl ping Ping function quit Exit from current command view reset Reset operation tracert Trace route function traffic-limit Limit the rate of the packets traffic-priority Specify new priority of the packets traffic-redirect Redirect the packets traffic-statistic Count the packets undo Cancel current setting


qos cos-local-precedence-

map

Syntaxqos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec

undo qos cos-local-precedence-map

View

System view

Parameter

cos0-map-local-prec: Specifies the mapping value of “COS 0->local-prec”, which ranges from 0 to 7.








Description

■ Use the qos cos-local-precedence-map command to configure “COS ->Local-precedence” map.

■ Use the undo qos cos-local-precedence-map command to restore its default value.

By default, the system provides the default “COS ->Local-precedence” mapping relationship.

Table 35 The default “COS ->Local-precedence” map

COS Local Precedence

2 0

0 1

1 2

3 3


If needed, you can change “COS->Local-precedence” map using the command.

Example

Configure “COS->Local-precedence” map.

[SW7700]qos cos-local-precedence-map 0 1 2 3 4 5 6 7

After the configuration, the “COS->Local-precedence” map is shown in Table 1-6.

reset traffic-statistic Syntax for 48-port 10/100BASE-T Auto-sensing FE, 8-port 1000BASE-X GE, 8-port 10/100/1000BASE-T GE, and 24-port 100BASE-FX MMF FE Modulesreset traffic-statistic { inbound | outbound } { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }

Syntax for 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK Modulesreset traffic-statistic inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* }

Activating both IP ACL and link ACL is supported by 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK modules. However, the sum of the bytes number defined by the IP ACL the link ACL cannot exceed 32 bytes.

View

QoS view

Parameters

ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL. acl-number: Specifies the ACL sequence number, ranging from

4 4

5 5

6 6

7 7

Table 36 “COS->Local-precedence” map

COS Local Precedence

0 0

1 1

2 2

3 3

4 4

5 5

6 6

7 7

Table 35 The default “COS ->Local-precedence” map


2000 to 3999. acl-name: Specifies the ACL name with a character string starting with English letters ([a-z, A-Z]) and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number: Specifies the ACL sequence number, ranging from 5000 to 5999, acl-name: Specifies the ACL name with a character string starting with English letters ([a-z, A-Z]) and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

user-group { acl-number | acl-name }: activate the user-defined ACL. acl-number specifies the ACL number, ranging from 5000 to 5999. acl-name specifies the ACL name with a character string that starts with a to z or A to Z, excluding spaces and quotation marks.

Description

Use the reset traffic-statistic command to reset the traffic statistics information.

Example

Clear the statistics information about ACL 2000.

[SW7700-Ethernet1/0/1]reset traffic-statistic ip-group 2000

traffic-bandwidth Syntaxtraffic-bandwidth outbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } min-guaranteed-bandwidth max-guaranteed-bandwidth weight

undo traffic-bandwidth outbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }

View

Ethernet port view

Parameter

outbound: specify the traffic sent by the Ethernet port.

ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL. acl-number: Specifies the ACL sequence number, ranging from 2000 to 3999. acl-name: Specifies the ACL name with a character string starting with

Table 37 Comparison of Statistics Information reset Commands

Command Function

reset acl counter Reset the statistics information of the ACL which is used in the case of filtering or classifying the data treated by the software of switch. The case includes: ACL cited by route policy function, ACL used for control logon user, etc. The ACL number ranges from 2000 to 3999.

reset traffic-statistic Reset statistic information of traffic. This command is used in the case of filtering or classifying the data transmitted by the hardware of switch. Commonly, this command is used to reset the statistics information of the traffic-statistic command.


English letters ([a-z, A-Z]) and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number: Specifies the ACL sequence number, ranging from 4000 to 4999, acl-name: Specifies the ACL name with a character string starting with English letters ([a-z, A-Z]) and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

min-guaranteed-bandwidth: Reserves the minimum bandwidth in the unit of Kbit/s, ranging from 0 to 8388608. The value must be multiple of 64kbit/s.

max-guaranteed-bandwidth: Sets the maximum bandwidth in the unit of Kbit/s, ranging from 0 to 8388608. The value must be multiple of 64kbit/s.

weight: Bandwidth weight, ranging from 1 to 100. The value indicates the percentage of bandwidth weight. The weight parameter is used for a case in which there are many traffic streams on one port. For example, if there are two traffic streams on one port, the minimum bandwidths are both set to 2M, the maximum bandwidths are both set to 8M, one stream weight is set to 40%, other is set to 80%, and the port bandwidth is 10M. So the port can’t satisfy the requirement of the total maximum bandwidth of 16M.

After assurance the minimum bandwidth of the two traffic streams, the port remains 6 M bandwidth. If the bandwidths demanded by the two traffic streams do not exceed the minimum bandwidth configured, the bandwidth of the two traffic streams are the actual bandwidth they demand. If the bandwidths demanded by the two traffic streams exceed the minimum bandwidth configured, the 6M bandwidth will distribute to the two traffic streams according the ratio of weight (40%:80%=1:2). Supposing the bandwidth of the first traffic demand is A, the bandwidth of the second traffic demand is B, then A=2M+ (10M-2*2M)*40%/(40%+80%)=4M, B=2M+ (10M-2*2M)*80%/(40%+80%)=6M.

The case that many traffic configured on the port: suppose there are N traffic streams on the port, the port bandwidth is Bp, the minimum bandwidth of i traffic streatm is Bimin, the maximum bandwidth of i traffic stream is Bimax, and weight is Wi. If the bandwidths demanded by the traffic streams exceed the minimum bandwidth configured and the sum of Bimax exceeds Bp, the actual bandwidth of i traffic stream Bi= Bimin+(Bp-)*Wi/.

Description

■ Use the traffic-bandwidth command to reserve QoS bandwidth.

■ Use the undo traffic-bandwidth command to cancel the reserved QoS bandwidth.

This command assures the specified traffic stream the minimum bandwidth and maximum bandwidth and configures a weight parameter.


Example

Set reserve minimum bandwidth 64k and maximum bandwidth 128k, weight is 20.

[SW7700-Ethernet3/0/1]traffic-bandwidth outbound ip-group 1 64 128 20

traffic-limit Syntax for 48-port 10/100BASE-T Auto-sensing FE, 8-port 1000BASE-X GE, 8-port 10/100/1000BASE-T GE, and 24-port 100BASE-FX MMF FE Modulestraffic-limit { inbound | outbound } { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } target-rate

undo traffic-limit { inbound | outbound } { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }

Syntax for 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, 1-port 10GBASE-R-XENPAK Modulestraffic-limit inbound { user-group { acl-number | acl-name } [ rule rule ] | ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* } target-rate [ exceed action ]

undo traffic-limit inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* }

Activating both an IP ACL and a link ACL is supported by 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, 1-port 10GBASE-R-XENPAK modules. However, the sum of the bytes number defined by the IP ACL and the link ACL cannot exceed 32 bytes.

View

QoS view

Parameter

inbound: specify the traffic received by the Ethernet port.


ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL. acl-number specifies the ACL sequence number, ranging from 2000 to 3999. acl-name specifies the ACL name with a character string starting with English letters ([a-z, A-Z]) and excluding space and quotation mark. rule rule specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number specifies the ACL sequence number, ranging from 4000 to 4999, acl-name specifies the ACL name with a character string starting with English letters ([a-z, A-Z]) and excluding space and quotation mark. rule rule specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.


target-rate: Specifies the normal rate, range from 64 to 8388608, measured in kbps, and the value should be a multiple of 64k.

exceed action: (Optional) The action taken when the traffic exceeds the threshold. Only the 20-Port 10/100/1000BASE-T. and20-port 1000BASE-X-SFP modules support this parameter. The action can be:

■ drop: Drops the packets.

■ remark-dscp value: Sets a new DSCP value.

Description

■ Use the traffic-limit command to enable ACL traffic identification and perform limiting the rate of the traffic matching the specified ACL (whose action is permit).

■ Use the undo traffic-limit command to cancel the rate limit.

Example

Limit the rate of the traffic matching the ACL 2000 rules, whose action is permit. The normal traffic rate is set to 128kbps.

[SW7700-qoss-Ethernet3/0/1]traffic-limit inbound ip-group 2000 128

traffic-priority Syntax for 48-port 10/100BASE-T Auto-sensing FE, 8-port 1000BASE-X GE, 8-port 10/100/1000BASE-T GE, and 24-port 100BASE-FX MMF FE Modulestraffic-priority outbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } { { dscp dscp-value | ip-precedence pre-value } | local-precedence pre-value }*

undo traffic-priority outbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }

Syntax for 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, 1-port 10GBASE-R-XENPAK Modulestraffic-priority { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* } { { dscp dscp-value | ip-precedence pre-value | local-precedence pre-value | cos cos-value }

undo traffic-priority inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* }

Activating both an IP ACL and a link ACL is supported by 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, 1-port 10GBASE-R-XENPAK modules. However, the sum of the bytes number defined by the IP ACL and the link ACL cannot exceed 32 bytes.

View

QoS view


Parameter

inbound: Performs priority marking to the packets received by the interface. Only 20-Port 10/100/1000BASE-T and 20-Port 1000BASE-X-SFP I/O modules interface cards support this parameter.

outbound: Performs priority marking to the packets sent by the interface. 20-Port 10/100/1000BASE-T and 20-Port 1000BASE-X-SFP I/O modules do not support this parameter.

ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL. acl-number specifies the ACL sequence number, ranging from 2000 to 3999. acl-name specifies the ACL name with a character string starting of up to 32 English letters ([a-z, A-Z]), excluding spaces and quotation marks. rule rule specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all rules will be considered.

link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number specifies the ACL sequence number, ranging from 4000 to 4999, acl-name specifies the ACL name with a character string of up to 32 English letters ([a-z, A-Z]), excluding spaces and quotation marks. rule rule specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all rules will be considered.

user-group { acl-number | acl-name }: Activates the user-defined ACL. acl-number: Specifies the ACL number, ranging from 5000 to 5999. acl-name: Specifies the ACL name with a character string that starts with a to z or A to Z.

dscp dscp-value: Specifies DSCP preference, ranging from 0 to 63.

ip-precedence pre-value: Specifies IP preference. pre-value specifies the IP preference, ranging from 0 to 7.

local-precedence pre-value: Specifies the local preference, ranging from 0 to 7.

cos: Specifies the COS preference, ranging from 0 to 7.

Description

■ Use the traffic-priority command to activate an CL and tag the traffic priority (whose action is permit).

■ Use the undo traffic-priority command to cancel the traffic priority settings.

This command can mark three priorities (dscp/IP preference, and cos) for the packets. The switch can put the packets into egress queue according to the cos value (namely the 802.1p preference) or local preference. If both 802.1p preference and local preference are set, the switch will use the 802.1p preference first.

Related command: display qos-interfacee traffic-priority.


Example

Mark the priority for the packets that match the permit rules of ACL 2000. It sets the local preference to 0:

[SW7700-qoss-Ethernet3/0/1]traffic-priority outbound ip-group 2000 local-precedence 0

traffic-red Syntaxtraffic-red outbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } qstart qstop probability

undo traffic-red outbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }

View

Ethernet port view

Parameter


ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL. acl-number specifies the ACL sequence number, ranging from 2000 to 3999. acl-name specifies the ACL name with a character string starting with English letters ([a-z, A-Z]) and excluding space and quotation mark. rule rule specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number specifies the ACL sequence number, ranging from 4000 to 4999, acl-name specifies the ACL name with a character string starting with English letters ([a-z, A-Z]) and excluding space and quotation mark. rule rule specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

qstart: Start random discarding queue length, if the queue is shorter than the value, no packet will be dropped, ranging from 0 to 262128. The value must be multiple of 16kbit/s.

qstop: Specifies the upper limit to random dropping action. If the queue is longer than the value, all the packets arriving later will be dropped, ranging from 0 to 262128. The value must be multiple of 16kbit/s.

probability: Specifies the dropping probability between the qstart and qstop values, ranging from 0 to 100 (percent).

Description

■ Use the traffic-red command to configure RED parameters.

■ Use the undo traffic-red command to cancel the RED configuration.


Example

Set Start random discarding queue length 64k and Stop random discarding queue length 128k, Probability of discarding is 20.

[SW7700-Ethernet3/0/1]traffic-red outbound ip-group 1 64 128 20

traffic-redirect Syntax

traffic-redirect inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] } { cpu | interface { interface-name | interface-type interface-num } }

undo traffic-redirect inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }

View

QoS view

Parameter

inbound: Performs traffic redirection to the packets received by the interface.

ip-group { acl-number | acl-name } [ rule rule ]: the basic or advanced ACLs; acl-number is the sequence number of ACLs, ranging from 2000 to 3999; acl-number is the name of ACLs, character string, which must start with an letter (a-z or A-Z), and there should not be a space or quotation mark in it; rule rule specifies a subitem of an ACL, ranging from 0 to 127, it represents all the subitems of the ACL if not specified.

link-group { acl-number | acl-name } [ rule rule ]: The Layer 2 ACL; acl-number is the sequence number of an ACL, ranging from 4000 to 4999; acl-name is the name of an ACL, character string, which must start with an letter (a-z or A-Z), excluding spaces or quotation marks; rule rule specifies the subitem of an ACL, ranging from 0 to 127, it represents all the subitems of the ACL if not specified.

user-group { acl-number | acl-name } [ rule rule ]: activates the user-defined ACL; acl-number is the sequence number of an ACL, ranging from 5000 to 5999; acl-name is the name of an ACL, a character string, which must start with an letter (a-z or A-Z), excluding spaces or quotation marks; rule rule specifies the subitem of an ACL, ranging from 0 to 127, it represents all the subitems of the ACL if not specified.

cpu: Redirects to CPU.

interface { interface-name | interface-type interface-num }: Redirects the packets to the specified Ethernet interface, interface-type is the interface type which can be GigabitEthernet only; interface-num is the number of interface and represents a complete interface name together with interface-type; interface-name is equal to interface-type plus interface-num.


Description

Use the traffic-redirect command to activate an ACL and perform redirection (the command is only effective to permit rule). Use the undo traffic-redirect command, you can remove the redirection.

Related command: display qos-interface traffic-redirect

Only the 20-Port 10/100/1000BASE-T, 20-Port 1000BASE-X-SFP I/O, and 1-port 10GBASE-R-XENPAK I/O modules support the packet redirecting configuration.

Example

Perform redirection of the packets that match with the permit rule of ACL 2000. Redirect the packets to interface GigabitEthernet0/1.

[SW7700-qosb-GigabitEthernet7/0/1]traffic-redirect inbound ip-group 2000 interface gigabitethernet7/0/2

traffic-statistic Syntax for 48-port 10/100BASE-T Auto-sensing FE, 8-port 1000BASE-X GE, 8-port 10/100/1000BASE-T GE, and 24-port 100BASE-FX MMF FE I/O Modulestraffic-statistic { inbound | outbound } { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }

undo traffic-statistic { inbound | outbound } { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }

Syntax for 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, 1-port 10GBASE-R-XENPAK I/O Modulestraffic-statistic inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* }

undo traffic-statistic inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* }

Combined activating of IP ACL and link ACL is supported by 20-Port 10/100/1000BASE-T, 20-port 1000BASE-X-SFP, and 1-port 10GBASE-R-XENPAK I/O modules. But the sum of the bytes number defined by IP ACL and that defined by the link ACL can not exceed 32 bytes; otherwise the ACL can not be activated

View

QoS view

Parameter

inbound: specify the traffic received by the Ethernet port.


ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL. acl-number specifies the ACL sequence number, ranging from

Logon User’s ACL Control Command 363

2000-3999. acl-name specifies the ACL name with a character string starting with letters (a-z or A-Z]) and excluding spaces and quotation marks. rule rule specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number specifies the ACL sequence number, ranging from 4000 to 4999, acl-name specifies the ACL name with a character string starting with letters (a-z or A-Z) and excluding space and quotation mark. rule rule specifies a rule of an ACL, ranging from 0 to 127. If you do not set this parameter, all the rules will be considered.

user-group { acl-number | acl-name }: activate the user-defined ACL. acl-number Specifies the ACL number, ranging from 5000 to 5999. acl-name Specifies the ACL name with a character string starting with letters (a to z or A to Z), excluding spaces and quotation marks.

Description

■ Use the traffic-statistic command to activate the ACL to recognize and count the traffic (whose action is permit).

■ Use the undo traffic-statistic command to cancel the traffic statistics.

The statistics information of traffic-statistic command includes the matched times of the transmitted data by switch. User can use display traffic-statistic command to display the statistics information.

Related command: display qos-interface traffic-statistic.

Example

Count the packets matching the ACL 2000 rules with action permit.

[SW7700-qoss-Ethernet3/0/1]traffic-statistic inbound ip-group 2000

Logon User’s ACL Control Command

This section describes how to use the Logon user’s ACL control commands on your Switch 7700.

acl Syntaxacl acl-number { inbound | outbound }

undo acl { inbound | outbound }

View

User-interface view

Parameter

acl-number: Specifies a basic ACL with a number in the range of 2000 to 2999.

inbound: Perform ACL control over the users that telnet to the local switch.

outbound: Perform ACL control over the users that telnet to other switches from the local switch.


Description

Use the acl command to call an ACL and perform ACL control over the TELNET users.

This command calls numbered basic ACL only.

Example

Performs ACL control over the users that telnet to the local switch. (ACL 2000 has been defined.)

[SW7700]user-interface vty 0 4[SW7700-user-interface-vty0-4]acl 2000 inbound

snmp-agent community Syntaxsnmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number ]

undo snmp-agent community community-name

View

System view

Parameter

community-name: Community name character string.

mib-view view-name: MIB view name.

read: Indicate that MIB object can only be read.

write: Indicate that MIB object can be read and written.

acl acl-number: the number of basic ACL, ranging from 2000 to 2999.

Description

■ Use the snmp-agent community command to configure the community name, and perform the ACL control over the network management user through the parameter acl acl-number.

■ Use the undo snmp-agent community command to cancel the configuration of community name.

Example

Configures MyCompany as the community name, allows read-only access to the switch by the name, meanwhile, performs the ACL control to the network management user by ACL 2000. (ACL 2000 has been defined.)

[SW7700]snmp-agent read community MyCompany acl 2000

snmp-agent group Syntaxsnmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group { v1 | v2c } group-name


snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group v3 group-name [ authentication | privacy ]

View

System view

Parameter

v1: Configure to use V1 safe mode.

v2c: Configure to use V2c safe mode.


groupname: Group name, ranging from 1 to 32 bytes.

auth: If this parameter is added to configuration command, the system will authenticate but not encrypt SNMP data packets.

privacy-mod: Configure to authenticate and encrypt the SNMP data packets. This parameter is supported only in the extended version of the software.

read-view: Configures to allow read-only view settings.

readview: Read-only view name, ranging from 1 to 32 bytes.

write-view: Configure to allow read-write view settings.

writeview: Name of read-write view, ranging from 1 to 32 bytes.

notify-view: Configure to allow notify view settings.

notifyview: Specify the notify view name, ranging from 1 to 32 bytes.

acl acl-number: Specify the number of a basic ACL, ranging from 2000 to 2999

priv-password: Specify the password for authentication and encryption. This parameter is supported only in the extended version of the software.

Description

■ Use the snmp-agent group command to configure a new SNMP group, and perform the ACL control to the group through the parameter acl acl-number.

■ Use the undo snmp-agent group command to cancel the SNMP group.

Example

Creates a new SNMP group: MyCompany, and perform the ACL control to the group through ACL 2001. (ACL 2001 has been defined.)

[SW7700]snmp-agent group v1 MyCompany acl 2001


snmp-agent usm-user Syntaxsnmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

undo snmp-agent usm-user { v1 | v2c } user-name group-name

snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }

View

System view

Parameter

username: Specify the user name, ranging from 1 to 32 bytes.

groupname: Specify the group name corresponding to that user, a character string at the length ranging from 1 to 32 bytes.


v2c: Configure to use V2c safe mode.


authentication-mode: Specify the safety level as authentication required.

md5: Specify the authentication protocol HMAC-MD5-96.

sha: Specify the authentication protocol HMAC-SHA-96.

auth-password: Specify the authentication password with a character string, ranging from 1 to 64 bytes.

local: Local entity user.

engineid: Specify the related engine ID of the user.

acl acl-number: the number of a basic ACL, ranging from 2000 to 2999.

Description

■ Use the snmp-agent usm-user command to add a new user to an SNMP group, and perform the ACL control to the user through the parameter acl acl-number.

■ Use the undo snmp-agent usm-user command to cancel a user from corresponding SNMP group,meanwhile delete the configuration of the user’s ACL control.


Example

Add a user John for MyGroup (an SNMP group), configure to authenticate with HMAC-MD5-96 and set authentication password as hello, meanwhile perform the ACL control to the user through ACL 2000 (ACL 2000 has been defined).

[SW7700]snmp-agent usm-user v3 John MyGroup authentication-mode md5 hello acl 2000


8
USING STP COMMANDS

MSTP Configuration Commands

■ active region-configuration

■ check region-configuration

■ display stp

■ display stp region-configuration

■ instance

■ region-name

■ reset stp

■ revision-level

■ stp

■ stp bpdu-protection

■ stp bridge-diameter

■ stp edged-port

■ stp instance cost

■ stp instance port priority

■ stp instance root primary

■ stp instance root secondary

■ stp interface

■ stp interface edged-port

■ stp interface instance cost

■ stp interface instance port priority

■ stp interface loop-protection

■ stp interface mcheck

■ stp interface point-to-point

■ stp interface root-protection

■ stp interface transit-limit

■ stp loop-protection

■ stp max-hops

■ stp mcheck

■ stp mode

370 CHAPTER 8: USING STP COMMANDS

■ stp pathcost-standard

■ stp point-to-point

■ stp priority

■ stp region-configuration

■ stp root-protection

■ stp tc-protection

■ stp timer forward-delay

■ stp timer hello

■ stp timer max-age

■ stp transit-limit

■ vlan-mapping modulo

MSTP Configuration Commands

This section describes how to use the Multiple Spanning Tree Protocol (MSTP) configuration commands on your Switch 7700.

Cisco products adopt a private key to encrypt the configuration digest of MSTP, therefore the link between Cisco products and the Switch 7700 defaults to RSTP.

active region-configuration

Syntaxactive region-configuration

View

MST region view

Parameter

None

Description

Use the active region-configuration command to activate the configurations of MST region.

This command is used for manually activate the configurations of MST region. Configuring the related parameters, especially the VLAN mapping table, of the MST region, will lead to the recalculation of spanning tree and network topology flapping. To bate such flapping, MSTP applies the configured parameters and launches recalculation of the spanning tree only when you activate the configured MST region parameters or enable MSTP.

After you have entered this command, MSTP will apply the MST region parameters that you configured to the system and recalculate the spanning tree.

Related commands: instance, region-name, revision-level, vlan-mapping modulo, check region-configuration.

Example

Manually activate MST region configurations.

[SW7700-mst-region] active region-configuration


check region-configuration

Syntaxcheck region-configuration

View

MST region view

Parameter

None

Description

Use the check region-configuration command to view the configuration information (including switch region name, revision level, and VLAN mapping table) that is to be activated.

MSTP defines that the user must ensure the correct region configurations, especially the VLAN mapping table configuration. The switches can be configured in the same region only if their region names, VLAN mapping tables, and MSTP revision levels are configured exactly the same. The switch may not be configured in the expected region due to any slight deviation. You can use this command to display the MST region configuration information to be activated to know to which MST regions the switch belongs and check if the MST region configurations are correct.

Related commands: instance, region-name, revision-level, vlan-mapping modulo, active region-configuration.

Example

Display the configuration information about the region.

[SW7700-mst-region] check region-configuration Admin. Configuration: Format selector :0 Region name :00b010000001 Revision level :0

Instance Vlans Mapped 0 1 to 9, 11 to 4094 16 10

display stp Syntaxdisplay stp [ instance instance-id ] [ interface interface-list ] [ brief ][slot slot-number ]

View

All views

Table 38 The display Information

Field Description

Format selector

Region name Region name of MST region

Revision level MSTP revision level of MST region

Instance Vlans Mapped VLAN mapping table of MST region


Parameter

instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16.

interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface _list = { { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type, interface_num and interface_name parameters, refer to the corresponding descriptions in “Using Port Commands” on page 49. &<1-10> means that the preceding parameters can be entered up to 10 times.

brief: Configure to display the state and protection type of the port only, instead of any other information.

slot: Displays spanning tree information for the ports in the specified slot.

Description

Use the display stp command to view the state information and statistics information of the spanning tree.

The MSTP state and statistics information can help analyze and maintain the network topology and maintain the normal operation of MSTP.

If no STI ID or port list is specified, the command will display the spanning tree information of all the instances on all the ports in port number order. If the instance ID is specified, the command will display the spanning tree information of the specified instance on all the port in port number order. If only the port list is specified, the command will display the information about all the STIs on the port in port number order. If both the STI ID and port list are specified, the command will displays the spanning tree information of the specified instance on the specified port in instance ID order.

MSTP state information include:

1 Global CIST parameter: Protocol operation mode, switch priority in the CIST instance, MAC address, Hello Time, Max Age, Forward Delay, Max Hops, CIST common root, external path cost of the switch to the CIST common root, region root, internal path cost of the switch to the CIST common root, CIST root port of the switch, and whether to enable BPDU protection.

2 CIST port parameter: Port state, role, priority, path cost, designated bridge, designated port, edge port/non-edge port, whether connected to the point-to-point link, port transit limit, whether to enable Root protection, whether being a region edge port, Hello Time, Max Age, Forward Delay, Message-age time, and Remaining-hops.

3 Global MSTIs parameter: MSTI instance ID, bridge priority of the instance, region root, internal path cost, MSTI root port, and MASTER bridge.

4 MSTIs port parameter: Port state, role, priority, path cost, designated bridge, and Remaining Hops.

Statistics information: Count of TCN, CONFIG BPDU, RST, and MST BPDU transmitted/received via the port.

Related command: reset stp.


Example

Display the state and statistics information about the spanning tree.

<SW7700<> display stp instance 0 interface ethernet5/0/1 yp ryjrtmry5/0/10 brief MSTID Port Role STP State Protection 0 Ethernet0/1 DESI FORWARDING none 0 Ethernet0/2 DESI FORWARDING none 0 Ethernet0/3 DESI FORWARDING none 0 Ethernet0/4 DESI FORWARDING none 0 Ethernet0/5 DESI FORWARDING none 0 Ethernet0/6 DESI FORWARDING none 0 Ethernet0/7 DESI FORWARDING none 0 Ethernet0/8 DESI FORWARDING none 0 Ethernet0/9 DESI FORWARDING none 0 Ethernet0/10 DESI FORWARDING none

The above information indicates that the MSTIDs of the Ethernet5/0/1 through Ethernet5/0/10 are all 0, that is, all these ports belong to CIST.

display stp region-configuration

Syntaxdisplay stp region-configuration

View

All views

Parameter

None

Description

Use the display stp region-configuration command to view the effective MST region configurations .

MST region configuration information includes: format selector, region name, region revision level, and associations between VLANs and STIs. All these configurations together determine to which MST region a switch belongs.

Related command: stp region-configuration.

Example

Display the MST region configuration information.

<SW7700>display stp region-configurationOper. Configuration: Format selector :0


Field Description

MSTID MST instance ID of the port

Port Port number

STP State STP State of the port, which can be up or down.

Protection Protection of the port, which can be protected or none


Region name :3Com Revision level :0

Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20

instance Syntaxinstance instance-id [ vlan vlan-list ]

undo instance instance-id [ vlan vlan-list ]

View

MST region view

Parameter

instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16.

vlan-list: Specifies the VLAN list, ranging from 1 to 4094.

Description

■ Use the instance command to map the specified VLAN list to the specified STI.

■ Use the undo instance command to cancel the specified VLAN list from the specified STI, the removed VLAN will then be mapped to the CIST (that is, the Instance 0). If no VLAN is specified in the undo command, all the VLANs associated with the specified STI will be mapped to CIST.

By default, all the VLANs are mapped to CIST, that is, the Instance 0.

MSTP describes the association between VLANs and STIs with the VLAN mapping table. You can use this command to configure this table. Every VLAN can be mapped to an STI as per your configuration.

A VLAN cannot be mapped to different instances at the same time. The latter configured association will replace the former one.

Related commands: region-name, revision-level, check region-configuration, vlan-mapping modulo, active region-configuration.

Example

Map VLAN 2 to STI 1.

[SW7700-mst-region] instance 1 vlan 2


Field Description

Format selector

Region name Region name of MST region

Revision level MSTP revision level of MST region

Instance Vlans Mapped VLAN mapping table of MST region


region-name Syntaxregion-name name

undo region-name

View

MST region view

Parameter

name: Specifies the MST region name of the switch with a character string not exceeding 32 bytes.

Description

■ Use the region-name command to configure the MST region name of a switch.

■ Use the undo region-name command to restore the default MST region name.

By default, the MST region name of the switch is the first MAC address in hexadecimal notation.

The switch region name, together with VLAN mapping table of the MST region and MSTP revision level, is used for determining the region to which the switch belongs.

Related commands: instance, revision-level, check region-configuration, vlan-mapping modulo, active region-configuration.

Example

Set the MST region name of the switch as 3Com.

[SW7700-mst-region] region-name 3Com

reset stp Syntaxreset stp [ interface interface-list ]

View

User view

Parameter


Description

Use the reset stp command to reset the spanning tree statistics information.


The spanning tree statistics information includes TCN, Config BPDU, RST, and MST BPDU, received and transmitted on the port. Among them, STP BPDU and TCN BPDU are counted on CIST.

When the spanning tree ID and port list are specified, the command clears the statistics information of the specified spanning tree on the specified port. If no port is specified, the command clears the statistics information of the specified spanning tree on all the ports. If no spanning tree is specified, the command clears the statistics information of all the spanning trees.

Related command: display stp.

Example

Clear the statistics information on the ports from Ethernet5/0/1 through Ethernet5/0/3.

<SW7700>reset stp interface Ethernet5/0/1 to Ethernet5/0/3

revision-level Syntaxrevision-level level

undo revision-level

View

MST region view

Parameter

level: Specifies the MSTP revision level, ranging from 0 to 65535. By default, MSTP revision level takes 0.

Description

■ Use the revision-level command to configure MSTP revision level of the switch.

■ Use the undo revision-level command to restore the default revision-level.

MSTP revision level, together with region name and VLAN mapping table, is used to determine the MST region to which the switch belongs.

Related commands: instance, region-name, check region-configuration, vlan-mapping modulo and active region-configuration.

Example

Set the MSTP revision level of the switch MST region to 5.

[SW7700-mst-region] revision-level 5

stp Syntaxstp { enable | disable }

undo stp


View

System view, Ethernet port view

Parameter

enable: Enables global or port MSTP or STP.

disable: Disables global or port MSTP or STP.

Description

■ Use the stp command to enable or disable MSTP on a device or a port.

■ Use the undo stp command to restore the default MSTP state on a device or a port.

By default, MSTP is disabled on the switch.

After MSTP is enabled, the switch determines to run MSTP in STP-compatible mode or MSTP mode per your configurations. The switch serves as a transparent bridge after MSTP is disabled.

After MSTP is enabled, it will dynamically maintain the spanning tree state of the corresponding VLAN according to the received configuration BPDU until it is disabled.

Related commands: stp mode, stp interface.

Example

Enable MSTP globally.

[SW7700]stp enable

Disable MSTP on Ethernet5/0/1.

[SW7700-Ethernet5/0/1]stp disable

stp bpdu-protection Syntaxstp bpdu-protection

undo stp bpdu-protection

View

System view

Parameter

None

Description

■ Use the stp bpdu-protection command to enable the BPDU protection on the switch.

■ Use the undo stp bpdu-protection command to restore the default state of BPDU protection.

By default, BPDU protection is disabled.


Generally, the access ports of the access layer devices are directly connected to user terminals (such as a PC) or file servers. In this case, the access ports are set to edge ports to implement a fast state transition. However, when such access ports receive configuration BPDU, the system automatically sets them to non-edge ports and recalculates the spanning tree, which makes the network topology flap. These ports do not receive any STP configuration BPDU in normal cases. If someone maliciously attacks the switch with fake configuration BPDU, the network will flap.

MSTP provides BPDU protection function to avoid an attack. After being configured with BPDU protection, the switch disables the edge port through MSTP, which receives a BPDU, and notifies the network manager at the same time. These ports can be reenabled by the network manager only.

Example

Enable BPDU protection on the switch.

[SW7700]stp bpdu-protection

stp bridge-diameter Syntaxstp bridge-diameter bridgenum

undo stp bridge-diameter

View

System view

Parameter

bridgenum: Ranges from 2 to 7 and defaults to 7.

Description

■ Use the stp bridge-diameter command to configure the switching network diameter.

■ Use the undo stp bridge-diameter command to restore the default network diameter.

The network diameter refers to the maximum count of switches on the path between any two terminal devices.

The stp bridge-diameter command configures the switching network diameter and determines the three MSTP time parameters hello time, forward delay, and max age. This configuration takes effect on CIST only but makes no change for MSTI.

The spanning tree convergence can be speeded up, when Hello Time, Forward Delay, and Max Age are well configured. These parameters are related to the network scale.

You can configure the network scale to get the time parameters. Upon the user-configured bridge-diameter parameter, MSTP will automatically set Hello Time, Forward Delay, and Max Age to moderate values. When bridge-diameter defaults to 7, the time parameters also take their respective default values.


Related commands: stp timer forward-delay, stp timer hello, stp timer max-age.

Example

Set the diameter of the switching network to 5.

[SW7700]stp bridge-diameter 5

stp edged-port Syntaxstp edged-port { enable | disable }

undo stp edged-port

View

Ethernet port view

Parameter

enable: Configure the current port as an edge port.

disable: Configure the current port as a non-edge port.

Description

■ Use the stp edged-port enable command to configure the current Ethernet port as an edge port.

■ Use the stp edged-port disable command to configure the current Ethernet port as a non-edge port.

■ Use the undo stp edged-port command to restore the default state, that is, non-edge port.

By default, all the switch ports are configured as non-edge port.

If the current Ethernet port is connected to other switch, you can use the stp edged-port disable or no stp edged-port command to configure it as a non-edge port. The stp edged-port enable command is used for configuring the port as an edge port.

A port is considered as an edge port when it is directly connected to the user terminal, instead of any other switches or shared network segments. The edge port will not cause loop upon network topology changes. You can configure a port as an edge port, so that it can transit to forwarding state fast. For this purpose, please configure the Ethernet port directly connected to the user terminal as an edge port.

Because the edge port is not connected to any other switches, it will not receive the configuration BPDUs from them. Before BPDU PROTECTION is enabled on the switch, the port received a BPDU runs as a non-edge port, even if it is configured as edge port.

Related command: stp interface edged-port.

Example

Configure Ethernet5/0/1 as an edge port.


[SW7700-Ethernet5/0/1]stp edged-port enable

stp instance cost Syntaxstp instance instance-id cost cost

undo stp instance instance-id cost

View

Ethernet port view

Parameter

instance instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16. The Instance 0 represents CIST.

cost cost: Specifies the port path cost, ranging from 1 to 200000.

Description

■ Use the stp instance cost command to configure the port path cost on the specified STI for the current port.

■ Use the undo stp instance cost command to restore the path cost on the specified STI.

By default, the path costs of a port on different STIs take the values associated with the port speeds. For more description, refer to the table offered in the configuration guideline of the stp interface instance cost command.

You may specify the instance-id parameter as 0 to configure CIST path cost of the port. The path cost has effect on the port role selection. A port can be configured with different path costs on different MSTIs. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing. MSTP will recalculate the port role and transit its state, upon the port path cost changes.

Related commands: stp interface instance cost.

Example

Set the path cost of Ethernet5/0/3 on STI 2 to 200.

[SW7700-Ethernet5/0/3]stp instance 2 cost 200

stp instance port priority Syntaxstp instance instance-id port priority priority

undo stp instance instance-id port priority

View

Ethernet port view

Parameter



port priority priority: Specifies the port priority, ranging from 0 to 240, with a step length of 16, e.g., 0, 16, and 32. By default, the priorities of a port on the STIs are 128.

Description

■ Use the stp instance port priority command to configure the priority of a port on a specified STI.

■ Use the undo stp instance port priority command to restore the default priority of the port on the specified STI.

You may specify the instance-id parameter as 0 to configure CIST priority of the port. The port priority has effect on the port role selection. A port can be configured with different priorities on different MSTIs. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing. MSTP will recalculate the port role and transit its state, upon the port priority changes.

Related command: stp interface instance port priority.

Example

Set the priority of Ethernet5/0/3 on STI 2 to 16.

[SW7700-Ethernet5/0/3]stp instance 2 port priority 16

stp instance root primary

Syntaxstp instance instance-id root primary [ bridge-diameter bridgenum [ hello-time centi-senconds ] ]

undo stp instance instance-id root

View

System view

Parameter

instance instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16. Specify it as 0 to configure the root bridge of CIST.

root primary: Configure the current switch as the primary root of the designated STI.

bridge-diameter bridgenum: Specify the network diameter of the spanning tree, ranging from 2 to 7.

hello-time centi-seconds: Specifies the Hello Time of the spanning tree, ranging from 100 to 1000 and measured in centiseconds.

Description

■ Use the stp instance root primary command to configure the current switch as the primary root of the designated STI.

■ Use the undo stp instance root command to cancel the current switch for the primary root of the designated STI.


By default, the switch does not server as a root bridge.

You can configure a root bridge for every STI without concerning the switch priority. When configuring the root bridge, you may also specify the network diameter of the designated switching network, so that the switch will calculate and get three time parameter values (Hello time, Forward Delay and Max Age). The Hello time got in this way may not be as good as expected. You can specify the hello-time centi-seconds parameter to overwrite it. Normally, you are recommended to set the network diameter to get the other two time parameter of the switch accordingly.

CAUTION: In a switching network, you can configure only one root bridge for each STI and one or more secondary switches. Do not configure more than one root bridge for an STI at the same time, otherwise, the calculation result will be unpredictable.

After a switch is configured as primary root switch or secondary root switch, you cannot modify the bridge priority of the switch.

Example

Designate the current switch as the root bridge of STI 1 and specifies the diameter of the switching network as 4 and the Hello Time as 500 centiseconds:

[SW7700]stp instance 1 root primary bridge-diameter 4 hello-time 500

stp instance root secondary

Syntaxstp instance instance-id root secondary [ bridge-diameter bridgenum [ hello-time centi-seconds ] ]undo stp instance instance-id root

View

System view

Parameter

instance instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16. Specify it as 0 to configure CIST.

root secondary: Configure the current switch as the secondary root of the designated STI.

bridge-diameter bridgenum: Specify the network diameter of the spanning tree, ranging from 2 to 7.

hello-time centi-seconds: Specify the Hello Time of the spanning tree, ranging from 100 to 1000 and measured in centiseconds.

Description

■ Use the stp instance root secondary command to configure the current switch as the secondary root bridge of a specified STI.

■ Use the undo stp instance root command to cancel the current switch for the secondary root bridge of a specified STI.

By default, the switch does not server as a secondary root bridge.


You can configure one or more secondary root bridges in an STI. If the primary root is down or powered off, the secondary root will take its place. Among several secondary root bridges, the one with the smallest MAC address takes the place of the failed primary root.

When configuring the secondary root bridge, you may also specify the switching network diameter and the Hello Time of the switch, so that the other two parameters, Forward Delay and Max Age, of the switch can be determined.

After a switch is configured as primary root switch or secondary root switch, you cannot modify the bridge priority of the switch.

Example

Configure the current switch as the secondary root bridge of STI 4 and specify the diameter of the switching network as 5 and the Hello Time of the switch as 300 centiseconds.:

[SW7700]stp instance 4 root secondary bridge-diameter 5 hello-time 300

stp interface Syntaxstp interface interface-list { enable | disable }

View

System view

Parameter

interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface _list = { { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type, interface_num and interface_name parameters, refer to the corresponding descriptions in “Using Port Commands” on page 49 &<1-10> means that the preceding parameters can be entered up to 10 times.

enable: Enables MSTP on the port.

disable: Disables MSTP on the port.

Description

Use the stp interface command to enable/disable MSTP on a switch port in system view.

By default, if MSTP is enabled globally, it is enabled on every port; if MSTP is disabled globally, it is also disabled on every port.

When MSTP is disabled, the corresponding port stays in forwarding state and does not take part in any STI calculation.

A loop may be generated, if you disable MSTP on the port.

Related command: stp mode, stp.


Example

Enable MSTP on Ethernet5/0/1 in system view.

[SW7700]stp interface Ethernet5/0/1 enable

stp interface edged-port Syntaxstp interface interface-list edged-port {enable | disable }

undo stp interface interface-list edged-port

View

System view

Parameter


enable: Configure the current port as an edge port.

disable: Configure the current port as a non-edge port.

Description

■ Use the stp interface edged-port enable command to configure a port as an edge port in system view.

■ Use the stp interface edged-port disable command to configure a port as a non-edge port in system view.

■ Use the undo stp interface edged-port command to restore the non-edge port, as defaulted.

By default, all the switch ports are configured as non-edge port.

A port is considered as an edge port when it is directly connected to the user terminal, instead of any other switches or shared network segments. The edge port will not cause loop upon network topology changes. Accordingly, you can configure a port as an edge port, so that it can transit to forwarding state fast. For this purpose, please configure the Ethernet port directly connected to the user terminal as an edge port. If the current Ethernet port is connected to other switch, you can use the stp interface edged-port disable or no stp interface edged-port command to configure it as a non-edge port. The stp interface edged-port enable command is used for configuring the port as an edge port.

Because the edge port is not connected to any other switches, it will not receive the configuration BPDUs from them. Before BPDU PROTECTION is enabled on the switch, the port received a BPDU runs as a non-edge port, even if it is configured as edge port.

Related command: stp edged-port.


Example

Configure Ethernet5/0/3 as an edge port in system view.

[SW7700]stp interface Ethernet5/0/3 edged-port enable

stp interface instance cost

Syntaxstp interface interface-list instance instance-id cost cost

undo stp interface interface-list instance instance-id cost

View

System view

Parameter



cost cost: Specifies the path cost of the port, ranging from 1 to 200000.

Description

■ Use the stp interface instance cost command to configure the path cost of the specified port on the specified STI in system view.,.

■ Use the undo stp interface instance cost command to restore the path cost to default value.

By default, the path cost of the port on every STI is associated with the port speed. For details, refer to the table in the configuration guideline.

You may specify the instance-id parameter as 0 to configure CIST path cost of the port. The path cost has effect on the port role selection. A port can be configured with different path costs on different MSTIs. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing. MSTP will recalculate the port role and transit its state, upon the port path cost changes.

The default values of the path cost varies with the different port speeds, as described in the following table.

Table 41 Cost corresponding to the port speed

Link speedRecommended value

Recommended value range Value range

10Mbps 2,000 200- 20000 1-200000

100Mbps 200 20-2000 1-200000


Related command: stp instance cost.

Example

Set the path cost of Ethernet5/0/3 on STI 2 to 400 in system view:

[SW7700]stp interface Ethernet5/0/3 instance 2 cost 400

stp interface instance port priority

Syntaxstp interface interface-list instance instance-id port priority priority

undo stp interface interface-list instance instance-id port priority

View

System view

Parameter

interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface _list = { { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type, interface_num and interface_name parameters, refer to the corresponding descriptions in “Using Port Commands” on page 49 &<1-10> means that the preceding parameters can be entered up to 10 times.


port priority priority: Specifies the port priority, ranging from 0 to 240 with a step length of 16, for example, 0, 16 and 32. By default, the port has a priority of 128 on every STI.

Description

■ Use the stp interface instance port priority command to configure the priority of the specified port on the specified STI in system view.

■ Use the undo stp interface instance port priority command to restore the default priority.

You may specify the instance-id parameter as 0 to configure CIST priority of the port. The port priority has effect on the port role selection. A port can be configured with different priorities on different MSTIs. Thus the traffic from different VLANs can run over different physical links, thereby implementing the VLAN-based load-balancing. MSTP will recalculate the port role and transit its state, upon the port priority changes.

Related command: stp instance port priority.

1Gbps 20 2-200 1-200000

10G/s 2 2-20 1-200000

Above 10G/s 1 1-2 1-200000

Table 41 Cost corresponding to the port speed


Example

Set the priority of Ethernet5/0/3 on STI 2 to 16 in system view.

[SW7700]stp interface Ethernet5/0/3 instance 2 port priority 16

stp interface loop-protection

Syntaxstp interface interface-list loop-protectionundo stp interface interface-list loop-protection

View

System view

Parameter


Description

■ Use the stp interface loop-protection command to enable loop protection on the switch in system view.

■ Use the undo stp interface loop-protection command to restore the default loop protection state.

By default, loop protection is disabled.

Related command: stp loop-protection.

Example

Enable loop protection on the Ethernet5/0/1.

[SW7700]stp interface Ethernet5/0/1 loop-protection

stp interface mcheck Syntaxstp interface interface-list mcheck

View

System view

Parameter



Description

Use the stp interface mcheck command to perform an mcheck operation on the port in system view.

If a port of an MSTP switch on a switching network has ever been connected to an STP switch, the port will automatically transit to operate in STP-compatible mode. However, when the STP switch is removed, the port stays in STP-compatible mode and cannot automatically transit back to MSTP mode. In this case, you can perform the mcheck operation to transit the port to MSTP mode by force.

Related command: stp mcheck, stp mode.

Example

Set mcheck parameter of Ethernet5/0/3 in system view.

[SW7700]stp interface Ethernet5/0/3 mcheck

stp interface point-to-point

Syntaxstp interface interface-list point-to-point { force-true | force-false | auto }

undo stp interface interface-list point-to-point

View

System view

Parameter

interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as interface _list = { { interface_type interface_num | interface_name } [ to { interface_type interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type, interface_num and interface_name parameters, refer to the corresponding descriptions in the “Using Port Commands” on page 49. &<1-10> means that the preceding parameters can be entered up to 10 times.

force-true: Indicates the Ethernet port connected to a point-to-point link.

force-false: Indicates the Ethernet port not connected to a point-to-point link.

auto: Configure to automatically check if the link to the Ethernet port is a point-to-point link.

Description

■ Use the stp interface point-to-point command to configure a port (not) to be connected to a point-to-point link in system view.

■ Use the undo stp interface point-to-point command to restore the default state of the link to the Ethernet port.

By default, the parameter defaults to auto, that is, MSTP checks if the link to the Ethernet port is a point-to-point link.

The port not connected with the point-to-point link cannot transit fast.


The master ports of the link aggregation and the ports operating in full-duplex mode are connected to the point-to-point link. You are recommended to keep the default settings and let MSTP detect the link state automatically.

This configuration takes effect on the CIST and all the MSTIs. The settings of a port whether to connect the point-to-point link will be applied to all the STIs where the port belongs. Note that a temporary loop may be redistributed if you configure a port not physically connected with the point-to-point link as connected to such a link by force.

Related command: stp point-to-point.

Example

Configure Ethernet5/0/3 to be connected to the point-to-point link in system view.

[SW7700]stp interface Ethernet5/0/3 point-to-point force-true

stp interface root-protection

Syntaxstp interface interface-list root-protectionundo stp interface interface-list root-protection

View

System view

Parameter


Description

■ Use the stp interface root-protection command to enable Root protection on the switch in system view.

■ Use the undo stp interface root-protection command to restore the default Root protection state.

By default, Root protection is disabled.

In case of configuration error or malicious attack, the legal primary root may receive the BPDU with a higher priority and then loose its place, which causes network topology change errors. Due to the illegal change, the traffic supposed to travel over the high-speed link may be pulled to the low-speed link and congestion will occur on the network.

Root protection function is used against such problem. The port configured with Root protection only plays a role of designated port on every instance. Whenever such port receives a higher-priority BPDU, that is, it is about to turn into non-designated port, it will be set to listening state and not forward packets any more (as if the link to the port is disconnected). If the port has not received any


higher-priority BPDU for a certain period of time thereafter, it will resume the normal state.

Related command: stp root-protection.

Example

Enable Root protection on the Ethernet5/0/1.

[SW7700]stp interface Ethernet5/0/1root-protection

stp interface transit-limit Syntaxstp interface interface-list transit-limit packetnum

undo stp interface interface-list transit-limit

View

System view

Parameter


packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255 (expressed as a counter value without any units). By default, the transmission limit on every port is 3.

Description

■ Use the stp interface transit-limit command to configure an amount limit to the configuration BPDU transmitted via a port during the Hello Time in system view.

■ Use the undo stp interface transit-limit command to restore the default limit in system view.

The larger the value is, the more packets can be transmitted in a time unit, yet the more switch resources will be occupied. With a moderate value, the amount of the BPDUs transmitted during Hello Time via every port can be limited and MSTP will not occupy too many bandwidth resources when the network topology flaps.

Related command: stp transit-limit.

Example

Set a limit of 5 to the packets transmitted via Ethernet5/0/3 in system view.

[SW7700]stp interface Ethernet5/0/3 transit-limit 5

stp loop-protection Syntaxstp loop-protection


undo stp loop-protection

View

Ethernet port view

Parameter

None

Description

■ Use the stp loop-protection command to enable loop protection function.

■ Use the undo stp loop-protection command to restore the restore setting.

By default, the loop protection function is not enabled.

Example

Enable loop protection function in Ethernet5/0/1.

[SW7700-Ethernet5/0/1]stp loop-protection

stp max-hops Syntaxstp max-hops hop

undo stp max-hops

View

System view

Parameter

hop: Specifies the max hops, ranging from 1 to 40. By default, MST region Max Hops is 20.

Description

■ Use the stp max-hops command, you can configure the Max Hops of an MST region.

■ Use the undo stp max-hops command to restore the default Max Hops.

On CIST and MSTIs, the Max Hops configured on the region root determines the max switching network diameter supported by the local MST region. As the BPDU traveling from the spanning tree root, each time when it is forwarded by a switch, the max hops will be reduced by 1. The switch discards the configuration BPDU with 0 hops left, thereby limiting the network scale inside the region. If the current switch is a CIST root bridge or MSTI root bridge in an MST region, the Max Hops configured on it will be the network diameter of the spanning tree to limit its scale in the local MST region. The Max Hops configured on the root bridge in an MST region will be adopted by other switches in the same region.

Example

Set the Max Hops of an MST region to 35.

[SW7700]stp max-hops 35


stp mcheck Syntaxstp mcheck

View

Ethernet port view

Parameter

None

Description

Use the stp mcheck command to perform an mcheck on the current port.

If a port of an MSTP switch on a switching network has ever been connected to an STP switch, the port will automatically transit to operate in STP-compatible mode. However, when the STP switch is removed, the port stays in STP-compatible mode and cannot automatically transit back to MSTP mode. In this case, you can perform mCheck operation to transit the port to MSTP mode by force.

Related command: stp mode, stp interface mcheck.

Example

Set mcheck parameter for Ethernet5/0/1.

[SW7700-Ethernet5/0/1]stp mcheck

stp mode Syntaxstp mode { stp | mstp }

undo stp mode

View

System view

Parameter

stp: Configure the MSTP operation mode as STP-compatible.

mstp: Configure the MSTP operation mode as MSTP.

Description

■ Use the stp mode command to configure the MSTP operation mode of the switch.

■ Use the undo stp mode command to restore the default MSTP operation mode.

By default, switches work in MSTP mode

MSTP and RSTP are compatible and they can recognize the packets of each other. However, STP cannot recognize MSTP packets. To implement the compatibility, MSTP provides two operation modes, STP-compatible mode and MSTP mode. In STP-compatible mode, the switch sends STP BPDU packets via every port and serves as a region itself. In MSTP mode, the switch ports send MSTP BPDU packets


(when connected to the STP switch) and the switch provides multiple spanning tree function.

Related command: stp mcheck, stp, stp interface, stp interface mcheck.

Example

Set MSTP operation mode as STP-compatible.

[SW7700]stp mode stp

stp pathcost-standard Syntaxstp pathcost-standard { dot1d-1998 | dot1t }

undo stp pathcost-standard

View

System view

Parameter

dot1d-1998: Configures support for dot1d-1998 path cost standard.

dot1t: Configures support for dot1t path cost standard.

Description

■ Use the stp pathcost-standard command on a Switch 7700 that is directly connected to an older switch that supports only the dot1d-1998 path cost standard.

■ Use the undo stp pathcost-standard command to restore support for the default path cost standard.

By default, the switch uses the dot1t path cost standard.

Example

Configure the switch to support the dot1d-1998 path cost standard.

[SW7700] stp pathcost-standard dot1d-1998

stp point-to-point Syntaxstp point-to-point { force-true | force-false | auto }

undo stp point-to-point

View

Ethernet port view

Parameter

force-true: Indicates the Ethernet port connected to a point-to-point link.

force-false: Indicates the Ethernet port not connected to a point-to-point link.

auto: Configure to automatically check if the link to the Ethernet port is a point-to-point link.


Description

■ Use the stp point-to-point command to configure the current Ethernet port (not) to connect with point-to-point link.

■ Use the undo stp point-to-point command to configure the link state to the default state in which MSTP automatically detects if the link to the Ethernet port is point-to-point link.

By default, the switch adopts auto mode.

The port not connected with the point-to-point link cannot transit fast.

The master ports of the link aggregation and the ports operating in full-duplex mode are connected to the point-to-point link. You are recommended to keep the default settings and let MSTP detect the link state automatically.

This configuration takes effect on the CIST and all the MSTIs. The settings of a port whether to connect the point-to-point link will be applied to all the STIs where the port belongs. Note that a temporary loop may be redistributed if you configure a port not physically connected with the point-to-point link as connected to such a link by force.

Related command: stp interface point-to-point.

Example

Configure Ethernet5/0/3 to be connected to the point-to-point link.

[SW7700-Ethernet5/0/3]stp point-to-point force-true

stp priority Syntaxstp instance instance-id priority priorityundo stp instance instance-id priority

View

System view

Parameter

instance-id: Ranges from 0 to 16.

priority: Specifies the switch priority, ranging from 0 to 61440 with a step length of 4096. That is, 16 priorities are available for the switch including 0, 4096, 8192, etc. By default, the switch priority is 32768.

Description

■ Use the stp priority command to configure the bridge priority in the specified STI.

■ Use the undo stp priority command to restore the default value of bridge priority.

The switch priority takes part in the spanning tree calculation. It is configured separately for every STI. Different STIs can be configured with different priorities.

If specifying the instance ID as 0, the command can configure the CIST priority.


Example

Set the bridge priority of the switch in STI 1 to 4096.

[SW7700]stp instance 1 priority 4096

stp region-configuration Syntaxstp region-configuration

undo stp region-configuration

View

System view

Parameter

None

Description

■ Use the stp region-configuration command to enter MST region view.

■ Use the undo stp region-configuration command to restore the default MSTP region configurations.

By default, the three MST region parameters take the default values. The MST region name of the switch is the first MAC address, all the VLANs are mapped to CIST, and MSTP revision level takes 0.

You can enter MST region view, using the stp region-configuration command. And then you can configure the parameters including region name, revision level, and VLAN mapping table of the region.

Example

Enter MST region view.

[SW7700]stp region-configuration [SW7700-mst-region]

stp root-protection Syntaxstp root-protection

undo stp root-protection

View

Ethernet port view

Parameter

None

Description

■ Use the stp root-protection command to enable Root protection the switch.

■ Use the undo stp root-protection command to restore the default state of Root protection.


By default, Root protection is disabled.

In case of configuration error or malicious attack, the legal primary root may receive the BPDU with a higher priority and then loose its place, which causes network topology change errors. Due to the illegal change, the traffic supposed to travel over the high-speed link may be pulled to the low-speed link and congestion will occur on the network.

MSTP provides Root protection function to protect the root bridge: The port configured with Root protection only plays a role of designated port on every instance. Whenever such port receives a higher-priority BPDU, it will be set to listening state and not forward packets any more (as if the link to the port is disconnected). If the port has not received any higher-priority BPDU for a certain period of time thereafter, it will resume the normal state.

Related command: stp interface root-protection.

Example

Enable Root protection on the Ethernet5/0/1 port of the switch.

[SW7700-Ethernet5/0/1]stp root-protection

stp tc-protection Syntaxstp tc-protection { enable | disable }

undo stp tc-protection

View

System view

Parameter

enable: Implements protection for the switch from disruption by large numbers of topology change packets.

disable: Removes topology change protection

Description

■ Use the stp tc-protection command to allow the switch to implement large numbers of topology changes every 10 seconds.

■ Use the undo stp tc-protection command to allow the switch to implement topology changes as they arrive.

By default, topology change protection is enabled.

Example

Configure the switch to implement topology changes every 10 seconds.

[SW7700] stp tc-protection enable

stp timer forward-delay Syntaxstp timer forward-delay centi-seconds

undo stp timer forward-delay


View

System view

Parameter

centi-seconds: Specifies Forward Delay, ranging from 400 to 3000 and measured in centiseconds. By default, the Forward Delay of the switch is 1500 centiseconds.

Description

■ Use the stp timer forward-delay command to configure Forward Delay for the switch.

■ Use the undo stp timer forward-delay command to restore the default Forward Delay.

To avoid a temporary loop, MSTP defines a medium state, Learning, when the port switches from the Discarding state to Forwarding state. There is also a delay before state switchover to guarantee the synchronous switchover with the remote switch. The Forward Delay configured on the root bridge determines the state transition time.

The root bridge will determine the state transition time according to the configured values, while the other switches will apply the forward delay configured on it.

When configuring Hello time, Forward Delay and Max Age, please guarantee the following equations:

2 * (Forward Delay - 1.0 seconds) >= Max Age

Max Age >= 2 * (Hello Time + 1.0 seconds)

Only if the above-mentioned formulas are equal can the MSTP normally operate on the entire network, otherwise, the network may flap frequently. You are recommended to use the stp instance root primary command to specify the diameter of the switching network, so that MSTP can automatically calculate and give the moderate values for the time parameters.

Related commands: stp timer hello, stp timer max-age, stp bridge-diameter.

Example

Set the Forward Delay of the device to 2000 centiseconds.

[SW7700]stp timer forward-delay 2000

stp timer hello Syntaxstp timer hello centi-seconds

undo stp timer hello

View

System view


Parameter

centi-seconds: Specifies Hello Time value with an integer in the range of 100 to 1000 in units of centiseconds. By default, the Hello Time of the switch is 200 centiseconds.

Description

■ Use the stp timer hello command to configure Hello Time of the switch.

■ Use the undo stp timer hello command to restore the default Hello Time.

The STP defines to transmit configuration BPDU regularly at an interval specified with Hello Time to keep the spanning tree stable. If the switch receives no BPDU packets for a period of time, it will recalculate the spanning tree upon the BPDU timeouts. The root bridge transmits BPDU packets at an interval as you configured, while other switches apply the Hello Time configured on the root bridge.

When configuring Hello time, Forward Delay and Max Age, remember to guarantee the following equations:

2 * (Forward Delay -1.0 seconds) >= Max Age



Related commands: stp timer forward-delay, stp timer max-age, stp bridge-diameter.

ExampleSet Hello Time of the switch 300 centiseconds.

[SW7700]stp timer hello 300

stp timer max-age Syntaxstp timer max-age centi-seconds

undo stp timer max-age

View

System view

Parameter

centiseconds: Specifies the Max Age, ranging from 600 to 4000 and measured with centiseconds. By default, the Max Age of the switch is 2000 centiseconds.

Description

■ Use the stp timer max-age command to configure the Max Age of the switch.

■ Use the undo stp timer max-age command to restore the default Max Age.


MSTP can detect the link fault and automatically resume the forwarding state of the redundant link. On the CIST, the switch checks if the configuration BPDU received via the port expires according to the Max Age. If the BPDU expires, the STI has to be calculated again.

Max Age takes no effect on MSTIs. If the current switch is CIST root bridge, it will check if the configuration BPDU expires according to the configured Max Age. Otherwise, the switch adopts the Max Age configured on the CIST root bridge.

When you configure Hello time, Forward Delay and Max Age, ensure the following formulas equal:

2 * (Forward Delay -1.0 seconds) >= Max Age



Related commands: stp timer forward-delay, stp timer hello, stp bridge-diameter.

Example

Set Max Age of the device to 1000 centiseconds.

[SW7700]stp timer max-age 1000

stp transit-limit Syntaxstp transit-limit packetnum

undo stp transit-limit

View

Ethernet port view

Parameter

packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255 (expressed as a counter value without any units). By default, the value is 3.

Description

■ Use the stp transit-limit command to configure an amount limit to the configuration BPDU transmitted via a port during the Hello Time.

■ Use the undo stp transit-limit command to restore the default limit.

The larger the value is, the more packets can be transmitted in a time unit, yet the more switch resources will be occupied. With a moderate value, the amount of the BPDUs transmitted during Hello Time via every port can be limited and MSTP will not occupy too many bandwidth resources when the network topology flaps.

Related command: stp interface transit-limit.


Example

Set a limit of 5 to the packets transmitted via Ethernet5/0/1.

[SW7700-Ethernet5/0/1]stp transit-limit 5

vlan-mapping modulo Syntaxvlan-mapping modulo modulo

View

MST region view

Parameter

modulo: Specifies the modulus, ranging from 1 to 16.

Description

Use the vlan-mapping modulo command to map a VLAN list to an STI.

By default, all the VLANs are mapped to CIST, namely Instance 0.

MSTP describes the association between VLANs and STIs with the VLAN mapping table. You can use this command to configure this table. Every VLAN can be mapped to an STI as per your configuration.

A VLAN cannot be mapped to different MSTI at the same time. The latter configured association will replace the former one.

The vlan-mapping modulo modulo command designates VLAN for every STI fast. It maps the VLAN to an STI whose ID is (VLAN ID-1)%modulo+1. (Note: (VLAN ID-1) %modulo performs modulo operation on (VLAN ID-1). Taking the operation modulo 16 as an example, vlan 1 maps to MSTI 1, vlan 2 maps to MSTI2 ...vlan 16 maps to MSTI16, vlan 17 maps to MSTI 1, and so on.)

Related commands: region-name, revision-level, display configuration, active configuration.

Example

Map VLAN to STI modulo 16.

[SW7700-mst-region]vlan-mapping modulo 16

9
USING AAA AND RADIUS COMMANDS

802.1x Configuration Commands

■ display dot1x

■ dot1x

■ dot1x authentication-method

■ dot1x dhcp-launch

■ dot1x max-user

■ dot1x port-control

■ dot1x port-method

■ dot1x quiet-period

■ dot1x retry

■ dot1x supp-proxy-check

■ dot1x timer

■ dot1x timer handshake-period

■ reset dot1x statistics

AAA Configuration Commands

■ access-limit

■ attribute

■ cut connection

■ display connection

■ display domain

■ display local-user

■ domain

■ idle-cut

■ local-user

■ local-user password-display-mode

■ password

■ radius-scheme

■ service-type

■ state

402 CHAPTER 9: USING AAA AND RADIUS COMMANDS

RADIUS Protocol Configuration Commands

■ accounting optional

■ data-flow-format

■ display local-server statistics

■ display radius

■ display radius statistics

■ display stop-accounting-buffer

■ key

■ local-server

■ primary accounting

■ primary authentication

■ radius scheme

■ reset stop-accounting-buffer

■ retry

■ retry realtime-accounting

■ retry stop-accounting

■ secondary accounting

■ secondary authentication

■ server-type

■ state

■ stop-accounting-buffer enable

■ timer

■ timer realtime-accounting

■ user-name-format

802.1x Configuration Commands

This section describes how to use the 802.1x configuration commands on your Switch 7700.

display dot1x Syntaxdisplay dot1x [ sessions | statistics [ interface interface-list ]]

View

All views

Parameter

interface: Configures to display the 802.1x information on the specified interface.

sessions: Configures to display the session connection information of 802.1x.

statistics: Configures to display the relevant statistics information of 802.1x.

802.1x Configuration Commands 403

interface-list: Ethernet interface list including several Ethernet interfaces, expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single Ethernet interface in the format interface-num = { interface-type interface-num | interface-name }, where interface-type specifies the interface type, interface-num specifies the interface number and interface-name specifies the interface name. For the respective meanings and value ranges, read the Parameter of the “Using Port Commands” on page 49.

Description

Use the display dot1x command to view the relevant information of 802.1x, including configuration information, running state (session connection information) and relevant statistics information.

By default, all the relevant 802.1x information about each interface will be displayed.

This command can be used to display the following information on the specified interface: 802.1x configuration, state or statistics. If no port is specified when executing this command, the system will display all 802.1x related information. For example, 802.1x configuration of all ports, 802.1x session connection information, and 802.1x data statistical information. The output information of this command can help the user to verify the current 802.1x configurations so as to troubleshoot 802.1x.

Related commands: reset dot1x statistics, dot1x, dot1x retry, dot1x max-user, dot1x port-control, dot1x port-method, dot1x timer.

Example

Display the configuration information of 802.1x.

<SW7700>display dot1x Equipment 802.1X protocol is enabled DHCP-launch is disabled EAP-relay is enabled Proxy trap checker is disabled Proxy logoff checker is disabled

Configure: Transmit Period 000030 s, Commit Period 000015 s Quiet Period 000060 s, Quiet Period Timer is disabled Supp Timeout 000030 s, Server Timeout 000100 s The Max-Req 000003

Total maximum on-line user number is 4096

Total current on-line user number is 0


Ethernet1/0/1 is link-down 802.1X protocol is disabled Proxy trap checker is disabled Proxy logoff checker is disabled The port is a(n) authenticator Authenticate Mode is auto Port Control Type is Mac-based Max on-line user number is 1024

… (Omitted)

dot1x Syntaxdot1x [ interface interface-list ]

undo dot1x [ interface interface-list ]

View

System view

Ethernet port view

Parameter

interface interface-list: Ethernet port list including several Ethernet ports. interface-list = { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single Ethernet port in the format interface-num = { interface-type interface-num | interface-name }, where interface-type specifies the port type, interface-num specifies the port number and interface-name specifies the port name. For the respective meanings and value ranges, read the Parameter of the Port Configuration section.

Description

■ Use the dot1x command to enable 802.1x on the specified port or globally (i.e., on the current device).

■ Use the undo dot1x command to disable the 802.1x on the specified port or globally.

By default, 802.1x is disabled on all the ports and globally on the device.

This command is used to enable the 802.1x on the current device or on the specified port. When it is used in system view, if the parameter ports-list is not specified, 802.1x will be globally enabled. If the parameter ports-list is specified, 802.1x will be enabled on the specified port. When this command is used in Ethernet port view, the parameter interface-list cannot be input and 802.1x can only be enabled on the current port.

The configuration command can be used to configure the global or port 802.1x performance parameters before or after 802.1x is enabled. Before 802.1x is enabled globally, if the parameters are not configured globally or for a specified port, they will maintain the default values.

After the global 802.1x performance is enabled, only when port 802.1x performance is enabled will the configuration of 802.1x become effective on the port.


Related commands: display dot1x.

Example

Enable 802.1x on Ethernet 1/0/1.

[SW7700]dot1x interface ethernet 1/0/1

Enable the 802.1x globally.

[SW7700]dot1x

dot1x authentication-method

Syntaxdot1x authentication-method { chap | pap | eap md5-challenge }

undo dot1x authentication-method

View

System view

Parameter

Chap: Use CHAP authentication method.

Pap: Use PAP authentication method.

EAP: Use EAP authentication method. By now, only md5 encryption method is available

Description

■ Use the dot1x authentication-method command to configure the authentication method for 802.1x user.

■ Use the undo dot1x authentication-method command to restore the default authentication method of 802.1x user.

By default, CHAP authentication is used for 802.1x user authentication.

Password Authentication Protocol (PAP) is a kind of authentication protocol with two handshakes. It sends password in the form of simple text.

Challenge Handshake Authentication Protocol (CHAP) is a kind of authentication protocol with three handshakes. It only transmits username but not password. CHAP is more secure and reliable.

In the process of EAP authentication, switch directly sends authentication information of 802.1x user to RADIUS server in the form of EAP packet. It is not necessary to transfer the EAP packet to standard RADIUS packet first and then send it to RADIUS server.

To realize PAP, CHAP or EAP authentication, RADIUS server should support PAP, CHAP or EAP authentication respectively.

Related command: display dot1x.


Example

Configure 802.1x user to use PAP authentication

[SW7700]dot1x authentication-method pap

dot1x dhcp-launch Syntaxdot1x dhcp-launch

undo dot1x dhcp-launch

View

System view

Parameter

None

Description

■ Use the dot1x dhcp-launch command to configure whether 802.1x enables the Ethernet switch to launch the user ID authentication when the supplicant runs DHCP and applies for dynamic IP addresses.

■ Use the undo dot1x dhcp-launch command to disable DHCP to launch ID authentication on the supplicant.

By default, DHCP is not allowed launching user ID authentication.

If the supplicant is a Windows XP user, you should enable this command before performing 802.1x authentication.

Related command: dot1x.

Example

Enable to launch ID authentication for the supplicant when he runs DHCP and applies for dynamic IP addresses.

[SW7700]dot1x dhcp-launch

dot1x max-user Syntaxdot1x max-user user-number [ interface interface-list ]

undo dot1x max-user [ interface interface-list ]

View

System view

Ethernet port view

Parameter

user-number: Specifies the limit to the amount of supplicants on the port, ranging from 1 to 1024.

By default, the maximum user number is 1024.


interface interface-list: Ethernet interface list including several Ethernet interfaces, expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single Ethernet interface in the format interface-num = { interface-type interface-num | interface-name }, where interface-type specifies the interface type, interface-num specifies the interface number and interface-name specifies the interface name. For the respective meanings and value ranges, see the parameters in the Port Command chapter.

Description

■ Use the dot1x max-user command to configure a limit to the amount of supplicants on the specified interface of 802.1x.

■ Use the undo dot1x max-user command to restore the default value.

This command is used for setting a limit to the amount of supplicants that 802.1x can hold on the specified interface. This command has effect on the interface specified by the parameter interface-list when executed in system view. It has effect on all the interfaces when no interface is specified. The parameter interface-list cannot be input when the command is executed in Ethernet interface view and it has effect only on the current interface.


Example

Configure the interface Ethernet 1/0/2 to hold no more than 32 users.

[SW7700]dot1x max-user 32 interface ethernet 1/0/2

dot1x port-control Syntaxdot1x port-control { auto | authorized-force | unauthorized-force } [ interface interface-list ]

undo dot1x port-control [ interface interface-list ]

View

System view


Parameter

auto: Automatic identification mode, configuring the initial state of the interface as unauthorized. The user is only allowed to receive or transmit EAPoL packets but not to access the network resources. If the user passes the authentication flow, the interface will switch over to the authorized state and then the user is allowed to access the network resources. This is the most common case.

authorized-force: Forced authorized mode, configuring the interface to always stay in authorized state and the user is allowed to access the network resources without authentication/authorization.

unauthorized-force: Forced unauthorized mode, configuring the interface to always stay in non-authorized mode and the user is not allowed to access the network resources.


interface interface-list: Ethernet interface list including several Ethernet interfaces, expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single Ethernet interface in the format interface-num = { interface-type interface-num | interface-name }, where interface-type specifies the interface type, interface-num specifies the interface number and interface-name specifies the interface name. For the respective meanings and value ranges, see the parameters of the Port Command chapter.

Description

■ Use the dot1x port-control command to configure the mode for 802.1x to perform access control on the specified interface.

■ Use the undo dot1x port-control command to restore the default access control mode.

By default, the value is auto.

This command is used to set the mode, or the interface state, for 802.1x to perform access control on the specified interface. This command has effect on the interface specified by the parameter interface-list when executed in system view. It has effect on all the interfaces when no interface is specified. The parameter interface-list cannot be input when the command is executed in Ethernet port view and it has effect only on the current interface.


Example

Configure the interface Ethernet 1/0/2 to be in force-unauthorized state.

[SW7700]dot1x port-control force-unauthorized interface ethernet 1/0/2

dot1x port-method Syntaxdot1x port-method { macbased | portbased } [ interface interface-list ]

undo dot1x port-method [ interface interface-list ]

View

System view


Parameter

macbased: Configures the 802.1x authentication system to perform authentication on the supplicant based on MAC address.

portbased: Configures the 802.1x authentication system to perform authentication on the supplicant based on interface number.

interface interface-list: Ethernet interface list including several Ethernet interfaces, expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single Ethernet interface in


the format interface-num = { interface-type interface-num | interface-name }, where interface-type specifies the interface type, interface-num specifies the interface number and interface-name specifies the interface name. For the respective meanings and value ranges, see the parameters in the Port Command chapter.

Description

■ Use the dot1x port-method command to configure the base for 802.1x to perform access control on the specified interface.

■ Use the undo dot1x port-method command to restore the default access control base.

By default, the value is macbased.

This command is used to set the base for 802.1x to perform access control, namely authenticate the users, on the specified interface. When macbased is adopted, the user access this interface must be authenticated independently, and if one successful authentication user is to finish network service, the other accessed users can still use network service. When portbased is adopted, if only the first access user by this interface can be authenticated successfully, the other access users followed can be considered authenticated successfully automatically, but if the first one finish the network service , the other accessed users’ network service will be rejected . .

This command has effect on the interface specified by the parameter interface-list when executed in system view. It has effect on all the interfaces when no interface is specified. The parameter interface-list cannot be input when the command is executed in Ethernet interface view and it has effect only on the current interface.


Example

Authenticate the supplicant based on the interface number on Ethernet 1/0/3.

[SW7700]dot1x port-method portbased interface ethernet 1/0/3

dot1x quiet-period Commanddot1x quiet-period

undo dot1x quiet-period

View

System view

Parameter

None

Description

■ Use the dot1x quiet-period command to enable the quiet-period timer.

■ Use the undo dot1x quiet-period command to disable this timer.


If an 802.1x user has not passed the authentication, the Authenticator will keep quiet for a while (which is specified by quiet-period timer) before launching the authentication again. During the quiet period, the Authenticator does not do anything related to 802.1x authentication.

Related command: display dot1x, dot1x timer.

Example

Enable quiet-period timer.

[SW7700]dot1x quiet-period

dot1x retry Syntaxdot1x retry max-retry-value

undo dot1x retry

View

System view

Parameter

max-retry-value: Specifies the maximum times an Ethernet switch can retransmit the authentication request frame to the supplicant, ranging from 1 to 10.

By default, the value is 3, that is, the switch can retransmit the authentication request frame to the supplicant for 3 times.

Description

■ Use the dot1x retry command to configure the maximum times an Ethernet switch can retransmit the authentication request frame to the supplicant.

■ Use the undo dot1x retry command to restore the default maximum retransmission time.

After the switch has transmitted authentication request frame to the user for the first time, if no user response is received during the specified time-range, the switch will re-transmit authentication request to the user. This command is used for specifying how many times the switch can re-transmit the authentication request frame to the supplicant. When the time is 1, the switch is configured to transmit authentication request frame only once. 2 indicates that the switch is configured to transmit authentication request frame once again when no response is received for the first time and so on. This command has effect on all the port after configuration.


Example

Configure the current device to transmit authentication request frame to the user for no more than 9 times.

[SW7700]dot1x retry 9


dot1x supp-proxy-check Syntaxdot1x supp-proxy-check { logoff | trap } [ interface interface-list ]

undo dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]

View

System view and Ethernet interface view

Parameter

logoff: Deny the logon of the access user via proxy.

trap: Allow logon of the user via proxy, but the switch will send trap message.

interface interface-list: Ethernet interface list including several Ethernet interfaces, expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single Ethernet interface in the format interface-num = { interface-type interface-num | interface-name }, where interface-type specifies the interface type, interface-num specifies the interface number and interface-name specifies the interface name. For the respective meanings and value ranges, see the parameters in the Port Command chapter.

Description

■ Use the dot1x supp-proxy-check command to configure the control method for 802.1x access users via proxy logon the specified interface.

■ Use the undo dot1x supp-proxy-check command to cancel the control method set for the 802.1x access users via proxy.

Note that when performing this function, the user logging on via proxy need to run 3Com 802.1x client program,( 3Com 802.1x client program version V1.29 or above is needed).

This command is used to set on the specified interface when executed in system view. The parameter interface-list cannot be input when the command is executed in Ethernet interface view and it has effect only on the current interface.


Example

Configure a switch not to allow the users using proxy to login to Ethernet 1/0/3.

[SW7700]dot1x supp-proxy-check logoff interface ethernet 1/0/3

Configure a switch to allow the users using proxy to login to Ethernet 1/0/3.

[SW7700]dot1x supp-proxy-check trap [SW7700]dot1x supp-proxy-check trap interface ethernet 1/0/3

or

[SW7700]dot1x supp-proxy-check trap [SW7700]interface Ethernet 1/0/3[SW7700-ethernet1/0/3]dot1x supp-proxy-check trap


dot1x timer Syntaxdot1x timer { quiet-period quiet-period-value | server-timeout server-timeout-value | supp-timeout supp-timeout-value | tx-period tx-period-value }

undo dot1x timer { quiet-period | server-timeout | supp-timeout | tx-period }

View

System view

Parameter

quiet-period: Specify the quiet timer. If an 802.1x user has not passed the authentication, the Authenticator will keep quiet for a while (which is specified by quiet-period timer) before launching the authentication again. During the quiet period, the Authenticator does not do anything related to 802.1x authentication.

quiet-period-value: Specify how long the quiet period is. The value ranges from 10 to 120 in units of second and defaults to 60.

server-timeout: Specify the timeout timer of an Authentication Server. If an Authentication Server has not responded before the specified period expires, the Authenticator will resend the authentication request.

server-timeout-value: Specify how long the duration of a timeout timer of an Authentication Server is. The value ranges from 100 to 300 in units of second and defaults to 100 seconds.

supp-timeout: Specify the authentication timeout timer of a Supplicant. If a Supplicant has not responded before the specified period expires, Authenticator will resend the authentication request.

supp-timeout-value: Specify how long the duration of an authentication timeout timer of a Supplicant is. The value ranges from 10 to 120 in units of second and defaults to 30.

tx-period: Specify the transmission timeout timer. If a Supplicant has not responded before the specified period expires, Authenticator will resend the authentication request.

tx-period-value: Specify how long the duration of the transmission timeout timer is. The value ranges from 10 to 120 in units of second and defaults to 30.

Description

■ Use the dot1x timer command to configure the 802.1x timers.

■ Use the undo dot1x timer command to restore the default values.

When it is run, 802.1x enables many timers to control the rational and orderly interacting of the Supplicant, the Authenticator and the Authenticator Server. This command can set some of the timers (while other timers cannot be set) to adapt the interaction process. It could be necessary for some special and hard network environment. Generally, the user should keep the default values of the timers.



Example

Set the Authentication Server timeout timer is 150s.

[SW7700]dot1x timer server-timeout 150

dot1x timer handshake-period

Syntaxdot1x timer handshake-period interval

undo dot1x timer handshake-period

View

system view

Parameter

interval: handshake period, range from 1 to 1024, unit in second.

Description

■ Use the dot1x timer handshake-period command to set the handshake period of 802.1x.

■ Use the undo dot1x timer handshake-period command to restore the handshake period to default value.

By default, handshake period is 15s.

After setting handshake-period, system will send the handshake packet by the period. Suppose the dot1x retry time is configured as N, the system will consider the user having logged off and set the user as logoff state if system doesn’t receive the response from user for consecutive N times.

Example

Set the handshake period of 802.1x to 200 seconds.

[SW7700]dot1x timer handshake-period 200

reset dot1x statistics Syntaxreset dot1x statistics [ interface interface-list ]

View

User view

Parameter

interface interface-list: Ethernet port list including several Ethernet ports. interface-list = { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single Ethernet port in the format port-num = { interface-type interface-num | interface-name }, where interface-type specifies the port type, interface-num specifies the port number and interface-name specifies the port name. For the respective meanings and value ranges, read the Parameter of the Port Configuration section.


Description

Use the reset dot1x statistics command to reset the statistics information of 802.1x.

This command can be used to re-perform information statistics if the user wants to delete the former statistics information of 802.1x.

When the original statistics information is cleared, if no port type or port number is specified, the global 802.1x statistics information of the switch and 802.1x statistics information on all the ports will be cleared. If the port type and port number are specified, the 802.1x statistics information on the specified port will be cleared.


Example

Clear the 802.1x statistics information on Ethernet 1/0/2.

<SW7700>reset dot1x statistics interface ethernet 1/0/2

AAA Configuration Commands

This section describes how to use the AAA configuration commands on your Switch 7700.

access-limit Syntaxaccess-limit { disable | enable max-user-number }

undo access-limit

View

ISP domain view

Parameter

disable: No limit to the supplicant number in the current ISP domain.

enable max-user-number: Specifies the maximum supplicant number in the current ISP domain, ranging from 1 to 4096

Description

Use the access-limit command to configure a limit to the number of supplicants in the current ISP domain.

Use the undo access-limit command to remove the limit to the number of supplicants in the current ISP domain.

By default, there is no limit to the amount of supplicants in the current ISP domain.

This command limits the amount of supplicants contained in the current ISP domain. The supplicants may contend with each other for the network resources. So setting a suitable limit to the amount will guarantee the reliable performance for the existing supplicants.

AAA Configuration Commands 415

Example

Sets a limit of 500 supplicants for the ISP domain, marlboro.net.

[SW7700isp-marlboro.net]access-limit enable 500

attribute Syntaxattribute { ip ip-address | mac mac-address | idle-cut second | access-limit max-user-number | vlan vlanid | location { nas-ip ip-address port portnum | port portnum }

undo attribute {ip | mac | idle-cut | access-limit | vlan |location }

View

Local user view

Parameter

idle-cut second: Allows/Disallows the local users to enable the idle-cut function. (The specific data for this function depends on the configuration of the ISP domain where the users locate.) The argument minute defines the idle-cut time, which is in the range of 60 to 7200 seconds.

access-limit max-user-number: Defines the maximum number of users that the current ISP domain can accommodate. The argument max-user-number is in the range of 1 to 4096.

ip: Specifies the IP address of a user.

mac mac-address: Specifies the MAC address of a user. Where, mac-address takes on the hexadecimal format of X-X-X.

vlan vlanid: Sets the VLAN attribute of user, in other words, the VLAN to which a user belong. The argument vlanid is an integer in the range of 1 to 4094.

location: Sets the port binding attribute of user.

nas-ip ip-address: The IP address of the access server in the event of binding a remote port with a user. The argument ip-address is an IP address in dotted decimal format and defaults to 127.0.0.1.

port portnum: Sets the port with which a user is bound. The argument portnum is represented by “SlotNumber SubSlotNumber PortNumber”. If any of these three items is absent, the value 0 will be used to replace it.

Description

■ Use the attribute command to configure some attributes for specified local user.

■ Use the undo attribute command to cancel the attributes that have been defined for this local user.

It should be noted that the argument nas-ip must be defined for a user bound with a remote port, which is unnecessary, however, in the event of a user bound with a local port.


Related command: display local-user.

Example

Configure the IP address 10.110.50.1 to the user JohnQ.

[SW7700-luser-JohnQ]ip 10.110.50.1

cut connection Syntaxcut connection { all | access-type { dot1x | gcm } | domain domain-name | interface portnum | ip ip-address | mac mac-address | radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name }

View

System view

Parameter

all: Configures to disconnect all connection.

access-type { dot1x | gcm }: Configures to cut a category of connections according to logon type. dot1x means the 802.1x users. gcm means gcm user.

domain domain-name: Configures to cut the connection according to ISP domain. domain-name specifies the ISP domain name with a character string not exceeding 24 characters. The specified ISP domain shall have been created.

mac mac-address: Configures to cut the connection of the supplicant whose MAC address is mac-address. The argument mac-address is in the hexadecimal format (x-x-x).

radius-scheme radius-server-name: Configures to cut the connection according to RADIUS server name. radius-server-name specifies the RADIUS server name with a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”.

interface portnum: Configures to cut the connection according to the port.

ip ip-address: Configures to cut the connection according to IP address. The argument ip-address is in the hexadecimal format (ip-address).

vlan vlanid: Configures to cut the connection according to VLAN ID. Here, vlanid ranges from 1 to 4094.

ucibindex ucib-index: Configures to cut the connection according to ucib-index. Here, ucib-index ranges from 0 to 4095.

user-name user-name: Configures to cut the connection according to user name. user-name is the argument specifying the username. It is a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 24 characters.


Description

Use the cut connection command to disconnect a user or a category of users by force.

By default, no online user will be disconnected by force.

In some occasions, it is necessary to disconnect a user or a category of users by force.

Related command: display connection.

Example

Cut all the connections in the ISP domain, marlboro.net.

[SW7700]cut connection domain marlboro.net

display connection Syntaxdisplay connection [ access-type { dot1x | gcm } | domain domain-name | interface portnum | ip ip-address | mac mac-address | radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name ]

View

All views

Parameter

access-type { dot1x | gcm }: Configures to display the supplicants according to their logon type. dot1x means the 802.1x users. gcm means gcm user.

domain domain-name: Configures to display all the users in an ISP domain. domain-name specifies the ISP domain name with a character string not exceeding 24 characters. The specified ISP domain shall have been created.

mac mac-address: Configures to display the supplicant whose MAC address is mac-address. The argument mac-address is in the hexadecimal format (x-x-x).

radius-scheme radius-server-name: Configures to display the supplicant according to RADIUS server name. radius-server-name specifies the RADIUS server name with a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”.

interface portnum: Configures to display the supplicant according the port.

ip ip-address: Configures to display the user specified with IP address. The argument ipt-address is in the hexadecimal format (ip-address).

vlan vlanid: Configures to display the user specified with VLAN ID. Here, vlanid ranges from 1 to 4094.

ucibindex ucib-index: Configures to display the user specified with ucib-index. Here, ucib-index ranges from 0 to 4095.

user-name user-name: Configures to display a user specifies with user-name. user-name is the argument specifying the username. It is a character string not


exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 24 characters.

Description

Use the display connection command to view the relevant information of all the supplicants or the specified one(s).

This command displays the information about a specified or all the users. The output can help you with the user connection diagnosis and troubleshooting.

Related command: cut connection.

Example

Display the relevant information of all the users.

<SW7700>display connectionTotal 0 connections matched ,0 listed.

display domain Syntaxdisplay domain [ isp-name ]

View

All views

Parameter

isp-name: Specifies the ISP domain name, with a character string not exceeding 24 characters. The specified ISP domain shall have been created.

Description

Use the display domain command to view the configuration of a specified ISP domain or display the summary information of all ISP domains.

This command is used to output the configuration of a specified ISP domain or display the summary information of all ISP domains. If an ISP domain is specified, the configuration information will be displayed exactly the same, concerning the content and format, as the displayed information of the display domain command. The output information can help with ISP domain diagnosis and troubleshooting. Note that the accounting scheme to be displayed should have been created.

Related commands: access-limit, domain, radius scheme, state, display domain.

Example

Display the summary information of all ISP domains of the system.

<SW7700>display domain0 Domain=123 State=Active Accessed=01 Domain=3Com163.net State=Block Accessed=0Default Domain Name: 123 Auto-Append=YesTotal 2 domain(s) listed.


display local-user Syntaxdisplay local-user [ domain isp-name | idle-cut { enable | disable } | service-type { telnet | ftp | lan-access } | state { active | block } | user-name user-name | vlan vlanid ]

View

All views

Parameter

domain isp-name: Configures to display all the local users in the specified ISP domain. isp-name specifies the ISP domain name with a character string not exceeding 24 characters. The specified ISP domain shall have been created.

idle-cut: Configures to display the local users according to the state of idle-cut function. disable means that the user disables the idle-cut function and enable means the user enables the function. This parameter only takes effect on the users configured as lan-access type. For other types of users, the display local-user idle-cut enable and display local-user idle-cut disable commands do not display any information.

service-type: Configures to display local user of a specified type. telnet means that: the specified user type is telnet. ftp means that: the specified user type is ftp. lan-access means that the specified user type is lan-access which mainly refers to Ethernet accessing users, 802.1x supplicants for example.

state { active | block }: Configures to display the local users in the specified state. active means that the system allows the user requesting network service and block means the system does not allow the user requesting network service.

user-name user-name: Configures to display a user specified with user-name. user-name is the argument specifying the username. It is a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 24 characters.

vlan vlanid: Configures to display the users belonged to specified VLAN. vlanid is the integer, ranging from 1 to 4094.

Description

Use the display local-user command to view the relevant information of all the local users or the specified one(s).

This command displays the relevant information about a specified or all the local users. The output can help you with the fault diagnosis and troubleshooting related to local user.

Related command: local-user.

Example

Display the relevant information of all the local users.

<SW7700>display local-userThe contents of local user xxx: State: Active ServiceType Mask:


Idle Cut: Disable AccessLimit: Disable Current AccessNum: 0 Bind location: Disable Vlan ID: Disable

Total 1 local user(s) Matched,1 listed.

domain Syntaxdomain [ isp-name | default { disable | enable isp-name }]undo domain isp-name

View

System view

Parameter

isp-name: Specifies an ISP domain name. The name is expressed with a character string not exceeding 24 characters, excluding “/”, “: ”, “*”, “? ”, “<”, and “>”.

default: configure default ISP.

disable: Disable default ISP configuration.

enable: Enable default ISP configuration.

Description

■ Use the domain command to configure an ISP domain or enter the view of an existing ISP domain.

■ Use the undo domain command to cancel a specified ISP domain.

By default, a domain named system has been created in the system. The attributes of system are all default values.

ISP domain is a group of users belonging to the same ISP. Generally, for a username in the userid@isp-name format, taking [email protected] as an example, the isp-name (i.e.3Com163.net) following the @ is the ISP domain name. When 3Com SW7700 Series Ethernet Switches control user access, as for an ISP user whose username is in userid@isp-name format, the system will take userid part as username for identification and take isp-name part as domain name.

The purpose of introducing ISP domain settings is to support the application environment with several ISP domains. In this case, an access device may have supplicants from different ISP domains. Because the attributes of ISP users, such as username and password structures, service types, may be different, it is necessary to separate them by setting ISP domains. In ISP domain view, you can configure a complete set of exclusive ISP domain attributes for each ISP domain, which includes AAA schemes ( RADIUS server group applied and so forth.)

For a switch, each supplicant belongs to an ISP domain. The system supports to configure up to 16 ISP domains. If a user has not reported its ISP domain name, the system will put it into the default domain.


When this command is used, if the specified ISP domain does not exist, the system will create a new ISP domain. All the ISP domains are in the active state when they are created.

Related commands: access-limit, radius scheme, state, display domain.

Example

Create a new ISP domain, marlboro.net, and enters its view.

[SW7700]domain marlboro.netNew Domain added.[SW7700-isp-3Com163.net]

idle-cut Syntaxidle-cut { disable | enable minute flow }

View

ISP domain view

Parameter

disable: means disabling the user to use idle-cut function .

enable: means enabling the user to use the function.

minute: Specifies the maximum idle time, ranging from 1 to 120 and measured in minutes.

flow: The minimum data traffic, ranging from 1 to 10,240,000 and measured in bytes.

Description

Use the idle-cut command to configure the user template in the current ISP domain.

By default, after an ISP domain is created, this attribute in user template is disable, that is, the user idle-cut is disabled.

The user template is a set of default user attributes. If a user requesting for the network service does not have some required attributes, the corresponding attributes in the template will be endeavored to him as default ones. The user template of the switch you are using may only provide user idle-cut settings. After a user is authenticated, if the idle-cut is configured to enable or disable by neither the user nor the RADIUS server, the user will adopt the idle-cut state in the template.

Because a user template only works in one ISP domain, it is necessary to configure user template attributes for users from different ISP domain respectively.

Related command: domain

Example

Enable the user in the current ISP domain, 3Com163.net, to use the idle-cut attribute specified in the user template (that is, enabling the user to use the


idle-cut function). The maximum idle time is 50 minutes and the minimum data traffic is 500 bytes.

[SW7700-isp-3Com163.net]idle-cut enable 50 500

local-user Syntaxlocal-user user-name

undo local-user { user-name | all [ service-type { telnet | ftp | lan-access } ] }

View

System view

Parameter

user-name: Specifies a local username with a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 24 characters. The user-name parameter is not case sensitive.

service-type: Specifies the service type.

telnet: The specified user type is telnet.

ftp: The specified user type is ftp.

lan-access: The specified user type is lan-access which mainly refers to Ethernet accessing users, 802.1x supplicants for example.

all: All the users.

Description

■ Use the local-user command to configure a local user and enter the local user view.

■ Use the undo local-user command to cancel a specified local user.

By default, no local user.

Related commands: display local-user, server-type.

Example

Add a local user named 3Com1.

[SW7700]local-user JohnQ[SW7700-luser-JohnQ]

local-user password-display-mode

Syntaxlocal-user password-display-mode { cipher-force | auto }

undo local-user password-display-mode


View

System view

Parameter

cipher-force: Forced cipher mode specifies that the passwords of all the accessed users must be displayed in cipher text.

auto: The auto mode specifies that a user is allowed to use the password command to set a password display mode.

Description

■ Use the local-user password-display-mode command to configure the password display mode of all the accessing users.

■ Use the undo local-user password-display-mode command to cancel the password display mode that has been set for all the accessing users.

If cipher-force has been adopted, the user efforts of specifying to display passwords in simple text will render useless.

The password display mode of all the accessing users defaults to auto.

Related commands: display local-user, password.

Example

Force all the accessing users to display passwords in cipher text.

[SW7700]local-user password-display-mode cipher-force

password Syntaxpassword { simple | cipher } password

undo password

View

Local user view

Parameter

simple: Specifies to display passwords in simple text.

cipher: Specifies to display passwords in cipher text.

password: Defines a password, which is a character string of up to 16 characters if it is in simple text and of up to 24 characters if it is in cipher text.

Description

■ Use the password command to configure a password display mode for local users.

■ Use the undo password command to cancel the specified password display mode.


If local-user password-display-mode cipher-force has been adopted, the user efforts of using the password command to set the password display mode to simple text (simple) will render useless.

Related command: display local-user.

Example

Set the user 3Com1 to display the password in simple text, given the password is 20030422.

[SW7700-luser-3Com1]password simple 20030422

radius-scheme Syntaxradius-scheme radius-scheme-name

View

ISP domain view

Parameter

radius-scheme-name: Specifies a RADIUS server group, with a character string not exceeding 32 characters.

Description

Use the radius-scheme command to configure the RADIUS server group used by the current ISP domain.

After an ISP domain is created, it uses the default RADIUS server group (named “default”. For configuration of relevant parameters, read the RADIUS Configuration section of this chapter) of the system.

This command is used to specify the RADIUS server group for the current ISP domain. The specified RADIUS server group shall have been created.

Related commands: radius scheme, display radius.

Example

The following example designates the current ISP domain, marlboro.net, to use the RADIUS server, Radserver.

[SW7700-isp-marlboro.net]radius-scheme Radserver

service-type Syntaxservice-type { ftp [ ftp-directory directory ] | lan-access | telnet [ level level ] ] | telnet [ level level ] }

undo service-type { ftp [ ftp-directory ] | lan-access | telnet [ level ] }

View

Local user view


Parameter

telnet: Specifies user type as Telnet.

level level: Specifies the level of Telnet users. The argument level is an integer in the range of 0 to 3 and defaults to 1.

ftp: Specifies user type as ftp.

ftp-directory directory: Specifies the directory of ftp users, directory is a character string of up to 64 characters.

lan-access: Specifies user type to lan-access, which mainly refers to Ethernet accessing users, 802.1x supplicants for example.

Description

■ Use the service-type command to configure a service type for a particular user.

■ Use the undo service-type command to cancel the specified service type for the user.

Example

Set to provide the lan-access service for the user JohnQ.

[SW7700-luser-JohnQ]service-type lan-access

state Syntaxstate { active | block }

View

ISP domain view

Local user view

Parameter

active: Configures the current ISP domain (ISP domain view)/current user (local user view) as being in active state, that is, the system allows the users in the domain (ISP domain view) or the current user (local user view) to request network service.

block: Configures the current ISP domain (ISP domain view)/current user (local user view) as being in block state, that is, the system does not allow the users in the domain (ISP domain view) or the current user (local user view) to request network service.

Description

Use the state command to configure the state of the current ISP domain/ current user.

By default, after an ISP domain is created, it is in the active state (in ISP domain view).

A local user will be active (in local user view) upon its creation.


In ISP domain view, every ISP can either be in active or block state. If an ISP domain is configured to be active, the users in it can request for network service, while in block state, its users cannot request for any network service, which will not affect the users currently online.

Related command: domain.

Example

Set the current ISP domain marlboro.net to be in the block state. The supplicants in this domain cannot request for the network service.

[SW7700-isp-marlboro.net]state block

Set the user 3Com1 to be in the block state.

[SW7700-user-3Com1]state block

RADIUS Protocol Configuration Commands

This section describes how to use the RADIUS Protocol configuration commands on your Switch 7700.

accounting optional Syntaxaccounting optionalundo accounting optional

View

RADIUS server group view

Parameter

None

Description

■ Use the accounting optional command to enable the selection of the RADIUS accounting option.

■ Use the undo accounting optional command to disable the selection of RADIUS accounting option.

By default, selection of the RADIUS accounting option is disabled.

If no RADIUS server is available or if RADIUS accounting server fails when the accounting optional is configured, the user can still use the network resource, otherwise, the user will be disconnected.

The user configured with accounting optional command in RADIUS scheme will no longer send real-time accounting update packet or offline accounting packet.

The accounting optional command in RADIUS server group view is only effective on the accounting that uses this RADIUS server group.

Example

Enable the selection of RADIUS accounting of the RADIUS server group named as CAMS.

RADIUS Protocol Configuration Commands 427

[SW7700-radius-cams] accounting optional

data-flow-format Syntaxdata-flow-format data { byte | giga-byte | kilo-byte | mega-byte } packet { giga-byte | kilo-byte | mega-byte | one-packet }

View


Parameter

data: Set data unit.

byte: Set 'byte' as the unit of data flow.

giga-byte: Set 'giga-byte' as the unit of data flow.

kilo-byte: Set 'kilo-byte' as the unit of data flow.

mega-byte: Set 'mega-byte' as the unit of data flow.

packet: Set data packet unit.

giga-packet: Set 'giga-packet' as the unit of packet flow.

kilo-packet: Set 'kilo-packet' as the unit of packet flow.

mega-packet: Set 'mega-packet' as the unit of packet flow.

one-packet: Set 'one-packet' as the unit of packet flow.

Description

Use the data-flow-format command to configure the unit of data flow that send to RADIUS Server.

By default, the data unit is byte and the data packet unit is one-packet.

Related command: display radius.

Example

Set the unit of data flow that send to kilo-byte and the data packet to kilo-packet

[SW7700-radius-3Com]data-flow-format data kilo-byte packet kilo-packet

display local-server statistics

Syntaxdisplay local-server statistics

View

All views

Parameter

None


Description

Use the display local-server statistics command to view the configuration information of local RADIUS server group.

Related command: local-server.

Example

Display local RADIUS server group information.

<SW7700> display local-server statisticsThe localserver packet statistics:Receive: 0 Send: 0Discard: 0 Receive Packet Error: 0Auth Receive: 0 Auth Send: 0Acct Receive: 0 Acct Send: 0

display radius Syntaxdisplay radius [ radius-server-name ]

View

All views

Parameter

radius-server-name: Specifies the RADIUS server group name with a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. Display all RADIUS server groups when the parameter is not set.

Description

Use the display radius command to view the configuration information of all RADIUS server groups or a specified one.

By default, this command outputs the configuration information about the specified or all the RADIUS server groups. The output can help with RADIUS diagnosis and troubleshooting.

Related command: radius scheme.

Example

Display the configuration information of all the RADIUS server groups.

<SW7700>display radius------------------------------------------------------------------ServerName =default Index=0 Type=standardPrimary Auth IP =0.0.0.0 Port=1812 State=DownPrimary Acct IP =0.0.0.0 Port=1813 State=DownSecond Auth IP =0.0.0.0 Port=1812 State=DownSecond Acct IP =0.0.0.0 Port=1813 State=DownAuth Server Encryption Key= 3ComAcct Server Encryption Key= 3ComTimeOutValue (seconds)=3 RetryTimes=3 RealtimeACCT (minutes)=12Permitted send realtime PKT failed counts =5Retry sending times of noresponse acct-stop-PKT =500Username format =with-domainData flow unit =Byte


Packet unit =1

------------------------------------------------------------------ServerName =3Com Index=1 Type=standardPrimary Auth IP =10.11.1.1 Port=1812 State=UpPrimary Acct IP =10.11.1.2 Port=1813 State=UpSecond Auth IP =10.11.1.2 Port=1812 State=UpSecond Acct IP =10.11.1.1 Port=1813 State=UpAuth Server Encryption Key= 3ComAcct Server Encryption Key= 3ComTimeOutValue (seconds)=3 RetryTimes=3 RealtimeACCT (minutes)=12Permitted send realtime PKT failed counts =5Retry sending times of noresponse acct-stop-PKT =500Username format =without-domainData flow unit =BytePacket unit =1------------------------------------------------------------------Printed [2] items

display radius statistics Syntaxdisplay radius statistics

View

All views

Parameter

None

Description

Use the display radius statistics command to view the statistics information of RADIUS packet.

This command outputs the statistics information about the RADIUS packets. The displayed packet information can help with RADIUS diagnosis and troubleshooting.


Example

Display the statistics information of RADIUS packets.

<SW7700>display radius statistics

state statistic(total=1528):DEAD=1528 AuthProc=0 AuthSucc=0AcctStart=0 RLTSend=0 RLTWait=0 AcctStop=0 OnLine=0 Stop=0 StateErr=0

Receive and Send packets statistic:Send PKT total :0 Receive PKT total:0RADIUS received packets statistic:Code= 2,Num=0 ,Err=0Code= 3,Num=0 ,Err=0Code= 5,Num=0 ,Err=0


Code=11,Num=0 ,Err=0Code=22,Num=0 ,Err=0

Running statistic:RADIUS received messages statistic:Normal auth request ,Num=0 ,Err=0 ,Succ=0EAP auth request ,Num=0 ,Err=0 ,Succ=0Account request ,Num=0 ,Err=0 ,Succ=0Account off request ,Num=0 ,Err=0 ,Succ=0Leaving request ,Num=0 ,Err=0 ,Succ=0PKT auth timeout ,Num=0 ,Err=0 ,Succ=0PKT acct_timeout ,Num=0 ,Err=0 ,Succ=0Realtime Account ,Num=2317 ,Err=0 ,Succ=2317PKT response ,Num=0 ,Err=0 ,Succ=0EAP reauth_request ,Num=0 ,Err=0 ,Succ=0PORTAL access ,Num=0 ,Err=0 ,Succ=0Update ack ,Num=0 ,Err=0 ,Succ=0PORTAL access ack ,Num=0 ,Err=0 ,Succ=0Session ctrl pkt ,Num=0 ,Err=0 ,Succ=0RADIUS send messages statistic:Normal auth accept ,Num=0Normal auth reject ,Num=0EAP auth accept ,Num=0EAP auth reject ,Num=0EAP auth replying ,Num=0EAP reauth accept ,Num=0EAP_reauth_reject ,Num=0Account success ,Num=0Account failure ,Num=0Account off ack ,Num=0Update request ,Num=0Leaving ack ,Num=0Cut req ,Num=0RecError_MSG_sum:0 SndMSG_Fail_sum :0Timer_Err :0 Alloc_Mem_Err :0State Mismatch :0 Other_Error :0

No-response-acct-stop packet=0Discarded No-response-acct-stop packet=0

display stop-accounting-buffer

Syntaxdisplay stop-accounting-buffer { radius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name }

View

All views

Parameter

radius-scheme radius-server-name: Configures to display the saved stopping accounting requests according to RADIUS server name. radius-server-name specifies the RADIUS server name with a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”.


session-id session-id: Configures to display the saved stopping accounting requests according to the session ID. session-id specifies the session ID with a character string not exceeding 50 characters.

time-range start-time stop-time: Configures to display the saved stopping accounting requests according to the saving time. Start-time specifies the start time of the saving time range and stop-time specifies the stop time of the saving time range. The time is expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is specified, all the stopping accounting requests saved in the time range since start-time to stop-time will be displayed.

user-name user-name: Configures to display the saved stopping accounting requests according to the username. User-name specifies the username, a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 24 characters.

Description

Use the display stop-accounting-buffer command to view the stopping accounting requests, which have not been responded and saved in the buffer.

After transmitting the stopping accounting requests, if there is no response from the RADIUS server, the switch will save the packet in the buffer and retransmit it for several times, which is set through the retry realtime-accounting.

This command is used to display the stopping accounting requests saved in the switch buffer. You can select to display the packets sent to a certain RADIUS server, or display the packets according to user session ID or username. You may also display the request packets saved during a specified time range. The displayed packet information can help with diagnosis and troubleshooting.

Related commands: reset stop-accounting-buffer, stop-accounting-buffer enable, retry stop-accounting.

Example

Display the stopping accounting requests saved in the system buffer since 0:0:0 to 23:59:59 on August 31, 2002.

<SW7700>display stop-accounting-buffer time-range 0:0:0-2002/08/31 23:59:59-2002/08/31Total find 0 record

key Syntaxkey { accounting | authentication } string

undo key { accounting | authentication }

View


Parameter

accounting: Configures to set/delete the authentication key for the RADIUS accounting packet.


authentication: Configures to set/delete the encryption key for RADIUS authentication/authorization packet.

string: Specifies the key with a character string not exceeding 16 characters, excluding “/”, “: ”, “*”, “? ”, “<” and “>”. By default, the key is “3Com”.

Description

■ Use the key command to configure encryption key for RADIUS authentication/authorization or accounting packet.

■ Use the undo key command to restore the default key.

RADIUS client (switch system) and RADIUS server use MD5 algorithm to hash the exchanged packets. The two ends verify the packet through setting the key. Only when the keys are identical can both ends accept the packets from each other and give responses. So it is necessary to ensure that the keys set on the switch and the RADIUS server are identical. If the authentication/authorization and accounting are performed on two different servers with different keys, you should set two keys respectively.

Related commands: primary accounting, primary authentication, radius scheme.

Example

Example 1:

Set the authentication/authorization key of the RADIUS server group to “hello”.

[SW7700-radius]key authentication hello

Example 2:

Set the accounting packet key of the RADIUS server group to “ok”.

[SW7700-radius]key accounting ok

local-server Syntaxlocal-server nas-ip ip-address key password

undo local-server nas-ip ip-address

View

System view

Parameter

nas-ip ip-address: set IP address of access server. ip-address is expressed in the format of dotted decimal.

key password: Set password of logon user. password is a character string containing up to 16 characters.

Description

■ Use the local-server command to configure the parameters of local RADIUS server.


■ Use the undo local-server command to cancel a local RADIUS server.

RADIUS service, which adopts authentication/authorization/accounting servers to manage users, is widely used in SW7700 switches. Besides, local authentication/authorization/accounting service is also used in these products and it is called local RADIUS function, i.e. realize basic RADIUS function on the switch. Note that when using local RADIUS server function, remember the number of UDP port used for authentication is 1645 and that for accounting is 1646.

SW7700 switches support up to 16 local RADIUS server groups.

Related commands: radius scheme, state.

Example

Set the IP address of local RADIUS server group to 10.110.1.2 and the password to 3Com.

[SW7700]local-server nas-ip 10.110.1.2 key 3Com

primary accounting Syntaxprimary accounting ip-address [ port-number ]

undo primary accounting

View


Parameter

ip-address: IP address, in dotted decimal format. By default, the IP addresses of the primary accounting servers is at 0.0.0.0.

port-number: Specifies UDP port number. ranging from 1 to 65535. By default, the UDP port for accounting service is 1813.

Description

■ Use the primary accounting command to configure the IP address and port number for the primary accounting server.

■ Use the undo primary accounting command to restore the default IP address and port number of the primary RADIUS accounting server.

After creating a RADIUS server group, you are supposed to set IP addresses and UDP port numbers for the RADIUS servers, including primary/second authentication/authorization servers and accounting servers. In real networking environments, the above parameters shall be set according to the specific requirements. However, at least you have to set one authentication/authorization server and an accounting server. Besides, ensure that the RADIUS service port settings on the Ethernet switch is consistent with the port settings on the RADIUS server.

Related commands: key, radius scheme, state.


Example

Set the IP address of the primary accounting server of RADIUS server group, 3Com, to 10.110.1.2 and the UDP port 1813 to provide RADIUS accounting service.

[SW7700-radius-3Com]primary accounting 10.110.1.2 1813

primary authentication Syntaxprimary authentication ip-address [ port-number ]

undo primary authentication

View


Parameter

ip-address: IP address, in dotted decimal format. By default, the IP addresses of the primary authentication/authorization is at 0.0.0.0.

port-number: Specifies UDP port number. ranging from 1 to 65535. By default, the UDP port for authentication/authorization service is 1812 .

Description

■ Use the primary authentication command to configure the IP address and port number for the primary RADIUS authentication/authorization.

■ Use the undo primary authentication command to restore the default IP address and port number of the primary RADIUS authentication/authorization.

After creating a RADIUS server group, you are supposed to set IP addresses and UDP port numbers for the RADIUS servers, including primary/second authentication/authorization servers and accounting servers. In real networking environments, the above parameters shall be set according to the specific requirements. However, at least you have to set one authentication/authorization server and an accounting server. Besides, ensure that the RADIUS service port settings on the Ethernet switch is consistent with the port settings on the RADIUS server.


Example

Set the IP address of the primary authentication/authorization server of RADIUS server group, “3Com”, to 10.110.1.1 and the UDP port 1812 to provide RADIUS authentication/authorization service.

[SW7700-radius-3Com]primary authentication auth 10.110.1.1 1812

radius scheme Syntaxradius scheme radius-server-name

undo radius scheme radius-server-name

View

System view


Parameter

radius-server-name: Specifies the Radius server name with a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”.

Description

■ Use the radius scheme command to configure a RADIUS server group and enter its view.

■ Use the undo radius scheme command to cancel the specified RADIUS server group.

By default, a RADIUS server group named system has been created in the system. The attributes of system are all default values.

RADIUS protocol configuration is performed on a per-RADIUS-server-group basis. Every RADIUS server group shall at least have the specified IP address and UDP port number of the RADIUS authentication/authorization/accounting server and some necessary parameters exchanged with the RADIUS client end (switch system). So it is necessary to create the RADIUS server group and enter its view before performing other RADIUS protocol configurations.

A RADIUS server group can be used by several ISP domains at the same time.

Although undo radius scheme can remove a specified RADIUS server group. However, the default one cannot be removed. Note that a serer group currently in use by the online user cannot be removed.

Related commands: key, retry realtime-accounting, radius-scheme, timer realtime-accounting, stop-accounting-buffer enable, retry stop-accounting, server-type, state, user-name-format, retry, display radius, display radius statistics.

Example

Create a RADIUS server group named “3Com” and enters its view.

[SW7700]radius scheme 3Com[SW7700-radius-3Com]

reset stop-accounting-buffer

Syntaxreset stop-accounting-buffer { radius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name }

View

User view

Parameter

radius-scheme radius-server-name: Configures to delete the stopping accounting requests from the buffer according to the specified RADIUS server name. radius-server-name specifies the RADIUS server name with a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”.


session-id session-id: Configures to delete the stopping accounting requests from the buffer according to the specified session ID. session-id specifies the session ID with a character string not exceeding 50 characters.

time-range start-time stop-time: Configures to delete the stopping accounting requests from the buffer according to the saving time. Start-time specifies the start time of the saving time range and stop-time specifies the stop time of the saving time range. The time is expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is set, all the stopping accounting requests saved since start-time to stop-time will be deleted.

user-name user-name: Configures to delete the stopping accounting requests from the buffer according to the username. User-name specifies the username, a character string not exceeding 32 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 24 characters.

Description

Use the reset stop-accounting-buffer command to reset the stopping accounting requests, which are saved in the buffer and have not been responded.

By default, after transmitting the stopping accounting requests, if there is no response from the RADIUS server, the switch will save the packet in the buffer and retransmit it for several times, which is set through the retry realtime-accounting command.

This command is used to delete the stopping accounting requests from the switch buffer. You can select to delete the packets transmitted to a specified RADIUS server, or according to the session-id or username, or delete the packets transmitted during the specified time-range.

Related commands: stop-accounting-buffer enable, retry stop-accounting, display stop-accounting-buffer.

Example

Delete the stopping accounting requests saved in the system buffer by the user, [email protected].

[SW7700]reset stop-accounting-buffer user-name [email protected]

Delete the stopping accounting requests saved in the system buffer since 0:0:0 to 23:59:59 on August 31, 2002.

[SW7700]reset stop-accounting-buffer time-range 0:0:0-2002/08/31 23:59:59-2002/08/31

retry Syntaxretry retry-times

undo retry

View



Parameter

retry-times: Specifies the maximum times of retransmission, ranging from 1 to 20. By default, the value is 3.

Description

■ Use the retry command to configure the RADIUS request retransmission times.

■ Use the undo retry command to restore the retry-times to default value.

Because RADIUS protocol uses UDP packets to carry the data, its communication process is not reliable. If the RADIUS server has not responded NAS until timeout, NAS has to retransmit RADIUS request packet. If it transmits more than the specified retry-time, NAS considers the communication with the current RADIUS server has been disconnected and it will transmit request packet to other RADIUS servers.

Setting a suitable retry-time according to the network situation can speed up the system response.

Related command: radius scheme

Example

Set to retransmit the RADIUS request packet no more than 5 times via the server 3Com in the RADIUS server group.

[SW7700-radius-3Com]retry 5

retry realtime-accounting

Syntaxretry realtime-accounting retry-times

undo retry realtime-accounting

View


Parameter

retry-times: Specifies the maximum times of real-time accounting request failing to be responded, ranging from 1 to 255. By default, the accounting request can fail to be responded up to 5 times.

Description

■ Use the retry realtime-accounting command to configure the maximum number of retries for real-time accounting requests.

■ Use the undo retry realtime-accounting command to restore the maximum number of retries for real-time accounting requests to the default value.

RADIUS server usually checks if a user is online with timeout timer. If the RADIUS server has not received the real-time accounting packet from NAS, it will consider that there is line or device failure and stop accounting. Accordingly, it is necessary to disconnect the user at NAS end and on RADIUS server synchronously when some unexpected failure occurs. 3Com SW7700 Series Ethernet Switches support


to set maximum times of real-time accounting request failing to be responded. NAS will disconnect the user if it has not received real-time accounting response from RADIUS server for some specified times.

How to calculate the value of count? Suppose RADIUS server connection will timeout in T and the real-time accounting interval of NAS is t, then the integer part of the result from dividing T by t is the value of count. Therefore, when applied, T is suggested the numbers which can be divided exactly by t.


Example

Allow the real-time accounting request failing to be responded for up to 10 times.

[SW7700-radius-3Com]retry realtime-accounting 10

retry stop-accounting Syntaxretry stop-accounting retry-times

undo retry stop-accounting

View


Parameter

retry-times: Specifies the maximal retransmission times after stopping accounting request,. ranging from 10 to 65535. By default, the value is 500.

Description

■ Use the retry stop-accounting command to configure the maximal retransmission times after stopping accounting request.

■ Use the undo retry stop-accounting command to restore the retransmission times to the default value.

Because the stopping accounting request concerns account balance and will affect the amount of charge, which is very important for both the user and ISP, NAS shall make its best effort to send the message to RADIUS accounting server. Accordingly, if the message from the switch to RADIUS accounting server has not been responded, the switch shall save it in the local buffer and retransmit it until the server responds or discard the messages after transmitting for specified times.

Related commands: reset stop-accounting-buffer, radius scheme, display stop-accounting-buffer.

Example

Indicate that, when stopping accounting request for the server “3Com” in the RADIUS server group, the switch system will retransmit the packets for up to 1000 times.

[SW7700-radius-3Com]retry stop-accounting 1000


secondary accounting Syntaxsecondary accounting ip-address [ port-number ]undo secondary accounting

View


Parameter

ip-address: IP address, in dotted decimal format. By default, the IP addresses of second accounting server is at 0.0.0.0.

port-number: Specifies the UDP port number, ranging from 1 to 65535. By default, the accounting service is provided via UDP 1813.

Description

■ Use the secondary accounting command to configure the IP address and port number for the second RADIUS accounting server.

■ Use the undo secondary accounting command to restore the IP address and port number to default values.

For detailed information, read the Description of the primary accounting command.


Example

Set the IP address of the second accounting server of RADIUS server group, 3Com, to 10.110.1.1 and the UDP port 1813 to provide RADIUS accounting service.

[SW7700-radius-3Com]secondary accounting 10.110.1.1 1813

secondary authentication

Syntaxsecondary authentication ip-address [ port-number ]

undo secondary authentication

View


Parameter

ip-address: IP address, in dotted decimal format. By default, the IP addresses of second authentication/authorization is at 0.0.0.0.

port-number: Specifies the UDP port number, ranging from 1 to 65535. By default, the authentication/authorization service is provided via UDP 1812

Description

■ Use the secondary authentication command to configure the IP address and port number for the second RADIUS authentication/authorization.

■ Use the undo secondary authentication command to restore the IP address and port number to default values.


For detailed information, read the Description of the primary authentication command.


Example

Set the IP address of the second authentication/authorization server of RADIUS server group, “3Com”, to 10.110.1.2 and the UDP port 1812 to provide RADIUS authentication/authorization service.

[SW7700-radius-3Com]secondary authentication 10.110.1.2 1812

server-type Syntaxserver-type { extendedtype | iphotel | portal | standard }

undo server-type

View


Parameter

3Comtype: Configures the switch system to support the extended RADIUS server type, which requires the RADIUS client end (switch system) and RADIUS server to interact according RADIUS extensions.

iphotel: Configures the switch system to support the RADIUS server of IP Hotel type, which requires the RADIUS client end (switch system) and RADIUS server to interact according to the regulation and packet format of IP Hotel (an extension of RADIUS protocol).

portal: Configures the switch system to support the RADIUS server of portal type, which requires the RADIUS client end (switch system) and RADIUS server to interact according to the regulation and packet format of Portal (an extension of RADIUS protocol).

standard: Configures the switch system to support the RADIUS server of Standard type, which requires the RADIUS client end (switch system) and RADIUS server to interact according to the regulation and packet format of standard RADIUS protocol (RFC 2138/2139 or newer).

Description

■ Use the server-type command to configure the RADIUS server type supported by the switch.

■ Use the undo server-type to restore the RADIUS server type to the default value.

By default, the value is standard.

The 3Com Switch 7700 supports standard RADIUS protocol and the extended RADIUS service platform IP Hotel, 201+ and Portal etc independently developed by 3Com. This command is used to select the supported RADIUS sever type.



Example

Set RADIUS server type of RADIUS sever group, “3Com” to IP Hotel.

[SW7700-radius-3Com]server-type iphotel

state Syntaxstate { primary | secondary } { accounting | authentication } { block | active }

View


Parameter

primary: Configures to set the state of the primary RADIUS server.

secondary: Configures to set the state of the second RADIUS server.

accounting: Configures to set the state of RADIUS accounting server.

authentication: Configures to set the state of RADIUS authentication/authorization.

block: Configures the RADIUS server to be in the state of block.

active: Configures the RADIUS server to be active, namely the normal operation state.

Description

Use the state command to configure the state of RADIUS server.

By default, all the RADIUS servers in every RADIUS server group are in the state of active.

For the primary and second servers (no matter an authentication/authorization or an accounting server), if the primary server is disconnected to NAS for some fault, NAS will automatically turn to exchange packets with the second server. However, after the primary one recovers, NAS will not resume the communication with it at once, instead, it continues communicating with the second one. When the second one fails to communicate, NAS will turn to the primary one again. This command is used to set the primary server to be active manually, in order that NAS can communicate with it right after the troubleshooting.

When the primary and second servers are all active or block, NAS will send the packets to the primary server only.

Related commands: radius scheme, primary authentication, secondary authentication, primary accounting, secondary accounting.

Example

Set the second authentication server of RADIUS server group, “3Com”, to be active.


[SW7700-radius-3Com]state secondary authentication active

stop-accounting-buffer enable

Syntaxstop-accounting-buffer enable

undo stop-accounting-buffer enable

View


Parameter

None

Description

■ Use the stop-accounting-buffer enable command to configure to save the stopping accounting requests without response in the switch system buffer.

■ Use the undo stop-accounting-buffer enable command to cancel the function of saving the stopping accounting requests without response in the switch system buffer.

By default, enable to save the stopping accounting requests in the buffer.

Because the stopping accounting request concerns account balance and will affect the amount of charge, which is very important for both the user and ISP, NAS shall make its best effort to send the message to RADIUS accounting server. Accordingly, if the message from the switch to RADIUS accounting server has not been responded, the switch shall save it in the local buffer and retransmit it until the server responds or discard the messages after transmitting for specified times.

Related commands: reset stop-accounting-buffer, radius scheme, display stop-accounting-buffer.

Example

Indicate that, for the server “3Com” in the RADIUS server group, the switch system will save the stopping accounting request packets in the buffer

[SW7700-radius-3Com]stop-accounting-buffer enable

timer Syntaxtimer seconds

undo timer

View


Parameter

second: RADIUS server response timeout timer, ranging from 1 to 10 and measured in seconds. By default, the value is 3.


Description

■ Use the timer command to configure RADIUS server response timer.

■ Use the undo timer command to restore the default value of the timer.

After RADIUS (authentication/authorization or accounting) request packet has been transmitted for a period of time, if NAS has not received the response from RADIUS server, it has to retransmit the message to guarantee RADIUS service for the user. The period taken is called RADIUS server response timeout time, which is controlled by the RADIUS server response timeout timer in the switch system. This command is used to set this timer.

Setting a suitable timer according to the network situation will enhance the system performance.

Related commands: radius scheme, retry.

Example

Set the response timeout timer of RADIUS server group, 3Com, to 5 seconds.

[SW7700-radius-3Com]timer 5

timer realtime-accounting

Syntaxtimer realtime-accounting minute

undo timer realtime-accounting

View


Parameter

minute: Real-time accounting interval, ranging from 3 to 60 and measured in minutes. By default, the value is 12.

Description

■ Use the timer realtime-accounting command to configure the real-time accounting interval.

■ Use the undo timer realtime-accounting command to restore the default interval.

To implement real-time accounting, it is necessary to set a real-time accounting interval. After the attribute is set, NAS will transmit the accounting information of online users to the RADIUS server regularly.

The value of minute is related to the performance of NAS and RADIUS server. The smaller the value is, the higher the requirement for NAS and RADIUS server is. When there are a large amount of users (more than 1000, inclusive), we suggest a larger value. The following table recommends the ratio of minute value to number of users.


Related commands: retry realtime-accounting, radius scheme.

Example

Set the real-time accounting interval of RADIUS server group, “3Com”, to 51 minutes.

[SW7700-radius-3Com]timer realtime-accounting 51

user-name-format Syntaxuser-name-format { with-domain | without-domain }

View


Parameter

with-domain: Specifies to send the username with domain name to RADIUS server.

without-domain: Specifies to send the username without domain name to RADIUS server.

Description

Use the user-name-format command to configure the username format sent to RADIUS server.

By default, RADIUS server acknowledges that the username sent to it includes ISP domain name.

The supplicants are generally named in userid@isp-name format. The part following “@” is the ISP domain name. The switch will put the users into certain ISP domains according to the domain names. However, some earlier RADIUS servers reject the username including ISP domain name. In this case, the username will be sent to the RADIUS server after its domain name is removed. Accordingly, the switch provides this command to decide whether the username to be sent to RADIUS server carries ISP domain name or not.

If a RADIUS server group is configured to reject usernames including ISP domain names, the RADIUS server group shall not be simultaneously used in more than one ISP domains. Otherwise, the RADIUS server will regard two users in different ISP domains as the same user by mistake, if they have the same username (excluding their respective domain names.)


Table 42 Recommended ratio of minute to number of users

Number of usersReal-time accounting interval (minute)

1 to 99 3

100 to 499 6

500 to 999 12

1000 15


Example

Specify to send the username without domain name to RADIUS server.

[SW7700-radius-3Com]user-name-format without-domain


10
USING RELIABILITY COMMANDS

VRRP Configuration Commands

■ debugging vrrp

■ display vrrp

■ vrrp authentication-mode

■ vrrp method

■ vrrp ping-enable

■ vrrp vrid preempt-mode

■ vrrp vrid priority

■ vrrp vrid timer

■ vrrp vrid track

■ vrrp vrid virtual-ip

HA Configuration Commands

■ display switch state

■ slave restart

■ slave switchover

■ slave update config

VRRP Configuration Commands

This section describes how to use the Virtual Router Redundancy Protocol (VRRP) configuration commands on your Switch 7700.

debugging vrrp Syntaxdebugging vrrp { state | packet }

undo debugging vrrp { state | packet }

View

User view.

Parameter

state: debugging VRRP state

packet: debugging VRRP packets

448 CHAPTER 10: USING RELIABILITY COMMANDS

Description

■ Use the debugging vrrp command to enable VRRP debugging.

■ Use the undo debugging vrrp command to disable VRRP debugging. By default, VRRP debugging is disabled.

Related command: terminal debugging (allows display of debugging information on the terminal.)

Example

Enable VRRP state debugging.

<SW7700>debugging vrrp state

display vrrp Syntaxdisplay vrrp [ { interface | statistics } vlan-interface interface-num ] [ virtual-router-ID ]

View

All views.

Parameter

interface-name: Interface name, the interface form is VLAN-interface interface-num.

virtual-router-ID: VRRP virtual router ID, ranging from 1 to 255.

Description

Use the display vrrp command to display information about the VRRP state.

This command is used to view the information about the VRRP state and configuration parameters. If the interface name and virtual router ID are not specified, the state information about all the virtual routers on the switch will be displayed. If only the interface name is specified, the state information about all the virtual routers on the interface will be displayed. If the interface name and virtual router ID are specified, the state information about the specified virtual router on the interface will be displayed.

Example

Display the information about the virtual routers on VLAN-interface 20 of the switch.

[SW7700]display vrrp interface vlan 20Vlan-interface20|Virtual Router 10

State : Initialize Virtual IP : 10.10.10.2 Priority : 100 Preempt : YES Delay Time : 0 Timer : 3 Auth Type : NONE

vrrp authentication-mode

Syntaxvrrp authentication-mode type [ key ]

VRRP Configuration Commands 449

undo vrrp authentication-mode

View

VLAN interface view.

Parameter

type: Authentication type:

simple: Perform simple character authentication.

md5: Perform the AH authentication with MD5 algorithm.

key: Authentication key. When simple authentication is configured, the key cannot exceed 8 characters. When md5 authentication is configured, the key cannot exceed 16 characters.

Description

■ Use the vrrp authentication-mode command to configure the authentication type and key of a specified VRRP virtual router.

■ Use the undo vrrp authentication-mode command to clear the authentication type and key of a specified VRRP virtual router.

If the simple or md5 authentication is configured, it is required to set the authentication key.

This command is used to configure the authentication type and key for all the VRRP virtual routers on an interface. As defined in the protocol, all the virtual routers on an interface use the same authentication type and key. In addition, all the members joining the same virtual router also use the same authentication type and key.

When the authentication type and key are set, the upper/lower cases are not necessary to be matched.

Example

Specify the authentication type and key for a VRRP virtual router.

[SW7700-vlan-interface2]vrrp authentication-mode simple 3com

vrrp method Syntaxvrrp method { real-mac | virtual-mac }

undo vrrp method

View

System view

Parameter

real-mac: Use the real MAC address of the interface to correspond to the virtual IP address of the VRRP virtual routers.

virtual-mac: Use the virtual MAC address of the interface to correspond to the virtual IP address of the VRRP virtual routers. This mode is RFC compliant.


Description

■ Use the vrrp method command to set correspondence between the MAC address and the virtual IP address of the backup group: matching the real MAC address or the virtual address with the virtual IP address.

■ Use the undo vrrp method command to reset the correspondence to the default value.

By default, the switch matches the virtual MAC address with the IP address of the backup group.

Due to the chips installed, some switches support matching one IP address to multiple MAC addresses. Then you may configure correspondence between the virtual IP address of the backup group and the real/virtual MAC address.

You should set correspondence between the virtual IP address of the backup group and the MAC address to the desired method before configuring any virtual routers. Otherwise, you will not be able to change the correspondence without removing the virtual router.

Example

Set the real MAC address of the interface match the virtual IP address of the backup group.

[SW7700]vrrp method real-mac

vrrp ping-enable Syntaxvrrp ping-enable

undo vrrp ping-enable

View

System view

Parameter

None

Description

■ Use the vrrp ping-enable command to enable a ping response from the virtual IP address of the backup group.

■ Use the undo vrrp ping-enable command to disable the ping response from the virtual IP address of the backup group.

By default, the ping function is disabled.

You can only use the commands before configuring the backup group.

Example

Enable the function to ping the virtual IP address of the backup group.

[SW7700]vrrp ping-enable


vrrp vrid preempt-mode Syntaxvrrp vrid virtual-router-ID preempt-mode [ timer delay delay-value ]

undo vrrp vrid virtual-router-ID preempt-mode

View


Parameter


delay-value: Delay in seconds, ranging from 0 to 255.

Description

■ Use the vrrp vrid preempt-mode command to enable preemption and configure the preemption delay.

■ Use the undo vrrp vrid preempt-mode command to cancel the preemption.

By default, the virtual router is in preempt mode and delay-value is 0 second.

If a higher-priority switch is required to preempt the Master, you must configure preemption. You can also set a delay for the preemption. If you configure it not to preempt, the delay will be set to 0 automatically.

Example

Configure the switch to preempt.

[SW7700-vlan-interface2]vrrp vrid 1 preempt-mode

Set a delay.

[SW7700-vlan-interface2]vrrp vrid 1 preempt-mode timer delay 5

Configure the switch not to preempt.

[SW7700-vlan-interface2]undo vrrp vrid 1 preempt-mode

vrrp vrid priority Syntaxvrrp vrid virtual-router-ID priority priority

undo vrrp vrid virtual-router-ID priority

View


Parameter


priority: Priority value, ranging from 1 to 254; By default, the priority value is 100.

Description

■ Use the vrrp vrid priority command to set the virtual router priority.


■ Use the undo vrrp vrid priority command to clear the virtual router priority.

The priority decides the status of a switch in the virtual router. A higher-priority switch is more likely to be a Master. Priority 0 is reserved for a special purpose. 255 is reserved for the IP address owner. The priority of the IP address owner is always 255 and cannot be modified.

Example

Set the virtual router priority on VLAN-interface2.

[SW7700-vlan-interface2]vrrp vrid 1 priority 150

vrrp vrid timer Syntaxvrrp vrid virtual-router-ID timer advertise adver-interval

undo vrrp vrid virtual-router-ID timer advertise

View


Parameter


adver-interval: VRRP packet interval of the Master in the virtual router in seconds, ranging from 1 to 255; By default, the value is 1s.

Description

■ Use the vrrp vrid timer command to set the virtual router timer.

■ Use the undo vrrp vrid timer command to clear the virtual router timer.

This command is used to set the VRRP packet interval of the Master in the virtual router. You should set the identical timer value for the switches in the same virtual router to avoid improper configuration.

Example

Configure the Master to transmit VRRP packets every 15 seconds.

[SW7700-vlan-interface2]vrrp vrid 1 timer advertise 15

vrrp vrid track Syntaxvrrp vrid virtual-router-ID track vlan-interface interface-num [ reduced value-reduced ]

undo vrrp vrid virtual-router-ID track [ vlan-interface interface-name ]

View


Parameter



interface-name: Interface which is to be tracked, the interface form is VLAN-interface interface-num.

value-reduced: The value by which the run priority is reduced, ranging from 1 to 255. By default, the value of this parameter is 10.

Description

■ Use the vrrp vrid track command to configure tracking of the interface.

■ Use the undo vrrp vrid track command to stop tracking the interface.

The VRRP interface track expands the backup function. You can use this command to track or stop tracking a single interface or all the interfaces. After configuration of interface tracking, if the tracked interface goes down, the priority of the switch is reduced. Therefore, another switch in the virtual router will have the highest priority, will become the new Master and will implement the backup function. The IP address owner does not allow configuration of interface tracking.

A single virtual router supports up to 8 tracks.

Example

Configure to track the interface.

[SW7700-vlan-interface2]vrrp vrid 1 track vlan-interface 1 reduced 50

vrrp vrid virtual-ip Syntaxvrrp vrid virtual-router-ID virtual-ip ip-address

undo vrrp vrid virtual-router-ID [ virtual-ip virtual-address ]

View


Parameter


ip-address: Virtual IP address.

Description

■ Use the vrrp vrid virtual-ip command to create a virtual router or add a virtual IP address to an existing virtual router.

■ Use the undo vrrp vrid virtual-ip command to delete an existing virtual router or an address from the virtual router.

Example

Create a virtual router

[SW7700-vlan-interface2]vrrp vrid 1 virtual-ip 10.10.10.10

Add a virtual IP address to an existing virtual router.

[SW7700-vlan-interface2]vrrp vrid 1 virtual-ip 10.10.10.11


Delete a virtual IP address.

[SW7700-vlan-interface2]undo vrrp vrid 1 virtual-ip 10.10.10.10

Delete a virtual router.

[SW7700-vlan-interface2]undo vrrp vrid 1 virtual-ip

Redundant Fabric Configuration Commands

This section describes how to use the redundant fabric configuration commands on your Switch 7700.

display switch state Syntaxdisplay switch state [ slot-id ]

View

All views

Parameter

slot-id: slot number of master/slave board.

Description

Use the display switch state command to display the status of the master/slave board according to the specified slot number.

This command is used to display the status of the master/slave board as specified by the slot id. If slot-id is not specified, the status of the master board is displayed.

Example[SW7700]display switch state 0 HA FSM State(master): Realtime and routine backup to slave.[SW7700]dis sw st 1HA FSM State(slave): Receiving realtime and routine data.[SW7700]

slave restart Syntaxslave restart

View

User view

Parameter

None

Description

Use the slave restart command to restart the slave fabric.

Example

Restart the slave fabric.

<SW7700>slave restart

Redundant Fabric Configuration Commands 455

The slave will reset! Continue?[Y/N]:y

slave switchover Syntaxslave switchover

View

User view

Parameter

None

Description

Use the slave switchover command to perform manual switchover of master/slave system.

The master/slave switchover can be performed only when the slave board operates normally and when it enters real-time backup status. Master/slave switchover does not affect the normal operation of system board. When the master/slave switchover is performed, the user is required to confirm before the master control system sends bus switchover command to the backup system.

Example

Enable master/slave switchover manually.

<SW7700>slave switchoverCaution!!! Confirm switch slave to master[Y/N]?yStarting.....RAM Line....OK

slave update config Syntaxslave update config

View

User view

Parameter

None

Description

Use the slave update config command to manually synchronize master/slave system configuration.

The master board will back up configuration files to the slave board to achieve configuration synchronization between the master and slave boards. When the command is executed, the configuration files are synchronized.

Related command: slave auto-update config.

Example

Synchronize configuration files on the master and slave boards.

<SW7700>slave update config


Now saving the current configuration to the slave board.Please wait...The configuration has been saved to the slave board successfully.

11
USING SYSTEM MANAGEMENT COMMANDS

File System Management Commands

■ cd

■ copy

■ delete

■ dir

■ file prompt

■ format

■ mkdir

■ more

■ move

■ pwd

■ rename

■ reset recycle-bin

■ rmdir

■ undelete

Configuration File Management Commands

■ display this

■ display startup

■ reset saved-configuration

■ save

■ startup saved configuration

FTP Server Configuration Commands

■ display ftp-server

■ display ftp-user

■ ftp server

■ ftp timeout

■ local-user

■ password

■ service-type

458 CHAPTER 11: USING SYSTEM MANAGEMENT COMMANDS

FTP Client Commands

■ ascii

■ binary

■ bye

■ cd

■ cdup

■ close

■ delete

■ dir

■ disconnect

■ ftp

■ get

■ lcd

■ ls

■ mkdir

■ passive

■ put

■ pwd

■ quit

■ remotehelp

■ rmdir

■ user

■ verbose

TFTP Configuration Commands

■ tftp get

■ tftp put

MAC Address Table Management Commands

■ display mac-address aging-time

■ display mac-address

■ mac-address

■ mac-address max-mac-count

■ mac-address timer

Device Management Commands

■ boot bootloader

■ bootrom-update security-check enable

■ boot bootrom

■ display backboard view

459

■ display bootloader

■ display cpu

■ display device

■ display environment

■ display fan

■ display memory

■ display power

■ display schedule reboot

■ reboot

■ reboot slot

■ schedule reboot at

■ schedule reboot delay

■ temperature-limit

Basic System Configuration and Management Commands

■ clock datetime

■ clock summer-time

■ clock timezone

■ sysname

System Status and System Information Display Commands

■ display clock

■ display current-configuration

■ display debugging

■ display saved-configuration

■ display users

■ display version

System Debug Commands

■ debugging

■ display diagnostic-information

Network Connection Test Commands

■ ping

■ tracert

Log Commands

■ display channel

■ display info-center

■ info-center channel name

■ info-center console channel


■ info-center enable

■ info-center logbuffer

■ info-center loghost

■ info-center loghost source

■ info-center monitor channel

■ info-center snmp channel

■ info-center source

■ info-center timestamp

■ info-center trapbuffer

■ reset logbuffer

■ reset trapbuffer

■ terminal debugging

■ terminal logging

■ terminal monitor

■ terminal trapping

SNMP Configuration Commands

■ display snmp-agent community

■ display snmp-agent

■ display snmp-agent group

■ display snmp-agent mib-view

■ display snmp-agent statistics

■ display snmp-agent sys-info

■ display snmp-agent usm-user

■ enable snmp trap

■ snmp-agent community

■ snmp-agent group

■ snmp-agent local-engineid

■ snmp-agent mib-view

■ snmp-agent packet max-size

■ snmp-agent sys-info

■ snmp-agent target-host

■ snmp-agent trap enable

■ snmp-agent trap life

■ snmp-agent trap queue-size

■ snmp-agent trap source

■ snmp-agent usm-user

■ undo snmp-agent

File System Management Commands 461

RMON Configuration Commands

■ display rmon alarm

■ display rmon event

■ display rmon eventlog

■ display rmon history

■ display rmon prialarm

■ display rmon statistics

■ rmon alarm

■ rmon event

■ rmon history

■ rmon prialarm

■ rmon statistics

NTP Configuration Commands

■ debugging ntp-service

■ display ntp-service sessions

■ display ntp-service status

■ display ntp-service trace

■ ntp-service access

■ ntp-service authentication enable

■ ntp-service authentication-keyid

■ ntp-service broadcast-client

■ ntp-service broadcast-server

■ ntp-service max-dynamic sessions

■ ntp-service multicast-client

■ ntp-service multicast-server

■ ntp-service refclock-master

■ ntp-service reliable authentication-keyid

■ ntp-service source-interface

■ ntp-service in-interface disable

■ ntp-service unicast-peer

■ ntp-service unicast-server

File System Management Commands

This section describes the commands you can use to manage the file system on your Switch 7700.

cd Syntaxcd directory


View

User view

Parameter

directory: Destination directory. The default directory is the working path configured by the user when the system starts.

Description

■ Use the cd command to change the current user configuration path on the Ethernet Switch.

Example

Change the current working directory of the switch to flash.

<SW7700>cd flash: <SW7700>pwdflash:

copy Syntaxcopy fileurl-source fileurl-dest

View

User view

Parameter

fileurl-source: Source file name.

fileurl-dest: Destination file name.

Description

■ Use the copy command to copy a file.

When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it.

Example

Display current directory information.

<SW7700>dirDirectory of *0 -rw- 595 Jul 12 2001 19:41:50 test.txt16125952 bytes total (13975552 bytes free)

Copy the file test.txt and saves it as test.bak.

<SW7700>copy test.txt test.bakCopy flash:/test/test.txt to flash:/test/test.bak ?[confirm]:y% Copied file flash:/test/test.txt flash:/test/test.bak

Display current directory information.

<SW7700>dirDirectory of *

0 -rw- 595 Jul 12 2001 19:41:50 test.txt1 -rw- 595 Jul 12 2001 19:46:50 test.bak

16125952 bytes total (13974528 bytes free)


delete Syntaxdelete [ /unreserved ] file-url

View

User view

Parameter

file-url: Path and name of the file you want to delete.

Description

■ Use the delete command to delete a specified file from the storage device of the Ethernet Switch.

The deleted files are kept in the recycle bin and will not be displayed when you use the dir command. However they will be displayed, using the dir /all command. The files deleted by the delete command can be recovered with the undelete command or deleted permanently from the recycle bin, using the reset recycle-bin command.

Note that, if two files with the same name in a directory are deleted, only the latest deleted file will be kept in the recycle bin.

Example

Delete the file flash:/test/test.txt

<SW7700>delete flash:/test/test.txtDelete flash:/test/test.txt?[confirm]

dir Syntaxdir [ /all ] [ file-url ]

View

User view

Parameter

/all: Display all the files (including the deleted ones).

file-url: File or directory name to be displayed. The file-url parameter supports “*” matching. For example, using dir *.txt will display all the files with the extension txt in the current directory; By default, display the file information in current path.

Description

Use the dir command to display the information about the specified file or directory in storage device of Ethernet Switch.

Example

Display the information about the file flash:/test/test.txt

<SW7700>dir flash:/test/test.txtDirectory of flash:/test/test.txt1 -rw- 248 Aug 29 2000 17:49:36 text.txt20578304 bytes total (3104544 bytes free)


Display information of directory flash:/test/

<SW7700>dir flash:/test/Directory of flash:/test/1 -rw- 248 Aug 29 2000 17:49:36 text.txt2 -drw- 0 Oct 01 2000 18:42:53 3Com3 -rw- 639 Oct 02 1997 12:09:32 foo20578304 bytes total (3104544 bytes free)

Display all files with the names starting with “t” in the directory flash:/test/

<SW7700> dir flash:/test/t*Directory of flash:/test/t*1 -rw- 248 Aug 29 2000 17:49:36 text.txt20578304 bytes total (3104544 bytes free)

Display information about all the files (including the deleted files) in the directory flash:/test/

<SW7700>dir /all flash:/test/Directory of flash:/test/1 -rw- 248 Aug 29 2000 17:49:36 text.txt2 -drw- 0 Oct 01 2000 18:42:53 3Com3 -rw- 639 Oct 02 1997 12:09:32 foo4 -rw- 1988 Oct 01 2000 18:48:14 [text]5 -rw- 639 Oct 02 1997 12:09:17 [the_time]20578304 bytes total (3104544 bytes free)

Display information of all the files (including the deleted files) with the names starting with “t” in flash:/test/

<SW7700>dir /all flash:/test/t*Directory of flash:/test/1 -rw- 248 Aug 29 2000 17:49:36 text.txt2 -rw 1988 Oct 01 2000 18:48:14 [text]3 -rw- 639 Oct 02 1997 12:09:17 [the_time]20578304 bytes total (3104544 bytes free)

file prompt Syntaxfile prompt { alert | quiet }

View

System view

Parameter

alert: Perform interactive confirmation on dangerous file operations. The default value is alert, which configures to perform interactive confirmation on dangerous file operations.

quiet: Do not prompt for the file operations.

Description

■ Use the file prompt command to modify prompt modes of the file operation on the Ethernet switch.

If the prompt mode is set as quiet, that is, no prompt for file operations, some non-recoverable operations may lead to system damage.


Example

Configure the prompt mode of file operation as quiet.

[SW7700]file prompt quiet

format Syntaxformat filesystem

View

User view

Parameter

filesystem: Device name.

Description

■ Use the format command to format the storage device.

Format operation will cause non-recoverable loss of all the files on the device. Specially, configuration files will be lost after formatting the flash memory.

Example

Format flash:

<SW7700>format flash:All sectors will be erased, proceed? [confirm]yFormat winc: completed

mkdir Syntaxmkdir directory

View

User view

Parameter

directory: Directory name.

Description

■ Use the mkdir command to create directory in the specified directory on the storage device.

The directory to be created cannot have the same name as that of other directory or file in the specified directory.

Example

Create the directory dd.

<SW7700>mkdir ddCreated dir dd

more Syntax

more file-url


View

User view

Parameter

file-url: File name.

Description

■ Use the more command to display content of specified file.

At present, file system can display files in the text format.

Example

Display contents of file test.txt.

<SW7700> more test.txtAppWizard has created this test application for you. This file contains a summary of what you will find in each of the files that make up your test application.Test.dspThis file (the project file) contains information at the project level and is used to build a single project or subproject. Other users can share the project (.dsp) file, but they should export the makefiles locally.

move Syntaxmove fileurl-source fileurl-dest

View

User view

Parameter



Description

■ Use the move command to move files.

When the destination filename is the same as that of an existing file, the system will ask whether to overwrite it.

Example

Display the current directory information.


0 -rw- 2145718 Jul 12 2001 12:28:08 ne80.bin1 drw- 0 Jul 12 2001 19:41:20 test

16125952 bytes total (13970432 bytes free)<SW7700> dir flash:/test/Directory of flash:/test/

0 drw- 0 Jul 12 2001 20:23:37 subdir1 -rw- 50 Jul 12 2001 20:08:32 sample.txt



Move flash:/test/sample.txt to flash:/sample.txt.

<SW7700>move flash:/test/sample.txt flash:/sample.txtMove flash:/test/sample.txt to flash:/sample.txt ?[confirm]:y% Moved file flash:/test/sample.txt flash:/sample.txt

Display the directory after moving a file.


0 -rw- 2145718 Jul 12 2001 12:28:08 vrp.bin1 drw- 0 Jul 12 2001 19:41:20 test2 -rw- 50 Jul 12 2001 20:26:48 sample.txt

16125952 bytes total (13970432 bytes free)<SW7700>dir flash:/test/Directory of flash:/test/

0 drw- 0 Jul 12 2001 20:23:37 subdir16125952 bytes total (13970432 bytes free)

pwd Syntaxpwd

View

User view

Parameter

None

Description

■ Use the pwd command to display the current path.

Error may occur without setting the current path.

Example

Display the current path.

<SW7700>pwdflash:

rename Syntaxrename fileurl-source fileurl-dest

View

User view

Parameter



Description

■ Use the rename command to rename a file.


If the destination file name is the same as an existing directory name, operation fails. If the destination file name is the same as an existing file name, prompt whether to overwrite.

Example

Display the current directory information.


0 -rw- 2145718 Jul 12 2001 12:28:08 vrp.bin1 drw- 0 Jul 12 2001 19:41:20 test2 -rw- 50 Jul 12 2001 20:26:48 sample.txt


Rename the file sample.txt with sample.bak.

<SW7700>rename sample.txt sample.bakRename flash:/sample.txt to flash:/sample.bak ?[confirm]:y% Renamed file flash:/sample.txt flash:/sample.bak

Display the directory after renaming sample.txt with sample.bak.


0 -rw- 2145718 Jul 12 2001 12:28:08 ne80.bin1 drw- 0 Jul 12 2001 19:41:20 test2 -rw- 50 Jul 12 2001 20:29:55 sample.bak


reset recycle-bin Syntaxreset recycle-bin file-url

View

User view

Parameter

file-url: Name of the file to be deleted.

Description

■ Use the reset recycle-bin command to permanently delete files from the recycle bin.

The delete command only puts the file into the recycle bin, but the reset recycle-bin command will delete this file permanently.

Example

Delete the file from the recycle bin.

<SW7700>reset recycle-binflash:/p1h_logic.outReset recycle-binflash:/plh_logic.out?[confirm]

rmdir Syntaxrmdir directory


View

User view

Parameter

directory: Directory name.

Description

■ Use the rmdir command to delete a directory.

The directory to be deleted must be empty.

Example

Delete the directory altdir.

<SW7700>rmdir altdir Rmdir dd?[confirm] Removed dir flash:/test/text.txt flash:/test/altdir

undelete Syntaxundelete file-url

View

User view

Parameter

file-url: Name of the file to be recovered.

Description

■ Use the undelete command to recover deleted file.

The file name to be recovered cannot be the same as an existing directory name. If the destination file name is the same as an existing file name, prompt whether to overwrite.

Example

Display the information of all the files (including the deleted ones) in the current directory.

<SW7700>dir /allDirectory of *

0 -rw- 595 Jul 12 2001 20:13:19 test.txt1 -rw- 50 Jul 12 2001 20:09:23 [sample.bak]


Recover the deleted file sample.bak.

<SW7700>undelete sample.bakUndelete flash:/test/sample.bak ?[confirm]:y% Undeleted file flash:/test/sample.bak


Display the information of all the files (including the deleted ones) in the current directory.

<SW7700>dir /allDirectory of *

0 -rw- 50 Jul 12 2001 20:34:19 sample.bak1 -rw- 595 Jul 12 2001 20:13:19 test.txt


Configuration File Management Commands

This section describes the commands you can use to manage the configuration files on your Switch 7700.

display this Syntaxdisplay this

View

Any view

Parameter

None

Description

Use the display this command, to display the configuration of the current view. If you need to authenticate whether the configurations are correct, after you have finished a set of configurations under a view, you can use the display this command to view the parameters.

Some effective parameters are not displayed if they are the same as the default ones. Some ineffective parameters that were configured by the user, are not displayed either.

Associated configuration of the interface is displayed when executing the command in different interface views, related configuration of the protocol view is displayed when executing this command in different protocol views, and all the configurations of the protocol views are displayed when executing this command in protocol sub-views.

For the related command, see save, reset, saved-configuration, display current-configuration, display saved-configuration.

Example

Display the configuration parameters for the current view of the switch system.

[SW7700] display this

display startup Syntaxdisplay startup

View

Any view

Configuration File Management Commands 471

Parameter

None

Description

Use the display startup command, to display the related system software and configuration filenames used for the current and the next start-ups.

This command is used to display the following information:

■ Filename of the system software configured by the user

■ Filename of the system software actually used for this startup

■ Filename of the system software configured for the next startup

■ Configuration filename used for the current startup

■ Configuration filename configured for the next startup.

For the related command, see startup saved-configuration.

Example

Display the filenames related to the current and the next enabling.

<SW7700> display startup

MainBoard:

Configed boot system file:hda1:/vrp3.cc

Boot system file:hda1:/vrp3.cc

Next boot system file:hda1:/vrp3.cc

Boot configure file:hda1:/vrpcfg.cfg

Next boot configure file: hda1:/vrpcfg.cfg

reset saved-configuration

Syntaxreset saved-configuration

View

User view

Parameter

None

Description

■ Use the reset saved-configuration command to erase configuration files from the flash memory of the Switch 7700.

Consult with technical support personnel before executing this command.

Generally, this command is used in the following situations:

■ After upgrade of software, configuration files in flash memory may not match the new version's software. Perform reset saved-configuration command to erase the old configuration files.


■ If a used Ethernet Switch is applied to the new circumstance and the original configuration files cannot meet the new requirements, the Ethernet Switch should be configured again. Erase the original configuration files for reconfiguration.

If the configuration files do not exist in the flash memory when Ethernet Switch is electrified and initialized, it will enter setup switch view automatically.

Related commands: save, display current-configuration, display saved-configuration.

Example

Erase the configuration files from the flash memory of Ethernet Switch.

<SW7700>reset saved-configurationThis will erase the configuration in the flash memory.The router configurations will be erased to reconfigure.Are you sure? [Y/N]y

save Syntaxsave [ filename | safely ]

View

User view

Parameter

file-name: the name of the configuration file. It is a character string of 5 to 56 characters.

Description

Use the save command, to save the current configuration files to flash memory.

After finishing a group of configurations and achieving corresponding functions, get the current configuration files stored in the flash memory.

Related commands: reset saved-configuration, display current-configuration, display saved-configuration.

Example

Get the current configuration files stored in flash memory.

<SW7700>saveThis will save the configuration in the flash memory.The switch configurations will be written to flash.Are you sure?[Y/N] yNow saving current configuration to flash memory.Please wait for a while...Save current configuration to flash memory successfully.

startup saved configuration

Syntaxstartup saved-configuration cfgfile

FTP Server Configuration Commands 473

View

User view

Parameter

cfgfile: The name of the configuration file. It is a string with a length of 5 to 56 characters.

Description

Use startup saved-configuration command to configure the configuration file used for enabling the system for the next time.

The configuration file must have “.cfg” or “.zip” as its extension name and must be saved under the root directory of the Flash. By default, the configuration file will be saved under the root directory of Flash.

Related commands: display startup.

Example

Configure the configuration file for the next startup.

<SW7700> startup saved-configuration vrpcfg.cfg

FTP Server Configuration Commands

This section describes how to use the File Transfer Protocol (FTP) configuration commands on your Switch 7700.

display ftp-server Syntaxdisplay ftp-server

View

All views

Parameter

None

Description

Use the display ftp-server command to display the parameters of the current FTP Server. You can perform this command to verify the configuration after setting FTP parameters.

Example

Display the configuration of FTP Server parameters.

<SW7700>display ftp-serverFtp server is runningMax user number 5User count 0Timeout(minute) 30

display ftp-user Syntaxdisplay ftp-user


View

All views

Parameter

None

Description

Use the display ftp-user command to display the parameters of current FTP user. You can perform this command to examine the configuration after setting FTP parameters.

Example

Show the configuration of FTP user parameters.

<SW7700>display ftp-user% No ftp user

ftp server Syntaxftp server enableundo ftp server

View

System view

Parameter

enable: Start FTP Server.

Description

■ Use the ftp server command to start FTP Server and enable FTP user logon.

■ Use the undo ftp server command to close FTP Server and disable FTP user logon.

By default, FTP Server is shut down.

Perform this command to easily start or shut down FTP Server, preventing Ethernet Switch from being attacked by some unknown user.

Example

Shut down FTP Server.

[SW7700]undo ftp server

ftp timeout Syntaxftp timeout minuteundo ftp timeout

View

System view

FTP Server Configuration Commands 475

Parameter

minute: Connection timeouts (measured in minutes), ranging from 1 to 35791; The default connection timeout time is 30 minutes.

Description

■ Use the ftp timeout command to configure connection timeout interval.

■ Use the undo ftp timeout command to restore the default connection timeout interval.

After a user logs on to an FTP Server and has established connection, if the connection is interrupted or cut abnormally by the user, FTP Server will still hold the connection. The connection timeout can avoid this problem. If the FTP server has no command interaction with a client for a specific period of time, it considers the connection to be failed and disconnect to the client.

Example

Set the connection timeout to 36 minutes.

[SW7700]ftp timeout 36

local-user Syntaxlocal-user user_name

undo local-user { user_name | all [service-type { telnet | ftp | lan-access }]}

View

System view

Parameter

user_name: Enter a local user name, up to 32 characters in length. (The @ character can be used once in a user_name; that part of the user name which precedes the @ symbol must not be more than 24 characters in length.

service-type: Specifies the service type, which can be one of the following:

■ telnet: Specifies the user type of Telnet.

■ ftp: Specifies the user type of FTP.

■ lan-access: Specifies the user type of LAN access, which mainly refers to Ethernet-accessing users.

all: Specifies all users.

Description

■ Use the local-user command to configure a local user and enter the local user view.

■ Use the undo local-user command to cancel a specified local user, a type of user or all users. By default, a local user is not configured.

Related commands: display local-user, server-type.


Example

To add a local user named 3Com1, enter the following:

[SW7700]local-user 3Com1

password Syntaxpassword { simple | cipher } password

undo password

View

Local user view

Parameters

simple: Specifies that passwords are displayed in simple text.

cipher: Specifies that passwords are displayed in cipher text.

password: Enter a password, up to 16 characters in length for simple text, and up to 24 characters in length for cipher text.

Description

■ Use the password command to configure the password display mode for local users.

■ Use the undo password command to cancel the specified password display mode.

The settings in the local-user password-display-mode cipher-force, command override the settings in the password command.

Related command: display local-user

Example

To set the user 3Com1 to display the password 20030422 in simple text, enter the following:

[3Com-user-3Com1]password simple 20030422

service-type Syntax

service-type { telnet [ level level ] | ftp [ ftp-directory directory ] | lan-access }

undo service-type { telnet [ level ] | ftp [ ftp-directory ] | lan-access }

View

Local user view

Parameters

telnet: Specifies the user’s service type as Telnet.

FTP Client Commands 477

level level: Enter the user level of the Telnet user, in the range 0 to 3. The default is 3. Optional.

ftp: Specifies the user’s service type as FTP.

ftp-directory directory: Enter an FTP directory, up to 64 characters in length. Optional.

lan-access: Specifies the user’s service type as LAN access, which refers mainly to Ethernet users.

Description

■ Use the service-type command to configure a service type for a particular user.

■ Use the service-type command to cancel the currently configured service service type for a particular user.

Example

To configure a service type of LAN access for the user 3Com1, enter the following:

[SW7700-user-3Com1]service-type lan-access

FTP Client Commands This section describes the File Transfer Protocol (FTP) Client commands on your Switch 7700.

ascii Syntaxascii

View

FTP Client view

Parameter

None

Description

■ Use the ascii command to configure data transmission mode as ASCII mode.

By default, the file transmission mode is ASCII mode.

Perform this command if the user needs to change the file transmission mode to default mode.

Example

Configure to transmit data in the ASCII mode.

[ftp]ascii200 Type set to A.

binary Syntaxbinary


View

FTP Client view

Parameter

None

Description

■ Use the binary command to configure file transmission type as binary mode.

Example

Configure to transmit data in the binary mode.

[ftp]binary200 Type set to B.

bye Syntaxbye

View

FTP Client view

Parameter

None

Description

■ Use the bye command to disconnect with the remote FTP Server and return to user view.

After performing this command, you can terminate the control connection and data connection with the remote FTP Server.

Example

Terminate connection with the remote FTP Server and return to user view.

[ftp]bye

cd Syntaxcd pathname

View

FTP Client view

Parameter

pathname: Path name.

Description

■ Use the cd command to change the working path on the remote FTP Server.

This command is used to access another directory on FTP Server. Note that the user can only access the directories authorized by the FTP server.


Example

Change the working path to flash:/temp

[ftp]cd flash:/temp

cdup Syntaxcdup

View

FTP Client view

Parameter

None

Description

■ Use the cdup command to change working path to the upper level directory.

This command is used to exit the current directory and return to the upper level directory.

Example

Change working path to the upper level directory.

[ftp]cdup

close Syntaxclose

View

FTP Client view

Parameter

None

Description

■ Use the close command to disconnect FTP client side from FTP server side without exiting FTP client side view so that you terminate the control connection and data connection with the remote FTP server at the same time.

Example

Terminate connection with the remote FTP Server and stays in FTP Client view.

[ftp]close

delete Syntaxdelete remotefile

View

FTP Client view


Parameter

remotefile: File name.

Description

Using the delete command, you can delete the specified file.

This command is used to delete a file.

Example

Delete the file temp.c

[ftp]delete temp.c

dir Syntaxdir [ filename [ localfile ]

View

FTP Client view

Parameter

filename: File name to be queried.

localfile: Saved local file name.

Description

Using the dir command, you can query a specified file.

If no parameter of this command is specified, then all the files in the directory will be displayed.

Example

Query the file temp.c and saves the results in the file temp1.

[ftp]dir temp.c temp1

disconnect Syntaxdisconnect

View

FTP Client view

Parameter

None

Description

Using the disconnect command, subscribers can disconnect FTP client side from FTP server side without exiting FTP client side view.

This command terminates the control connection and data connection with the remote FTP Server at the same time.


Example

Terminate connection with the remote FTP Server and stays in FTP Client view.

[ftp]disconnect

ftp Syntaxftp [ ipaddress [ port ] ]

View

User view

Parameter

ipaddress: IP address of the remote FTP Server.

port: Port number of remote FTP Server.

Description

Using the ftp command, you can establish control connection with the remote FTP Server and enter FTP Client view.

Example

Connect to FTP Server at the IP address 1.1.1.1

<SW7700>ftp 1.1.1.1

get Syntaxget remotefile [ localfile ]

View

FTP Client view

Parameter

localfile: Local file name.

remotefile: Name of a file on the remote FTP Server.

Description

Using the get command, you can download a remote file and save it locally.

If no local file name is specified, it will be considered the same as that on the remote FTP Server.

Example

Download the file temp1.c and saves it as temp.c

[ftp]get temp1.c temp.c

lcd Syntaxlcd


View

FTP Client view

Parameter

None

Description

Using the lcd command, you can display local working path of FTP Client.

Example

Show local working path.

[ftp]lcd% Local directory now flash:/temp

ls Syntaxls [ remotefile [ localfile ]]

View

FTP Client view

Parameter

remotefile: Remote file to be queried.

localfile: Saved local file name.

Description

Using the ls command, you can query a specified file.

If no parameter is specified, all the files will be shown.

Example

Query file temp.c

[ftp]ls temp.c

mkdir Syntaxmkdir pathname

View

FTP Client view

Parameter

pathname: Directory name.

Description

Using the mkdir command, you can create a directory on the remote FTP Server.

User can perform this operation as long as the remote FTP server has authorized.


Example

Create the directory flash:/lanswitch on the remote FTP Server.

[ftp]mkdir flash:/lanswitch

passive Syntaxpassive

undo passive

View

FTP Client view

Parameter

None

Description

Using the passive command, you can set the data transmission mode to be passive mode. Using the undo passive command, you can set the data transmission mode to be active mode.

By default, the data transmission mode is passive mode

Example

Set the data transmission to passive mode.

[ftp]passive

put Syntaxput localfile [ remotefile ]

View

FTP Client view

Parameter

localfile: Local file name.

remotefile: File name on the remote FTP Server.

Description

Using the put command, you can upload a local file to the remote FTP Server.

If the user does not specify the filename on the remote server, the system will consider it the same as the local file name by default.

Example

Upload the local file temp.c to the remote FTP Server and saves it as temp1.c.

[ftp]put temp.c temp1.c

pwd Syntaxpwd


View

FTP Client view

Parameter

None

Description

Using the pwd command, you can display the current directory on the remote FTP Server.

Example

Show the current directory on the remote FTP Server.

[ftp]pwd"flash:/temp" is the current directory.

quit Syntaxquit

View

FTP Client view

Parameter

None

Description

Using the quit command, you can terminate the connection with the remote FTP Server and return to user view.

Example

Terminate connection with the remote FTP Server and returns to user view.

[ftp]quit<SW7700>

remotehelp Syntaxremotehelp [ protocol-command ]

View

FTP Client view

Parameter

protocol-command: FTP protocol command.

Description

Using the remotehelp command, you can display help information about the FTP protocol command.


Example

Show the syntax of the protocol command user.

[ftp]remotehelp user214 Syntax: USER <sp> <username>

rmdir Syntaxrmdir pathname

View

FTP Client view

Parameter

pathname: Directory name of remote FTP Server.

Description

Using the rmdir command, you can delete the specified directory from FTP Server.

Example

Delete the directory flash:/temp1 from FTP Server.

[ftp]rmdir flash:/temp1

user Syntaxuser username [ password ]

View

FTP Client view

Parameter

username: Logon username.

password: Logon password.

Description

Using the user command, you can register an FTP user.

Example

Log in the FTP Server with username tom and password bjhw.

[ftp]user tom bjhw

verbose Syntaxverbose

undo verbose

View

FTP Client view


Parameter

None

Description

Using the verbose command, you can enable verbose. Using the undo verbose command, you can disable verbose.

By default, verbose is disabled.

Example

Enable verbose.

[ftp]verbose

TFTP Configuration Commands

This section describes the Trivial File Transfer Protocol (TFTP) Commands on your Switch 7700.

tftp get Syntaxtftp tftpserver get source-file [ dest-file ]

View

System view

Parameter

tftp-server: IP address or host name of the TFTP server. The name of the TFTP server should be a string ranging from 1 to 20 characters.

source-file: Information about the file to be downloaded from the TFTP server.

dest-file: Specify the filename that will be downloaded to the switch, which can be different from source-file.

Description

Using the tftp get command, you can download a file from the specified directory of the TFTP server and save it with a different name on the switch.

Related command: tftp put.

Example

Download the file LANSwitch.app from the TFTP server at 1.1.3.214 and save it as vxWorks.app on the local switch.

[SW7700]tftp 1.1.3.214 get LANSwitch.app vxWorks.app

tftp put Syntaxtftp tftp-server put source-file [ dest-file ]

View

System view

MAC Address Table Management Commands 487

Parameter

tftp-server: IP address or hostname of the TFTP server. The name of the TFTP server should be a string ranging from 1 to 20 characters.

source-file: The name of the file to be uploaded to the TFTP server.

dest-file: Specify the filename that is saved after the file is uploaded to the TFTP server, which can be different from source-file..

Description

Using the tftp put command, you can upload a file from the switch to the specified directory on the TFTP server and save it with a new name.

Related commands: tftp get.

Example

Upload vrpcfg.txt to the TFTP server at 1.1.3.214 and save it as Temp.txt.

[SW7700]tftp 1.1.3.214 put vrpcfg.txt temp.txt

MAC Address Table Management Commands

This section describes the commands you can use to manage the MAC Address Table on your Switch 7700.

display mac-address aging-time

Syntaxdisplay mac-address aging-time

View

All views

Parameter

None

Description

Using the display mac-address aging-time command, you can display the aging time of the dynamic entry in the MAC address table.

For the related commands, see mac-address, mac-address timer, display mac-address.

Example

Display the aging time of the dynamic entry in the MAC address table.

[SW7700]display mac-address aging-timemac-address timer: 300s

The above information indicates that the aging time of the dynamic entry in the MAC address is 300s.


display mac-address Syntaxdisplay mac-address [ mac-addr [ vlan vlan-id ] | [ static | dynamic ] [ interface { interface-name | interface-type interface-num } ] [ vlan vlan-id ][ count ] ]

View

All views

Parameter

static: Static table entry, lost after resetting switch.

dynamic: Dynamic table entry, which will be aged.

interface-type: Specify the interface type.

interface-num: Specify the interface number.

interface-name: Specify the interface name.

For details about the interface-type, interface-num and interface-name parameters, refer to “Using Port Commands” on page 49.

vlan-id: Specify the VLAN ID.

mac-addr: Specify the MAC address.

count: The display information will only contain the sum number of MAC addresses in the MAC address table if you use this parameter when using this command.

Description

Using the display mac-address command, you can display MAC address table information.

When managing the Layer-2 addresses of the switch, the administrator can perform this command to view such information as the Layer-2 address table, address status (static or dynamic), Ethernet port of the MAC address, VLAN of the address, and system address aging time.

For the related commands, see mac-address, mac-address timer.

Example

Show the information of the entry with MAC address at 00e0-fc01-0101

[SW7700]display mac-address 00e0-fc01-0101MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)00e0-fc01-0101 N/A Config static Ethernet1/0/1 NOAGED

mac-address Syntaxmac-address { static | dynamic } mac-address interface { interface-name | interface-type interface-num } vlan vlan-id ]

undo mac-address [ static | dynamic ] [ [ mac-address ] interface { interface-name | interface-type interface-num ] vlan vlan-id ]

MAC Address Table Management Commands 489

View

System view

Parameter

static: Static table entry, lost after resetting switch.

dynamic: Dynamic table entry, which will be aged.

mac-addr: Specify the MAC address.

interface-type: interface type.

interface-num: interface number.

interface-name: interface name.

vlan-id: Specify the VLAN ID.

Description

Using the mac-address command, you can add/modify the MAC address table entry. Using the undo mac-address command, you can delete MAC address table entry

If the input address has been existing in the address table, the original entry will be modified. That is, replace the interface pointed by this address with the new interface and the entry attribute with the new attribute (dynamic entry and static entry).

All the (MAC unicast) addresses on a certain interface can be deleted. User can choose to delete any of the following addresses: address learned by system automatically, dynamic address configured by user, static address configured by user.

Because the address table is shared in the VLAN domain, you need specify the VLAN of the multicast address and the port of the unicast address, when adding entries to the address table.

For the related commands, see display mac-address.

Example

Configure the port number corresponding to the MAC address 00e0-fc01-0101 as Ethernet1/0/1 in the address table, and sets this entry as static entry.

[SW7700]mac-address static 00e0-fc01-0101 interface Ethernet 1/0/1 vlan 2

mac-address max-mac-count

Syntaxmac-address max-mac-count count

undo mac-address max-mac-count


View

Ethernet port view

Parameter

count: Enter to specify how many MAC addresses a port can learn. This can be in the range 0 to 32768. 0 means that the port is not allowed to learn MAC addresses.

Description

Use the mac-address max-mac-count command to configure the maximum number of MAC addresses that can be learned by a specified Ethernet port. The port stops learning MAC addresses when the specified limit is reached.

Use the undo mac-address-table max-mac-count command to cancel the maximum limit on the number of MAC addresses learned by an Ethernet port. This is the default. If you set no maximum limit, the MAC address table controls the number of MAC addresses a port can learn.

Related commands: mac-address, mac-address timer, mac-address mac-learning disable

Examples

To configure the port “Ethernet 1/0/3” to learn at most 600 MAC addresses, enter the following:

[SW7700-Ethernet1/0/3]mac-address max-mac-count 600

To cancel the maximum limit on the number of MAC addresses learned by the port “Ethernet1/0/3”, enter the following:

[SW7700-Ethernet1/0/3]undo mac-address max-mac-count

mac-address timer Syntaxmac-address timer { aging age | no-aging }

undo mac-address timer aging

View

System view

Parameter

aging age: Specifies the aging time (measured in seconds) of the Layer-2 dynamic address table entry, ranging from 10 to 1000000; by default, the aging time is 300 seconds.

no-aging: No aging time.

Description

Using the mac-address timer command, you can configure the aging time of the Layer-2 dynamic address table entry. Using the undo mac-address timer command, you can restore the default value.

Device Management Commands 491

Too long or too short aging time set by subscribers will cause the problem that the Ethernet switch broadcasts a great mount of data packets without MAC addresses, which will affect the switch operation performance.

If aging time is set too long, the Ethernet switch will store a great number of out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change.

If aging time is set too short, the Ethernet switch may delete valid MAC address table.

Example

Configure the entry aging time of Layer-2 dynamic address table to be 500 seconds.

[SW7700]mac-address timer aging 500

Device Management Commands

This section describes the device management commands available on your Switch 7700.

boot bootloader Syntaxboot bootloader file-url [ slot slotnum ]

View

User view

Parameter

file-url: Path and name of APP file.

Description

Using the boot bootloader command, you can specify the .app file used for the next boot.

Example

Specify the APP application used for boot of next time.

<SW7700>boot bootloader PLATV100R002B09D002.APPOK<SW7700>

bootrom-update security-check enable

Syntaxbootrom-update security-check enable

undo bootrom-update security-check enable

View

System view

Parameter

None


Description

Using the bootrom-update security-check enable command, you can enable the validity check function when upgrade BootROM. Using the undo bootrom-update security-check enable command, you can disable the validity check function when upgrade BootROM.

The Switch 7700 has many I/O modules. Every module has its own BootROM application. Improper upgrading the BootROM causes serious results. Validity checking is used to avoid improper operations.

Example

Enable the validity check function.

[SW7700] bootrom-update security-check enable

boot bootrom Syntaxboot bootrom file-url slot slot-num-list

View

User view

Parameter

file-url: File path and file name of Bootrom.

slot-num-list: slot-num-list = [ slot-num1 [ to slot-num2 ] ]&<1-10>, slot need to be upgraded, the range of slot-num is from 0 to 6. &<1-10> indicates that parameter in front of this mark can be input up to 10 times.

Description

Using the boot bootrom command, you can upgrade bootrom.

Example

Upgrade bootrom of No. 0 slot.

<SW7700>boot bootrom PLATV100R002B09D002.btm slot 0

display backboard view Syntaxdisplay backboard view

View

All views

Parameter

None

Description

Using the display backboard view command, you can display system backplane configuration.

Example

Show backboard view.


[SW7700]display backboard viewThe backboard view is 0Current Back Board Configuration is described as following: |Slot No. |Brd Type |Slot Band Width |Brd Available| 1 |NONE | 8G |NO| 2 |NONE | 8G |NO| 3 |NONE | 8G |NO| 4 |LS81FT48| 8G |YES| 5 |NONE | 0G |NO| 6 |NONE | 0G |NO

display bootloader Syntaxdisplay bootloader

View

All views

Parameter

None

Description

Using the display bootloader command, you can display APP file used next time.

Example<SW7700>display bootloaderThe app to boot at the next time is: PLATV100R002B09D002.APPThe app to boot of board 0 at this time is: flash:/PLATV100R002B09D002.APP

display cpu Syntaxdisplay cpu [ slot slotnum ]

View

All views.

Parameter

slot slotnum: Specifies the APP file for the submodule.

Description

Using the display cpu command, you can display CPU occupancy.

Example

To display CPU occupancy, enter the following:

<SW7700>display cpu


CPU busy status:18% in last 5 seconds


19% in last 1 minute19% in last 5 minutes

display device Syntaxdisplay device [ detail | { shelf shelf-no | frame frame-no | slot slot-no ] ]

View

All views

Parameter

shelf-no: Cabinet number.

frame-no: Chassis number.

slot-no: Slot number.

Description

Using the display device command, you can display the module type and working status information of a card, including physical card number, physical daughter card number, number of ports, hardware version number, FPGA version number, version number of BOOTROM software, application version number, address learning mode, interface card type and interface card type description, etc.

Example

Show device information.

<SW7700>display deviceSlot No Brd Type Brd Status Subslot Num0 FAB64 Normal 01 8BT Absent Absent2 24FS Normal 03 48TX Absent Absent4 24FX Normal 05 8GBIC Absent Absent6 NONE Absent Absent

Table 43 Display information

Field Description

CPU busy status The busy status of the Switch

18% in last 5 seconds The CPU occupancy rate is 18% at last 5 seconds

19% in last 1 minute The CPU occupancy rate is 19% at last 1 minute

19% in last 5 minutes The CPU occupancy rate is 19% at last 5 minutes

Table 44 Output description of the display device command

Field Description

SlotNo Physical card number

Subslot Num Sub-slot number

Brd Type Board type

Brd Status Board status


display environment Syntaxdisplay environment

View

All views

Parameter

None

Description

Using the display environment command, you can display environment information.

Example

Display the environment information.

<SW7700>display environmentSystem temperature information:----------------------------------------------------

Board Temperature Downlimit Uplimit0 46 0 802 48 10 75

display fan Syntaxdisplay fan [ fan-id ]

View

All views

Parameter

None

Description

Using the display fan command, you can display the working state of the built-in fans.

Example

Display the working state of the fans.

<SW7700>display fanFan 0 State: OKFan 1 State: OKFan 2 State: OKFan 3 State: OK

The above information indicates that all of the four fans work normally.

display memory Syntaxdisplay memory [ slot slot_number ]


View

All views

Parameter

slot_number: Enter a slot number.

Description

Using the display memory command, you can display the current system memory status.

Example

To display the current memory status, enter the following:

<SW7700>display memory


System Total Memory(bytes): 32491008Total Used Memory(bytes): 13181348Used Rate: 40%

Table 45 Display information

display power Syntaxdisplay power [ power-ID ]

View

All views

Parameter

power-ID: Power ID.

Description

Using the display power command, you can display the working state of the built-in power supply.

Example

Show power state.

<SW7700>display power 1power 1 State: Normal

display schedule reboot Syntaxdisplay schedule reboot

View

Any view

Field Description

System Total Memory (bytes) The Total Memory of switch, unit in byte

Total Used Memory (bytes) The Total used Memory of switch, unit in byte

Used Rate The memory used rate


Parameter

None

Description

Using the display schedule reboot command, you can check the configuration of related parameters of the router schedule reboot terminal service.

Related command: reboot, schedule reboot at, schedule reboot delay, undo schedule reboot.

Example

Display the configuration of the schedule reboot terminal service parameters of the current router.

<SW7700> display schedule reboot

System will reboot at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).

schedule reboot at Syntaxschedule reboot at hh:mm [ yyyy/mm/dd ]

undo schedule reboot

View

User view

Parameter

hh:mm: Reboot time of the switch, in the format of “hour: minute” The hh ranges from 0 to 23, and the mm ranges from 0 to 59.

yyyy/mm/dd: Reboot date of the switch, in the format of year/month/day. The yyyy ranges from 2000 to 2099, the mm ranges from 1 to 12, and the value of dd is related to the specific month.

Description

Using the schedule reboot at command, you can enable the timing reboot function of the switch and set the specific reboot time and date.

Using the undo schedule reboot command, you can disable the timing reboot function.

By default, the timing reboot switch function is disabled.

The precision of the switch timer is 1 minute. The switch will reboot in one minute when time comes to the specified rebooting point.

If the schedule reboot at command sets specified date parameters, which represents a data in the future, the switch will be restarted in specified time, with error not more than 1 minute.

If no specified date parameters are configured, two cases are involved: If the configured time is after the current time, the switch will be restarted at the time point of that day; if the configured time is before the current time, the switch will be restarted at the time point of the next day.


It should be noted that the configured date should not exceed the current date more than 30 days. In addition, after the command is configured, the system will prompt you to input confirmation information. Only after the “Y” or the “y” is entered can the configuration be valid. If there is related configuration before, it will be covered directly.

Moreover, after the schedule reboot at command is configured and the system time is adjusted by the clock command, the former configured schedule reboot at parameter will go invalid.

For the related command, see reboot, schedule reboot delay, display schedule reboot.

Example

Set the switch to be restarted at 22:00 that night (the current time is 15:50).

<SW7700> schedule reboot at 22:00

Reboot system for 22:00:00 UTC 2002/11/18 (in 6 hours and 10 minutes)

Proceed with reboot? [Y/N]:y

schedule reboot delay Syntaxschedule reboot delay { hhh:mm | mmm }

undo schedule reboot

View

User view

Parameter

hhh:mm: Waiting time for rebooting a switch, in the format of “hour: minute” The hhh ranges from 0 to 720, and the mm ranges from 0 to 59.

mmm: Waiting delay for rebooting a switch, in the format of “absolute minutes” . Ranging from 0 to 43200,

Description

Using the schedule reboot delay command, you can enable the timing reboot switch function and set the waiting time. Using the undo schedule reboot command, you can disable the timing reboot function.

By default, the timing reboot switch function is disabled.

The precision of switch timer is 1 minute. The switch will reboot in one minute when time comes to the specified rebooting point.

Two formats can be used to set the waiting delay of timing reboot switch, namely the format of “hour: minute” and the format of “absolute minutes”. But the total minutes should be no more than 30×24×60 minutes, or 30 days.

After this command is configured, the system will prompt you to input confirmation information. Only after the “Y” or the “y” is entered can the


configuration be valid. If there is related configuration before, it will be covered directly.

Moreover, after the schedule reboot at command is configured, and the system time is adjusted by the clock command, the original schedule reboot at parameter will become invalid.

For the related command, see reboot, schedule reboot at, undo schedule reboot, display schedule reboot

Example

Configure the switch to be restarted after 88 minutes (the current time is 21:32).

<SW7700> schedule reboot delay 88

Reboot system for 23:00:00 UTC 2002/11/1 (in 1 hours and 28 minutes)

Confirm? [Y/N]:y

reboot Syntaxreboot

View

User view

Parameter

None

Description

Using the reboot command, you can reset the Ethernet Switch when failure occurs.

Example

Reboots the Switch.

<SW7700>reboot

reboot slot Syntaxreboot [ slot slot-num ]

View

User view

Parameter

slot-num: Specifies the physical card number, generally taken 0.

Description

Using the reboot slot command, you can reset the whole system.

If no parameter is specified with the reboot command, it will reset the Ethernet switch. You can use the reboot command to reset the card, when the Ethernet switch fails.


Example

Reset the card in Slot 1.

<SW7700>reboot slot 1set backboard view

Syntaxset backboard view value

View

System view

Parameter

value: 0-5 indicates value of backplane configuration.

Description

Using the set backboard view value command, you can set backplane configuration.

Example

Set backboard view.

[SW7700]set backboard view 1Configuration of System Back Board Mode Default settings are in square brackets '[]'.The new configuration will be as following:|Slot No. |Brd Type| Slot Band Width |Brd Available| 1 |NONE | 8G |NO| 2 |NONE | 8G |NO| 3 |NONE | 4G |NO| 4 |LS81FT48| 4G |YES| 5 |NONE | 4G |NO| 6 |NONE | 4G |NOAre you sure the configuration is correct, continue?[Y/N]

temperature-limit Syntaxtemperature-limit slot down-value up-value

View

User view

Table 46

Backboard mode 0 1 2 3 4 5

slot1 8G 8G 8G 8G 8G 8G




slot5 0 4G 4G 2G 2G 4G

slot6 0 4G 0 0 2G 2G

Basic System Configuration and Management Commands 501

Parameter

slot: Physical card number.

down-value: Lower temperature limit (0-70 centigrade).

up-value: Upper temperature limit (20-90 centigrade).

Description

Using the temperature-limit command, you can set temperature limit.

Example

Set the lower and upper temperature limit of card 0.

<SW7700>temperature-limit 0 10 75Success temperature limit set

Basic System Configuration and Management Commands

This section describes the basic system configuration and system management commands available on your Switch 7700.

clock datetime Syntaxclock datetime HH:MM:SS YYYY/MM/DD

View

User view

Parameters

HH:MM:SS : Enter the current time. HH can be in the range 0 to 23. MM and SS can be in the range 0 to 59.

YYYY/MM/DD : Enter the current year, month and date. YYYY can be in the range 2000 to 2099. MM can be in the range 1 to 12. DD can be in the range 1 to 31.

Description

Using the clock datetime command, you can set the current system time and date. The default is 0:0:0, 2000/1/1

Related command: display clock

Example

To set the system time and date to 09:30:00, 2004/1/1, enter the following:

<SW7700>clock datetime 09:30:00 2004/01/01

clock summer-time Syntaxclock summer-time zone_name { one-off | repeating } start_time start_date end_time end_date offset_time

undo clock summer-time


View

User view

Parameters

zone_name: Enter the name of the summer time zone, up to 32 characters in length.

one-off: Specifies that the summer time is set for the selected year.

repeating: Specifies that the summer time is set for every year, starting from the selected year.

start_time: Enter the start time of summer time, in the format HH:MM:SS.

start_date: Enter the start date of summer time, in the format YYYY/MM/DD.

end_time: Enter the end time of summer time, in the format HH:MM:SS.

end_date: Enter the end date of summer time, in the format YYYY/MM/DD.

offset_time: Enter the offset time, that is the amount of time added, in the format HH:MM:SS.

Description

Using the clock summer-time command, you can set the name, start date and time, and end date and time of summer time.

Using the undo clock summer-time command, you can cancel the currently configured summer time.

Use the display clock command to check the summer time settings.

Related command: clock timezone

Example

To set the summer time for zone 2 to start at 06:00:00 on 08/06/2002, and end at 06:00:00 on 01/09/2002, with a time added of one hour, enter the following:

<SW7700>clock summer-time z2 one-off 06:00:00 2002/06/08 06:00:00 2002/09/01 01:00:00

To set the summer time for zone 2 to start at 06:00:00 on 08/06, and end at 06:00:00 on 01/09 in each year starting in 2002, with a time added of one hour, enter the following:

<SW7700>clock summer-time z2 repeating 06:00:00 2002/06/08 06:00:00 2002/09/01 01:00:00

clock timezone Syntaxclock timezone zone_name { add | minus } HH:MM:SS

undo clock timezone

Basic System Configuration and Management Commands 503

View

User view.

Parameter

zone_name: Enter the name of the time zone, up to 32 characters in length.

add: Specifies that time is ahead of UTC.

minus: Specifies that time is behind UTC.

HH:MM:SS: Enter the time difference between the time zone and UTC.

Description

Using the clock timezone command, you can set local time zone information.

Using the undo clock timezone command, you can return to the default, which is Universal Time Coordinated (UTC).

Use the display clock command to check the summer time settings.

Related command: clock summer-time

Example

To set the local time zone as zone 5, and configure the local time to be 5 hours ahead of UTC, enter the following:

<SW7700>clock timezone z5 add 05:00:00

sysname Syntaxsysname sysname

View

System view

Parameter

sysname: Specify the hostname with a character string with the length ranging from1 to 30 characters.

Description

Using the sysname command, you can set the hostname of Ethernet Switch.

By default, the hostname of Ethernet Switch is SW7700.

Changing the hostname name of Ethernet Switch will affect the prompt of command line interface. E.g. the host name of Ethernet Switch is SW7700, and the prompt in user view is <SW7700>.

Example

Set the hostname of the Ethernet Switch to be LANSwitch.

[SW7700]sysname LANSwitch[LANSwitch]


System Status and System Information Display Commands

This sections describes the system status and system information display commands on your Switch 7700.

display clock Syntaxdisplay clock

View

All views

Parameter

None

Description

Using the display clock command, subscribers can obtain information about system data and time from the terminal display.

For the related commands, see clock.

Example

View the current system date and clock.

<SW7700>display clock15:50:45 UTC Mon 2001/2/12

display current-configuration

Syntax display current-configuration [ controller | interface interface-type [ interface-number ] | configuration [ configuration ] ] [ | { begin | exclude | include } regular-expression ]

View

All views

Parameter

controller: View the configuration information of controllers.

interface: View the configuration information of interfaces.

interface-type: The type of the interface.

interface-number: The number of the interface.

configuration configuration: View the pre-positive and post-positive configuration information. The value of configuration is the key word of the configuration, such as:

■ acl-adv: View the configuration information of advanced ACL.

■ ospf: View the configuration information of OSPF.

■ system: View the configuration information of sysname.

■ timerange: View the configuration information of the time range.

System Status and System Information Display Commands 505

■ user-interface: View the configuration information of the user-interface.

|: Filter the configuration information to be output through the regular expression.

begin: Begin with the line that matches the regular expression.

exclude: Exclude lines that match the regular expression.

include: Include lines that match the regular expression.

regular-expression: Define the regular expression.

Description

Using the display current-configuration command, you can display the current effective configuration parameters of Ethernet Switch and verify the current effective parameters.

If some effective configuration parameters are the same as the default working parameters, there is no display.

For the related commands, see save, reset saved-configuration, display saved-configuration.

Example

Display current effective configuration parameters of Ethernet Switch.

<SW7700>display current-configuration#

hostname SW7700#no hdp run#no htp run#radius-server host default#aaa authentication Default radius next local

aaa accounting Default enable offline

user user1 state active service-type ftp ftp-directory flash:#ip multicast-routing#vlan 1#vlan 2#vlan 3#vlan 5#vlan 6#interface Vlan-interface1#interface Vlan-interface2 ip address 1.1.2.1 255.255.255.0


#interface Vlan-interface3

ip address 1.1.3.1 255.255.255.0#interface Vlan-interface5

ip address 10.110.65.1 255.255.255.0vrrp ip 1 10.110.65.2vrrp ip 2 10.110.65.10ip pim sparse-mode


ip address 10.110.66.1 255.255.255.0ip pim sparse-mode

#interface Aux0/0/0#interface GigabitEthernet1/0/1

port access vlan 2#interface GigabitEthernet1/0/2



port access vlan 5#interface GigabitEthernet1/0/5#interface GigabitEthernet1/0/6#interface GigabitEthernet1/0/7#interface GigabitEthernet1/0/8#interface NULL0#

device name SW7700#

ip pim bsr-candidate Vlan-interface5 0ip pim rp-candidate Vlan-interface5

#line aux 0

no loginexec-timeout 0 0

line vty 0 4#end

display debugging Syntaxdisplay debugging [ interface { interface-name | interface-type interface-num } ] [ module-name ]

View

All views


Parameter

module-name: Specify the module name.

interface-name: Specify the Ethernet port name.

interface-type: Specify the Ethernet port type.

interface-num: Specify the Ethernet port number.

Description

Using the display debugging command, you can display the enabled debugging process.

Show all the enabled debugging when there is no parameter.

For the related commands, see debugging.

Example

Show all the enabled debugging.

<SW7700>display debuggingIP packet debugging switch is on.

display saved-configuration

Syntaxdisplay saved-configuration

View

All views

Parameter

None

Description

Using the display saved-configuration command, you can display the configuration files in the flash memory of Ethernet Switch.

If the Ethernet Switch works abnormally after electrified, execute the display saved-configuration command to view the startup configuration of the Ethernet Switch.

For the related commands, see save, reset saved-configuration, display current-configuration.

Example

Display configuration files in flash memory of Ethernet Switch.

<SW7700>display saved-configuration# hostname SW7700# no hdp run# no htp run#


radius-server host default# aaa authentication Default radius next local

aaa accounting Default enable offline

user user1 state active service-type ftp ftp-directory flash:# ip multicast-routing#vlan 1#vlan 2#vlan 3#vlan 5#vlan 6#interface Vlan-interface1#interface Vlan-interface2 ip address 1.1.2.1 255.255.255.0#interface Vlan-interface3 ip address 1.1.3.1 255.255.255.0#interface Vlan-interface5 ip address 10.110.65.1 255.255.255.0

vrrp ip 1 10.110.65.2 vrrp ip 2 10.110.65.10 ip pim sparse-mode


ip address 10.110.66.1 255.255.255.0 ip pim sparse-mode#interface Aux0/0/0#interface GigabitEthernet1/0/1 port access vlan 2#interface GigabitEthernet1/0/2 port access vlan 3#interface GigabitEthernet1/0/3 port access vlan 6#interface GigabitEthernet1/0/4 port access vlan 5#interface GigabitEthernet1/0/5#interface GigabitEthernet1/0/6#interface GigabitEthernet1/0/7#


interface GigabitEthernet1/0/8#interface NULL0# device name SW7700# ip pim bsr-candidate Vlan-interface5 0 ip pim rp-candidate Vlan-interface5#line aux 0 no login exec-timeout 0 0line vty 0 4#end

display users Syntaxdisplay users [ all ]

View

All views

Parameter

all: display all users connected to the switch.

Description

Using the display users command, you can know users connected to the switch.

Example

Display the status of the current users.

<SW7700>display users Line User Host(s) Idle Location

I 0 AUX 0 idle 0

display version Syntaxdisplay version

View

All views

Parameter

None

Description

Using the display version command, you can know such information as software version, issue date and the basic hardware configurations.

Example

Display the information about the system version.

<SW7700>display version


3Com CorporationSwitch 7700 Software, Version 2.0Copyright (c) ReservedSW7700 uptime is 1 week, 1 day, 17 hours, 33 minutes.

FAB64: uptime is 1 week, 1 day, 17 hours, 33 minutesSW7700 with 1 MPC8260 Processor128M bytes SDRAM16384K bytes Flash Memory0K bytes NVRAM MemoryPcb Version: REV.2BootROM Version: 306CPLD Version: 003Software Version : 6503-015

SubCard 1PCB Ver: REV.0CPLD Ver: 002

MOD2: uptime is 1 week, 1 day, 17 hours, 33 minutes.SW7700 MOD2 with 1 MPC850 Processor64M bytes SDRAM0K bytes Flash Memory0K bytes NVRAM MemoryPcb Version: REV.0BootROM Version: 306CPLD Version: 003Software Version: 6503-015

System Debug Commands

This section describes the system debugging options, and the system diagnostics information that can be displayed on your Switch 7700.

debugging Syntaxdebugging { all [ timeout interval ] | module-name [ debugging-option ] }

undo debugging { all | module-name [ debugging-option ] }

View

User view

Parameter

all: Enable or disable all the debugging.

timeout interval: The interval during which the debugging command is valid. The interval value can range from 1 to 1440 minutes.

module-name: Specify the module name.

debugging-option: Debugging option.

Network Connection Test Commands 511

Description

Using the debugging command, you can enable the system debugging. Using the undo debugging command, you can disable the system debugging.

By default, all the debugging processes are disabled.

Ethernet Switch provides various kinds of debugging functions for technical support personnel and experienced maintenance staff to troubleshoot the network.

Enabling the debugging will generate a large amount of debugging information and decrease the system efficiency. Specially, network system may collapse after all the debugging is enabled by the debugging all command. So it is not suggested to use the debugging all command. It is convenient for the user to disable all the debugging with the undo debugging all command.

For the related commands, see display debugging.

Example

Enable IP Packet debugging.

<SW7700>debugging ip packetIP packet debugging switch is on.

display diagnostic-information

Syntaxdisplay diagnostic-information

View

All views

Parameter

None

Description

Using the display diagnostic-information command, you can view the configuration information on all currently running modules. This information helps you to monitor and troubleshoot your Switch 7700.

Example

To display system information on all currently running modules, enter the following:

<SW7700>display diagnostic-information

Network Connection Test Commands

This section describes the network connection test commands available on your Switch 7700.

ping Syntaxping [ -a ip-address ] [-c count ] [ -d ] [ -h ttl ] [ -i { interface-type interface-num | interface-name } ][ ip ] [ -n ] [ - p


pattern ] [ -q ] [ -r ] [ -s packetsize ] [ -t timeout ] [ -tos tos ] [ -v ] string

ping ipx ipx-addr [ -c count | -s packetsize | -t timeout ]*

View

User view

Parameter

-a ip-address: Specify the source IP address to transmit ICMP ECHO-REQUEST.

-c: count specify how many times the ICMP ECHO-REQUEST packet will be transmitted, ranging from 1 to 4294967295.

-d: Configure the socket to be in DEBUGGING mode.

interface-type: Specify the interface type.

interface-num: Specify the interface number.

interface-name: Specify the interface name.

-i: Configure to choose packet sent on the interface.

-n: Configure to take the host parameter as IP address without domain name resolution.

-p: pattern is the hexadecimal padding of ICMP ECHO-REQUEST, e.g. -p ff pads the packet completely with ff.

-q: Configure not to display any other detailed information except statistics.

-r: Record route.

-s packetsize: Specify the length of ECHO-REQUEST (excluding IP and ICMP packet header) in bytes.

-t timeout: Maximum waiting time after sending the ECHO-REQUEST (measured in ms).

-v: Show other received ICMP packets (non ECHO-RESPONSE).

host: Destination host domain name or IP address.

ip: Choose IP ICMP packet.

ipx: Choose IPX packet.

Description

Using the ping command, you can check the IP network connection and the reachability of the host.

By default, when the parameters are not specified:

■ The ECHO-REQUEST message will be sent for 5 times.

Network Connection Test Commands 513

■ socket is not in DEBUGGING mode.

■ host will be treated as IP address first. If it is not an IP address, perform domain name resolution.

■ The default padding operation starts from 0x01 and ends on 0x09 (progressively), then performs again.

■ Show all the information including statistics.

■ Routes are not recorded.

■ Send ECHO-REQUEST according to route selection.

■ Default length of ECHO-REQUEST is 56 bytes.

■ Default timeout of ECHO-RESPONSE is 2000ms.

■ Do not display other ICMP packets (non ECHO-RESPONSE).

The ping command sends ICMP ECHO-REQUEST message to the destination. If the network to the destination works well, then the destination host will send ICMP ECHO-REPLY to the source host after receiving ICMP ECHO-REQUEST.

Perform the ping command to troubleshoot the network connection and line quality. The output information includes:

■ Responses to each of the ECHO-REQUEST messages. If the response message is not received until timeout, output “Request time out”. Or display response message bytes, packet sequence number, TTL and response time.

■ The final statistics, including number of sent packets, number of response packets received, percentage of non-response packets and minimal/maximum/average value of response time.

If the network transmission rate is too low, you can increase the response message timeout.

For the related commands, see tracert.

Example

Check whether the host 202.38.160.244 is reachable.

<SW7700>ping 202.38.160.244ping 202.38.160.244 : 56 data bytesReply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1msReply from 202.38.160.244 : bytes=56 sequence=2 ttl=255 time = 2msReply from 202.38.160.244 : bytes=56 sequence=3 ttl=255 time = 1msReply from 202.38.160.244 : bytes=56 sequence=4 ttl=255 time = 3msReply from 202.38.160.244 : bytes=56 sequence=5 ttl=255 time = 2ms--202.38.160.244 ping statistics--5 packets transmitted5 packets received0% packet lossround-trip min/avg/max = 1/2/3 ms

tracert Syntaxtracert [ -a source-IP ] [-f first-TTL ] [ -m max-TTL ] [ -p port ] [ -q nqueries ] [ -w timeout ] string


View

User view

Parameter

-a source-IP: Configure the source IP address used by the tracert command.

-f: Configure to verify the -f switch, first-TTL specifies an initial TTL, ranging from 0 to the maximum TTL.

-m: Configure to verify the -m switch, max-TTL specifies a maximum TTL larger than the initial TTL.

-p: Configure to verify the -p switch, port is an integer host port number. Generally, user need not modify this option.

-q: Configure to verify the -q switch, nqueries is an integer specifying the number of query packets sent, larger than 0.

-w: Configure to verify the -wf switch, timeout is an integer specifying IP packet timeout in seconds, larger than 0.

host: IP address of the destination host or the hostname of the remote system.

Description

Using the tracert command, you can check the reachability of network connection and troubleshoot the network. User can test gateways passed by the packets transmitted from the host to the destination.

By default, when the parameters are not specified,

first-TTL is 1,

max-TTL is 30,

port is 33434,

nqueries is 3 and

timeout is 5s.

The tracert command sends a packet with TTL 1, and the first hop will send an ICMP error message back to indicate this packet cannot be transmitted (because of TTL timeout). Then this packet will be sent again with TTL 2, and the second hop will indicate a TTL timeout error. Perform this operation repeatedly till reaching the destination. These processes are operated to record the source address of each ICMP TTL timeout so as to provide a path to the destination for an IP packet.

After the ping command finds some error on the network, perform tracert to locate the error.

The output of the tracert command includes IP address of all the gateways to the destination. If a certain gateway times out, output "***".

Log Commands 515

Example

Test the gateways passed by the packets to the destination host at 18.26.0.115.

<SW7700>tracert 18.26.0.115tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms12 * * *13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms14 * * *15 * * *16 * * *17 * * *18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms

Log Commands This section displays the logging options available on your Switch 7700.

display channel Syntaxdisplay channel [ channel-number | channel-name ]

View

All views

Parameter

channel-number: Channel number, ranging from 0 to 9, that is, the system has ten channels.

channel-name: Specify the channel name.

Description

Using the display channel command, you can display the details about the information channel.

Without a parameter, the display channel command shows the configurations of all the channels.

Example

Show details about the information channel 0.

<SW7700>display channel 0channel number:0, channel name:consoleMODU_ID NAME ENABLE LOG LEVEL ENABLE TRAP LEVEL ENABLEDEBUGGING LEVELffff0000all Y warning Y debugging Y debugging


display info-center Syntaxdisplay info-center [ { buffered | history } [ sizeval ] ]

View

All views

Parameter

sizeval: Configure how many pieces of information will be displayed.

buffered: Log buffer

history: Trap buffer

Description

Using the display info-center command, you can display the configuration of system log and the information recorded in the memory buffer.

If the information in the current log/trap buffer is less than the specified sizeval, display the actual log/trap information.

For the related commands, see info-center enable, info-center loghost, info-center logbuffer, info-center console channel, info-center monitor channel.

Example

Show the system log information.

<SW7700>display info-center Information Center: enabledInfo-center loghost:Console:channel number : 0 , channel name : consoleMonitor:channel number : 1 , channel name : monitorSNMP Agent:channel number : 5 , channel name : snmpagentLogging buffer:

enabled,max buffer size 1024, current buffer size 256,current messages 3, channel no : 4 , channel name : logbufdropped messages 0, overwrote messages 0

Trapping buffer:enabled,max buffer size 1024, current buffer size 256,current messages 1, channel number:3, channel name:trapbufdropped messages 0, overwrote messages 0

Information timestamp setting:log - datetime, trap - datetime, debugging - uptime

Sent messages = 5, Received messages = 5

info-center channel name

Syntaxinfo-center channel channel-number name channel-name

View

System view

Log Commands 517

Parameter

channel-number: Channel number, ranging from 0 to 9, that is, system has ten channels.

channel-name: Specify the channel name with a character string not exceeding 30 characters, excluding “-”, “/” or “\”. .

Description

Using the info-center channel name command, you can rename a channel specified by the channel-number as channel-name.

Note that the channel name cannot be duplicated.

Example

Rename channel 0 as execconsole.

[SW7700]info-center channel 0 name execconsole

info-center console channel

Syntaxinfo-center console channel { channel-number | channel-name }

View

System view

Parameter



Description

Using the info-center console channel command, you can configure the channel through which the log information is output to the console.

By default, Ethernet switches do not output log information to the console.

This command takes effect only after system logging is started.

For the related commands, see info-center enable, display info-center.

Example

Configure to output log information to the console through channel 0.

[SW7700]info-center console channel 0

info-center enable Syntaxinfo-center enable

undo info-center enable


View

System view

Parameter

None

Description

Using the info-center enable command, you can enable the system log function. Using the undo info-center enable command, you can disable system log function.

By default, system log function is enabled.

Only after the system log function is enabled can the system output the log information to the info-center loghost and console, etc.

For the related commands, see info-center loghost, info-center logbuffer, info-center console channel, info-center monitor channel, display info-center.

Example

Enable the system log function.

[SW7700]info-center enable

info-center logbuffer Syntaxinfo-center logbuffer [ size buffersize ] [ channel { channel-number | channel-name } ]

undo info-center logbuffer [ channel | size ]

View

System view

Parameter

size: Configure the size of buffer.

buffersize: Size of buffer (number of messages which can be kept); The default size of the buffer is 20.

channel: Configure the channel to output information to buffer.



Description

Using the info-center logbuffer command, you can configure to output information to the memory buffer. Using the undo info-center logbuffer command, you can cancel the information output to buffer

This command takes effect only after the system logging is enabled.

Log Commands 519


Example

Send log information to buffer and sets the size of buffer as 50.

[SW7700]info-center logbuffer 50

info-center loghost Syntaxinfo-center loghost host-ip-addr [ channel { channel-number | channel-name } ] [ facility local-number ] [ language { chinese | english } ]

undo info-center loghost host-ip-addr

View

System view

Parameter

host-ip-addr: IP address of info-center loghost.

channel: Configure information channel of the info-center loghost.



facility: Configure the recording tool of info-center loghost.

local-number: Record tool of info-center loghost, ranging from local0 to local7.

language: Set the logging language.

chinese, english: Language used in log file.

Description

Using the info-center loghost command, you can set the IP address of the info-center loghost to send information to it. Using the undo info-center loghost command, you can cancel output to info-center loghost.

By default, Ethernet switches do not output information to info-center loghost.



Example

Configure to send log information to the UNIX workstation at 202.38.160.1.

[SW7700]info-center loghost 202.38.160.1

info-center loghost source

syntaxinfo-center loghost source interface-name


undo info-center source

View

System view

Parameter

source interface-name: Sets the source address of packets sent to the loghost as the address of the interface specified by interface-name. Normally, the interface is a VLAN interface.

Description

Use the info-center loghost source command to se the source address of packets sent to the loghost as the addrss of the interface specified by the interface-name parameter.

Use the undo info-center loghost source command to cancel the setting of the source address of the packets sent to the loghost.

Related commands: info-center enable, display info-center.

Example

Set the source address of the packets sent to the loghost as the address of the VLAN interface 1.

[SW7700]info-center loghost source vlan-interface

info-center monitor channel

Syntaxinfo-center monitor channel { channel-number | channel-name }

View

System view

Parameter



Description

Using the info-center monitor channel command, you can set the channel to output the log information to the user terminal.

By default, Ethernet switches do not output log information to user terminal.

This command takes effect only after system logging is started.


Example

Configure channel 0 to output log information to user terminal.

[SW7700]info-center monitor channel 0

Log Commands 521

info-center snmp channel

Syntaxinfo-center snmp channel { channel-number | channel-name }

View

System view

Parameter

channel-number: Channel number, ranging from 0 to 9, that is, the system has ten channels. By default, channel 5 is used.


Description

Using the info-center snmp channel command, you can specify new channel for transmitting the SNMP information.

Related commands: display snmp.

Example

Configure channel 6 as the SNMP information channel.

[SW7700]info-center snmp channel 6

info-center source Syntaxinfo-center source { modu-name | default } channel { channel-number | channel-name } [ { log | trap | debug } * { level severity | state state ] } *

undo info-center source { modu-name | default } channel { channel-number | channel-name }

View

System view

Parameter

modu-name: Module name.

default: All the modules.

log: Log information.

trap: Trap information.

debugging: Debugging information.

level: Level.

severity: Information level, do not output information below this level.

Information at different levels is as follows:

emergencies: Level 0 information, which cannot be used by the system.


alerts: Level 1 information, to be reacted immediately.

critical: Level 2 information, critical information.

errors: Level 3 information, error information.

warnings: level 4 information, warning information.

notifications: Level 5 information, showed normally and important.

informational: Level 6 information, notice to be recorded.

debugging: Level 7 information, generated during the debugging progress.

channel-number: Channel number to be set.

channel-name: Channel name to be set.

state: Set the state of the information.

state: Specify the state as on or off.

Description

Using the info-center source command, you can add/delete a record to the information channel. Using the undo info-center source command, you can delete the contents of the information channel.

For example, for the filter of IP module log output, you can configure to output the logs at a level higher than warnings to the log host and output those higher than informational to the log buffer. You can also configure to output the trap information on the IP module to a specified trap host, etc.

The channels for filtering in all the directions are specified by this configuration command. All the information will be sent to the corresponding directions through the specified channels. You can configure the channels in the output direction, channel filter information, filtering and redirecting of all kinds of information.

At present, the system distributes an information channel in each output direction by default, shown as follows:

In addition, each information channel has a default record with the module name “all” and module number as 0xffff0000. However, for different information

Table 47 Output Direction and Information Channel Names

Output direction Information channel name

Console console

Monitor monitor

Info-center loghost loghost

Log buffer logbuf

Trap buffer trapbuf

snmp snmpagent

Log Commands 523

channel, the default log, trap and debugging settings in the records may be different with one another. Use default configuration record if a module does not have any specific configuration record in the channel.

Example

Configure to enable the log information of VLAN module in SNMP channel and allows the output of the information with a level no higher than emergencies.

[SW7700]info-center source vlan channel snmp log level emergencies

info-center timestamp Syntaxinfo-center timestamp { log | trap | debugging } { boot | date | none }

undo info-center timestamp { log | trap | debugging }

View

System view

Parameter

log: Log information.

trap: Trap information.

debugging: Debugging information.

boot: Time elapsing after system starts. Format: xxxxxx.yyyyyy, xxxxxx is the high 32 bits of the elapsed time (in milliseconds) after system starts, and yyyyyy is the low 32 bits.

date: Current system date and time. It shows as yyyy/mm/dd-hh:mm:ss in Chinese environment and mm/dd/yyyy-hh:mm:ss in Western language environment.

None: No timestamp format.

Description

Using the info-center timestamp command, you can configure the timestamp output format in debugging/trap information. Using the undo info-center timestamp command, you can disable the output of timestamp field.

By default, datetime stamp is used.

Example

Configure the debugging information timestamp format as boot.

[SW7700]info-center timestamp debugging boot

info-center trapbuffer Syntaxinfo-center trapbuffer [ size buffersize ] [ channel { channel-number | channel-name } ]

undo info-center trapbuffer [ channel | size ]


View

System view

Parameter

size: Configure the size of the trap buffer.

buffersize: Size of trap buffer (numbers of messages).

channel: Configure the channel to output information to trap buffer.



Description

Using the info-center trapbuffer command, you can output information to the trap buffer. Using the undo info-center trapbuffer command, you can cancel output information to trap buffer.

By default, output information is transmitted to trap buffer and size of trap buffer is 20.


Related commands: info-center enable, display info-center.

Example

Send information to the trap buffer and sets the size of buffer as 30.

[SW7700]info-center logbuffer max-size 30

reset logbuffer Syntaxreset logbuffer

View

User view

Parameter

None

Description

Using the reset logbuffer command, you can clear information in log buffer.

Example

# Clear information in log buffer.

<SW7700>reset logbuffer<SW7700>display info-center history 20Trapping Buffer Confiuration & Information:enabledallowed max buffer size : 1024actual buffer size : 256

Log Commands 525

channel number : 3 , channel name : trapbufdropped messages : 0overwrote messages : 0current messages : 1#9/5/2001 7:15:47-IFNET-5-TRAP:1.3.6.1.6.3.1.1.5.4Interface 514 Changes to Up

reset trapbuffer Syntaxreset trapbuffer

View

User view

Parameter

None

Description

Using the reset trapbuffer command, you can clear information in trap buffer.

Example

Clear information in trap buffer.

<SW7700>reset trapbuffer

terminal debugging Syntaxterminal debugging

undo terminal debugging

View

User view

Parameter

None

Description

Using the terminal debugging command, you can configure to display the debugging information on the terminal. Using the undo terminal debugging command, you can configure not to display the debugging information on the terminal.

By default, the displaying function is disabled.

Related commands: debugging.

Example

Enable the terminal display debugging.

<SW7700>terminal debugging

terminal logging Syntaxterminal logging


undo terminal logging

View

User view

Parameter

None

Description

Using the terminal logging command, you can start terminal log information display. Using the undo terminal logging command, you can disable terminal log information display.

By default, this function is enabled.

Example

Disable the terminal log display.

<SW7700>undo terminal logging

terminal monitor Syntaxterminal monitor

undo terminal monitor

View

User view

Parameter

None

Description

Using the terminal monitor command, you can enable the log debugging/log/trap on the terminal monitor. Using the undo terminal monitor command, you can disable these functions.

By default, enable these functions for the console user and disable them for the terminal user.

This command only takes effect on the current terminal where the commands are input. The debugging/log/trap information can be output to the current terminal, beginning in user view. When the terminal monitor is shut down, no debugging/log/trap information will be displayed in local terminal, which is equals to having performed the undo terminal debugging, undo terminal logging, undo terminal trapping commands. When the terminal monitor is enabled, you can use terminal debugging / undo terminal debugging, terminal logging / terminal logging and terminal trapping / undo terminal trapping respectively to enable or disable the corresponding functions.

Example

Disable the terminal monitor.

SNMP Configuration Commands 527

<SW7700>undo terminal monitor

terminal trapping Syntaxterminal trapping

undo terminal trapping

View

User view

Parameter

None

Description

Using the terminal trapping command, you can enable terminal trap information display. Using the undo terminal trapping command, you can disable this function.

By default, this function is enabled.

Example

Enable trap information display.

<SW7700>terminal trapping

SNMP Configuration Commands

This section displays the Simple Network Management Protocol (SNMP) commands available on your Switch 7700.

display snmp-agent community

Syntaxdisplay snmp-agent community [ read | write ]

View

All views

Parameter

read: display read-only community information.

write: display read-write community information.

Description

Using the display snmp-agent community command, you can display the currently configured community names.

Example

Display the currently configured community names.

<SW7700>display snmp-agent communitycommunity name:publicgroup name:publicstorage-type: nonVolatile


community name:tomgroup name:3Comstorage-type: nonVolatile

display snmp-agent Syntaxdisplay snmp-agent { local-engineid | remote-engineid }

View

All views

Parameter

local-engineid: local engine ID.

remote-engineid: remote engine ID.

Description

Using the display snmp-agent engineid command, you can displays the engine ID of current device.

SNMP engine is the core of SNMP entity. It performs the function of sending, receiving and authenticating SNMP message, extracting PDU, packet encapsulation and the communication with SNMP application, etc.

Example

Display the engine ID of current device.

<SW7700>display snmp-agent engineidLocal SNMP engineID: 00000009020000000C025808

display snmp-agent group

Syntaxdisplay snmp-agent group [ group-name ]

View

All views

Parameter

None

Description

Using the display snmp-agent group command, you can display group name, safe mode, state of various views and storage modes.

Example

Display SNMP group name and safe mode.

<SW7700>display snmp-agent groupgroupname: publicreadview:v1defaultwriteview: no writeview specified notifyview: *tv.FFFFFFFFstorage-type: volatile


The following table describes the output fields.

display snmp-agent mib-view

Syntaxdisplay snmp-agent mib-view [ exclude | include | viewname mib-view ]

View

All views

Parameter

exclude: Display the SNMP mib view excluded.

include: Display the SNMP mib view included.

viewname: Display the SNMP mib view according to the mib view name.

mib-view: Specify the mib view name.

Description

The display snmp-agent mib-view command is used to view the MIB view configuration information of the Ethernet switch.

Example

Display the information about the currently configured MIB view.

<SW7700>display snmp-agent mib-viewView name:ViewDefault MIB Subtree intertentstorage-type: nonVolatile -included activeView name:ViewDefault MIB Subtree system.0storage-type: nonVolatile -excluded active


Table 48 Output description of the display snmp-agent group command

Field Description

groupname SNMP Group name of the user

readview Read-only MIB view name corresponding to that group

writeview Writable MIB view corresponding to that group

notifyview The name of the notify MIB view corresponding to that group

storage-type Storage type

Table 49 Output description of the display snmp-agent mib-view command

Field Description

View name View name

MIB Subtree MIB subtree


included/excluded Permit or forbid access to an MIB object

active Indicate the line state in the table


CAUTION: If the SNMP Agent is disabled, "Snmp Agent disabled" will be displayed after you execute the above display commands.

display snmp-agent statistics

Syntaxdisplay snmp-agent statistics

View

All views

Parameter

None

Description

Using the display snmp-agent statistics command, you can display the current state of SNMP communication.

This command provides a counter for SNMP operations.

Example

Display the current state of SNMP communication.

<SW7700>display snmp-agent statistics32 SNMP packets input

0 Bad SNMP version errors4 Unknown community name0 Illegal operation for community name supplied0 Encoding errors24 Number of requested variables0 Number of altered variables0 Get-request PDUs28 Get-next PDUs

0 Set-request PDUs41 SNMP packets output

0 Too big errors (Maximum packet size 1500)0 No such name errors0 Bad values errors0 General errors24 Response PDUs13 Trap PDUs


Table 50 Output description of the display snmp-agent statistics command

Field Description

SNMP packets input Total number of the input SNMP packets

Bad SNMP version errors Number of packets with version information error

Unknown community name Number of packets with community name error

Illegal operation for community name supplied

Number of packets with authority error corresponding to the community name

Encoding errors Number of SNMP packets with encoding error

Number of requested variables Number of variables requested by NMS

Number of altered variables The number of variables set by NMS


display snmp-agent sys-info

Syntaxsnmp-agent sys-info { contact sysContact | location syslocation | version { { v1 | v2c | v3 } * | all } }

undo snmp-agent sys-info [ { contact | location } * | version { { v1 | v2c | v3 } * | all } ]

View

System view

Parameter

sysContact: Specifies a character string that describes the system that is maintaining contact (in bytes). The value ranges from 1 to 255. By default, the contact information is "3Com Corporation".

sysLocation: Specifies a character string to describe the system location; By default, the character string is "Marlborough, USA".

version: Identifies the current version SNMP. By default, the version is SNMP V3.

v1: SNMP V1.

v2c: SNMP V2C.

v3: SNMP V3.

all: all SNMP version (includes SNMP V1, SNMP V2C, SNMP V3).

Description

Use the snmp-agent sys-info command to configure system information such as geographical location of the device, contact information for system maintenance and version information for SNMP. Use the undo snmp-agent sys-info command to restore the default value.

By default, the contact information is "3Com Corporation", the system location is "Marlborough, USA", the SNMP version is SNMP V3.

Get-request PDUs Number of the received packets requested by get

Get-next PDUs Number of the received packets requested by get-next

Set-request PDUs Number of the received packets requested by set

SNMP packets output Total number of the output SNMP packets

Too big errors Number SNMP packet with too_big error

Maximum packet size Maximum length of SNMP packet

No such name errors Number of the packets requesting nonexistent MIB objects

Bad values errors Number of SNMP packets with Bad_values error

General errors Number of SNMP packets with General_errors

Response PDUs Number of the response packets sent

Trap PDUs Number of the sent Trap packets

Table 50 Output description of the display snmp-agent statistics command


Example

Set the system location as Building 3/Room 214.

[SW7700]snmp-agent sys-info location Building 3/Room 214

display snmp-agent usm-user

Syntaxdisplay snmp-agent usm-user [ engineid engineid | group groupname | username username ]

View

All views

Parameter

engineid: display user information with specified engine ID.

username: display user information with specified user name.

groupname: display user information of specified group.

Description

Using the display snmp-agent usm-user command, you can display information of all the SNMP usernames in the group username list.

Example

Display the information of all the current users.

<SW7700>display snmp-agent usm-userUser name: authuserEngine ID: 00000009020000000C025808storage-type: nonvolatile


enable snmp trap Syntaxenable snmp trap updownundo enable snmp trap updown

View

Ethernet port view

Parameter

None.

Table 51 Output description of the display snmp-agent usm-user command

Field Description

User name Name of SNMP user

Engine ID Character string identifying SNMP device



Description

Use the enable snmp trap updown command to enable the current port to transmit the LINK UP and LINK DOWN trap information.

Use the undo enable snmp trap updown command to disable the current port to transmit the LINK UP and LINK DOWN trap information.

Example

Enable the current port Ethernet3/0/1 to transmit the LINK UP and LINK DOWN trap information.

[SW7700-Ethernet3/0/1]enable snmp trap updown

snmp-agent community Syntaxsnmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-list ] ]

undo snmp-agent community community-name

View

System view

Parameter

community-name: Community name character string.

view-name: MIB view name.

ro: Indicate that MIB object can only be read.

rw: Indicate that MIB object can be read and written.

acl acl-list: set access control list for specified community.

Description

Using the snmp-agent community command, you can set community access name and enable the access to SNMP. Using the undo snmp-agent community command, you can cancel the settings of community access name.

Example

Configure community name as comaccess and permits read-only access by this community name.

[SW7700]snmp-agent community comaccess ro

Configure community name as mgr and permits read-write access.

[SW7700]snmp-agent community mgr rw

Delete the community name comaccess.

[SW7700]undo snmp-agent community comaccess


snmp-agent group Syntaxsnmp-agent group { v1 | v2c } group_name [ read-view read_view ] [ write-view write_view ] [ notify notify_view ] [ acl acl_list ]

undo snmp-agent group { v1 | v2c } group_name

snmp-agent group v3 group-name [ authentication | privacy ] [ acl acl_list ] [ notify notify_view ] [ read-view read_view ] [ write-view write_view ]

undo snmp-agent group v3 group_name [ authentication | privacy ]

View

System view

Parameter

group_name: Enter a group name, up to 32 characters in length.

read-view: Configures read-only view settings.

read_view: Enter a read-only view name, up to 32 characters in length.

write-view: Configures read and write view settings.

write_view: Enter a read and write view name, up to 32 characters in length.

notify: Configures notify view settings.

notify_view: Enter a notify view name, up to 32 characters in length.

acl acl-list: Enter the access control list for this group name.

v3: Configures SNMP version 3.

authentication: Specifies that the packet is authenticated without encryption. This parameter is only available if you enter v3.

privacy: Specifies that the packet is authenticated and encrypted. This parameter is only available if you enter v3.

Description

Using the snmp-agent group command, you can configure a new SNMP group, that is, map an SNMP user to SNMP view.

Using the undo snmp-agent group command, you can delete a specified SNMP group.

3Com recommends that you do not use the notify notify_view parameters when configuring an SNMP group, for the following reasons:

■ The snmp-agent target-host command automatically generates a notify_view for a user, and adds it to the corresponding group.

■ Any change of the SNMP group notify_view will affect all the users related to this group.


Example

To create an SNMP group named 3Com, enter the following:

[SW7700]snmp-agent group v3 3Com

snmp-agent local-engineid

Syntaxsnmp-agent local-engineid engineid

undo snmp-agent local-engineid engineid

View

System view

Parameter

local-engineid: Specify an engineID for the local SNMPv3 entity

engineid: Specify the engine ID with a character string, only composed of hexadecimal numbers between 5 and 32 including; The default value is "Enterprise Number + device information".

Description

Using the snmp-agent local-engineid command, you can configure a name for a local or remote SNMP engine on the Ethernet Switch. Using the undo snmp-agent local-engineid command, you can restore the default setting of engine ID.

Device information is determined according to different products. It can be IP address, MAC address or user defined text. However, you must use numbers in hexadecimal form.

Example

Configure the ID of a local or remote device as 12345.

<SW7700>display snmp-agent local-engineid

snmp-agent mib-view Syntaxsnmp-agent mib-view { included | excluded } view-name oid-tree

undo snmp-agent mib-view view-name

View

System view

Parameter

view-name: Specify the view name, with a character string, ranging from 1 to 32 characters.

oid-tree: MIB object subtree. It can be a character string of the variable OID, or a variable name, ranging from 1 to 255 characters.

included: Include this MIB subtree.


excluded: Exclude this MIB subtree.

Description

Using the snmp-agent mib-view command, you can create or update the view information. Using the undo snmp-agent mib-view command, you can delete the view information

By default, the view name is v1default. OID is 1.3.6.1.

Both the character string of OID and the node name can be input as parameter.

Example

Create a view that consists of all the objects of MIB-II.

[SW7700]snmp-agent mib-view mib2 5.6.1.3 included

snmp-agent packet max-size

Syntaxsnmp-agent packet max-size byte-count

undo snmp-agent packet max-size

View

System view

Parameter

byte-count: Specify the size of SNMP packet (measured in bytes), ranging from 484 to 17940; the default size is 1500 bytes.

Description

Using the snmp-agent packet max-size command, you can configure the size of SNMP packet that the Agent can send/receive. Using the undo snmp-agent packet max-size command, you can restore the default size of SNMP packet.

The sizes of the SNMP packets received/sent by the Agent are different in different network environment.

Example

Set the size of SNMP packet to 1042 bytes.

[SW7700]snmp-agent packet max-size 1042

snmp-agent sys-info Syntaxsnmp-agent sys-info { contact sysContact | location sysLocation | version { { v1 | v2c | v3 } * | all } }

undo snmp-agent sys-info { contact | location | version { { v1 | v2c | v3 } * | all } }

View

System view


Parameter

sysContact: Specify a character string describing the system maintaining contact (in bytes), with a length ranging from 1 to 255; The default contact information is "3Com Marlborough USA".

sysLocation: Specify a character string to describe the system location; By default, the character string is "Marlborough USA".

version: version of running SNMP.

v1: SNMP V1.

v2c: SNMP V2C.

v3: SNMP V3.

all: all SNMP version (includsSNMP V1, SNMP V2C, SNMP V3).

Description

Using the snmp-agent sys-info command, you can set system information such as geographical location of the device, contact information for system maintenance and version information of running SNMP. Using the undo snmp-agent sys-info location command, you can restore the default value.

Example

Set system location as Building 3/Room 214.

[SW7700]snmp-agent sys-info location Building 3/Room 214

snmp-agent target-host Syntaxsnmp-agent target-host trap address udp-domain hostaddress [ udp-port udp_port_number ] params securityname community_string [ v1 | v2c | v3 [ authentication | privacy ] ]

undo snmp-agent target-host host_address securityname community-string

View

System view

Parameter

trap: Specifies the host to receive traps or notifications

address: Specifies the transport address to be used in the generation of SNMP messages.

udp-domain: Specifies the transport domain over UDP for the target address.

host-address: Enter the IP address of destination host.

udp-port udp_port_number: Enter the UDP port number of the host to receive the SNMP notification.

params: Specifies the SNMP target information to be used in the generation of SNMP messages.


community-string: Enter the community name, up to 32 characters in length.

v1: Specifies SNMP version 1.

v2c: Specifies SNMP version 2C.

v3: Specifies SNMP version 3.

authentication: Specifies that the packet is authenticated without encryption. This parameter is only available if you enter v3

privacy: Specifies that the packet is authenticated and encrypted. This parameter is only available if you enter v3

Description

Using the snmp-agent target-host command, you can select and configure the host that you want to receive SNMP notification.

Using the undo snmp-agent target-host command, you can cancel the host currently configured to receive SNMP notification.

You must enter the snmp-agent trap enable command before you enter the snmp-agent target-host command. The snmp-agent trap enable command enables the device to transmit Trap packets.

Example

To enable Trap messages to be sent to myhost.3Com.com with a community name of comaccess., enter the following:

[SW7700]snmp-agent trap enable[SW7700]snmp-agent target-host myhost 3Com.com comaccess

snmp-agent trap enable Syntaxsnmp-agent trap enable [ standard [ authentication ] [ coldstart ] [ configuration ] [ flash ] [ linkdown ] [ linkup ] [ ospf ] [ system ] ]

undo snmp-agent trap enable [ standard [ authentication ] [ coldstart ] [configuration] [ flash ] [ linkdown ] [ linkup ] [ ospf ] [ system ] ]

View

System view

Parameter

standard: Configure to send SNMP Trap packets.

authentication: Configure to send SNMP authentication Trap packets.

coldstart: Configure to send SNMP cold start Trap packets.

configuration: Configure to send SNMP configuratin Trap packets.

flash: Configure to send SNMP flash Trap packets.


linkdown: Configure to send SNMP link down Trap packets.

linkup: Configure to send SNMP link up Trap packets.

ospf: Configure to send SNMP OSPF Trap packets.

system: Configure to send SNMP system Trap packets.

Description

Using the snmp-agent trap enable command, you can enable the device to send Trap message. Using the undo snmp-agent trap enable command, you can disable Trap message sending.

By default, Trap message sending is disabled.

The snmp-agent trap enable command and the snmp-agent target-host command should be used at the same time. The snmp-agent target-host command specifies which hosts can receive Trap message. However, to send Trap message, at least one snmp-agent target-host command should be configured.

Example

Enable to send the trap packet of SNMP authentication failure to 10.1.1.1. The packet is in the V2C format and the community name is 3Com.

[SW7700]snmp-agent trap enable standard authentication[SW7700]snmp-agent target-host 10.1.1.1 version 2c 3Com

snmp-agent trap life Syntaxsnmp-agent trap life seconds

undo snmp-agent trap life

View

System view

Parameter

seconds: Specify the timeouts, ranging from 1 to 2592000 seconds. By default, the timeout interval is 120 seconds.

Description

Using the snmp-agent trap life command, you can set the timeout of Trap packets. Using the undo snmp-agent trap life command, you can restore the default value.

The set timeout of Trap packet is represented by seconds. If time exceeds seconds, this Trap packet will be discarded.

For the related commands, see snmp-agent trap enable, snmp-agent target-host.

Example

Configure the timeout interval of Trap packet as 60 seconds.

[SW7700]snmp-agent trap life 60


snmp-agent trap queue-size

Syntaxsnmp-agent trap queue-size length

undo snmp-agent trap queue-size

View

System view

Parameter

length: Length of queue, ranging from 1 to 1000; the default length is 100.

Description

Using the snmp-agent trap queue-size command, you can configure the information queue length of Trap packet sent to destination host. Using the undo snmp-agent trap queue-size command, you can restore the default value.

For the related commands, see snmp-agent trap enable, snmp-agent target-host, snmp-agent trap life.

Example

Configure the queue length to 200.

[SW7700]queue-length 200

snmp-agent trap source Syntaxsnmp-agent trap source vlan-interface vlan-id

undo snmp-agent trap source

View

System view

Parameter

vlan-id: Specify the VLAN interface ID, ranging from 1 to 4000.

Description

Using the snmp-agent trap source command, you can specify the source address for sending Trap. Using the undo snmp-agent trap source command, you can cancel the source address for sending Trap.

Example

Configure the IP address of the VLAN interface 1 as the source address for transmitting the Trap packets.

[SW7700]snmp-agent trap source vlan-interface 1

snmp-agent usm-user Syntaxsnmp-agent usm-user { v1 | v2c } username groupname [ acl acllist ]

undo snmp-agent usm-user { v1 | v2c } username groupname


snmp-agent usm-user v3 user_name group_name [ authentication-mode { md5 | sha } authpassword [ privacy-mode { des56 privpassword }]] [ acl acllist ]

undo snmp-agent usm-user v3 username groupname { local | engineid engine-id }

View

System view

Parameter

user_name: Enter the user name, up to 32 characters in length.

group_name: Enter the group name corresponding to that user, up to 32 characters in length.

v1: Specifies the use of V1 safe mode.

v2c: Specifies the use of V2c safe mode.

v3: Specifies the use of V3 safe mode.

authentication-mode: Specifies the use of authentication.

md5: Specifies that the MD5 algorithm is used in authentication. MD5 authentication uses a128-bit md5 digest. The computation speed of MD5 is faster than that of SHA

sha: Specifies that the SHA algorithm is used in authentication. SHA authentication uses a 160-bit SHA digest. The computation speed of SHA is slower than that of MD5, but SHA offers higher security.

auth_password: Enter the authentication password, up to 64 characters in length.

privacy-mode: Specifies the use of authentication and encryption.

des 56: Specifies that the DES encryption algorithm is used. Must be entered if you enter the privacy-mode parameter.

priv_password: Enter the encryption password with a character string, ranging from 1 to 64 bytes.

acl acl-list: Enter the access control list for this user, based on USM name.

Description

Using the snmp-agent usm-user command, you can add a new community name or, if you use the V3 parameter, a new user to an SNMP group.

Using the undo snmp-agent usm-user command, you can delete a user from SNMP group.

SNMP engineID (for v3) is required when configuring remote users. This command will not be effective if engineID is not configured.


If SNMP v3 is enabled, a default engineID is configured. You can change this if required. See Related Commands below.

For V1 and V2C, this command will add a new community name. For V3, it will add a new user for an SNMP group.

Related commands: display snmp-agent, snmp-agent local engineid

Example

To add a user named “JohnQ” to the SNMP group “3Com”, then configure the use of MD5, and set the authentication password to “pass”, enter the following:

[SW7700]snmp-agent usm-user JohnQ 3Com v3 auth md5 pass

undo snmp-agent Syntaxundo snmp-agent

View

System view

Parameter

None

Description

Using undo snmp-agent command, you can disable all versions of SNMP running on the server.

Any command of snmp-agent will enable SNMP Agent.

Example

Disable the running SNMP agents of all SNMP versions.

[SW7700]undo snmp-agent

RMON Configuration Commands

This section describes the Remote Monitoring (RMON) configuration commands available on your Switch 7700.

display rmon alarm Syntaxdisplay rmon alarm [ alarm-table-entry ]

View

All views

Parameter

alarm-table-entry: Alarm table entry index.

Description

Using the display rmon alarm command, you can display RMON alarm information.

For the related commands, see rmon alarm.

RMON Configuration Commands 543

Example

Display the RMON alarm information.

<SW7700>display rmon alarmAlarm table 1 is UNDERCREATION, and owned by Configer,

every 1 second(s) monitoring Ethernet1/0/1 ebcastpkts.Rising threshold is 1, linked with event 5.Falling threshold is 2, linked with event 5.On startup enables risingOrFallingAlarm.It's latest absolute sampled values was 0.

display rmon event Syntaxdisplay rmon event [ event-table-entry ]

View

All views

Parameter

event-table-entry: Entry index of event table.

Description

Using the display rmon event command, you can display RMON events.

The display includes event index in event table, owner of the event, description to the event, action caused by event (log or alarm information), and occurrence time of the latest event (counted on system initiate/boot time in centiseconds).

Related command: rmon event.

Example

Show the RMON event.

<SW7700>display rmon eventEvent table 1 is VALID, and owned by 3COM.

Description: none.Event firing causes log ,last fired at 0.

Table 52 Output description of the display rmon alarm command

Field Description

Alarm table 1 Index 1 in the alarm table

UNDERCREATION The entry corresponding to the index is under creation.

Configer Owner

Rising threshold is 1 The rising threshold is 1

Falling threshold is 2 The falling threshold is 2

startup The first trigger

risingOrFallingAlarm The type of the first alarm: Specifies to alarm when exceeding the rising threshold or the falling threshold

absolute sampled values Absolute sampled values

Table 53 Output description of the display rmon event command

Field Description

Event table 1 Index 1 in event table


display rmon eventlog Syntaxdisplay rmon eventlog [ event-number ]

View

All views

Parameter

event-number: Entry index of event table.

Description

Using the display rmon eventlog command, you can display RMON event log.

The display includes description about event index in event table, description to the event, and occurrence time of the latest event (counted on system initiate/boot time in centisecond).

Example

Show event log of RMON.

<SW7700>display rmon eventlog 1Event table 1 is VALID, and owned by 3Com.

Description: none.Event firing causes log-and-trap ,last fired at 102300.

Event 1 generates eventLog 1.Description: The 1.3.6.1.2.1.16.1.1.1.4.8 defined in alarm table 2,less than 200 with alarm value 0. Alarm sample type is delta.loged at 21300.Event 1 generates eventLog 2.Description: The 1.3.6.1.2.1.16.1.1.1.4.8 defined in alarm table 2,uprise 1000 with alarm value 10443. Alarm sample type is delta.loged at 102300.

VALID The entry corresponding to the index is valid

3COM Owner

Description Event description

Event firing causes log Log triggered by event

last fired at 0 Occurrence time of the latest event (counted since system initiate/boot time in centisecond)

Table 53 Output description of the display rmon event command

Table 54 Output description of the display rmon eventlog command

Field Description

Event table Index 1 in event table

VALID The entry corresponding to the index is valid

3Com Owner

Description Event description

Event firing causes log-and-trap Log and trap triggered by event

last fired at 102300 Occurrence time of the latest event (counted since system initiate/boot time in centisecond)


display rmon history Syntaxdisplay rmon history [ port-num ]

View

All views

Parameter

port-num: Ethernet port name.

Description

Using the display rmon history command, you can display latest RMON history sampling information (including utility, error number and total packet number).

For the related commands, see rmon history.

Example

Show the RMON history information.

<SW7700>display rmon history Ethernet 2/0/1History control entry 1 owned by 3Com is VALID, samples interface Ethernet2/0/1 every 10 second with 10 buckets max. Latest sampled values: Dropevents :0 , octets :0 packets :0 , broadcast packets :0 multicast packets :0 , CRC alignment errors :0 undersize packets :0 , oversize packets :0 fragments :0 , jabbers :0 collisions :0 , utilization :0

Table 55 Output description of the display rmon history command

Field Description

Interface Port

history control table Index number in history control table

VALID Valid

3COM Owner

buckets Records in history control table

sampling interval Sampling interval

dropevents Dropping packet events

octets Sent/Transmitted octets in sampling time

packets Packets sent/transmitted in sampling time

broadcastpackets Number of broadcast packets

multicastpackets Number of multicast packets

CRC alignment errors Number of CRC error packets

undersized Number of undersized packets

oversized packets Number of oversized packets

fragments Number of undersized and CRC error packets

jabbers Number of oversized and CRC error packets

collisions Number of collision packets

utilization Utilization


display rmon prialarm Syntaxdisplay rmon prialarm [ prialarm-table-entry ]

View

All views

Parameter

prialarm-table-entry: entry of extended alarm table.

Description

Using the display rmon prialarm command, you can display information about extended alarm table.

Related command: rmon prialarm.

Example

Display alarm information about extended RMON.

<SW7700>display rmon prialarm

display rmon statistics Syntaxdisplay rmon statistics [ port-num ]

View

All views

Parameter

port-num: Ethernet port number.

Description

Using the display rmon statistics command, you can display RMON statistics.

The displayed information includes collision, CRC (Cyclic Redundancy Check) and queue, undersized or oversized packet, timeout, fragment, broadcast, multicast, unicast, and bandwidth utility.

Related command: rmon statistics.

Example

Show RMON statistics.

<SW7700>display rmon statistics Ethernet 2/0/1Statistics entry 1 owned by 3Com-rmon is VALID. Gathers statistics of interface Ethernet2/0/1. Received: octets : 270149,packets : 1954 broadcast packets :1570 ,multicast packets:365 undersized packets :0 ,oversized packets:0 fragments packets :0 ,jabbers packets :0 CRC alignment errors:0 ,collisions :0 Dropped packet events (due to lack of resources):0 Packets received according to length (in octets): 64 :644 , 65-127 :518 , 128-255 :688 256-511:101 , 512-1023:3 , 1024-1518:0


64: 120, 65-127: 88, 128-255: 8,256-511: 12, 512-1023: 5, 1024-1518: 0.

rmon alarm Syntaxrmon alarm entry-number alarm-variable sampling-time { delta | absolute } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ]

undo rmon alarm entry-number

View

System view

Parameter

entry-number: Number of the entry to be added/deleted, ranging from 1 to 65535.

alarm-variable: Specifies the alarm variable with a character string, ranging from 1 to 256, in the OID dotted format, like 1.3.6.1.2.1.2.1.10.1 (or ifInOctets.1).

sampling-time: Specifies the sampling interval, ranging from 5 to 65535 (measured in seconds).

delta: Sampling type is delta.

absolute: Sampling type is absolute.

rising-threshold threshold-value1: Rising threshold, ranging from 0 to 2147483647.

event-entry1: Event number corresponding to the upper limit of threshold, ranging from 0 to 65535.

Table 56 Output description of the display rmon statistics command

Field Description

Interface Port

ethernet statistics table Statistics table

VALID Valid

Configer Owner

broadcast Number of broadcast packets

multicast packets Number of multicast packets

undersized Number of undersized packets

oversized packets Number of oversized packets

fragments Number of undersized and CRC error packets

jabbers Number of oversized and CRC error packets

CRC alignment errors Number of CRC error packets

collisions Number of collision packets

utilization Utilization

Dropped packet events Dropping packet events


falling-threshold threshold-value2: Falling threshold, ranging from 0 to 2147483647.

event-entry2: Event number corresponding to the falling threshold, ranging from 0 to 65535.

owner text: Specifies the creator of the alarm. Length of the character string ranges from 1 to 127.

Description

Using the rmon alarm command, you can add an entry to the alarm table. Using the undo rmon alarm command, you can delete an entry from this table.

In this way, the alarm event can be triggered in the abnormal situations and then decides to log and send trap to the NM station.

Example

Delete the information of entry 15 from the alarm table.

[SW7700]undo rmon alarm 15

rmon event Syntaxrmon event event-entry [ description string ] { log | trap trap-community | log-trap log-trapcommunity | none } [ owner rmon-station ]

undo rmon event event-entry

View

System view

Parameter

event-entry: Number of the entry to be added/deleted, ranging from 1 to 65535.

description string: Event description. Length of the character string ranges from 1 to 255.

log: Log event.

trap: Trap event.

trap-community: Name of the community that trap message is sent to.

log-trap: Log and trap event.

log-trapcommunity: Name of the community that trap message is sent to.

none: neither log nor trap event.

owner rmon-station: Name of the network management station that creates this entry. The length of the character string ranges from 1 to 127.


Description

Using the rmon event command, you can add an entry to the event table. Using the undo rmon event command, you can delete an entry from this table.

Event management of RMON defines the way to deal with event number and event-log, send trap message or log while sending trap message. In this way, alarm events may obtain corresponding treatment

Example

Add the entry 10 to the event table and marks it as log event.

[SW7700]rmon event 10 log

rmon history Syntaxrmon history entry-number buckets number interval sampling-interval [ owner text-string ]

undo rmon history entry-number

View

Ethernet port view

Parameter


buckets number: Capacity of the history table corresponding to the control line.

interval sampling-interval: Sampling interval, ranging from 5 to 3600 (measured in seconds).

owner text-string: Creator of the line. Length of the character string ranges from 1 to127.

Description

Using the rmon history command, you can add an entry to the history control table. Using the undo rmon history command, you can delete an entry from history control table.

Perform this command to sample, set sample parameter (sample time interval) and storage amounts for a port. RMON will periodically perform data collection and save for query on this port. Sample information includes utility, error number and total packet number.

Example

Delete the entry 15 from the history control table.

[SW7700-Ethernet1/0/1]undo rmon history 15

rmon prialarm Syntaxrmon prialarm entry-number alarm-var [ alarm-des ] sampling-timer { delta | absolute | changeratio } rising-threshold threshold-value1


event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]

undo rmon prialarm entry-number

View

System view

Parameter

entry-number: Specifies the entry number, ranging from 1 to 65535.

alarm-var: Specifies the alarm variable, which can be an arithmetic expression of several integer MIB node instances. The node can be OID in dotted notation.

alarm-des: Specifies the alarm description with a length ranging from 0 to 0-127;

sampling-timer: Sets the sampling interval, ranging from 10 to 65535 and measured in seconds.

delta | absolute | changeratio: Specifies the sampling type as delta ratio or absolute ratio.

threshold-value1: Rising threshold value, specified with a number greater than 0.

event-entry1: Corresponding event number to the upper limit threshold value, ranging from 0 to 65535.

threshold-value2: Falling threshold value, specified with a number greater than 0.

event-entry2: Event number corresponding to the falling threshold, ranging from 0 to 65535.

forever | cycle cycle-period: Specifies the type of the alarm instance line.

cycle-period specifies the functional cycle of the instance.

owner text: Specifies the creator of the line. Length of the character string ranges from 1 to 127.

Description

Using the rmon prialarm command, you can add an entry to the extended RMON alarm table. Using the undo rmon prialarm command, you can delete an entry from the extended RMON alarm table.

The number of instances can be created in the table depends on the hardware resource of the product.

Example

Delete line 10 from the extended RMON alarm table.

[SW7700]undo rmon prialarm 10

NTP Configuration Commands 551

rmon statistics Syntaxrmon statistics entry-number [ owner text-string ]

undo rmon statistics entry-number

View

Ethernet port view

Parameter


owner text-string: Creator of the entry. Length of the character string ranges from 1 to127.

Description

Using the rmon statistics command, you can add an entry to the statistic table. Using the undo rmon statistics command, you can delete an entry from statistic table.

RMON statistic management concerns the statistics and monitoring of the usage and error on a port. Statistics includes collision, CRC (Cyclic Redundancy Check) and queue, undersized or oversized packet, timeout, fragment, broadcast, multicast, unicast, and bandwidth utility.

Example

Add the entry 20 to the statistics table of Ethernet1/0/1.

[SW7700-ethernet1/0/1]rmon statistics 20

NTP Configuration Commands

This section describes the Network Time Protocol (NTP) configuration commands available on your Switch 7700.

debugging ntp-service Syntaxdebugging ntp-service { access | adjustment | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity | all }

undo debugging ntp-service { access | adjustment | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity | all }

View

User view.

Parameter

access: NTP access control debugging.

adjustment: NTP clock adjustment debugging.

all: All NTP debugging functions.


authentication: NTP authentication debugging.

event: NTP event debugging.

filter: NTP filter information debugging.

packet: NTP packet debugging.

parameter: NTP clock parameter debugging.

refclock: NTP reference clock debugging.

selection: NTP clock selection information debugging.

synchronization: NTP clock synchronization information debugging.

validity: NTP remote host validity debugging

Description

Using debugging ntp-service command, you can debug different NTP services. Using undo debugging ntp-service command, you can disable corresponding debugging function.

By default, no debugging function is enabled.

Example

Enable NTP access control debugging.

<SW7700>debugging ntp-service access

display ntp-service sessions

Syntaxdisplay ntp-service sessions [ verbose ]

View

All views.

Parameter

verbose: Indicate to display the detail information about the sessions.

Description

Using display ntp-service sessions command, you can display the status of all the sessions maintained by NTP service provided by the local equipment.

By default, the status of all the sessions maintained by NTP service provided by the local equipment will be displayed.

When you configure this command without the verbose parameter, the Ethernet switch will display the brief information about all the sessions it maintains.

With the verbose parameter configured, Ethernet switch will display the detail information about all the sessions it maintains.

Example<SW7700>display ntp-service sessions



source refid st now poll reach delay offset disp********************************************************************[12345]212.125.95.4 131.188.3.221 2 18 64 377 339.8 10.8 0.9note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

display ntp-service status

Syntaxdisplay ntp-service status

Views

All views.

Parameter

None

Description

Using command display ntp-service status, you can display the NTP service status.

Example<SW7700>display ntp-service status


clock status: unsynchronized clock stratum: 16 reference clock ID: none nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^17 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 0.00 ms peer dispersion: 0.00 ms reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)

The following table describes the outputs:

Table 57 NTP service status information

Output Meaning

clock status:unsynchronized Local clock status: do not synchronize to any remote NTP server.

clock stratum: 16 Indicates the NTP stratum of local clock

reference clock ID Indicates the address of a remote server of the reference ID, in the case that the local system has been synchronized by a remote NTP server or the ID of some clock source.

nominal frequency Nominal frequency of the local system hardware clock.

actual frequency Actual frequency of the local system hardware clock.


display ntp-service trace Syntaxdisplay ntp-service trace

Views

All views

Parameter

None.

Description

Using display ntp-service trace command, you can display the brief information about every NTP server on the way from the local equipment to the reference clock source.

Example<SW7700>display ntp-service trace


server 127.0.0.1,stratum 8, offset 0.000000, synch distance 0.00000 refid 127.127.1.0

ntp-service access Syntaxntp-service access { query | synchronization | server | peer } acl-number

undo ntp-service access { query | synchronization | server | peer }

View

System view.

Parameters

query: Allow to control query authority.

synchronization: Only allow the server to access.

server: Allow query to server and access.

peer: Full access authority.

acl-number: IP address list number, ranging from 1 to 99.

clock precision Precision of local system clock

clock offset Offsets of the local clock to the NTP server clock.

root delay Root delay from local equipment to the master reference clock.

root dispersion Dispersion of the local clock relative to the NTP server clock.

peer dispersion Dispersion of the remote NTP server.

reference time Reference timestamp.

Table 57 NTP service status information


Description

Using ntp-service access command, you can set the authority to access the local equipment. Using undo ntp-service access command, you can cancel the access authority settings.

By default, there is no limit to the access.

Set authority to access the NTP services on a local Ethernet Switch. This is a basic and brief security measure, compared to authentication. An access request will be matched with peer, serve, serve only, and query only in an ascending order of the limitation. The first matched authority will be given.

Example

Give the authority of time request, query control and synchronization with the local equipment to the peer in ACL 76.

[SW7700]ntp-service access peer 76

Give the authority of time request and query control of the local equipment to the peer in ACL 28.

[SW7700]ntp-service access synchronization 28

ntp-service authentication enable

Syntaxntp-service authentication enable

undo ntp-service authentication enable

View

System view

Parameters

None

Description

Using ntp-service authentication enable command, you can enable the NTP-service authentication function. Using undo ntp-service authentication enable command, you can disable this function.

By default, the authentication is disabled.

Example

Enable NTP authentication function.

[SW7700]ntp-service authentication enable

ntp-service authentication-keyid

Syntaxntp-service authentication-keyid number authentication-mode md5 value

undo ntp-service authentication-keyid number

View

System view


Parameter

number: Specify the key number and range from 1 to 4294967295.

value: Specify the value of the key with 1 to 32 ASCII characters.

Description

Using ntp-service authentication-keyid command, you can set NTP authentication key. Using undo ntp-service authentication-keyid command, you can cancel the NTP authentication key.

By default, there is no authentication key.

Only MD5 authentication is supported for the NTP authentication key settings.

Example

Set MD5 authentication key 10 as BetterKey.

[SW7700]ntp-service authentication-keyid 10 authentication-mode md5 BetterKey

ntp-service broadcast-client

Syntaxntp-service broadcast-client

undo ntp-service broadcast-client

View

VLAN interface view

Parameter

None.

Description

Using ntp-service broadcast-client command, you can configure NTP broadcast client mode. Using undo ntp-service broadcast-client command, you can disable the NTP broadcast client mode.

By default, the NTP broadcast client mode is disabled.

Designate an interface on the local Ethernet Switch to receive NTP broadcast messages and operate in broadcast client mode. The local Ethernet Switch listens to the broadcast from the server. When it receives the first broadcast packet, it starts a brief client/server mode to switch messages with a remote server for estimating the network delay. Thereafter, the local Ethernet Switch enters broadcast client mode and continues listening to the broadcast and synchronizes the local clock according to the arrived broadcast message.

Example

Configure to receive NTP broadcast packets via Vlan-Interface1.

[SW7700]interface vlan-interface1[SW7700-Vlan-Interface1]ntp-service broadcast-client

ntp-service broadcast-server

Syntaxntp-service broadcast-server [ authentication-keyid keyid ] [ version number ]


undo ntp-service broadcast-server

View

VLAN interface view

Parameter

authentication-keyid: Specify the authentication key.

keyid: Key ID used in broadcast, ranging from 1 to 4294967295.

version: Define NTP version number.

number: NTP version number, ranging from 1 to 3.

Description

Using ntp-service broadcast-server command, you can configure NTP broadcast server mode. Using undo ntp-service broadcast-server command, you can disable the NTP broadcast server mode.

By default, the broadcast service is disabled and number defaults to 3.

Designate an interface on the local equipment to broadcast NTP packets. The local equipment runs in broadcast-server mode and regularly broadcasts packets to its clients.

Example

Configure to broadcast NTP packets via Vlan-Interface1 and encrypt them with Key 4 and set the NTP version number as 3.

[SW7700]interface vlan-interface1[SW7700-Vlan-Interface1]ntp-service broadcast-server authentication-key 4 version 3

ntp-service max-dynamic sessions

Syntaxntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

View

System view

Parameter

number: The maximum sessions can be created locally, ranging from 0 to 100.

Description

Using ntp-service max-dynamic-sessions command, you can set how many sessions can be created locally. Using undo ntp-service max-dynamic-sessions command, you can resume the default maximum session number

By default, a local device allows up to 100 sessions.

Example

Set the local equipment to allow up to 50 sessions.

[SW7700]ntp-service max-dynamic-sessions 50


ntp-service multicast-client

Syntaxntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

View

VLAN interface view

Parameter

ip-address: Specify an multicast IP address of Class D.

Description

Using ntp-service multicast-client command, you can configure the NTP multicast client mode. Using undo ntp-service multicast-client command, you can disable the NTP multicast client mode.

By default, the multicast client service is disabled. ip-address defaults to 224.0.1.1.

Designate an interface on the local Ethernet Switch to receive NTP multicast messages and operate in multicast client mode. The local Ethernet Switch listens to the multicast from the server. When it receives the first multicast packet, it starts a brief client/server mode to switch messages with a remote server for estimating the network delay. Thereafter, the local Ethernet Switch enters multicast client mode and continues listening to the multicast and synchronizes the local clock according to the arrived multicast message.

Example

Configure to receive NTP multicast packet via Vlan-Interface1 and the multicast group corresponding to these packets located at 224.0.1.1.

[SW7700]interface vlan-interface 1[SW7700-Vlan-Interface1]ntp-service multicast-client 224.0.1.1

ntp-service multicast-server

Syntaxntp-service multicast-server [ ip-address ] [ authentication-keyid keyid ] [ ttl ttl-number ] [ version number ]

undo ntp-service multicast-server [ ip-address ]

View

VLAN interface view

Parameter

ip-address: Specify a multicast IP address of Class D and default to 224.0.1.1.

authentication-keyid: Specify authentication key.

keyid: Key ID used in multicast, ranging from 1 to 4294967295.

ttl: Define the time to live of a multicast packet.

ttl-number: Specify the ttl of a multicast packet and range from 1 to 255.

version: Define NTP version number.

number: Specify NTP version number and range from 1 to 3.


Description

Using ntp-service multicast-server command, you can configure NTP multicast server mode. Using undo ntp-service multicast-server command, you can disable NTP multicast server mode.

By default, the multicast service is disabled. IP address defaults to 224.0.1.1 and the version number defaults to 3.

Designate an interface on the local equipment to transmit NTP multicast packet. The local equipment operates in multicast-server mode and multicasts packets regularly to its clients.

Example

Configure to transmit NTP multicast packets encrypted with Key 4 via Vlan-Interface1 at 224.0.1.1 and use NTP version 3.

[SW7700]interface vlan-interface 1[SW7700-Vlan-Interface1]ntp-service multicast-server 224.0.1.1 authentication-keyid 4 version 3

ntp-service refclock-master

Syntaxntp-service refclock-master [ ip-address ] [ stratum ]

undo ntp-service refclock-master [ ip-address ]

View

System view

Parameter

ip-address: Specify the reference clock IP address as 127.127.u. Here, u ranges from 0 to 3.

stratum: Specify which stratum the local clock is located at and range from 1 to 15.

Description

Using ntp-service refclock-master command, you can configure an external reference clock or the local clock as an NTP master clock. Using undo ntp-service refclock-master command, you can cancel the NTP master clock settings.

By default, ip-address is not specified and stratum:defaults to 1.

You can use this command to designate an NTP external reference clock or the local clock as an NTP master clock to provide synchronized time for other equipment. ip-address specifies the IP address of an external clock as 127.127.u. If no IP address is specified, the local clock is set as the NTP master clock by default. You can also specify the stratum of the NTP master clock.

Example

Set the local clock as the NTP master clock to provide synchronized time for its peers and locate it at stratum 3.

[SW7700]ntp-service refclock-master 3


ntp-service reliable authentication-keyid

Syntaxntp-service reliable authentication-keyid number

undo ntp-service reliable authentication-keyid number

View

System view

Parameter

number: Specify the key number, ranging from 1 to 4294967295.

Description

Using ntp-service reliable authentication-keyid command, you can configure the key as reliable. Using undo ntp-service reliable authentication-keyid command, you can cancel the current setting.

By default, no key is configured as reliable.

When you enable the authentication, you can use this command to configure one or more than one keys as reliable. In this case, a client will only get synchronized by a server whichever can provide a reliable key.

Example

Enable NTP authentication, adopt MD5 encryption, and designate Key 37 BetterKey and configure it as reliable.

[SW7700]ntp-service authentication enable[SW7700]ntp-service authentication-keyid 37 authentication-mode md5 BetterKey[SW7700]ntp-service reliable authentication-keyid 37

ntp-service source-interface

Syntaxntp-service source-interface { interface-name | interface-type interface-number }

undo ntp-service source-interface

View

System view

Parameter

interface-name : Specify an interface. The source IP address of the packets will be taken from the address of the interface.

interface-type : Specify the interface type and determine an interface with the interface-number parameter.

interface-number : Specify the interface number and determine an interface with the interface-type parameter.

Description

Using ntp-service source-interface command, you can designate an interface to transmit NTP message. Using undo ntp-service source-interface command, you can cancel the current setting.


The source address specifies where the packets are transmitted from.

You can use this command to designate an interface to transmit all the NTP packets and take the source address of these packets from its IP address. If you do not want any other interface to receive the acknowledgement packets, use this command to specify one interface to send all the NTP packets.

Example

Configure all the outgoing NTP packets to use the IP address of Vlan-Interface1 as their source IP address.

[SW7700]ntp-service source-interface Vlan-Interface 1

ntp-service in-interface disable

Syntaxntp-service in-interface disable

undo ntp-service in-interface disable

View

VLAN interface view

Parameter

None

Description

Using ntp-service in-interface disable command, you can disable an interface to receive NTP message. Using undo ntp-service in-interface disable command, you can enable an interface to receive NTP message.

By default, an interface is enabled to receive NTP message.

Example

Disable Vlan-Interface1 to receive NTP message.

[SW7700]interface vlan-interface1[SW7700-Vlan-Interface1]ntp-service in-interface disable

ntp-service unicast-peer Syntaxntp-service unicast-peer ip-address [ version number | authentication-key keyid | source-interface { interface-name | interface-type interface-number } | priority ]*

undo ntp-service unicast-peer ip-address

View

System view

Parameter

ip-address : Specify the IP address of a remote server.

version : Define NTP version number.

number : NTP version number, ranging from 1 to 3.

authentication-key : Define authentication key.


keyid : Key ID used for transmitting messages to a remote server, ranging from 1 to 4294967295.

source-interface : Specify the name of an interface.

interface-name : Specify the interface name. When a local device sends an NTP message to a peer, the source IP address of the message is taken from the address of the interface.

interface-type : Specify the interface type and determine an interface together with the interface-number parameter.

interface-number : Specify the interface number and determine an interface together with the interface-type parameter.

priority : Designate a server as the first choice.

Description

■ Using ntp-service unicast-peer command to configure NTP peer mode.

■ Using undo ntp-service unicast-peer command to cancel NTP peer mode.

By default, version number number defaults to 3, the authentication is disabled, and the local server is not the first choice.

This command sets the remote server at ip-address as a peer of the local equipment, which operates in symmetric active mode. ip-address specifies a host address other than an IP address of broadcast, multicast, or reference clock. By operating in this mode, a local device can synchronize and be synchronized by a remote server.

Example

Configure the local equipment to synchronize or synchronized by a peer at 128.108.22.44. Set the NTP version to 3. The IP address of the NTP packets are taken from that of Vlan-Interface1.

[SW7700]ntp-service unicast-peer 131.108.22.33 version 3 source-interface Vlan-Interface 1

ntp-service unicast-server

Syntaxntp-service unicast-server ip-address [ version number | authentication-keyid keyid | source-interface { interface-name | interface-type interface-number } | priority ]*

undo ntp-service unicast-server ip-address

View

System view

Parameter

p-address : Specify the IP address of a remote server.

version : Define NTP version number.

number : NTP version number, ranging from 1 to 3.

authentication-keyid : Define authentication key.

keyid : Key ID used for transmitting messages to a remote server, ranging from 1 to 4294967295.


source-interface : Specify the name of an interface.

interface-name : Specify the interface name. When a local device sends an NTP message to a peer, the source IP address of the message is taken from the address of the interface.

interface-type : Specify the interface type and determine an interface together with the interface-number parameter.

interface-number : Specify the interface number and determine an interface together with the interface-type parameter.

priority : Designate a server as the first choice.

Description

Using ntp-service unicast-server command to configure NTP server mode. Using undo ntp-service unicast-server command to disable NTP server mode.

By default, version number number defaults to 3, the authentication is disabled, and the local server is not the first choice.

The command announces to use the remote server at ip-address as the local time server. ip-address specifies a host address other than an IP address of broadcast, multicast, or reference clock. By operating in client mode, a local device can be synchronized by a remote server, but not synchronize any remote server.

Example

Designate the server at 128.108.22.44 to synchronize the local device and use NTP version 3.

[SW7700]ntp-service unicast-server 128.108.22.44 version 3


Documents

3COM Switch 7700 Command Refference Guide