display dhcp client - HPE Support Center

HPE FlexNetwork 5510 HI Switch Series
Layer 3—IP Services Command Reference
Part number: 5200-0078b
Software version: Release 11xx
Document version: 6W102-20171020
© Copyright 2015, 2017 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
Contents
ARP commands ···············································································1
arp check enable ················································································································· 1
arp check log enable ············································································································ 1
arp max-learning-num ·········································································································· 2
arp max-learning-number ······································································································ 3
arp mode uni ······················································································································ 4
arp multiport ······················································································································· 5
arp static ··························································································································· 5
arp timer aging···················································································································· 7
display arp ························································································································· 7
display arp ip-address ·········································································································· 9
display arp timer aging ······································································································· 10
display arp vpn-instance ····································································································· 10
reset arp ·························································································································· 11
Gratuitous ARP commands ······························································ 13
arp ip-conflict log prompt ····································································································· 13
arp send-gratuitous-arp ······································································································ 13
gratuitous-arp-learning enable ······························································································ 14
gratuitous-arp-sending enable ······························································································ 15
Proxy ARP commands ···································································· 16
display local-proxy-arp ········································································································ 16
display proxy-arp ··············································································································· 16
local-proxy-arp enable ········································································································ 17
proxy-arp enable ··············································································································· 18
ARP snooping commands ································································ 19
arp snooping enable ·········································································································· 19
display arp snooping ·········································································································· 19
reset arp snooping ············································································································· 20
IP addressing commands ································································· 22
display ip interface ············································································································· 22
display ip interface brief ······································································································ 24
ip address ························································································································ 25
ip address unnumbered ······································································································ 26
DHCP commands ·········································································· 28
Common DHCP commands ······································································································· 28
dhcp dscp ························································································································ 28
dhcp enable ····················································································································· 28
dhcp select ······················································································································ 29
DHCP server commands ··········································································································· 30
address range ·················································································································· 30
bims-server ······················································································································ 31
bootfile-name ··················································································································· 31
class ······························································································································· 32
dhcp class ······················································································································· 33
dhcp server always-broadcast ······························································································ 34
dhcp server apply ip-pool ···································································································· 35
dhcp server bootp ignore ···································································································· 35
dhcp server bootp reply-rfc-1048 ·························································································· 36
dhcp server forbidden-ip ····································································································· 36
dhcp server ip-pool ············································································································ 37
dhcp server ping packets ···································································································· 38
dhcp server ping timeout ····································································································· 39
i
dhcp server relay information enable ····················································································· 39
display dhcp server conflict ·································································································· 40
display dhcp server expired ································································································· 41
display dhcp server free-ip ·································································································· 42
display dhcp server ip-in-use ······························································································· 43
display dhcp server pool ····································································································· 44
display dhcp server statistics ······························································································· 46
dns-list ···························································································································· 48
domain-name ··················································································································· 48
expired ···························································································································· 49
forbidden-ip ······················································································································ 50
gateway-list ······················································································································ 50
if-match ··························································································································· 51
nbns-list ·························································································································· 53
netbios-type ····················································································································· 53
network ··························································································································· 54
next-server······················································································································· 55
option ····························································································································· 56
reset dhcp server conflict ···································································································· 57
reset dhcp server expired ···································································································· 58
reset dhcp server ip-in-use ·································································································· 58
reset dhcp server statistics ·································································································· 59
static-bind ························································································································ 59
tftp-server domain-name ····································································································· 60
tftp-server ip-address ········································································································· 61
voice-config······················································································································ 61
DHCP relay agent commands····································································································· 62
dhcp relay check mac-address ····························································································· 62
dhcp relay check mac-address aging time ·············································································· 63
dhcp relay client-information record ······················································································· 64
dhcp relay client-information refresh ······················································································ 64
dhcp relay client-information refresh enable ············································································ 65
dhcp relay information circuit-id ···························································································· 66
dhcp relay information enable ······························································································ 68
dhcp relay information remote-id ··························································································· 68
dhcp relay information strategy ····························································································· 69
dhcp relay release ip ·········································································································· 70
dhcp relay server-address ··································································································· 71
dhcp smart-relay enable ····································································································· 71
display dhcp relay check mac-address ··················································································· 72
display dhcp relay client-information ······················································································ 73
display dhcp relay information ······························································································ 74
display dhcp relay server-address ························································································· 75
display dhcp relay statistics ································································································· 76
reset dhcp relay client-information ························································································· 77
reset dhcp relay statistics ···································································································· 78
DHCP client commands ············································································································ 78
dhcp client dad enable ········································································································ 78
dhcp client dscp ················································································································ 79
dhcp client identifier ··········································································································· 79
display dhcp client ············································································································· 80
ip address dhcp-alloc ········································································································· 82
DHCP snooping commands ······································································································· 83
dhcp snooping binding database filename ·············································································· 83
dhcp snooping binding database update interval ······································································ 84
dhcp snooping binding database update now ·········································································· 85
dhcp snooping binding record ······························································································ 86
dhcp snooping check mac-address ······················································································· 86
dhcp snooping check request-message·················································································· 87
dhcp snooping enable ········································································································ 87
dhcp snooping information circuit-id······················································································· 88
dhcp snooping information enable ························································································· 90
ii
dhcp snooping information remote-id ····················································································· 90
dhcp snooping information strategy ······················································································· 91
dhcp snooping max-learning-num ························································································· 92
dhcp snooping rate-limit ······································································································ 93
dhcp snooping trust ··········································································································· 93
display dhcp snooping binding ····························································································· 94
display dhcp snooping binding database ················································································ 95
display dhcp snooping information ························································································ 96
display dhcp snooping packet statistics ·················································································· 97
display dhcp snooping trust ································································································· 98
reset dhcp snooping binding ································································································ 98
reset dhcp snooping packet statistics ····················································································· 99
BOOTP client commands ·········································································································· 99
display bootp client ············································································································ 99
ip address bootp-alloc ······································································································ 100
DNS commands ··········································································· 101
display dns domain ··········································································································
display dns host ··············································································································
display dns server ···········································································································
display ipv6 dns server ·····································································································
dns domain ····················································································································
dns dscp························································································································
dns proxy enable ·············································································································
dns server······················································································································
dns source-interface ········································································································
dns spoofing···················································································································
dns trust-interface············································································································
ip host ···························································································································
ipv6 dns dscp ·················································································································
ipv6 dns server ···············································································································
ipv6 dns spoofing ············································································································
ipv6 host························································································································
reset dns host ·················································································································
101
101
103
104
105
105
106
106
107
108
109
110
111
111
112
113
114
DDNS commands ········································································ 115
ddns apply policy·············································································································
ddns dscp ······················································································································
ddns policy·····················································································································
display ddns policy ··········································································································
interval ··························································································································
method··························································································································
password ·······················································································································
ssl-client-policy ···············································································································
url ································································································································
username ······················································································································
115
116
116
117
118
119
120
121
122
123
Basic IP forwarding commands ······················································· 125
display fib ······················································································································ 125
Load sharing commands ································································ 128
ip load-sharing local-first enable ························································································· 128
ip load-sharing mode per-flow ···························································································· 128
Fast forwarding commands ···························································· 130
display ip fast-forwarding aging-time ····················································································
display ip fast-forwarding cache ··························································································
display ip fast-forwarding fragcache ····················································································
ip fast-forwarding aging-time ······························································································
ip fast-forwarding load-sharing ···························································································
reset ip fast-forwarding cache ····························································································
iii
130
130
131
132
133
133
IRDP commands ·········································································· 135
ip irdp ···························································································································
ip irdp address ················································································································
ip irdp lifetime ·················································································································
ip irdp interval ·················································································································
ip irdp multicast ···············································································································
ip irdp preference ············································································································
135
135
136
137
137
138
IP performance optimization commands ············································ 140
display icmp statistics ·······································································································
display ip statistics ···········································································································
display rawip ··················································································································
display rawip verbose ·······································································································
display tcp ·····················································································································
display tcp statistics ·········································································································
display tcp verbose ··········································································································
display udp ····················································································································
display udp statistics ········································································································
display udp verbose ·········································································································
ip forward-broadcast ········································································································
ip icmp error-interval ········································································································
ip icmp fragment discarding ·······························································································
ip icmp source ················································································································
ip mtu ···························································································································
ip redirects enable ···········································································································
ip ttl-expires enable··········································································································
ip unreachables enable ·····································································································
reset ip statistics ·············································································································
reset tcp statistics ············································································································
reset udp statistics ···········································································································
tcp mss ·························································································································
tcp path-mtu-discovery ·····································································································
tcp syn-cookie enable ·······································································································
tcp timer fin-timeout ·········································································································
tcp timer syn-timeout ········································································································
tcp window ·····················································································································
140
140
142
143
145
146
148
150
151
152
154
155
156
156
157
158
158
159
160
160
161
161
162
163
163
164
164
UDP helper commands ································································· 166
display udp-helper interface ·······························································································
reset udp-helper statistics ·································································································
udp-helper broadcast-map ································································································
udp-helper enable ···········································································································
udp-helper port ···············································································································
udp-helper server ············································································································
166
167
167
168
168
169
UDP helper commands ································································· 171
display udp-helper interface ·······························································································
reset udp-helper statistics ·································································································
udp-helper broadcast-map ································································································
udp-helper enable ···········································································································
udp-helper port ···············································································································
udp-helper server ············································································································
171
172
172
173
173
174
IPv6 basics commands ·································································· 176
display ipv6 fib ················································································································
display ipv6 icmp statistics ································································································
display ipv6 interface ········································································································
display ipv6 interface prefix ·······························································································
display ipv6 nd snooping ···································································································
display ipv6 nd snooping count ···························································································
display ipv6 neighbors ······································································································
iv
176
177
178
182
183
184
185
display ipv6 neighbors count ······························································································
display ipv6 neighbors vpn-instance ····················································································
display ipv6 pathmtu ········································································································
display ipv6 prefix ············································································································
display ipv6 rawip ············································································································
display ipv6 rawip verbose ································································································
display ipv6 statistics ········································································································
display ipv6 tcp ···············································································································
display ipv6 tcp verbose ····································································································
display ipv6 udp ··············································································································
display ipv6 udp verbose ···································································································
ipv6 address···················································································································
ipv6 address anycast ·······································································································
ipv6 address auto ············································································································
ipv6 address auto link-local ·······························································································
ipv6 address eui-64 ·········································································································
ipv6 address link-local ······································································································
ipv6 hop-limit ··················································································································
ipv6 hoplimit-expires enable ······························································································
ipv6 icmpv6 error-interval ··································································································
ipv6 icmpv6 multicast-echo-reply enable ··············································································
ipv6 icmpv6 source ··········································································································
ipv6 mtu ························································································································
ipv6 nd autoconfig managed-address-flag·············································································
ipv6 nd autoconfig other-flag ······························································································
ipv6 nd dad attempts ········································································································
ipv6 nd ns retrans-timer ····································································································
ipv6 nd nud reachable-time ·······························································································
ipv6 nd ra halt ·················································································································
ipv6 nd ra hop-limit unspecified ··························································································
ipv6 nd ra interval ············································································································
ipv6 nd ra no-advlinkmtu ···································································································
ipv6 nd ra prefix ··············································································································
ipv6 nd ra router-lifetime ···································································································
ipv6 nd snooping enable global ··························································································
ipv6 nd snooping enable link-local ·······················································································
ipv6 nd snooping glean source ···························································································
ipv6 nd snooping max-learning-num ····················································································
ipv6 nd router-preference ··································································································
ipv6 neighbor··················································································································
ipv6 neighbor link-local minimize ························································································
ipv6 neighbor stale-aging ··································································································
ipv6 neighbors max-learning-num ·······················································································
ipv6 option drop enable ····································································································
ipv6 pathmtu ··················································································································
ipv6 pathmtu age·············································································································
ipv6 prefer temporary-address ···························································································
ipv6 prefix ······················································································································
ipv6 redirects enable ········································································································
ipv6 temporary-address ····································································································
ipv6 unreachables enable ·································································································
local-proxy-nd enable ·······································································································
proxy-nd enable ··············································································································
reset ipv6 nd snooping ·····································································································
reset ipv6 neighbors·········································································································
reset ipv6 pathmtu ···········································································································
reset ipv6 statistics ··········································································································
187
187
188
189
190
191
194
195
197
200
201
203
204
205
206
207
207
208
209
209
210
211
211
212
213
214
214
215
216
216
217
218
218
219
220
220
221
222
222
223
224
225
225
226
227
227
228
229
229
230
231
232
232
233
233
234
235
DHCPv6 commands ····································································· 236
Common DHCPv6 commands ·································································································· 236
display ipv6 dhcp duid ······································································································ 236
ipv6 dhcp dscp················································································································ 236
v
ipv6 dhcp select ·············································································································· 237
DHCPv6 server commands ······································································································ 238
address range ················································································································ 238
display ipv6 dhcp pool ······································································································ 239
display ipv6 dhcp prefix-pool ······························································································ 240
display ipv6 dhcp server ··································································································· 241
display ipv6 dhcp server conflict ························································································· 242
display ipv6 dhcp server expired ························································································· 243
display ipv6 dhcp server ip-in-use ······················································································· 244
display ipv6 dhcp server pd-in-use ······················································································ 246
display ipv6 dhcp server statistics ······················································································· 248
dns-server ····················································································································· 249
domain-name ················································································································· 250
ipv6 dhcp pool ················································································································ 250
ipv6 dhcp prefix-pool ········································································································ 251
ipv6 dhcp server·············································································································· 252
ipv6 dhcp server apply pool ······························································································· 253
ipv6 dhcp server forbidden-address ····················································································· 254
ipv6 dhcp server forbidden-prefix ························································································ 255
network ························································································································· 256
option ··························································································································· 256
prefix-pool······················································································································ 258
reset ipv6 dhcp server conflict ···························································································· 259
reset ipv6 dhcp server expired ··························································································· 259
reset ipv6 dhcp server ip-in-use ·························································································· 260
reset ipv6 dhcp server pd-in-use ························································································· 260
reset ipv6 dhcp server statistics ·························································································· 261
sip-server ······················································································································ 261
static-bind ······················································································································ 262
temporary address range ·································································································· 263
DHCPv6 relay agent commands ······························································································· 264
display ipv6 dhcp relay server-address················································································· 264
display ipv6 dhcp relay statistics ························································································· 265
ipv6 dhcp relay server-address ··························································································· 267
reset ipv6 dhcp relay statistics ···························································································· 268
DHCPv6 client commands ······································································································· 269
display ipv6 dhcp client ····································································································· 269
display ipv6 dhcp client statistics ························································································ 271
ipv6 address dhcp-alloc ···································································································· 272
ipv6 dhcp client dscp ········································································································ 273
ipv6 dhcp client pd ··········································································································· 273
ipv6 dhcp client stateless enable ························································································ 274
reset ipv6 dhcp client statistics ··························································································· 275
DHCPv6 snooping commands ·································································································· 275
display ipv6 dhcp snooping binding ····················································································· 275
display ipv6 dhcp snooping binding database ········································································ 276
display ipv6 dhcp snooping packet statistics ·········································································· 277
display ipv6 dhcp snooping trust ························································································· 277
ipv6 dhcp snooping binding database filename ······································································ 278
ipv6 dhcp snooping binding database update interval ······························································ 279
ipv6 dhcp snooping binding database update now ·································································· 280
ipv6 dhcp snooping binding record ······················································································ 281
ipv6 dhcp snooping check request-message ········································································· 281
ipv6 dhcp snooping enable ································································································ 282
ipv6 dhcp snooping max-learning-num ················································································· 282
ipv6 dhcp snooping option interface-id enable ······································································· 283
ipv6 dhcp snooping option interface-id string ········································································· 284
ipv6 dhcp snooping option remote-id enable·········································································· 284
ipv6 dhcp snooping option remote-id string ··········································································· 285
ipv6 dhcp snooping rate-limit ····························································································· 286
ipv6 dhcp snooping trust ··································································································· 286
reset ipv6 dhcp snooping binding ························································································ 287
vi
reset ipv6 dhcp snooping packet statistics ············································································ 287
IPv6 fast forwarding commands ······················································ 289
display ipv6 fast-forwarding aging-time·················································································
display ipv6 fast-forwarding cache·······················································································
ipv6 fast-forwarding aging-time ···························································································
ipv6 fast-forwarding load-sharing ························································································
reset ipv6 fast-forwarding cache ·························································································
289
289
291
291
292
Tunneling commands ···································································· 293
bandwidth ······················································································································
default···························································································································
description ·····················································································································
destination ·····················································································································
display interface tunnel ·····································································································
interface tunnel ···············································································································
mtu·······························································································································
reset counters interface ····································································································
service ··························································································································
shutdown ·······················································································································
source···························································································································
tunnel dfbit enable ···········································································································
tunnel discard ipv4-compatible-packet ·················································································
tunnel tos·······················································································································
tunnel ttl ························································································································
293
293
294
294
295
299
300
300
301
301
302
303
304
304
305
GRE commands ·········································································· 306
keepalive ······················································································································· 306
Document conventions and icons ···················································· 307
Conventions ························································································································· 307
Network topology icons ··········································································································· 308
Support and other resources ·························································· 309
Accessing Hewlett Packard Enterprise Support ············································································
Accessing updates ·················································································································
Websites ·······················································································································
Customer self repair ·········································································································
Remote support ··············································································································
Documentation feedback ··································································································
309
309
310
310
310
310
Index ························································································· 313
vii
ARP commands
arp check enable
Use arp check enable to enable dynamic ARP entry check.
Use undo arp check enable to disable dynamic ARP entry check.
Syntax
arp check enable
undo arp check enable
Default
Dynamic ARP entry check is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Dynamic ARP entry check disables a device from supporting dynamic ARP entries with multicast
MAC addresses. The device cannot learn dynamic ARP entries containing multicast MAC
addresses. You cannot manually add static ARP entries that contain multicast MAC addresses.
When this function is disabled, ARP entries containing multicast MAC addresses are supported. The
device can learn dynamic ARP entries containing multicast MAC addresses obtained from the ARP
packets sourced from a unicast MAC address. You can also manually add static ARP entries
containing multicast MAC addresses.
Examples
# Enable dynamic ARP entry check.
<Sysname> system-view
[Sysname] arp check enable
arp check log enable
Use arp check log enable to enable the ARP logging function.
Use undo arp check log enable to disable the ARP logging function.
Syntax
arp check log enable
undo arp check log enable
Default
ARP logging is disabled.
Views
System view
Predefined user roles
network-admin
1
Usage guidelines
This function enables a device to log ARP events when ARP cannot resolve IP addresses correctly.
The device can log the following ARP events:
•
•
On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of
the following IP addresses:

The IP address of the receiving interface.

The virtual IP address of the VRRP group.

The public address after NAT.
The sender IP address of a received ARP reply conflicts with one of the following IP addresses:

The IP address of the receiving interface.

The virtual IP address of the VRRP group.

The public address after NAT.
The device sends ARP log messages to the information center. You can use the info-center source
command to specify the log output rules for the information center. For more information about
information center, see Network Management and Monitoring Configuration Guide.
The device can generate a large amount of ARP logs. To conserve system resources, enable ARP
logging only when you are troubleshooting or debugging ARP events.
Examples
# Enable ARP logging.
<Sysname> system-view
[Sysname] arp check log enable
arp max-learning-num
Use arp max-learning-num to set the maximum number of dynamic ARP entries that an interface
can learn.
Use undo arp max-learning-num to restore the default.
Syntax
arp max-learning-num number
undo arp max-learning-num
Default
In Release 1111, an interface can learn a maximum of 16384 dynamic ARP entries.
In Release 1121 and later, the maximum number of dynamic ARP entries that an interface can learn
depends on the ARP table capacity set by using the switch-mode command. For information about
the switch-mode command, see Fundamentals Command Reference.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, VLAN interface view, Layer 2
aggregate interface view, Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of dynamic ARP entries for an interface. In Release 1111,
the value range for this argument is 0 to 16384. In Release 1121 and later, the value range for this
argument is 0 to N. The value for N depends on the ARP table capacity.
2
Usage guidelines
An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP
entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When
the maximum number is reached, the interface stops learning ARP entries.
When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries.
Examples
# Specify VLAN-interface 40 to learn a maximum of 500 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface vlan-interface 40
[Sysname-Vlan-interface40] arp max-learning-num 500
# Specify GigabitEthernet 1/0/1 to learn a maximum of 1000 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] arp max-learning-num 1000
# Specify Layer 2 aggregate interface Bridge-Aggregation 1 to learn a maximum of 1000 dynamic
ARP entries.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] arp max-learning-num 1000
# Specify Layer 3 aggregate interface Route-Aggregation 1 to learn a maximum of 1000 dynamic
ARP entries.
<Sysname> system-view
[Sysname] interface route-aggregation 1
[Sysname-Route-Aggregation1] arp max-learning-num 1000
arp max-learning-number
Use arp max-learning-number to set the maximum number of dynamic ARP entries that a device
can learn.
Use undo arp max-learning-number to restore the default.
Syntax
arp max-learning-number number slot slot-number
undo arp max-learning-number slot slot-number
Default
In Release 1111, a device can learn a maximum of 16384 dynamic ARP entries.
In Release 1121 and later, the maximum number of dynamic ARP entries that a device can learn
depends on the ARP table capacity set by using the switch-mode command. For information about
the switch-mode command, see Fundamentals Command Reference.
Views
System view
Predefined user roles
network-admin
3
Parameters
number: Specifies the maximum number of dynamic ARP entries for a device. In Release 1111, the
value range for this argument is 0 to 16384. In Release 1121 and later, the value range for this
argument is 0 to N. The value for N depends on the ARP table capacity.
slot slot-number: Displays the ARP entries of an IRF member device. The slot-number argument
specifies the ID of the IRF member device.
Usage guidelines
A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries,
you can set the maximum number of dynamic ARP entries that the device can learn. When the
maximum number is reached, the device stops learning ARP entries.
When the number argument is set to 0, the device is disabled from learning dynamic ARP entries.
Examples
# Set the IRF member device in slot 1 to learn a maximum of 64 dynamic ARP entries.
<Sysname> system-view
[Sysname] arp max-learning-number 64 slot 1
arp mode uni
Use arp mode uni to configure a port as a customer-side port.
Use undo arp mode to restore the default.
Syntax
arp mode uni
undo arp mode
Default
A port operates as a network-side port.
Views
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
This command is available in Release 1121 and later.
By default, the device associates an ARP entry with routing information when the device learns an
ARP entry. The ARP entry provides the next hop information for routing. To save hardware
resources, you can use this command to specify a port that connects to a user terminal as a
customer-side port. The device will not associate the routing information with the learned ARP
entries.
Examples
# Configure VLAN-interface 2 as a customer-side port.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] arp mode uni
4
arp multiport
Use arp multiport to configure a multiport ARP entry.
Use undo arp to remove an ARP entry.
Syntax
arp multiport ip-address mac-address vlan-id [ vpn-instance vpn-instance-name ]
undo arp ip-address [ vpn-instance-name ]
Default
No multiport ARP entries are configured.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IP address for the multiport ARP entry.
mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H.
vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance for the multiport ARP entry.
The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The specified VPN
instance must already exist. Without this option, the multiport ARP entry belongs to the public
network.
Usage guidelines
The specified VLAN must already exist. If the VLAN or the corresponding VLAN interface is
removed, the multiport ARP entry is also removed.
The specified IP address must reside on the same subnet as the VLAN interface of the specified
VLAN. Otherwise, the multiport ARP entry does not take effect.
To use the multiport ARP entry, you must configure a multicast or multiport unicast MAC address
entry to specify multiple output interfaces. The MAC address entry must have the same MAC
address and VLAN ID as the multiport ARP entry.
Examples
# Configure a multiport ARP entry that comprises IP address 202.38.10.2 and MAC address
00e0-fc01-0000 in VLAN 10.
<Sysname> system-view
[Sysname] arp multiport 202.38.10.2 00e0-fc01-0000 10
Related commands
•
display arp multiport
•
reset arp multiport
arp static
Use arp static to configure a static ARP entry.
Use undo arp to remove an ARP entry.
5
Syntax
arp static ip-address mac-address [ vlan-id interface-type interface-number ] [ vpn-instance
vpn-instance-name ]
undo arp ip-address [ vpn-instance-name ]
Default
No static ARP entries are configured.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IP address for the static ARP entry.
mac-address: Specifies a MAC address for the static ARP entry, in the format of H-H-H.
vlan-id: Specifies the ID of a VLAN to which the static ARP entry belongs. The value range is 1 to
4094. The VLAN and VLAN interface must already exist.
interface-type interface-number: Specifies an interface by its type and number. Make sure the
interface belongs to the specified VLAN.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN for the static ARP entry. The
vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The VPN instance
must already exist. To specify a static ARP entry on the public network, do not specify this option.
Usage guidelines
A static ARP entry is manually configured and maintained. It does not age out and cannot be
overwritten by any dynamic ARP entry.
Static ARP entries can be classified into long and short static ARP entries. A short static ARP entry
contains an IP-to-MAC mapping. A long static ARP entry contains an IP-to-MAC mapping, a VLAN,
and an output interface.
A static ARP entry is effective when the device works correctly.
When the VLAN or VLAN interface is deleted, long static ARP entries in the VLAN are deleted, and
resolved short static ARP entries in the VLAN become unresolved.
A resolved short static ARP entry becomes unresolved upon certain events, for example, when the
output interface goes down.
A long static ARP entry is ineffective when the corresponding VLAN interface or output interface is
down. An ineffective long static ARP entry cannot be used to forward packets.
If you specify both the vlan-id and ip-address arguments, the IP address of the corresponding VLAN
interface must be on the same network as the specified IP address.
If you do not specify a VPN, the undo arp command removes ARP entries only for the public
network.
Examples
# Configure a static ARP entry that comprises IP address 202.38.10.2, MAC address
00e0-fc01-0000, and output interface GigabitEthernet 1/0/1 in VLAN 10.
<Sysname> system-view
[Sysname] arp static 202.38.10.2 00e0-fc01-0000 10 GigabitEthernet 1/0/1
Related commands
•
display arp
6
•
reset arp
arp timer aging
Use arp timer aging to set the aging timer for dynamic ARP entries.
Use undo arp timer aging to restore the default.
Syntax
arp timer aging aging-time
undo arp timer aging
Default
The aging timer for dynamic ARP entries is 20 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes.
Usage guidelines
Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging
timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. Dynamic ARP
entries that are not updated before their aging timers expire are deleted from the ARP table.
Set the aging timer for dynamic ARP entries as needed. For example, when you configure proxy
ARP, set a short aging time so that invalid dynamic ARP entries can be deleted in time.
Examples
# Set the aging timer for dynamic ARP entries to 10 minutes.
<Sysname> system-view
[Sysname] arp timer aging 10
Related commands
display arp timer aging
display arp
Use display arp to display ARP entries.
Syntax
display arp [ [ all | dynamic | multiport | static ] [ slot slot-number ] | vlan vlan-id | interface
interface-type interface-number ] [ count | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
7
Parameters
all: Displays all ARP entries.
dynamic: Displays dynamic ARP entries.
multiport: Displays multiport ARP entries.
static: Displays static ARP entries.
slot slot-number: Displays the ARP entries of an IRF member device. The slot-number argument
specifies the ID of the IRF member device.
vlan vlan-id: Displays the ARP entries for the specified VLAN. The VLAN ID is in the range of 1 to
4094.
interface interface-type interface-number: Displays the ARP entries for the interface specified by the
argument interface-type interface-number.
count: Displays the number of ARP entries.
verbose: Displays detailed information about ARP entries.
Usage guidelines
This command displays information about ARP entries, including the IP address, MAC address,
VLAN ID, output interface, entry type, and aging timer.
If you do not specify any parameters, the command displays all ARP entries.
Examples
# Display all ARP entries.
<Sysname> display arp all
Type: S-Static
D-Dynamic
O-Openflow
M-Multiport
I-Invalid
IP Address
MAC Address
VLAN
Interface
Aging Type
20.1.1.1
00e0-fc00-0001
N/A
N/A
N/A
S
193.1.1.70
00e0-fe50-6503
100
GE1/0/1
N/A
IS
192.168.0.115
000d-88f7-9f7d
1
GE1/0/2
18
D
192.168.0.39
0012-a990-2241
1
GE1/0/3
20
D
22.1.1.1
000c-299d-c041
10
N/A
N/A
M
# Display detailed information about all ARP entries.
<Sysname> display arp all verbose
Type: S-Static
IP Address
D-Dynamic
O-Openflow
M-Multiport
I-Invalid
MAC Address
VLAN
Interface
Aging Type
00e0-fc00-0001
N/A
N/A
N/A
S
00e0-fe50-6503
100
GE1/0/1
N/A
IS
000d-88f7-9f7d
1
GE1/0/2
18
D
0012-a990-2241
1
GE1/0/3
20
D
000c-299d-c041
10
N/A
N/A
M
Vpn Instance
20.1.1.1
[No Vrf]
193.1.1.70
[No Vrf]
192.168.0.115
[No Vrf]
192.168.0.39
[No Vrf]
22.1.1.1
[No Vrf]
# Display the number of all ARP entries.
<Sysname> display arp all count
Total number of entries : 5
8
Table 1 Command output
Field
Description
IP Address
IP address in an ARP entry.
MAC Address
MAC address in an ARP entry.
VLAN
ID of the VLAN to which the ARP entry belongs. This field displays N/A in
either of the following situations:
•
The ARP entry is an unresolved short static ARP entry.
•
The output interface of the ARP entry does not belong to the VLAN.
Interface
Output interface in an ARP entry. This field displays N/A in either of the
following situations:
•
The ARP entry is an unresolved short static ARP entry.
•
The ARP entry is a multiport ARP entry and has no output interface
information.
To obtain the output interface information of the multiport ARP entry, look
up the MAC address table according to the MAC address in the ARP
entry.
Aging
Aging time for a dynamic ARP entry in minutes. N/A means unknown aging
time or no aging time.
Type
ARP entry type:
•
D—Dynamic.
•
S—Static.
•
O—OpenFlow.
•
M—Multiport.
•
I—Invalid.
Vpn Instance
Name of VPN instance. [No Vrf] is displayed if no VPN instance is configured
for the ARP entry.
Total number of entries
Number of ARP entries.
Related commands
•
arp static
•
reset arp
display arp ip-address
Use display arp ip-address to display the ARP entry for an IP address.
Syntax
display arp ip-address [ slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip-address: Displays the ARP entry for the specified IP address.
slot slot-number: Displays the specified ARP entry of an IRF member device. The slot-number
argument specifies the ID of the IRF member device.
9
verbose: Displays the detailed information about the specified ARP entry.
Usage guidelines
The ARP entry information includes the IP address, MAC address, VLAN ID, output interface, entry
type, and aging timer.
Examples
# Display the ARP entry for the IP address 20.1.1.1.
<Sysname> display arp 20.1.1.1
Type: S-Static
D-Dynamic
O-Openflow
M-Multiport
I-Invalid
IP address
MAC address
VLAN
Interface
Aging Type
20.1.1.1
00e0-fc00-0001
N/A
N/A
N/A
Related commands
•
arp static
•
reset arp
display arp timer aging
Use display arp timer aging to display the aging timer of dynamic ARP entries.
Syntax
display arp timer aging
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the aging timer of dynamic ARP entries.
<Sysname> display arp timer aging
Current ARP aging time is 10 minute(s)
Related commands
arp timer aging
display arp vpn-instance
Use display arp vpn-instance to display the ARP entries for a VPN instance.
Syntax
display arp vpn-instance vpn-instance-name [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
10
S
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to
31 characters.
count: Displays the number of ARP entries.
Usage guidelines
This command displays information about ARP entries for a VPN instance, including the IP address,
MAC address, VLAN ID, output interface, entry type, and aging timer.
Examples
# Display ARP entries for the VPN instance named test.
<Sysname> display arp vpn-instance test
Type: S-Static
D-Dynamic
O-Openflow
M-Multiport
I-Invalid
IP address
MAC address
VLAN ID
Interface
Aging Type
20.1.1.1
00e0-fc00-0001
N/A
N/A
N/A
S
Related commands
•
arp static
•
reset arp
reset arp
Use reset arp to clear ARP entries from the ARP table.
Syntax
reset arp { all | dynamic | interface interface-type interface-number | multiport | slot slot-number |
static }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears all ARP entries.
dynamic: Clears all dynamic ARP entries.
multiport: Clears all multiport ARP entries.
static: Clears all static ARP entries.
slot slot-number: Clears the ARP entries of an IRF member device. The slot-number argument
specifies the ID of the IRF member device.
interface interface-type interface-number: Clears the ARP entries for the interface specified by the
argument interface-type interface-number.
Usage guidelines
This command can separately clear static ARP entries, dynamic ARP entries, multiport ARP entries,
or ARP entries on specified interfaces.
When the interface interface-type interface-number option is specified, this command clears only
dynamic ARP entries for the specified interface.
When the slot slot-number option is specified, this command clears only dynamic ARP entries for
the specified IRF member device.
11
Examples
# Clear all static ARP entries.
<Sysname> reset arp static
Related commands
•
arp static
•
display arp
12
Gratuitous ARP commands
arp ip-conflict log prompt
Use arp ip-conflict log prompt to enable IP conflict notification without conflict confirmation.
Use undo arp ip-conflict log prompt to restore the default.
Syntax
arp ip-conflict log prompt
undo arp ip-conflict log prompt
Default
IP conflict notification is disabled. The device performs the following operations if it is using the
sender IP address of a received ARP packet:
•
Sends a gratuitous ARP request.
•
Displays an error message after the device receives an ARP reply about the conflict.
Views
System view
Predefined user roles
network-admin
Examples
# Enable IP conflict notification on the device.
<Sysname> system-view
[Sysname] arp ip-conflict log prompt
arp send-gratuitous-arp
Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets and set the
sending interval on an interface.
Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous
ARP packets.
Syntax
arp send-gratuitous-arp [ interval milliseconds ]
undo arp send-gratuitous-arp
Default
Periodic sending of gratuitous ARP is disabled.
Views
Layer 3 Ethernet interface view, Layer 3 aggregate interface view, VLAN interface view
Predefined user roles
network-admin
Parameters
interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200
to 200000 milliseconds. The default value is 2000 milliseconds.
13
Usage guidelines
This function takes effect only when the enabled interface is up and an IP address has been
assigned to the interface.
This function can send gratuitous ARP requests only for a VRRP virtual IP address, or the sending
interface's primary IP address or manually configured secondary IP address. The primary IP address
can be configured manually or automatically, whereas the secondary IP address must be configured
manually.
If you change the interval for sending gratuitous ARP packets, the configuration takes effect at the
next sending interval.
The frequency of sending gratuitous ARP packets might be much lower than expected when any of
the following conditions exist:
•
This function is enabled on multiple interfaces.
•
Each interface is configured with multiple secondary IP addresses.
•
A small sending interval is configured in the preceding cases.
Examples
# Enable VLAN-interface 2 to send gratuitous ARP packets every 300 milliseconds.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] arp send-gratuitous-arp interval 300
gratuitous-arp-learning enable
Use gratuitous-arp-learning enable to enable learning of gratuitous ARP packets.
Use undo gratuitous-arp-learning enable to disable learning of gratuitous ARP packets.
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
Default
Learning of gratuitous ARP packets is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The learning of gratuitous ARP packets function allows a device to maintain its ARP table by creating
or updating ARP entries based on received gratuitous ARP packets.
When this function is disabled, the device uses received gratuitous ARP packets to update existing
ARP entries only. ARP entries are not created based on the received gratuitous ARP packets, which
saves ARP table space.
Examples
# Enable learning of gratuitous ARP packets.
<Sysname> system-view
[Sysname] gratuitous-arp-learning enable
14
gratuitous-arp-sending enable
Use gratuitous-arp-sending enable to enable sending of gratuitous ARP packets upon receiving
ARP requests whose sender IP address is on a different subnet.
Use undo gratuitous-arp-sending enable to restore the default.
Syntax
gratuitous-arp-sending enable
undo gratuitous-arp-sending enable
Default
A device does not send gratuitous ARP packets when it receives ARP requests whose sender IP
address is on a different subnet.
Views
System view
Predefined user roles
network-admin
Examples
# Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose
sender IP address is on a different subnet.
<Sysname> system-view
[Sysname] undo gratuitous-arp-sending enable
15
Proxy ARP commands
display local-proxy-arp
Use display local-proxy-arp to display the local proxy ARP status.
Syntax
display local-proxy-arp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays the local proxy ARP status for the specified
interface.
Usage guidelines
You can use this command to check whether local proxy ARP is enabled or disabled.
If an interface is specified, this command displays the local proxy ARP status for the specified
interface.
If no interface is specified, this command displays the local proxy ARP status for all interfaces.
Examples
# Display the local proxy ARP status for VLAN-interface 2.
<Sysname> display local-proxy-arp interface vlan-interface 2
Interface Vlan-interface2
Local Proxy ARP status: enabled
Related commands
local-proxy-arp enable
display proxy-arp
Use display proxy-arp to display the proxy ARP status.
Syntax
display proxy-arp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays the proxy ARP status for the specified interface.
16
Usage guidelines
You can use this command to check whether proxy ARP is enabled or disabled.
If an interface is specified, this command displays proxy ARP status for the specified interface.
If no interface is specified, this command displays proxy ARP status for all interfaces.
Examples
# Display the proxy ARP status on VLAN-interface 1.
<Sysname> display proxy-arp interface Vlan-interface 1
Interface Vlan-interface1
Proxy ARP status: disabled
Related commands
proxy-arp enable
local-proxy-arp enable
Use local-proxy-arp enable to enable local proxy ARP.
Use undo local-proxy-arp enable to disable local proxy ARP.
Syntax
local-proxy-arp enable [ ip-range startIP to endIP ]
undo local-proxy-arp enable
Default
Local proxy ARP is disabled.
Views
VLAN interface view, Layer 3 Ethernet interface view, Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
ip-range startIP to endIP: Specifies the IP address range for which local proxy ARP is enabled. The
start IP address must be lower than or equal to the end IP address.
Usage guidelines
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that
network. With proxy ARP, hosts in different broadcast domains can communicate with each other as
they do on the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP allows communication between hosts that connect to different Layer 3
interfaces and reside in different broadcast domains.
Local proxy ARP allows communication between hosts that connect to the same Layer 3 interface
and reside in different broadcast domains.
Only one IP address range can be specified by using the ip-range keyword on an interface.
Examples
# Enable local proxy ARP on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
17
[Sysname-Vlan-interface2] local-proxy-arp enable
# Enable local proxy ARP on VLAN-interface 2 for an IP address range.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.20
Related commands
display local-proxy-arp
proxy-arp enable
Use proxy-arp enable to enable proxy ARP.
Use undo proxy-arp enable to disable proxy ARP.
Syntax
proxy-arp enable
undo proxy-arp enable
Default
Proxy ARP is disabled.
Views
VLAN interface view, Layer 3 Ethernet interface view, Layer 3 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that
network. With proxy ARP, hosts in different broadcast domains can communicate with each other as
they do on the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP allows communication between hosts that connect to different Layer 3
interfaces and reside in different broadcast domains.
Local proxy ARP allows communication between hosts that connect to the same Layer 3 interface
and reside in different broadcast domains.
Examples
# Enable proxy ARP on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] proxy-arp enable
Related commands
display proxy-arp
18
ARP snooping commands
arp snooping enable
Use arp snooping enable to enable ARP snooping.
Use undo arp snooping enable to disable ARP snooping.
Syntax
arp snooping enable
undo arp snooping enable
Default
ARP snooping is disabled.
Views
VLAN view
Predefined user roles
network-admin
Examples
# Enable ARP snooping on VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] arp snooping enable
display arp snooping
Use display arp snooping to display ARP snooping entries.
Syntax
display arp snooping [ vlan vlan-id ] [ slot slot-number ] [ count ]
display arp snooping ip ip-address [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan vlan-id: Displays ARP snooping entries for a VLAN. The vlan-id argument is in the range of 1 to
4094.
count: Displays the number of the current ARP snooping entries.
ip ip-address: Displays the ARP snooping entry for the specified IP address.
slot slot-number: Specifies an IRF member device. The slot-number argument is the member device
ID in the IRF fabric.
19
Usage guidelines
If you do not specify any keywords or arguments, the command displays all ARP snooping entries.
Examples
# Display ARP snooping entries for VLAN 2.
<Sysname> display arp snooping vlan 2
IP Address
MAC Address
Aging
Status
3.3.3.3
0003-0003-0003 2
VLAN ID Interface
GE1/0/1
20
Valid
3.3.3.4
0004-0004-0004 2
GE1/0/2
5
Invalid
# Display the number of the current ARP snooping entries.
<Sysname> display arp snooping count
Total entries: 2
Table 2 Command output
Field
Description
IP Address
IP address in an ARP snooping entry.
MAC Address
MAC address in an ARP snooping entry.
VLAN ID
ID of the VLAN to which the ARP snooping entry belongs.
Interface
Input interface in an ARP snooping entry.
Aging time for an ARP snooping entry in minutes.
Aging
If the card learns an ARP snooping entry from another card, the card cannot
learn the aging time of the entry, and this field displays N/A.
Status
Status of an ARP snooping entry: Valid, Invalid, Collision.
Total entries
Number of ARP snooping entries.
Related commands
reset arp snooping
reset arp snooping
Use reset arp snooping to remove ARP snooping entries.
Syntax
reset arp snooping [ ip ip-address | vlan vlan-id ]
Views
User view
Predefined user roles
network-admin
Parameters
ip ip-address: Removes the ARP entry for the specified IP address.
vlan vlan-id: Removes the ARP entries for the specified VLAN. The vlan-id argument is in the range
of 1 to 4094.
Usage guidelines
If you do not specify any keywords or arguments, the command removes all ARP snooping entries.
20
Examples
# Remove ARP snooping entries for VLAN 2.
<Sysname> reset arp snooping vlan 2
Related commands
display arp snooping
21
IP addressing commands
The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified.
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN
interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by
using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display ip interface
Use display ip interface to display IP configuration and statistics for the specified Layer 3 interface
or all Layer 3 interfaces.
Syntax
display ip interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
Use the display ip interface command to display IP configuration and statistics for the specified
Layer 3 interface. The statistics include the following information:
•
The number of unicast packets, bytes, and multicast packets the interface has sent and
received.
•
The number of TTL-invalid packets and ICMP packets the interface has received.
The packet statistics helps you locate a possible attack on the network.
If you do not specify an interface, the command displays information about all Layer 3 interfaces.
Examples
# Display IP configuration and statistics for VLAN-interface 10.
<Sysname> display ip interface vlan-interface 10
Vlan-interface10 current state : DOWN
Line protocol current state : DOWN
Internet Address is 1.1.1.1/8 Primary
Broadcast address : 1.255.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
TTL invalid packet number:
0
ICMP packet input number:
0
Echo reply:
0
Unreachable:
0
Source quench:
0
22
Routing redirect:
0
Echo request:
0
Router advert:
0
Router solicit:
0
Time exceed:
0
IP header bad:
0
Timestamp request:
0
Timestamp reply:
0
Information request:
0
Information reply:
0
Netmask request:
0
Netmask reply:
0
Unknown type:
0
Table 3 Command output
Field
Description
current state
Current physical state of the interface:
•
Administrative DOWN—The interface is shut down with the
shutdown command.
•
DOWN—The interface is administratively up but its physical state is
down, which might be caused by a connection or link failure.
•
UP—Both the administrative and physical states of the interface are up.
Line protocol current state
Current state of the link layer protocol:
•
DOWN—The protocol state of the interface is down.
•
UP—The protocol state of the interface is up.
•
UP (spoofing)—The protocol state of the interface pretends to be up.
However, no corresponding link is present, or the corresponding link is
not present permanently but is established as needed.
Internet Address
IP address of an interface followed by:
•
Primary—A primary IP address.
•
Sub—A secondary IP address.
•
DHCP-Allocated—An IP address obtained through DHCP.
•
BOOTP-Allocated—An IP address obtained through BOOTP.
•
Cluster—A cluster IP address.
•
Mad—A MAD IP address.
Broadcast address
Broadcast address of the subnet attached to an interface.
The Maximum Transmit Unit
Maximum transmission units on the interface, in bytes.
input
packets,
multicasts
bytes,
output
packets,
multicasts
bytes,
TTL invalid packet number
Unicast packets, bytes, and multicast packets received on an interface
(statistics start at the device startup).
Number of TTL-invalid packets received on the interface (statistics start at
the device startup).
23
Field
ICMP packet input number:
Echo reply:
Unreachable:
Source quench:
Routing redirect:
Echo request:
Router advert:
Router solicit:
Time exceed:
IP header bad:
Timestamp request:
Timestamp reply:
Information request:
Information reply:
Netmask request:
Netmask reply:
Unknown type:
Description
Total number of ICMP packets received on the interface (statistics start at
the device startup):
•
Echo reply packets.
•
Unreachable packets.
•
Source quench packets.
•
Routing redirect packets.
•
Echo request packets.
•
Router advertisement packets.
•
Router solicitation packets.
•
Time exceeded packets.
•
IP header bad packets.
•
Timestamp request packets.
•
Timestamp reply packets.
•
Information request packets.
•
Information reply packets.
•
Netmask request packets.
•
Netmask reply packets.
•
Unknown type packets.
Related commands
•
display ip interface brief
•
ip address
display ip interface brief
Use display ip interface brief to display brief IP configuration information for the specified Layer 3
interface or all Layer 3 interfaces.
Syntax
display ip interface [ interface-type [ interface-number ] ] brief
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type: Specifies the interface type.
interface-number: Specifies the interface number.
Usage guidelines
Use the display ip interface brief command to display brief IP configuration information, including
the state, IP address, and description of the physical and link layer protocols, for the specified Layer
3 interface or all Layer 3 interfaces.
If you do not specify the interface type and interface number, the command displays the brief IP
configuration information for all Layer 3 interfaces.
24
If you specify only the interface type, the command displays the brief IP configuration information for
all Layer 3 interfaces of the specified type.
If you specify both the interface type and interface number, the command displays the brief IP
configuration information for the specified interface.
Examples
# Display brief IP configuration information for VLAN interfaces.
<Sysname> display ip interface vlan-interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface
Physical Protocol IP Address
Description
Vlan10
down
down
6.6.6.1
Vlan-inte...
Vlan2
down
down
7.7.7.1
Vlan-inte...
Table 4 Command output
Field
Description
*down: administratively
down
The interface is administratively shut down with the shutdown command.
(s) : spoofing
Spoofing attribute of the interface. It indicates that an interface might have no link
present even when its link layer protocol is up or the link is established only on
demand.
Interface
Interface name.
Physical
Physical state of the interface:
•
*down—The interface is administratively shut down with the shutdown
command.
•
down—The interface is administratively up but its physical state is down
(possibly because of poor connection or line failure).
•
up—Both the administrative and physical states of the interface are up.
Protocol
Link layer protocol state of the interface:
•
down—The protocol state of the interface is down (typically when no IP
address is configured for the interface).
•
up—The protocol state of the interface is up.
•
up(s)—The protocol state of the interface is up (spoofing).
IP Address
IP address of the interface. If no IP address is configured, unassigned is
displayed.
Interface description information.
Description
A maximum of 12 characters can be displayed. If there are more than 12
characters, only the first 9 characters are displayed.
Related commands
•
display ip interface
•
ip address
ip address
Use ip address to assign an IP address to the interface.
Use undo ip address to remove the IP address from the interface.
Syntax
ip address ip-address { mask-length | mask } [ sub ]
25
undo ip address [ ip-address { mask-length | mask } [ sub ] ]
Default
No IP address is assigned to an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of the interface, in dotted decimal notation.
mask-length: Specifies the subnet mask length in the range of 1 to 31. For a loopback interface, the
value range is 1 to 32.
mask: Specifies the subnet mask in dotted decimal notation.
sub: Assigns a secondary IP address to the interface.
Usage guidelines
Use the command to configure a primary IP address for an interface. If the interface connects to
multiple subnets, configure primary and secondary IP addresses on the interface so the subnets can
communicate with each other through the interface.
An interface can have only one primary IP address. A newly configured primary IP address
overwrites the previous address.
You cannot assign secondary IP addresses to an interface that obtains an IP address through
BOOTP, DHCP, or IP unnumbered.
The undo ip address command removes all IP addresses from the interface. The undo ip address
ip-address { mask | mask-length } command removes the primary IP address. The undo ip address
ip-address { mask | mask-length } sub command removes a secondary IP address. Before removing
the primary IP address, remove all secondary IP addresses.
The primary and secondary IP addresses you assign to the interface can be located on the same
network segment, but different interfaces on your device must reside on different network segments.
Examples
# Assign VLAN-interface 10 a primary IP address 129.12.0.1 and a secondary IP address
202.38.160.1, with subnet masks both 255.255.255.0.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ip address 129.12.0.1 255.255.255.0
[Sysname-Vlan-interface10] ip address 202.38.160.1 255.255.255.0 sub
Related commands
•
display ip interface
•
display ip interface brief
ip address unnumbered
Use ip address unnumbered to configure the current interface as IP unnumbered to borrow an IP
address from the specified interface.
Use undo ip address unnumbered to disable IP unnumbered on the interface.
26
Syntax
ip address unnumbered interface interface-type interface-number
undo ip address unnumbered
Default
The interface does not borrow IP addresses from other interfaces.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface from which the current interface
can borrow an IP address.
Usage guidelines
Typically, you assign an IP address to an interface either manually or through DHCP. If the IP
addresses are not enough, or the interface is used only occasionally, you can configure an interface
to borrow an IP address from other interfaces. This is called IP unnumbered, and the interface
borrowing the IP address is called IP unnumbered interface.
Multiple interfaces can use the same unnumbered IP address. If an interface has multiple manually
configured IP addresses, only the primary IP address manually configured can be borrowed.
You cannot enable a dynamic routing protocol on the interface that has no IP address configured. To
enable the interface to communicate with other devices, you must configure a static route to the peer
device on the interface.
Before entering tunnel interface view, make sure the tunnel interface has been created. For
information about tunnel interface, see Layer 3—IP Services Configuration Guide.
Examples
# Configure the interface Tunnel 1 to borrow the IP address of VLAN-interface 100.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunnel1] ip address unnumbered interface vlan-interface 100
27
DHCP commands
Common DHCP commands
dhcp dscp
Use dhcp dscp to set the DSCP value for DHCP packets sent by the DHCP server or the DHCP
relay agent.
Use undo dhcp dscp to restore the default.
Syntax
dhcp dscp dscp-value
undo dhcp dscp
Default
The DSCP value in DHCP packets is 56.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission
priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for DHCP packets to 30.
<Sysname> system-view
[Sysname] dhcp dscp 30
dhcp enable
Use dhcp enable to enable DHCP.
Use undo dhcp enable to disable DHCP.
Syntax
dhcp enable
undo dhcp enable
Default
DHCP is disabled.
Views
System view
28
Predefined user roles
network-admin
Usage guidelines
Enable DHCP before you perform DHCP server or relay agent configurations.
Examples
# Enable DHCP.
<Sysname> system-view
[Sysname] dhcp enable
dhcp select
Use dhcp select to enable the DHCP server or DHCP relay agent on an interface.
Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The
interface discards DHCP packets.
Syntax
dhcp select { relay | server }
undo dhcp select { relay | server }
Default
The interface operates in DHCP server mode and responds to DHCP requests with configuration
parameters.
Views
Interface view
Predefined user roles
network-admin
Parameters
relay: Enables the DHCP relay agent on the interface.
server: Enables the DHCP server on the interface.
Usage guidelines
Before changing the DHCP server mode to the DHCP relay agent mode on an interface, use the
reset dhcp server ip-in-use command to remove address bindings and authorized ARP entries.
These bindings might conflict with ARP entries that are created after the DHCP relay agent is
enabled.
Examples
# Enable the DHCP relay agent on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] dhcp select relay
Related commands
reset dhcp server ip-in-use
29
DHCP server commands
The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces
and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the
port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
address range
Use address range to configure an IP address range in a DHCP address pool for dynamic
allocation.
Use undo address range to remove the IP address range in the address pool.
Syntax
address range start-ip-address end-ip-address
undo address range
Default
No IP address range is configured.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address.
Usage guidelines
If no IP address range is specified, all IP addresses in the subnet specified by the network command
in address pool view are assignable. If an IP address range is specified, only the IP addresses in the
IP address range are assignable.
After you use the address range command, you cannot use the network secondary command to
specify a secondary subnet in the address pool.
If you use the command multiple times, the most recent configuration takes effect.
The address range specified by the address range command must be within the subnet specified by
the network command, and the addresses out of the address range cannot be assigned.
Examples
# Specify an address range of 192.168.8.1 through 192.168.8.150 in address pool 1.
<Sysname> system-view
[Sysname] dhcp server ip-pool 1
[Sysname-dhcp-pool-1] address range 192.168.8.1 192.168.8.150
Related commands
•
class
•
dhcp class
•
display dhcp server pool
•
network
30
bims-server
Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a
DHCP address pool.
Use undo bims-server to remove the specified BIMS server information.
Syntax
bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key
undo bims-server
Default
No BIMS server information is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies the IP address of the BIMS server.
port port-number: Specifies the port number of the BIMS server, in the range of 1 to 65534.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key.
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a
string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters.
The DHCP client uses the shared key to encrypt packets sent to the BIMS server.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
For security purposes, all passwords, including passwords configured in plaintext, are saved in
ciphertext.
Examples
# Specify the BIMS server IP address 1.1.1.1, port number 80, and shared key aabbcc in address
pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] bims-server ip 1.1.1.1 port 80 sharekey simple aabbcc
Related commands
display dhcp server pool
bootfile-name
Use bootfile-name to specify a configuration file name or URL.
Use undo bootfile-name to remove the configuration file name or URL.
Syntax
bootfile-name { bootfile-name | url }
undo bootfile-name
31
Default
No configuration file name or URL is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
bootfile-name: Specifies the configuration file name, a case-sensitive string of 1 to 63 characters.
url: Specifies the configuration file URL in the format of http://. It is a case-sensitive string of 1 to 63
characters.
Usage guidelines
If you use the bootfile-name command multiple times, the most recent configuration takes effect.
If the configuration file is on a TFTP server, specify the configuration file name, and the IP address or
name of the TFTP server.
If the configuration file is on an HTTP server, specify the configuration file URL.
Examples
# Specify the boot file name boot.cfg in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] bootfile-name boot.cfg
# Specify the URL http://10.1.1.1/boot.cfg for the remote boot file in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] bootfile-name http://10.1.1.1/boot.cfg
Related commands
•
display dhcp server pool
•
next-server
•
tftp-server domain-name
•
tftp-server ip-address
class
Use class to specify an IP address range for a DHCP user class.
Use undo class to remove the IP address range for the DHCP user class.
Syntax
class class-name range start-ip-address end-ip-address
undo class class-name
Default
No IP address range is specified for a DHCP user class.
Views
DHCP address pool view
32
Predefined user roles
network-admin
Parameters
class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63
characters. If the specified user class does not exist, the DHCP server will not assign the addresses
in the address range specified for the user class to any client.
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address.
Usage guidelines
The class command enables you to divide an address range into multiple address ranges for
different DHCP user classes. The address range for a user class must be within the primary subnet
specified by the network command. If the DHCP client does not match any DHCP user class, the
DHCP server selects an address in the IP address range specified by the address range command.
If the address range has no assignable IP addresses or no address range is configured, the address
allocation fails.
You can specify only one address range for a DHCP user class in an address pool. If you use the
class command multiple times for a DHCP user class, the most recent configuration takes effect.
After you specify an address range for a user class, you cannot use the network secondary
command to specify a secondary subnet in the address pool.
Examples
# Specify an IP address range of 192.168.8.1 through 192.168.8.150 for the DHCP user class user
in DHCP address pool 1.
<Sysname> system-view
[Sysname] dhcp server ip-pool 1
[Sysname-dhcp-pool-1] class user range 192.168.8.1 192.168.8.150
Related commands
•
address range
•
dhcp class
•
display dhcp server pool
dhcp class
Use dhcp class to create a DHCP user class and enter the DHCP user class view.
Use undo dhcp class to remove the specified user class.
Syntax
dhcp class class-name
undo dhcp class class-name
Default
No DHCP user class exists.
Views
System view
Predefined user roles
network-admin
33
Parameters
class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63
characters.
Usage guidelines
You can also use this command to enter the view of an existing DHCP user class.
In the DHCP user class view, use the if-match command to configure a match rule to match specific
clients. Then use the class command to specify an IP address range for the matching clients.
Examples
# Create a DHCP user class test and enter DHCP user class view.
<Sysname> system-view
[Sysname] dhcp class test
[Sysname-dhcp-class-test]
Related commands
•
address range
•
class
•
if-match
dhcp server always-broadcast
Use dhcp server always-broadcast to enable the DHCP server to broadcast all responses.
Use undo dhcp server always-broadcast to restore the default.
Syntax
dhcp server always-broadcast
undo dhcp server always-broadcast
Default
The DHCP server reads the broadcast flag in a DHCP request to decide whether to broadcast or
unicast the response.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP server to ignore the broadcast flag in DHCP requests and
broadcast all responses.
If a DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0), the DHCP
server always unicasts a response (the destination address is ciaddr) to the DHCP client regardless
of whether this command is executed.
If a DHCP request is from a DHCP relay agent (the giaddr field is not 0), the DHCP server always
unicasts a response (the destination address is giaddr) to the DHCP relay agent regardless of
whether this command is executed.
Examples
# Enable the DHCP server to broadcast all responses.
<Sysname> system-view
34
[Sysname] dhcp server always-broadcast
dhcp server apply ip-pool
Use dhcp server apply ip-pool to apply an address pool on an interface.
Use undo dhcp server apply ip-pool to remove the configuration.
Syntax
dhcp server apply ip-pool pool-name
undo dhcp server apply ip-pool
Default
No address pool is applied on an interface
Views
Interface view
Predefined user roles
network-admin
Parameters
pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63
characters.
Usage guidelines
Upon receiving a DHCP request from the interface, the DHCP server searches for a static binding for
the client from all address pools. If no static binding is found, the server assigns configuration
parameters from the address pool applied on the interface to the client. If the address pool has no
assignable IP address or does not exist, the DHCP client cannot obtain an IP address.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Apply DHCP address pool 0 on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] dhcp server apply ip-pool 0
Related commands
dhcp server ip-pool
dhcp server bootp ignore
Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests.
Use undo dhcp server bootp ignore to restore the default.
Syntax
dhcp server bootp ignore
undo dhcp server bootp ignore
Default
The DHCP server does not ignore BOOTP requests.
35
Views
System view
Predefined user roles
network-admin
Usage guidelines
The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not
allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests.
Examples
# Configure the DHCP server to ignore BOOTP requests.
<Sysname> system-view
[Sysname] dhcp server bootp ignore
dhcp server bootp reply-rfc-1048
Use dhcp server bootp reply-rfc-1048 to enable the DHCP server to send BOOTP responses in
RFC 1048 format when it receives RFC 1048-incompliant BOOTP requests for statically bound
addresses.
Use undo dhcp server bootp reply-rfc-1048 to disable this feature.
Syntax
dhcp server bootp reply-rfc-1048
undo dhcp server bootp reply-rfc-1048
Default
This feature is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Not all BOOTP clients can send requests compliant with RFC 1048. By default, the DHCP server
does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into
responses.
Use this command to enable the DHCP server to fill in the Vend field using the RFC 1048-compliant
format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients that request
statically bound addresses.
Examples
# Enable the DHCP server to send BOOTP responses in RFC 1048 format upon receiving BOOTP
requests incompliant with RFC 1048.
<Sysname> system-view
[Sysname] dhcp server bootp reply-rfc-1048
dhcp server forbidden-ip
Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation.
Use undo dhcp server forbidden-ip to remove the configuration.
36
Syntax
dhcp server forbidden-ip start-ip-address [ end-ip-address ]
undo dhcp server forbidden-ip start-ip-address [ end-ip-address ]
Default
No IP addresses are excluded from dynamic allocation.
Views
System view
Predefined user roles
network-admin
Parameters
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If you
do not specify this argument, only the start-ip-address is excluded from dynamic allocation.
Usage guidelines
The IP addresses of some devices such as the gateway and FTP server cannot be assigned to
clients. Use this command to exclude such addresses from dynamic allocation.
You can exclude multiple IP address ranges from dynamic allocation.
If the excluded IP address is in a static binding, the address can be still assigned to the client.
The address or address range specified in the undo form of the command must be the same as the
address or address range specified in the command. To remove an IP address that has been
specified as part of an address range, you must remove the entire address range.
Examples
# Exclude the IP addresses of 10.110.1.1 through 10.110.1.63 from dynamic allocation.
<Sysname> system-view
[Sysname] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
Related commands
•
forbidden-ip
•
static-bind
dhcp server ip-pool
Use dhcp server ip-pool to create a DHCP address pool and enter its view.
Use undo dhcp server ip-pool to remove the specified DHCP address pool.
Syntax
dhcp server ip-pool pool-name
undo dhcp server ip-pool pool-name
Default
No DHCP address pool is created.
Views
System view
37
Predefined user roles
network-admin
Parameters
pool-name: Specifies the name for the DHCP address pool, a case-insensitive string of 1 to 63
characters used to uniquely identify this pool.
Usage guidelines
You can also use this command to enter the view of an existing DHCP address pool.
A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients.
Examples
# Create a DHCP address pool named pool1.
<Sysname> system-view
[Sysname] dhcp server ip-pool pool1
[Sysname-dhcp-pool-pool1]
Related commands
•
dhcp server apply ip-pool
•
display dhcp server pool
dhcp server ping packets
Use dhcp server ping packets to set the maximum number of ping packets.
Use undo dhcp server ping packets to restore the default.
Syntax
dhcp server ping packets number
undo dhcp server ping packets
Default
The maximum number of ping packets is 1.
Views
System view
Predefined user roles
network-admin
Parameters
number: Sets the maximum number of ping packets, in the range of 0 to 10. To disable the address
conflict detection, set the value to 0.
Usage guidelines
To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP
client.
If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP
address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP
client.
Examples
# Set the maximum number of ping packets to 10.
<Sysname> system-view
38
[Sysname] dhcp server ping packets 10
Related commands
•
dhcp server ping timeout
•
display dhcp server conflict
•
reset dhcp server conflict
dhcp server ping timeout
Use dhcp server ping timeout to set the ping response timeout time on the DHCP server.
Use undo dhcp server ping timeout to restore the default.
Syntax
dhcp server ping timeout milliseconds
undo dhcp server ping timeout
Default
The ping response timeout time is 500 milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
milliseconds: Sets the timeout time in the range of 0 to 10000 milliseconds. To disable the ping
operation for address conflict detection, set the value to 0 milliseconds.
Usage guidelines
To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP
client.
If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP
address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP
client.
Examples
# Set the response timeout time to 1000 milliseconds.
<Sysname> system-view
[Sysname] dhcp server ping timeout 1000
Related commands
•
dhcp server ping packets
•
display dhcp server conflict
•
reset dhcp server conflict
dhcp server relay information enable
Use dhcp server relay information enable to enable the DHCP server to handle Option 82.
Use undo dhcp server relay information enable to configure the DHCP server to ignore Option
82.
39
Syntax
dhcp server relay information enable
undo dhcp server relay information enable
Default
The DHCP server handles Option 82.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into
the response. If the server is configured to ignore Option 82, the response will not contain Option 82.
Examples
# Configure the DHCP server to ignore Option 82.
<Sysname> system-view
[Sysname] undo dhcp server relay information enable
display dhcp server conflict
Use display dhcp server conflict to display information about IP address conflicts.
Syntax
display dhcp server conflict [ ip ip-address ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip ip-address: Displays conflict information about the specified IP address. If you do not specify this
option, this command displays information about all IP address conflicts.
Usage guidelines
The DHCP server creates IP address conflict information in the following conditions:
•
Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and
discovers that it has been used by other host.
•
The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP
address conflict.
•
The DHCP server discovers that the only assignable address in the address pool is its own IP
address.
Examples
# Display information about all IP address conflicts.
<Sysname> display dhcp server conflict
IP address
Detect time
40
4.4.4.1
Apr 25 16:57:20 2007
4.4.4.2
Apr 25 17:00:10 2007
Table 5 Command output
Field
Description
IP address
Conflicted IP address.
Detect time
Time when the conflict was discovered.
Related commands
reset dhcp server conflict
display dhcp server expired
Use display dhcp server expired to display the lease expiration information.
Syntax
display dhcp server expired [ ip ip-address | pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip ip-address: Displays lease expiration information about the specified IP address.
pool pool-name: Displays lease expiration information about the specified address pool. The pool
name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command displays lease expiration information about all
address pools.
DHCP assigns these expired IP addresses to DHCP clients when all available addresses have been
assigned.
Examples
# Display all lease expiration information.
<Sysname> display dhcp server expired
IP address
4.4.4.6
Client-identifier/Hardware address
Lease expiration
3030-3066-2e65-3230-302e-3130-3234
Apr 25 17:10:47 2007
-2d45-7468-6572-6e65-7430-2f31
Table 6 Command output
Field
Description
IP address
Expired IP address.
Client-identifier/Hardware address
Client ID or MAC address.
Lease expiration
Time when the lease expired.
41
Related commands
reset dhcp server expired
display dhcp server free-ip
Use display dhcp server free-ip to display information about assignable IP addresses.
Syntax
display dhcp server free-ip [ pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool pool-name: Displays assignable IP addresses in the specified address pool. The pool name is a
case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this command
displays all assignable IP addresses for all address pools.
Examples
# Display assignable IP addresses in all address pools.
<Sysname> display dhcp server free-ip
Pool name: 1
Network: 10.0.0.0 mask 255.0.0.0
IP ranges from 10.0.0.10 to 10.0.0.100
IP ranges from 10.0.0.105 to 10.0.0.255
Secondary networks:
10.1.0.0 mask 255.255.0.0
IP ranges from 10.1.0.0 to 10.1.0.255
10.2.0.0 mask 255.255.0.0
IP Ranges from 10.2.0.0 to 10.2.0.255
Pool name: 2
Network: 20.1.1.0 mask 255.255.255.0
IP ranges from 20.1.1.0 to 20.1.1.255
Table 7 Command output
Field
Description
Pool name
Name of the address pool.
Network
Assignable network.
IP ranges
Assignable IP address range.
Secondary networks
Assignable secondary networks.
Related commands
•
address range
•
dhcp server ip-pool
42
•
network
display dhcp server ip-in-use
Use display dhcp server ip-in-use to display binding information about assigned IP addresses.
Syntax
display dhcp server ip-in-use [ ip ip-address | pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip ip-address: Displays binding information about the specified IP address.
pool pool-name: Displays binding information about the specified IP address pool. The pool name is
a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command displays binding information about all assigned
DHCP addresses.
If the lease deadline exceeds the year 2100, the lease expiration time is displayed as After 2100.
The client binding information can be used by other security modules such as IP source guard only
when the DHCP server is configured on the gateway of DHCP clients.
Examples
# Display binding information about all assigned DHCP addresses.
<Sysname> display dhcp server ip-in-use
IP address
Client identifier/
Lease expiration
Type
Hardware address
10.1.1.1
4444-4444-4444
Not used
Static(F)
10.1.1.2
3030-3030-2e30-3030-
May 1 14:02:49 2009
Auto(C)
After 2100
Static(C)
662e-3030-3033-2d457468-6572-6e65-74
10.1.1.3
1111-1111-1111
Table 8 Command output
Field
Description
IP address
IP address assigned.
Client identifier/Hardware
address
Client ID or hardware address.
Lease expiration
Lease expiration time:
•
Exact time (May 1 14:02:49 2009 in this example)—Time when the
lease will expire.
•
Not used—The IP address of the static binding has not been assigned
to the specific client.
•
Unlimited—Infinite lease expiration time.
•
After 2100—The lease will expire after 2100.
43
Field
Description
Type
Binding types:
•
Static(F)—A free static binding whose IP address has not been
assigned.
•
Static(O)—An offered static binding whose IP address has been
selected and sent by the DHCP server in a DHCP-OFFER packet to the
client. Static(C)—A committed static binding whose IP address has
been assigned to the DHCP client.
•
Auto(O)—An offered temporary dynamic binding whose IP address has
been dynamically selected by the DHCP server and sent in a
DHCP-OFFER packet to the DHCP client.
•
Auto(C)—A committed dynamic binding whose IP address has been
dynamically assigned to the DHCP client.
Related commands
reset dhcp server ip-in-use
display dhcp server pool
Use display dhcp server pool to display information about a DHCP address pool.
Syntax
display dhcp server pool [ pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool-name: Displays information about the specified address pool. The pool name is a
case-insensitive string of 1 to 63 characters. If you do not specify the pool-name argument, this
command displays information about all address pools.
Examples
# Display information about all DHCP address pools.
<Sysname> display dhcp server pool
Pool name: 0
Network 20.1.1.0 mask 255.255.255.0
class a range 20.1.1.50 20.1.1.60
bootfile-name abc.cfg
dns-list 20.1.1.66 20.1.1.67 20.1.1.68
domain-name www.aabbcc.com
bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
option 2 ip-address 1.1.1.1
expired 1 2 3 0
Pool name: 1
Network 20.1.1.0 mask 255.255.255.0
secondary networks:
44
20.1.2.0 mask 255.255.255.0
20.1.3.0 mask 255.255.255.0
bims-server ip 192.168.0.51 port 50 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37
forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.24
gateway-list 1.1.1.1 2.2.2.2 4.4.4.4
nbns-list 5.5.5.5 6.6.6.6 7.7.7.7
netbios-type m-node
option 2 ip-address 1.1.1.1
expired 1 0 0 0
Pool name: 2
Network 20.1.1.0 mask 255.255.255.0
address range 20.1.1.1 to 20.1.1.15
class departmentA range 20.1.1.20 to 20.1.1.29
class departmentB range 20.1.1.30 to 20.1.1.40
next-server 20.1.1.33
tftp-server domain-name www.dian.org.cn
tftp-server ip-address 192.168.0.120
voice-config ncp-ip 10.1.1.2
voice-config as-ip 10.1.1.5
voice-config voice-vlan 3 enable
voice-config fail-over 10.1.1.1 123*
option 2 ip-address 1.1.1.3
expired 1 0 0 0
Pool name: 3
static bindings:
ip-address 10.10.1.2 mask 255.0.0.0
hardware-address 00e0-00fc-0001 ethernet
ip-address 10.10.1.3 mask 255.0.0.0
client-identifier aaaa-bbbb
expired unlimited
Table 9 Command output
Field
Description
Pool name
Name of an address pool.
Network
Assignable network.
secondary networks
Assignable secondary networks.
address range
Assignable address range.
class class-name range
DHCP user class and its address range.
static bindings
Static IP-to-MAC/client ID bindings.
option
Customized DHCP option.
expired
Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3
minutes 4 seconds.
bootfile-name
Boot file name
45
Field
Description
dns-list
DNS server IP address.
domain-name
Domain name suffix.
bims-server
BIMS server information.
forbidden-ip
IP addresses excluded from dynamic allocation.
gateway-list
Gateway addresses.
nbns-list
WINS server addresses.
netbios-type
NetBIOS node type.
next-server
Next server IP address.
tftp-server domain-name
TFTP server name.
tftp-server ip-address
TFTP server address.
voice-config ncp-ip
Primary network calling processor address.
voice-config as-ip
Backup network calling processor address.
voice-config voice-vlan
Voice VLAN.
voice-config fail-over
Failover route.
display dhcp server statistics
Use display dhcp server statistics to display the DHCP server statistics.
Syntax
display dhcp server statistics [ pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63
characters. If you do not specify this option, this command displays information about all address
pools.
Examples
# Display the DHCP server statistics.
<Sysname> display dhcp server statistics
Pool number:
1
Pool utilization:
0.39%
Bindings:
Automatic:
1
Manual:
0
Expired:
0
Conflict:
Messages received:
1
10
46
DHCPDISCOVER:
5
DHCPREQUEST:
3
DHCPDECLINE:
0
DHCPRELEASE:
2
DHCPINFORM:
0
BOOTPREQUEST:
0
Messages sent:
6
DHCPOFFER:
3
DHCPACK:
3
DHCPNAK:
0
BOOTPREPLY:
0
Bad Messages:
0
Table 10 Command output
Field
Description
Pool number
Total number of address pools. This field is not displayed when you
display statistics for a specific address pool.
Pool utilization
Pool utilization rate:
•
If you display statistics for all address pools, this field displays the
utilization rate of all address pools.
•
If you display statistics for an address pool, this field displays the
pool utilization rate of the specified address pool.
Bindings
Bindings include the following types:
•
Automatic—Number of dynamic bindings.
•
Manual—Number of static bindings.
•
Expired—Number of expired bindings.
Conflict
Total number of conflict addresses. This field is not displayed if you
display statistics for a specific address pool.
Messages received
DHCP packets received from clients:
•
DHCPDISCOVER.
•
DHCPREQUEST.
•
DHCPDECLINE.
•
DHCPRELEASE.
•
DHCPINFORM.
•
BOOTPREQUEST.
This field is not displayed if you display statistics for a specific address
pool.
Messages sent
DHCP packets sent to clients:
•
DHCPOFFER.
•
DHCPACK.
•
DHCPNAK.
•
BOOTPREPLY.
This field is not displayed if statistics about a specific address pool are
displayed.
Bad Messages
Number of bad messages. This field is not displayed if you display
statistics for a specific address pool.
Related commands
reset dhcp server statistics
47
dns-list
Use dns-list to specify DNS server addresses in a DHCP address pool.
Use undo dns-list to remove DNS server addresses from a DHCP address pool.
Syntax
dns-list ip-address&<1-8>
undo dns-list [ ip-address&<1-8> ]
Default
No DNS server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies DNS servers. &<1-8> indicates that you can specify up to eight DNS
server addresses separated by spaces.
Usage guidelines
If you use the dns-list command multiple times, the most recent configuration takes effect.
If you do not specify any parameters, the undo dns-list command deletes all DNS server addresses
in the DHCP address pool.
Examples
# Specify the DNS server address 10.1.1.254 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] dns-list 10.1.1.254
Related commands
display dhcp server pool
domain-name
Use domain-name to specify a domain name in a DHCP address pool.
Use undo domain-name to remove the specified domain name.
Syntax
domain-name domain-name
undo domain-name
Default
No domain name is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
48
Parameters
domain-name: Specifies the domain name, a case-sensitive string of 1 to 50 characters.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the domain name company.com in address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] domain-name company.com
Related commands
display dhcp server pool
expired
Use expired to set the lease duration in a DHCP address pool.
Use undo expired to restore the default lease duration for a DHCP address pool.
Syntax
expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited }
undo expired
Default
The lease duration of a dynamic address pool is one day.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
day day: Sets the number of days, in the range of 0 to 365.
hour hour: Sets the number of hours, in the range of 0 to 23.
minute minute: Sets the number of minutes, in the range of 0 to 59.
second second: Sets the number of seconds, in the range of 0 to 59.
unlimited: Specifies the unlimited lease duration, which is actually 136 years.
Usage guidelines
The DHCP server assigns an IP address together with the lease duration to the DHCP client. Before
the lease expires, the DHCP client must extend the lease duration.
•
If the lease extension operation succeeds, the DHCP client can continue to use the IP address.
•
If the lease extension operation does not succeed, both of the following events occur:

The DHCP client cannot use the IP address after the lease duration expires.

The DHCP server will label the IP address as an expired address.
Examples
# Set the lease duration to 1 day, 2 hours, 3 minutes, and 4 seconds in DHCP address pool 0.
<Sysname> system-view
49
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] expired day 1 hour 2 minute 3 second 4
Related commands
•
display dhcp server expired
•
display dhcp server pool
•
reset dhcp server expired
forbidden-ip
Use forbidden-ip to exclude IP addresses from dynamic allocation in an address pool.
Use undo forbidden-ip to cancel the configuration.
Syntax
forbidden-ip ip-address&<1-8>
undo forbidden-ip [ ip-address&<1-8> ]
Default
No IP addresses are excluded from dynamic allocation in an address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to
eight IP addresses, separated by spaces.
Usage guidelines
The excluded IP addresses in an address pool are still assignable in other address pools.
You can exclude a maximum of 4096 IP addresses in an address pool.
If you do not specify any parameters, the undo forbidden-ip command deletes all excluded IP
addresses.
Examples
# Exclude IP addresses 192.168.1.3 and 192.168.1.10 from dynamic allocation in DHCP address
pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] forbidden-ip 192.168.1.3 192.168.1.10
Related commands
•
dhcp server forbidden-ip
•
display dhcp server pool
gateway-list
Use gateway-list to specify gateway addresses in a DHCP address pool or a DHCP secondary
subnet.
50
Use undo gateway-list to remove the specified gateway addresses from a DHCP address pool or a
DHCP secondary subnet.
Syntax
gateway-list ip-address&<1-8>
undo gateway-list [ ip-address&<1-8> ]
Default
No gateway address is configured in a DHCP address pool or a DHCP secondary subnet.
Views
DHCP address pool view, DHCP secondary subnet view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies gateways. &<1-8> indicates that you can specify up to eight gateway
addresses separated by spaces. Gateway addresses must reside on the same subnet as the
assignable IP addresses.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
If you do not specify any parameters, the undo gateway-list command deletes all gateway
addresses.
If you specify gateways in both address pool view and secondary subnet view, DHCP assigns the
gateway addresses in the secondary subnet view to the clients on the secondary subnet.
If you specify gateways in address pool view but not in secondary subnet view, DHCP assigns the
gateway addresses in address pool view to the clients on the secondary subnet.
Examples
# Specify the gateway address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] gateway-list 10.1.1.1
Related commands
display dhcp server pool
if-match
Use if-match to configure a match rule for a DHCP user class.
Use undo if-match to remove the match rule for a DHCP user class.
Syntax
if-match rule rule-number option option-code [ hex hex-string [ mask mask | offset offset length
length ] ]
undo if-match rule rule-number
Default
No match rule is configured for the DHCP user class.
51
Views
DHCP user class view
Predefined user roles
network-admin
Parameters
rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents a
higher match priority.
option option-code: Matches a DHCP option by a number in the range of 1 to 254.
hex hex-string: Matches the specified hexadecimal string in the option. The length of the
hexadecimal string must be an even number in the range of 2 to 256. If you do not specify this option,
the DHCP server only checks whether the specified option exists in the received packets.
mask mask: Specifies the mask used to match the option content. The mask argument is a
hexadecimal string, whose length is an even number in the range of 2 to 256. The length of mask
must be the same as that of hex-string.
offset offset: Specifies the offset used to match the option, in the range of 0 to 254 bytes. If you do
not specify this option, the server matches the entire option with the rule.
length length: Matches the specified length of the option, in the range of 1 to 128 bytes. The
specified length must be the same as the hex-string length.
Usage guidelines
You can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified
by a rule ID. Different match rules can include the same option code, but they cannot have the same
matching criteria.
The DHCP server compares DHCP requests against the match rules. A DHCP client matches a
DHCP user class when its request matches one of the specified match rules.
The match operation follows these guidelines:
•
If only the option-code argument is specified in the rule, packets containing the option match the
rule.
•
If the option-code and hex-string arguments are specified in the rule, packets that have the
specified hexadecimal string in the specified option match the rule.
•
If the option-code, hex-string, offset and length arguments are specified in the rule, packets
match the rule as long as their content from offset+1 bit to offset+length bit in the specified
option is the same as the specified hexadecimal string.
•
If the option-code, hex-string, and mask arguments are specified in the rule, the DHCP server
ANDs the content from the first bit to the mask-1 bit in the specified option with the mask. Then
the server compares the result with the result of the AND operation between hex-string and
mask. If the two results are the same, the received packet matches the rule.
Examples
# Configure match rule 1 to match DHCP requests that contain Option 82 for DHCP user class exam.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 1 option 82
# Configure match rule 2 to match DHCP requests that contain Option 82. Option 82's first three
bytes are 0x13ae92 for the DHCP user class exam.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 2 option 82 hex 13ae92 offset 0 length 3
52
# Configure match rule 3 to match DHCP requests that contain Option 82. Option 82's highest bit of
the fourth byte is 1 for the DHCP user class exam.
<Sysname> system-view
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 3 option 82 hex 00000080 mask 00000080
Related commands
dhcp class
nbns-list
Use nbns-list to specify WINS server addresses in a DHCP address pool.
Use undo nbns-list to remove the specified WINS server addresses.
Syntax
nbns-list ip-address&<1-8>
undo nbns-list [ ip-address&<1-8> ]
Default
No WINS server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to
eight WINS server addresses separated by spaces.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
If you do not specify any parameters, the undo nbns-list command deletes all WINS server
addresses.
Examples
# Specify the WINS server IP address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] nbns-list 10.1.1.1
Related commands
•
display dhcp server pool
•
netbios-type
netbios-type
Use netbios-type to specify the NetBIOS node type in a DHCP address pool.
Use undo netbios-type to remove the specified NetBIOS node type.
53
Syntax
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type
Default
No NetBIOS node type is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast
message to get the name-to-IP mapping from a server.
h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server.
If it does not receive a response, the h-node client broadcasts the destination name to get the
mapping from a server.
m-node: Specifies the mixed node. An m-node client broadcasts the destination name. If it does not
receive a response, the m-node client unicasts the destination name to the WINS server to get the
mapping.
p-node: Specifies the peer-to-peer node. A p-node client sends the destination name in a unicast
message to get the mapping from the WINS server.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the NetBIOS node type as p-node in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] netbios-type p-node
Related commands
•
display dhcp server pool
•
nbns-list
network
Use network to specify the subnet for dynamic allocation in a DHCP address pool.
Use undo network to remove the specified subnet.
Syntax
network network-address [ mask-length | mask mask ] [ secondary ]
undo network network-address [ mask-length | mask mask ] [ secondary ]
Default
No subnet is specified in an address pool.
Views
DHCP address pool view
54
Predefined user roles
network-admin
Parameters
network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified,
the natural mask will be used.
mask-length: Specifies the mask length in the range of 1 to 30.
mask mask: Specifies the mask in dotted decimal format.
secondary: Specifies the subnet as a secondary subnet. If you do not specify this keyword, this
command specifies the primary subnet. If the addresses in the primary subnet are used up, the
DHCP server can select addresses from a secondary subnet for clients.
Usage guidelines
You can use the secondary keyword to specify a secondary subnet and enter its view, where you
can specify gateways by using the gateway-list command for DHCP clients in the secondary
subnet.
You can specify only one primary subnet for a DHCP address pool. If you use the network command
multiple times, the most recent configuration takes effect.
You can specify up to 32 secondary subnets for a DHCP address pool.
The primary subnet and secondary subnets in a DHCP address pool must not have the same
network address and mask.
If you have used the address range or class command in an address pool, you cannot specify a
secondary subnet in the same address pool.
Modifying or removing the network configuration deletes the assigned addresses from the current
address pool.
Examples
# Specify primary subnet 192.168.8.0/24 and secondary subnet 192.168.10.0/24 in DHCP address
pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] network 192.168.8.0 mask 255.255.255.0
[Sysname-dhcp-pool-0] network 192.168.10.0 mask 255.255.255.0 secondary
[Sysname-dhcp-pool-0-secondary]
Related commands
•
display dhcp server pool
•
gateway-list
next-server
Use next-server to specify the IP address of a server in a DHCP address pool.
Use undo next-server to remove the server's IP address from the DHCP address pool.
Syntax
next-server ip-address
undo next-server
Default
No server's IP address is specified in a DHCP address pool.
55
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a server.
Usage guidelines
Upon startup, the DHCP client obtains an IP address and the specified server IP address. Then it
contacts the specified server, such as a TFTP server, to get other boot information.
If you use the next-server command multiple times, the most recent configuration takes effect.
Examples
# Specify a server's IP address 10.1.1.254 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] next-server 10.1.1.254
Related commands
display dhcp server pool
option
Use option to customize a DHCP option.
Use undo option to remove a customized DHCP option.
Syntax
option code { ascii ascii-string | hex hex-string | ip-address ip-address&<1-8> }
undo option code
Default
No DHCP option is customized.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
code: Specifies the number of the customized option, in the range of 2 to 254, excluding 50 through
54, 56, 58, 59, 61, and 82.
ascii ascii-string: Specifies an ASCII string of 1 to 255 characters as the option content.
hex hex-string: Specifies a hexadecimal string of even numbers from 2 to 256 as the option content.
ip-address ip-address&<1-8>: Specifies the IP addresses as the option content. &<1-8> indicates
that you can specify up to eight IP addresses separated by spaces.
Usage guidelines
The DHCP server fills the customized option with the specified ASCII string, hexadecimal string, or
IP addresses, and sends it in a response to the client.
56
If you use the option command with the same code specified, the most recent configuration takes
effect.
You can customize options for the following purposes:
•
Add newly released options.
•
Add options for which the vendor defines the contents, for example, Option 43.
•
Add options for which the CLI does not provide a dedicated configuration command. For
example, you can use the option 4 ip-address 1.1.1.1 command to define the time server
address 1.1.1.1 for DHCP clients.
•
Add all option values if the actual requirement exceeds the limit for a dedicated option
configuration command. For example, the dns-list command can specify up to eight DNS
servers. To specify more than eight DNS server, you must use the option 6 command to define
all DNS servers.
If a DHCP option is specified by both the dedicated command and the option command, the DHCP
server assigns the content specified by the dedicated command. For example, if a DNS server
address is specified by the dns-list command and the option 6 command, the server uses the
address specified by dns-list command.
Examples
# Configure Option 7 to specify the log server address 2.2.2.2 in address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] option 7 ip-address 2.2.2.2
Related commands
display dhcp server pool
reset dhcp server conflict
Use reset dhcp server conflict to clear IP address conflict information.
Syntax
reset dhcp server conflict [ ip ip-address ]
Views
User view
Predefined user roles
network-admin
Parameters
ip ip-address: Clears conflict information about the specified IP address. If you do not specify this
option, this command clears all address conflict information.
Usage guidelines
Address conflicts occur when dynamically assigned IP addresses have been statically configured for
other hosts. After you modify the address pool configuration, the conflicted addresses might become
assignable. To assign these addresses, use the reset dhcp server conflict command to clear the
conflict information first.
Examples
# Clear all IP address conflict information.
<Sysname> reset dhcp server conflict
57
Related commands
display dhcp server conflict
reset dhcp server expired
Use reset dhcp server expired to clear binding information about expired IP addresses.
Syntax
reset dhcp server expired [ ip ip-address | pool pool-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ip ip-address: Clears binding information about the specified expired IP address.
pool pool-name: Clears binding information about the expired IP addresses in the specified address
pool. The pool name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command clears binding information about all expired IP
addresses.
Examples
# Clear binding information about all expired IP addresses.
<Sysname> reset dhcp server expired
Related commands
display dhcp server expired
reset dhcp server ip-in-use
Use reset dhcp server ip-in-use to clear binding information about assigned IP addresses.
Syntax
reset dhcp server ip-in-use [ ip ip-address | pool pool-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ip ip-address: Clears binding information about the specified assigned IP address.
pool pool-name: Clears binding information about the specified address pool. The pool name is a
case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command clears binding information about all assigned IP
addresses.
58
If you use this command to clear information about an assigned static binding, the static binding
becomes an unassigned static binding.
Examples
# Clear binding information about the IP address 10.110.1.1.
<Sysname> reset dhcp server ip-in-use ip 10.110.1.1
Related commands
display dhcp server ip-in-use
reset dhcp server statistics
Use reset dhcp server statistics to clear DHCP server statistics.
Syntax
reset dhcp server statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear DHCP server statistics.
<Sysname> reset dhcp server statistics
Related commands
display dhcp server statistics
static-bind
Use static-bind to statically bind a client ID or MAC address to an IP address.
Use undo static-bind to remove a static binding.
Syntax
static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier |
hardware-address hardware-address [ ethernet | token-ring ] }
undo static-bind ip-address ip-address
Default
No static binding is specified in a DHCP address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address ip-address: Specifies the IP address of the static binding. The natural mask is used if no
mask length or mask is specified.
mask-length: Specifies the mask length in the range of 1 to 30.
mask mask: Specifies the mask, in dotted decimal format.
59
client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254
characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…., in
which the last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all
four-digit hexadecimal numbers. For example, aabb-cccc-dd is a correct ID, while aabb-c-dddd and
aabb-cc-dddd are incorrect IDs.
hardware-address hardware-address: Specifies the client hardware address of the static binding, a
string of 4 to 79 characters that can contain only hexadecimal numbers and hyphen (-), in the format
of H-H-H…, in which the last H can be a two-digit or four-digit hexadecimal number while the other
Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is a correct hardware
address, while aabb-c-dddd and aabb-cc-dddd are incorrect hardware addresses.
ethernet: Specifies the client hardware address type as Ethernet. The default type is Ethernet.
token-ring: Specifies the client hardware address type as token ring.
Usage guidelines
The IP address of a static binding must not be an interface address of the DHCP server. Otherwise,
an IP address conflict occurs, and the bound client cannot obtain the IP address.
You can specify multiple static bindings in an address pool. The total number of static bindings in all
address pools cannot exceed 8192.
You cannot modify bindings. To change the binding for a DHCP client, you must delete the existing
binding first and create a new binding.
Examples
# Bind the IP address 10.1.1.1/24 to the client ID 00aa-aabb in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
client-identifier 00aa-aabb
Related commands
display dhcp server pool
tftp-server domain-name
Use tftp-server domain-name to specify a TFTP server name in a DHCP address pool.
Use undo tftp-server domain-name to remove the TFTP server name from a DHCP address pool.
Syntax
tftp-server domain-name domain-name
undo tftp-server domain-name
Default
No TFTP server name is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters.
60
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Specify the TFTP server name aaa in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] tftp-server domain-name aaa
Related commands
•
display dhcp server pool
•
tftp-server ip-address
tftp-server ip-address
Use tftp-server ip-address to specify a TFTP server address in a DHCP address pool.
Use undo tftp-server ip-address to remove the TFTP server address from a DHCP address pool.
Syntax
tftp-server ip-address ip-address
undo tftp-server ip-address
Default
No TFTP server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a TFTP server.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Specify the TFTP server address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.1
Related commands
•
display dhcp server pool
•
tftp-server domain-name
voice-config
Use voice-config to configure the content for Option 184 in a DHCP address pool.
Use undo voice-config to remove the Option 184 content from a DHCP address pool.
61
Syntax
voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan
vlan-id { disable | enable } }
undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ]
Default
No Option 184 content is configured in a DHCP address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
Parameters
as-ip ip-address: Specifies the IP address of the backup network calling processor.
fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string
is a string of 1 to 39 characters, which can include numbers 0 through 9 and asterisk (*).
ncp-ip ip-address: Specifies the IP address of the primary network calling processor.
voice-vlan vlan-id: Specifies the voice VLAN ID in the range of 2 to 4094.
•
disable: Disables the specified VLAN. DHCP clients will not take this VLAN as their voice
VLAN.
•
enable: Enables the specified VLAN. DHCP clients will take this VLAN as their voice VLAN.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Configure Option 184 in DHCP address pool 0. The primary and backup network calling
processors are at 10.1.1.1 and 10.2.2.2, respectively. The voice VLAN 3 is enabled. The failover IP
address is 10.3.3.3. The dialer string is 99*.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] voice-config ncp-ip 10.1.1.1
[Sysname-dhcp-pool-0] voice-config as-ip 10.2.2.2
[Sysname-dhcp-pool-0] voice-config voice-vlan 3 enable
[Sysname-dhcp-pool-0] voice-config fail-over 10.3.3.3 99*
Related commands
display dhcp server pool
DHCP relay agent commands
The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces
and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the
port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
dhcp relay check mac-address
Use dhcp relay check mac-address to enable MAC address check on the relay agent.
Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.
62
Syntax
dhcp relay check mac-address
undo dhcp relay check mac-address
Default
The MAC address check feature is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This feature enables the DHCP relay agent to compare the chaddr field of a received DHCP request
with the source MAC address in the frame header. If they are the same, the DHCP relay agent
forwards the request to the DHCP server. If they are not the same, the DHCP relay agent discards
the request.
The MAC address check feature takes effect only when the dhcp select relay command has
already been configured on the interface.
Enable the MAC address check feature only on the DHCP relay agent directly connected to the
DHCP clients. A DHCP relay agent changes the source MAC address of DHCP packets before
sending them. If you enable this feature on an intermediate relay agent, it might discard valid DHCP
packet, and the sending clients will not obtain IP addresses.
Examples
# Enable MAC address check on the relay agent.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay check mac-address
Related commands
dhcp select relay
dhcp relay check mac-address aging time
Use dhcp relay check mac-address aging time to set the aging time for MAC address check
entries on the DHCP relay agent.
Use undo dhcp relay check mac-address aging time to restore the default.
Syntax
dhcp relay check mac-address aging-time time
undo dhcp relay check mac-address aging-time
Default
The aging time is 30 seconds.
Views
System view
Predefined user roles
network-admin
63
Parameters
time: Sets the aging time for MAC address check entries in seconds, in the range of 30 to 600.
Usage guidelines
This command takes effect only after you execute the dhcp relay check mac-address command.
Examples
# Set the aging time to 60 seconds for MAC address check entries on the DHCP relay agent.
<Sysname> system-view
[Sysname] dhcp relay check mac-address aging-time 60
dhcp relay client-information record
Use dhcp relay client-information record to enable recording client information in relay entries. A
relay entry contains information about a client such as the client's IP and MAC addresses.
Use undo dhcp relay client-information record to disable the feature.
Syntax
dhcp relay client-information record
undo dhcp relay client-information record
Default
The DHCP relay agent does not record client information in relay entries.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Disabling recording of client information deletes all recorded relay entries.
Client information is recorded only when the DHCP relay agent is configured on the gateway of
DHCP clients.
Examples
# Enable recording of relay entries on the relay agent.
<Sysname> system-view
[Sysname] dhcp relay client-information record
Related commands
•
dhcp relay client-information refresh
•
dhcp relay client-information refresh enable
dhcp relay client-information refresh
Use dhcp relay client-information refresh to set the interval at which the DHCP relay agent
periodically refreshes relay entries.
Use undo dhcp relay client-information refresh to restore the default.
Syntax
dhcp relay client-information refresh [ auto | interval interval ]
64
undo dhcp relay client-information refresh
Default
The refresh interval is automatically calculated based on the number of relay entries.
Views
System view
Predefined user roles
network-admin
Parameters
auto: Automatically calculates the refresh interval. The more the entries, the shorter the refresh
interval. The shortest interval must not be less than 500 ms.
interval interval: Sets the refresh interval in the range of 1 to 120 seconds.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Set the refresh interval to 100 seconds.
<Sysname> system-view
[Sysname] dhcp relay client-information refresh interval 100
Related commands
•
dhcp relay client-information record
•
dhcp relay client-information refresh enable
dhcp relay client-information refresh enable
Use dhcp relay client-information refresh enable to enable the relay agent to periodically refresh
dynamic relay entries.
Use undo dhcp relay client-information refresh enable to disable the relay agent to periodically
refresh dynamic relay entries.
Syntax
dhcp relay client-information refresh enable
undo dhcp relay client-information refresh enable
Default
The DHCP relay agent periodically refreshes relay entries.
Views
System view
Predefined user roles
network-admin
Usage guidelines
A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address.
The DHCP relay agent conveys the message to the DHCP server and does not remove the
IP-to-MAC entry of the client.
With this feature, the DHCP relay agent uses the IP address of a client and the MAC address of the
DHCP relay interface to periodically send a DHCP-REQUEST message to the DHCP server.
65
•
•
If the server returns a DHCP-ACK message or does not return any message within an interval,
the DHCP relay agent performs the following operations:

Removes the relay entry.

Sends a DHCP-RELEASE message to the DHCP server to release the IP address.
If the server returns a DHCP-NAK message, the relay agent keeps the entry.
With this feature disabled, the DHCP relay agent does not remove relay entries automatically. After a
DHCP client releases its IP address, you must use the reset dhcp relay client-information on the
relay agent to remove the corresponding relay entry.
Examples
# Disable periodic refresh of relay entries.
<Sysname> system-view
[Sysname] undo dhcp relay client-information refresh enable
Related commands
•
dhcp relay client-information record
•
dhcp relay client-information refresh
•
reset dhcp relay client-information
dhcp relay information circuit-id
Use dhcp relay information circuit-id to configure the padding mode and padding format for the
Circuit ID sub-option of Option 82.
Use undo dhcp relay information circuit-id to restore the default.
Syntax
dhcp relay information circuit-id { string circuit-id | { normal | verbose [ node-identifier { mac |
sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }
undo dhcp relay information circuit-id
Default
The padding mode is normal and the padding format is hex.
Views
Interface view
Predefined user roles
network-admin
Parameters
string circuit-id: Specifies the string mode that uses a case-sensitive string of 3 to 63 characters as
the content of the Circuit ID sub-option.
normal: Specifies the normal mode, in which the padding content consists of the VLAN ID and port
number.
verbose: Specifies the verbose mode. The padding content includes the VLAN ID and interface
number.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node
identifier. The padding content includes the node identifier, Ethernet type (fixed to eth), interface
number, and VLAN ID. The node identifier varies by keyword mac, sysname, and user-defined.
•
mac: Uses the MAC address of the access node as the node identifier. It is the default node
identifier.
66
•
sysname: Uses the device name as the node identifier. You can set the device name by using
the sysname command in system view. The padding format for the device name is always
ASCII regardless of the specified padding format.
NOTE:
If sysname is used as the node identifier, do not include any space when you set the device name.
Otherwise, the DHCP relay agent fails to add or replace the Option 82.
•
user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node
identifier. The padding format for the specified character string is always ASCII regardless of
the specified padding format.
format: Sets the padding format for the Circuit ID sub-option.
ascii: Sets the padding format to ASCII.
hex: Sets the padding format to hex.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
The padding format for the user-defined string, the normal mode, or the verbose modes varies by
command configuration. Table 11 shows how the padding format is determined for different modes.
Table 11 Padding format for different modes
Keyword (mode)
If no padding format
is set
If the padding
format is ascii
If the padding format is hex
string circuit-id
You cannot set a
padding format, and the
padding
format
is
always ASCII.
N/A
N/A
normal
Hex.
ASCII.
Hex.
Hex for the VLAN ID.
verbose
ASCII for the node
identifier, Ethernet type,
and interface number.
ASCII.
ASCII for the node identifier and
Ethernet type.
Hex for the interface number and
VLAN ID.
Examples
# Specify the padding mode as verbose, node identifier as the device name, and the padding format
as ASCII for the Circuit ID sub-option.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
[Sysname-Vlan-interface10] dhcp relay information strategy replace
[Sysname-Vlan-interface10] dhcp relay information circuit-id verbose node-identifier
sysname format ascii
Related commands
•
dhcp relay information enable
•
dhcp relay information strategy
•
display dhcp relay information
67
dhcp relay information enable
Use dhcp relay information enable to enable the relay agent to support Option 82.
Use undo dhcp relay information enable to disable Option 82 support.
Syntax
dhcp relay information enable
undo dhcp relay information enable
Default
The DHCP relay agent does not support Option 82.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not
contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is
determined by the dhcp relay information circuit-id and dhcp relay information remote-id
commands. If the DHCP requests contain Option 82, the relay agent handles the requests according
to the strategy configured with the dhcp relay information strategy command.
If this feature is disabled, the relay agent forwards requests that contain or do not contain Option 82
to the DHCP server.
Examples
# Enable Option 82 support on the relay agent.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
Related commands
•
dhcp relay information circuit-id
•
dhcp relay information remote-id
•
dhcp relay information strategy
•
display dhcp relay information
dhcp relay information remote-id
Use dhcp relay information remote-id to configure the padding mode and padding format for the
Remote ID sub-option of Option 82.
Use undo dhcp relay information remote-id to restore the default.
Syntax
dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname }
undo dhcp relay information remote-id
Default
The padding mode is normal and the padding format is hex.
68
Views
Interface view
Predefined user roles
network-admin
Parameters
normal: Specifies the normal mode in which the padding content is the MAC address of the
receiving interface.
format: Sets the padding format for the Remote ID sub-option. The default padding format is hex.
ascii: Sets the padding format to ASCII.
hex: Sets the padding format to hex.
string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as
the content of the Remote ID sub-option.
sysname: Specifies the sysname mode that uses the device name as the content of the Remote ID
sub-option. You can set the device name by using the sysname command.
Usage guidelines
The padding format for the specified character string (string) or the device name (sysname) is
always ASCII. The padding format for the normal mode is determined by the command.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the padding content for the Remote ID sub-option of Option 82 as device001.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
[Sysname-Vlan-interface10] dhcp relay information strategy replace
[Sysname-Vlan-interface10] dhcp relay information remote-id string device001
Related commands
•
dhcp relay information enable
•
dhcp relay information strategy
•
display dhcp relay information
dhcp relay information strategy
Use dhcp relay information strategy to configure the strategy for the DHCP relay agent to handle
messages containing Option 82.
Use undo dhcp relay information strategy to restore the default handling strategy.
Syntax
dhcp relay information strategy { drop | keep | replace }
undo dhcp relay information strategy
Default
The handling strategy for messages that contain Option 82 is replace.
Views
Interface view
69
Predefined user roles
network-admin
Parameters
drop: Drops DHCP messages that contain Option 82 messages.
keep: Keeps the original Option 82 intact.
replace: Replaces the original Option 82 with the configured Option 82.
Usage guidelines
This command takes effect only on DHCP requests that contain Option 82.
When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP
requests that do not contain Option 82 before forwarding the requests to the DHCP.
Examples
# Specify the handling strategy for Option 82 as keep.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
[Sysname-Vlan-interface10] dhcp relay information strategy keep
Related commands
•
dhcp relay information enable
•
display dhcp relay information
dhcp relay release ip
Use dhcp relay release ip to release a specific client IP address.
Syntax
dhcp relay release ip client-ip [ vpn-instance vpn-instance-name ]
Views
System view
Predefined user roles
network-admin
Parameters
client-ip: Specifies the IP address to be released.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance of the IP address. The
vpn-instance-name is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN
instance, this command releases the IP address in the public network.
Usage guidelines
After you execute this command, the relay agent sends a DHCP-RELEASE packet to the DHCP
server and removes the relay entry of the IP address. Upon receiving the packet, the server removes
binding information about the specified IP address to release the IP address.
Examples
# Release the IP address 1.1.1.1.
<Sysname> system-view
[Sysname] dhcp relay release ip 1.1.1.1
70
dhcp relay server-address
Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent.
Use undo dhcp relay server-address to remove DHCP servers.
Syntax
dhcp relay server-address ip-address
undo dhcp relay server-address [ ip-address ]
Default
No DHCP server is specified on the relay agent.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP
packets received from DHCP clients to this DHCP server.
Usage guidelines
The specified IP address of the DHCP server must not reside on the same subnet as the IP address
of the DHCP relay agent interface. Otherwise, the DHCP clients might fail to obtain IP addresses.
You can specify a maximum of eight DHCP servers on an interface. The DHCP relay agent forwards
the packets from the clients to all the specified DHCP servers.
If you do not specify an IP address, the undo dhcp relay server-address command removes all
DHCP servers on the interface.
Examples
# Specify the DHCP server 1.1.1.1 on the relay agent interface VLAN-interface 10.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay server-address 1.1.1.1
Related commands
•
dhcp select relay
•
display dhcp relay interface
dhcp smart-relay enable
Use dhcp smart-relay enable to enable the DHCP smart relay feature.
Use undo dhcp smart-relay enable to disable the DHCP smart relay feature.
Syntax
dhcp smart-relay enable
undo dhcp smart-relay enable
Default
The DHCP smart relay feature is disabled.
71
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature is available in Release 1121 and later.
This command enables the smart relay feature on interfaces that are configured as the relay agent
on the device.
The smart relay feature allows the relay agent to encapsulate secondary IP addresses to the giaddr
field when the DHCP server does not reply the DHCP-OFFER message. The relay agent initially
encapsulates its primary IP address to the giaddr field before forwarding a request to the DHCP
server. If no DHCP-OFFER is returned after two retries, the relay agent switches to secondary IP
addresses.
Without this feature, the relay agent always encapsulates the primary IP address to the giaddr field.
Examples
# Enable the DHCP smart relay feature.
<Sysname> system-view
[Sysname] dhcp smart-relay enable
display dhcp relay check mac-address
Use display dhcp relay check mac-address to display MAC address check entries on the relay
agent.
Syntax
display dhcp relay check mac-address
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display MAC address check entries on the DHCP relay agent.
<Sysname> display dhcp relay check mac-address
Source-MAC
Interface
23f3-1122-adf1
GE1/0/1
Aging-time
10
23f3-1122-2230
GE1/0/2
30
Table 12 Command output
Field
Description
Source MAC
Source MAC address of the attacker.
Interface
Interface where the attack comes from.
Aging-time
Aging time of the MAC address check entry, in seconds.
72
display dhcp relay client-information
Use display dhcp relay client-information to display relay entries on the relay agent.
Syntax
display dhcp relay client-information [ interface interface-type interface-number | ip ip-address
[ vpn-instance vpn-instance-name ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays relay entries on the specified interface.
ip ip-address: Displays the relay entry for the specified IP address.
vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the
specified MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31
characters.
Usage guidelines
The DHCP relay agent records relay entries only when the dhcp relay client-information record
command has been issued.
If you do not specify any parameters, the display dhcp relay client-information command displays
all relay entries on the relay agent.
Examples
# Display all relay entries on the relay agent.
<Sysname> display dhcp relay client-information
Total number of client-information items: 2
Total number of dynamic items: 1
Total number of temporary items: 1
IP address
MAC address
Type
Interface
VPN name
10.1.1.1
00e0-0000-0001
Dynamic
Vlan1
VPN1
10.1.1.5
00e0-0000-0000
Temporary
Vlan2
VPN2
Table 13 Command output
Field
Description
Total number of client-information items
Total number of relay entries.
Total number of dynamic items
Total number of dynamic relay entries.
Total number of temporary items
Total number of temporary relay entries.
IP address
IP address of the DHCP client.
MAC address
MAC address of the DHCP client.
73
Field
Description
Type
Relay entry type:
•
Dynamic—The relay agent creates a dynamic relay entry
upon receiving an ACK response from the DHCP server.
•
Temporary—The relay agent creates a temporary relay
entry upon receiving a REQUEST packet from a DHCP
client.
Interface
Layer 3 interface connected to the DHCP client. N/A is
displayed for relay entries without interface information.
Related commands
•
dhcp relay client-information record
•
reset dhcp relay client-information
display dhcp relay information
Use display dhcp relay information to display Option 82 configuration information for the DHCP
relay agent.
Syntax
display dhcp relay information [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays Option 82 configuration information for the
specified interface. If you do not specify an interface, this command displays Option 82 configuration
information about all interfaces.
Examples
# Display Option 82 configuration information for all interfaces.
<Sysname> display dhcp relay information
Interface: Vlan-interface100
Status: Enable
Strategy: Replace
Circuit ID Pattern: Verbose
Remote ID Pattern: Sysname
Circuit ID format-type: Undefined
Remote ID format-type: ASCII
Node identifier: aabbcc
Interface: Vlan-interface200
Status: Enable
Strategy: Replace
Circuit ID Pattern: User Defined
Remote ID Pattern: User Defined
Circuit ID format-type: ASCII
74
Remote ID format-type: ASCII
User defined:
Circuit ID: vlan100
Remote ID: device001
Table 14 Command output
Field
Description
Interface
Interface name.
Status
Option 82 states:
•
Enable—DHCP relay agent support for Option 82 is enabled.
•
Disable—DHCP relay agent support for Option 82 is disabled.
Strategy
Handling strategy for request messages containing Option 82, Drop,
Keep, or Replace.
Circuit ID Pattern
Padding content mode of the Circuit ID sub-option, Verbose, Normal, or
User Defined.
Remote ID Pattern
Padding content mode of the Remote ID sub-option, Sysname, Normal,
or User Defined.
Circuit ID format-type
Padding format of the Circuit ID sub-option, ASCII, Hex, or Undefined.
Remote ID format-type
Padding format of the Remote ID sub-option, ASCII, Hex, or Undefined.
Node identifier
Access node identifier.
User defined
Content of the user-defined sub-options.
Circuit ID
User-defined content of the Circuit ID sub-option.
Remote ID
User-defined content of the Remote ID sub-option.
display dhcp relay server-address
Use display dhcp relay server-address to display DHCP server addresses configured on an
interface.
Syntax
display dhcp relay server-address [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays DHCP server addresses on the specified
interface. If you do not specify an interface, this command displays DHCP server addresses on all
interfaces operating in DHCP relay agent mode.
Examples
# Display DHCP server addresses on all interfaces.
<Sysname> display dhcp relay server-address
Interface name
Server IP address
75
Vlan1
2.2.2.2
Table 15 Command output
Field
Description
Interface name
Interface name.
Server IP address
DHCP server IP address.
Related commands
dhcp relay server-address
display dhcp relay statistics
Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent.
Syntax
display dhcp relay statistics [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays DHCP packet statistics on the specified
interface. If you do not specify an interface, this command displays all DHCP packet statistics on the
DHCP relay agent.
Examples
# Display all DHCP packet statistics on the DHCP relay agent.
<Sysname> display dhcp relay statistics
DHCP packets dropped:
0
DHCP packets received from clients:
0
DHCPDISCOVER:
0
DHCPREQUEST:
0
DHCPINFORM:
0
DHCPRELEASE:
0
DHCPDECLINE:
0
BOOTPREQUEST:
0
DHCP packets received from servers:
0
DHCPOFFER:
0
DHCPACK:
0
DHCPNAK:
0
BOOTPREPLY:
0
DHCP packets relayed to servers:
0
DHCPDISCOVER:
0
DHCPREQUEST:
0
DHCPINFORM:
0
DHCPRELEASE:
0
76
DHCPDECLINE:
0
BOOTPREQUEST:
0
DHCP packets relayed to clients:
0
DHCPOFFER:
0
DHCPACK:
0
DHCPNAK:
0
BOOTPREPLY:
0
DHCP packets sent to servers:
0
DHCPDISCOVER:
0
DHCPREQUEST:
0
DHCPINFORM:
0
DHCPRELEASE:
0
DHCPDECLINE:
0
BOOTPREQUEST:
0
DHCP packets sent to clients:
0
DHCPOFFER:
0
DHCPACK:
0
DHCPNAK:
0
BOOTPREPLY:
0
Related commands
reset dhcp relay statistics
reset dhcp relay client-information
Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.
Syntax
reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address
[ vpn-instance vpn-instance-name ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Clears relay entries on the specified interface.
ip ip-address: Clears the relay entry for the specified IP address.
vpn-instance vpn-instance-name: Clears the relay entry for the specified IP address in the specified
MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31 characters. If
you do not specify a VPN instance, this command clears the relay entry in the public network.
Usage guidelines
If you do not specify any parameters, this command clears all relay entries on the DHCP relay agent.
Examples
# Clear all relay entries on the DHCP relay agent.
<Sysname> reset dhcp relay client-information
77
Related commands
display dhcp relay client-information
reset dhcp relay statistics
Use reset dhcp relay statistics to clear relay agent statistics.
Syntax
reset dhcp relay statistics [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Clears DHCP relay agent statistics on the specified
interface. If you do not specify an interface, this command clears all DHCP relay agent statistics.
Examples
# Clear all DHCP relay agent statistics.
<Sysname> reset dhcp relay statistics
Related commands
display dhcp relay statistics
DHCP client commands
dhcp client dad enable
Use dhcp client dad enable to enable duplicate address detection.
Use undo dhcp client dad enable to disable duplicate address detection.
Syntax
dhcp client dad enable
undo dhcp client dad enable
Default
The duplicate address detection feature is enabled on an interface.
Views
System view
Predefined user roles
network-admin
Usage guidelines
DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address
owner to send an ARP reply, which makes the client unable to use the IP address assigned by the
server. As a best practice, disable duplicate address detection when ARP attacks exist on the
network.
78
Examples
# Disable the duplicate address.
<Sysname> system-view
[Sysname] undo dhcp client dad enable
dhcp client dscp
Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client.
Use undo dhcp client dscp to restore the default.
Syntax
dhcp client dscp dscp-value
undo dhcp client dscp
Default
The DSCP value in DHCP packets is 56.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission
priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value to 30 for DHCP packets sent by the DHCP client.
<Sysname> system-view
[Sysname] dhcp client dscp 30
dhcp client identifier
Use dhcp client identifier to configure a DHCP client ID for an interface.
Use undo dhcp client identifier to restore the default.
Syntax
dhcp client identifier { ascii string | hex string | mac interface-type interface-number }
undo dhcp client identifier
Default
An interface generates an ASCII character string as the DHCP client ID based on its MAC address
and the interface name.
Views
Interface view
Predefined user roles
network-admin
79
Parameters
ascii string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID.
hex string: Specifies a hexadecimal string of 4 to 64 characters as the client ID.
mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP
client ID. The interface-type interface-number argument specifies an interface by its type and
number.
Usage guidelines
A DHCP client ID is added to the DHCP option 61. A DHCP server can specify IP addresses for
clients based on the DHCP client ID. You can specify a DHCP client ID by performing one of the
following operations:
•
Naming an ASCII string or hexadecimal string as the client ID.
•
Using the MAC address of an interface to generate a client ID.
Whichever method you use, make sure the IDs for different DHCP clients are unique.
Examples
# Specify the hexadecimal string of FFFFFFF as the client ID for VLAN-interface 10.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp client identifier hex FFFFFFFF
Related commands
display dhcp client
display dhcp client
Use display dhcp client to display DHCP client information.
Syntax
display dhcp client [ verbose ] [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays verbose DHCP client information.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you do not specify an interface, this command displays DHCP client information about all
interfaces.
Examples
# Display DHCP client information about all interfaces.
<Sysname> display dhcp client
Vlan-interface10 DHCP client information:
Current state: BOUND
Allocated IP: 40.1.1.20 255.255.255.0
80
Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds
DHCP server: 40.1.1.2
# Display verbose DHCP client information.
<Sysname> display dhcp client verbose
Vlan-interface10 DHCP client information:
Current state: BOUND
Allocated IP: 40.1.1.20 255.255.255.0
Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds
Lease from May 21 19:00:29 2012
to
May 31 19:00:29 2012
DHCP server: 40.1.1.2
Transaction ID: 0x1c09322d
Default router: 40.1.1.2
Classless static routes:
Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16
Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16
DNS servers: 44.1.1.11 44.1.1.12
Domain name: ddd.com
Boot servers: 200.200.200.200
1.1.1.1
Client ID type: acsii(type value=00)
Client ID value: 000c.29d3.8659-Vlan1
Client ID (with type) hex: 0030-3030-632e-32396433-2e38-3635-392d4574-6830-2f30-2f32
T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.
Table 16 Command output
Field
Vlan-interface10
information
Description
DHCP
client
Information about the interface that acts as the DHCP client.
Current state
Current state of the DHCP client:
•
HALT—The client stops applying for an IP address.
•
INIT—The initialization state.
•
SELECTING—The client has sent out a DHCP-DISCOVER
message in search for a DHCP server and is waiting for the
response from DHCP servers.
•
REQUESTING—The
client
has
sent
out
a
DHCP-REQUEST message requesting for an IP address
and is waiting for the response from DHCP servers.
•
BOUND—The client has received the DHCP-ACK message
from a DHCP server and obtained an IP address
successfully.
•
RENEWING—The T1 timer expires.
•
REBOUNDING—The T2 timer expires.
Allocated IP
IP address allocated by the DHCP server.
Allocated lease
Allocated lease time.
T1
1/2 lease time (in seconds) of the DHCP client IP address.
T2
7/8 lease time (in seconds) of the DHCP client IP address.
Lease from….to….
Start and end time of the lease.
81
Field
Description
DHCP server
DHCP server IP address that assigned the IP address.
Transaction ID
Transaction ID, a random number chosen by the client to identify
an IP address allocation.
Default router
Gateway address assigned to the client.
Classless static routes
Classless static routes assigned to the client.
Static routes
Classful static routes assigned to the client.
DNS servers
DNS server address assigned to the client.
Domain name
Domain name suffix assigned to the client.
Boot servers
PXE server addresses (up to 16 addresses) specified for the
DHCP client, which are obtained through Option 43.
Client ID type
DHCP client ID type:
•
If an ASCII string is used as the client ID value, the type
value is 00.
•
If the MAC address of a specific interface is used as the
client ID value, the type value is 01.
•
If a hexadecimal string is used as the client ID value, the
type value is the first two characters in the string.
Client ID value
Value of the DHCP client ID.
Client ID (with type) hex
DHCP client ID with the type field, a hexadecimal string.
T1 will timeout in 1 day 11 hours 58
minutes 52 seconds.
How long the T1 (1/2 lease time) timer will timeout.
Related commands
•
dhcp client identifier
•
ip address dhcp-alloc
ip address dhcp-alloc
Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition.
Use undo ip address dhcp-alloc to cancel an interface from using DHCP.
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
Default
An interface does not use DHCP for IP address acquisition.
Views
Interface view
Predefined user roles
network-admin
82
Usage guidelines
When you execute the undo ip address dhcp-alloc command, the interface sends a
DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is
down, the message cannot be sent out.
Examples
# Configure VLAN-interface 10 to use DHCP for IP address acquisition.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ip address dhcp-alloc
DHCP snooping commands
DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client
and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay
agent.
dhcp snooping binding database filename
Use dhcp snooping binding database filename to configure the DHCP snooping device to back
up DHCP snooping entries to a file.
Use undo dhcp snooping binding database filename to disable the auto backup and remove the
backup file.
Syntax
dhcp snooping binding database filename { filename | url url [ username username [ password
{ cipher | simple } key ] ] }
undo dhcp snooping binding database filename
Default
The DHCP snooping device does not back up DHCP snooping entries.
Views
System view
Predefined user roles
network-admin
Parameters
filename: Specifies the name of a local file. For information about the filename argument, see
Fundamentals Configuration Guide.
url url: Specifies the URL of a remote file. Do not include any username or password in the URL.
Case sensitivity and the supported path format type vary by server.
username username: Specifies the username for logging in to the remote device.
cipher: Sets a ciphertext password.
simple: Sets a plaintext password.
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a
string of 1 to 32 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
83
Usage guidelines
For security purposes, all passwords, including passwords configured in plaintext, are saved in
ciphertext.
With this command executed, the DHCP snooping device backs up DHCP snooping entries
immediately and runs auto backup. The command automatically creates the file if you specify a
non-existent file. The DHCP snooping device, by default, waits 300 seconds after a DHCP snooping
entry change to update the backup file. To change the waiting period, use the dhcp snooping
binding database update interval command. If no DHCP snooping entry changes, the backup file
is not updated.
When the file is on a remote device, follow these restrictions and guidelines to specify the URL,
username, and password:
•
If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file
path, where the port number is optional.
•
If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file
path, where the port number is optional.
•
The username and password must be the same as those configured on the FTP or TFTP
server. If the server authenticates only the username, the password can be omitted. For
example, enter URL ftp://1.1.1.1/database.dhcp username admin to specify the URL and
username options at the CLI.
•
If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for
example, ftp://[1::1]/database.dhcp.
•
You can also specify the DNS domain name for the server address field, for example,
ftp://company/database.dhcp.
Examples
# Configure the DHCP snooping device to back up DHCP snooping entries to the file
database.dhcp.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename database.dhcp
# Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp
in the working directory of the FTP server at 10.1.1.1.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename url ftp://10.1.1.1/database.dhcp
username 1 password simple 1
# Configure the DHCP snooping device to back up DHCP snooping entries to the file database.dhcp
in the working directory of the TFTP server at 10.1.1.1.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename tftp://10.1.1.1/database.dhcp
Related commands
dhcp snooping binding database update interval
dhcp snooping binding database update interval
Use dhcp snooping binding database update interval to set the waiting time after a DHCP
snooping entry change for the DHCP snooping device to update the backup file.
Use undo dhcp snooping binding database update interval to restore the default.
Syntax
dhcp snooping binding database update interval seconds
undo dhcp snooping binding database update interval
84
Default
The DHCP snooping device waits 300 seconds after a DHCP snooping entry change to update the
backup file. If no DHCP snooping entry changes, the backup file is not updated.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Sets the waiting time in seconds, in the range of 60 to 864000.
Usage guidelines
When a DHCP snooping entry is learned, updated, or removed, the waiting period starts. The DHCP
snooping device updates the backup file when the waiting period is reached. All changed entries
during the period will be saved to the backup file.
The waiting time does not take effect if you do not configure the DHCP snooping entry auto backup
by using the dhcp snooping binding database filename command.
Examples
# Set the waiting time to 600 seconds for the DHCP snooping device to update the backup file.
<Sysname> system-view
[Sysname] dhcp snooping binding database update interval 600
Related commands
dhcp snooping binding database filename
dhcp snooping binding database update now
Use dhcp snooping binding database update now to manually save DHCP snooping entries to
the backup file.
Syntax
dhcp snooping binding database update now
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command does not take effect if you do not configure the DHCP snooping entry auto backup by
using the dhcp snooping binding database filename command.
Examples
# Manually save DHCP snooping entries to the backup file.
<Sysname> system-view
[Sysname] dhcp snooping binding database update now
Related commands
dhcp snooping binding database filename
85
dhcp snooping binding record
Use dhcp snooping binding record to enable recording of client information in DHCP snooping
entries.
Use undo dhcp snooping binding record to disable recording of client information in DHCP
snooping entries.
Syntax
dhcp snooping binding record
undo dhcp snooping binding record
Default
DHCP snooping does not record client information.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command enables DHCP snooping on the port directly connecting to the clients to record client
information in DHCP snooping entries.
Examples
# Enable recording of client information in DHCP snooping entries.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping binding record
dhcp snooping check mac-address
Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.
Use undo dhcp snooping check mac-address to disable MAC address check for DHCP snooping.
Syntax
dhcp snooping check mac-address
undo dhcp snooping check mac-address
Default
MAC address check for DHCP snooping is disabled.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP
request with the source MAC address field in the frame header. If they are the same, DHCP
snooping considers this request valid and forwards it to the DHCP server. If they are not the same,
DHCP snooping discards the DHCP request.
86
Examples
# Enable MAC address check for DHCP snooping.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping check mac-address
dhcp snooping check request-message
Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP
snooping.
Use undo dhcp snooping check request-message to disable DHCP-REQUEST check for DHCP
snooping.
Syntax
dhcp snooping check request-message
undo dhcp snooping check request-message
Default
This feature is disabled.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and
DHCP-RELEASE packets. This feature prevents unauthorized clients that forge DHCP-REQUEST
packets from attacking the DHCP server.
With this feature enabled, DHCP snooping looks for a matching DHCP snooping entry for each
received DHCP-REQUEST message.
•
If a match is found, DHCP snooping compares the entry with the message. If they have
consistent information, DHCP snooping considers the packet valid and forwards it to the DHCP
server. If they have different information, DHCP snooping considers the message invalid and
discards it.
•
If no match is found, DHCP snooping forwards the message to the DHCP server.
Examples
# Enable DHCP-REQUEST check for DHCP snooping.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping check request-message
dhcp snooping enable
Use dhcp snooping enable to enable DHCP snooping.
Use undo dhcp snooping enable to disable DHCP snooping.
Syntax
dhcp snooping enable
87
undo dhcp snooping enable
Default
DHCP snooping is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use the DHCP snooping feature together with trusted port configuration. Before trusted ports are
configured, all ports on the DHCP snooping device are untrusted and the device discards all
responses sent from DHCP servers.
When DHCP snooping is disabled, the device forwards all responses from DHCP servers.
Examples
# Enable DHCP snooping.
<Sysname> system-view
[Sysname] dhcp snooping enable
dhcp snooping information circuit-id
Use dhcp snooping information circuit-id to configure the padding mode and padding format for
the Circuit ID sub-option.
Use undo dhcp snooping information circuit-id to restore the default.
Syntax
dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose
[ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }
undo dhcp snooping information circuit-id [ vlan vlan-id ]
Default
The padding mode is normal and the padding format is hex.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Specifies a VLAN ID for the Circuit ID sub-option.
string circuit-id: Specifies the string mode, in which the padding content for the Circuit ID sub-option
is a case-sensitive string of 3 to 63 characters.
normal: Specifies the normal mode. The padding content includes the VLAN ID and interface
number.
verbose: Specifies the verbose mode.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node
identifier. The padding content includes the node identifier, Ethernet type (fixed to eth), interface
number, and VLAN ID. The node identifier varies by keyword mac, sysname, and user-defined.
88
•
mac: Uses the MAC address of the access node as the node identifier. It is the default node
identifier.
•
sysname: Uses the device name as the node identifier. You can set the device name by using
the sysname command in system view. The padding format for the device name is always
ASCII regardless of the specified padding format.
NOTE:
If sysname is used as the node identifier, do not include any space when you set the device name.
Otherwise, the DHCP snooping device fails to add or replace the Option 82.
•
user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node
identifier. The padding format for the specified character string is always ASCII regardless of
the specified padding format.
format: Sets the padding format for the Circuit ID sub-option.
ascii: Sets the padding format to ASCII.
hex: Sets the padding format to hex.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
The padding format for the user-defined string, the normal mode, or the verbose modes varies by
command configuration. Table 17 shows how the padding format is determined for different modes.
Table 17 Padding format for different modes
Keyword (mode)
If no padding format
is set
If the padding
format is ascii
If the padding format is hex
string circuit-id
You cannot set a
padding format, and the
padding
format
is
always ASCII.
N/A
N/A
normal
Hex.
ASCII.
Hex.
Hex for the VLAN ID.
verbose
ASCII for the node
identifier, Ethernet type,
and interface number.
ASCII.
ASCII for the node identifier and
Ethernet type.
Hex for the interface number and
VLAN ID.
If replace is configured as the handling strategy for DHCP requests that contain Option 82, you must
specify the padding mode and padding format for the Circuit ID sub-option. If the handling strategy is
keep or drop, you do not need to specify the padding mode and padding format for the Circuit ID
sub-option.
Examples
# Configure verbose as the padding mode, device name as the node identifier, and ASCII as the
padding format for the Circuit ID sub-option.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping information enable
[Sysname-GigabitEthernet1/0/1] dhcp snooping information strategy replace
[Sysname-GigabitEthernet1/0/1] dhcp snooping information circuit-id verbose
node-identifier sysname format ascii
Related commands
•
dhcp snooping information enable
89
•
dhcp snooping information strategy
•
display dhcp snooping information
dhcp snooping information enable
Use dhcp snooping information enable to enable DHCP snooping to support Option 82.
Use undo dhcp snooping information enable to disable this feature.
Syntax
dhcp snooping information enable
undo dhcp snooping information enable
Default
DHCP snooping does not support Option 82.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command enables DHCP snooping to add Option 82 into DHCP request packets that do not
contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is
determined by the dhcp snooping information circuit-id and dhcp snooping information
remote-id commands. If the received DHCP request packets contain Option 82, DHCP snooping
handles the packets according to the strategy configured with the dhcp snooping information
strategy command.
If this feature is disabled, DHCP snooping forwards requests that contain or do not contain Option 82
to the DHCP server.
Examples
# Enable DHCP snooping to support Option 82.
<Sysname> system-view
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping information enable
Related commands
•
dhcp snooping information circuit-id
•
dhcp snooping information remote-id
•
dhcp snooping information strategy
dhcp snooping information remote-id
Use dhcp snooping information remote-id to configure the padding mode and padding format for
the Remote ID sub-option.
Use undo dhcp snooping information remote-id to restore the default.
Syntax
dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string
remote-id | sysname } }
undo dhcp snooping information remote-id [ vlan vlan-id ]
90
Default
The padding mode is normal and the padding format is hex.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Specifies the VLAN ID as the Remote ID sub-option.
string remote-id: Specifies the string mode that uses a case-sensitive string of 1 to 63 characters as
the content of the Remote ID sub-option.
sysname: Specifies the sysname mode that uses the device name as the Remote ID sub-option.
You can configure the device name by using the sysname command in system view.
normal: Specifies the normal mode. The padding content is the MAC address of the receiving
interface.
format: Sets the padding format for the Remote ID sub-option. The default padding format is hex.
ascii: Sets the padding format to ASCII.
hex: Sets the padding format to hex.
Usage guidelines
DHCP snooping uses ASCII to pad the specified string or device name for the Remote ID sub-option.
The padding format for the normal padding mode is determined by the command configuration.
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Pad the Remote ID sub-option with the character string device001.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping information enable
[Sysname-GigabitEthernet1/0/1] dhcp snooping information strategy replace
[Sysname-GigabitEthernet1/0/1] dhcp snooping information remote-id string device001
Related commands
•
dhcp snooping information enable
•
dhcp snooping information strategy
•
display dhcp snooping information
dhcp snooping information strategy
Use dhcp snooping information strategy to configure the handling strategy for Option 82 in
request messages.
Use undo dhcp snooping information strategy to restore the default.
Syntax
dhcp snooping information strategy { drop | keep | replace }
undo dhcp snooping information strategy
91
Default
The handling strategy for Option 82 in request messages is replace.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
drop: Drops DHCP messages that contain Option 82.
keep: Keeps the original Option 82 intact.
replace: Replaces the original Option 82 with the configured Option 82.
Usage guidelines
This command takes effect only on DHCP requests that contain Option 82.
When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP
requests that do not contain Option 82 before forwarding the requests to the DHCP.
Examples
# Specify the handling strategy for Option 82 in request messages as keep.
<Sysname> system-view
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping information enable
[Sysname-GigabitEthernet1/0/1] dhcp snooping information strategy keep
Related commands
•
dhcp snooping information circuit-id
•
dhcp snooping information remote-id
dhcp snooping max-learning-num
Use dhcp snooping max-learning-num to set the maximum number of DHCP snooping entries for
an interface to learn.
Use undo dhcp snooping max-learning-num to restore the default.
Syntax
dhcp snooping max-learning-num number
undo dhcp snooping max-learning-num
Default
The maximum number of DHCP snooping entries for an interface to learn is not limited.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
number: Sets the maximum number of DHCP snooping entries for an interface to learn. The value
range is 1 to 4294967295.
92
Examples
# Set the maximum number of DHCP snooping entries for the Layer 2 Ethernet interface
GigabitEthernet 1/0/1 to learn to 1000.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping max-learning-num 1000
dhcp snooping rate-limit
Use dhcp snooping rate-limit to set the maximum rate at which an interface can receive DHCP
packets.
Use undo dhcp snooping rate-limit to remove the configured rate limit.
Syntax
dhcp snooping rate-limit rate
undo dhcp snooping rate-limit
Default
Incoming DHCP packets on an interface are not rate limited.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
rate: Sets the maximum rate in Kbps. The value must be an integer multiple of 8 in the range of 64 to
512.
Usage guidelines
This command takes effect only when DHCP snooping is enabled.
With the rate limit feature, the interface discards DHCP packets that exceed the maximum rate.
If you configure this command on a Layer 2 Ethernet interface that is a member port of a Layer 2
aggregate interface, the Layer 2 Ethernet interface uses the DHCP packet maximum rate configured
on the Layer 2 aggregate interface. If the Layer 2 Ethernet interface leaves the aggregation group, it
uses its own DHCP packet maximum rate.
Examples
# Set the maximum rate to 64 Kbps at which the Layer 2 Ethernet interface GigabitEthernet 1/0/1 can
receive DHCP packets.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping rate-limit 64
dhcp snooping trust
Use dhcp snooping trust to configure a port as a trusted port.
Use undo dhcp snooping trust to restore the default state of a port.
Syntax
dhcp snooping trust
93
undo dhcp snooping trust
Default
After you enable DHCP snooping, all ports are untrusted.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
Specify the ports facing the DHCP server as trusted ports and specify the other ports as untrusted
ports so DHCP clients can obtain valid IP addresses.
Examples
# Specify the Layer 2 Ethernet interface GigabitEthernet 1/0/1 as a trusted port.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dhcp snooping trust
Related commands
display dhcp snooping trust
display dhcp snooping binding
Use display dhcp snooping binding to display DHCP snooping entries.
Syntax
display dhcp snooping binding [ ip ip-address [ vlan vlan-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip ip-address: Displays the DHCP snooping entry for the specified IP address.
vlan vlan-id: Specifies the VLAN ID where the IP address resides.
Usage guidelines
If you do not specify any parameters, this command displays all DHCP snooping entries.
Examples
# Display all DHCP snooping entries.
<Sysname> display dhcp snooping binding
2 DHCP snooping entries found
IP address
MAC address
Lease
VLAN
SVLAN Interface
=============== ============== ============ ===== ===== =================
1.1.1.7
0000-0101-0107 16907533
2
3
GE1/0/1
1.1.1.11
0000-0101-010b 16907537
2
3
GE1/0/3
94
Table 18 Command output
Field
Description
DHCP snooping entries found
Number of DHCP snooping entries.
IP address
IP address assigned to the DHCP client.
MAC address
MAC address of the DHCP client.
Lease
Remaining lease duration in seconds.
VLAN
When both DHCP snooping and QinQ are enabled or the DHCP packet
contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise,
it identifies the VLAN where the port connecting the DHCP client resides.
SVLAN
When both DHCP snooping and QinQ are enabled or the DHCP packet
contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise,
it displays N/A.
Interface
Port connected to the DHCP client.
Related commands
•
dhcp snooping enable
•
reset dhcp snooping binding
display dhcp snooping binding database
Use display dhcp snooping binding database to display information about DHCP snooping entry
auto backup.
Syntax
display dhcp snooping binding database
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about DHCP snooping entry auto backup.
<Sysname> display dhcp snooping binding database
File name
:
Username
:
database.dhcp
Password
:
Update interval
:
600 seconds
Latest write time
:
Feb 27 18:48:04 2012
Status
:
Last write succeeded.
Table 19 Command output
Field
Description
File name
Name of the DHCP snooping entry backup file.
Username
Username for logging in to the remote device.
95
Field
Description
Password
Password for logging in to the remote device. This field displays ****** if a
password is configured.
Update interval
Waiting time in seconds after a DHCP snooping entry change for the DHCP
snooping device to update the backup file.
Latest write time
Time of the latest update.
Status
Status of the update:
•
Writing—The backup file is being updated.
•
Last write succeeded—The backup file was successfully updated.
•
Last write failed—The backup file failed to be updated.
display dhcp snooping information
Use display dhcp snooping information to display Option 82 configuration on the DHCP snooping
device.
Syntax
display dhcp snooping information { all | interface interface-type interface-number }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces.
interface interface-type interface-number: Specifies an interface by its type and number.
Examples
# Display Option 82 configuration on all interfaces.
<Sysname> display dhcp snooping information all
Interface: Bridge-Aggregation1
Status: Disable
Strategy: Drop
Circuit ID:
Padding format: User Defined
User defined: abcd
Format: ASCII
Remote ID:
Padding format: Normal
Format: ASCII
VLAN 10:
Circuit ID: abcd
Remote ID: company
96
Table 20 Command output
Field
Description
Interface
Interface name.
Status
Option 82 status, Enable or Disable.
Strategy
Handling strategy for DHCP requests that contain Option 82, Drop, Keep, or
Replace.
Circuit ID
Content of the Circuit ID sub-option.
Padding format
Padding format of Option 82:
•
For Circuit ID sub-option, the padding format can be Normal, User Defined,
Verbose (sysname), Verbose (MAC), or Verbose (user defined).
•
For Remote ID sub-option, the padding format can be Normal, Sysname, or
User Defined.
Node identifier
Access node identifier.
User defined
Content of the user-defined sub-option.
Format
Code type of Option 82 sub-option:
•
For Circuit ID sub-option, the code type can be ASCII, Default, or Hex.
•
For Remote ID sub-option, the code type can be ASCII or Hex.
Remote ID
Content of the Remote ID sub-option.
VLAN
Pads Circuit ID sub-option and Remote ID sub-option in the DHCP packets received
in the specified VLAN.
display dhcp snooping packet statistics
Use display dhcp snooping packet statistics to display DHCP packet statistics for DHCP
snooping.
Syntax
display dhcp snooping packet statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device. The slot-number argument represents the
member ID of the IRF member device in the IRF fabric.
Usage guidelines
If you do not specify the slot slot-number option, this command displays DHCP packet statistics for
the device where the command is executed.
Examples
# Display DHCP packet statistics for DHCP snooping.
<Sysname> display dhcp snooping packet statistics
DHCP packets received
: 100
DHCP packets sent
: 200
97
Invalid DHCP packets dropped
: 0
Related commands
reset dhcp snooping packet statistics
display dhcp snooping trust
Use display dhcp snooping trust to display information about trusted ports.
Syntax
display dhcp snooping trust
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about trusted ports.
<Sysname> display dhcp snooping trust
DHCP snooping is enabled.
Interface
Trusted
=========================
============
GigabitEthernet1/0/1
Trusted
Related commands
dhcp snooping trust
reset dhcp snooping binding
Use reset dhcp snooping binding to clear DHCP snooping entries.
Syntax
reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears all DHCP snooping entries.
ip ip-address: Clears the DHCP snooping entry for the specified IP address.
vlan vlan-id: Clears DHCP snooping entries for the specified VLAN.
Examples
# Clear all DHCP snooping entries.
<Sysname> reset dhcp snooping binding all
98
Related commands
display dhcp snooping binding
reset dhcp snooping packet statistics
Use reset dhcp snooping packet statistics to clear DHCP packet statistics for DHCP snooping.
Syntax
reset dhcp snooping packet statistics [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device. The slot-number argument represents the
member ID of the IRF member device in the IRF fabric.
Usage guidelines
If you do not specify the slot slot-number option, this command clears DHCP packet statistics for the
device where the command is executed.
Examples
# Clear DHCP packet statistics for DHCP snooping.
<Sysname> reset dhcp snooping packet statistics
Related commands
display dhcp snooping packet statistics
BOOTP client commands
display bootp client
Use display bootp client to display information about a BOOTP client.
Syntax
display bootp client [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you do not specify an interface, this command displays BOOTP client information about all
interfaces.
99
Examples
# Display BOOTP client information about VLAN-interface 10.
<Sysname> display bootp client interface vlan-interface 10
Vlan-interface10 BOOTP client information:
Allocated IP: 169.254.0.2 255.255.0.0
Transaction ID: 0x3d8a7431
MAC Address: 00e0-fc0a-c3ef
Table 21 Command output
Field
Vlan-interface10
information
Description
BOOTP
client
Information about the interface that acts as a BOOTP client.
Allocated IP
BOOTP client's IP address allocated by the BOOTP server.
Transaction ID
Value of the XID field in a BOOTP message, which is a random
number chosen when the BOOTP client sends a BOOTP
request to the BOOTP server. It is used to match a response
message from the BOOTP server. If the values of the XID field
are different in the BOOTP response and request, the BOOTP
client drops the BOOTP response.
Mac Address
MAC address of a BOOTP client.
Related commands
ip address bootp-alloc
ip address bootp-alloc
Use ip address bootp-alloc to configure an interface to use BOOTP for IP address acquisition.
Use undo ip address bootp-alloc to cancel an interface from using BOOTP.
Syntax
ip address bootp-alloc
undo ip address bootp-alloc
Default
An interface does not use BOOTP for IP address acquisition.
Views
Interface view
Predefined user roles
network-admin
Examples
# Configure VLAN-interface 10 to use BOOTP for IP address acquisition.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ip address bootp-alloc
Related commands
display bootp client
100
DNS commands
display dns domain
Use display dns domain to display the domain name suffixes.
Syntax
display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other
protocols. If you do not specify this keyword, the command displays the statically configured and
dynamically obtained domain name suffixes.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. To display domain name suffixes on the public network,
do not use this option.
Examples
# Display domain name suffixes on the public network.
<Sysname> display dns domain
Type:
D: Dynamic
S: Static
No.
Type
Domain suffix
1
S
com
2
D
net
Table 22 Command output
Field
Description
No.
Sequence number.
Type
Domain name suffix type:
•
S—A statically configured domain name suffix.
•
D—A domain name suffix dynamically obtained through DHCP or other protocols.
Domain suffix
Domain name suffixes.
Related commands
dns domain
display dns host
Use display dns host to display information about domain name-to-IP address mappings.
101
Syntax
display dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address.
ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6
address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. To display domain name-to-IP address mappings for the
public network, do not use this option.
Usage guidelines
If you do not specify the ip or ipv6 keyword, this command displays domain name-to-IP address
mappings of all query types.
Examples
# Display domain name-to-IP address mappings of all query types.
<Sysname> display dns host
Type:
D: Dynamic
S: Static
Total number: 3
No.
Host name
Type
TTL
Query type
IP addresses
1
sample.com
D
3132
A
192.168.10.1
192.168.10.2
192.168.10.3
2
zig.sample.com
S
-
A
192.168.1.1
3
sample.net
S
-
AAAA
FE80::4904:4448
Table 23 Command output
Field
Description
No.
Sequence number.
Host name
Domain name.
Type
Domain name-to-IP address mapping type:
•
S—A static mapping configured by the ip host or ipv6 host command.
•
D—A mapping dynamically obtained through dynamic domain name
resolution.
TTL
Query type
Time in seconds that a mapping can be stored in the cache.
For a static mapping, a hyphen (-) is displayed.
Query type, type A or type AAAA.
102
Field
Description
IP addresses
Replied IP address:
•
For type A query, the replied IP address is an IPv4 address.
•
For type AAAA query, the replied IP address is an IPv6 address.
Related commands
•
ip host
•
ipv6 host
•
reset dns host
display dns server
Use display dns server to display IPv4 DNS server information.
Syntax
display dns server [ dynamic ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
dynamic: Displays IPv4 DNS server information dynamically obtained through DHCP or other
protocols. If you do not specify this keyword, the command displays statically configured and
dynamically obtained IPv4 DNS server addresses.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. To display IPv4 DNS server information for the public
network, do not use this option.
Examples
# Display IPv4 DNS server information about the public network.
<Sysname> display dns server
Type:
D: Dynamic
S: Static
No. Type
IP address
1
S
202.114.0.124
2
S
169.254.65.125
Table 24 Command output
Field
Description
No.
Sequence number.
Type
DNS server type:
•
S—A manually configured DNS server.
•
D—DNS server information dynamically obtained through DHCP or other
protocols.
103
Field
Description
IP address
IPv4 address of the DNS server.
Related commands
dns server
display ipv6 dns server
Use display ipv6 dns server to display IPv6 DNS server information.
Syntax
display ipv6 dns server [ dynamic ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
dynamic: Displays IPv6 DNS server information dynamically obtained through DHCP or other
protocols. If you do not specify this keyword, the command displays the statically configured and
dynamically obtained IPv6 DNS server information.
vpn-instance vpn-instance-name : Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. To display IPv6 DNS server information for the public
network, do not use this option.
Examples
# Display IPv6 DNS server information about the public network.
<Sysname> display ipv6 dns server
Type:
D: Dynamic
S: Static
No. Type
IPv6 address
1
2::2
S
Outgoing Interface
Table 25 Command output
Field
Description
No.
Sequence number.
Type
DNS server type:
•
S—A manually configured DNS server.
•
D—DNS server information dynamically obtained through DHCP or other
protocols.
IPv6 address
IPv6 address of the DNS server.
Outgoing Interface
Output interface.
Related commands
ipv6 dns server
104
dns domain
Use dns domain to configure a domain name suffix.
Use undo dns domain to delete the specified domain name suffix.
Syntax
dns domain domain-name [ vpn-instance vpn-instance-name ]
undo dns domain domain-name [ vpn-instance vpn-instance-name ]
Default
No domain name suffix is configured. Only the provided domain name is resolved.
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a domain name suffix. It is a dot-separated, case-insensitive string that can
include letters, digits, hyphens (-), underscores (_), and dots (.), for example, aabbcc.com. The
domain name suffix can include at most 253 characters, and each separated string includes no more
than 63 characters.
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a
case-sensitive string of 1 to 31 characters. To specify a domain name suffix on the public network, do
not use this option.
Usage guidelines
A domain name suffix applies to both IPv4 DNS and IPv6 DNS.
You can specify the following:
•
Domain name suffixes for the public network and up to 1024 VPNs.
•
A maximum of 16 domain name suffixes for the public network or each VPN.
The system automatically adds the suffixes in the order they are configured to the domain name
string received from a host for resolution.
Examples
# Configure the domain name suffix com for the public network.
<Sysname> system-view
[Sysname] dns domain com
Related commands
display dns domain
dns dscp
Use dns dscp to set the DSCP value for DNS packets sent by a DNS client or DNS proxy.
Use undo dns dscp to restore the default.
Syntax
dns dscp dscp-value
undo dns dscp
105
Default
The DSCP value in DNS packets is 0.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for outgoing DNS packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission
priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for outgoing DNS packets to 30.
<Sysname> system-view
[Sysname] dns dscp 30
dns proxy enable
Use dns proxy enable to enable DNS proxy.
Use undo dns proxy enable to restore the default.
Syntax
dns proxy enable
undo dns proxy enable
Default
DNS proxy is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This configuration applies to both IPv4 DNS and IPv6 DNS.
Examples
# Enable DNS proxy.
<Sysname> system-view
[Sysname] dns proxy enable
dns server
Use dns server to specify the IPv4 address of a DNS server.
Use undo dns server to remove the specified IPv4 address of a DNS server. If you do not specify an
IPv4 address, the undo dns server command removes all DNS server IPv4 addresses on the public
network or the specified VPN.
106
Syntax
dns server ip-address [ vpn-instance vpn-instance-name ]
undo dns server [ ip-address ] [ vpn-instance vpn-instance-name ]
Default
No DNS server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies an IPv4 address of a DNS server.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. To specify an IPv4 address on the public network, do not
use this option.
Usage guidelines
The device sends DNS query request to the DNS servers in the order their IPv4 addresses are
specified.
You can specify the following:
•
DNS server IPv4 addresses for the public network and up to 1024 VPNs.
•
A maximum of six DNS server IPv4 addresses for the public network or each VPN.
Examples
# Specify the IPv4 address of a DNS server as 172.16.1.1.
<Sysname> system-view
[Sysname] dns server 172.16.1.1
Related commands
display dns server
dns source-interface
Use dns source-interface to specify the source interface for DNS packets.
Use undo dns source-interface to restore the default.
Syntax
dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ]
undo dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ]
Default
No source interface for DNS packets is specified. The device uses the primary IP address of the
output interface of the matching route as the source IP address for a DNS request.
Views
System view
Predefined user roles
network-admin
107
Parameters
interface-type interface-number: Specifies an interface by its type and number.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. To specify a source interface on the public network, do not
use this option.
Usage guidelines
This configuration applies to both IPv4 and IPv6.
•
In IPv4 DNS, the device uses the primary IPv4 address of the specified source interface as the
source IP address of DNS query.
•
In IPv6 DNS, the device follows the procedure defined in RFC 3484 to select an IPv6 address of
the source interface as the source IP address for DNS query.
If you use the command multiple times, the most recent configuration takes effect.
You can specify the following:
•
Source interfaces for the public network and a maximum of 1024 VPNs.
•
Only one source interface for the public network or each VPN.
Make sure the specified interface is on the VPN specified by the vpn-instance vpn-instance-name
option.
Examples
# Specify VLAN-interface 2 as the source interface for DNS packets on the public network.
<Sysname> system-view
[Sysname] dns source-interface vlan-interface 2
dns spoofing
Use dns spoofing to enable DNS spoofing and specify the IPv4 address to spoof DNS query
requests.
Use undo dns spoofing to disable DNS spoofing.
Syntax
dns spoofing ip-address [ vpn-instance vpn-instance-name ]
undo dns spoofing ip-address [ vpn-instance vpn-instance-name ]
Default
DNS spoofing is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IPv4 address used to spoof name query requests.
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a
case-sensitive string of 1 to 31 characters. To enable DNS spoofing on the public network, do not use
this option.
108
Usage guidelines
Use the dns spoofing command together with the dns proxy enable command. DNS spoofing
enables the DNS proxy to send a spoofed reply with a configured IP address even if it cannot reach
the DNS server because no dial-up connection is available. Without DNS spoofing, the proxy does
not answer or forward a DNS request if it cannot find a local matching DNS entry or reach the DNS
server.
You can configure DNS spoofing for the public network and a maximum of 1024 VPNs. You can
specify only one replied IPv4 address on the DNS spoofing device for the public network or each
VPN.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Enable DNS spoofing on the public network and specify the IPv4 address 1.1.1.1 to spoof DNS
requests.
<Sysname> system-view
[Sysname] dns proxy enable
[Sysname] dns spoofing 1.1.1.1
Related commands
dns proxy enable
dns trust-interface
Use dns trust-interface to specify the DNS trusted interface.
Use undo dns trust-interface to remove the specified DNS trusted interface. If you do not specify
an interface, the undo dns trust-interface command removes all DNS trusted interfaces.
Syntax
dns trust-interface interface-type interface-number
undo dns trust-interface [ interface-type interface-number ]
Default
No trusted interface is specified.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
By default, an interface obtains DNS suffix and DNS server information from DHCP. A network
attacker might act as the DHCP server to assign a wrong DNS suffix and DNS server address to the
device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP
address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS
server information obtained through the trusted interface to avoid attack.
This configuration is applicable to both IPv4 and IPv6.
You can configure up to 128 DNS trusted interfaces on the device.
109
Examples
# Specify VLAN-interface 2 as the DNS trusted interface.
<Sysname> system-view
[Sysname] dns trust-interface vlan-interface 2
ip host
Use ip host to create a host name-to-IPv4 address mapping.
Use undo ip host to remove a mapping.
Syntax
ip host host-name ip-address [ vpn-instance vpn-instance-name ]
undo ip host host-name ip-address [ vpn-instance vpn-instance-name ]
Default
No host name-to-IPv4 address mappings are created.
Views
System view
Predefined user roles
network-admin
Parameters
host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include
letters, digits, hyphens (-), underscores (_), and dots (.).
ip-address: Specifies the IPv4 address of the host.
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a
case-sensitive string of 1 to 31 characters. To specify a host name-to-IP address mapping on the
public network, do not specify this option.
Usage guidelines
You can configure the following:
•
Host name-to-IPv4 address mappings for the public network and up to 1024 VPNs.
•
A maximum of 1024 host name-to-IPv4 address mappings for the public network or each VPN.
On the public network or a VPN, each host name maps only to one IPv4 address. If you use the
command multiple times, the most recent configuration takes effect.
Do not use the ping command parameter ip, -a, -c, -f, -h, -i, -m, -n, -p, -q, -r, -s, -t, -tos, -v, or
-vpn-instance as the host name. For more information about the ping command parameters, see
Network Management and Monitoring Command Reference.
Examples
# Map IPv4 address 10.110.0.1 to host name aaa on the public network.
<Sysname> system-view
[Sysname] ip host aaa 10.110.0.1
Related commands
display dns host
110
ipv6 dns dscp
Use ipv6 dns dscp to set the DSCP value for IPv6 DNS packets sent by an IPv6 DNS client or DNS
proxy.
Use undo ipv6 dns dscp to restore the default.
Syntax
ipv6 dns dscp dscp-value
undo ipv6 dns dscp
Default
The DSCP value for IPv6 DNS packets is 0.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for outgoing IPv6 DNS packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission
priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for outgoing IPv6 DNS packets to 30.
<Sysname> system-view
[Sysname] ipv6 dns dscp 30
ipv6 dns server
Use ipv6 dns server to specify the IPv6 address of a DNS server.
Use undo ipv6 dns server to remove the specified DNS server IPv6 address. If you do not specify
an IPv6 address, the undo ipv6 dns server command removes all DNS server IPv6 addresses on
the public network or the specified VPN.
Syntax
ipv6 dns server
vpn-instance-name ]
ipv6-address
[
interface-type
interface-number
]
[
vpn-instance
undo ipv6 dns server [ ipv6-address [ interface-type interface-number ] ] [ vpn-instance
vpn-instance-name ]
Default
No DNS server IPv6 address is specified.
Views
System view
Predefined user roles
network-admin
111
Parameters
ipv6-address: Specifies the IPv6 address of a DNS server.
interface-type interface-number: Specifies the output interface by its type and number. If you do not
specify an interface, the device forwards DNS packets out of the output interface of the matching
route. You must specify the output interface when the IPv6 address of the DNS server is a link-local
address.
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a
case-sensitive string of 1 to 31 characters. To specify a DNS server IPv6 address on the public
network, do not use this option.
Usage guidelines
For dynamic DNS, the device sends DNS query request to the IPv6 DNS servers in the order their
IPv6 addresses are specified.
You can specify the following:
•
DNS server IPv6 addresses for the public network and up to 1024 VPNs.
•
A maximum of six DNS server IPv6 addresses for the public network or each VPN.
Examples
# Specify the DNS server IPv6 address as 2002::1 for the public network.
<Sysname> system-view
[Sysname] ipv6 dns server 2002::1
Related commands
display ipv6 dns server
ipv6 dns spoofing
Use ipv6 dns spoofing to enable DNS spoofing and specify the translated IPv6 address.
Use undo ipv6 dns spoofing to disable DNS spoofing.
Syntax
ipv6 dns spoofing ipv6-address [ vpn-instance vpn-instance-name ]
undo ipv6 dns spoofing ipv6-address [ vpn-instance vpn-instance-name ]
Default
DNS spoofing is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address used to spoof name query requests.
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a
case-sensitive string of 1 to 31 characters. To enable DNS spoofing on the public network, do not use
this option.
Usage guidelines
Use the ipv6 dns spoofing command together with the dns proxy enable command.
112
DNS spoofing enables the DNS proxy on the device to send a spoofed reply with an IPv6 address in
response to a type AAAA DNS request. Without DNS spoofing, the device does not forward or
answer a request if no DNS server is specified or no DNS server is reachable.
You can configure DNS spoofing for the public network and a maximum of 1024 VPNs. You can
specify only one replied IPv6 address for the public network or each VPN.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Enable DNS spoofing on the public network and specify 2001::1 as the translated IPv6 address.
<Sysname> system-view
[Sysname] dns proxy enable
[Sysname] ipv6 dns spoofing 2001::1
Related commands
dns proxy enable
ipv6 host
Use ipv6 host to create a host name-to-IPv6 address mapping.
Use undo ipv6 host to remove a mapping.
Syntax
ipv6 host host-name ipv6-address [ vpn-instance vpn-instance-name ]
undo ipv6 host host-name ipv6-address [ vpn-instance vpn-instance-name ]
Default
No host name-to-IPv6 address mappings are created.
Views
System view
Predefined user roles
network-admin
Parameters
host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include
letters, digits, hyphens (-), underscores (_), and dots (.).
ipv6-address: Specifies the IPv6 address of the host.
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a
case-sensitive string of 1 to 31 characters. To create a host name-to-IPv6 address mapping on the
public network, do not use this option.
Usage guidelines
You can configure the following:
•
Host name-to-IPv6 address mappings for the public network and up to 1024 VPNs.
•
A maximum of 1024 host name-to-IPv6 address mappings for the public network or each VPN.
For the public network or a VPN, each host name maps only to one IPv6 address. If you use the
command multiple times, the most recent configuration takes effect.
Do not use the ping ipv6 command parameter -a, -c, -i, -m, -q, -s, -t, -tc, -v, or -vpn-instance as the
host name. For more information about the ping ipv6 command parameters, see Network
Management and Monitoring Command Reference.
113
Examples
# Map IPv6 address 2001::1 to host name aaa on the public network.
<Sysname> system-view
[Sysname] ipv6 host aaa 2001::1
Related commands
ip host
reset dns host
Use reset dns host to clear dynamic DNS entries.
Syntax
reset dns host [ ip | ipv6 ] [ vpn-instance vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
Parameters
ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address.
ipv6: Specifies type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6
address.
vpn-instance vpn-instance-name: Specifies the name of an MPLS L3VPN instance, a
case-sensitive string of 1 to 31 characters. If you do not specify a VPN, this command clears
dynamic DNS entries for the public network.
Usage guidelines
If you do not specify the ip or ipv6 keyword, the reset dns host command clears dynamic DNS
entries of all query types.
Examples
# Clear dynamic DNS entries of all query types for the public network.
<Sysname> reset dns host
Related commands
display dns host
114
DDNS commands
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN
interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by
using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
ddns apply policy
Use ddns apply policy to apply a DDNS policy to an interface to update the mapping between the
FQDN and the primary IP address of the interface, and to enable DDNS update.
Use undo ddns apply policy to remove the application of a DDNS policy from an interface and to
stop DDNS update.
Syntax
ddns apply policy policy-name [ fqdn domain-name ]
undo ddns apply policy policy-name
Default
No DDNS policy and FQDN for update are specified on the interface, and DDNS update is disabled.
Views
Interface view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters.
fqdn domain-name: Specifies the FQDN to replace <h> in the URL for DDNS update. The
domain-name argument specifies a case-insensitive string of 1 to 253 characters. It can include
letters, digits, hyphens (-), underscores (_), and dots (.).
Usage guidelines
You can apply up to four DDNS policies to an interface.
If you use the ddns apply policy command multiple times with the same DDNS policy name but
different FQDNs, both of the following occur:
•
The most recent configuration takes effect.
•
The device initiates a DDNS update request immediately.
Examples
# Apply the DDNS policy steven_policy to VLAN-interface 2 to update the domain name to IP
address mapping for FQDN www.whatever.com and enable DDNS update.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ddns apply policy steven_policy fqdn www.whatever.com
Related commands
•
ddns policy
•
display ddns policy
115
ddns dscp
Use ddns dscp to set the DSCP value for outgoing DDNS packets.
Use undo ddns dscp to restore the default.
Syntax
ddns dscp dscp-value
undo ddns dscp
Default
The DSCP value for outgoing DDNS packets is 0.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for outgoing DDNS packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission
priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for outgoing DDNS packets to 30.
<Sysname> system-view
[Sysname] ddns dscp 30
ddns policy
Use ddns policy to create a DDNS policy and enter its view.
Use undo ddns policy to delete a DDNS policy.
Syntax
ddns policy policy-name
undo ddns policy policy-name
Default
No DDNS policy is created.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
You can create up to 16 DDNS policies on the device.
116
Examples
# Create a DDNS policy steven_policy and enter its view.
<Sysname> system-view
[Sysname] ddns policy steven_policy
Related commands
•
ddns apply policy
•
display ddns policy
display ddns policy
Use display ddns policy to display information about DDNS policies.
Syntax
display ddns policy [ policy-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
policy-name: Specifies the DDNS policy name, a case-insensitive string of 1 to 32 characters. If you
do not specify a DDNS policy, this command displays information about all DDNS policies.
Examples
# Display information about the DDNS policy steven_policy.
<Sysname> display ddns policy steven_policy
DDNS policy: steven_policy
URL
: http://members.3322.org/dyndns/update?
Username
: steven
Password
: ******
Method
: GET
system=dyndns&hostname=<h>&myip=<a>
SSL client policy:
Interval
: 1 days 0 hours 1 minutes
# Display information about all DDNS policies.
<Sysname> display ddns policy
DDNS policy: steven_policy
URL
: http://members.3322.org/dyndns/update?system=
dyndns&hostname=<h>&myip=<a>
Username
: steven
Password
: ******
Method
: GET
SSL client policy:
Interval
: 0 days 0 hours 30 minutes
DDNS policy: tom-policy
117
URL
: http://members.3322.org/dyndns/update?system=
Username
:
dyndns&hostname=<h>&myip=<a>
Password
:
Method
: GET
SSL client policy:
Interval
: 0 days 0 hours 15 minutes
DDNS policy: u-policy
URL
: oray://phservice2.oray.net
Username
: username
Password
:
Method
: -
SSL client policy:
Interval
: 0 days 0 hours 15 minutes
Table 26 Command output
Field
Description
DDNS policy
DDNS policy name.
URL
URL address for a DDNS update request. This field is blank if no URL address is
configured.
Username
Username to be included in the URL address for DDNS update requests. This field is
blank if no username is configured.
Password
Password to be included in the URL address for DDNS update requests. This field is
blank if no password is configured and displays ****** if a password is configured.
Method
Parameter transmission method used to send HTTP/HTTPS-based DDNS update
requests.
Method types include GET and POST.
SSL client policy
Name of the associated SSL client policy. This field is blank if no SSL client policy is
associated.
Interval
Interval for sending DDNS update requests.
Related commands
ddns policy
interval
Use interval to specify the interval for sending DDNS update requests after DDNS update is
enabled.
Use undo interval to restore the default value.
Syntax
interval days [ hours [ minutes ] ]
undo interval
Default
The DDNS update request interval is one hour.
118
Views
DDNS policy view
Predefined user roles
network-admin
Parameters
days: Days in the range of 0 to 365.
hours: Hours in the range of 0 to 23.
minutes: Minutes in the range of 0 to 59.
Usage guidelines
A DDNS update request is initiated immediately after the primary IP address of the interface changes
or the link state of the interface changes from down to up.
If you set the interval to 0, the device does not periodically initiate any DDNS update request.
However, it initiates a DDNS update request in either of the following situations:
•
When the primary IP address of the interface changes.
•
When the link state of the interface changes from down to up.
If you use the interval command multiple times with different time intervals, the most recent
configuration takes effect. If you change the interval for an applied DDNS policy, the device
immediately initiates a DDNS update request and sets the interval as the update interval.
Examples
# Set the interval for sending DDNS update requests to one day and one minute for the DDNS policy
steven_policy.
<Sysname> system-view
[Sysname] ddns policy steven_policy
[Sysname-ddns-policy-steven_policy] interval 1 0 1
Related commands
•
ddns policy
•
display ddns policy
method
Use method to specify the parameter transmission method for sending DDNS update requests to
HTTP/HTTPS-based DDNS servers.
Use undo method to restore the default.
Syntax
method { http-get | http-post }
undo method
Default
The method http-get applies.
Views
DDNS policy view
Predefined user roles
network-admin
119
Parameters
http-get: Uses the get operation.
http-post: Uses the post operation.
Usage guidelines
This command applies to DDNS updates in HTTP/HTTPS. If the DDNS server uses HTTP or HTTPS
service, choose a parameter transmission method compatible with the DDNS server. For example, a
DHS server supports the http-post method.
If the DDNS policy has been applied to an interface, a DDNS update is sent immediately after the
parameter transmission is changed.
Examples
# Specify the parameter transmission method as http-post for DDNS update request for DDNS
policy steven_policy.
<Sysname> system-view
[Sysname] ddns policy steven_policy
[Sysname-ddns-policy-steven_policy] method http-post
Related commands
•
ddns policy
•
display ddns policy
password
Use password to specify the password to be included in the URL address for DDNS update
requests.
Use undo password to remove the password.
Syntax
password { cipher | simple } password
undo password
Default
No password is specified for the URL address.
Views
DDNS policy view
Predefined user roles
network-admin
Parameters
cipher: Sets a ciphertext password.
simple: Sets a plaintext password.
password: Specifies a case-sensitive password string. If simple is specified, it must be a string of 1
to 32 characters. If cipher is specified, it must be a string of 1 to 73 characters.
Usage guidelines
For security purposes, all passwords, including passwords configured in plain text, are saved in
ciphertext.
120
Examples
# Specify the login password as nevets to be included in the URL address for update requests of
DDNS policy steven_policy.
<Sysname> system-view
[Sysname] ddns policy steven_policy
[Sysname-ddns-policy-steven_policy] password simple nevets
Related commands
•
ddns policy
•
display ddns policy
•
url
•
username
ssl-client-policy
Use ssl-client-policy to associate an SSL client policy with a DDNS policy.
Use undo ssl-client-policy to cancel the association of an SSL client policy with a DDNS policy.
Syntax
ssl-client-policy policy-name
undo ssl-client-policy
Default
No SSL client policy is associated with any DDNS policy.
Views
DDNS policy view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the SSL client policy name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
The SSL client policy is effective only for HTTPS-based DDNS update requests.
If you use the ssl-client-policy command multiple times with different SSL client policies, the most
recent configuration takes effect.
Examples
# Associate the SSL client policy ssl_policy with the DDNS policy steven_policy.
<Sysname> system-view
[Sysname] ddns policy steven_policy
[Sysname-ddns-policy-steven_policy] ssl-client-policy ssl_policy
Related commands
•
ddns policy
•
display ddns policy
•
ssl-client-policy (Security Command Reference)
121
url
Use url to specify the URL address for DDNS update requests.
Use undo url to delete the URL address.
Syntax
url request-url
undo url
Default
No URL address is specified for DDNS update requests.
Views
DDNS policy view
Predefined user roles
network-admin
Parameters
request-url: Specifies the URL address, a case-sensitive string of 1 to 240 characters.
Usage guidelines
The URL addresses configured for update requests vary by DDNS server. Common DDNS server
URL address format are shown in Table 27.
Table 27 Common URL addresses for DDNS update request
DDNS server
URL addresses for DDNS update requests
www.3322.org
http://members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<
a>
DYNDNS
http://members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
DYNS
http://www.dyns.cx/postscript.php?host=<h>&ip=<a>
ZONEEDIT
http://dynamic.zoneedit.com/auth/dynamic.html?host=<h>&dnsto=<a>
TZO
http://cgi.tzo.com/webclient/signedon.html?TZOName=<h>IPAddress=<a>
EASYDNS
http://members.easydns.com/dyn/ez-ipupdate.php?action=edit&myip=<a>&host_id
=<h>
HEIPV6TB
http://dyn.dns.he.net/nic/update?hostname=<h>&myip=<a>
CHANGE-IP
http://nic.changeip.com/nic/update?hostname=<h>&offline=1
NO-IP
http://dynupdate.no-ip.com/nic/update?hostname=<h>&myip=<a>
DHS
http://members.dhs.org/nic/hosts?domain=dyn.dhs.org&hostname=<h>&hostscmd=
edit&hostscmdstage=2&type=1&ip=<a>
HP
https://server-name/nic/update?group=group-name&myip=<a>
ODS
ods://update.ods.org
GNUDIP
gnudip://server-name
PeanutHull
oray://phservice2.oray.net
No username or password is included in the URL address. To configure the username and
password, use the username command and the password command.
122
HP and GNUDIP are common DDNS update protocols. The server-name parameter is the domain
name or IP address of the service provider's server using one of the update protocols.
The URL address for an update request can start with:
•
http://—The HTTP-based DDNS server.
•
https://—The HTTPS-based DDNS server.
•
ods://—The TCP-based ODS server.
•
gnudip://—The TCP-based GNUDIP server.
•
oray://—The TCP-based DDNS server.
The domain names of DDNS servers are members.3322.org and phservice2.oray.net. The domain
names of PeanutHull DDNS servers can be phservice2.oray.net, phddns60.oray.net, client.oray.net,
ph031.oray.net, and so on. Determine the domain name in the URL according to the actual situation.
The port number in the URL address is optional. If you do not specify a port number, the default port
number is used. HTTP uses port 80, HTTPS uses port 443, and the PeanutHull server uses port
6060.
The system automatically performs the following tasks:
•
Fills <h> with the FQDN that is specified when the DDNS policy is applied to the interface.
•
Fills <a> with the primary IP address of the interface to which the DDNS policy is applied.
You can also manually specify an FQDN and an IP address in <h> and <a>, respectively. In this
case, the FQDN that is specified when the DDNS policy is applied to an interface will not take effect.
As a best practice, do not manually change the <h> and <a> because your configuration might be
incorrect.
You cannot specify an FQDN and IP address in the URL address for contacting the PeanutHull
server. Alternatively, you can specify an FQDN when applying the DDNS policy to an interface. The
system automatically uses the primary IP address of the interface to which the DDNS policy is
applied as the IP address for DDNS update.
To avoid misinterpretation, do not include colons (:), at signs (@), and question marks (?) in your
login ID or password, even if you can do so.
If you use the url command multiple times with different URL addresses, the most recent
configuration takes effect.
Examples
# Specify the URL address for DDNS policy steven_policy with login ID steven and password
nevets. The device contacts www.3322.org for DDNS update.
<Sysname> system-view
[Sysname] ddns policy steven_policy
[Sysname-ddns-policy-steven_policy] url http://
members.3322.org/dyndns/update?system=dyndns&hostname=<h>&myip=<a>
Related commands
•
ddns policy
•
display ddns policy
•
password
•
username
username
Use username to specify the username to be included in the URL address for DDNS update
requests.
123
Use undo username to remove the username.
Syntax
username username
undo username
Default
No username is specified for the URL address.
Views
DDNS policy view
Predefined user roles
network-admin
Parameters
username: Specifies the username, a case-sensitive string of 1 to 32 characters.
Examples
# Specify the username as steven to be included in the URL address for update requests of DDNS
policy steven_policy.
<Sysname> system-view
[Sysname] ddns policy steven_policy
[Sysname-ddns-policy-steven_policy] username steven
Related commands
•
ddns policy
•
display ddns policy
•
password
•
url
124
Basic IP forwarding commands
display fib
Use display fib to display FIB entries.
Syntax
display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance vpn-instance-name: Displays the FIB table for the specified VPN. The
vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a
VPN, this command displays the FIB entries of the public network.
ip-address: Displays the FIB entry that matches the specified destination IP address.
mask: Specifies the mask for the IP address.
mask-length: Specifies the mask length for the IP address, the number of consecutive ones in the
mask. The value range is 0 to 32.
Usage guidelines
Each FIB entry contains a destination IP address/mask, next hop, and output interface.
If you specify an IP address without a mask or mask length, this command displays the longest
matching FIB entry.
If you specify an IP address and a mask or mask length, this command displays the exactly matching
FIB entry.
Examples
# Display all FIB entries of the public network.
<Sysname> display fib
Destination count: 9 FIB entry count: 9
Flag:
U:Useable
G:Gateway
R:Relay
F:FRR
H:Host
B:Blackhole
D:Dynamic
S:Static
Destination/Mask
Nexthop
Flag
OutInterface/Token
Label
0.0.0.0/32
127.0.0.1
UH
InLoop0
Null
127.0.0.0/8
127.0.0.1
U
InLoop0
Null
127.0.0.0/32
127.0.0.1
UH
InLoop0
Null
127.0.0.1/32
127.0.0.1
UH
InLoop0
Null
127.255.255.255/32 127.0.0.1
UH
InLoop0
Null
192.168.0.0/24
U
M-GE0/0/0
Null
192.168.0.63
125
192.168.0.0/32
192.168.0.63
UBH
M-GE0/0/0
Null
192.168.0.2/32
192.168.0.2
UH
M-GE0/0/0
Null
192.168.0.3/32
192.168.0.3
UH
M-GE0/0/0
Null
# Display the FIB entries for VPN vpn1.
<Sysname> display fib vpn-instance vpn1
Destination count: 8 FIB entry count: 8
Flag:
U:Useable
G:Gateway
R:Relay
F:FRR
H:Host
B:Blackhole
D:Dynamic
S:Static
Destination/Mask
Nexthop
Flag
OutInterface/Token
Label
0.0.0.0/32
127.0.0.1
UH
InLoop0
Null
20.20.20.0/24
20.20.20.25
U
GE1/0/2
Null
20.20.20.0/32
20.20.20.25
UBH
GE1/0/2
Null
20.20.20.25/32
127.0.0.1
UH
InLoop0
20.20.20.25/32
20.20.20.25
H
GE1/0/2
20.20.20.255/32
20.20.20.25
UBH
GE1/0/2
Null
30.30.30.0/24
30.30.30.30
U
GE1/0/2
Null
30.30.30.0/32
30.30.30.30
UBH
GE1/0/8
Null
Null
Null
# Display the FIB entries matching the destination IP address 10.2.1.1.
<Sysname> display fib 10.2.1.1
Destination count: 1 FIB entry count: 1
Flag:
U:Useable
G:Gateway
R:Relay
F:FRR
H:Host
B:Blackhole
D:Dynamic
S:Static
Destination/Mask
Nexthop
Flag
OutInterface/Token
Label
10.2.1.1/32
127.0.0.1
UH
InLoop0
Null
Table 28 Command output
Field
Description
Destination count
Total number of destination addresses.
FIB entry count
Total number of FIB entries.
Destination/Mask
Destination address/mask length.
Nexthop
Next hop address.
Flag
Flags of routes:
•
U—Usable route.
•
G—Gateway route.
•
H—Host route.
•
B—Blackhole route.
•
D—Dynamic route.
•
S—Static route.
•
R—Relay route.
•
F—Fast reroute.
126
Field
Description
OutInterface/Token
Output interface/LSP index number.
Label
Inner label.
127
Load sharing commands
ip load-sharing local-first enable
Use ip load-sharing local-first enable to enable local-first load sharing.
Use undo ip load-sharing local-first enable to disable local-first load sharing.
Syntax
ip load-sharing local-first enable
undo ip load-sharing local-first enable
Default
Local-first load sharing is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Local-first load sharing takes effect only in an IRF fabric.
Examples
# Disable local-first load sharing.
<Sysname> system-view
[Sysname] undo ip load-sharing local-first enable
ip load-sharing mode per-flow
Use ip load-sharing mode per-flow to configure per-flow load sharing.
Use undo ip load-sharing mode per-flow to restore the default.
Syntax
ip load-sharing mode per-flow [ algorithm algorithm-number | [ dest-ip | dest-port | ingress-port
| ip-pro | src-ip | src-port ] * ] [ slot slot-number ]
undo ip load-sharing mode [ slot slot-number ]
Default
The device performs per-flow load sharing based on the source IP address, destination IP address,
source port, destination port, IP protocol number, ingress port, and VLAN.
Views
System view
Predefined user roles
network-admin
128
Parameters
algorithm algorithm-number: Enables flow-based load sharing algorithm switching. The
algorithm-number argument specifies the algorithm to be switched, and is in the range of 0 to 8.
Value 0 indicates the default algorithm.
dest-ip: Identifies flows by destination IP address.
dest-port: Identifies flows by destination port.
ingress-port: Identifies flows by ingress port.
ip-pro: Identifies flows by protocol ID.
src-ip: Identifies flows by source IP address.
src-port: Identifies flows by source port.
slot slot-number: Specifies an IRF member device by its member ID.
Examples
# Configure per-flow load sharing on IRF member device 2.
<Sysname> system-view
[Sysname] ip load-sharing mode per-flow slot 2
129
Fast forwarding commands
display ip fast-forwarding aging-time
Use display ip fast-forwarding aging-time to display the aging time of fast forwarding entries.
Syntax
display ip fast-forwarding aging-time
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the aging time of fast forwarding entries.
<Sysname> display ip fast-forwarding aging-time
Aging time: 30s
Related commands
ip fast-forwarding aging-time
display ip fast-forwarding cache
Use display ip fast-forwarding cache to display fast forwarding table information.
Syntax
display ip fast-forwarding cache [ ip-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip-address: Specifies an IP address. If you do not specify the ip-address argument, this command
displays all fast forwarding entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify this option,
the command displays fast forwarding entries on all member devices.
Usage guidelines
This command displays fast forwarding entries. Each entry includes the source IP address, source
port number, destination IP address, destination port number, protocol number, input and output
interfaces, and internal tag of a data flow.
Examples
# Display all fast forwarding entries.
<Sysname> display ip fast-forwarding cache
130
Total number of fast-forwarding entries: 2
SIP
SPort DIP
DPort Pro Input_If
Output_If
Flg
192.168.0.71
23
192.168.0.18
3313
6
InLoop0
M-GE0/0/0
1
192.168.0.18
3313
192.168.0.71
23
6
M-GE0/0/0
InLoop0
1
Table 29 Command output
Field
Description
SIP
Source IP address.
SPort
Source port number.
DIP
Destination IP address.
DPort
Destination port number.
Pro
Protocol number.
Input interface type and number.
Input_If
If no interface is involved in fast forwarding, this field displays N/A.
If the input interface does not exist, this field displays a hyphen (-).
Output interface type and number.
Output_If
If no interface is involved in fast forwarding, this field displays N/A.
If the output interface does not exist, this field displays a hyphen (-).
Flg
Internal tag, marking internal operation information, such as fragmentation.
Related commands
reset ip fast-forwarding cache
display ip fast-forwarding fragcache
Use display ip fast-forwarding fragcache to display fast forwarding table information for
fragmented packets.
Syntax
display ip fast-forwarding fragcache [ ip-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ip-address: Specifies an IP address. If you do not specify this argument, this command displays fast
forwarding entries for all fragmented packets.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify this option,
the command displays fast forwarding entries for the fragmented packets on all member devices.
Usage guidelines
This command displays fast forwarding entries for fragmented packets. Each entry includes the
source IP address, source port number, destination IP address, destination port number, protocol
number, input interface, and fragment ID.
131
Examples
# Display fast forwarding table information about all fragmented packets.
<Sysname> display ip fast-forwarding fragcache
Total number of fragment fast-forwarding entries: 2
SIP
SPort DIP
DPort Pro Input_If
ID
7.0.0.13
68
8.0.0.1
67
17
InLoop0
2
8.0.0.1
67
7.0.0.13
68
17
M-GE0/0/0
3
Table 30 Command output
Field
Description
SIP
Source IP address.
SPort
Source port number.
DIP
Destination IP address.
DPort
Destination port number.
Pro
Protocol number.
Input interface type and number.
Input_If
If no interface is involved in fast forwarding, this field displays N/A.
If the input interface does not exist, this field displays a hyphen (-).
ID
Fragment ID.
Related commands
reset ip fast-forwarding cache
ip fast-forwarding aging-time
Use ip fast-forwarding aging-time to configure the aging time of fast forwarding entries.
Use undo ip fast-forwarding aging-time to restore the default.
Syntax
ip fast-forwarding aging-time aging-time
undo ip fast-forwarding aging-time
Default
The aging time of fast forwarding entries is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the aging time for fast forwarding entries, in the range of 10 to 300 seconds.
Examples
# Set the aging time of fast forwarding entries to 20 seconds.
<Sysname> system-view
[Sysname] ip fast-forwarding aging-time 20
132
Related commands
display ip fast-forwarding aging-time
ip fast-forwarding load-sharing
Use ip fast-forwarding load-sharing to enable fast-forwarding load sharing.
Use undo ip fast-forwarding load-sharing to disable fast-forwarding load sharing.
Syntax
ip fast-forwarding load-sharing
undo ip fast-forwarding load-sharing
Default
Fast-forwarding load sharing is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Fast-forwarding load sharing enables the device to identify a data flow by using the five-tuple (source
IP, source port, destination IP, destination port, and protocol). The device then forwards packets of
the same flow to implement load sharing.
If fast-forwarding load sharing is disabled, the device identifies a data flow by the five-tuple and the
input interface. No load sharing is implemented.
Examples
# Enable fast-forwarding load sharing.
<Sysname> system-Views
[Sysname] ip fast-forwarding load-sharing
reset ip fast-forwarding cache
Use reset ip fast-forwarding cache to clear fast forwarding table information.
Syntax
reset ip fast-forwarding cache [ slot slot-number ]
Views
User view
Predefined use roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify this option,
the command clears fast forwarding table information on all IRF member devices.
Examples
# Clear fast forwarding table information.
<Sysname> reset ip fast-forwarding cache
133
Related commands
•
display ip fast-forwarding cache
•
display ip fast-forwarding fragcache
134
IRDP commands
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN
interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by
using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
ip irdp
Use ip irdp to enable IRDP on an interface.
Use undo ip irdp to disable IRDP on an interface.
Syntax
ip irdp
undo ip irdp
Default
IRDP is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
After IRDP is enabled on an interface, the IRDP configuration takes effect, and the device sends RA
messages out of the interface.
Examples
# Enable IRDP on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp
ip irdp address
Use ip irdp address to specify an IP address to be proxy-advertised by an interface.
Use undo ip irdp address to remove the proxy-advertised IP address.
Syntax
ip irdp address ip-address preference-value
undo ip irdp address [ ip-address ]
Default
No proxy-advertised IP address is specified.
Views
Interface view
Predefined user roles
network-admin
135
Parameters
ip-address: Specifies an IP address in dotted decimal notation.
preference-value: Specifies the preference for the proxy-advertised IP address, in the range of –
2147483648 to 2147483647.
Usage guidelines
You can specify a maximum of four proxy-advertised IP addresses on an interface. An RA sent on an
interface includes the IP addresses of the interface and the proxy-advertised IP addresses.
If you do not specify any IP address for the undo command, the command removes the
proxy-advertised IP addresses from all interfaces.
Examples
# Specify the IP address 192.168.0.8 and its preference 1600 for VLAN-interface 100 to
proxy-advertise.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp address 192.168.0.8 1600
Related commands
ip irdp
ip irdp lifetime
Use ip irdp lifetime to set the lifetime of IP addresses advertised on an interface.
Use undo ip irdp lifetime to restore the default.
Syntax
ip irdp lifetime lifetime-value
undo ip irdp lifetime
Default
The lifetime is 1800 seconds.
Views
Interface view
Predefined user roles
network-admin
Parameters
lifetime-value: Specifies the lifetime in seconds, in the range of 4 to 9000.
Usage guidelines
The lifetime of IP addresses cannot be shorter than the maximum advertising interval on an
interface.
The specified lifetime applies to all advertised IP addresses, including the IP addresses of the
interface and proxy-advertised IP addresses on the interface.
Examples
# Set the lifetime of IP addresses advertised on VLAN-interface 100 to 2000 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp lifetime 2000
136
Related commands
•
ip irdp
•
ip irdp interval
ip irdp interval
Use ip irdp interval to set the maximum and minimum intervals for advertising RAs on an interface.
Use undo ip irdp interval to restore the default.
Syntax
ip irdp interval max-interval-value [ min-interval-value ]
undo ip irdp interval
Default
The maximum advertising interval is 600 seconds, and the minimum advertising interval is 3/4 of the
maximum advertising interval.
Views
Interface view
Predefined user roles
network-admin
Parameters
max-interval-value: Specifies the maximum advertising interval in seconds, in the range of 4 to 1800.
min-interval-value: Specifies the minimum advertising interval in seconds, in the range of 3 to
max-interval-value.
Usage guidelines
The device periodically broadcasts or multicasts an RA at a random interval between the maximum
and minimum advertising interval.
The maximum advertising interval cannot be longer than the lifetime of advertised IP addresses.
Otherwise, the lifetime is automatically adjusted to a value three times the maximum interval.
Examples
# On VLAN-interface 100, set the maximum advertising interval to 500 seconds and the minimum
advertising interval to 300 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp interval 500 300
Related commands
•
ip irdp
•
ip irdp lifetime
ip irdp multicast
Use ip irdp multicast to specify the multicast address 224.0.0.1 as the destination IP address of
RAs sent on an interface.
Use undo ip irdp multicast to restore the default.
137
Syntax
ip irdp multicast
undo ip irdp multicast
Default
The destination IP address is 255.255.255.255.
Views
Interface view
Predefined user roles
network-admin
Examples
# Specify the multicast address 224.0.0.1 as the destination IP address for VLAN-interface 100 to
send RAs.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp multicast
Related commands
ip irdp
ip irdp preference
Use ip irdp preference to specify the preference of advertised primary and secondary IP addresses
on an interface.
Use undo ip irdp preference to restore the default.
Syntax
ip irdp preference preference-value
undo ip irdp preference
Default
The preference of advertised IP addresses is 0.
Views
Interface view
Predefined user roles
network-admin
Parameters
preference-value: Specifies the preference in the range of –2147483648 to 2147483647. A larger
value represents a higher preference. To request neighboring hosts to not use any advertised IP
address as the default gateway, set the value to the minimum value (–2147483648).
Examples
# Specify preference 1 for IP addresses advertised on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp preference 1
138
Related commands
ip irdp
139
IP performance optimization commands
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN
interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by
using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display icmp statistics
Use display icmp statistics to display ICMP statistics.
Syntax
display icmp statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
ICMP statistics include information about received and sent ICMP packets.
Examples
# Display ICMP statistics.
<Sysname> display icmp statistics
Input: bad formats
echo
0
bad checksum
0
175
destination unreachable 0
source quench 0
redirects
0
echo replies
201
parameter problem
0
timestamp
0
information requests
0
mask requests 0
mask replies
0
time exceeded 0
invalid type
0
router advert 0
router solicit
0
broadcast/multicast echo requests ignored
0
broadcast/multicast timestamp requests ignored
0
Output: echo
0
destination unreachable 0
source quench 0
redirects
0
echo replies
175
parameter problem
0
timestamp
0
information replies
0
mask requests 0
mask replies
0
time exceeded 0
bad address
0
packet error
router advert
3
1442
display ip statistics
Use display ip statistics to display IP packet statistics.
140
Syntax
display ip statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
IP statistics include information about received and sent packets and reassembly.
Examples
# Display IP packet statistics.
<Sysname> display ip statistics
Input:
Output:
sum
7120
local
112
bad protocol
0
bad format
0
bad checksum
0
bad options
0
forwarding
0
local
27
dropped
0
no route
2
output
0
compress fails 0
Fragment:input
0
dropped
0
fragmented
0
couldn't fragment 0
0
timeouts
Reassembling:sum
0
Table 31 Command output
Field
Description
sum
Total number of packets received.
local
Total number of packets destined for the device.
bad protocol
Total number of unknown protocol packets.
bad format
Total number of packets with incorrect format.
bad checksum
Total number of packets with incorrect checksum.
bad options
Total number of packets with incorrect option.
forwarding
Total number of packets forwarded.
local
Total number of packets locally sent.
dropped
Total number of packets discarded.
no route
Total number of packets for which no route is available.
compress fails
Total number of packets failed to be compressed.
input
Total number of fragments received.
Input
Output
Fragment
141
Field
Description
output
Total number of fragments sent.
dropped
Total number of fragments dropped.
fragmented
Total number of packets successfully fragmented.
couldn't fragment
Total number of packets failed to be fragmented.
sum
Total number of packets reassembled.
timeouts
Total number of reassembly timeouts.
Reassembling
Related commands
•
display ip interface
•
reset ip statistics
display rawip
Use display rawip to display brief information about RawIP connections.
Syntax
display rawip [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID..
Usage guidelines
Brief RawIP connection information includes local and peer addresses, protocol, and PCB.
Examples
# Display brief information about RawIP connections.
<Sysname> display rawip
Local Addr
Foreign Addr
Protocol
Slot
PCB
0.0.0.0
0.0.0.0
1
1
0x0000000000000009
0.0.0.0
0.0.0.0
1
1
0x0000000000000008
0.0.0.0
0.0.0.0
1
1
0x0000000000000002
Table 32 Command output
Field
Description
Local Addr
Local IP address.
Foreign Addr
Peer IP address.
Protocol
Protocol number.
Slot
ID of the IRF member device.
PCB
Protocol control block.
142
display rawip verbose
Use display rawip verbose to display detailed information about RawIP connections.
Syntax
display rawip verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pcb pcb-index: Specifies a PCB by its index in the range of 1 to 16.
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Use the display rawip verbose command to display detailed information about socket creator,
state, option, type, protocol number, and the source and destination IP addresses of RawIP
connections.
Examples
# Display detailed information about RawIP connections.
<Sysname> display rawip verbose
Total RawIP socket number: 1
Slot: 6
Creator: ping[320]
State: N/A
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 9216 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A
Type: 3
Protocol: 1
Connection info: src = 0.0.0.0, dst = 0.0.0.0
Inpcb flags: N/A
Inpcb vflag: INP_IPV4
TTL: 255(minimum TTL: 0)
Send VRF: 0xffff
Receive VRF: 0xffff
Table 33 Command output
Field
Description
Total RawIP socket number
Total number of RawIP sockets.
Slot
ID of the IRF member device.
Creator
Name of the operation that created the socket. The number in
brackets is the process number of the creator.
State
State of the socket.
143
Field
Description
Options
Socket options.
Error
Error code.
Receiving
(cc/hiwat/lowat/state)
Displays receive buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Sending
(cc/hiwat/lowat/state)
buffer
buffer
Displays send buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Type
Socket type:
•
1—SOCK_STREAM. This socket uses TCP to provide reliable
transmission of byte streams.
•
2—SOCK_DGRAM. This socket uses UDP to provide datagram
transmission.
•
3—SOCK_RAW. This socket allows an application to change
the next upper-layer protocol header.
•
N/A—None of the above types.
Protocol
Number of the protocol using the socket.
Connection info
Source IP address and destination IP address.
144
Field
Description
Inpcb flags
Flags in the Internet PCB:
•
INP_RECVOPTS—Receives IP options.
•
INP_RECVRETOPTS—Receives replied IP options.
•
INP_RECVDSTADDR—Receives destination IP address.
•
INP_HDRINCL—Provides the entire IP header.
•
INP_REUSEADDR—Reuses the IP address.
•
INP_REUSEPORT—Reuses the port number.
•
INP_ANONPORT—Port number not specified.
•
INP_RECVIF—Records the input interface of the packet.
•
INP_RECVTTL—Receives TTL of the packet. Only UDP and
RawIP support this flag.
•
INP_DONTFRAG—Sets the Don't Fragment flag.
•
INP_ROUTER_ALERT—Receives packets with the router alert
option. Only RawIP supports this flag.
•
INP_PROTOCOL_PACKET—Identifies a protocol packet.
•
INP_RCVVLANID—Receives the VLAN ID of the packet. Only
UDP and RawIP support this flag.
•
INP_RCVMACADDR—Receives the MAC address of the
frame.
•
INP_SNDBYLSPV—Sends through MPLS.
•
INP_RECVTOS—Receives TOS of the packet. Only UDP and
RawIP support this flag.
•
INP_USEICMPSRC—Uses the specified IP address as the
source IP address for outgoing ICMP packets.
•
INP_SYNCPCB—Waits until Internet PCB is synchronized.
•
N/A—None of the above flags.
Inpcb vflag
IP version flags in the Internet PCB:
•
INP_IPV4—IPv4 protocol.
•
INP_TIMEWAIT—In TIMEWAIT state.
•
INP_ONESBCAST—Sends broadcast packets.
•
INP_DROPPED—Protocol dropped flag.
•
INP_SOCKREF—Strong socket reference.
•
INP_DONTBLOCK—Do not block synchronization of the
Internet PCB.
•
N/A—None of the above flags.
TTL
TTL value in the Internet PCB.
display tcp
Use display tcp to display brief information about TCP connections.
Syntax
display tcp [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
145
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Brief TCP connection information includes local IP address, local port number, peer IP address, peer
port number, and TCP connection state.
Examples
# Display brief information about TCP connections.
<Sysname> display tcp
*: TCP MD5 Connection
Local Addr:port
Foreign Addr:port
State
Slot PCB
0.0.0.0:0
LISTEN
1
0x000000000000c387
192.168.20.200:23
192.168.20.14:1284
ESTABLISHED 1
0x0000000000000009
192.168.20.200:23
192.168.20.14:1283
ESTABLISHED 1
0x0000000000000002
*0.0.0.0:21
Table 34 Command output
Field
Description
*
Indicates the TCP connection uses MD5 authentication.
Local Addr:port
Local IP address and port number.
Foreign Addr:port
Peer IP address and port number.
State
TCP connection state.
Slot
ID of the IRF member device.
PCB
PCB index.
display tcp statistics
Use display tcp statistics to display TCP traffic statistics.
Syntax
display tcp statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
TCP traffic statistics include information about received and sent TCP packets and
Syncache/syncookie.
Examples
# Display TCP traffic statistics.
<Sysname> display tcp statistics
Received packets:
146
Total: 4150
packets in sequence: 1366 (134675 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
packets dropped for lack of memory: 0
packets dropped due to PAWS: 0
duplicate packets: 12 (36 bytes), partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets with data after window: 0 (0 bytes)
packets after close: 0
ACK packets: 3531 (795048 bytes)
duplicate ACK packets: 33, ACK packets for unsent data: 0
Sent packets:
Total: 4058
urgent packets: 0
control packets: 50
window probe packets: 3, window update packets: 11
data packets: 3862 (795012 bytes), data packets retransmitted: 0 (0 bytes)
ACK-only packets: 150 (52 delayed)
unnecessary packet retransmissions: 0
Syncache/syncookie related statistics:
entries added to syncache: 12
syncache entries retransmitted: 0
duplicate SYN packets: 0
reply failures: 0
successfully build new socket: 12
bucket overflows: 0
zone failures: 0
syncache entries removed due to RST: 0
syncache entries removed due to timed out: 0
ACK checked by syncache or syncookie failures: 0
syncache entries aborted: 0
syncache entries removed due to bad ACK: 0
syncache entries removed due to ICMP unreachable: 0
SYN cookies sent: 0
SYN cookies received: 0
SACK related statistics:
SACK recoveries: 1
SACK retransmitted segments: 0 (0 bytes)
SACK blocks (options) received: 0
SACK blocks (options) sent: 0
SACK scoreboard overflows: 0
Other statistics:
retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
147
persist timeout: 0
keepalive timeout: 21, keepalive probe: 0
keepalive timeout, so connections disconnected: 0
fin_wait_2 timeout, so connections disconnected: 0
initiated connections: 29, accepted connections: 12, established connections:
23
closed connections: 50051 (dropped: 0, initiated dropped: 0)
bad connection attempt: 0
ignored RSTs in the window: 0
listen queue overflows: 0
RTT updates: 3518(attempt segment: 3537)
correct ACK header predictions: 0
correct data packet header predictions: 568
resends due to MTU discovery: 0
packets dropped with MD5 authentication: 0
packets permitted with MD5 authentication: 0
Related commands
reset tcp statistics
display tcp verbose
Use display tcp verbose to display detailed information about TCP connections.
Syntax
display tcp verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pcb pcb-index: Specifies a PCB by its index in the range of 1 to 16.
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Detailed TCP connection information includes socket creator, state, option, type, protocol number,
source IP address and port number, destination IP address and port number, and connection state.
Examples
# Display detailed information about TCP connections.
<Sysname> display tcp verbose
TCP inpcb number: 1(tcpcb number: 1)
Slot: 6
Creator: telnetd_mips[199]
State: ISCONNECTED
Options: N/A
148
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 65700 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 65700 / 512 / N/A
Type: 1
Protocol: 6
Connection info: src = 192.168.20.200:23 ,
dst = 192.168.20.14:4181
Inpcb flags: N/A
Inpcb vflag: INP_IPV4
TTL: 255(minimum TTL: 0)
Connection state: ESTABLISHED
Send VRF: 0x0
Receive VRF: 0x0
Table 35 Command output
Field
Description
TCP inpcb number
Number of TCP IP PCBs.
tcpcb number
Number of TCP PCBs.
Slot
ID of the IRF member device.
Creator
Name of the operation that created the socket. The number in
brackets is the process number of the creator.
State
State of the socket.
Options
Socket options.
Error
Error code.
Receiving
(cc/hiwat/lowat/state)
Displays receive buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Sending
(cc/hiwat/lowat/state)
buffer
buffer
Displays send buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
149
Field
Description
Type
Socket type:
•
1—SOCK_STREAM. This socket uses TCP to provide reliable
transmission of byte streams.
•
2—SOCK_DGRAM. This socket uses UDP to provide datagram
transmission.
•
3—SOCK_RAW. This socket allows an application to change
the next upper-layer protocol header.
•
N/A—None of the above types.
Protocol
Number of the protocol using the socket.
Connection info
Source IP address and destination IP address.
Inpcb flags
Flags in the Internet PCB:
•
INP_RECVOPTS—Receives IP options.
•
INP_RECVRETOPTS—Receives replied IP options.
•
INP_RECVDSTADDR—Receives destination IP address.
•
INP_HDRINCL—Provides the entire IP header.
•
INP_REUSEADDR—Reuses the IP address.
•
INP_REUSEPORT—Reuses the port number.
•
INP_ANONPORT—Port number not specified.
•
INP_RECVIF—Records the input interface of the packet.
•
INP_RECVTTL—Receives TTL of the packet. Only UDP and
RawIP support this flag.
•
INP_DONTFRAG—Sets the Don't Fragment flag.
•
INP_ROUTER_ALERT—Receives packets with the router alert
option. Only RawIP supports this flag.
•
INP_PROTOCOL_PACKET—Identifies a protocol packet.
•
INP_RCVVLANID—Receives the VLAN ID of the packet. Only
UDP and RawIP support this flag.
•
INP_RCVMACADDR—Receives the MAC address of the
frame.
•
INP_SNDBYLSPV—Sends through MPLS.
•
INP_RECVTOS—Receives TOS of the packet. Only UDP and
RawIP support this flag.
•
INP_SYNCPCB—Waits until Internet PCB is synchronized.
•
N/A—None of the above flags.
Inpcb vflag
IP version flags in the Internet PCB:
•
INP_IPV4—IPv4 protocol.
•
INP_TIMEWAIT—In TIMEWAIT state.
•
INP_ONESBCAST—Sends broadcast packets.
•
INP_DROPPED—Protocol dropped flag.
•
INP_SOCKREF—Strong socket reference.
•
INP_DONTBLOCK—Do not block synchronization of the
Internet PCB.
•
N/A—None of the above flags.
TTL
TTL value in the Internet PCB.
display udp
Use display udp to display brief information about UDP connections.
150
Syntax
display udp [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Brief UDP connection information includes local IP address and port number, and peer IP address
and port number.
Examples
# Display brief information about UDP connections.
<Sysname> display udp
Local Addr:port
Foreign Addr:port
Slot PCB
0.0.0.0:69
0.0.0.0:0
1
0x0000000000000003
192.168.20.200:1024
192.168.20.14:69
1
0x0000000000000002
Table 36 Command output
Field
Description
Local Addr:port
Local IP address and port number.
Foreign Addr:port
Peer IP address and port number.
Slot
ID of the IRF member device.
PCB
PCB index.
display udp statistics
Use display udp statistics to display UDP traffic statistics.
Syntax
display udp statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
UDP traffic statistics include information about received and sent UDP packets.
151
Examples
# Display UDP traffic statistics.
<Sysname> display udp statistics
Received packets:
Total: 240
checksum error: 0, no checksum: 0
shorter than header: 0, data length larger than packet: 0
no socket on port(unicast): 0
no socket on port(broadcast/multicast): 240
not delivered, input socket full: 0
Sent packets:
Total: 0
Related commands
reset udp statistics
display udp verbose
Use display udp verbose to display detailed information about UDP connections.
Syntax
display udp verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pcb pcb-index: Specifies a PCB by its index in the range of 1 to 16.
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Detailed UDP connection information includes the socket creator, status, option, type, the protocol
number, the source IP address and port number, and the destination IP address and port number for
UDP connections.
Examples
# Display detailed UDP connection information.
<Sysname> display udp verbose
Total UDP socket number: 1
Slot: 6
Creator: sock_test_mips[250]
State: N/A
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A
152
Type: 2
Protocol: 17
Connection info: src = 0.0.0.0:69, dst = 0.0.0.0:0
Inpcb flags: N/A
Inpcb vflag: INP_IPV4
TTL: 255(minimum TTL: 0)
Send VRF: 0xffff
Receive VRF: 0xffff
Table 37 Command output
Field
Description
Total UDP socket number
Total number of UDP sockets.
Slot
ID of the IRF member device.
Creator
Name of the operation that created the socket. The number in brackets is
the process number of the creator.
State
Socket state.
Options
Socket option.
Error
Error code.
Receiving
buffer(cc/hiwat/lowat/state)
Displays receive buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Sending
buffer(cc/hiwat/lowat/state)
Displays send buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Type
Socket type:
•
1—SOCK_STREAM. This socket uses TCP to provide reliable
transmission of byte streams.
•
2—SOCK_DGRAM. This socket uses UDP to provide datagram
transmission.
•
3—SOCK_RAW. This socket allows an application to change the
next upper-layer protocol header.
•
N/A—None of the above types.
Protocol
Number of the protocol using the socket.
153
Field
Description
Inpcb flags
Flags in the Internet PCB:
•
INP_RECVOPTS—Receives IP options.
•
INP_RECVRETOPTS—Receives replied IP options.
•
INP_RECVDSTADDR—Receives destination IP address.
•
INP_HDRINCL—Provides the entire IP header.
•
INP_REUSEADDR—Reuses the IP address.
•
INP_REUSEPORT—Reuses the port number.
•
INP_ANONPORT—Port number not specified.
•
INP_RECVIF—Records the input interface of the packet.
•
INP_RECVTTL—Receives TTL of the packet. Only UDP and
RawIP support this flag.
•
INP_DONTFRAG—Sets the Don't Fragment flag.
•
INP_ROUTER_ALERT—Receives packets with the router alert
option. Only RawIP supports this flag.
•
INP_PROTOCOL_PACKET—Identifies a protocol packet.
•
INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP
and RawIP support this flag.
•
INP_RCVMACADDR—Receives the MAC address of the frame.
•
INP_SNDBYLSPV—Sends through MPLS.
•
INP_RECVTOS—Receives TOS of the packet. Only UDP and
RawIP support this flag.
•
INP_SYNCPCB—Waits until Internet PCB is synchronized.
•
N/A—None of the above flags.
Inpcb vflag
IP version flags in the Internet PCB:
•
INP_IPV4—IPv4 protocol.
•
INP_TIMEWAIT—In TIMEWAIT state.
•
INP_ONESBCAST—Sends broadcast packets.
•
INP_DROPPED—Protocol dropped flag.
•
INP_SOCKREF—Strong socket reference.
•
INP_DONTBLOCK—Do not block synchronization of the Internet
PCB.
•
N/A—None of the above flags.
TTL
TTL value in the Internet PCB.
ip forward-broadcast
Use ip forward-broadcast to enable an interface to receive and forward directed broadcast packets
destined for the directly connected network.
Use undo ip forward-broadcast to disable an interface from receiving and forwarding directed
broadcast packets destined for the directly connected network.
Syntax
ip forward-broadcast
undo ip forward-broadcast
Default
An interface cannot receive or forward directed broadcasts destined for the directly connected
network.
154
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
A directed broadcast packet is destined for all hosts on a specific network. In the destination IP
address of the directed broadcast, the network ID identifies the target network, and the host ID is
made up of all ones.
If an interface is allowed to forward directed broadcasts destined for the directly connected network,
hackers can exploit this vulnerability to attack the target network. In some scenarios, however, an
interface must receive and send such directed broadcast packets to support UDP helper.
This command enables an interface to accept directed broadcast packets that are destined for and
received from the directly connected network to support UDP helper. UDP helper converts the
directed broadcasts to unicasts and forwards them to a specific server.
The command also enables the interface to forward directed broadcast packets that are destined for
the directly connected network and are received from another subnet to support Wake on LAN.
Wake on LAN sends the directed broadcasts to wake up the hosts on the target network.
Examples
# Enable VLAN-interface 2 to receive and forward directed broadcast packets destined for the
directly connected network.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ip forward-broadcast
ip icmp error-interval
Use ip icmp error-interval to set the bucket size and the interval for tokens to arrive in the bucket for
ICMP error messages.
Use undo ip icmp error-interval to restore the default.
Syntax
ip icmp error-interval milliseconds [ bucketsize ]
undo ip icmp error-interval
Default
The bucket allows a maximum of 10 tokens, and tokens are placed in the bucket at the interval of 100
milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
milliseconds: Specifies the interval for tokens to arrive in the bucket. The value range is 0 to
2147483647 milliseconds, and the default is 100 milliseconds. To disable the ICMP rate limit, set the
value to 0.
bucketsize: Specifies the maximum number of tokens allowed in the bucket. The value range is 1 to
200, and the default is 10.
155
Usage guidelines
This command limits the rate at which ICMP error messages are sent. Use this command to avoid
sending excessive ICMP error messages within a short period that might cause network congestion.
A token bucket algorithm is used with one token representing one ICMP error message. Tokens are
placed in the bucket at intervals until the maximum number of tokens that the bucket can hold is
reached. Tokens are removed from the bucket when ICMP error messages are sent. When the
bucket is empty, ICMP error messages are not sent until a new token is placed in the bucket.
Examples
# Configure an interval of 200 milliseconds and bucket size of 40 tokens for ICMP error messages.
<Sysname> system-view
[Sysname] ip icmp error-interval 200 40
ip icmp fragment discarding
Use ip icmp fragment discarding to disable forwarding of ICMP fragments.
Use undo ip icmp fragment discarding to enable forwarding of ICMP fragments.
Syntax
ip icmp fragment discarding
undo ip icmp fragment discarding
Default
Forwarding of ICMP fragments is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Disable forwarding of ICMP fragments can prevent ICMP fragment attacks.
Examples
# Disable forwarding of ICMP fragments.
<Sysname> system-view
[Sysname] ip icmp fragment discarding
ip icmp source
Use ip icmp source to enable specifying the source address for outgoing ICMP packets.
Use undo ip icmp source to restore the default.
Syntax
ip icmp source [ vpn-instance vpn-instance-name ] ip-address
undo ip icmp source [ vpn-instance vpn-instance-name ]
Default
The device uses the IP address of the sending interface as the source IP address for outgoing ICMP
packets.
156
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies the VPN instance to which the specified address
belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The
specified VPN instance must exist. If the specified IP address is on the public network, do not use
this option.
ip-address: Specifies an IP address.
Usage guidelines
It is a good practice to specify the IP address of the loopback interface as the source IP address for
outgoing ping echo request and ICMP error messages. This feature helps users to locate the
sending device easily.
Examples
# Specify 1.1.1.1 as the source address for outgoing ICMP packets.
<Sysname> system-view
[Sysname] ip icmp source 1.1.1.1
ip mtu
Use ip mtu to configure an MTU for an interface.
Use undo ip mtu to restore the default.
Syntax
ip mtu mtu-size
undo ip mtu
Default
No MTU is configured for an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
mtu-size: Specifies an MTU in bytes. In Release 1111, the value range is 128 to 2000. In Release
1121 and later, the value range is 128 to 1500.
Usage guidelines
When a packet exceeds the MTU of the output interface, the device processes it in one of the
following ways:
•
If the packet disallows fragmentation, the device discards it.
•
If the packet allows fragmentation, the device fragments it and forwards the fragments.
Fragmentation and reassembling consume system resources, so set an appropriate MTU for an
interface to avoid fragmentation.
157
If an interface supports both the mtu and ip mtu commands, the device fragments a packet based
on the MTU set by the ip mtu command.
The MTU configured for an interface takes effect on only packets that are sent to the CPU for
software forwarding, including packets sent from or destined for this interface.
Examples
# Set the MTU of VLAN interface 100 to 1280 bytes.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip mtu 1280
ip redirects enable
Use ip redirects enable to enable sending ICMP redirect messages.
Use undo ip redirects enable to disable sending ICMP redirect messages.
Syntax
ip redirects enable
undo ip redirects enable
Default
Sending ICMP redirect messages is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
ICMP redirect messages simplify host management and enable hosts to gradually optimize its
routing table.
A host that has only one route destined to the default gateway sends all packets to the default
gateway. The default gateway sends an ICMP redirect message to inform the host of a correct next
hop by following these rules:
•
The receiving and sending interfaces are the same.
•
The selected route is not created or modified by any ICMP redirect message.
•
The selected route is not destined for 0.0.0.0.
•
There is no source route option in the received packet.
Examples
# Enable sending ICMP redirect messages.
<Sysname> system-view
[Sysname] ip redirects enable
ip ttl-expires enable
Use ip ttl-expires enable to enable sending ICMP time-exceeded messages.
Use undo ip ttl-expires enable to disable sending ICMP time-exceeded messages.
158
Syntax
ip ttl-expires enable
undo ip ttl-expires enable
Default
Sending ICMP time-exceeded messages is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
A device sends ICMP time-exceeded messages by following these rules:
•
If a received packet is not destined for the device and the TTL field of the packet is 1, the device
sends an ICMP TTL Expired in Transit message to the source.
•
When the device receives the first fragment of an IP datagram destined for the device itself, it
starts a timer. If the timer expires before all the fragments of the datagram are received, the
device sends an ICMP Fragment Reassembly Timeout message to the source.
A device disabled from sending ICMP time-exceeded messages does not send ICMP TTL Expired in
Transit messages but can still send ICMP Fragment Reassembly Timeout messages.
Examples
# Enable sending ICMP time-exceeded messages.
<Sysname> system-view
[Sysname] ip ttl-expires enable
ip unreachables enable
Use ip unreachables enable to enable sending ICMP destination unreachable messages.
Use undo ip unreachables enable to disable sending ICMP destination unreachable messages.
Syntax
ip unreachables enable
undo ip unreachables enable
Default
Sending ICMP destination unreachable messages is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
A device sends ICMP destination unreachable messages by following these rules:
•
If a packet does not match any route and there is no default route in the routing table, the device
sends a Network Unreachable ICMP error message to the source.
159
•
If a packet is destined for the device but the transport layer protocol of the packet is not
supported by the device, the device sends a Protocol Unreachable ICMP error message to the
source.
•
If a UDP packet is destined for the device but the packet's port number does not match the
running process, the device sends the source a Port Unreachable ICMP error message.
•
If the source uses Strict Source Routing to send packets, but the intermediate device finds that
the next hop specified by the source is not directly connected, the device sends the source a
Source Routing Failure ICMP error message.
•
If the MTU of the sending interface is smaller than the packet and the packet has a Don't
Fragment set, the device sends the source a Fragmentation Needed and Don't Fragment-Set
ICMP error message.
Examples
# Enable sending ICMP destination unreachable messages.
<Sysname> system-view
[Sysname] ip unreachables enable
reset ip statistics
Use reset ip statistics to clear IP traffic statistics.
Syntax
reset ip statistics [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
To collect new IP traffic statistics within a period of time, use this command to clear history IP traffic
statistics first.
Examples
# Clear IP traffic statistics.
<Sysname> reset ip statistics
Related commands
•
display ip interface
•
display ip statistics
reset tcp statistics
Use reset tcp statistics to clear TCP traffic statistics.
Syntax
reset tcp statistics
Views
User view
160
Predefined user roles
network-admin
Examples
# Clear TCP traffic statistics.
<Sysname> reset tcp statistics
Related commands
display tcp statistics
reset udp statistics
Use reset udp statistics to clear UDP traffic statistics.
Syntax
reset udp statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear UDP traffic statistics.
<Sysname> reset udp statistics
Related commands
display udp statistics
tcp mss
Use tcp mss to configure the TCP maximum segment size (MSS).
Use undo tcp mss to restore the default.
Syntax
tcp mss value
undo tcp mss
Default
No TCP MSS is configured.
Views
Interface view
Predefined user roles
network-admin
Parameters
Value: Specifies the TCP MSS in the range of 128 to 2048 bytes.
Usage guidelines
This configuration takes effect only on TCP connections that are established after the configuration
and not on the TCP connections that already exist.
161
This configuration is effective only on IP packets. If MPLS is enabled on the interface, do not
configure the TCP MSS on the interface.
The MSS option informs the receiver of the largest segment that the sender can accept. Each end
announces its MSS during TCP connection establishment.
If the size of a TCP segment is smaller than the MSS of the receiver, TCP sends the TCP segment
without fragmentation. If not, it fragments the segment according to the receiver's MSS.
If you configure a TCP MSS on an interface, the size of each TCP segment received or sent on the
interface cannot exceed the MSS value.
Examples
# Set the TCP MSS to 300 bytes on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] tcp mss 300
tcp path-mtu-discovery
Use tcp path-mtu-discovery to enable TCP path MTU discovery.
Use undo tcp path-mtu-discovery to disable TCP path MTU discovery.
Syntax
tcp path-mtu-discovery [ aging age-time | no-aging ]
undo tcp path-mtu-discovery
Default
TCP path MTU discovery is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
aging age-time: Specifies the aging time for the path MTU, in the range of 10 to 30 minutes. The
default aging time is 10 minutes.
no-aging: Does not age out the path MTU.
Usage guidelines
After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The
device uses the path MTU to calculate the MSS to avoid IP fragmentation.
After you disable TCP path MTU discovery, the system stops all path MTU timers. The TCP
connections established later do not detect the path MTU, but the TCP connections previously
established still can detect the path MTU.
Examples
# Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes.
<Sysname> system-view
[Sysname] tcp path-mtu-discovery aging 20
162
tcp syn-cookie enable
Use tcp syn-cookie enable to enable SYN Cookie to protect the device from SYN flood attacks.
Use undo tcp syn-cookie enable to disable SYN Cookie.
Syntax
tcp syn-cookie enable
undo tcp syn-cookie enable
Default
SYN Cookie is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
A TCP connection is established through a three-way handshake:
1.
The sender sends a SYN packet to the server.
2.
The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED
state, and replies with a SYN ACK packet to the sender.
3.
The sender receives the SYN ACK packet and replies with an ACK packet. Then, a TCP
connection is established.
An attacker can exploit this mechanism to mount SYN flood attacks. The attacker sends a large
number of SYN packets, but they do not respond to the SYN ACK packets from the server. As a
result, the server establishes a large number of TCP semi-connections and cannot handle normal
services.
SYN Cookie can protect the server from SYN flood attacks. When the server receives a SYN packet,
it responds to the request with a SYN ACK packet without establishing a TCP semi-connection.
The server establishes a TCP connection and enters ESTABLISHED state only when it receives an
ACK packet from the sender.
Examples
# Enable SYN Cookie.
<Sysname> system-view
[Sysname] tcp syn-cookie enable
tcp timer fin-timeout
Use tcp timer fin-timeout to configure the TCP FIN wait timer.
Use undo tcp timer fin-timeout to restore the default.
Syntax
tcp timer fin-timeout time-value
undo tcp timer fin-timeout
Default
The TCP FIN wait timer is 675 seconds.
163
Views
System view
Predefined user roles
network-admin
Parameters
time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds.
Usage guidelines
TCP starts the FIN wait timer when the state changes to FIN_WAIT_2. If no FIN packet is received
within the timer interval, the TCP connection is terminated.
If a FIN packet is received, TCP changes connection state to TIME_WAIT. If a non-FIN packet is
received, TCP restarts the timer and tears down the connection when the timer expires.
Examples
# Set the TCP FIN wait timer to 800 seconds.
<Sysname> system-view
[Sysname] tcp timer fin-timeout 800
tcp timer syn-timeout
Use tcp timer syn-timeout to configure the TCP SYN wait timer.
Use undo tcp timer syn-timeout to restore the default.
Syntax
tcp timer syn-timeout time-value
undo tcp timer syn-timeout
Default
The TCP SYN wait timer is 75 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds.
Usage guidelines
TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within
the SYN wait timer interval, TCP fails to establish the connection.
Examples
# Set the TCP SYN wait timer to 80 seconds.
<Sysname> system-view
[Sysname] tcp timer syn-timeout 80
tcp window
Use tcp window to configure the size of the TCP receive/send buffer.
164
Use undo tcp window to restore the default.
Syntax
tcp window window-size
undo tcp window
Default
The size of the TCP receive/send buffer is 64 KB.
Views
System view
Predefined user roles
network-admin
Parameters
window-size: Specifies the size of the TCP receive/send buffer in KB, in the range of 1 to 64.
Examples
# Configure the size of the TCP receive/send buffer as 3 KB.
<Sysname> system-view
[Sysname] tcp window 3
165
UDP helper commands
The term "interface" in this chapter collectively refers to VLAN interfaces, Layer 3 Ethernet
interfaces, and Layer 3 aggregate interfaces. You can set an Ethernet port as a Layer 3 interface by
using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display udp-helper interface
Use display udp-helper interface to display information about broadcast to unicast conversion by
UDP helper on an interface.
Syntax
display udp-helper interface interface-type interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
This command displays information about destination servers and total number of unicast packets
converted from UDP broadcast packets by UDP helper.
Examples
# Display information about broadcast to unicast conversion by UDP helper on VLAN-interface 1.
<Sysname> display udp-helper interface vlan-interface 1
Interface
Server VPN instance
Server address Packets sent
Vlan-interface1
abc
192.1.1.2
0
Vlan-interface1
N/A
192.1.1.2
0
Table 38 Command output
Field
Description
Interface
Interface name.
Server VPN instance
VPN instance to which the destination server belongs.
Server address
Destination server to which UDP packets are forwarded.
Packets sent
Number of unicast packets that are converted from broadcast packets by UDP
helper.
Related commands
•
reset udp-helper statistics
•
udp-helper server
166
reset udp-helper statistics
Use reset udp-helper statistics to clear packet statistics for UDP helper.
Syntax
reset udp-helper statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear the packet statistics for UDP helper.
<Sysname> reset udp-helper statistics
Related commands
display udp-helper interface
udp-helper broadcast-map
Use udp-helper broadcast-map to specify a multicast address for UDP helper to convert broadcast
to multicast.
Use undo udp-helper broadcast-map to remove a multicast address.
Syntax
udp-helper broadcast-map multicast-address [ acl acl-number ]
undo udp-helper broadcast-map multicast-address
Default
No multicast address is specified for UDP helper.
Views
Interface view
Predefined user roles
network-admin
Parameters
multicast-address: Specifies the destination multicast address to which the destination broadcast
address is converted.
acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999 to filter incoming
broadcast packets for UDP helper. Packets permitted by the ACL can be converted.
•
For a basic ACL, the value range is 2000 to 2999.
•
For an advanced ACL, the value range is 3000 to 3999.
Usage guidelines
Use this command on the interface that receives broadcast packets.
You can configure a maximum of 20 unicast and multicast addresses for UDP helper to convert
broadcast packets.
167
Examples
# Configure UDP helper to convert received broadcast packets on VLAN-interface 100 to multicast
packets destined for 225.0.0.1.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-vlan-interface 100] udp-helper broadcast-map 225.0.0.1
udp-helper enable
Use udp-helper enable to enable UDP helper.
Use undo udp-helper enable to disable UDP helper.
Syntax
udp-helper enable
undo udp-helper enable
Default
UDP helper is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
UDP helper takes effect when you use the udp-helper enable command with the udp-helper port
command and at least one of the following commands:
•
udp-helper server
•
udp-helper broadcast-map
Examples
# Enable UDP helper.
<Sysname> system-view
[Sysname] udp-helper enable
Related commands
•
udp-helper port
•
udp-helper server
•
udp-helper broadcast-map
udp-helper port
Use udp-helper port to specify a UDP port number for UDP helper.
Use undo udp-helper port to remove UDP port numbers.
Syntax
udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }
undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }
168
Default
No UDP port number is specified for UDP helper.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). Support for
some UDP port numbers depends on the device model.
dns: Specifies the UDP port 53 used by DNS packets.
netbios-ds: Specifies the UDP port 138 used by NetBIOS distribution service packets.
netbios-ns: Specifies the UDP port 137 used by NetBIOS name service packets.
tacacs: Specifies the UDP port 49 used by TACACS packets.
tftp: Specifies the UDP port 69 used by TFTP packets.
time: Specifies the UDP port 37 used by time protocol packets.
Usage guidelines
To specify a UDP port, you can specify the port number or the corresponding protocol keyword. For
example, udp-helper port 53 and udp-helper port dns specify the same UDP port.
You can specify a maximum of 256 UDP ports on a device.
Examples
# Specify the UDP port 100 for UDP helper.
<Sysname> system-view
[Sysname] udp-helper port 100
udp-helper server
Use udp-helper server to specify a destination server for UDP helper to convert broadcast to
unicast.
Use undo udp-helper server to remove a destination server.
Syntax
udp-helper server ip-address [ global | vpn-instance vpn-instance-name ]
undo udp-helper server [ ip-address [ global | vpn-instance vpn-instance-name ] ]
Default
No destination server is specified for UDP helper.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a destination server, in dotted decimal notation.
global: Forwards converted unicast packets to the server on the public network.
169
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the server belongs.
The VPN instance name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
Specify destination servers on an interface that receives UDP broadcast packets.
You can specify a maximum of 20 unicast and multicast addresses for UDP helper to convert
broadcast packets on an interface.
If you do not specify the ip-address argument, the undo udp-helper server command removes all
destination servers on the interface.
If you specify only the IP address, UDP helper forwards converted unicast packets in the VPN bound
to the interface that receives broadcast packets. If the interface is not bound to any VPNs, UDP
helper forwards the unicast packets on the public network.
Examples
# Specify the destination server 192.1.1.2 for UDP helper on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] udp-helper server 192.1.1.2
# Specify the destination server 192.1.1.2 on the public network for UDP helper on VLAN-interface
100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] udp-helper server 192.1.1.2 global
Related commands
display udp-helper interface
170
UDP helper commands
The term "interface" in this chapter collectively refers to VLAN interfaces, Layer 3 Ethernet
interfaces, and Layer 3 aggregate interfaces. You can set an Ethernet port as a Layer 3 interface by
using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display udp-helper interface
Use display udp-helper interface to display information about broadcast to unicast conversion by
UDP helper on an interface.
Syntax
display udp-helper interface interface-type interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
This command displays information about destination servers and total number of unicast packets
converted from UDP broadcast packets by UDP helper.
Examples
# Display information about broadcast to unicast conversion by UDP helper on VLAN-interface 1.
<Sysname> display udp-helper interface vlan-interface 1
Interface
Server VPN instance
Server address Packets sent
Vlan-interface1
abc
192.1.1.2
0
Vlan-interface1
N/A
192.1.1.2
0
Table 39 Command output
Field
Description
Interface
Interface name.
Server VPN instance
VPN instance to which the destination server belongs.
Server address
Destination server to which UDP packets are forwarded.
Packets sent
Number of unicast packets that are converted from broadcast packets by UDP
helper.
Related commands
•
reset udp-helper statistics
•
udp-helper server
171
reset udp-helper statistics
Use reset udp-helper statistics to clear packet statistics for UDP helper.
Syntax
reset udp-helper statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear the packet statistics for UDP helper.
<Sysname> reset udp-helper statistics
Related commands
display udp-helper interface
udp-helper broadcast-map
Use udp-helper broadcast-map to specify a multicast address for UDP helper to convert broadcast
to multicast.
Use undo udp-helper broadcast-map to remove a multicast address.
Syntax
udp-helper broadcast-map multicast-address [ acl acl-number ]
undo udp-helper broadcast-map multicast-address
Default
No multicast address is specified for UDP helper.
Views
Interface view
Predefined user roles
network-admin
Parameters
multicast-address: Specifies the destination multicast address to which the destination broadcast
address is converted.
acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999 to filter incoming
broadcast packets for UDP helper. Packets permitted by the ACL can be converted.
•
For a basic ACL, the value range is 2000 to 2999.
•
For an advanced ACL, the value range is 3000 to 3999.
Usage guidelines
Use this command on the interface that receives broadcast packets.
You can configure a maximum of 20 unicast and multicast addresses for UDP helper to convert
broadcast packets.
172
Examples
# Configure UDP helper to convert received broadcast packets on VLAN-interface 100 to multicast
packets destined for 225.0.0.1.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-vlan-interface 100] udp-helper broadcast-map 225.0.0.1
udp-helper enable
Use udp-helper enable to enable UDP helper.
Use undo udp-helper enable to disable UDP helper.
Syntax
udp-helper enable
undo udp-helper enable
Default
UDP helper is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
UDP helper takes effect when you use the udp-helper enable command with the udp-helper port
command and at least one of the following commands:
•
udp-helper server
•
udp-helper broadcast-map
Examples
# Enable UDP helper.
<Sysname> system-view
[Sysname] udp-helper enable
Related commands
•
udp-helper port
•
udp-helper server
•
udp-helper broadcast-map
udp-helper port
Use udp-helper port to specify a UDP port number for UDP helper.
Use undo udp-helper port to remove UDP port numbers.
Syntax
udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }
undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }
173
Default
No UDP port number is specified for UDP helper.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68). Support for
some UDP port numbers depends on the device model.
dns: Specifies the UDP port 53 used by DNS packets.
netbios-ds: Specifies the UDP port 138 used by NetBIOS distribution service packets.
netbios-ns: Specifies the UDP port 137 used by NetBIOS name service packets.
tacacs: Specifies the UDP port 49 used by TACACS packets.
tftp: Specifies the UDP port 69 used by TFTP packets.
time: Specifies the UDP port 37 used by time protocol packets.
Usage guidelines
To specify a UDP port, you can specify the port number or the corresponding protocol keyword. For
example, udp-helper port 53 and udp-helper port dns specify the same UDP port.
You can specify a maximum of 256 UDP ports on a device.
Examples
# Specify the UDP port 100 for UDP helper.
<Sysname> system-view
[Sysname] udp-helper port 100
udp-helper server
Use udp-helper server to specify a destination server for UDP helper to convert broadcast to
unicast.
Use undo udp-helper server to remove a destination server.
Syntax
udp-helper server ip-address [ global | vpn-instance vpn-instance-name ]
undo udp-helper server [ ip-address [ global | vpn-instance vpn-instance-name ] ]
Default
No destination server is specified for UDP helper.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address of a destination server, in dotted decimal notation.
global: Forwards converted unicast packets to the server on the public network.
174
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the server belongs.
The VPN instance name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
Specify destination servers on an interface that receives UDP broadcast packets.
You can specify a maximum of 20 unicast and multicast addresses for UDP helper to convert
broadcast packets on an interface.
If you do not specify the ip-address argument, the undo udp-helper server command removes all
destination servers on the interface.
If you specify only the IP address, UDP helper forwards converted unicast packets in the VPN bound
to the interface that receives broadcast packets. If the interface is not bound to any VPNs, UDP
helper forwards the unicast packets on the public network.
Examples
# Specify the destination server 192.1.1.2 for UDP helper on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] udp-helper server 192.1.1.2
# Specify the destination server 192.1.1.2 on the public network for UDP helper on VLAN-interface
100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] udp-helper server 192.1.1.2 global
Related commands
display udp-helper interface
175
IPv6 basics commands
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN
interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by
using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display ipv6 fib
Use display ipv6 fib to display IPv6 FIB entries.
Syntax
display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address [ prefix-length ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters.
ipv6-address: Specifies an IPv6 address.
prefix-length: Specifies a prefix length for the IPv6 address, in the range of 0 to 128.
Usage guidelines
If you do not specify a VPN, this command displays IPv6 FIB entries for the public network.
If you do not specify the prefix length, this command displays the IPv6 FIB entry longest matching the
IPv6 address. If you specify a prefix, this command displays the IPv6 FIB entry that exactly matches
the IPv6 address and prefix length.
If you do not specify any parameters, this command displays all IPv6 FIB entries for the public
network.
Examples
# Display all IPv6 FIB entries for the public network.
<Sysname> display ipv6 fib
Destination count: 1 FIB entry count: 1
Flag:
U:Useable
G:Gateway
R:Relay
F:FRR
H:Host
B:Blackhole
Destination: ::1
Nexthop
D:Dynamic
S:Static
Prefix length: 128
: ::1
Flags: UH
Time stamp : 0x1
Label: Null
Interface
Token: Invalid
: InLoop0
176
Table 40 Command output
Field
Description
Destination count
Total number of destination addresses.
FIB entry count
Total number of IPv6 FIB entries.
Destination
Destination address.
Prefix length
Prefix length of the destination address.
Nexthop
Next hop.
Flags
Route flag:
•
U—Usable route.
•
G—Gateway route.
•
H—Host route.
•
B—Black hole route.
•
D—Dynamic route.
•
S—Static route.
•
R—Recursive route.
•
F—Fast re-route.
Time stamp
Time when the IPv6 FIB entry was generated.
Label
Inner MPLS label.
Interface
Outgoing interface.
Token
Label switched path index number.
display ipv6 icmp statistics
Use display ipv6 icmp statistics to display ICMPv6 packet statistics.
Syntax
Centralized devices:
display ipv6 icmp statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
This command displays statistics about received and sent ICMPv6 packets.
Examples
# Display ICMPv6 packet statistics.
<Sysname> display ipv6 icmp statistics
Input: bad code
checksum error
0
too short
0
0
bad length
0
177
path MTU changed
0
too big
destination unreachable
0
parameter problem
echo request
0
echo reply
neighbor solicit
0
neighbor advertisement
router solicit
0
router advertisement
redirect
output: parameter problem
0
echo request
0
unreachable admin
unreachable address
0
0
0
0
0
unreachable beyond scope 0
0
unreachable no port
0
time exceed transit
time exceed reassembly 0
ratelimited
0
unreachable no route
0
too big
0
router renumbering
0
echo reply
0
redirect
0
other errors
0
0
0
0
display ipv6 interface
Use display ipv6 interface to display IPv6 interface information.
Syntax
display ipv6 interface [ interface-type [ interface-number ] ] [ brief ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type: Interface type.
interface-number: Interface number.
brief: Displays brief information.
Usage guidelines
If you specify the brief keyword, this command displays brief information including physical status,
link-layer protocols, and IPv6 address.
If you do not specify the brief keyword, this command displays detailed information including IPv6
configuration and operating information, and IPv6 packet statistics.
If you do not specify an interface, this command displays IPv6 information about all interfaces.
If you specify only the interface-type argument, this command displays IPv6 information about the
interfaces of the specified type.
If you specify both the interface-type and the interface-number arguments, this command displays
IPv6 information about the specified interface.
Examples
# Display IPv6 information about VLAN-interface 2.
<Sysname> display ipv6 interface vlan-interface 2
Vlan-interface2 current state: UP
Line protocol current state: UP
IPv6 is enabled, link-local address is FE80::1234:56FF:FE65:4322 [TENTATIVE]
178
Global unicast address(es):
10::1234:56FF:FE65:4322, subnet is 10::/64 [TENTATIVE] [AUTOCFG]
[valid lifetime 4641s/preferred lifetime 4637s]
20::1234:56ff:fe65:4322, subnet is 20::/64 [TENTATIVE] [EUI-64]
30::1, subnet is 30::/64 [TENTATIVE] [ANYCAST]
40::2, subnet is 40::/64 [TENTATIVE] [DHCP]
50::3, subnet is 50::/64 [TENTATIVE]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF65:4322
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
IPv6 Packet statistics:
InReceives:
0
InTooShorts:
0
InTruncatedPkts:
0
InHopLimitExceeds:
0
InBadHeaders:
0
InBadOptions:
0
ReasmReqds:
0
ReasmOKs:
0
InFragDrops:
0
InFragTimeouts:
0
OutFragFails:
0
InUnknownProtos:
0
InDelivers:
0
OutRequests:
0
OutForwDatagrams:
0
InNoRoutes:
0
InTooBigErrors:
0
OutFragOKs:
0
OutFragCreates:
0
InMcastPkts:
0
InMcastNotMembers:
0
OutMcastPkts:
0
InAddrErrors:
0
InDiscards:
0
OutDiscards:
0
179
Table 41 Command output
Field
Description
Vlan-interface2 current state
Physical state of the interface:
•
Administratively DOWN—The VLAN interface has been
administratively shut down by using the shutdown command.
•
DOWN—The VLAN interface is administratively up but its physical
state is down because all ports in the VLAN are down.
•
UP—The administrative and physical states of the VLAN interface
are both up.
Line protocol current state
Link layer protocol state of the interface:
•
DOWN—The link layer protocol state of the VLAN interface is down.
•
UP—The link layer protocol state of the VLAN interface is up.
IPv6 is enabled
IPv6 is enabled on the interface. This function is automatically enabled
after an IPv6 address is configured for an interface.
link-local address
Link-local address of the interface.
Global unicast addresses of the interface.
Global unicast address(es)
IPv6 address states:
•
TENTATIVE—Initial state. DAD is being performed or is to be
performed on the address.
•
DUPLICATE—The address is not unique on the link.
•
PREFERRED—The address is preferred and can be used as the
source or destination address of a packet. If an address is in this
state, the command does not display the address state.
•
DEPRECATED—The address is beyond the preferred lifetime but in
the valid lifetime. It is valid, but it cannot be used as the source
address for a new connection. Packets destined to the address are
processed correctly.
If a global unicast address is not manually configured, the following
indicates how the address is obtained:
•
AUTOCFG—Stateless autoconfigured.
•
DHCP—Assigned by a DHCPv6 server.
•
EUI-64—Manually configured EUI-64 IPv6 address.
•
RANDOM—Random address automatically generated.
If the address is a manually configured anycast address, ANYCAST is
marked.
valid lifetime
Specifies how long autoconfigured global unicast addresses using a prefix
are valid.
preferred lifetime
Specifies how long autoconfigured global unicast addresses using a prefix
are preferred.
Joined group address(es)
Addresses of multicast groups that the interface has joined.
MTU
Maximum transmission unit (MTU) of the interface.
ND DAD is enabled, number of
DAD attempts
DAD is enabled.
•
If DAD is enabled, this field displays the number of attempts to send a
NS message for DAD (set by using the ipv6 nd dad attempts
command).
•
If DAD is disabled, this field displays ND DAD is disabled. To disable
DAD, set the number of attempts to 0.
ND reachable time
Time during which a neighboring device is reachable.
ND retransmit interval
Interval for retransmitting an NS message.
180
Field
Description
Hosts use stateless autoconfig
for addresses
Hosts obtained IPv6 addresses through stateless autoconfiguration.
InReceives
All IPv6 packets received by the interface, including error packets.
InTooShorts
Received IPv6 packets that are too short, with a length less than 40 bytes,
for example.
InTruncatedPkts
Received IPv6 packets with a length less than that specified in the
packets.
InHopLimitExceeds
Received IPv6 packets with a hop count exceeding the limit.
InBadHeaders
Received IPv6 packets with incorrect basic headers.
InBadOptions
Received IPv6 packets with incorrect extension headers.
ReasmReqds
Received IPv6 fragments.
ReasmOKs
Number of reassembled packets rather than the number of fragments.
InFragDrops
IPv6 fragments that are discarded because of certain errors.
InFragTimeouts
IPv6 fragments that are discarded because the amount of time they stayed
in the system buffer exceeded the specified interval.
OutFragFails
Packets that failed to be fragmented on the output interface.
InUnknownProtos
Received IPv6 packets with unknown or unsupported protocol type.
InDelivers
Received IPv6 packets that are delivered to application layer protocols
(such as ICMPv6, TCP, and UDP).
OutRequests
Local IPv6 packets sent by IPv6 application protocols.
OutForwDatagrams
Packets forwarded by the output interface.
InNoRoutes
Received IPv6 packets that are discarded because no matched route can
be found.
InTooBigErrors
Received IPv6 packets that are discarded because they exceeded the
Path MTU.
OutFragOKs
Fragmented packets on the output interface.
OutFragCreates
Number of fragmented packets on the output interface.
InMcastPkts
Received IPv6 multicast packets on the interface.
InMcastNotMembers
IPv6 multicast packets that are discarded because the interface did not
join in the corresponding multicast group.
OutMcastPkts
IPv6 multicast packets sent by the interface.
InAddrErrors
IPv6 packets that are discarded due to invalid destination addresses.
InDiscards
IPv6 packets that are discarded due to resource problems rather than
packet content errors.
OutDiscards
IPv6 packets that fail to be sent due to resource problems rather than
packet errors.
# Display brief IPv6 information about all interfaces.
<Sysname> display ipv6 interface brief
*down: administratively down
(s): spoofing
Interface
Physical Protocol IPv6 Address
Vlan-interface1
down
181
down
Unassigned
Vlan-interface2
up
up
2001::1
Vlan-interface100
up
up
Unassigned
Table 42 Command output
Field
Description
*down:
down
administratively
The interface has been administratively shut down by using the shutdown
command.
Spoofing attribute of the interface.
(s): spoofing
The link protocol state of the interface is up, but the link is temporarily
established on demand or does not exist.
Interface
Name of the interface.
Physical
Physical state of the interface:
•
*down—The interface has been shut down by using the shutdown
command.
•
down—The interface is up but its physical state is down because all ports
in the VLAN are down.
•
up—The administrative and physical states of the interface are both up.
Protocol
Link layer protocol state of the interface:
•
down—The network layer protocol state of the interface is down.
•
up—The network layer protocol state of the interface is up.
IPv6 Address
IPv6 address of the interface.
•
If at least one global unicast address is configured, this field displays the
lowest address.
•
If no global unicast address is configured, this field displays the link-local
address.
•
If no address is configured, this field displays Unassigned.
display ipv6 interface prefix
Use display ipv6 interface prefix to display IPv6 prefix information for an interface.
Syntax
display ipv6 interface interface-type interface-number prefix
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Examples
# Display IPv6 prefix information for VLAN-interface 10.
<Sysname> display ipv6 interface vlan-interface10 prefix
Prefix: 1001::/65
Age:
Origin: ADDRESS
-
Flag:
Lifetime(Valid/Preferred): 2592000/604800
182
AL
Prefix: 2001::/64
Age:
Origin: STATIC
-
Flag:
L
Lifetime(Valid/Preferred): 3000/2000
Prefix: 3001::/64
Age:
Origin: RA
600
Flag:
A
Lifetime(Valid/Preferred): -
Table 43 Command output
Filed
Description
Prefix
IPv6 address prefix.
Origin
How the prefix is generated:
•
STATIC—Manually configured by using the ipv6 nd ra prefix command.
•
RA—Advertised in RA messages after stateless autoconfiguration is enabled.
•
ADDRESS—Generated by a manually configured address.
Age
Aging time in seconds. If the prefix does not age out, this field displays a hyphen (-).
Flag
Flags advertised in RA messages. If no flags are available, this field displays a hyphen
(-).
•
L—The address with the prefix is directly reachable on the link.
•
A—The prefix is used for stateless autoconfiguration.
Lifetime
Lifetime in seconds advertised in RA messages. If the prefix does not need to be
advertised, this field displays a hyphen (-).
•
Valid—Valid lifetime of the prefix.
•
Preferred—Preferred lifetime of the prefix.
Related commands
ipv6 nd ra prefix
display ipv6 nd snooping
Use display ipv6 nd snooping to display IPv6 ND snooping entries.
Syntax
display ipv6 nd snooping [ [ [ vlan vlan-id | interface interface-type interface-number ] [ global |
link-local ] ] | ipv6-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan vlan-id: Displays ND snooping entries for the specified VLAN. The value range for the VLAN ID
is 1 to 4094.
interface interface-type interface-number: Displays ND snooping entries for the specified interface.
The interface-type interface-number argument specifies an interface by its type and number.
ipv6-address: Displays the ND snooping entry for the specified IPv6 address.
183
global: Displays ND snooping entries for global unicast addresses.
link-local: Displays ND snooping entries for link-local addresses.
verbose: Displays detailed information about ND snooping entries. If you do not specify the
keyword, this command displays brief information about ND snooping entries.
Usage guidelines
This command is available in Release 1121 and later.
Examples
# Display IPv6 ND snooping entries for VLAN 1.
<Sysname> display ipv6 nd snooping vlan 1
IPv6 address
MAC address
VID
Interface
1::2
0000-1234-0c01
1
GE1/0/2
Status
Age
VALID
57
# Display detailed information about IPv6 ND snooping entries for VLAN 1.
<Sysname> display ipv6 nd snooping vlan 1 verbose
IPv6 address: 1::2
MAC address: 0000-1234-0c01
Interface: GE0/0/2
First VLAN ID: 1
Status: VALID
Second VLAN ID: N/A
Age: 57
Table 44 Command output
Filed
Description
IPv6 address
IPv6 address in the ND snooping entry.
MAC address
MAC address in the ND snooping entry.
VID
ID of the VLAN to which the ND snooping entry belongs.
First VLAN ID
ID of the SVLAN to which the ND snooping entry belongs.
Second VLAN ID
ID of the CVLAN to which the ND snooping entry belongs. If no CVLAN is configured,
this field displays N/A. For more information about the SVLAN and CVLAN, see Layer
2–LAN Switching Configuration Guide.
Interface
Input interface in the ND snooping entry.
Status
Status of the ND snooping entry:
•
TENTATIVE—The entry is ineffective.
•
VALID—The entry is effective.
•
TESTING TPLT—The entry is being tested by DAD. The device performs DAD for
the entry in the following situations:

The entry ages out

An ND trusted interface in the VLAN receives an ND message from the IPv6
address in the entry.
•
TESTING VP—The entry is being tested by DAD. The device performs DAD when
an ND untrusted interface in the VLAN receives an ND message from the IPv6
address in the entry.
Age
ND snooping entry aging time in seconds.
display ipv6 nd snooping count
Use display ipv6 nd snooping count to display the number of IPv6 ND snooping entries.
184
Syntax
display ipv6 nd snooping count [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, this command displays the total number of ND snooping entries.
Usage guidelines
This command is available in Release 1121 and later.
Examples
# Display the total number of IPv6 ND snooping entries.
<Sysname> display ipv6 nd snooping count
Total number of entries: 5
# Display the total number of IPv6 ND snooping entries on GigabitEthernet 1/0/1.
<Sysname> display ipv6 nd snooping count interface gigabitethernet 1/0/1
Total number of entries on interface: 2
display ipv6 neighbors
Use display ipv6 neighbors to display IPv6 neighbor information.
Syntax
display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface
interface-type interface-number | vlan vlan-id } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv6-address: Specifies the IPv6 address of a neighbor whose information is displayed.
all: Displays information about all neighbors, including neighbors acquired dynamically and
configured statically on the public network and all private networks.
dynamic: Displays information about all neighbors acquired dynamically.
static: Displays information about all neighbors configured statically.
slot slot-number: Specifies an IRF member device by its member ID.
interface interface-type interface-number: Specifies an interface by its type and name.
vlan vlan-id: Specifies a VLAN by its ID. The value range for VLAN ID is 1 to 4094.
verbose: Displays detailed neighbor information.
185
Usage guidelines
You can use the reset ipv6 neighbors command to clear IPv6 neighbor information.
Examples
# Display all neighbor information.
<Sysname> display ipv6 neighbors all
Type: S-Static
D-Dynamic
IPv6 address
O-Openflow
Link layer
2::2
VID
I-Invalid
Interface
0cda-415e-2332 N/A
FE80::EDA:41FF:FE5E:2332
0cda-415e-2332 N/A
State T
M-GE0/0/0
M-GE0/0/0
Age
STALE D
STALE D
572
562
# Display detailed information about all neighbors.
<Sysname> display ipv6 neighbors all verbose
Type: S-Static
D-Dynamic
O-Openflow
I-Invalid
IPv6 Address: 2::2
Link Layer
State
: 0cda-415e-2332
: STALE
VID : N/A
Type: D
Interface: M-GE0/0/0
Age
: 677
Vpn-instance: [No Vrf]
IPv6 Address: FE80::EDA:41FF:FE5E:2332
Link Layer
State
: 0cda-415e-2332
: STALE
VID : N/A
Type: D
Interface: M-GE0/0/0
Age
: 667
Vpn-instance: [No Vrf]
Table 45 Command output
Field
Description
IPv6 Address
IPv6 address of a neighbor.
Link Layer
Link layer address (MAC address) of a neighbor.
VID
VLAN to which the interface connected with a neighbor belongs.
Interface
Interface connected with a neighbor.
State
State of a neighbor:
•
INCMP—The address is being resolved. The link layer address of the neighbor is
unknown.
•
REACH—The neighbor is reachable.
•
STALE—Whether the neighbor is reachable is unknown. The device does not verify
the reachability any longer unless data is sent to the neighbor.
•
DELAY—Whether the neighbor is reachable is unknown. The device sends an NS
message after a delay.
•
PROBE—Whether the neighbor is reachable is unknown. The device sends an NS
message to verify the reachability of the neighbor.
Type
Neighbor information type:
•
S—Statically configured.
•
D—Dynamically obtained.
•
O—Learned from the OpenFlow module.
•
I—Invalid.
A hyphen (-) indicates a static entry.
Age
For a dynamic entry, this field displays the elapsed time in seconds. If the neighbor is
never reachable, this field displays a pound sign (#).
Vpn-instance
Name of a VPN or [No Vrf] with no VPN configured.
186
Related commands
•
ipv6 neighbor
•
reset ipv6 neighbors
display ipv6 neighbors count
Use display ipv6 neighbors count to display the number of neighbor entries.
Syntax
display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type
interface-number | vlan vlan-id } count
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays the total number of all neighbor entries, including neighbor entries created dynamically
and configured statically.
dynamic: Displays the total number of neighbor entries created dynamically.
static: Displays the total number of neighbor entries configured statically.
slot slot-number: Specifies an IRF member device by its member ID.
interface interface-type interface-number: Specifies an interface by its type and name.
vlan vlan-id: Specifies a VLAN by its ID. The value range for VLAN ID is 1 to 4094.
Examples
# Display the total number of neighbor entries created dynamically.
<Sysname> display ipv6 neighbors dynamic count
Total number of dynamic entries: 2
display ipv6 neighbors vpn-instance
Use display ipv6 neighbors vpn-instance to display neighbor information about a VPN.
Syntax
display ipv6 neighbors vpn-instance vpn-instance-name [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to
31 characters. The VPN must already exist.
count: Displays the total number of neighbor entries in the specified VPN.
187
Examples
# Display neighbor information about the VPN instance vpn1.
<Sysname> display ipv6 neighbors vpn-instance vpn1
Type: S-Static
IPv6 Address
D-Dynamic
Link Layer
FE80::200:5EFF:FE32:B800
0000-5e32-b800
O-Openflow
VID
N/A
I-Invalid
Interface
M-GE0/0/0
State T
Age
REACH IS -
Table 46 Command output
Field
Description
IPv6 Address
IPv6 address of a neighbor.
Link-layer
Link layer address (MAC address) of a neighbor.
VID
VLAN to which the interface connected with a neighbor belongs.
Interface
Interface connected with a neighbor.
State
Neighbor state:
•
INCMP—The address is being resolved. The link layer address of the neighbor is
unknown.
•
REACH—The neighbor is reachable.
•
STALE—Whether the neighbor is reachable is unknown. The device does not verify
the reachability any longer unless data is sent to the neighbor.
•
DELAY—Whether the neighbor is reachable is unknown. The device sends an NS
message after a delay.
•
PROBE—Whether the neighbor is reachable is unknown. The device sends an NS
message to verify the reachability of the neighbor.
T
Neighbor information type:
•
S—Statically configured.
•
D—Dynamically obtained.
•
O—Learned from the OpenFlow module.
•
I—Invalid.
A hyphen (-) indicates a static entry.
Age
For a dynamic entry, this field displays the elapsed time in seconds. If the neighbor is
never reachable, this field displays a pound sign (#).
display ipv6 pathmtu
Use the display ipv6 pathmtu command to display IPv6 Path MTU information.
Syntax
display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | { all | dynamic | static }
[ count ] }
Views
Any view
Predefined user roles
network-admin
network-operator
188
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays
IPv6 Path MTU information about the public network.
ipv6-address: Specifies the destination IPv6 address for which the Path MTU information is to be
displayed.
all: Displays all Path MTU information for the public network.
dynamic: Displays all dynamic Path MTU information.
static: Displays all static Path MTU information.
count: Displays the total number of Path MTU entries.
Usage guidelines
Use display ipv6 pathmtu to display the IPv6 Path MTU information, including the dynamic Path
MTUs and the static Path MTUs.
Examples
# Display all Path MTU information.
<Sysname> display ipv6 pathmtu all
IPv6 destination address
PathMTU
1:2::3:2
1800
1:2::4:2
1:2::5:2
Age
Type
-
Static
1400
10
Dynamic
1280
10
Dynamic
# Displays the total number of Path MTU entries.
<Sysname> display ipv6 pathmtu all count
Total number of entries: 3
Table 47 Command output
Field
Description
PathMTU
Path MTU value on the network path to an IPv6 address.
Age
Time for a Path MTU to live. For a static Path MTU, this field displays a
hyphen (-).
Type
Indicates that the Path MTU is dynamically negotiated or statically
configured.
Total number of entries
Total number of Path MTU entries.
Related commands
•
ipv6 pathmtu
•
reset ipv6 pathmtu
display ipv6 prefix
Use display ipv6 prefix to display information about dynamic and static IPv6 prefixes.
Syntax
display ipv6 prefix [ prefix-number ]
Views
Any view
189
Predefined user roles
network-admin
network-operator
Parameters
prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024. If this argument is not
specified, the command displays information about all IPv6 prefixes.
Usage guidelines
A static IPv6 prefix is configured by using the ipv6 prefix command.
A dynamic IPv6 prefix is obtained from the DHCPv6 server, and its prefix ID is configured by using
the ipv6 dhcp client pd command.
Examples
# Display information about all IPv6 prefixes.
<Sysname> display ipv6 prefix
Number
Prefix
1
1::/16
2
11:77::/32
Type
Static
Dynamic
# Display information about the IPv6 prefix with prefix ID 1.
<Sysname> display ipv6 prefix 1
Number: 1
Type
: Dynamic
Prefix: ABCD:77D8::/32
Preferred lifetime 90 sec, valid lifetime 120 sec
Table 48 Command output
Field
Description
Number
Prefix ID.
Type
Prefix type:
•
Static—Static IPv6 prefix.
•
Dynamic—Dynamic IPv6 prefix.
Prefix
Prefix and its length. If no prefix is obtained, this field displays Not-available.
Preferred lifetime 90 sec
Preferred lifetime in seconds. For a static IPv6 prefix, this field is not displayed.
valid lifetime 120 sec
Valid lifetime in seconds. For a static IPv6 prefix, this field is not displayed.
Related commands
•
ipv6 dhcp client pd (Layer 3—IP Services Command Reference)
•
ipv6 prefix
display ipv6 rawip
Use display ipv6 rawip to display brief information about IPv6 RawIP connections.
Syntax
display ipv6 rawip [ slot slot-number ]
Views
Any view
190
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Brief information about IPv6 RawIP connections includes the local and peer IPv6 addresses,
protocol number, and PCB.
Examples
# Display brief information about IPv6 RawIP connections.
<Sysname> display ipv6 rawip
Local Addr
Foreign Addr
Protocol
Slot
PCB
2001:2002:2003:2
3001:3002:3003:3
58
1
0x0000000000000009
004:2005:2006:20
004:3005:3006:30
07:2008
2002::100
::
07:3008
2002::138
58
::
1
58
0x0000000000000008
1
0x0000000000000002
Table 49 Command output
Field
Description
Local Addr
Local IPv6 address.
Foreign Addr
Peer IPv6 address.
Protocol
Protocol number.
Slot
ID of the IRF member device.
PCB
PCB index.
display ipv6 rawip verbose
Use display ipv6 rawip verbose to display detailed information about IPv6 RawIP connections.
Syntax
display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pcb pcb-index: Specifies a PCB by its index in the range of 1 to 16.
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Detailed information about an IPv6 RawIP connection includes socket's creator, state, option, type,
and protocol number, and source and destination IPv6 addresses of the connection.
191
Examples
# Display detailed information about an IPv6 RawIP connection.
<Sysname> display ipv6 rawip verbose
Total RawIP socket number: 1
Slot: 6
Creator: ping ipv6[320]
State: N/A
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 9216 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A
Type: 3
Protocol: 58
Connection info: src = ::, dst = ::
Inpcb flags: N/A
Inpcb vflag: INP_IPV6
Hop limit: 255 (minimum hop limit: 0)
Send VRF: 0xffff
Receive VRF: 0xffff
Table 50 Command output
Field
Description
Total RawIP socket number
Total number of IPv6 RawIP sockets.
Slot
ID of the IRF member device.
Creator
Task name of the socket. The process number is in the square brackets.
State
Socket state.
Options
Socket options.
Receiving
buffer(cc/hiwat/lowat/state)
Displays receive buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Sending
buffer(cc/hiwat/lowat/state)
Displays send buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
192
Field
Description
Type
Socket type:
•
1—SOCK_STREAM. This socket uses TCP to provide reliable
transmission of byte streams.
•
2—SOCK_DGRAM. This socket uses UDP to provide datagram
transmission.
•
3—SOCK_RAW. This socket allows an application to change the next
upper-layer protocol header.
•
N/A—None of the above types.
Protocol
Number of protocol using the socket. 58 represents ICMP.
Connection info
Connection information, including the source and destination IPv6
addresses.
Inpcb flags
Flags in the Internet PCB:
•
INP_RECVOPTS—Receives IPv6 options.
•
INP_RECVRETOPTS—Receives replied IPv6 options.
•
INP_RECVDSTADDR—Receives destination IPv6 address.
•
INP_HDRINCL—Provides the entire IPv6 header.
•
INP_REUSEADDR—Reuses the IPv6 address.
•
INP_REUSEPORT—Reuses the port number.
•
INP_ANONPORT—Port number not specified.
•
INP_PROTOCOL_PACKET—Identifies a protocol packet.
•
INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP
and RawIP support this flag.
•
IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack.
•
IN6P_PKTINFO—Receives the source IPv6 address and input
interface of the packet.
•
IN6P_HOPLIMIT—Receives the hop limit.
•
IN6P_HOPOPTS—Receives the hop-by-hop options extension
header.
•
IN6P_DSTOPTS—Receives the destination options extension header.
•
IN6P_RTHDR—Receives the routing extension header.
•
IN6P_RTHDRDSTOPTS—Receives the destination options extension
header preceding the routing extension header.
•
IN6P_TCLASS—Receives the traffic class of the packet.
•
IN6P_AUTOFLOWLABEL—Attaches a flow label automatically.
•
IN6P_RFC2292—Uses the API specified in RFC 2292.
•
IN6P_MTU—Discovers differences in the MTU size of every link along
a given data path. TCP does not support this flag.
•
INP_RCVMACADDR—Receives the MAC address of the frame.
•
INP_USEICMPSRC—Uses the specified IPv6 address as the source
IPv6 address for outgoing ICMP packets.
•
INP_SYNCPCB—Waits until Internet PCB is synchronized.
•
N/A—None of the above flags.
193
Field
Description
Inpcb vflag
IP version flag in the Internet PCB:
•
INP_IPV4—IPv4 protocol.
•
INP_IPV6—IPv6 protocol.
•
INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol.
•
INP_TIMEWAIT—In TIMEWAIT state.
•
INP_ONESBCAST—Sends broadcast packets.
•
INP_DROPPED—Protocol dropped flag.
•
INP_SOCKREF—Strong socket reference.
•
INP_DONTBLOCK—Do not block synchronization of the Internet PCB.
•
N/A—None of the above flags.
Hop limit(minimum hop limit)
Hop limit in the Internet PCB. The minimum number of hops is displayed in
the parentheses.
Send VRF
Sent instances.
Receive VRF
Received instances.
display ipv6 statistics
Use display ipv6 statistics to display IPv6 and ICMPv6 packet statistics.
Syntax
display ipv6 statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
This command displays statistics about received and sent IPv6 and ICMPv6 packets.
Use the reset ipv6 statistics command to clear the statistics of all IPv6 and ICMPv6 packets.
If the slot slot-number option is not specified, this command displays IPv6 and ICMPv6 packet
statistics on all IRF member devices.
Examples
# Display IPv6 and ICMPv6 packet statistics.
<Sysname> display ipv6 statistics
IPv6 statistics:
Sent packets:
Total:
0
Sent locally:
0
Forwarded:
0
Raw packets:
0
Discarded:
0
Fragments:
0
Fragments failed:
Routing failed:
0
194
0
Received packets:
Total:
0
Received locally:
Fragments:
0
Hop limit exceeded:
0
Reassembly failures:
Format errors:
Protocol errors:
0
Reassembled:
0
Reassembly timeout:
0
0
0
Option errors:
0
0
ICMPv6 statistics:
Sent packets:
Total:
0
Unreachable:
0
Hop limit exceeded:
0
Parameter problems:
0
Echo requests:
Too big:
0
Reassembly timeouts: 0
0
Echo replies:
0
Neighbor solicits:
0
Neighbor adverts:
Router solicits:
0
Router adverts:
0
0
Other errors:
0
0
Too short:
Redirects:
0
0
Send failed:
Rate limitation:
Received packets:
Total:
0
Checksum errors:
Bad codes:
0
Unreachable:
0
0
Too big:
0
Hop limit exceeded:
0
Reassembly timeouts:
0
Parameter problems:
0
Unknown error types:
0
Echo requests:
Neighbor solicits:
Router solicits:
0
0
Neighbor adverts:
0
Redirects:
Unknown info types:
Echo replies:
Router adverts:
0
Router renumbering:
0
0
0
0
0
Deliver failed:
Bad length:
0
Related commands
reset ipv6 statistics
display ipv6 tcp
Use display ipv6 tcp to display brief information about IPv6 TCP connections.
Syntax
display ipv6 tcp [ slot slot-number ]
Views
Any view
195
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Brief information about IPv6 TCP connections includes the local IPv6 address and port number, peer
IPv6 address and port number, and TCP connection state.
Examples
# Display brief information about IPv6 TCP connections.
<Sysname> display ipv6 tcp
*: TCP MD5 Connection
LAddr->port
FAddr->port
*2001:2002:2003:2
3001:3002:3003:3
004:2005:2006:20
004:3005:3006:30
State
Slot
ESTABLISHED 1
07:2008->1200
07:3008->1200
2001::1->23
2001::5->1284
ESTABLISHED 1
2003::1->25
2001::2->1283
LISTEN
PCB
0x000000000000c387
0x0000000000000008
1
0x0000000000000009
Table 51 Command output
Field
Description
*
Indicates the TCP connection uses MD5 authentication.
LAddr->port
Local IPv6 address and port number.
FAddr->port
Peer IPv6 address and port number.
State
TCP connection state:
•
CLOSED—The server receives a disconnection request's reply from the client.
•
LISTEN—The server is waiting for connection requests.
•
SYN_SENT—The client is waiting for the server to reply to the connection
request.
•
SYN_RCVD—The server receives a connection request.
•
ESTABLISHED—The server and client have established connections and can
transmit data bidirectionally.
•
CLOSE_WAIT—The server receives a disconnection request from the client.
•
FIN_WAIT_1—The client is waiting for the server to reply to a disconnection
request.
•
CLOSING—The server and client are waiting for peer's disconnection reply
when receiving disconnection requests from each other.
•
LAST_ACK—The server is waiting for the client to reply to a disconnection
request.
•
FIN_WAIT_2—The client receives a disconnection reply from the server.
•
TIME_WAIT—The client receives a disconnection request from the server.
Slot
ID of the IRF member device.
PCB
PCB index.
196
display ipv6 tcp verbose
Use display ipv6 tcp verbose to display detailed information about IPv6 TCP connections.
Syntax
display ipv6 tcp verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pcb pcb-index: Specifies a PCB by its index in the range of 1 to 16.
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Detailed information about an IPv6 TCP connection includes socket's creator, state, option, type,
protocol number, source IPv6 address and port number, destination IPv6 address and port number,
and the connection state.
Examples
# Display detailed information about an IPv6 TCP connection.
<Sysname> display ipv6 tcp verbose
TCP inpcb number: 1(tcpcb number: 1)
Slot: 6
Creator: telnetd_mips[199]
State: ISCONNECTED
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 65536 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 65536 / 512 / N/A
Type: 1
Protocol: 6
Connection info: src = 2001::1->23 ,
dst = 2001::2->4181
Inpcb flags: N/A
Inpcb vflag: INP_IPV6
Hop limit: 255 (minimum hop limit: 0)
Connection state: ESTABLISHED
Send VRF: 0x0
Receive VRF: 0x0
Table 52 Command output
Field
Description
TCP inpcb number
Number of IPv6 TCP Internet PCBs.
tcpcb number
Number of IPv6 TCP PCBs (excluding PCBs of TCP in TIME_WAIT state).
Slot
ID of the IRF member device.
197
Field
Description
Creator
Task name of the socket. The process number is in the square brackets.
State
Socket state.
Options
Socket options.
Error
Error code.
Receiving
buffer(cc/hiwat/lowat/state)
Displays receive buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Sending
buffer(cc/hiwat/lowat/state)
Displays send buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Type
Socket type:
•
1—SOCK_STREAM. This socket uses TCP to provide reliable
transmission of byte streams.
•
2—SOCK_DGRAM. This socket uses UDP to provide datagram
transmission.
•
3—SOCK_RAW. This socket allows an application to change the next
upper-layer protocol header.
•
N/A—None of the above types.
Protocol
Number of the protocol using the socket. 6 represents TCP.
Connection info
Connection information, including source IPv6 address and port number,
and destination IPv6 address and port number.
198
Field
Description
Inpcb flags
Flags in the Internet PCB:
•
INP_RECVOPTS—Receives IPv6 options.
•
INP_RECVRETOPTS—Receives replied IPv6 options.
•
INP_RECVDSTADDR—Receives destination IPv6 address.
•
INP_HDRINCL—Provides the entire IPv6 header.
•
INP_REUSEADDR—Reuses the IPv6 address.
•
INP_REUSEPORT—Reuses the port number.
•
INP_ANONPORT—Port number not specified.
•
INP_PROTOCOL_PACKET—Identifies a protocol packet.
•
INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP
and RawIP support this flag.
•
IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack.
•
IN6P_PKTINFO—Receives the source IPv6 address and input
interface of the packet.
•
IN6P_HOPLIMIT—Receives the hop limit.
•
IN6P_HOPOPTS—Receives the hop-by-hop options extension
header.
•
IN6P_DSTOPTS—Receives the destination options extension header.
•
IN6P_RTHDR—Receives the routing extension header.
•
IN6P_RTHDRDSTOPTS—Receives the destination options extension
header preceding the routing extension header.
•
IN6P_TCLASS—Receives the traffic class of the packet.
•
IN6P_AUTOFLOWLABEL—Attaches a flow label automatically.
•
IN6P_RFC2292—Uses the API specified in RFC 2292.
•
IN6P_MTU—Discovers differences in the MTU size of every link along
a given data path. TCP does not support this flag.
•
INP_RCVMACADDR—Receives the MAC address of the frame.
•
INP_SYNCPCB—Waits until Internet PCB is synchronized.
•
N/A—None of the above flags.
Inpcb vflag
IP version flags in the Internet PCB:
•
INP_IPV4—IPv4 protocol.
•
INP_IPV6—IPv6 protocol.
•
INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol.
•
INP_TIMEWAIT—In TIMEWAIT state.
•
INP_ONESBCAST—Sends broadcast packets.
•
INP_DROPPED—Protocol dropped flag.
•
INP_SOCKREF—Strong socket reference.
•
INP_DONTBLOCK—Do not block synchronization of the Internet PCB.
•
N/A—None of the above flags.
Hop limit(minimum hop limit)
Hop limit in the Internet PCB. The minimum number of hops is in the
parentheses.
199
Field
Description
Connection state
TCP connection state:
•
CLOSED—The server receives a disconnection request's reply from
the client.
•
LISTEN—The server is waiting for connection requests.
•
SYN_SENT—The client is waiting for the server to reply to the
connection request.
•
SYN_RCVD—The server receives a connection request.
•
ESTABLISHED—The server and client have established connections
and can transmit data bidirectionally.
•
CLOSE_WAIT—The server receives a disconnection request from the
client.
•
FIN_WAIT_1—The client is waiting for the server to reply to a
disconnection request.
•
CLOSING—The server and client are waiting for peer's disconnection
reply when receiving disconnection requests from each other.
•
LAST_ACK—The server is waiting for the client to reply to a
disconnection request.
•
FIN_WAIT_2—The client receives a disconnection reply from the
server.
•
TIME_WAIT—The client receives a disconnection request from the
server.
Send VRF
Sent instances.
Receive VRF
Received instances.
display ipv6 udp
Use display ipv6 udp to display brief information about IPv6 UDP connections.
Syntax
display ipv6 udp [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Brief information about an IPv6 UDP connection includes local IPv6 address and port number, and
peer IPv6 address and port number.
Examples
# Displays brief information about IPv6 UDP connections.
<Sysname> display ipv6 udp
LAddr->port
FAddr->port
2001:2002:2003:2
3001:3002:3003:3
004:2005:2006:20
004:3005:3006:30
07:2008->1200
07:3008->1200
Slot
1
200
PCB
0x000000000000c387
2001::1->23
2001::5->1284
1
2003::1->25
2001::2->1283
1
0x0000000000000008
0x0000000000000009
Table 53 Command output
Field
Description
LAddr->port
Local IPv6 address and port number.
FAddr->port
Peer IPv6 address and port number.
Slot
ID of the IRF member device.
PCB
PCB index.
display ipv6 udp verbose
Use display ipv6 udp verbose to display detailed information about IPv6 UDP connections.
Syntax
display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pcb pcb-index: Specifies a PCB by its index in the range of 1 to 16.
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
Detailed information about an IPv6 UDP connection includes socket's creator, state, option, type,
protocol number, source IPv6 address and port number, destination IPv6 address and port number,
and the connection state.
Examples
# Display detailed information about an IPv6 UDP connection.
<Sysname> display ipv6 udp verbose
Total UDP socket number: 1
Slot: 6
Creator: sock_test_mips[250]
State: N/A
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A
Type: 2
Protocol: 17
Connection info: src = ::->69, dst = ::->0
Inpcb flags: N/A
201
Inpcb vflag: INP_IPV6
Hop limit: 255 (minimum hop limit: 0)
Send VRF: 0xffff
Receive VRF: 0xffff
Table 54 Command output
Field
Description
Total UDP socket number
Total number of IPv6 UDP sockets.
Slot
ID of the IRF member device.
Creator
Task name of the socket. The progress number is in the square brackets.
State
Socket state.
Options
Socket options.
Error
Error code.
Receiving
buffer(cc/hiwat/lowat/state)
Displays receive buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Sending
buffer(cc/hiwat/lowat/state)
Displays send buffer information in the following order:
•
cc—Used space.
•
hiwat—Maximum space.
•
lowat—Minimum space.
•
state—Buffer state:

CANTSENDMORE—Unable to send data to the peer.

CANTRCVMORE—Unable to receive data from the peer.

RCVATMARK—Receiving tag.

N/A—None of the above states.
Type
Socket type:
•
1—SOCK_STREAM. This socket uses TCP to provide reliable
transmission of byte streams.
•
2—SOCK_DGRAM. This socket uses UDP to provide datagram
transmission.
•
3—SOCK_RAW. This socket allows an application to change the
next upper-layer protocol header.
•
N/A—None of the above types.
Protocol
Number of the protocol using the socket. 17 represents UDP.
Connection info
Connection information, including source IPv6 address and port number,
and destination IPv6 address and port number.
202
Field
Description
Inpcb flags
Flags in the Internet PCB:
•
INP_RECVOPTS—Receives IPv6 options.
•
INP_RECVRETOPTS—Receives replied IPv6 options.
•
INP_RECVDSTADDR—Receives destination IPv6 address.
•
INP_HDRINCL—Provides the entire IPv6 header.
•
INP_REUSEADDR—Reuses the IPv6 address.
•
INP_REUSEPORT—Reuses the port number.
•
INP_ANONPORT—Port number not specified.
•
INP_PROTOCOL_PACKET—Identifies a protocol packet.
•
INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP
and RawIP support this flag.
•
IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack.
•
IN6P_PKTINFO—Receives the source IPv6 address and input
interface of the packet.
•
IN6P_HOPLIMIT—Receives the hop limit.
•
IN6P_HOPOPTS—Receives the hop-by-hop options extension
header.
•
IN6P_DSTOPTS—Receives the destination options extension
header.
•
IN6P_RTHDR—Receives the routing extension header.
•
IN6P_RTHDRDSTOPTS—Receives
the destination
options
extension header preceding the routing extension header.
•
IN6P_TCLASS—Receives the traffic class of the packet.
•
IN6P_AUTOFLOWLABEL—Attaches a flow label automatically.
•
IN6P_RFC2292—Uses the API specified in RFC 2292.
•
IN6P_MTU—Discovers differences in the MTU size of every link
along a given data path. TCP does not support this flag.
•
INP_RCVMACADDR—Receives the MAC address of the frame.
•
INP_SYNCPCB—Waits until Internet PCB is synchronized.
•
N/A—None of the above flags.
Inpcb vflag
IP version flags in the Internet PCB:
•
INP_IPV4—IPv4 protocol.
•
INP_IPV6—IPv6 protocol.
•
INP_IPV6PROTO—Creates an Internet PCB based on IPv6
protocol.
•
INP_TIMEWAIT—In TIMEWAIT state.
•
INP_ONESBCAST—Sends broadcast packets.
•
INP_DROPPED—Protocol dropped flag.
•
INP_SOCKREF—Strong socket reference.
•
INP_DONTBLOCK—Do not block synchronization of the Internet
PCB.
•
N/A—None of the above flags.
Hop limit(minimum hop limit)
Hop limit in the Internet PCB. The minimum number of hops is in the
parentheses.
Send VRF
Sent instances.
Receive VRF
Received instances.
ipv6 address
Use ipv6 address to configure an IPv6 global unicast address for an interface.
203
Use undo ipv6 address to remove an IPv6 global unicast address of the interface.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ]
Default
No IPv6 global unicast address is configured for an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 address.
prefix-length: Specifies a prefix length in the range of 1 to 128.
Usage guidelines
Like public IPv4 addresses, IPv6 global unicast addresses are assigned to ISPs. This type of
address allows for prefix aggregation to reduce the number of global routing entries.
If you do not specify any parameters, the undo ipv6 address command removes all IPv6 addresses
of an interface.
Examples
# Set the IPv6 global unicast address of VLAN-interface 100 to 2001::1 with prefix length 64.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1/64
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1 64
ipv6 address anycast
Use ipv6 address anycast to configure an IPv6 anycast address for an interface.
Use undo ipv6 address anycast to remove the IPv6 anycast address of the interface.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast
undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast
Default
No IPv6 anycast address is configured for an interface.
Views
Interface view
204
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 anycast address.
prefix-length: Specifies a prefix length in the range of 1 to 128.
Examples
# Set the IPv6 anycast address of VLAN-interface 100 to 2001::1 with prefix length 64.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1/64 anycast
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1 64 anycast
ipv6 address auto
Use ipv6 address auto to enable the stateless address autoconfiguration function on an interface,
so that the interface can automatically generate a global unicast address.
Use undo ipv6 address auto to disable this function.
Syntax
ipv6 address auto
undo ipv6 address auto
Default
The stateless address autoconfiguration function is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
After a global unicast address is generated through stateless autoconfiguration, a link-local address
is generated automatically.
To remove the global unicast address and the link-local address that are automatically generated,
use the undo ipv6 address auto command or the undo ipv6 address command.
Examples
# Enable stateless address autoconfiguration on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address auto
205
ipv6 address auto link-local
Use ipv6 address auto link-local to automatically generate a link-local address for an interface.
Use undo ipv6 address auto link-local to remove the automatically generated link-local address
for the interface.
Syntax
ipv6 address auto link-local
undo ipv6 address auto link-local
Default
No link-local address is configured on an interface. A link-local address is automatically generated
after an IPv6 global unicast address is configured for the interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Link-local addresses are used for neighbor discovery and stateless autoconfiguration on the local
link. Packets using link-local addresses as the source or destination addresses cannot be forwarded
to other links.
After an IPv6 global unicast address is configured for an interface, an automatically generated
link-local address is the same as the one generated by using the ipv6 address auto link-local
command.
Only use the undo ipv6 address auto link-local command to remove the link-local addresses
generated through the ipv6 address auto link-local command.
•
After the undo ipv6 address auto link-local command is used on an interface that has an IPv6
global unicast address configured, the interface still has a link-local address.
•
If the interface has no IPv6 global unicast address configured, it has no link-local address.
Manual assignment takes precedence over automatic generation.
•
If you first adopt automatic generation and then manual assignment, the manually assigned
link-local address overwrites the automatically generated address.
•
If you first use manual assignment and then automatic generation, both of the following occur:

The automatically generated link-local address does not take effect.

The link-local address of an interface is still the manually assigned address.
If you delete the manually assigned address, the automatically generated link-local address takes
effect.
For more information about manually assignment of an IPv6 link-local address, see the ipv6
address link-local command.
Examples
# Configure VLAN-interface 100 to automatically generate a link-local address.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address auto link-local
Related commands
ipv6 address link-local
206
ipv6 address eui-64
Use ipv6 address eui-64 to configure an EUI-64 IPv6 address for an interface.
Use undo ipv6 address eui-64 to remove the EUI-64 IPv6 address of the interface.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64
undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ] eui-64
Default
No EUI-64 IPv6 address is configured for an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address/prefix-length: Specifies an IPv6 address and IPv6 prefix length. The ipv6-address and
prefix-length arguments jointly specify the prefix of an EUI-64 IPv6 address. The value range for the
prefix-length argument is 1 to 64.
Usage guidelines
An EUI-64 IPv6 address is generated based on the specified prefix and the automatically generated
interface identifier. To display the EUI-64 IPv6 address, use the display ipv6 interface command.
The prefix length of an EUI-64 IPv6 address cannot be greater than 64.
Examples
# Configure an EUI-64 IPv6 address for VLAN-interface 100. The prefix of the address is the same
as that of 2001::1/64, and the interface ID is generated based on the MAC address of the device.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1/64 eui-64
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1 64 eui-64
Related commands
display ipv6 interface
ipv6 address link-local
Use ipv6 address link-local to configure a link-local address for the interface.
Use undo ipv6 address link-local to remove the link-local address of the interface.
Syntax
ipv6 address ipv6-address link-local
undo ipv6 address ipv6-address link-local
207
Default
No link-local address is configured for the interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: IPv6 link-local address. The first 10 bits of an address must be 1111111010 (binary).
The first group of hexadecimals in the address must be FE80 to FEBF.
Usage guidelines
Manual assignment takes precedence over automatic generation.
If you adopt automatic generation, and then use manual assignment, the manually assigned
link-local address overwrites the one that is automatically generated.
If you adopt manual assignment and then use automatic generation, both of the following occur:
•
The automatically generated link-local address does not take effect.
•
The manually assigned link-local address of an interface remains.
After you delete the manually assigned address, the automatically generated link-local address
takes effect. For automatic generation of an IPv6 link-local address, see the ipv6 address auto
link-local command.
Examples
# Configure a link-local address for VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address fe80::1 link-local
Related commands
ipv6 address auto link-local
ipv6 hop-limit
Use ipv6 hop-limit to set the Hop Limit field in the IPv6 header.
Use undo ipv6 hop-limit to restore the default.
Syntax
ipv6 hop-limit value
undo ipv6 hop-limit
Default
The hop limit is 64.
Views
System view
Predefined user roles
network-admin
208
Parameters
Value: Specifies the number of hops, in the range of 1 to 255.
Usage guidelines
The hop limit determines the number of hops that an IPv6 packet generated by the device can travel.
If the device advertises the hop limit in RA messages (set by using the undo ipv6 nd ra hop-limit
unspecified command), all RA message receivers use the value set by using the ipv6 hop-limit
command to fill in the Hop Limit field.
Examples
# Set the maximum number of hops to 100.
<Sysname> system-view
[Sysname] ipv6 hop-limit 100
Related commands
ipv6 nd ra hop-limit unspecified
ipv6 hoplimit-expires enable
Use ipv6 hoplimit-expires enable to enable sending ICMPv6 Time Exceeded messages.
Use undo ipv6 hoplimit-expires to disable sending ICMPv6 Time Exceeded messages.
Syntax
ipv6 hoplimit-expires enable
undo ipv6 hoplimit-expires enable
Default
Sending ICMPv6 Time Exceeded messages is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
ICMPv6 Time Exceeded messages are sent to the source of IPv6 packets after the device discards
IPv6 packets because hop or reassembly times out.
To prevent too many ICMPv6 error messages from affecting device performance, disable this
function. Even with the function disabled, the device still sends Fragment Reassembly Time
Exceeded messages.
Examples
# Disable sending ICMPv6 Time Exceeded messages.
<Sysname> system-view
[Sysname] undo ipv6 hoplimit-expires enable
ipv6 icmpv6 error-interval
Use ipv6 icmpv6 error-interval to set the bucket size and the interval for tokens to arrive in the
bucket for ICMPv6 error messages.
Use undo ipv6 icmpv6 error-interval to restore the default.
209
Syntax
ipv6 icmpv6 error-interval milliseconds [ bucketsize ]
undo ipv6 icmpv6 error-interval
Default
The bucket allows a maximum of 10 tokens, and tokens are placed in the bucket at the interval of 100
milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
milliseconds: Specifies the interval for tokens to arrive in the bucket. The value range is 0 to
2147483647 milliseconds, and the default is 100 milliseconds. To disable the ICMPv6 rate limit, set
the value to 0.
bucketsize: Specifies the maximum number of tokens allowed in the bucket. The value range is 1 to
200, and the default is 10.
Usage guidelines
To avoid sending excessive ICMPv6 error messages within a short period that might cause network
congestion, you can use the command to limit the rate at which ICMPv6 error messages are sent. A
token bucket algorithm is used with one token representing one ICMPv6 error message.
Tokens are placed in the bucket at intervals until the maximum number of tokens that the bucket can
hold is reached.
Tokens are removed from the bucket when ICMPv6 error messages are sent. When the bucket is
empty, ICMPv6 error messages are not sent until a new token is placed in the bucket.
Examples
# Configure an interval of 200 milliseconds and bucket size of 40 tokens for ICMPv6 error messages.
<Sysname> system-view
[Sysname] ipv6 icmpv6 error-interval 200 40
ipv6 icmpv6 multicast-echo-reply enable
Use ipv6 icmpv6 multicast-echo-reply enable to enable replying to multicast echo requests.
Use undo ipv6 icmpv6 multicast-echo-reply to disable replying to multicast echo requests.
Syntax
ipv6 icmpv6 multicast-echo-reply enable
undo ipv6 icmpv6 multicast-echo-reply enable
Default
The device is disabled from replying to multicast echo requests.
Views
System view
Predefined user roles
network-admin
210
Usage guidelines
If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to
attack the host. For example, if Host A (an attacker) sends an echo request to a multicast address
with Host B as the source, all hosts in the multicast group send echo replies to Host B.
To prevent attacks, do not enable the device to reply to multicast echo requests unless necessary.
Examples
# Enable replying to multicast echo requests.
<Sysname> system-view
[Sysname] ipv6 icmpv6 multicast-echo-reply enable
ipv6 icmpv6 source
Use ipv6 icmpv6 source to specify an IPv6 address as the source address for outgoing ICMPv6
packets.
Use undo ipv6 icmpv6 source to restore the default.
Syntax
ipv6 icmpv6 source [ vpn-instance vpn-instance-name ] ipv6-address
undo ipv6 icmpv6 source [ vpn-instance vpn-instance-name ]
Default
The device uses the IPv6 address of the sending interface as the source IPv6 address for outgoing
ICMPv6 packets.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies the VPN instance to which the specified address
belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The
specified VPN instance must already exist. If the specified IPv6 address is on the public network, do
not use this option.
ipv6-address: Specifies an IPv6 address.
Usage guidelines
It is a good practice to specify the IPv6 address of the loopback interface as the source IPv6 address
for outgoing ping echo request and ICMPv6 error messages. This feature helps users to easily locate
the sending device.
Examples
# Specify IPv6 address 1::1 as the source address for outgoing ICMPv6 packets.
<Sysname> system-view
[Sysname] ipv6 icmpv6 source 1::1
ipv6 mtu
Use ipv6 mtu to configure the MTU of IPv6 packets sent over an interface.
Use undo ipv6 mtu to restore the default MTU.
211
Syntax
ipv6 mtu mtu-size
undo ipv6 mtu
Default
No MTU is configured for an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
mtu-size: Specifies the size of the MTUs of an interface in bytes.
•
In Release 1111, the value range is 1280 to 10240.
•
In Release 1121 and later, the value range is 1280 to 1500.
Usage guidelines
IPv6 routers do not support packet fragmentation. After an IPv6 router receives an IPv6 packet, if the
packet size is greater than the MTU of the forwarding interface, the router discards the packet.
Meanwhile, the router sends the MTU to the source host through an ICMPv6 packet — Packet Too
Big message. The source host fragments the packet according to the MTU and resends it. To reduce
the extra flow overhead resulting from packet drops, configure an appropriate interface MTU for your
network.
Examples
# Set the MTU of IPv6 packets sent over VLAN-interface 100 to 1280 bytes.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 mtu 1280
ipv6 nd autoconfig managed-address-flag
Use ipv6 nd autoconfig managed-address-flag to set the managed address configuration flag (M)
to 1 in RA advertisements to be sent.
Use undo ipv6 nd autoconfig managed-address-flag to restore the default.
Syntax
ipv6 nd autoconfig managed-address-flag
undo ipv6 nd autoconfig managed-address-flag
Default
The M flag is set to 0 in RA advertisements. Hosts receiving the advertisements will obtain IPv6
addresses through stateless autoconfiguration.
Views
Interface view
Predefined user roles
network-admin
212
Usage guidelines
The M flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration
to obtain IPv6 addresses.
•
If the M flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for
example, from an DHCPv6 server) to obtain IPv6 addresses.
•
If the M flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration.
Stateless autoconfiguration generates IPv6 addresses according to link-layer addresses and
the prefix information in the RA advertisements.
Examples
# Set the M flag to 1 in RA advertisements to be sent.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
Use ipv6 nd autoconfig other-flag to set the other stateful configuration flag (O) to 1 in RA
advertisements to be sent.
Use undo ipv6 nd autoconfig other-flag to restore the default.
Syntax
ipv6 nd autoconfig other-flag
undo ipv6 nd autoconfig other-flag
Default
The O flag is set to 0 in RA advertisements. Hosts receiving the advertisements will acquire other
information through stateless autoconfiguration.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The O flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration
to obtain configuration information other than IPv6 addresses.
•
If the O flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for
example, from a DHCPv6 server) to obtain configuration information other than IPv6
addresses.
•
If the O flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration to
obtain configuration information other than IPv6 addresses.
Examples
# Set the O flag to 0 in RA advertisements to be sent.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] undo ipv6 nd autoconfig other-flag
213
ipv6 nd dad attempts
Use ipv6 nd dad attempts to configure the number of attempts to send an NS message for DAD.
Use undo ipv6 nd dad attempts to restore the default.
Syntax
ipv6 nd dad attempts value
undo ipv6 nd dad attempts
Default
The number of attempts to send an NS message for DAD is 1.
Views
Interface view
Predefined user roles
network-admin
Parameters
value: Specifies the number of attempts to send an NS message for DAD, in the range of 0 to 600. If
it is set to 0, DAD is disabled.
Usage guidelines
An interface sends an NS message for DAD after obtaining an IPv6 address.
If the interface does not receive a response within the time specified by using the ipv6 nd ns
retrans-timer command, it resends an NS message.
If the interface still does not receive a response after the number of attempts reaches the threshold
(set by the ipv6 nd dad attempts command), the obtained address is considered usable.
Examples
# Set the number of attempts to send an NS message for DAD to 20.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd dad attempts 20
Related commands
•
display ipv6 interface
•
ipv6 nd ns retrans-timer
ipv6 nd ns retrans-timer
Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message.
Use undo ipv6 nd ns retrans-timer to restore the default.
Syntax
ipv6 nd ns retrans-timer value
undo ipv6 nd ns retrans-timer
Default
The local interface sends NS messages at an interval of 1000 milliseconds, and the Retrans Timer
field in the RA messages sent is 0. The interval for retransmitting an NS message is determined by
the receiving device.
214
Views
Interface view
Predefined user roles
network-admin
Parameters
value: Specifies the interval for retransmitting an NS message, in the range of 1000 to 4294967295
milliseconds.
Usage guidelines
If a device does not receive a response from the peer within the specified interval, the device
re-sends an NS message.
The value specified by this command serves as the interval for the local interface to retransmit an NS
message. It also serves as the value in the Retrans Timer field in RA messages sent by the local
interface.
Examples
# Specify VLAN-interface 100 to retransmit NS messages at an interval of 10000 milliseconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ns retrans-timer 10000
Related commands
display ipv6 interface
ipv6 nd nud reachable-time
Use ipv6 nd nud reachable-time to set the neighbor reachable time on an interface.
Use undo ipv6 nd nud reachable-time to restore the default.
Syntax
ipv6 nd nud reachable-time value
undo ipv6 nd nud reachable-time
Default
The neighbor reachable time on the local interface is 30000 milliseconds, and the value of the
Reachable Time field in RA messages is 0. The reachable time is determined by the receiving
device.
Views
Interface view
Predefined user roles
network-admin
Parameters
value: Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds.
Usage guidelines
If the neighbor reachability detection shows that a neighbor is reachable, the device considers the
neighbor reachable within the specified reachable time. If the device must send a packet to the
neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is
reachable.
215
The value specified by this command serves as the neighbor reachable time on the local interface. It
also serves as the value in the Reachable Time field in RA messages sent by the local interface.
Examples
# Set the neighbor reachable time on VLAN-interface 100 to 10000 milliseconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd nud reachable-time 10000
Related commands
display ipv6 interface
ipv6 nd ra halt
Use ipv6 nd ra halt to suppress an interface from advertising RA message.
Use undo ipv6 nd ra halt to disable this function.
Syntax
ipv6 nd ra halt
undo ipv6 nd ra halt
Default
An interface is suppressed from sending RA messages.
Views
Interface view
Predefined user roles
network-admin
Examples
# Disable RA message suppression on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] undo ipv6 nd ra halt
ipv6 nd ra hop-limit unspecified
Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages.
Use undo ipv6 nd ra hop-limit unspecified to restore the default.
Syntax
ipv6 nd ra hop-limit unspecified
undo ipv6 nd ra hop-limit unspecified
Default
The maximum number of hops in the RA messages is limited to 64.
Views
Interface view
Predefined user roles
network-admin
216
Usage guidelines
To set the maximum number of hops to a value rather than the default setting, use the ipv6 hop-limit
command.
Examples
# Specify unlimited hops in the RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ipv6 nd ra hop-limit unspecified
Related commands
ipv6 hop-limit
ipv6 nd ra interval
Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages.
Use undo ipv6 nd ra interval to restore the default.
Syntax
ipv6 nd ra interval max-interval-value min-interval-value
undo ipv6 nd ra interval
Default
The maximum interval between RA messages is 600 seconds, and the minimum interval is 200
seconds.
Views
Interface view
Predefined user roles
network-admin
Parameters
max-interval-value: Specifies the maximum interval for advertising RA messages in seconds, in the
range of 4 to 1800.
min-interval-value: Specifies the minimum interval for advertising RA messages, in the range of 3
seconds to three-fourths of the maximum interval.
Usage guidelines
The device advertises RA messages at intervals of a random value between the maximum interval
and the minimum interval.
The maximum interval for sending RA messages should be less than or equal to the router lifetime in
RA messages.
Examples
# Set the maximum interval for advertising RA messages to 1000 seconds and the minimum interval
to 700 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra interval 1000 700
Related commands
ipv6 nd ra router-lifetime
217
ipv6 nd ra no-advlinkmtu
Use ipv6 nd ra no-advlinkmtu to turn off the MTU option in RA messages.
Use undo ipv6 nd ra no-advlinkmtu to restore the default.
Syntax
ipv6 nd ra no-advlinkmtu
undo ipv6 nd ra no-advlinkmtu
Default
RA messages contain the MTU option.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The MTU option in the RA messages specifies the link MTU to make sure that all the nodes on the
link use the same MTU.
Examples
# Turn off the MTU option in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra no-advlinkmtu
ipv6 nd ra prefix
Use ipv6 nd ra prefix to configure the prefix information in RA messages.
Use undo ipv6 nd ra prefix to remove the prefix information from RA messages.
Syntax
ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } valid-lifetime
preferred-lifetime [ no-autoconfig | off-link ] *
undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length }
Default
No prefix information is configured for RA messages. Instead, the IPv6 address of the interface
sending RA messages is used as the prefix information.
If the IPv6 address is manually configured, the prefix uses the fixed valid lifetime 2592000 seconds
(30 days) and preferred lifetime 604800 seconds (7 days).
If the IPv6 address is automatically obtained (through DHCP, for example), the prefix uses the valid
and preferred lifetime of the IPv6 address.
Views
Interface view
Predefined user roles
network-admin
218
Parameters
ipv6-prefix: Specifies the IPv6 prefix.
prefix-length: Specifies the prefix length of the IPv6 address.
valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds.
preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in
the range of 0 to 4294967295 seconds. The preferred lifetime cannot be greater than the valid
lifetime.
no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify
this keyword, the prefix is used for stateless autoconfiguration.
off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not
specify this keyword, the address with the prefix is directly reachable on the link.
Usage guidelines
After hosts on the same link receive RA messages, they can use the prefix information in the RA
messages for stateless autoconfiguration.
Examples
# Configure the prefix information in RA messages on VLAN-interface 100.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100/64 100 10
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100 64 100 10
ipv6 nd ra router-lifetime
Use ipv6 nd ra router-lifetime to configure the router lifetime in RA messages.
Use undo ipv6 nd ra router-lifetime to restore the default.
Syntax
ipv6 nd ra router-lifetime value
undo ipv6 nd ra router-lifetime
Default
The router lifetime in RA messages is 1800 seconds.
Views
Interface view
Predefined user roles
network-admin
Parameters
value: Specifies the router lifetime in the range of 0 to 9000 seconds. If the value is set to 0, the router
does not serve as the default router.
219
Usage guidelines
The router lifetime in RA messages specifies how long the router sending the RA messages serves
as the default router. Hosts receiving the RA messages check this value to determine whether using
the sending router as the default router. If router lifetime is 0, the router cannot be used as the default
router.
The router lifetime in RA messages must be greater than or equal to the advertising interval.
Examples
# Set the router lifetime in RA messages on VLAN-interface 100 to 1000 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra router-lifetime 1000
Related commands
ipv6 nd ra interval
ipv6 nd snooping enable global
Use ipv6 nd snooping enable global to enable ND snooping for global unicast addresses.
Use undo ipv6 nd snooping enable global to disable ND snooping for global unicast addresses.
Syntax
ipv6 nd snooping enable global
undo ipv6 nd snooping enable global
Default
ND snooping is disabled for global unicast addresses.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
This command is available in Release 1121 and later.
Examples
# Enable ND snooping for global unicast addresses.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
Use ipv6 nd snooping enable link-local to enable ND snooping for link-local addresses.
Use undo ipv6 nd snooping enable link-local to disable ND snooping for link-local addresses.
Syntax
ipv6 nd snooping enable link-local
undo ipv6 nd snooping enable link-local
220
Default
ND snooping is disabled for link-local addresses.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
This command is available in Release 1121 and later.
Examples
# Enable ND snooping for link-local addresses.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping enable link-local
ipv6 nd snooping glean source
Use ipv6 nd snooping glean source to enable ND snooping for data packets from unknown
sources.
Use undo ipv6 nd snooping glean source to disable ND snooping for data packets from unknown
sources.
Syntax
ipv6 nd snooping glean source
undo ipv6 nd snooping glean source
Default
ND snooping is disabled for data packets from unknown sources.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
This command is available in Release 1121 and later.
This command enables the device to learn ND snooping entries from data packets originated by
unknown sources.
For this command to take effect, execute the ipv6 nd snooping enable global command or the
ipv6 nd snooping enable link-local command.
Before enabling ND snooping entries learning from data packets for a VLAN, you must configure
IPv6 source guard on all untrusted interfaces in the same VLAN. This operation ensures correct
forwarding of the data packets received all these interfaces.
Examples
# Enable ND snooping for data packets from unknown sources.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping glean source
221
ipv6 nd snooping max-learning-num
Use ipv6 nd snooping max-learning-num to set the maximum number of ND snooping entries that
an interface can learn.
Use undo ipv6 nd snooping max-learning-num to restore the default.
Syntax
ipv6 nd snooping max-learning-num max-number
undo ipv6 nd snooping max-learning-num
Default
The maximum number of ND snooping entries that an interface can learn is 8192.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of ND snooping entries that an interface can learn.
The value range for the maximum number is 1 to 8192.
Usage guidelines
This command is available in Release 1121 and later.
Examples
# Allow GigabitEthernet 1/0/1 to learn a maximum of 64 ND snooping entries.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 nd snooping max-learning-num 64
ipv6 nd router-preference
Use ipv6 nd router-preference to set a router preference in RA messages.
Use undo ipv6 nd router-preference to restore the default.
Syntax
ipv6 nd router-preference { high | low | medium }
undo ipv6 nd router-preference
Default
The router preference is medium.
Views
Interface view
Predefined user roles
network-admin
Parameters
high: Sets the router preference to the highest setting.
222
low: Sets the router preference to the lowest setting.
medium: Sets the router preference to the medium setting.
Usage guidelines
A hosts selects a router with the highest preference as the default router.
When router preferences are the same in RA messages, a host selects the router corresponding to
the first received RA message as the default gateway.
Examples
# Set the router preference in RA messages to the highest on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd router-preference high
ipv6 neighbor
Use ipv6 neighbor to configure a static neighbor entry.
Use undo ipv6 neighbor to remove a static neighbor entry.
Syntax
ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type
interface-number } [ vpn-instance vpn-instance-name ]
undo ipv6 neighbor ipv6-address interface-type interface-number
Default
No static neighbor entry is configured.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address of the static neighbor entry.
mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of
H-H-H.
vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094.
port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number.
interface interface-type interface-number: Specifies a Layer 3 interface of the static neighbor entry
by its type and number.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the static neighbor
entry belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If
the static neighbor entry is for the public network, do not specify this option.
Usage guidelines
The IPv6 address of a neighboring node can be resolved into a link-layer address in either of the
following ways:
•
Dynamically through NS and NA messages.
•
Through a manually configured static neighbor entry.
223
The device uniquely identifies a static neighbor entry by the neighbor's IPv6 address and the local
Layer 3 interface number. You can configure a static neighbor entry by using either of the following
methods:
•
Method 1—Associate a neighbor IPv6 address and link-layer address with the Layer 3
interface of the local node.
•
Method 2—Associate a neighbor IPv6 address and link-layer address with a port in a VLAN
containing the local node.
You can use either of the previous configuration methods to configure a static neighbor entry for a
VLAN interface.
•
If Method 1 is used, the neighbor entry is in INCMP state. After the device obtains the
corresponding Layer 2 port information, the neighbor entry goes into REACH state.
•
If Method 2 is used, the corresponding VLAN interface must already exist and the port specified
by port-type port-number must belong to the VLAN specified by vlan-id. After the static neighbor
entry is configured, the device associates the VLAN interface with the IPv6 address to uniquely
identify the static neighbor entry and the entry will be in REACH state.
To remove a static neighbor entry for a VLAN interface, specify only the corresponding VLAN
interface.
Examples
# Configure a static neighbor entry for VLAN-interface 1.
<Sysname> system-view
[Sysname] ipv6 neighbor 1::1 1-1-1 interface Vlan-interface 1
Related commands
•
display ipv6 neighbors
•
reset ipv6 neighbors
ipv6 neighbor link-local minimize
Use ipv6 neighbor link-local minimize to minimize link-local ND entries.
Use undo ipv6 neighbor link-local minimize to restore the default.
Syntax
ipv6 neighbor link-local minimize
undo ipv6 neighbor link-local minimize
Default
All ND entries are assigned to the driver.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries
refer to ND entries comprising link-local addresses.
By default, the device assigns all ND entries to the driver. With this feature enabled, the device does
not add newly learned link-local ND entries whose link local addresses are not the next hop of any
route to the driver. This saves driver resources.
This feature affects only newly learned link-local ND entries rather than existing ND entries.
224
Examples
# Minimize link-local ND entries.
<Sysname> system-view
[Sysname] ipv6 neighbor link-local minimize
ipv6 neighbor stale-aging
Use ipv6 neighbor stale-aging to set the age timer for ND entries in stale state.
Use undo ipv6 neighbor stale-aging to restore the default.
Syntax
ipv6 neighbor stale-aging aging-time
undo ipv6 neighbor stale-aging
Default
The age timer for ND entries in stale state is 240 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the age timer for ND entries in stale state, in the range of 1 to 1440 minutes.
Usage guidelines
ND entries in stale state have an age timer. If an ND entry in stale state is not refreshed before the
timer expires, it moves to the delay state. If it is still not refreshed in 5 seconds, the ND entry moves
to the probe state, and the device sends an NS message for detection a maximum of three times. If
no response is received, the device deletes the ND entry.
Examples
# Set the age timer for ND entries in stale state to 120 minutes.
<Sysname> system-view
[Sysname] ipv6 neighbor stale-aging 120
ipv6 neighbors max-learning-num
Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries
that an interface can learn. This prevents the interface from occupying too many neighbor table
resources.
Use undo ipv6 neighbors max-learning-num to restore the default.
Syntax
ipv6 neighbors max-learning-num number
undo ipv6 neighbors max-learning-num
Default
In Release 1111, an interface can learn a maximum of 8192 dynamic neighbor entries.
225
In Release 1121 and later, the maximum number of dynamic neighbor entries that an interface can
learn depends on the device ND table capacity set by using the switch-mode command. For more
information about the switch-mode command , see Fundamentals Command Reference.
Views
Layer 2/Layer 3 interface view
Layer 2/Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of dynamic neighbor entries that an interface can learn.
•
In Release 1111, the value range is 1 to 8192.
•
In Release 1121 and later, the value range is 1 to N. The value for N depends on the ND table
capacity.
Usage guidelines
The device can dynamically acquire the link-layer address of a neighboring node through NS and NA
messages and add it into the neighbor table.
When the number of dynamic neighbor entries reaches the threshold, the interface stops learning
neighbor information.
Examples
# Set the maximum number of dynamic neighbor entries that VLAN-interface 100 can learn to 10.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 neighbors max-learning-num 10
ipv6 option drop enable
Use ipv6 option drop enable to enable a device to discard IPv6 packets that contain extension
headers.
Use undo ipv6 option drop enable to disable a device from discarding IPv6 packets that contain
extension headers.
Syntax
ipv6 option drop enable
undo ipv6 option drop enable
Default
A device does not discard IPv6 packets that contain extension headers.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables a device to discard a received IPv6 packet in either of the following situations:
•
The packet contains a Hop-by-Hop Options header.
•
The packet contains two or more extension headers.
226
Examples
# Enable the device to discard IPv6 packets that contain extension headers.
<Sysname> system-view
[Sysname] ipv6 option drop enable
ipv6 pathmtu
Use ipv6 pathmtu to configure a static Path MTU for an IPv6 address.
Use undo ipv6 pathmtu to remove the Path MTU configuration for an IPv6 address.
Syntax
ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address value
undo ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address
Default
No static Path MTU is configured.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance that the Path MTU belongs
to. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the Path MTU
is for the public network, do not specify this option.
ipv6-address: IPv6 address.
value: Specifies the Path MTU of the specified IPv6 address, in the range of 1280 to 10240 bytes.
Usage guidelines
You can configure a static Path MTU for a destination IPv6 address. When a source host sends a
packet through an interface, it compares the interface MTU with the static Path MTU of the specified
destination IPv6 address. If the packet size is larger than the smaller one of the two values, the host
fragments the packet according to the smaller value.
Examples
# Configure a static Path MTU for an IPv6 address.
<Sysname> system-view
[Sysname] ipv6 pathmtu fe80::12 1300
Related commands
•
display ipv6 pathmtu
•
reset ipv6 pathmtu
ipv6 pathmtu age
Use ipv6 pathmtu age to configure the aging time for a dynamic Path MTU.
Use undo ipv6 pathmtu age to restore the default.
Syntax
ipv6 pathmtu age age-time
227
undo ipv6 pathmtu age
Default
The aging time for dynamic Path MTU is 10 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100.
Usage guidelines
After the path MTU from a source host to a destination host is dynamically determined, the source
host sends subsequent packets to the destination host based on this MTU. After the aging time
expires:
•
The dynamic Path MTU is removed.
•
The source host re-determines a dynamic path MTU through the Path MTU mechanism.
The aging time is invalid for a static Path MTU.
Examples
# Set the aging time for a dynamic Path MTU to 40 minutes.
<Sysname> system-view
[Sysname] ipv6 pathmtu age 40
Related commands
display ipv6 pathmtu
ipv6 prefer temporary-address
Use ipv6 prefer temporary-address to enable the system to preferentially use the temporary IPv6
address of the sending interface as the source address of a packet.
Use undo ipv6 prefer temporary-address to restore the default.
Syntax
ipv6 prefer temporary-address
undo ipv6 prefer temporary-address
Default
The system does not preferentially use the temporary IPv6 address of the sending interface as the
source address of a packet.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The temporary address function enables the system to generate and preferentially use the
temporary IPv6 address of the sending interface as the source address of a packet. If the temporary
IPv6 address cannot be used because of a DAD conflict, the system uses the public IPv6 address.
228
Examples
# Enable the system to preferentially use the temporary IPv6 address of the sending interface as the
source address of the packet.
<Sysname> system-view
[Sysname] ipv6 prefer temporary-address
Related commands
•
ipv6 address auto
•
ipv6 nd ra prefix
•
ipv6 temporary-address
ipv6 prefix
Use ipv6 prefix to configure a static IPv6 prefix.
Use undo ipv6 prefix to remove a static IPv6 prefix.
Syntax
ipv6 prefix prefix-number ipv6-prefix/prefix-length
undo ipv6 prefix prefix-number
Default
No static IPv6 prefix is configured on the device.
Views
System view
Predefined user roles
network-admin
Parameters
prefix-number: Specifies a prefix ID in the range of 1 to 1024.
ipv6-prefix/prefix-length: Specifies a prefix and its length. The value range for the prefix-length
argument is 1 to 128.
Usage guidelines
You cannot use the ipv6 prefix command to modify an existing static prefix.
Dynamic IPv6 prefixes obtained from DHCPv6 servers cannot be manually removed or modified.
A static IPv6 prefix can have the same prefix ID with a dynamic IPv6 prefix, but the static one takes
precedence over the dynamic one.
Examples
# Create static IPv6 prefix 2001:0410::/32 with prefix ID 1
<Sysname> system-view
[Sysname] ipv6 prefix 1 2001:0410::/32
Related commands
display ipv6 prefix
ipv6 redirects enable
Use ipv6 redirects enable to enable sending ICMPv6 redirect messages.
229
Use undo ipv6 redirects enable to disable sending ICMPv6 redirect messages.
Syntax
ipv6 redirects enable
undo ipv6 redirects enable
Default
Sending ICMPv6 redirect messages is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The default gateway sends an ICMPv6 redirect message to the source of an IPv6 packet to inform
the source of a better first hop.
Sending ICMPv6 redirect messages enables hosts that hold few routes to establish routing tables
and find the best route. Because this function adds host route into the routing tables, host
performance degrades when there are too many host routes. As a result, sending ICMPv6 redirect
messages is disabled by default.
Examples
# Enable sending ICMPv6 redirect messages.
<Sysname> system-view
[Sysname] ipv6 redirects enable
ipv6 temporary-address
Use ipv6 temporary-address to enable the system to generate a temporary IPv6 address.
Use undo ipv6 temporary-address to disable temporary IPv6 address generation and remove the
existing temporary addresses.
Syntax
ipv6 temporary-address [ valid-lifetime preferred-lifetime ]
undo ipv6 temporary-address
Default
The system does not generate any temporary IPv6 address.
Views
System view
Predefined user roles
network-admin
Parameters
valid-lifetime: Specifies the valid lifetime for temporary IPv6 addresses, in the range of 600 to
4294967295 seconds. The default valid lifetime is 604800 seconds (7 days). The valid lifetime must
be greater than or equal to the preferred lifetime.
preferred-lifetime: Specifies the preferred lifetime for temporary IPv6 addresses, in the range of 600
to 4294967295 seconds. The default preferred lifetime is 86400 seconds (1 day).
230
Usage guidelines
You must enable stateless autoconfiguration before configuring the temporary address function.
The stateless address autoconfiguration enables an interface to automatically generate an IPv6
global unicast address by using the address prefix in the received RA message and the interface ID.
On an IEEE 802 interface (such as an Ethernet interface or a VLAN interface), the interface ID is
generated based on the MAC address of the interface and is globally unique. An attacker can exploit
this rule to easily identify the sending device.
To fix the vulnerability, you can enable the temporary address function. With this function, an IEEE
802 interface generates the following addresses:
•
Public IPv6 address—Includes an address prefix in the RA message and a fixed interface ID
generated based on the MAC address of the interface.
•
Temporary IPv6 address—Includes an address prefix in the RA message and a random
interface ID generated through MD5.
When the valid lifetime of a temporary IPv6 address expires, the system removes the address and
generates a new one. This enables the system to send packets with different source addresses
through the same interface. The preferred lifetime and valid lifetime for a temporary IPv6 address are
determined as follows:
•
•
The preferred lifetime of a temporary IPv6 address takes the smaller of the following values:

The preferred lifetime of the address prefix in the RA message.

The preferred lifetime configured for temporary IPv6 addresses minus DESYNC_FACTOR
(a random number in the range of 0 to 600 seconds).
The valid lifetime of a temporary IPv6 address takes the smaller of the following values:

The valid lifetime of the address prefix.

The valid lifetime configured for temporary IPv6 addresses.
Examples
# Enable the system to generate a temporary IPv6 address.
<Sysname> system-view
[Sysname] ipv6 temporary-address
Related commands
•
ipv6 address auto
•
ipv6 nd ra prefix
•
ipv6 prefer temporary-address
ipv6 unreachables enable
Use ipv6 unreachables enable to enable sending ICMPv6 destination unreachable messages.
Use undo ipv6 unreachables to disable sending ICMPv6 destination unreachable messages.
Syntax
ipv6 unreachables enable
undo ipv6 unreachables enable
Default
Sending ICMPv6 destination unreachable messages is disabled.
Views
System view
231
Predefined user roles
network-admin
Usage guidelines
If the device fails to forward a received IPv6 packet because of a destination unreachable error, it
drops the packet and sends a corresponding ICMPv6 Destination Unreachable error message to the
source.
If the device is generating ICMPv6 destination unreachable messages incorrectly, disable sending
ICMPv6 destination unreachable messages to prevent attack risks.
Examples
# Enable sending ICMPv6 destination unreachable messages.
<Sysname> system-view
[Sysname] ipv6 unreachables enable
local-proxy-nd enable
Use local-proxy-nd enable to enable local ND proxy.
Use undo local-proxy-nd enable to restore the default.
Syntax
local-proxy-nd enable
undo local-proxy-nd enable
Default
Local ND proxy is disabled.
Views
VLAN interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
Examples
# Enable local ND proxy on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] local-proxy-nd enable
Related commands
proxy-nd enable
proxy-nd enable
Use proxy-nd enable to enable common ND proxy.
Use undo proxy-nd enable to restore the default.
Syntax
proxy-nd enable
undo proxy-nd enable
232
Default
Common ND proxy is disabled.
Views
VLAN interface view, Layer 3 Ethernet interface view
Predefined user roles
network-admin
Examples
# Enable common ND proxy on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] proxy-nd enable
Related commands
local-proxy-nd enable
reset ipv6 nd snooping
Use reset ipv6 nd snooping to clear ND snooping entries.
Syntax
reset ipv6 nd snooping { [ vlan vlan-id ] [ global | link-local ] | vlan vlan-id ipv6-address }
Views
User view
Predefined user roles
network-admin
Parameters
vlan vlan-id ipv6-address: Clears ND snooping entries for the specified IPv6 address. The value
range for the VLAN ID is 1 to 4094.
vlan vlan-id: Clears ND snooping entries for the specified VLAN. The value range for the VLAN ID is
1 to 4094.
global: Clears ND snooping entries for global unicast addresses.
link-local: Clears ND snooping entries for link-local addresses.
Usage guidelines
This command is available in Release 1121 and later.
Examples
# Clear all ND snooping entries.
<Sysname> reset ipv6 nd snooping
reset ipv6 neighbors
Use reset ipv6 neighbors to clear IPv6 neighbor information.
Syntax
reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number
| static }
233
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears static and dynamic neighbor information for all interfaces.
dynamic: Clears dynamic neighbor information for all interfaces.
interface interface-type interface-number: Specifies an interface by its type and name.
slot slot-number: Specifies an IRF member device by its member ID.
static: Clears static neighbor information for all interfaces.
Usage guidelines
You can use the display ipv6 neighbors command to display IPv6 neighbor information.
Examples
# Clear neighbor information for all interfaces.
<Sysname> reset ipv6 neighbors all
This will delete all the entries. Continue? [Y/N]:Y
# Clear dynamic neighbor information for all interfaces.
<Sysname> reset ipv6 neighbors dynamic
This will delete all the dynamic entries. Continue? [Y/N]:Y
Related commands
•
display ipv6 neighbors
•
ipv6 neighbor
reset ipv6 pathmtu
Use reset ipv6 pathmtu to clear the Path MTU information.
Syntax
reset ipv6 pathmtu { all | dynamic | static }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears all Path MTUs.
dynamic: Clears all dynamic Path MTUs.
static: Clears all static Path MTUs.
Examples
# Clear all Path MTUs.
<Sysname> reset ipv6 pathmtu all
234
Related commands
display ipv6 pathmtu
reset ipv6 statistics
Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics.
Syntax
Centralized devices:
reset ipv6 statistics [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify the slot
slot-number option, this command clears IPv6 and ICMPv6 packet statistics on all IRF member
devices.
Usage guidelines
You can use the display ipv6 statistics command to display the IPv6 and ICMPv6 packet statistics.
Examples
# Clear IPv6 and ICMPv6 packet statistics.
<Sysname> reset ipv6 statistics
Related commands
display ipv6 statistics
235
DHCPv6 commands
Common DHCPv6 commands
display ipv6 dhcp duid
Use display ipv6 dhcp duid to display the DUID of the local device.
Syntax
display ipv6 dhcp duid
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
A DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (DHCPv6 client, server, or
relay agent). A DHCPv6 device adds its DUID in a sent packet.
Examples
# Display the DUID of the local device.
<Sysname> display ipv6 dhcp duid
The DUID of this device: 0003-0001-00e0-fc00-5552.
ipv6 dhcp dscp
Use ipv6 dhcp dscp to set the DSCP value for the DHCPv6 packets sent by the DHCPv6 server or
the DHCPv6 relay agent.
Use undo ipv6 dhcp dscp to restore the default.
Syntax
ipv6 dhcp dscp dscp-value
undo ipv6 dhcp dscp
Default
The DSCP value in DHCPv6 packets is 56.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for DHCPv6 packets, in the range of 0 to 63.
236
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission
priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 server or the DHCPv6 relay
agent.
<Sysname> system-view
[Sysname] ipv6 dhcp dscp 30
ipv6 dhcp select
Use ipv6 dhcp select to enable the DHCPv6 server or DHCPv6 relay agent on an interface.
Use undo ipv6 dhcp select to restore the default.
Syntax
ipv6 dhcp select { relay | server }
undo ipv6 dhcp select
Default
An interface discards DHCPv6 packets from DHCPv6 clients.
Views
Interface view
Predefined user roles
network-admin
Parameters
relay: Enables the DHCPv6 relay agent on the interface.
server: Enables the DHCPv6 server on the interface.
Usage guidelines
Before changing the DHCPv6 server mode to the DHCPv6 relay agent mode on an interface, use the
following commands to remove IPv6 address/prefix bindings:
•
reset ipv6 dhcp server ip-in-use
•
reset ipv6 dhcp server pd-in-use
Examples
# Enable the DHCPv6 server on VLAN-interface 10.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ipv6 dhcp select server
# Enable the DHCPv6 relay agent on VLAN-interface 20.
<Sysname> system-view
[Sysname] interface vlan-interface 20
[Sysname-Vlan-interface20] ipv6 dhcp select relay
Related commands
•
display ipv6 dhcp relay server-address
•
display ipv6 dhcp server
237
DHCPv6 server commands
The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet
interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route
command (see Layer 2—LAN Switching Configuration Guide).
address range
Use address range to specify a non-temporary IPv6 address range in a DHCPv6 address pool for
dynamic allocation.
Use undo address range to remove the non-temporary IPv6 address range in the address pool.
Syntax
address range start-ipv6-address end-ipv6-address [ preferred-lifetime preferred-lifetime
valid-lifetime valid-lifetime ]
undo address range
Default
No non-temporary IPv6 address range is configured.
Views
DHCPv6 address pool view
Predefined user roles
network-admin
Parameters
start-ipv6-address: Specifies the start IPv6 address.
end-ipv6-address: Specifies the end IPv6 address.
preferred-lifetime preferred-lifetime: Specifies the preferred lifetime for the non-temporary IPv6
addresses. The value range is 60 to 4294967295 seconds, and the default is 604800 seconds (7
days).
valid-lifetime valid-lifetime: Specifies the valid lifetime for the non-temporary IPv6 addresses. The
value range is 60 to 4294967295 seconds, and the default is 2592000 seconds (30 days). The valid
lifetime cannot be shorter than the preferred lifetime.
Usage guidelines
If you do not specify a non-temporary IPv6 address range, all unicast addresses on the subnet
specified by the network command in address pool view are assignable. If you specify a
non-temporary IPv6 address range, only the IPv6 addresses in the specified IPv6 address range are
assignable.
You can specify only one non-temporary IPv6 address range in an address pool. If you use the
address range command multiple times, the most recent configuration takes effect.
The non-temporary IPv6 address range specified by the address range command must be on the
subnet specified by the network command.
Examples
# Configure a non-temporary IPv6
3ffe:501:ffff:100::31 in address pool 1.
address
range
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64
238
from
3ffe:501:ffff:100::10
through
[Sysname-dhcp6-pool-1] address range 3ffe:501:ffff:100::10 3ffe:501:ffff:100::31
Related commands
•
display ipv6 dhcp pool
•
network
•
temporary address range
display ipv6 dhcp pool
Use display ipv6 dhcp pool to display information about a DHCPv6 address pool.
Syntax
display ipv6 dhcp pool [ pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool-name: Displays information about the specified DHCPv6 address pool. The pool name is a
case-insensitive string of 1 to 63 characters. If you do not specify a DHCPv6 address pool, this
command displays information about all DHCPv6 address pools.
Examples
# Display information about DHCPv6 address pool 1.
<Sysname> display ipv6 dhcp pool 1
DHCPv6 pool: 1
Network: 3FFE:501:FFFF:100::/64
Preferred lifetime 604800, valid lifetime 2592000
Prefix pool: 1
Preferred lifetime 24000, valid lifetime 36000
Addresses:
Range: from 3FFE:501:FFFF:100::1
to 3FFE:501:FFFF:100::99
Preferred lifetime 70480, valid lifetime 200000
Total address number: 153
Available: 153
In-use: 0
Temporary addresses:
Range: from 3FFE:501:FFFF:100::200
to 3FFE:501:FFFF:100::210
Preferred lifetime 60480, valid lifetime 259200
Total address number: 17
Available: 17
In-use: 0
Static bindings:
DUID: 0003000100e0fc000001
IAID: 0000003f
239
Prefix: 3FFE:501:FFFF:200::/64
Preferred lifetime 604800, valid lifetime 2592000
DUID: 0003000100e0fc00cff1
IAID: 00000001
Address: 3FFE:501:FFFF:2001::1/64
Preferred lifetime 604800, valid lifetime 2592000
DNS server addresses:
2::2
Domain name:
aaa.com
SIP server addresses:
5::1
SIP server domain names:
bbb.com
Table 55 Command output
Field
Description
DHCPv6 pool
Name of the DHCPv6 address pool.
Network
IPv6 subnet for dynamic IPv6 address allocation.
Prefix pool
Prefix pool referenced by the address pool.
Preferred lifetime
Preferred lifetime in seconds.
valid lifetime
Valid lifetime in seconds.
Addresses
Non-temporary IPv6 address range.
Range
IPv6 address range for dynamic allocation.
Total address number
Total number of IPv6 addresses.
Available
Total number of available IPv6 addresses.
In-use
Total number of assigned IPv6 addresses.
Temporary addresses
Temporary IPv6 address range for dynamic allocation.
Static bindings
Static bindings configured in the address pool.
DUID
Client DUID.
IAID
Client IAID. If no IAID is configured, this field displays Not configured.
Prefix
IPv6 address prefix.
Address
Static IPv6 address.
DNS server addresses
DNS server address.
Domain name
Domain name.
SIP server addresses
SIP server address.
SIP server domain names
Domain name of the SIP server.
display ipv6 dhcp prefix-pool
Use display ipv6 dhcp prefix-pool to display information about a prefix pool.
240
Syntax
display ipv6 dhcp prefix-pool [ prefix-pool-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
prefix-pool-number: Displays detailed information about a prefix pool specified by its number in the
range of 1 to 128. If you do not specify a prefix pool, this command displays brief information about
all prefix pools.
Examples
# Display brief information about all prefix pools.
<Sysname> display ipv6 dhcp prefix-pool
Prefix-pool Prefix
Available In-use Static
1
64
5::/64
0
# Display detailed information about prefix pool 1.
<Sysname> display ipv6 dhcp prefix-pool 1
Prefix: 5::/64
Assigned length: 70
Total prefix number: 64
Available: 64
In-use: 0
Static: 0
Table 56 Command output
Field
Description
Prefix-pool
Prefix pool number.
Prefix
Prefix specified in the prefix pool.
Available
Number of available prefixes.
In-use
Number of assigned prefixes.
Static
Number of statically bound prefixes.
Assigned length
Length of assigned prefixes.
Total prefix number
Number of prefixes.
display ipv6 dhcp server
Use display ipv6 dhcp server to display DHCPv6 server configuration information.
Syntax
display ipv6 dhcp server [ interface interface-type interface-number ]
Views
Any view
241
0
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Displays DHCPv6 server configuration information for the
specified interface. If you do not specify an interface, this command displays DHCPv6 server
configuration information for all interfaces.
Examples
# Display DHCPv6 server configuration information for all interfaces.
<Sysname> display ipv6 dhcp server
Interface
Pool
Vlan-interface2
1
Vlan-interface3
global
# Display DHCPv6 server configuration information for the interface VLAN-interface 2.
<Sysname> display ipv6 dhcp server interface vlan-interface 2
Using pool: 1
Preference value: 0
Allow-hint: Enabled
Rapid-commit: Disabled
Table 57 Command output
Field
Description
Interface
Interface enabled with DHCPv6 server.
Address pool applied to the interface.
Pool
If no address pool is applied to the interface, global is displayed. The
DHCPv6 server selects a global address pool to assign a prefix, an
address, and other configuration parameters to a client.
Address pool applied to the interface.
Using pool
If no address pool is applied to the interface, global is displayed. The
DHCPv6 server selects a global address pool to assign a prefix, an
address, and other configuration parameters to a client.
Preference value
Server preference in the DHCPv6 Advertise message. The value range
is 0 to 255. The bigger the value is, the higher preference the server
has.
Allow-hint
Indicates whether desired address/prefix assignment is enabled.
Rapid-commit
Indicates whether rapid address/prefix assignment is enabled.
display ipv6 dhcp server conflict
Use display ipv6 dhcp server conflict to display information about IPv6 address conflicts.
Syntax
display ipv6 dhcp server conflict [ address ipv6-address ]
Views
Any view
242
Predefined user roles
network-admin
network-operator
Parameters
address ipv6-address: Displays conflict information for the specified IPv6 address. If you do not
specify an IPv6 address, this command displays information about all IPv6 address conflicts.
Usage guidelines
The DHCPv6 server creates IP address conflict information in the following conditions:
•
The DHCPv6 client sends a DECLINE packet to the DHCPv6 server to inform the server of an
IPv6 address conflict.
•
The DHCPv6 server discovers that the only assignable address in the address pool is its own
IPv6 address.
Examples
# Display information about all address conflicts.
<Sysname> display ipv6 dhcp server conflict
IPv6 address
Detect time
2001::1
Apr 25 16:57:20 2007
1::1:2
Apr 25 17:00:10 2007
Table 58 Command output
Field
Description
IPv6 address
Conflicted IPv6 address.
Detect time
Time when the conflict was discovered.
Related commands
reset ipv6 dhcp server conflict
display ipv6 dhcp server expired
Use display ipv6 dhcp server expired to display lease expiration information.
Syntax
display ipv6 dhcp server expired [ address ipv6-address | pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
address ipv6-address: Displays lease expiration information for the specified IPv6 address.
pool pool-name: Displays lease expiration information for the address pool specified by its name, a
case-insensitive string of 1 to 63 characters.
243
Usage guidelines
If you do not specify any parameters, this command displays lease expiration information for all IPv6
address pools.
DHCPv6 assigns the expired IPv6 addresses to DHCPv6 clients when all available addresses have
been assigned.
Examples
# Display all lease expiration information.
<Sysname> display ipv6 dhcp server expired
IPv6 address
DUID
Lease expiration
2001:3eff:fe80:4caa:
3030-3066-2e65-3230-302e-
Apr 25 17:10:47 2007
37ee:7::1
3130-3234-2d45-7468-65726e65-7430-2f31
Table 59 Command output
Field
Description
IPv6 address
Expired IPv6 address.
DUID
Client DUID bound to the expired IPv6 address.
Lease expiration
Time when the lease expired.
Related commands
reset ipv6 dhcp server expired
display ipv6 dhcp server ip-in-use
Use display ipv6 dhcp server ip-in-use to display binding information for assigned IPv6
addresses.
Syntax
display ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
address ipv6-address: Displays binding information for the specified IPv6 address.
pool pool-name: Displays binding information for the IPv6 address pool specified by its name, a
case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command displays binding information for all assigned
IPv6 addresses.
Examples
# Display binding information for all assigned IPv6 address.
<Sysname> display ipv6 dhcp server ip-in-use
Pool: 1
244
IPv6 address
Type
Lease expiration
2:1::1
Auto(O)
Jul 10 19:45:01 2008
Pool: 2
IPv6 address
Type
1:1::2
Static(F) Not available
Lease expiration
Pool: 3
IPv6 address
Type
Lease expiration
1:2::1f1
Static(O) Oct
9 09:23:31 2008
# Display binding information for all assigned IPv6 addresses for the specified DHCPv6 address
pool.
<Sysname> display ipv6 dhcp server ip-in-use pool 1
Pool: 1
IPv6 address
Type
Lease expiration
2:1::1
Auto(O)
Jul 10 22:22:22 2008
3:1::2
Static(C) Jan
1 11:11:11 2008
# Display binding information for the specified IPv6 address.
<Sysname> display ipv6 dhcp server ip-in-use address 2:1::3
Pool: 1
Client: FE80::C800:CFF0:FE18:0
Type: Auto(O)
DUID: 00030001CA000C180000
IAID: 0x00030001
IPv6 address: 2:1::3
Preferred lifetime 400, valid lifetime 500
Expires at Jul 10 09:45:01 2008 (288 seconds left)
Table 60 Command output
Field
Description
Pool
DHCPv6 address pool.
IPv6 address
IPv6 address assigned.
Type
IPv6 address binding types:
•
Static(F)—Free static binding whose IPv6 address has not been
assigned.
•
Static(O)—Offered static binding whose IPv6 address has been selected
and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the
client.
•
Static(C)—Committed static binding whose IPv6 address has been
assigned to the client.
•
Auto(O)—Offered dynamic binding whose IPv6 address has been
dynamically selected by the DHCPv6 server and sent in a
DHCPv6-OFFER packet to the DHCPv6 client.
•
Auto(C)—Committed dynamic binding, whose IP address has been
dynamically assigned to the DHCPv6 client.
Lease-expiration
Time when the lease of the IPv6 address will expire. If the lease expires after
the year 2100, this field displays Expires after 2100. For an unassigned static
binding, this field displays Not available.
Client
IPv6 address of the DHCPv6 client. For an unassigned static binding, this field
is blank.
DUID
Client DUID.
245
Field
Description
IAID
Client IAID. For an unassigned static binding without IAID specified, this field
displays N/A.
Preferred lifetime
Preferred lifetime in seconds of the IPv6 address.
valid lifetime
Valid lifetime in seconds of the IPv6 address.
Expires at
Time when the lease of an IPv6 address will expire. If the lease expires after
the year 2100, this field displays Expires after 2100.
Related commands
reset ipv6 dhcp server ip-in-use
display ipv6 dhcp server pd-in-use
Use display ipv6 dhcp server pd-in-use to display binding information for the assigned IPv6
prefixes.
Syntax
display ipv6 dhcp server pd-in-use [ pool pool-name | prefix prefix/prefix-len ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool pool-name: Displays IPv6 prefix binding information for the DHCPv6 address pool specified by
its name, a case-insensitive string of 1 to 63 characters.
prefix prefix/prefix-len: Displays binding information for the specified IPv6 prefix. The value range for
the prefix length is 1 to 128.
Usage guidelines
If you do not specify any parameters, this command displays all IPv6 prefix binding information.
Examples
# Display all IPv6 prefix binding information.
<Sysname> display ipv6 dhcp server pd-in-use
Pool: 1
IPv6 prefix
Type
Lease expiration
2:1::/24
Auto(O)
Jul 10 19:45:01 2008
IPv6 prefix
Type
Lease expiration
1:1::/64
Static(F) Not available
Pool: 2
Pool: 3
IPv6 prefix
Type
1:2::/64
Static(O) Oct
Lease expiration
# Display IPv6 prefix binding information for DHCPv6 address pool 1.
<Sysname> display ipv6 dhcp server pd-in-use pool 1
Pool: 1
246
9 09:23:31 2008
IPv6 prefix
Type
Lease expiration
2:1::/24
Auto(O)
Jul 10 22:22:22 2008
3:1::/64
Static(C) Jan
1 11:11:11 2008
# Display binding information for the IPv6 prefix 2:1::3/24.
<Sysname> display ipv6 dhcp server pd-in-use prefix 2:1::3/24
Pool: 1
Client: FE80::C800:CFF:FE18:0
Type: Auto(O)
DUID: 00030001CA000C180000
IAID: 0x00030001
IPv6 prefix: 2:1::/24
Preferred lifetime 400, valid lifetime 500
Expires at Jul 10 09:45:01 2008 (288 seconds left)
Table 61 Command output
Field
Description
IPv6 prefix
IPv6 prefix assigned.
Type
Prefix binding types:
•
Static(F)—Free static binding whose IPv6 prefix has not been assigned.
•
Static(O)—Offered static binding whose IPv6 prefix has been selected
and sent by the DHCPv6 server in a DHCPv6-OFFER packet to the
client.
•
Static(C)—Committed static binding whose IPv6 prefix has been
assigned to the client.
•
Auto(O)—Offered dynamic binding whose IPv6 prefix has been
dynamically selected by the DHCPv6 server and sent in a
DHCPv6-OFFER packet to the DHCPv6 client.
•
Auto(C)—Committed dynamic binding whose IPv6 prefix has been
dynamically selected by the DHCPv6 server and sent in a
DHCPv6-OFFER packet to the DHCPv6 client.
Pool
Address pool.
Lease-expiration
Time when the lease of the IPv6 prefix will expire. If the lease will expire after
the year 2100, this field displays Expires after 2100. For an unassigned static
binding, this field displays Not available.
Client
IPv6 address of the DHCPv6 client. For an unassigned static binding, this field
is blank.
DUID
Client DUID.
IAID
Client IAID. For an unassigned static binding without IAID, this field displays
N/A.
Preferred lifetime
Preferred lifetime in seconds of the IPv6 prefix.
valid lifetime
Valid lifetime in seconds of the IPv6 prefix.
Expires at
Time when the lease of the prefix will expire. If the lease expires after the year
2100, this field displays Expires after 2100.
Related commands
reset ipv6 dhcp server pd-in-use
247
display ipv6 dhcp server statistics
Use display ipv6 dhcp server statistics to display DHCPv6 packet statistics on the DHCPv6
server.
Syntax
display ipv6 dhcp server statistics [ pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pool pool-name: Displays DHCPv6 packet statistics for the DHCPv6 address pool specified by its
name, a case-insensitive string of 1 to 63 characters. If you do not specify an address pool, this
command displays DHCPv6 packet statistics for all address pools.
Examples
# Display all DHCPv6 packet statistics on the DHCPv6 server.
<Sysname> display ipv6 dhcp server statistics
Bindings:
Ip-in-use
:
1
Pd-in-use
:
0
Expired
:
0
Conflict
:
0
Packets received
:
1
Solicit
:
1
Request
:
0
Confirm
:
0
Renew
:
0
Rebind
:
0
Release
:
0
Decline
:
0
Information-request
:
0
Relay-forward
:
0
Packets dropped
:
0
Packets sent
:
0
Advertise
:
0
Reconfigure
:
0
Reply
:
0
Relay-reply
:
0
Table 62 Command output
Field
Description
Bindings
Number of bindings:
•
Ip-in-use—Total number of address bindings.
•
Pd-in-use—Total number of prefix bindings.
•
Expired—Total number of expired address bindings.
248
Field
Description
Conflict
Total number of conflicted addresses. If statistics about a specific address
pool are displayed, this field is not displayed.
Packets received
Number of messages received by the DHCPv6 server. The message types
include:
•
Solicit.
•
Request.
•
Confirm.
•
Renew.
•
Rebind.
•
Release.
•
Decline.
•
Information-request.
•
Relay-forward.
If statistics about a specific address pool are displayed, this field is not
displayed.
Packets dropped
Packets sent
Number of packets discarded. If statistics about a specific address pool are
displayed, this field is not displayed.
Number of messages sent by the DHCPv6 server. The message types
include:
•
Advertise.
•
Reconfigure.
•
Reply.
•
Relay-reply.
If statistics about a specific address pool are displayed, this field is not
displayed.
Related commands
reset ipv6 dhcp server statistics
dns-server
Use dns-server to specify a DNS server in a DHCPv6 address pool.
Use undo dns-server to remove the specified DNS server from a DHCPv6 address pool.
Syntax
dns-server ipv6-address
undo dns-server ipv6-address
Default
No DNS server address is specified.
Views
DHCPv6 address pool view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address of a DNS server.
249
Usage guidelines
You can use the dns-server command to specify up to eight DNS servers in an address pool. A DNS
server specified earlier has a higher preference.
Examples
# Specify the DNS server address 2:2::3 in DHCPv6 address pool 1.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] dns-server 2:2::3
Related commands
display ipv6 dhcp pool
domain-name
Use domain-name to specify a domain name suffix in a DHCPv6 address pool.
Use undo domain-name to remove the domain name suffix.
Syntax
domain-name domain-name
undo domain-name
Default
No domain name suffix is specified.
Views
DHCPv6 address pool view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a domain name suffix, a case-insensitive string of 1 to 50 characters.
Usage guidelines
You can configure only one domain name suffix in an address pool.
If you use the domain-name command multiple times, the most recent configuration takes effect.
Examples
# Specify the domain name aaa.com in DHCPv6 address pool 1.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] domain-name aaa.com
Related commands
display ipv6 dhcp pool
ipv6 dhcp pool
Use ipv6 dhcp pool to create a DHCPv6 address pool and enter its view.
Use undo ipv6 dhcp pool to remove the specified DHCPv6 address pool.
250
Syntax
ipv6 dhcp pool pool-name
undo ipv6 dhcp pool pool-name
Default
No DHCPv6 address pool is configured.
Views
System view
Predefined user roles
network-admin
Parameters
pool-name: Specifies a name for the DHCPv6 address pool, a case-insensitive string of 1 to 63
characters.
Usage guidelines
You can also use this command to enter the view of an existing DHCPv6 address pool.
A DHCPv6 address pool stores IPv6 address/prefix and other configuration parameters to be
assigned to DHCPv6 clients.
When you remove a DHCPv6 address pool, binding information for the assigned IPv6 addresses
and prefixes in the address pool is also removed.
Examples
# Create a DHCPv6 address pool named pool1 and enter its view.
<Sysname> system-view
[Sysname] ipv6 dhcp pool pool1
[Sysname-dhcp6-pool-pool1]
Related commands
•
display ipv6 dhcp pool
•
ipv6 dhcp server apply pool
ipv6 dhcp prefix-pool
Use ipv6 dhcp prefix-pool to create a prefix pool, specify the prefix/prefix length for the pool, and
specify the assigned prefix length.
Use undo ipv6 dhcp prefix-pool to remove the specified prefix pool.
Syntax
ipv6 dhcp prefix-pool prefix-pool-number prefix prefix/prefix-len assign-len assign-len
undo ipv6 dhcp prefix-pool prefix-pool-number
Default
No prefix pool is configured.
Views
System view
Predefined user roles
network-admin
251
Parameters
prefix-pool-number: Specifies a prefix pool number in the range of 1 to 128.
prefix prefix/prefix-len: Specifies a prefix/prefix length for the pool. The value range for the prefix-len
argument is 1 to 128.
assign-len assign-len: Specifies the assigned prefix length. The value range is 1 to 128, and the
value must be greater than or equal to prefix-len. The difference between assign-len and prefix-len
must be no more than 16.
Usage guidelines
Different prefix pools cannot overlap.
You cannot modify an existing prefix pool. To change the prefix pool settings, you must delete the
prefix pool first.
Removing a prefix pool clears all prefix bindings from the prefix pool.
Examples
# Create prefix pool named 1, and specify the prefix 2001:0410::/32 with assigned prefix length being
42. Prefix pool 1 contains 1024 prefixes from 2001:0410::/42 to 2001:0410:FFC0::/42.
<Sysname> system-view
[Sysname] ipv6 dhcp prefix-pool 1 prefix 2001:0410::/32 assign-len 42
Related commands
•
display ipv6 dhcp prefix-pool
•
prefix-pool
ipv6 dhcp server
Use ipv6 dhcp server to configure global address assignment on an interface. The server on the
interface uses a global address pool to assign configuration information to a client.
Use undo ipv6 dhcp server to restore the default.
Syntax
ipv6 dhcp server { allow-hint | preference preference-value | rapid-commit } *
undo ipv6 dhcp server
Default
The server does not support desired address/prefix assignment or rapid address/prefix assignment.
The server preference is set to 0.
Views
Interface view
Predefined user roles
network-admin
Parameters
allow-hint: Enables desired address/prefix assignment.
preference preference-value: Specifies the server preference in Advertise messages, in the range
of 0 to 255. The default value is 0. A greater value specifies a higher preference.
rapid-commit: Enables rapid address/prefix assignment involving two messages.
252
Usage guidelines
The allow-hint keyword enables the server to assign the desired address or prefix to the requesting
client. If the desired address or prefix is not included in any global address pool, or is already
assigned to another client, the server assigns the client a free address or a prefix. If the allow-hint
keyword is not specified, the server ignores the desired address or prefix, and selects an address or
prefix from a global address pool.
If you use the ipv6 dhcp server and ipv6 dhcp server apply pool commands on the same
interface, the ipv6 dhcp server apply pool command takes effect.
Examples
# Configure global address assignment on the interface VLAN-interface 2. Use the desired
address/prefix assignment and rapid address/prefix assignment, and set the server preference to the
highest 255.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 dhcp server allow-hint preference 255 rapid-commit
Related commands
•
display ipv6 dhcp server
•
ipv6 dhcp select
ipv6 dhcp server apply pool
Use ipv6 dhcp server apply pool to apply a DHCPv6 address pool to an interface.
Use undo ipv6 dhcp server apply pool to remove the DHCPv6 address pool from the interface.
Syntax
ipv6 dhcp server apply pool pool-name [ allow-hint | preference preference-value |
rapid-commit ] *
undo ipv6 dhcp server apply pool
Default
No DHCPv6 address pool is applied to an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
pool-name: Specifies a DHCPv6 address pool by its name, a case-insensitive string of 1 to 63
characters.
allow-hint: Enables desired address/prefix assignment.
preference preference-value: Specifies the server preference in Advertise messages, in the range
of 0 to 255. The default value is 0. A greater value specifies a higher preference.
rapid-commit: Enables rapid address/prefix assignment involving two messages.
Usage guidelines
Upon receiving a DHCPv6 request, the DHCPv6 server selects an IPv6 address or prefix from the
address pool applied to the receiving interface. If no address pool is applied, the server selects an
IPv6 address or prefix from a global address pool that matches the IPv6 address of the receiving
interface or the DHCPv6 relay agent.
253
The allow-hint keyword enables the server to assign the desired address or prefix to the client. If the
desired address or prefix does not exist or is already assigned to another client, the server assigns a
free address or prefix. If allow-hint is not specified, the server ignores the desired address or prefix,
and assigns a free address or prefix.
Only one address pool can be applied to an interface. If you use the command multiple times, the
most recent configuration takes effect.
A non-existing address pool can be applied to an interface, but the server cannot assign any prefix,
address, or other configuration information from the address pool until the address pool is created.
Examples
# Apply address pool 1 to VLAN-interface 2, configure the address pool to support desired
address/prefix assignment and address/prefix rapid assignment, and set the preference to 255.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 dhcp server apply pool 1 allow-hint preference 255
rapid-commit
Related commands
•
display ipv6 dhcp server
•
ipv6 dhcp pool
•
ipv6 dhcp select
ipv6 dhcp server forbidden-address
Use ipv6 dhcp server forbidden-address to exclude specified IPv6 addresses from dynamic
allocation.
Use undo ipv6 dhcp server forbidden-address to remove the configuration.
Syntax
ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ]
undo ipv6 dhcp server forbidden-address start-ipv6-address [ end-ipv6-address ]
Default
Except for the DHCPv6 server address, all IPv6 addresses in a DHCPv6 address pool are
assignable.
Views
System view
Predefined user roles
network-admin
Parameters
start-ipv6-address: Specifies the start IPv6 address.
end-ipv6-address: Specifies the end IPv6 address, which cannot be lower than start-ipv6-address. If
you do not specify an end IPv6 address, only the start IPv6 address is excluded from dynamic
allocation. If you specify an end IPv6 address, the IP addresses from start-ipv6-address to
end-ipv6-address are all excluded from dynamic allocation.
Usage guidelines
You can exclude multiple IP address ranges from dynamic allocation.
The IPv6 addresses of some devices such as the gateway and FTP server cannot be assigned to
clients. Use this command to exclude such addresses from dynamic allocation.
254
If the excluded IPv6 address is in a static binding, the address can still be assigned to the client.
The address or address range specified in the undo form of the command must be the same as the
address or address range specified in the command. To remove an IP address that has been
specified as part of an address range, you must remove the entire address range.
Examples
# Exclude IPv6 addresses of 2001:10:110::1 through 2001:10:110::20 from dynamic assignment.
<Sysname> system-view
[Sysname] ipv6 dhcp server forbidden-address 2001:10:110::1 2001:10:110::20
Related commands
•
ipv6 dhcp server forbidden-prefix
•
static-bind
ipv6 dhcp server forbidden-prefix
Use ipv6 dhcp server forbidden-prefix to exclude specific IPv6 prefixes from dynamic allocation.
Use undo ipv6 dhcp server forbidden-prefix to remove the configuration.
Syntax
ipv6 dhcp server forbidden-prefix start-prefix/prefix-len [ end-prefix/prefix-len ]
undo ipv6 dhcp server forbidden-prefix start-prefix/prefix-len [ end-prefix/prefix-len ]
Default
No IPv6 prefixes in the DHCPv6 prefix pool are excluded from dynamic allocation.
Views
System view
Predefined user roles
network-admin
Parameters
start-prefix/prefix-len: Specifies the start IPv6 prefix. The prefix-len argument specifies the prefix
length in the range of 1 to 128.
end-prefix/prefix-len: Specifies the end IPv6 prefix. The prefix-len argument specifies the prefix
length, ranging from 1 to 128. The value for end-prefix cannot be lower than that for start-prefix. If
you do not specify this argument, only the start-prefix/prefix-len is excluded from dynamic allocation.
If you specify this argument, the prefixes from start-prefix/prefix-len to end-prefix/prefix-len are all
excluded.
Usage guidelines
You can exclude multiple IPv6 prefix ranges from dynamic allocation.
If the excluded IPv6 prefix is in a static binding, the prefix can still be assigned to the client.
The prefix or prefix range specified in the undo form of the command must be the same as the prefix
or prefix range specified in the command. To remove a prefix that has been specified as part of a
prefix range, you must remove the entire prefix range.
Examples
# Exclude IPv6 prefixes from 2001:3e11::/32 through 2001:3eff::/32 from dynamic allocation.
<Sysname> system-view
[Sysname] ipv6 dhcp server forbidden-prefix 2001:3e11::/32 2001:3eff::/32
255
Related commands
•
ipv6 dhcp server forbidden-address
•
static-bind
network
Use network to specify an IPv6 subnet for dynamic allocation in a DHCPv6 address pool.
Use undo network to remove the specified IPv6 subnet.
Syntax
network prefix/prefix-length [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]
undo network
Default
No IPv6 subnet is specified in a DHCPv6 address pool.
Views
DHCPv6 address pool view
Predefined user roles
network-admin
Parameters
prefix/prefix-length: Specifies the IPv6 subnet for dynamic allocation. The value range for
prefix-length is 1 to 128.
preferred-lifetime preferred-lifetime: Sets the preferred lifetime. The value range is 60 to
4294967295 seconds, and the default is 604800 seconds (7 days).
valid-lifetime valid-lifetime: Sets the valid lifetime. The value range is 60 to 4294967295 seconds,
and the default is 2592000 seconds (30 days). The valid lifetime must be longer than or equal to the
preferred lifetime.
Usage guidelines
You can specify only one subnet for a DHCPv6 address pool. If you use the network command
multiple times, the most recent configuration takes effect.
Modifying or removing the network configuration removes assigned addresses in the current
address pool.
Examples
# Specify the subnet 3ffe:501:ffff:100::/64 in DHCPv6 address pool 1.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64
Related commands
•
address range
•
display ipv6 dhcp pool
•
temporary address range
option
Use option to configure a self-defined DHCPv6 option in a DHCPv6 address pool.
256
Use undo option to remove a self-defined DHCPv6 option from a DHCPv6 address pool.
Syntax
option code hex hex-string
undo option code
Default
No self-defined DHCPv6 option is configured in a DHCPv6 address pool.
Views
DHCPv6 address pool view
Predefined user roles
network-admin
Parameters
code: Specifies a number for the self-defined option, in the range of 21 to 65535, excluding 25
through 26, 37 through 40, and 43 through 48.
hex hex-string: Specifies the content of the option, a hexadecimal string of even numbers from 2 to
256.
Usage guidelines
The DHCPv6 server fills the self-defined option with the specified hexadecimal string and sends it in
a response to the client.
If you use the option command multiple times with the same code specified, the most recent
configuration takes effect.
You can self-define options for the following purposes:
•
Add newly released options.
•
Add options for which the vendor defines the contents, for example, Option 43.
•
Add options for which the CLI does not provide a dedicated configuration command like
dns-server. For example, you can use the option 31 hex
00c80000000000000000000000000001 command to define the NTP server address 200::1 for
DHCP clients.
If a DHCPv6 option is specified by both the dedicated command and the option command, the
DHCPv6 server preferentially assigns the content specified by the dedicated command. For
example, if a DNS server address is specified by the dns-server command and the option 23
command, the server uses the address specified by dns-server command.
Examples
# Configure Option 23 that specifies a DNS server address 2001:f3e0::1 in DHCPv6 address pool 1.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] option 23 hex 2001f3e0000000000000000000000001
Related commands
•
display ipv6 dhcp pool
•
dns-server
•
domain-name
•
sip-server
257
prefix-pool
Use prefix-pool to apply a prefix pool to a DHCPv6 address pool, so the DHCPv6 server can
dynamically select a prefix from the prefix pool for a client.
Use undo prefix-pool to remove the configuration.
Syntax
prefix-pool prefix-pool-number [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]
undo prefix-pool prefix-pool-number
Default
No prefix pool is applied to a DHCPv6 address pool.
Views
DHCPv6 address pool view
Predefined user roles
network-admin
Parameters
prefix-pool-number: Specifies a prefix pool by its number in the range of 1 to 128.
preferred-lifetime preferred-lifetime: Sets the preferred lifetime in the range of 60 to 4294967295
seconds. The default value is 604800 seconds (7 days).
valid-lifetime valid-lifetime: Sets the valid lifetime in the range of 60 to 4294967295 seconds. The
default value is 2592000 seconds (30 days). The valid lifetime must be longer than or equal to the
preferred lifetime.
Usage guidelines
Only one prefix pool can be applied to an address pool.
You can apply a prefix pool that has not been created to an address pool. The setting takes effect
after the prefix pool is created.
You cannot modify prefix pools that have been applied. To change the prefix pool for an address
pool, you must remove the prefix pool application first.
Examples
# Apply prefix pool 1 to address pool 1, and use the default preferred lifetime and valid lifetime.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] prefix-pool 1
# Apply prefix pool 2 to address pool 2, and set the preferred lifetime to one day and the valid lifetime
to three days.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 2
[Sysname-dhcp6-pool-2] prefix-pool 2 preferred-lifetime 86400 valid-lifetime 259200
Related commands
•
display ipv6 dhcp pool
•
ipv6 dhcp prefix-pool
258
reset ipv6 dhcp server conflict
Use reset ipv6 dhcp server conflict to clear IPv6 address conflict information.
Syntax
reset ipv6 dhcp server conflict [ address ipv6-address ]
Views
User view
Predefined user roles
network-admin
Parameters
address ipv6-address: Clears conflict information for the specified IPv6 address. If you do not
specify an IPv6 address, this command clears all IPv6 address conflict information.
Usage guidelines
Address conflicts occur when dynamically assigned IP addresses have been statically configured for
other hosts. After the conflicts are resolved, you can use the reset ipv6 dhcp server conflict
command to clear conflict information so that the conflicted addresses can be assigned to clients.
Examples
# Clear all IPv6 address conflict information.
<Sysname> reset ipv6 dhcp server conflict
Related commands
display ipv6 dhcp server conflict
reset ipv6 dhcp server expired
Use reset ipv6 dhcp server expired to clear binding information for lease-expired IPv6 addresses.
Syntax
reset ipv6 dhcp server expired [ address ipv6-address | pool pool-name ]
Views
User view
Predefined user roles
network-admin
Parameters
address ipv6-address: Clears binding information for the specified lease-expired IPv6 address.
pool pool-name: Clears binding information for lease-expired IPv6 addresses in the address pool
specified by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command clears binding information for all lease-expired
IPv6 addresses.
Examples
# Clear binding information for expired IPv6 address 2001:f3e0::1.
<Sysname> reset ipv6 dhcp server expired address 2001:f3e0::1
259
Related commands
display ipv6 dhcp server expired
reset ipv6 dhcp server ip-in-use
Use reset ipv6 dhcp server ip-in-use to clear binding information for assigned IPv6 addresses.
Syntax
reset ipv6 dhcp server ip-in-use [ address ipv6-address | pool pool-name ]
Views
User view
Predefined user roles
network-admin
Parameters
address ipv6-address: Clears binding information for the assigned IPv6 address.
pool pool-name: Clears binding information for assigned IPv6 addresses in the address pool
specified by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameters, this command clears binding information for all IPv6
addresses.
If you use this command to clear information about an assigned static binding, the static binding
becomes an unassigned static binding.
Examples
# Clear binding information for all assigned IPv6 addresses.
<Sysname> reset ipv6 dhcp server ip-in-use
# Clears binding information for assigned IPv6 addresses in DHCPv6 address pool 1.
<Sysname> reset ipv6 dhcp server ip-in-use pool 1
# Clears binding information for the assigned IPv6 address 2001:0:0:1::1.
<Sysname> reset ipv6 dhcp server ip-in-use address 2001:0:0:1::1
Related commands
display ipv6 dhcp server ip-in-use
reset ipv6 dhcp server pd-in-use
Use reset ipv6 dhcp server pd-in-use to clear binding information for assigned IPv6 prefixes.
Syntax
reset ipv6 dhcp server pd-in-use [ pool pool-name | prefix prefix/prefix-len ]
Views
User view
Predefined user roles
network-admin
260
Parameters
pool pool-name: Clears binding information for assigned IPv6 prefixes in the address pool specified
by its name, a case-insensitive string of 1 to 63 characters.
prefix prefix/prefix-len: Clears binding information for the specified IPv6 prefix. The value range for
the prefix length is 1 to 128.
Usage guidelines
If you do not specify any parameters, this command clears binding information for all assigned IPv6
prefixes.
If you use this command to clear information about an assigned static binding, the static binding
becomes an unassigned static binding.
Examples
# Clear binding information for all assigned IPv6 prefixes.
<Sysname> reset ipv6 dhcp server pd-in-use
# Clears binding information for assigned IPv6 prefixes in DHCPv6 address pool 1.
<Sysname> reset ipv6 dhcp server pd-in-use pool 1
# Clears binding information for the assigned IPv6 prefix 2001:0:0:1::/64.
<Sysname> reset ipv6 dhcp server pd-in-use prefix 2001:0:0:1::/64
Related commands
display ipv6 dhcp server pd-in-use
reset ipv6 dhcp server statistics
Use reset ipv6 dhcp server statistics to clear DHCPv6 server statistics.
Syntax
reset ipv6 dhcp server statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear DHCPv6 server statistics.
<Sysname> reset ipv6 dhcp server statistics
Related commands
display ipv6 dhcp server statistics
sip-server
Use sip-server to specify the IPv6 address or domain name of a SIP server in the DHCPv6 address
pool.
Use undo sip-server to remove a SIP server.
Syntax
sip-server { address ipv6-address | domain-name domain-name }
undo sip-server { address ipv6-address | domain-name domain-name }
261
Default
No SIP server address or domain name is specified.
Views
DHCPv6 address pool view
Predefined user roles
network-admin
Parameters
address ipv6-address: Specifies the IPv6 address of a SIP server.
domain-name domain-name: Specifies the domain name of a SIP server, a case-insensitive string
of 1 to 50 characters.
Usage guidelines
You can specify up to eight SIP server addresses and eight SIP server domain names in an address
pool. A SIP server that is specified earlier has a higher preference.
Examples
# Specify the SIP server address 2:2::4 in DHCPv6 address pool 1.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] sip-server address 2:2::4
# Specify the SIP server domain name bbb.com in DHCPv6 address pool 1.
[Sysname-dhcp6-pool-1] sip-server domain-name bbb.com
Related commands
display ipv6 dhcp pool
static-bind
Use static-bind to statically bind a client DUID or client IAID to an IPv6 address or prefix in the
DHCPv6 address pool.
Use undo static-bind to remove a static binding.
Syntax
static-bind { address ipv6-address/addr-prefix-length | prefix prefix/prefix-len } duid duid [ iaid
iaid ] [ preferred-lifetime preferred-lifetime valid-lifetime valid-lifetime ]
undo static-bind { address ipv6-address/addr-prefix-length | prefix prefix/prefix-len }
Default
No static binding is configured in a DHCPv6 address pool.
Views
DHCPv6 address pool view
Predefined user roles
network-admin
Parameters
address ipv6-address/addr-prefix-length: Specifies the IPv6 address and prefix length. The value
range for the prefix length is 1 to 128.
262
prefix prefix/prefix-len: Specifies the prefix and prefix length. The value range for the prefix length is
1 to 128.
duid duid: Specifies a client DUID. The value is an even hexadecimal number in the range of 2 to
256.
iaid iaid: Specifies a client IAID. The value is a hexadecimal number in the range of 0 to FFFFFFFF.
If you do not specify an IAID, the server does not match the client IAID for prefix assignment.
preferred-lifetime preferred-lifetime: Sets the preferred lifetime of the address or prefix. The value
range is 60 to 4294967295 seconds, and the default is 604800 seconds (7 days).
valid-lifetime valid-lifetime: Sets the valid lifetime of the address or prefix. The value range is 60 to
4294967295 seconds, and the default is 2592000 seconds (30 days). The valid lifetime cannot be
shorter than the preferred lifetime.
Usage guidelines
You can specify multiple static bindings in a DHCPv6 address pool.
An IPv6 address or prefix can be bound to only one DHCPv6 client. You cannot modify bindings that
have been created. To change the binding for a DHCPv6 client, you must delete the existing binding
first.
Examples
# In address pool 1, bind IPv6 address 2001:0410::/35 to the client DUID 0003000100e0fc005552
and IAID A1A1A1A1.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] static-bind address 2001:0410::/35 duid 0003000100e0fc005552 iaid
A1A1A1A1
# In address pool 1, bind prefix 2001:0410::/35 to the client DUID 00030001CA0006A400 and IAID
A1A1A1A1.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] static-bind prefix 2001:0410::/35 duid 00030001CA0006A400 iaid
A1A1A1A1
Related commands
display ipv6 dhcp pool
temporary address range
Use temporary address range to configure a temporary IPv6 address range in a DHCPv6 address
pool for dynamic allocation.
Use undo temporary address range to remove the temporary IPv6 address range from the
DHCPv6 address pool.
Syntax
temporary address range start-ipv6-address
preferred-lifetime valid-lifetime valid-lifetime ]
end-ipv6-address
undo temporary address range
Default
No temporary IPv6 address range is configured in a DHCPv6 address pool.
Views
DHCPv6 address pool view
263
[
preferred-lifetime
Predefined user roles
network-admin
Parameters
start-ipv6-address: Specifies the start IPv6 address.
end-ipv6-address: Specifies the end IPv6 address.
preferred-lifetime preferred-lifetime: Sets the preferred lifetime. The value range is 60 to
4294967295 seconds, and the default is 604800 seconds (7 days).
valid-lifetime valid-lifetime: Sets the valid lifetime. The value range is 60 to 4294967295 seconds,
and the default is 2592000 seconds (30 days). The valid lifetime cannot be shorter than the preferred
lifetime.
Usage guidelines
If you do not execute the temporary address range command, the DHCPv6 server does not
support temporary address assignment.
You can configure only one temporary IPv6 address range in an address pool. If you use the
command multiple times, the most recent configuration takes effect.
Examples
# In DHCPv6 address pool 1, configure a temporary IPv6 address range from 3ffe:501:ffff:100::50 to
3ffe:501:ffff:100::60.
<Sysname> system-view
[Sysname] ipv6 dhcp pool 1
[Sysname-dhcp6-pool-1] network 3ffe:501:ffff:100::/64
[Sysname-dhcp6-pool-1] temporary address range 3ffe:501:ffff:100::50
3ffe:501:ffff:100::60
Related commands
•
display ipv6 dhcp pool
•
address range
•
network
DHCPv6 relay agent commands
The term "interface" in this section collectively refers to VLAN interfaces and Layer 3 Ethernet
interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route
command (see Layer 2—LAN Switching Configuration Guide).
display ipv6 dhcp relay server-address
Use display ipv6 dhcp relay server-address to display DHCPv6 server addresses specified on the
DHCPv6 relay agent.
Syntax
display ipv6 dhcp relay server-address [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
264
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, this command displays DHCPv6 server addresses on all interfaces enabled
with DHCPv6 relay agent.
Examples
# Display DHCPv6 server addresses on all interfaces enabled with DHCPv6 relay agent.
<Sysname> display ipv6 dhcp relay server-address
Interface: Vlan-interface2
Server address
Outgoing Interface
2::3
3::4
Vlan-interface4
Interface: Vlan-interface3
Server address
Outgoing Interface
2::3
3::4
Vlan-interface4
# Display DHCPv6 server addresses on VLAN-interface 2.
<Sysname> display ipv6 dhcp relay server-address interface vlan-interface 2
Interface: Vlan-interface2
Server address
Outgoing Interface
2::3
3::4
Vlan-interface4
Table 63 Command output
Field
Description
Server address
DHCPv6 server address specified on the DHCP relay agent.
Outgoing Interface
Output interface of DHCPv6 packets. If no output interface is specified,
the device searches the routing table for the output interface.
Related commands
•
ipv6 dhcp relay server-address
•
ipv6 dhcp select
display ipv6 dhcp relay statistics
Use display ipv6 dhcp relay statistics to display DHCPv6 packet statistics on the DHCPv6 relay
agent.
Syntax
display ipv6 dhcp relay statistics [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
265
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, this command displays DHCPv6 packets statistics on all interfaces enabled
with DHCPv6 relay agent.
Examples
# Display DHCPv6 packet statistics on all interfaces enabled with DHCPv6 relay agent.
<Sysname> display ipv6 dhcp relay statistics
Packets dropped
:
4
Packets received
:
14
Solicit
:
0
Request
:
0
Confirm
:
0
Renew
:
0
Rebind
:
0
Release
:
0
Decline
:
0
Information-request
:
7
Relay-forward
:
0
Relay-reply
:
7
:
14
Advertise
:
0
Reconfigure
:
0
Packets sent
Reply
:
7
Relay-forward
:
7
Relay-reply
:
0
# Display DHCPv6 packet statistics on the DHCPv6 relay agent on VLAN-interface 2.
<Sysname> display ipv6 dhcp relay statistics interface vlan-interface 2
Packets dropped
:
4
Packets received
:
16
Solicit
:
0
Request
:
0
Confirm
:
0
Renew
:
0
Rebind
:
0
Release
:
0
Decline
:
0
Information-request
:
8
Relay-forward
:
0
Relay-reply
:
8
:
16
Advertise
:
0
Reconfigure
:
0
Packets sent
Reply
:
8
Relay-forward
:
8
Relay-reply
:
0
266
Table 64 Command output
Field
Description
Packets dropped
Number of discarded packets.
Packets received
Number of received packets.
Solicit
Number of received solicit packets.
Request
Number of received request packets.
Confirm
Number of received confirm packets.
Renew
Number of received renew packets.
Rebind
Number of received rebind packets.
Release
Number of received release packets.
Decline
Number of received decline packets.
Information-request
Number of received information request packets.
Relay-forward
Number of received relay-forward packets.
Relay-reply
Number of received relay-reply packets.
Packets sent
Number of sent packets.
Advertise
Number of sent advertise packets.
Reconfigure
Number of sent reconfigure packets.
Reply
Number of sent reply packets.
Relay-forward
Number of sent Relay-forward packets.
Relay-reply
Number of sent Relay-reply packets.
Related commands
reset ipv6 dhcp relay statistics
ipv6 dhcp relay server-address
Use ipv6 dhcp relay server-address to specify a DHCPv6 server on the DHCPv6 relay agent.
Use undo ipv6 dhcp relay server-address to remove DHCPv6 server addresses.
Syntax
ipv6 dhcp relay server-address ipv6-address [ interface interface-type interface-number ]
undo ipv6 dhcp relay server-address [ ipv6-address [ interface interface-type interface-number ] ]
Default
No DHCPv6 server address is specified on the DHCPv6 relay agent.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address of a DHCPv6 server.
267
interface interface-type interface-number: Specifies an output interface through which the relay
agent forwards the DHCPv6 requests to the DHCPv6 server. If you do not specify an output
interface, the relay agent looks up the routing table for an output interface.
Usage guidelines
Upon receiving a request from a DHCPv6 client, the interface encapsulates the request into a
Relay-forward message and forwards the message to the specified DHCPv6 server.
You can specify a maximum of eight DHCPv6 servers on an interface. The DHCPv6 relay agent
forwards DHCP requests to all the specified DHCPv6 servers.
If the DHCPv6 server address is a link-local address or multicast address, you must specify an
output interface. If you do not specify an output interface, DHCPv6 packets might fail to reach the
DHCPv6 server.
If you do not specify an IPv6 address, the undo ipv6 dhcp relay server-address command
removes all DHCPv6 server addresses specified on the interface.
Examples
# Enable the DHCPv6 relay agent on VLAN-interface 2 and specify the DHCPv6 server address
2001:1::3.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 dhcp select relay
[Sysname-Vlan-interface2] ipv6 dhcp relay server-address 2001:1::3
Related commands
•
display ipv6 dhcp relay server-address
•
ipv6 dhcp select
reset ipv6 dhcp relay statistics
Use reset ipv6 dhcp relay statistics to clear packets statistics on the DHCPv6 relay agent.
Syntax
reset ipv6 dhcp relay statistics [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, this command clears all relay agent statistics.
Examples
# Clear packet statistics on the DHCPv6 relay agent.
<Sysname> reset ipv6 dhcp relay statistics
Related commands
display ipv6 dhcp relay statistics
268
DHCPv6 client commands
display ipv6 dhcp client
Use display ipv6 dhcp client to display DHCPv6 client information.
Syntax
display ipv6 dhcp client [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, this command displays information about all DHCPv6 clients.
Examples
# Display the DHCPv6 client information on VLAN-interface 2.
<Sysname> display ipv6 dhcp client interface vlan-interface 2
Vlan-interface2:
Type: Stateful client requesting address
State: OPEN
IAID: 0x4030000
Client DUID: 00030001000fe2ff0000
Preferred server:
Reachable via address: FE80::223:89FF:FE63:C4BC
Server DUID: 0003000100238963c4ba
Address: 12:34:56::2/128
Preferred lifetime 86400 sec, valid lifetime 259200 sec
T1 43200 sec, T2 69120 sec
Will expire on Feb 4 2013 at 15:37:20(288 seconds left)
DNS server addresses:
2:2::3
Domain name:
aaa.com
SIP server addresses:
2:2::4
SIP server domain names:
bbb.com
Options:
Code: 88
Length: 3 bytes
Hex: AABBCC
269
Table 65 Command output
Field
Description
Type
Types of DHCPv6 client:
•
Stateful client requesting address—A DHCPv6 client that
requests an IPv6 address.
•
Stateful client requesting prefix—A DHCPv6 client that requests
an IPv6 prefix.
•
Stateless client—A DHCPv6 client that requests configuration
parameters through stateless DHCPv6.
State
Current states of the DHCPv6 client:
•
IDLE—The client is in idle state.
•
SOLICIT—The client is locating a DHCPv6 server.
•
REQUEST—The client is requesting an IPv6 address or prefix.
•
OPEN—The client has obtained an IPv6 address or prefix.
•
RENEW—The client is extending the lease (after T1 and before
T2).
•
REBIND—The client is extending the lease (after T2 and before the
lease expires).
•
RELEASE—The client is releasing an IPv6 address or prefix.
•
DECLINE—The client is declining an IPv6 address or prefix
because of an address or prefix conflict.
•
INFO-REQUESTING—The client is requesting configuration
parameters through stateless DHCPv6.
IAID
IA identifier.
Client DUID
DUID of the DHCPv6 client.
Preferred server
Information about the DHCPv6 server selected by the DHCPv6 client.
Reachable via address
Reachable address for the DHCPv6 client. It is the link local address of
the DHCPv6 server or DHCPv6 relay agent.
Server DUID
DUID of the DHCPv6 server.
Address
IPv6 address obtained. This field is displayed only when the DHCPv6
client type is Stateful client requesting address.
Prefix
IPv6 prefix obtained. This field is displayed only when the DHCPv6 client
type is Stateful client requesting prefix.
Preferred lifetime
Preferred lifetime in seconds.
valid lifetime
Valid lifetime in seconds.
T1
T1 time value in seconds.
T2
T2 time value in seconds.
Will expire on Feb 4 2013 at
15:37:20 (288 seconds left)
Time when the lease expires and the remaining time of the lease.
If the lease expires after the year 2100, this field displays Will expire
after 2100.
DNS server addresses
IPv6 address of the DNS server.
Domain name
Domain name suffix.
SIP server addresses
IPv6 address of the SIP server.
SIP server domain names
Domain name of the SIP server.
Options
Self-defined options.
Code
Code of the self-defined option.
270
Field
Description
Length
Self-defined option length in bytes.
Hex
Self-defined option content represented by a hexadecimal string.
Related commands
•
ipv6 address dhcp-alloc
•
ipv6 dhcp client pd
display ipv6 dhcp client statistics
Use display ipv6 dhcp client statistics to display DHCPv6 client statistics.
Syntax
display ipv6 dhcp client statistics [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, this command displays statistics for all DHCPv6 clients.
Examples
# Display DHCPv6 client statistics on VLAN-interface 2.
<Sysname> display ipv6 dhcp client statistics interface vlan-interface 2
Interface
:
Vlan-interface2
Packets received
:
1
Reply
:
1
Advertise
:
0
Reconfigure
:
0
Invalid
:
0
Packets sent
:
5
Solicit
:
0
Request
:
0
Renew
:
0
Rebind
:
0
Information-request :
5
Release
:
0
Decline
:
0
Table 66 Command output
Field
Description
Interface
Interface that acts as the DHCPv6 client.
Packets Received
Number of received packets.
Reply
Number of received reply packets.
271
Field
Description
Advertise
Number of received advertise packets.
Reconfigure
Number of received reconfigure packets.
Invalid
Number of invalid packets.
Packets sent
Number of sent packets.
Solicit
Number of sent solicit packets.
Request
Number of sent request packets.
Renew
Number of sent renew packets.
Rebind
Number of sent rebind packets.
Information-request
Number of sent information request packets.
Release
Number of sent release packets.
Decline
Number of sent decline packets.
Related commands
reset ipv6 dhcp client statistics
ipv6 address dhcp-alloc
Use ipv6 address dhcp-alloc to configure an interface to use DHCPv6 for IPv6 address acquisition.
Use undo ipv6 address dhcp-alloc to cancel an interface from using DHCPv6, and clear the
obtained IPv6 address and other configuration parameters.
Syntax
ipv6 address dhcp-alloc [ rapid-commit ]
undo ipv6 address dhcp-alloc
Default
An interface does not use DHCPv6 for IPv6 address acquisition.
Views
Layer 3 Ethernet interface view
Layer 3 aggregate interface view
Management Ethernet interface view
VLAN interface view
Predefined user roles
network-admin
Parameters
rapid-commit: Supports rapid address or prefix assignment.
Examples
# Configure VLAN-interface 10 to use DHCPv6 for IPv6 address acquisition. Configure the DHCPv6
client to support rapid address assignment.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ipv6 address dhcp-alloc rapid-commit
272
Related commands
display ipv6 dhcp client
ipv6 dhcp client dscp
Use ipv6 dhcp client dscp to set the DSCP value for DHCPv6 packets sent by the DHCPv6 client.
Use undo ipv6 dhcp client dscp to restore the default value.
Syntax
ipv6 dhcp client dscp dscp-value
undo ipv6 dhcp client dscp
Default
The DSCP value in DHCPv6 packets is 56.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets the DSCP value for DHCPv6 packets, in the range of 0 to 63.
Usage guidelines
The DSCP value is carried in the Traffic class field of a DHCPv6 packet. It specifies the priority level
of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a
higher priority.
Examples
# Set the DSCP value to 30 for DHCPv6 packets sent by the DHCPv6 client.
<Sysname> system-view
[Sysname] ipv6 dhcp client dscp 30
ipv6 dhcp client pd
Use ipv6 dhcp client pd to configure an interface to use DHCPv6 for IPv6 prefix acquisition.
Use undo ipv6 dhcp client pd to cancel an interface from using DHCPv6, and clear the obtained
IPv6 prefix and other configuration parameters.
Syntax
ipv6 dhcp client pd prefix-number [ rapid-commit ]
undo ipv6 dhcp client pd
Default
An interface does not use DHCPv6 for IPv6 prefix acquisition.
Views
Layer 3 Ethernet interface view
Layer 3 aggregate interface view
Management Ethernet interface view
VLAN interface view
273
Predefined user roles
network-admin
Parameters
prefix-number: Specifies an IPv6 prefix ID in the range of 1 to 1024. After obtaining an IPv6 prefix,
the client assigns the ID to the IPv6 prefix.
rapid-commit: Supports rapid address or prefix assignment.
Examples
# Configure VLAN-interface10 to use DHCPv6 for IPv6 prefix acquisition. Specify an ID for the
dynamic IPv6 prefix, and configure the client to support rapid prefix assignment.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ipv6 dhcp client pd 1 rapid-commit
Related commands
display ipv6 dhcp client
ipv6 dhcp client stateless enable
Use ipv6 dhcp client stateless enable to enable stateless DHCPv6.
Use undo ipv6 dhcp client stateless enable to restore the default.
Syntax
ipv6 dhcp client stateless enable
undo ipv6 dhcp client stateless enable
Default
Stateless DHCPv6 is disabled.
Views
Layer 3 Ethernet interface view
Layer 3 aggregate interface view
Management Ethernet interface view
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
With stateless DHCPv6 enabled on an interface, the interface sends an Information-request
message to the multicast address of all DHCPv6 servers and DHCPv6 relay agents to request
configuration parameters.
Examples
# Enable stateless DHCPv6 on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 dhcp client stateless enable
274
reset ipv6 dhcp client statistics
Use reset ipv6 dhcp client statistics to clear DHCPv6 client statistics.
Syntax
reset ipv6 dhcp client statistics [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, this command clears all DHCPv6 client statistics.
Examples
# Clear all DHCPv6 client statistics.
<Sysname> reset ipv6 dhcp client statistics
Related commands
display ipv6 dhcp client statistics
DHCPv6 snooping commands
DHCPv6 snooping works between the DHCPv6 client and the DHCPv6 server or between the
DHCPv6 client and DHCPv6 the relay agent. DHCPv6 snooping does not work between the
DHCPv6 server and the DHCPv6 relay agent.
display ipv6 dhcp snooping binding
Use display ipv6 dhcp snooping binding to display DHCPv6 snooping entries.
Syntax
display ipv6 dhcp snooping binding [ address ipv6-address [ vlan vlan-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
address ipv6-address: Displays the DHCPv6 snooping entry for the specified IPv6 address.
vlan vlan-id: Specifies the ID of the VLAN where the IPv6 address resides.
Usage guidelines
If you do not specify any parameters, this command displays all DHCPv6 snooping entries.
Examples
# Display all DHCPv6 snooping entries.
275
<Sysname> display ipv6 dhcp snooping binding
1 DHCPv6 snooping entries found.
IPv6 address
MAC address
Lease
VLAN SVLAN Interface
================ ============== =========== ==== ===== ========================
2::1
00e0-fc00-0006 54
2
N/A
GigabitEthernet1/0/1
Table 67 Command output
Field
Description
IPv6 Address
IPv6 address assigned to the DHCPv6 client.
MAC Address
MAC address of the DHCPv6 client.
Lease
Remaining lease duration in seconds.
VLAN
When both DHCPv6 snooping and QinQ are enabled or the DHCPv6
packet contains two VLAN tags, this field identifies the outer VLAN tag.
Otherwise, it identifies the VLAN where the port connecting the DHCPv6
client resides.
SVLAN
When both DHCPv6 snooping and QinQ are enabled or the DHCPv6
packet contains two VLAN tags, this field identifies the inner VLAN tag.
Otherwise, it displays N/A.
Interface
Port connecting to the DHCPv6 client.
Related commands
•
ipv6 dhcp snooping binding record
•
reset ipv6 dhcp snooping binding
display ipv6 dhcp snooping binding database
Use display ipv6 dhcp snooping binding database to display information about DHCPv6
snooping entry auto backup.
Syntax
display ipv6 dhcp snooping binding database
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about DHCPv6 snooping entry auto backup.
<Sysname> display ipv6 dhcp snooping binding database
File name
:
database.dhcp
Username
:
Password
:
Update interval
:
600 seconds
Latest write time
:
Feb 27 18:48:04 2012
Status
:
Last write succeeded.
276
Table 68 Command output
Field
Description
File name
Name of the DHCPv6 snooping entry backup file.
Username
Username to be contained in the URL address for DDNS update requests.
Password
Password to be contained in the URL address for DDNS update requests. This field is
blank if no password is configured and displays ****** if a password is configured.
Update interval
Waiting time in seconds after a DHCPv6 snooping entry change for the DHCPv6
snooping device to update the backup file.
Latest write time
Time of the latest update.
Status
Status of the update:
•
Writing—The backup file is being updated.
•
Last write succeeded—The backup file was successfully updated.
•
Last write failed—The backup file failed to be updated.
display ipv6 dhcp snooping packet statistics
Use display ipv6 dhcp snooping packet statistics to display DHCPv6 packet statistics for
DHCPv6 snooping.
Syntax
display ipv6 dhcp snooping packet statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
If you do not specify the slot slot-number option, this command displays DHCPv6 packet statistics
for the device where this command is executed.
Examples
# Display DHCPv6 packet statistics for DHCPv6 snooping.
<Sysname> display ipv6 dhcp snooping packet statistics
DHCPv6 packets received
: 100
DHCPv6 packets sent
: 200
Invalid DHCPv6 packets dropped
: 0
Related commands
reset ipv6 dhcp snooping packet statistics
display ipv6 dhcp snooping trust
Use display ipv6 dhcp snooping trust to display information about trusted ports.
277
Syntax
display ipv6 dhcp snooping trust
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about trusted ports.
<Sysname> display ipv6 dhcp snooping trust
DHCPv6 snooping is enabled.
Interface
Trusted
=========================
============
GigabitEthernet1/0/1
Trusted
The output shows that DHCPv6 snooping is enabled, GigabitEthernet1/0/1 is the trusted port.
Related commands
ipv6 dhcp snooping trust
ipv6 dhcp snooping binding database filename
Use ipv6 dhcp snooping binding database filename to configure the DHCPv6 snooping device to
back up DHCPv6 snooping entries to a file.
Use undo ipv6 dhcp snooping binding database filename to disable the auto backup and
remove the backup file.
Syntax
ipv6 dhcp snooping binding database filename { filename | url url [ username username
[ password { cipher | simple } key ] ] }
undo ipv6 dhcp snooping binding database filename
Default
The DHCPv6 snooping device does not back up DHCPv6 snooping entries.
Views
System view
Predefined user roles
network-admin
Parameters
filename: Specifies the name of a local file. For information about the filename argument, see
Fundamentals Configuration Guide.
url url: Specifies the URL of a remote file. Do not include a username or password in the URL. Case
sensitivity and the supported path format type vary by server.
username username: Specifies the username for logging in to the remote device.
cipher: Sets a ciphertext password.
simple: Sets a plaintext password.
278
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string
of 1 to 32 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
Usage guidelines
For security purposes, all passwords, including passwords configured in plaintext, are saved in
ciphertext.
This command automatically creates the file if you specify a non-existent file.
With this command executed, the DHCPv6 snooping device backs up its snooping entries
immediately and runs auto backup. The snooping device, by default, waits 300 seconds after a
DHCPv6 snooping entry change to update the backup file. You can use the ipv6 dhcp snooping
binding database update interval command to change the waiting time. If no DHCPv6 snooping
entry changes, the backup file is not updated.
When the file is on a remote device, follow these restrictions and guidelines to specify the URL,
username, and password:
•
If the file is on an FTP server, enter URL in the format of ftp://server address:port/file path,
where the port number is optional.
•
If the file is on a TFTP server, enter URL in the format of tftp://server address:port/file path,
where the port number is optional.
•
The username and password must be the same as those configured on the FTP or TFTP
server. If the server authenticates only the username, the password can be omitted. For
example, enter URL ftp://1.1.1.1/database.dhcp username admin at the CLI to specify the
URL and username for the file on an FTP server.
•
If the IP address of the server is an IPv6 address, enclose the address in a pair of brackets, for
example, ftp://[1::1]/database.dhcp.
•
You can also specify the DNS domain name for the server address field, for example,
ftp://company/database.dhcp.
Examples
# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file
database.dhcp.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping binding database filename database.dhcp
# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file
database.dhcp in the working directory of the FTP server at 1::1.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping binding database filename url ftp://[1::1]/database.dhcp
username 1 password simple 1
# Configure the DHCPv6 snooping device to back up DHCPv6 snooping entries to the file
database.dhcp in the working directory of the TFTP server at 2::1.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping binding database filename tftp://[2::1]/database.dhcp
Related commands
ipv6 dhcp snooping binding database update interval
ipv6 dhcp snooping binding database update interval
Use ipv6 dhcp snooping binding database update interval to set the waiting time after a
DHCPv6 snooping entry change for the DHCPv6 snooping device to update the backup file.
Use undo ipv6 dhcp snooping binding database update interval to restore the default.
279
Syntax
ipv6 dhcp snooping binding database update interval seconds
undo ipv6 dhcp snooping binding database update interval
Default
The DHCPv6 snooping device waits 300 seconds after a DHCPv6 snooping entry change to update
the backup file. If no DHCPv6 snooping entry changes, the backup file is not updated.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Sets the waiting time in seconds, in the range of 60 to 864000.
Usage guidelines
When a DHCPv6 snooping entry is learned, updated, or removed, the waiting period starts. The
DHCPv6 snooping device updates the backup file when the waiting period is reached. All snooping
entries changed during the period will be saved to the backup file.
The waiting time does not take effect if you do not configure the DHCPv6 snooping entry auto
backup by using the ipv6 dhcp snooping binding database filename command.
Examples
# Set the waiting time to 600 seconds for the DHCPv6 snooping device to update the backup file.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping binding database update interval 600
Related commands
ipv6 dhcp snooping binding database filename
ipv6 dhcp snooping binding database update now
Use ipv6 dhcp snooping binding database update now to manually save DHCPv6 snooping
entries to the backup file.
Syntax
ipv6 dhcp snooping binding database update now
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command does not take effect if you do not configure the DHCPv6 snooping entry auto backup
by using the ipv6 dhcp snooping binding database filename command.
Examples
# Manually save DHCPv6 snooping entries to the backup file.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping binding database update now
280
Related commands
ipv6 dhcp snooping binding database filename
ipv6 dhcp snooping binding record
Use ipv6 dhcp snooping binding record to enable recording of client information in DHCPv6
snooping entries.
Use undo ipv6 dhcp snooping binding record to disable the feature.
Syntax
ipv6 dhcp snooping binding record
undo ipv6 dhcp snooping binding record
Default
DHCPv6 snooping does not record client information.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command enables DHCPv6 snooping on the port directly connected to the clients to record
client information in DHCPv6 snooping entries.
Examples
# Enable recording of client information in DHCPv6 snooping entries on GigabitEthernet1/0/1.
<Sysname> system-view
[Sysname]interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping binding record
ipv6 dhcp snooping check request-message
Use ipv6 dhcp snooping check request-message to enable the DHCPv6-REQUEST check
feature for the received DHCPv6-RENEW, DHCPv6-DECLINE, and DHCPv6-RELEASE messages.
Use undo ipv6 dhcp snooping check request-message to disable the DHCPv6-REQUEST check
feature.
Syntax
ipv6 dhcp snooping check request-message
undo ipv6 dhcp snooping check request-message
Default
The DHCPv6-REQUEST check feature is disabled.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
281
Usage guidelines
Use the DHCPv6-REQUEST check feature to protect the DHCPv6 server against DHCPv6 client
spoofing attacks. The feature enables the DHCPv6 snooping device to check every received
DHCPv6-RENEW, DHCPv6-DECLINE, or DHCPv6-RELEASE message against DHCPv6 snooping
entries.
•
•
If any of the criteria in an entry is matched, the device compares the entry with the message
information.

If they are consistent, the device considers the message valid and forwards it to the
DHCPv6 server.

If they are different, the device considers the message forged and discards it.
If no matching entry is found, the device forwards the message to the DHCPv6 server.
Examples
# Enable DHCPv6-REQUEST check.
<Sysname> system-view
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping check request-message
ipv6 dhcp snooping enable
Use ipv6 dhcp snooping enable to enable DHCPv6 snooping.
Use undo ipv6 dhcp snooping enable to disable DHCPv6 snooping.
Syntax
ipv6 dhcp snooping enable
undo ipv6 dhcp snooping enable
Default
DHCPv6 snooping is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use the DHCPv6 snooping feature together with trusted port configuration. Before trusted ports are
configured, all ports on the DHCPv6 snooping device are untrusted and discard all responses sent
from DHCPv6 servers.
When DHCPv6 snooping is disabled, the device forwards all responses from DHCPv6 servers.
Examples
# Enable DHCPv6 snooping.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping enable
ipv6 dhcp snooping max-learning-num
Use ipv6 dhcp snooping max-learning-num to set the maximum number of DHCPv6 snooping
entries for an interface to learn.
282
Use undo ipv6 dhcp snooping max-learning-num to restore the default.
Syntax
ipv6 dhcp snooping max-learning-num number
undo ipv6 dhcp snooping max-learning-num
Default
The number of DHCPv6 snooping entries for an interface to learn is not limited.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
number: Sets the maximum number of DHCPv6 snooping entries for an interface to learn. The value
range is 1 to 4294967295.
Examples
# Configure the Layer 2 Ethernet interface GigabitEthernet1/0/1 to learn a maximum of 1000
DHCPv6 snooping entries.
<Sysname> system-view
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping max-learning-num 1000
ipv6 dhcp snooping option interface-id enable
Use ipv6 dhcp snooping option interface-id enable to enable support for the interface-ID option
(also called Option 18).
Use undo ipv6 dhcp snooping option interface-id enable to restore the default.
Syntax
ipv6 dhcp snooping option interface-id enable
undo ipv6 dhcp snooping option interface-id enable
Default
The Option 18 is not supported.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only when DHCPv6 snooping is globally enabled.
Examples
# Enable support for Option 18.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping enable
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id enable
283
Related commands
• ipv6 dhcp snooping enable
• ipv6 dhcp snooping option interface-id string
ipv6 dhcp snooping option interface-id string
Use ipv6 dhcp snooping option interface-id string to specify the content as the interface ID for
Option 18.
Use undo ipv6 dhcp snooping option interface-id string to restore the default.
Syntax
ipv6 dhcp snooping option interface-id [ vlan vlan-id ] string interface-id
undo ipv6 dhcp snooping option interface-id [ vlan vlan-id ]
Default
The DHCPv6 snooping device uses its DUID as the content for Option 18.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Specifies the VLAN where the DHCPv6 clients resides.
interface-id: Specifies a string of 1 to 128 characters as the interface ID.
Examples
# Specify company001 as the interface ID.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping enable
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id enable
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option interface-id string company001
Related commands
•
ipv6 dhcp snooping enable
•
ipv6 dhcp snooping option interface-id enable
ipv6 dhcp snooping option remote-id enable
Use ipv6 dhcp snooping option remote-id enable to enable support for the remote-ID option (also
called Option 37).
Use undo ipv6 dhcp snooping option remote-id enable to restore the default.
Syntax
ipv6 dhcp snooping option remote-id enable
undo ipv6 dhcp snooping option remote-id enable
Default
Option 37 is not supported.
284
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only when DHCPv6 snooping is globally enabled.
Examples
# Enable support for Option 37.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping enable
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id enable
Related commands
•
ipv6 dhcp snooping enable
•
ipv6 dhcp snooping option remote-id string
ipv6 dhcp snooping option remote-id string
Use ipv6 dhcp snooping option remote-id string to specify the content as the remote ID for
Option 37.
Use undo ipv6 dhcp snooping option remote-id string to restore the default.
Syntax
ipv6 dhcp snooping option remote-id [ vlan vlan-id ] string remote-id
undo ipv6 dhcp snooping option remote-id [ vlan vlan-id ]
Default
The DHCPv6 snooping device uses its DUID as the content for Option 37.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Specifies the VLAN where the DHCPv6 clients resides.
remote-id: Specifies the a string of 1 to 128 characters as the remote ID.
Examples
# Specify device001 as the remote ID.
<Sysname> system-view
[Sysname] ipv6 dhcp snooping enable
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id enable
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping option remote-id string device001
285
Related commands
•
ipv6 dhcp snooping enable
•
ipv6 dhcp snooping option remote-id enable
ipv6 dhcp snooping rate-limit
Use ipv6 dhcp snooping rate-limit to set the maximum rate at which an interface can receive
DHCPv6 packets.
Use undo ipv6 dhcp snooping rate-limit to remove the rate limit.
Syntax
ipv6 dhcp snooping rate-limit rate
undo ipv6 dhcp snooping rate-limit
Default
Incoming DHCPv6 packets on an interface are not rate limited.
Views
Layer 2 Ethernet interface/Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
rate: Sets the maximum rate in Kbps. The value must be an integer multiple of 8, in the range of 64 to
512.
Usage guidelines
This command takes effect only when DHCPv6 snooping is enabled.
The DHCPv6 packet rate limit feature enables the interface to discard DHCPv6 packets that exceed
the maximum rate.
If you configure this command on a Layer 2 Ethernet interface that is a member port of a Layer 2
aggregate interface, the Layer 2 Ethernet interface uses the DHCP packet maximum rate configured
on the Layer 2 aggregate interface. If the Layer 2 Ethernet interface leaves the aggregation group, it
uses its own DHCP packet maximum rate.
Examples
# Configure GigabitEthernet1/0/1 to receive DHCPv6 packets at a maximum rate of 64 Kbps.
<Sysname> system-view
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping rate-limit 64
ipv6 dhcp snooping trust
Use ipv6 dhcp snooping trust to configure a port as a trusted port.
Use undo ipv6 dhcp snooping trust to restore the default state of a port.
Syntax
ipv6 dhcp snooping trust
undo ipv6 dhcp snooping trust
286
Default
After you enable DHCPv6 snooping, all ports are untrusted.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
Specify the port facing the DHCP server as trusted and specify the other ports as untrusted so DHCP
clients can obtain valid IP addresses.
Examples
# Specify GigabitEthernet1/0/1 as a trusted port.
<Sysname> system-view
[Sysname] interface GigabitEthernet1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 dhcp snooping trust
Related commands
display ipv6 dhcp snooping trust
reset ipv6 dhcp snooping binding
Use reset ipv6 dhcp snooping binding to clear DHCPv6 snooping entries.
Syntax
reset ipv6 dhcp snooping binding { all | address ipv6-address [ vlan vlan-id ] }
Views
User view
Predefined user roles
network-admin
Parameters
address ipv6-address: Clears the DHCPv6 snooping entry for the specified IPv6 address.
vlan vlan-id: Clears DHCPv6 snooping entries for the specified VLAN.
all: Clears all DHCPv6 snooping entries.
Examples
# Clear all DHCPv6 snooping entries.
<Sysname> reset ipv6 dhcp snooping binding all
Related commands
display ipv6 dhcp snooping binding
reset ipv6 dhcp snooping packet statistics
Use reset ipv6 dhcp snooping packet statistics to clear DHCPv6 packet statistics for DHCPv6
snooping.
Syntax
reset ipv6 dhcp snooping packet statistics [ slot slot-number ]
287
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
If you do not specify the slot slot-number option, this command clears DHCPv6 packet statistics for
the device where this command is executed.
Examples
# Clear DHCPv6 packet statistics for DHCPv6 snooping.
<Sysname> reset ipv6 dhcp snooping packet statistics
Related commands
display ipv6 dhcp snooping packet statistics
288
IPv6 fast forwarding commands
display ipv6 fast-forwarding aging-time
Use display ipv6 fast-forwarding aging-time to display the aging time of IPv6 fast forwarding
entries.
Syntax
display ipv6 fast-forwarding aging-time
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the aging time of IPv6 fast forwarding entries.
<Sysname> display ipv6 fast-forwarding aging-time
Aging time: 30s
Table 69 Command output
Field
Description
Aging time
Aging time of IPv6 fast forwarding entries.
Related commands
ipv6 fast-forwarding aging-time
display ipv6 fast-forwarding cache
Use display ipv6 fast-forwarding cache to display IPv6 fast forwarding table information.
Syntax
display ipv6 fast-forwarding cache [ ipv6-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command
displays all IPv6 fast forwarding entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify this option,
the command displays IPv6 fast forwarding entries on all member devices.
289
Usage guidelines
This command displays IPv6 fast forwarding entries. Each entry includes the following fields:
•
Source IPv6 address
•
Source port number
•
Destination IPv6 address
•
Destination port number
•
Protocol number
•
VPN instance
•
Input and output interface
Examples
# Display all IPv6 fast forwarding entries.
<Sysname> display ipv6 fast-forwarding cache
Total number of IPv6 fast-forwarding items: 2
Src IP: 2002::1
Src port: 129
Dst IP: 2001::1
Dst port: 65535
Protocol: 58
VPN instance: vpn1
Input interface: GE1/0/2
Output interface: GE1/0/1
Src IP: 2001::1
Src port: 128
Dst IP: 2002::1
Dst port: 0
Protocol: 58
VPN instance: vpn2
Input interface: GE1/0/1
Output interface: GE1/0/2
Table 70 Command output
Field
Description
Total number of IPv6 fast-forwarding
items
Number of IPv6 fast forwarding entries.
Src IP
Source IPv6 address.
Src port
Source port number.
Dst IP
Destination IPv6 address.
Dst Port
Destination port number.
Protocol
Protocol number.
VPN instance
VPN instance.
Input interface type and number.
Input interface
If no interface is involved in fast forwarding, this field displays N/A.
If the input interface does not exist, this field displays a hyphen (-).
Output interface type and number.
Output interface
If no interface is involved in fast forwarding, this field displays N/A.
If the output interface does not exist, this field displays a hyphen (-).
290
Related commands
reset ipv6 fast-forwarding cache
ipv6 fast-forwarding aging-time
Use ipv6 fast-forwarding aging-time to set the aging time of IPv6 fast forwarding entries.
Use undo ipv6 fast-forwarding aging-time to restore the default.
Syntax
ipv6 fast-forwarding aging-time aging-time
undo ipv6 fast-forwarding aging-time
Default
The aging time of IPv6 fast forwarding entries is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
aging-time: Sets the aging time for IPv6 fast forwarding entries, in the range of 10 to 300 seconds.
Examples
# Set the aging time for IPv6 fast forwarding entries to 20 seconds.
<Sysname> system-view
[Sysname] ipv6 fast-forwarding aging-time 20
Related commands
display ipv6 fast-forwarding aging-time
ipv6 fast-forwarding load-sharing
Use ipv6 fast-forwarding load-sharing to enable IPv6 fast-forwarding load sharing.
Use undo ipv6 fast-forwarding load-sharing to disable IPv6 fast-forwarding load sharing.
Syntax
ipv6 fast-forwarding load-sharing
undo ipv6 fast-forwarding load-sharing
Default
IPv6 fast-forwarding load sharing is enabled.
Views
System view
Predefined user roles
network-admin
291
Usage guidelines
IPv6 fast-forwarding load sharing enables the device to identify a data flow by using the five-tuple
(source IP, source port, destination IP, destination port, and protocol). The device then forwards
packets of the same flow to implement load sharing.
If IPv6 fast-forwarding load sharing is disabled, the device identifies a data flow by the five-tuple and
the input interface. No load sharing is implemented.
Examples
# Enable IPv6 fast-forwarding load sharing.
<Sysname> system-Views
[Sysname] ipv6 fast-forwarding load-sharing
reset ipv6 fast-forwarding cache
Use reset ipv6 fast-forwarding cache to clear IPv6 fast forwarding table information.
Syntax
reset ipv6 fast-forwarding cache [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify this option,
the command clears the IPv6 fast forwarding table information on all IRF member devices.
Examples
# Clear IPv6 fast forwarding table information.
<Sysname> reset ipv6 fast-forwarding cache
Related commands
display ipv6 fast-forwarding cache
292
Tunneling commands
bandwidth
Use bandwidth to set the expected bandwidth for an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth is 64 kbps.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth for an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For
more information, see Layer 3—IP Routing Configuration Guide.
Examples
# Set the expected bandwidth of Tunnel 1 to 100 kbps.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunnel1] bandwidth 100
default
Use default to restore the default settings for the tunnel interface.
Syntax
default
Views
Tunnel interface view
Predefined user roles
network-admin
Usage guidelines
The default command might interrupt ongoing network services. Make sure you are fully aware of
the impacts of this command when you use it on a live network.
This command might fail to restore the default settings for some commands for reasons such as
command dependencies or system restrictions. Use the display this command in interface view to
identify these commands. Use their undo forms or follow the command reference to restore their
293
default settings. If your restoration attempt still fails, follow the error message instructions to resolve
the problem.
Examples
# Restore the default settings of interface tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunnel1] default
description
Use description to configure a description for a tunnel interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of a tunnel interface is Tunnelnumber Interface, for example, Tunnel1 Interface.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
text: Specifies a description for the interface, a case-sensitive string of 1 to 255 characters.
Usage guidelines
Configure descriptions for different interfaces for identification and management purposes.
You can use the display interface command to display the configured interface description.
Examples
# Configure the description for the interface Tunnel 1 as tunnel1.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunnel1] description tunnel1
Related commands
display interface tunnel
destination
Use destination to specify the destination address for a tunnel interface.
Use undo destination to remove the configured tunnel destination address.
Syntax
destination { ip-address | ipv6-address }
undo destination
294
Default
No tunnel destination address is configured.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the tunnel destination IPv4 address.
ipv6-address: Specifies the tunnel destination IPv6 address.
Usage guidelines
For a manual tunnel interface, you must configure the destination address. For an automatic tunnel
interface, you do not need to configure the destination address.
The tunnel destination address must be the address of the receiving interface on the tunnel peer. It is
used as the destination address of tunneled packets.
The destination address of the local tunnel interface must be the source address of the peer tunnel
interface, and vice versa.
Examples
# VLAN-interface 100 of Sysname 1 uses the IP address 193.101.1.1 and VLAN-interface 100 of
Sysname 2 uses the IP address 192.100.1.1. Configure the source address 193.101.1.1 and
destination address 192.100.1.1 for the tunnel interface of Sysname 1.
<Sysname1> system-view
[Sysname1] interface tunnel 1 mode ipv6-ipv4
[Sysname1-Tunnel1] source 193.101.1.1
[Sysname1-Tunnel1] destination 192.100.1.1
# Configure the source address 192.100.1.1 and destination address 193.101.1.1 for the tunnel
interface of Sysname 2.
<Sysname2> system-view
[Sysname2] interface tunnel 1 mode ipv6-ipv4
[Sysname2-Tunnel1] source 192.100.1.1
[Sysname2-Tunnel1] destination 193.101.1.1
Related commands
•
display interface tunnel
•
interface tunnel
•
source
display interface tunnel
Use display interface tunnel to display information about tunnel interfaces, including the source
address, destination address, and tunnel mode.
Syntax
display interface tunnel [ number [ brief [ description ] ] | brief [ description | down ] ]
Views
Any view
295
Predefined user roles
network-admin
network-operator
Parameters
number: Specifies the number of a tunnel interface.
brief: Displays brief interface information. If you do not specify this keyword, the command displays
detailed interface information.
down: Displays information about interfaces in the physical state of DOWN and the causes. If you do
not specify this keyword, the command displays information about interfaces in all states.
description: Displays complete interface descriptions. If you do not specify this keyword, the
command displays only the first 27 characters of interface descriptions.
Usage guidelines
If you do not specify the tunnel keyword, this command displays information about all interfaces on
the device.
If you specify the tunnel keyword without the number argument, this command displays information
about all existing tunnel interfaces.
Examples
# Display detailed information about interface Tunnel 1.
<Sysname> display interface tunnel 1
Tunnel1
Current state: DOWN
Line protocol state: DOWN
Description: Tunnel5 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source unknown, destination unknown
Tunnel encapsulation-limit is disabled
Tunnel TTL 255
Tunnel protocol/transport IPv6
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 71 Command output
Field
Description
Tunnel1
Information about the tunnel interface Tunnel 1.
Current state
State of the tunnel interface:
•
Administratively DOWN—The interface has been shut down
by using the shutdown command.
•
DOWN—The interface is administratively up but its physical
state is down.
•
UP—Both the administrative and physical states of the interface
are up.
296
Field
Description
Line protocol state
Link layer protocol state of the tunnel interface. The value is
determined by the parameter negotiation on the link layer.
•
UP—The protocol state of the interface is up.
•
UP (spoofing)—The link protocol state of the interface is up,
but the link is temporarily set up on demand or does not exist.
This attribute is available for null interfaces and loopback
interfaces.
•
DOWN—The protocol state of the interface is down.
Description
Description of the tunnel interface.
Bandwidth
Intended bandwidth for the tunnel interface.
Maximum Transmit Unit
MTU of the tunnel interface.
IP address of the tunnel interface.
If no IP address is assigned to the interface, this field displays
Internet protocol processing: disabled, and the tunnel interface
cannot process packets.
Internet Address
Primary indicates it is the primary IP address of the interface.
Tunnel source
Source address of the tunnel. If a source interface is specified for the
tunnel interface, this field also displays the source interface in
parentheses.
destination
Destination address of the tunnel.
Tunnel
disabled
encapsulation-limit
is
Tunnel nested encapsulation is not supported.
Tunnel TTL
TTL of tunneled packets.
Tunnel protocol/transport
Tunnel mode and transport protocol:
•
GRE/IP—GRE/IPv4 tunnel mode.
•
GRE/IPv6—GRE/IPv6 tunnel mode.
•
IP/IP—IPv4 over IPv4 tunnel mode.
•
IPv6—IPv6 tunnel mode.
•
IPv6/IP—IPv6 over IPv4 manual tunnel mode.
•
IPv6/IP 6to4—IPv6 over IPv4 6to4 tunnel mode.
•
IPv6/IP ISATAP—IPv6 over IPv4 ISATAP tunnel mode.
Last clearing of counters
Last time of clearing counters.
Last 300 seconds input: 0 bytes/sec,
0 packets/sec
Average input rate in the last 300 seconds.
Last 300 seconds input rate: 0
bytes/sec, 0 bits/sec, 0 packets/sec
Average output rate in the last 300 seconds.
# Display brief information about the interface Tunnel 1.
<Sysname> display interface tunnel 1 brief
Brief information of interface(s) under route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Main IP
Description
Tun1
UP
aaaaaaaaaaaaaaaaaaaaaaaaaaa
UP
1.1.1.1
# Display brief information about interface Tunnel 1, including the complete interface description.
<Sysname> display interface tunnel 1 brief description
Brief information of interface(s) under route mode:
297
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Main IP
Description
Tun1
UP
aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
UP
1.1.1.1
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
# Display information about interfaces in the physical state of DOWN and the causes.
<Sysname> display interface tunnel brief down
Brief information on interface(s) under route mode:
Link: ADM - administratively down; Stby - standby
Interface
Link Cause
Tun0
DOWN Not connected
Tun1
DOWN Not connected
Table 72 Command output
Field
Description
Brief
information
of
interface(s) under route mode
Brief information about Layer 3 interfaces.
Link: ADM - administratively
down; Stby - standby
Link status:
•
ADM—The interface has been administratively shut down. To recover
its physical state, use the undo shutdown command.
•
Stby—The interface is a backup interface.
Protocol: (s) - spoofing
(s) indicates that the data link layer protocol state is UP, but the link is
temporarily set up on demand or does not exist. This attribute is available
for null interfaces and loopback interfaces.
Interface
Abbreviated interface name.
Link
Physical link state of the interface:
•
UP—The link is physically up.
•
DOWN—The link is physically down.
•
ADM—The link has been administratively shut down. To bring it up,
use the undo shutdown command.
•
Stby—The interface is a backup interface.
Protocol
Data link layer protocol state of the interface:
•
UP—The data link protocol state of the interface is up.
•
UP (spoofing)—The link protocol state of the interface is up, but the
link is temporarily set up on demand or does not exist. This attribute is
available for null interfaces and loopback interfaces.
Main IP
Primary IP address of the interface.
Description
Description of the interface.
Cause
Causes for the physical state of DOWN:
•
Administratively—The link has been shut down by using the
shutdown command. To restore its physical state, use the undo
shutdown command.
•
Not connected—The tunnel is not established.
Related commands
•
destination
•
interface tunnel
•
source
298
interface tunnel
Use interface tunnel to create a tunnel interface, specify the tunnel mode, and enter tunnel interface
view.
Use undo interface tunnel to delete a tunnel interface.
Syntax
interface tunnel number [ mode { gre [ ipv6 ] | ipv4-ipv4 | ipv6 | ipv6-ipv4 [ 6to4 | isatap ] |
mpls-te } ]
undo interface tunnel number
Default
No tunnel interface is created on the device.
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies the number of the tunnel interface, in the range of 0 to 127.
mode gre: Specifies the GRE/IPv4 tunnel mode.
mode gre ipv6: Specifies the GRE/IPv6 tunnel mode.
mode ipv4-ipv4: Specifies the IPv4 over IPv4 tunnel mode.
mode ipv6: Specifies the IPv6 tunnel mode. Set this mode for IPv4 over IPv6 manual and IPv6 over
IPv6 tunnels.
mode ipv6-ipv4: Specifies the IPv6 over IPv4 manual tunnel mode.
mode ipv6-ipv4 6to4: Specifies the 6to4 tunnel mode.
mode ipv6-ipv4 isatap: Specifies the ISATAP tunnel mode.
mode mpls-te: Specifies the MPLS TE tunnel mode.
Usage guidelines
To create a new tunnel interface, you must specify the tunnel mode in this command. To enter the
view of an existing tunnel interface, you do not need to specify the tunnel mode.
A tunnel interface number is locally significant. The tunnel interfaces on the two ends of a tunnel can
use the same or different interface numbers.
Examples
# Create the GRE/IPv4 tunnel interface Tunnel 1 and enter tunnel interface view.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1]
Related commands
•
destination
•
display interface tunnel
•
source
299
mtu
Use mtu to set the MTU on a tunnel interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU is 64000 bytes.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
size: Specifies the MTU in the range of 100 to 64000 bytes.
Usage guidelines
Set an appropriate MTU to avoid fragmentation. The MTU for the tunnel interface applies only to
unicast packets.
An MTU set on any tunnel interface is effective on all existing tunnel interfaces.
Examples
# Set the MTU on interface Tunnel 1 to 10000 bytes.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunnel1] mtu 10000
Related commands
display interface tunnel
reset counters interface
Use reset counters interface to clear statistics for tunnel interfaces.
Syntax
reset counters interface [ tunnel [ number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
number: Specifies the tunnel interface number.
Usage guidelines
Use this command to clear old statistics so you can observe new traffic statistics on a tunnel
interface.
300
•
If you do not specify any parameters, this command clears statistics for all interfaces.
•
If you specify only the tunnel keyword, this command clears statistics for all tunnel interfaces.
•
If you specify both the tunnel keyword and the number argument, this command clears
statistics for the specified tunnel interface.
Examples
# Clear statistics for interface Tunnel 1.
<Sysname> reset counters interface tunnel 1
Related commands
display interface tunnel
service
Use service to specify an IRF member device for forwarding the traffic on the tunnel interface.
Use undo service to restore the default.
Syntax
service slot slot-number
undo service slot
Default
No IRF member device is specified for the tunnel interface.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
If no IRF member device is specified for forwarding the traffic on the tunnel interface, the traffic is
processed on the IRF member device that receives the traffic.
Some functions, such as IPsec anti-replay, require that traffic for the same tunnel interface be
processed on the same IRF member device. If such a function is configured, you must use this
command to specify an IRF member device for forwarding the traffic on a tunnel interface.
If the specified IRF member device is removed, traffic on the tunnel interface cannot be forwarded
even if the tunnel interface is up. When the IRF member device is reinstalled, traffic forwarding
resumes on the member device.
Examples
# Specify IRF member device 2 to forward traffic for interface Tunnel 200.
<Sysname> system-view
[Sysname] interface tunnel 200
[Sysname-Tunnel200] service slot 2
shutdown
Use shutdown to shut down a tunnel interface.
301
Use undo shutdown to bring up a tunnel interface.
Syntax
shutdown
undo shutdown
Default
The tunnel interface is enabled.
Views
Tunnel interface view
Predefined user roles
network-admin
Usage guidelines
This command disconnects all links set up on the interface. Make sure you fully understand the
impact of the command on your network.
Examples
# Shut down interface Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1
[Sysname-Tunnel1] shutdown
Related commands
display interface tunnel
source
Use source to specify the source address or source interface for the tunnel interface.
Use undo source to restore the default.
Syntax
source { ip-address | ipv6-address | interface-type interface-number }
undo source
Default
No source address or source interface is specified for the tunnel interface.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the tunnel source IPv4 address.
ipv6-address: Specifies the tunnel source IPv6 address.
interface-type interface-number: Specifies the source interface. The interface must be up and must
have an IP address.
302
Usage guidelines
The specified source address or the address of the specified source interface is used as the source
address of tunneled packets. To view the configured tunnel source address, use the display
interface tunnel command.
The source address of the local tunnel interface must be the destination address of the peer tunnel
interface, and vice versa.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify VLAN-interface 10 as the source interface of interface Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1] source vlan-interface 10
# Specify 192.100.1.1 as the source address of interface Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1] source 192.100.1.1
Related commands
•
destination
•
display interface tunnel
•
interface tunnel
tunnel dfbit enable
Use tunnel dfbit enable to set the Don't Fragment (DF) bit for tunneled packets.
Use undo tunnel dfbit enable to restore the default.
Syntax
tunnel dfbit enable
undo tunnel dfbit enable
Default
The DF bit is not set for tunneled packets.
Views
Tunnel interface view
Predefined user roles
network-admin
Usage guidelines
To avoid fragmentation and delay, set the DF bit for tunneled packets. Make sure the path MTU is
larger than tunneled packets. Otherwise, do not set the DF bit to avoid discarding tunneled packets
larger than the path MTU.
This command is not supported on a GRE over IPv6 tunnel interface and an IPv6 tunnel interface.
Examples
# Set the DF bit for tunneled packets on interface Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
303
[Sysname-Tunnel1] tunnel dfbit enable
tunnel discard ipv4-compatible-packet
Use tunnel discard ipv4-compatible-packet to enable dropping IPv6 packets that use
IPv4-compatible IPv6 addresses.
Use undo tunnel discard ipv4-compatible-packet to restore the default.
Syntax
tunnel discard ipv4-compatible-packet
undo tunnel discard ipv4-compatible-packet
Default
IPv6 packets that use IPv4-compatible IPv6 addresses are not dropped.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to check the source and destination IPv6 addresses of the
de-encapsulated IPv6 packets from a tunnel. If a packet uses an IPv4-compatible IPv6 address as
the source or destination address, the device discards the packet.
Examples
# Enable dropping IPv6 packets that use IPv4-compatible IPv6 addresses.
<Sysname> system-view
[Sysname] tunnel discard ipv4-compatible-packet
tunnel tos
Use tunnel tos to set the ToS of tunneled packets.
Use undo tunnel tos to restore the default.
Syntax
tunnel tos tos-value
undo tunnel tos
Default
The ToS of tunneled packets is the same as the ToS of the original packets.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
tos-value: Specifies the ToS of tunneled packets, in the range of 0 to 255.
304
Usage guidelines
After you configure this command, all the tunneled packets of different services sent on the tunnel
interface will use the same configured ToS. For more information about ToS, see ACL and QoS
Configuration Guide.
Examples
# Set the ToS of tunneled packets on the interface Tunnel 1 to 20.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1] tunnel tos 20
Related commands
display interface tunnel
tunnel ttl
Use tunnel ttl to set the Time to Live (TTL) of tunneled packets.
Use undo tunnel ttl to restore the default.
Syntax
tunnel ttl ttl-value
undo tunnel ttl
Default
The TTL of tunneled packets is 255.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
ttl-value: Specifies the TTL of tunneled packets, in the range of 1 to 255.
Usage guidelines
The TTL determines the maximum number of hops that the tunneled packets can pass. When the
TTL expires, the tunneled packet is discarded to avoid loops.
Examples
# Set the TTL of tunneled packets to 100 on interface Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode gre
[Sysname-Tunnel1] tunnel ttl 100
Related commands
display interface tunnel
305
GRE commands
keepalive
Use keepalive to enable GRE keepalive and set the keepalive interval and the keepalive number.
Use undo keepalive to disable GRE keepalive.
Syntax
keepalive [ interval [ times ] ]
undo keepalive
Default
GRE keepalive is disabled.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
interval: Sets the keepalive interval in the range of 1 to 32767 seconds. The default value is 10.
times: Sets the keepalive number in the range of 1 to 255. The default value is 3.
Usage guidelines
This command enables the tunnel interface to send keepalive packets at the specified interval. If the
device receives no response from the peer within the timeout time, the device shuts down the local
tunnel interface until it receives a keepalive acknowledgment packet from the peer. The timeout time
is the result of multiplying the keepalive interval by the keepalive number.
The device always acknowledges the keepalive packets it receives whether or not GRE keepalive is
enabled.
GRE over IPv6 tunnel interfaces do not support this command.
Examples
# Enable GRE keepalive, set the keepalive interval to 20 seconds, and set the keepalive number to
5.
<Sysname> system-view
[Sysname] interface tunnel 2 mode gre
[Sysname-Tunnel2] keepalive 20 5
306
Document conventions and icons
Conventions
This section describes the conventions used in the documentation.
Port numbering in examples
The port numbers in this document are for illustration only and might be unavailable on your device.
Command conventions
Convention
Description
Boldface
Bold text represents commands and keywords that you enter literally as shown.
Italic
Italic text represents arguments that you replace with actual values.
[]
Square brackets enclose syntax choices (keywords or arguments) that are optional.
{ x | y | ... }
Braces enclose a set of required syntax choices separated by vertical bars, from which
you select one.
[ x | y | ... ]
Square brackets enclose a set of optional syntax choices separated by vertical bars,
from which you select one or none.
{ x | y | ... } *
Asterisk marked braces enclose a set of required syntax choices separated by vertical
bars, from which you select at least one.
[ x | y | ... ] *
Asterisk marked square brackets enclose optional syntax choices separated by vertical
bars, from which you select one choice, multiple choices, or none.
&<1-n>
The argument or keyword and argument combination before the ampersand (&) sign
can be entered 1 to n times.
#
A line that starts with a pound (#) sign is comments.
GUI conventions
Convention
Description
Boldface
Window names, button names, field names, and menu items are in Boldface. For
example, the New User window appears; click OK.
>
Multi-level menus are separated by angle brackets. For example, File > Create >
Folder.
Convention
Description
Symbols
WARNING!
An alert that calls attention to important information that if not understood or followed
can result in personal injury.
CAUTION:
An alert that calls attention to important information that if not understood or followed
can result in data loss, data corruption, or damage to hardware or software.
IMPORTANT:
An alert that calls attention to essential information.
NOTE:
TIP:
An alert that contains additional or supplementary information.
An alert that provides helpful information.
307
Network topology icons
Convention
Description
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that
supports Layer 2 forwarding and other Layer 2 features.
Represents an access controller, a unified wired-WLAN module, or the access
controller engine on a unified wired-WLAN switch.
Represents an access point.
T
Represents a wireless terminator unit.
T
Represents a wireless terminator.
Represents a mesh access point.
Represents omnidirectional signals.
Represents directional signals.
Represents a security product, such as a firewall, UTM, multiservice security
gateway, or load balancing device.
Represents a security card, such as a firewall, load balancing, NetStream, SSL VPN,
IPS, or ACG card.
308
Support and other resources
Accessing Hewlett Packard Enterprise Support
•
For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:
www.hpe.com/assistance
•
To access documentation and support services, go to the Hewlett Packard Enterprise Support
Center website:
www.hpe.com/support/hpesc
Information to collect
•
Technical support registration number (if applicable)
•
Product name, model or version, and serial number
•
Operating system name and version
•
Firmware version
•
Error messages
•
Product-specific reports and logs
•
Add-on products or components
•
Third-party products or components
Accessing updates
•
Some software products provide a mechanism for accessing software updates through the
product interface. Review your product documentation to identify the recommended software
update method.
•
To download product updates, go to either of the following:

Hewlett Packard Enterprise Support Center Get connected with updates page:
www.hpe.com/support/e-updates

Software Depot website:
www.hpe.com/support/softwaredepot
•
To view and update your entitlements, and to link your contracts, Care Packs, and warranties
with your profile, go to the Hewlett Packard Enterprise Support Center More Information on
Access to Support Materials page:
www.hpe.com/support/AccessToSupportMaterials
IMPORTANT:
Access to some updates might require product entitlement when accessed through the Hewlett
Packard Enterprise Support Center. You must have an HP Passport set up with relevant
entitlements.
309
Websites
Website
Link
Networking websites
Hewlett Packard Enterprise Information Library for
Networking
www.hpe.com/networking/resourcefinder
Hewlett Packard Enterprise Networking website
www.hpe.com/info/networking
Hewlett Packard Enterprise My Networking website
www.hpe.com/networking/support
Hewlett Packard Enterprise My Networking Portal
www.hpe.com/networking/mynetworking
Hewlett Packard Enterprise Networking Warranty
www.hpe.com/networking/warranty
General websites
Hewlett Packard Enterprise Information Library
www.hpe.com/info/enterprise/docs
Hewlett Packard Enterprise Support Center
www.hpe.com/support/hpesc
Hewlett Packard Enterprise Support Services Central
ssc.hpe.com/portal/site/ssc/
Contact Hewlett Packard Enterprise Worldwide
www.hpe.com/assistance
Subscription Service/Support Alerts
www.hpe.com/support/e-updates
Software Depot
www.hpe.com/support/softwaredepot
Customer Self Repair (not applicable to all devices)
www.hpe.com/support/selfrepair
Insight Remote Support (not applicable to all devices)
www.hpe.com/info/insightremotesupport/docs
Customer self repair
Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If
a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your
convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized
service provider will determine whether a repair can be accomplished by CSR.
For more information about CSR, contact your local service provider or go to the CSR website:
www.hpe.com/support/selfrepair
Remote support
Remote support is available with supported devices as part of your warranty, Care Pack Service, or
contractual support agreement. It provides intelligent event diagnosis, and automatic, secure
submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast
and accurate resolution based on your product’s service level. Hewlett Packard Enterprise strongly
recommends that you register your device for remote support.
For more information and device support details, go to the following website:
www.hpe.com/info/insightremotesupport/docs
Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help
us improve the documentation, send any errors, suggestions, or comments to Documentation
Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,
310
part number, edition, and publication date located on the front cover of the document. For online help
content, include the product name, product version, help edition, and publication date located on the
legal notices page.
311
312
Index
ABCDEFGIKLMNOPRSTUVW
dhcp relay release ip,70
dhcp relay server-address,71
dhcp select,29
dhcp server always-broadcast,34
dhcp server apply ip-pool,35
dhcp server bootp ignore,35
dhcp server bootp reply-rfc-1048,36
dhcp server forbidden-ip,36
dhcp server ip-pool,37
dhcp server ping packets,38
dhcp server ping timeout,39
dhcp server relay information enable,39
dhcp smart-relay enable,71
dhcp snooping binding database filename,83
dhcp snooping binding database update interval,84
dhcp snooping binding database update now,85
dhcp snooping binding record,86
dhcp snooping check mac-address,86
dhcp snooping check request-message,87
dhcp snooping enable,87
dhcp snooping information circuit-id,88
dhcp snooping information enable,90
dhcp snooping information remote-id,90
dhcp snooping information strategy,91
dhcp snooping max-learning-num,92
dhcp snooping rate-limit,93
dhcp snooping trust,93
display arp,7
display arp ip-address,9
display arp snooping,19
display arp timer aging,10
display arp vpn-instance,10
display bootp client,99
display ddns policy,117
display dhcp client,80
display dhcp relay check mac-address,72
display dhcp relay client-information,73
display dhcp relay information,74
display dhcp relay server-address,75
display dhcp relay statistics,76
display dhcp server conflict,40
display dhcp server expired,41
display dhcp server free-ip,42
display dhcp server ip-in-use,43
display dhcp server pool,44
A
address range,30
address range,238
arp check enable,1
arp check log enable,1
arp ip-conflict log prompt,13
arp max-learning-num,2
arp max-learning-number,3
arp mode uni,4
arp multiport,5
arp send-gratuitous-arp,13
arp snooping enable,19
arp static,5
arp timer aging,7
B
bandwidth,293
bims-server,31
bootfile-name,31
C
class,32
Customer self repair,310
D
ddns apply policy,115
ddns dscp,116
ddns policy,116
default,293
description,294
destination,294
dhcp class,33
dhcp client dad enable,78
dhcp client dscp,79
dhcp client identifier,79
dhcp dscp,28
dhcp enable,28
dhcp relay check mac-address,62
dhcp relay check mac-address aging time,63
dhcp relay client-information record,64
dhcp relay client-information refresh,64
dhcp relay client-information refresh enable,65
dhcp relay information circuit-id,66
dhcp relay information enable,68
dhcp relay information remote-id,68
dhcp relay information strategy,69
313
display ipv6 rawip verbose,191
display ipv6 statistics,194
display ipv6 tcp,195
display ipv6 tcp verbose,197
display ipv6 udp,200
display ipv6 udp verbose,201
display local-proxy-arp,16
display proxy-arp,16
display rawip,142
display rawip verbose,143
display tcp,145
display tcp statistics,146
display tcp verbose,148
display udp,150
display udp statistics,151
display udp verbose,152
display udp-helper interface,166
display udp-helper interface,171
dns domain,105
dns dscp,105
dns proxy enable,106
dns server,106
dns source-interface,107
dns spoofing,108
dns trust-interface,109
dns-list,48
dns-server,249
Documentation feedback,310
domain-name,48
domain-name,250
display dhcp server statistics,46
display dhcp snooping binding,94
display dhcp snooping binding database,95
display dhcp snooping information,96
display dhcp snooping packet statistics,97
display dhcp snooping trust,98
display dns domain,101
display dns host,101
display dns server,103
display fib,125
display icmp statistics,140
display interface tunnel,295
display ip fast-forwarding aging-time,130
display ip fast-forwarding cache,130
display ip fast-forwarding fragcache,131
display ip interface,22
display ip interface brief,24
display ip statistics,140
display ipv6 dhcp client,269
display ipv6 dhcp client statistics,271
display ipv6 dhcp duid,236
display ipv6 dhcp pool,239
display ipv6 dhcp prefix-pool,240
display ipv6 dhcp relay server-address,264
display ipv6 dhcp relay statistics,265
display ipv6 dhcp server,241
display ipv6 dhcp server conflict,242
display ipv6 dhcp server expired,243
display ipv6 dhcp server ip-in-use,244
display ipv6 dhcp server pd-in-use,246
display ipv6 dhcp server statistics,248
display ipv6 dhcp snooping binding,275
display ipv6 dhcp snooping binding database,276
display ipv6 dhcp snooping packet statistics,277
display ipv6 dhcp snooping trust,277
display ipv6 dns server,104
display ipv6 fast-forwarding aging-time,289
display ipv6 fast-forwarding cache,289
display ipv6 fib,176
display ipv6 icmp statistics,177
display ipv6 interface,178
display ipv6 interface prefix,182
display ipv6 nd snooping,183
display ipv6 nd snooping count,184
display ipv6 neighbors,185
display ipv6 neighbors count,187
display ipv6 neighbors vpn-instance,187
display ipv6 pathmtu,188
display ipv6 prefix,189
display ipv6 rawip,190
E
expired,49
F
forbidden-ip,50
G
gateway-list,50
gratuitous-arp-learning enable,14
gratuitous-arp-sending enable,15
I
if-match,51
interface tunnel,299
interval,118
ip address,25
ip address bootp-alloc,100
ip address dhcp-alloc,82
ip address unnumbered,26
ip fast-forwarding aging-time,132
ip fast-forwarding load-sharing,133
314
ipv6 dns dscp,111
ipv6 dns server,111
ipv6 dns spoofing,112
ipv6 fast-forwarding aging-time,291
ipv6 fast-forwarding load-sharing,291
ipv6 hop-limit,208
ipv6 hoplimit-expires enable,209
ipv6 host,113
ipv6 icmpv6 error-interval,209
ipv6 icmpv6 multicast-echo-reply enable,210
ipv6 icmpv6 source,211
ipv6 mtu,211
ipv6 nd autoconfig managed-address-flag,212
ipv6 nd autoconfig other-flag,213
ipv6 nd dad attempts,214
ipv6 nd ns retrans-timer,214
ipv6 nd nud reachable-time,215
ipv6 nd ra halt,216
ipv6 nd ra hop-limit unspecified,216
ipv6 nd ra interval,217
ipv6 nd ra no-advlinkmtu,218
ipv6 nd ra prefix,218
ipv6 nd ra router-lifetime,219
ipv6 nd router-preference,222
ipv6 nd snooping enable global,220
ipv6 nd snooping enable link-local,220
ipv6 nd snooping glean source,221
ipv6 nd snooping max-learning-num,222
ipv6 neighbor,223
ipv6 neighbor link-local minimize,224
ipv6 neighbor stale-aging,225
ipv6 neighbors max-learning-num,225
ipv6 option drop enable,226
ipv6 pathmtu,227
ipv6 pathmtu age,227
ipv6 prefer temporary-address,228
ipv6 prefix,229
ipv6 redirects enable,229
ipv6 temporary-address,230
ipv6 unreachables enable,231
ip forward-broadcast,154
ip host,110
ip icmp error-interval,155
ip icmp fragment discarding,156
ip icmp source,156
ip irdp,135
ip irdp address,135
ip irdp interval,137
ip irdp lifetime,136
ip irdp multicast,137
ip irdp preference,138
ip load-sharing local-first enable,128
ip load-sharing mode per-flow,128
ip mtu,157
ip redirects enable,158
ip ttl-expires enable,158
ip unreachables enable,159
ipv6 address,203
ipv6 address anycast,204
ipv6 address auto,205
ipv6 address auto link-local,206
ipv6 address dhcp-alloc,272
ipv6 address eui-64,207
ipv6 address link-local,207
ipv6 dhcp client dscp,273
ipv6 dhcp client pd,273
ipv6 dhcp client stateless enable,274
ipv6 dhcp dscp,236
ipv6 dhcp pool,250
ipv6 dhcp prefix-pool,251
ipv6 dhcp relay server-address,267
ipv6 dhcp select,237
ipv6 dhcp server,252
ipv6 dhcp server apply pool,253
ipv6 dhcp server forbidden-address,254
ipv6 dhcp server forbidden-prefix,255
ipv6 dhcp snooping binding database filename,278
ipv6 dhcp snooping binding database update
interval,279
ipv6 dhcp snooping binding database update
now,280
ipv6 dhcp snooping binding record,281
ipv6 dhcp snooping check request-message,281
ipv6 dhcp snooping enable,282
ipv6 dhcp snooping max-learning-num,282
ipv6 dhcp snooping option interface-id enable,283
ipv6 dhcp snooping option interface-id string,284
ipv6 dhcp snooping option remote-id enable,284
ipv6 dhcp snooping option remote-id string,285
ipv6 dhcp snooping rate-limit,286
ipv6 dhcp snooping trust,286
K
keepalive,306
L
local-proxy-arp enable,17
local-proxy-nd enable,232
M
method,119
mtu,300
315
reset ipv6 statistics,235
reset tcp statistics,160
reset udp statistics,161
reset udp-helper statistics,167
reset udp-helper statistics,172
N
nbns-list,53
netbios-type,53
network,256
network,54
next-server,55
S
service,301
shutdown,301
sip-server,261
source,302
ssl-client-policy,121
static-bind,262
static-bind,59
O
option,56
option,256
P
password,120
prefix-pool,258
proxy-arp enable,18
proxy-nd enable,232
T
tcp mss,161
tcp path-mtu-discovery,162
tcp syn-cookie enable,163
tcp timer fin-timeout,163
tcp timer syn-timeout,164
tcp window,164
temporary address range,263
tftp-server domain-name,60
tftp-server ip-address,61
tunnel dfbit enable,303
tunnel discard ipv4-compatible-packet,304
tunnel tos,304
tunnel ttl,305
R
Remote support,310
reset arp,11
reset arp snooping,20
reset counters interface,300
reset dhcp relay client-information,77
reset dhcp relay statistics,78
reset dhcp server conflict,57
reset dhcp server expired,58
reset dhcp server ip-in-use,58
reset dhcp server statistics,59
reset dhcp snooping binding,98
reset dhcp snooping packet statistics,99
reset dns host,114
reset ip fast-forwarding cache,133
reset ip statistics,160
reset ipv6 dhcp client statistics,275
reset ipv6 dhcp relay statistics,268
reset ipv6 dhcp server conflict,259
reset ipv6 dhcp server expired,259
reset ipv6 dhcp server ip-in-use,260
reset ipv6 dhcp server pd-in-use,260
reset ipv6 dhcp server statistics,261
reset ipv6 dhcp snooping binding,287
reset ipv6 dhcp snooping packet statistics,287
reset ipv6 fast-forwarding cache,292
reset ipv6 nd snooping,233
reset ipv6 neighbors,233
reset ipv6 pathmtu,234
U
udp-helper broadcast-map,172
udp-helper broadcast-map,167
udp-helper enable,173
udp-helper enable,168
udp-helper port,173
udp-helper port,168
udp-helper server,174
udp-helper server,169
url,122
username,123
V
voice-config,61
W
Websites,310
316
Download PDF
Similar pages