RG-WLAN Series Access Point RGOS Command

RG-WLAN Series Access Point
RGOS Command Reference
Release 10.4(1b19)p2
RG-WLAN Series Access Point RGOS Command Reference Release 10.4(1b19)p2
Revision No.:
Version 10.4(1b19)p2
Copyright Statement
Ruijie Networks ©2000-2015
All rights reserved.
Without our written permission, this document may not be excerpted, reproduced, transmitted, or otherwise in all or in part
by any party in any means.
,
,
,
,
,
,
,
are all registered trademarks of Ruijie Networks Co., Ltd. and are protected
by law.
Exemption statement
This document is provided “as is”. The contents of this document are subject to change without any notice. Please obtain
the latest information through the Ruijie Networks website. Ruijie Networks endeavors to ensure content accuracy and will
not shoulder any responsibility for losses and damages caused by content omissions, inaccuracies or errors.
Preface
Version Description
This manual matches the software version RGOS®10.4(1b19)p2.
Target Readers
This manual is intended for the following readers:

Network engineers

Technical salespersons

Network administrators
Obtaining Technical Assistance
Ruijie Networks website: http://www.ruijienetworks.com/
Online customer services: http://webchat.ruijie.com.cn
Customer service center: http://www.ruijie.com.cn/service.aspx
Customer services hotline: +86-4008-111-000
BBS: http://support.ruijie.com.cn
Customer services email: service@ruijie.com.cn
Related Documents
Documents
Configuration Guide
Command Reference
Description
Describes network protocols and related mechanisms that supported by the
product, with configuration examples.
Describes the related configuration commands, including command modes,
parameter descriptions, usage guides, and related examples.
Describes functional and physical features of the product and provides
Hardware Installation Guide
installation
procedure,
hardware
troubleshooting,
module
technical
specifications, and specifications and guidelines of cables and connectors.
Conventions in this Document
1. Universal Format Convention
Arial: Arial with the point size 10 is used for the body.
Note: A line is added respectively above and below the prompts such as caution and note to separate them from the body.
Format of information displayed on the terminal: Courier New, point size 8, indicating the screen output. User's entries
among the information shall be indicated with bolded characters.
2. Command Line Format Convention
Arial is used as the font for the command line. The meanings of specific formats are described below:
Bold: Key words in the command line, which shall be entered exactly as they are displayed, shall be indicated with bolded
characters.
Italic: Parameters in the command line, which must be replaced with actual values, shall be indicated with italic
characters.
[ ]: The part enclosed with [ ] means optional in the command.
{ x | y | ... }: It means one shall be selected among two or more options.
[ x | y | ... ]: It means one or none shall be selected among two or more options.
//:Lines starting with an exclamation mark "//" are annotated.
3. Signs
Various striking identifiers are adopted in this manual to indicate the matters that special attention should be paid in the
operation, as detailed below:
Descript, prompt, tip or any other necessary supplement or explanation for the operation.
The port types mentioned in the examples of this manual may not be consistent with the actual ones. In real network
environments, you need configure port types according to the support on various products.
The display information of some examples in this manual may include the information on other series
products, like model and description. The details are subject to the used equipments.
Warning, danger or alert in the operation.
Command Reference
WLAN Basic Configuration Commands
WLAN Basic Configuration Commands
ampdu-retries
In a wireless network, AMPDU software retransmission is adopted to reduce the sub-frame loss. The
more retransmission attempts, the less the package loss. However excessive retransmission attempts
increase the workload of air interfaces, which reduce the immediacy of other packages. So, it is
recommended to configure more retransmission attempts when sub-frame loss frequently occurred.
ampdu-retries times radio radio_id
Parameter
Description
Parameter
Description
times
Set the retransmission times; within the range from 1 to 10.
radio-id
ID of the radio to be configured
Defaults
By default, the retransmission times is 10.
Command
AP configuration mode
Mode
Usage Guide
N/A
Example 1: Enter the configuration mode of AP0001 and set the AMPDU software retransmission
Configuration
times to 5.
Examples
Ruijie(config)#ap- config AP0001
Ruieji(config-ap)#ampdu-retries 5 radio radio_id
Related
Command
Description
Commands
N/A
N/A
Platform
Supported by both AC and AP.
Description
ampdu-rts
MPDU RTS protection is able to avoid aggregation conflict on air interface to avoid resource waste.
However, RTS interaction consumes some resources of the air interface which brings about side-effect
to the air interface in most scenario. The function is disabled by default.
[no] ampdu-rts radio radio_id
Command Reference
WLAN Basic Configuration Commands
Parameter
Parameter
Description
Description
radio-id
ID of the radio to be configured
Defaults
By default, this functio is disabled.
Command
AP configuration mode
Mode
Usage Guide
N/A
Example 1: Enter the configuration mode of AP0001 and enable the AMPDU RTS protection on the
Configuration
radio 1.
Examples
Ruijie(config)# ap- config AP0001
Ruieji(config-ap)# ampdu-rts radio 1
Related
Command
Description
Commands
N/A
N/A
Platform
Supported by both AC and AP.
Description
autowifi
Use this command to perform one-click WLAN configuration on an unconfigured device. Use the no
form of this command to cancel the configuration.
autowifi
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
AC/Fat AP configuration mode
Mode
One-click WLAN configuration function is provided for fast configuration on an unconfigured device,
Usage Guide
In general, this function aims at helping the scenario investigator to improve efficiency
and helping the channel distributors to test WLAN performance in a more convenient
Command Reference
WLAN Basic Configuration Commands
way.
This function automatically performs the following configurations on the AC or the Fat AP:
(1)Vlan Division: On an AC, VLAN 1 is AP’s VLAN, VLAN 2 is STA’s VLAN; On a Fat AP, VLAN 1 is
STA’s VLAN.
(2) Address Pool: On an AC, the network segment 192.168.1.0 is the AP’s address pool; The
network segment 192.168.2.0 is the STA’s address pool; By default, the IP address of VLAN 1 is
192.168.1.1 and the IP address of VLAN 2 is 192.168.2.1; The default management IP address is
Configuration
Examples
88.88.88.88.
On a Fat AP, the network segment 192.168.1.0 is the STA’s address pool; The IP address of BVI 1 is
192.168.1.1.
(3) WLAN Configuration: Set the WLAN name to autowifi_XXXX, the last four digits is the same as
that of the device’s MAC address; Set the WLAN-ID to 1.
(4) Security: By default,WPA2 is used for encryption; the password is autowifi.
(5) WLAN-VLAN Mapping: On an AC, map WLAN-ID 1 to VLAN 1 in the ap-group default group; On
a Fat AP encapsulate VLAN 1 on the wireless interface and set the WLAN-ID to 1.
(6) Service: Enable DHCP service.
Related
Command
Description
Commands
N/A
N/A
Platform
Supported by AC and Fat AP.
Description
eth-schd
You can improve the network performance by raising the received Ethernet package limit per time on
an AP, at the cost of reducing immediacy of key packages. With regard to applications which are
multi-user concurrent and real-time sensitive, such as electronic schoolbag, requiring only ordinary
networks, you are recommended to decrease the value of received Ethernet package limit per time to
25.
eth-schd limit
Parameter
Parameter
Description
Description
limit
Received package limit per time
By default, the limit value varies by AP model, as shown below:
The default limit value of the following APs: 256
AP220-I v1.0, AP220-I v1.1, AP220-SI v1.0
Defaults
AP220-SI v1.1, AP220-E v2.03, AP220-E v2.0
AP220-SH v2.0, AP220-SH (C) v3.0, AP220-E(M) v2.0, AP220-E(M) v2.20, AP620-H(C) v2.0, AP220-E(C)
v3.0, AP220-E(M) v2.3, AP220-E v2.99, AP620-H(C) v2.99, AP220-SH(C) v2.99
AP220-E(C) v2.99, AP530-I v1.0
Command Reference
WLAN Basic Configuration Commands
The default limit value of the following APs : 180
AP320-I v1.0, AP220-E(M)-V2 v3.0, AP320-I v1.1
AP3220 v1.0, AP220-E(P) v1.0, AP220-E(C) v4.0
AP220-E(M)-V2 v3.9
The default limit value of the following APs: 64
AP330-I v1.1, AP220-E(P) v2.0
The default limit value of other APs: 25
Command
AP configuration mode
Mode
Usage Guide
N/A
Example 1: Enter the configuration mode of AP0001 and set the value of the received package limit
Configuration
per time to 100.
Examples
Ruijie(config)# ap- config AP0001
Ruieji(config-ap)# eth-schd 100
Related
Command
Description
Commands
N/A
N/A
Platform
Supported by both AC and AP.
Description
ldpc
As part of FEC (Forward Error Correction) technology, LDPC is a simple and easily-implemented linear
error correcting code developed in the early 1960s that used in the data transmission over noisy
channels to improve the coding reliablity and coding gain,so as to reduce the risk of data loss. However,
only few terminals are incomparible with LDPC, featuring package loss. This command is used to
enable or disable this function.
[no] ldpc radio radio id
Parameter
Parameter
Description
Description
radio-id
ID of the radio to be configured.
Defaults
By default, this function is enabled.
Command
AP configuration mode
Mode
Command Reference
Usage Guide
WLAN Basic Configuration Commands
N/A
Example 1: Enter the configuration mode of AP0001 and enable LDPC on radio 1 of the designated
Configuration
AP.
Examples
Ruijie(config)# ap- config AP0001
Ruieji(config-ap)# ldpc radio 1
Related
Command
Description
Commands
N/A
N/A
Platform
Supported by both AC and AP.
Description
stbc
Space–time block coding is a technique used in wireless communications to transmit multiple copies of
a data stream across a number of antennas at different time and to exploit the various received
versions of the data to improve the reliability of data-transfer. An obvious advantage of STBC is
adopting simple maximum likelihood decoding to realize full antenna gain. But some terminals may be
incompatible with STBC. This commands is used to enable or disable this function.
[no] stbc radio radio_id
Parameter
Parameter
Description
Description
radio-id
ID of the radio to be configured
Defaults
By default, this function is enabled.
Command
AP configuration mode
Mode
Usage Guide
N/A
Example 1: Enter the configuration mode of AP0001 and enable STBC on radio 1 of the designated
Configuration
AP.
Examples
Ruijie(config)# ap- config AP0001
Ruieji(config-ap)# stbc radio 1
Related
Command
Description
Commands
N/A
N/A
Platform
Supported by both AC and AP.
Description
Command Reference
Dot11 Radio Commands
Dot11 Radio Commands
dot11 wlan
Use this command to create a WLAN and enters WLAN configuration mode.
dot11 wlan wlan-id
no dot11 wlan wlan-id
Parameter
Description
Parameter
Description
no
Deletes the WLAN.
wlan-id
Specifies a WLAN ID.
Defaults
N/A
Command
Global configuration mode
mode
Usage Guide
After a WLAN is created, the command line interface enters WLAN configuration mode.
Configuration
# Create a WLAN called WLAN 1 and enter WLAN configuration mode.
Examples
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)#
# Delete the WLAN.
Ruijie(config)# no dot11 wlan 1
Related
Commands
Platform
Command
Description
wlan-id
Sets a WLAN ID for the Dot11radio interface.
N/A
Description
broadcast-ssid
Use this command to display the service set identifier (SSID). Use the no form of this command to
hide the SSID.
broadcast-ssid
no broadcast-ssid
Command Reference
Parameter
Description
Dot11 Radio Commands
Parameter
Description
no
Hides the SSID.
Defaults
By default, the WLAN does not hide the SSID.
Command
WLAN configuration mode
mode
Usage Guide
N/A
Configuration
# Enable WLAN1 to display the SSID.
Examples
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# broadcast-ssid
# Enable WLAN1 to hide the SSID.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# no broadcast-ssid
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
vlan
Use this command to set a VLAN ID bound with the WLAN.
vlan vlan-id
no vlan
Parameter
Description
Parameter
Description
no
Deletes the VLAN ID.
vlan-id
Specifies the VLAN ID. The range is from 1 to 4095.
Defaults
N/A
Command
# Set the VLAN ID bound with the WLAN 1 to 1.
mode
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# vlan 1
# Delete the VLAN ID of 1 bound with the WLAN 1.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# no vlan
Command Reference
Dot11 Radio Commands
Usage Guide
N/A
Configuration
# Set the VLAN ID bound with the WLAN 1 to 1.
Examples
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# vlan 1
# Delete the VLAN ID of 1 bound with the WLAN 1.
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# no vlan
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ssid
Use this command to set a SSID for the WLAN.
ssid ssid-string
no ssid
Parameter
Description
Parameter
Description
no
Deletes the SSID.
ssid-string
Specifies the SSID. The length is from 1 to 32.
Defaults
N/A
Command
WLAN configuration mode
mode
Usage Guide
A SSID can be associated with multiple WLANs, but a WLAN cannot be associated with multiple
SSIDs at the same time.
Configuration
# Set the SSID for WLAN 1 to RUIJIE.
Examples
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# ssid RUIJIE
Related
Commands
Command
Description
N/A
N/A
Command Reference
Platform
Dot11 Radio Commands
N/A
Description
interface dot11radio
Use this command to set the dot11radio interface or sub-interface and enter dot11radio interface
configuration mode.
interface dot11radio interface-name
no interface dot11radio interface-name
Parameter
Description
Parameter
Description
no
Deletes dot11radio sub-interface
interface-name
Defaults
Command
mode
Specifies
the
Dot11radio
interface
number,
sub-interface number.
N/A
Global configuration mode
Usage Guide
The no form of this command is only applicable to sub-interface.
Configuration
# Enter dot11radio interface configuration mode.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#
# Enter dot11radio sub-interface configuration mode.
Ruijie(config)#interface dot11radio 1/0.1
Ruijie(config-subif)#
# Delete the dot11radio sub-interface configuration.
Ruijie(config)#no interface dot11radio 1/0.1
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
antenna
Use this command to set parameters for transmitting and receiving antennas.
antenna { receive | transmit } chain-mask
including
the
Command Reference
Dot11 Radio Commands
no antenna { receive | transmit }
Parameter
Description
Defaults
Parameter
Description
no
Deletes settings for antennas.
chain-mask
Specifies the antenna selection mask. The range is from 1 to 7.
The default antenna selection mask varies with product models and the number of antennas. The
default setting depends on the product model.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the transmitting and receiving mask.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# antenna transmit 7
Ruijie(config-if-Dot11radio 1/0)# antenna receive 7
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
beacon dtim-period
Use this command to set a DTIM period for beacon frames.
beacon dtim-period seconds
no beacon dtim-period
Parameter
Description
Parameter
Description
no
Deletes the setting of DTIM period.
seconds
Specifies the DTIM period. The unit is one beacon period. The range
is from 1 to 255.
Defaults
The default DTIM period is 1 beacon period.
Command
Dot11radio interface configuration mode
mode
Command Reference
Dot11 Radio Commands
Usage Guide
N/A
Configuration
# Set the DTIM period to 20.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#beacon dtim-period 20
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
beacon period
Use this command to set a beacon period.
beacon period milliseconds
no beacon period
Parameter
Description
Parameter
Description
no
Deletes the setting of beacon period.
milliseconds
Specifies the beacon period in milliseconds. The range is from 20 to
1000.
Defaults
The default value is 100 milliseconds.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the beacon period to 200 milliseconds.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#beacon period 200
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Dot11 Radio Commands
channel
Use this command to set the channel that the radio operates in.
channel channel-num
no channel
Parameter
Description
Parameter
Description
no
Sets to auto search and configures the radio channel.
Specifies a radio channel. The range is from 1 to 13 on the 2.4-GHz
channel-num
radio, from 36 to 165 on the 5-GHz radio. (For a specific product, the
supported radio channels depend on the country code.)
Defaults
N/A
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the radio to operate in channel 11.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#channel 11
Related
Commands
Platform
Command
Description
radio-type
Sets the radio type.
N/A
Description
radio-type
Use this command to set the RF mode of a radio.
radio-type { 802.11a | 802.11b }
Parameter
Description
Defaults
Parameter
Description
802.11a
Supports 5 GHz frequency band.
802.11b
Supports 2.4 GHz frequency band.
By default, Radio 1 is configured with 802.11b and Radio 2 802.11a.
Command Reference
Command
Dot11 Radio Commands
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the RF mode to 2.4 GHz frequency band.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#radio-type 802.11b
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
chan-width
Use this command to set the bandwidth of radio channels
chan-width { 20 | 40 }
no chan-width
Parameter
Description
Parameter
Description
no
Deletes the setting of channel bandwidth.
20
Sets the channel width to 20 MHz.
40
Sets the channel width to 40 MHz.
Defaults
The default channel bandwidth is 20 MHz.
Command
Dot11radio interface configuration mode
mode
Usage Guide
It is not allowed to configure channel bandwidth when 802.11n is forbidden.
Configuration
# Set the channel width to 40 MHz.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#chan-width 40
# Delete the setting of channel width.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#no chan-width
Related
Commands
Command
Description
Command Reference
Dot11 Radio Commands
N/A
Platform
N/A
N/A
Description
country-code
Use this command to set a country code for a specified radio.
country-code country-code
no country-code
Parameter
Description
Parameter
Description
no
Restores the default country code.
country-code
Specifies the country code, which varies with products.
Defaults
The default country code is CN.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the country code of the radio to USI.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#country-code USI
# Delete the setting of country code.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#no country-code
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
fragment-threshold
Use this command to set a fragmentation threshold for a radio.
fragment-threshold threshold-value
no fragment-threshold
Command Reference
Parameter
Description
Dot11 Radio Commands
Parameter
Description
no
Deletes the setting of fragmentation thresholds.
Threshold-value
Specifies the value of a fragmentation threshold. The range is from
256 to 2346 bytes.
Defaults
The default value is 2346 bytes.
Command
Dot11radio interface configuration mode
mode
Usage Guide
It is only allowed to configure fragmentation thresholds when 802.11n is forbidden.
Configuration
# Set the fragmentation threshold to 1500 bytes.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# fragment-threshold 1500
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
rts threshold
Use this command to set an RTS threshold for a radio.
rts threshold threshold-value
no rts threshold
Parameter
Description
Parameter
Description
no
Deletes the setting of RTS thresholds.
threshold-value
Specifies the RTS threshold. The range is from 257 to 2347 bytes.
Defaults
The default value is 2347 bytes.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the RTS threshold to 1500 bytes.
Examples
Ruijie(config)#interface dot11radio 1/0
Command Reference
Dot11 Radio Commands
Ruijie(config-if-Dot11radio 1/0)# rts threshold 1500
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
slottime
Use this command to set the slot time for a radio.
slottime { long | short }
Parameter
Description
Parameter
Description
long
Sets the long slot time.
short
Sets the short slot time.
Defaults
The default setting is short slot time.
Command
Dot11radio interface configuration mode
mode
Usage Guide
This command only takes effect when the AP operates in 2.5GHz frequency band and non-802.11b.
In 5 GHz frequency band, the default setting is short slot time, which cannot be modified.
Configuration
# Sets long slot time on the radio.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# slottime long
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
short-gi
Use this command to set a short Guard Interval (GI) on the radio.
short-gi enable chan-width { 20 | 40 }
no short-gi enable chan-width { 20 | 40 }
Command Reference
Parameter
Description
Defaults
Dot11 Radio Commands
Parameter
Description
no
Deletes the setting of short GI.
20
Short GI in the channel width of 20 MHz.
40
Short GI in the channel width of 40 MHz.
By default, short GI cannot be enabled in the channel bandwidth of 20 MHz, but can be enabled in the
channel bandwidth of 40 MHz.
Command
Dot11radio interface configuration mode
mode
Usage Guide
Short GI in the channel width of 20 MHz is not supported on some products.
Configuration
# Enable short GI in the channel width of 20 MHz.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# short-gi enable chan-width 20
# Disable short GI in the channel width of 20 MHz.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# no short-gi enable chan-width 20
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
short-preamble
Use this command to set a preamble for a radio.
short-preamble
no short-preamble
Parameter
Description
Parameter
Description
no
Sets a long preamble.
Defaults
The default setting is short preamble in 2.4 GHz frequency band while long preamble in 5 GHz.
Command
Dot11radio interface configuration mode
mode
Command Reference
Usage Guide
Dot11 Radio Commands
This command only takes effect when the AP operates in 2.4 GHz frequency band. The default
setting is long preamble in 5 GHz frequency band, which cannot be modified.
Configuration
# Set the short preamble.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# short-preamble
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
response-rssi
Use this command to set the minimum value of the received signal strength indicator (RSSI) for a
wireless client to connect to the AP. If a wireless client's RSSI is less than this value, this client is not
allowed to associate with this AP.
response-rssi rssi-value
no response-rssi
Parameter
Description
Parameter
Description
no
Deletes a RSSI value.
rssi-value
Specifies the RSSI. The range is from 0 to 100 dBm.
Defaults
The default value is 0.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# set the RSSI value for wireless access.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# response-rssi 10
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Dot11 Radio Commands
power local
Use this command to set the transmitting power of a radio.
power local power-value
no power local
Parameter
Description
Parameter
Description
no
Deletes the power value.
power-value
Specifies the value of transmitting power. The range is from 1 to 100
percent.
Defaults
The default value is 100.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the transmitting power of the radio to 50 percent.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# power local 50
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
retries
Use this command to set the retries of long or short frames.
retries { short | long } retries-value
no retries { short | long }
Parameter
Description
Parameter
Description
no
Restores the default setting.
short
long
Specifies the retransmission times of short frames. The range is from
1 to 7.
Specifies the retransmission times of long frames. The range is from
1 to 4 times.
Command Reference
Dot11 Radio Commands
Defaults
The default value is 4 for long frames and 7 for short frames.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the retries of long frames.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# retries long 2
# Restore the default retries of short frames.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#no retries short
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
sta-idle-timeout
Use this command to set the idle timeout for wireless clients.
sta-idle-timeout seconds
no sta-idle-timeout
Parameter
Description
Parameter
Description
no
Restores the default value.
seconds
Specifies the idle timeout. The range is from 60 to 86400 seconds.
Defaults
The default value is 300 seconds.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the idle time to 900 seconds.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# sta-idle-timeout 900
Command Reference
Related
Commands
Platform
Dot11 Radio Commands
Command
Description
N/A
N/A
N/A
Description
coverage-area-control
Use this command to set the power of transmitting beacon, or to control the coverage area of wireless
signals.
coverage-area-control power-value
no coverage-area-control
Parameter
Description
Parameter
Description
no
Restores the default setting.
power-value
Specifies the coverage area. The range is from 0 to 32.
Defaults
The default value is 0.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the coverage area of wireless signals.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# coverage-area-control 12
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
mcast_rate
Use this command to set multicast rate.
mcast_rate { 11 | 24 | 54 | 65 | 78 | 104 | 130 }
no mcast_rate
Command Reference
Parameter
Description
Dot11 Radio Commands
Parameter
Description
no
Restores the default value.
Defaults
The default value is 54.
Command
Dot11radio interface configuration mode
mode
Usage Guide
A multicast rate takes effect only when the current AP frequency band supports this rate. If this rate is
not supported, the default rate is used.
Configuration
# Set a multicast rate.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# mcast_rate 24
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
sta-limit
Use this command to set the maximum number of wireless clients that can be connected to the AP.
sta-limit client-num
no sta-limit
Parameter
Description
Parameter
Description
no
Restores the default value.
client-num
Specifies the maximum number of clients. The range is from 1 to 128.
Defaults
The default value is 24.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Set the maximum number of wireless clients to 50.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# sta-limit 50
Command Reference
Related
Commands
Platform
Dot11 Radio Commands
Command
Description
N/A
N/A
N/A
Description
rate-set
Use this command to set a rate set.
rate-set { 11a | 11b | 11g mandatory | support | disable speed }
rate-set 11n mcs-mandatory | mcs-support index
Parameter
Description
Parameter
Description
11a
The 5-GHz radio has the legacy 802.11a, 802.11na data rates.
11b
The 2.4-GHz radio has the legacy 802.11b data rates.
11g
The 2.4-GHZ radio has the legacy 802.11g, 802.11ng data rates.
Specifies the rate to be configured, which varies with radio types.
speed
802.11a : 6, 9, 12, 18, 24, 36, 48 and 54 Mbps
802.11b : 1, 2, 5.5 and 11 Mbps
802.11g: 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48 and 54 Mbps
Defaults
disable
Sets a data rate to be disabled on the specified radio type.
support
Sets a data rate to be supported on the specified radio type.
mandatory
Sets a data rate to be mandatory on the specified radio type.
11n
Sets the MCS value on the 802.11n radio.
mcs-mandatory
Specifies the mandatory MCS value.
mcs-support
Specifies the supported MCS value.
index
Specifies the range, which is from 0 to 23.
The default setting differs:
802.11a: Rates 6, 9, 12 are set to mandatory and the rest are set to supported.
802.11b: Rates 1, 2, 5.5, 11 are set to mandatory.
802.11g: Rates 1, 2, 5.5, 11 are set to mandatory and the rest to supported.
mcs- support: The default MCS value is 7 for one traffic, 15 for two traffics, and 23 for three traffics.
mcs- mandatory:0
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Command Reference
Dot11 Radio Commands
Configuration
# Set 54 MHz to support on the 802.11a radio.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# rate-set 11a support 54
# Set 24 MHz to mandatory on the 802.11g radio.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# rate-set 11g mandatory 54
# Set MCS 12 to mandatory on the 802.11n radio.
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# rate-set 11n mcs-mandatory 12
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
11bsupport enable
Use the command to enable the specified radio to support 802.11b on 2.4 GHz.
11bsupport enable
no 11bsupport enable
Parameter
Description
Parameter
Description
no
Disables the radio to support 802.11b.
Defaults
By default, the 802.11b is supported.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Disable the radio to support 802.11b.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# no 11bsupport enable
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Dot11 Radio Commands
11gsupport enable
Use this command to enable the specified radio to support 802.11g, or 802.11b/g on 2.5 GHz.
11gsupport enable
no 11gsupport enable
Parameter
Description
Parameter
Description
no
Disables the radio to support 802.11g.
Defaults
By default, the 802.11g is supported.
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Disable the radio to support 802.11g.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)# no 11gsupport enable
Ruijie(config)#interface vfc 2
Ruijie(config-interface-vfc)#bind mac-address 001d.0928.b62f
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
11nsupport enable
Use this command to enable the specified radio to support 802.11n.
11nsupport enable
no 11nsupport enable
Parameter
Description
Parameter
Description
no
Disables the radio to support 802.11n.
Defaults
By default, the 802.11n is supported.
Command
Dot11radio interface configuration mode
Command Reference
Dot11 Radio Commands
mode
Usage Guide
N/A
Configuration
# Enable the radio to support 802.11n.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#11nsupport enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
wlan-id
Use this command to enable WLAN while enabling the radio.
wlan-id wlan-id
no wlan-id wlan-id
Parameter
Description
Parameter
Description
no
Deletes the WLAN ID.
wlan-id
Specifies the WLAN ID.
Defaults
N/A
Command
Dot11radio interface configuration mode
mode
Usage Guide
N/A
Configuration
# Enable WLAN 1.
Examples
Ruijie(config)#interface dot11radio 1/0
Ruijie(config-if-Dot11radio 1/0)#wlan-id 1
Related
Commands
Platform
Description
Command
Description
dot11 wlan
Creates the configuration-related WLAN.
N/A
Command Reference
Dot11 Radio Commands
show dot11 wireless
Use this command to show wireless information and configuration of the wireless network card.
show dot11 wireless interface-name
Parameter
Description
Parameter
Description
interface-name
Specifies the Dot11radio interface number.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
Ruijie#show dot11 wireless 1/0
Examples
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show dot11 associations
Use this command to show connections of the wireless network card.
show dot11 associations H.H.H interface-nam
Parameter
Description
Parameter
Description
H.H.H
Specifies the MAC address of a wireless client.
interface-name
Specifies
the
Dot11radio
sub-interface number.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
interface
number,
including
the
Command Reference
Configuration
Dot11 Radio Commands
Ruijie#show dot11 associations 0023.9090.2900 1/0
Examples
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show dot11 associations all-client
Use this command to show information of all clients connected to the wireless network card.
show dot11 associations all-client interface-name
Parameter
Description
Parameter
Description
interface-name
Specifies
the
Dot11radio
interface
number,
including
the
sub-interface number.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
Ruijie#show dot11 association all-client 1/0
Examples
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show dot11 channels active
Use this command to show the information of active channels supported by the wireless network
card.
show dot11 channels active interface-name
Command Reference
Dot11 Radio Commands
x
Parameter
Description
Parameter
Description
interface-name
Specifies
the
Dot11radio
interface
number,
including
the
sub-interface number.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
Ruijie#show dot11 channels active 1/0
Examples
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show dot11 channels all
Use this command to show information of all active channels supported by the wireless network card.
show dot11 channels all interface-name
Parameter
Description
Parameter
Description
interface-name
Specifies
the
Dot11radio
sub-interface number.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
Ruijie#show dot11 channels all 2/0
Examples
interface
number,
including
the
Command Reference
Related
Commands
Platform
Description
Dot11 Radio Commands
Command
Description
N/A
N/A
N/A
Command Reference
WLAN-VLAN Mapping Commands
WLAN-VLAN Mapping Commands
vlan-assign-mode
Use this command to set a VLAN assignment mode for the current or all VLAN groups on an AP
device. Use the no form of this command to remove the setting.
vlan-assign-mode dot1x
no vlan-assign-mode
Parameter
Parameter
Description
dot1x
Indicates that the authentication server is responsible for
Description
assigning
VLANs
to
users
that
pass
802.1x
authentication.
Defaults
Configuration
Mode
No VLAN assignment mode is specified.
VLAN group configuration mode or global configuration mode
The VLAN assignment mode set in global configuration mode takes effect on all VLAN groups.
The VLAN assignment mode set in VLAN group configuration mode takes effect only on the
Usage Guide
current VLAN group.
The VLAN assignment mode set in VLAN group configuration mode prevails over that set in
global configuration mode.
The following example shows how to configure the 802.1x-based VLAN assignment mode for
Configuration
Examples
VLAN group 100 on an AP.
Ruijie# configure terminal
Ruijie(config)# vlan-group 100
Ruijie(config-vlan-group)# vlan-assign-mode dot1x
Related
Command
Description
Commands
show vlan-group [group-id]
Display information about a VLAN group.
Platform
This command is supported by the RGOS10.4 (1T17) or later versions.
Description
Command Reference
WLAN-VLAN Mapping Commands
vlan-group
Use this command to create a VLAN group on an AP device. Use the no form of this command to
delete the configuration.
vlan-group group-id
no vlan-group group-id
Parameter
Parameter
Description
group-id
Description
Specifies the ID of a VLAN group, which ranges from 1 to
128.
None
Defaults
Configuration
Global configuration mode
Mode
None
Usage Guide
The following example shows how to create VLAN group 100 on an AP:
Configuration
Ruijie# configure terminal
Examples
Ruijie(config)# vlan-group 100
Ruijie(config-vlan-group)#
Related
Command
Description
Commands
show vlan-group [group-id]
Display information about a VLAN group.
Platform
This command is supported by the RGOS10.4 (1T17) or later versions.
Description
default-vlan
When the 802.1x-based VLAN assignment mode is configured on an AP device, the authentication
server is responsible for assigning VLANs to users. Use this command to enable the device to
assign the default VLAN after authentication. Use the no form of this command to delete the
configuration.
default-vlan vlan-id
no default-vlan
Parameter
Parameter
Description
Description
vlan-id
Specifies a VLAN ID.
Command Reference
Defaults
Configuration
Mode
WLAN-VLAN Mapping Commands
The default VLAN is not specified.
VLAN group configuration mode
Before setting the mode of assigning the default VLAN, add the default VLAN to the specific
Usage Guide
VLAN group.
The default VLAN takes effect only after it is assigned to a user who passes 802.1x
authentication by the authentication server of the current WLAN.
The following example shows how to set VLAN 10 to the default VLAN of VLAN group 100 on
Configuration
Examples
an AP:
Ruijie# configure terminal
Ruijie(config)# vlan-group 100
Ruijie(config-vlan-group)# default-vlan 10
Related
Command
Description
Commands
show vlan-group [group-id]
Display information about a VLAN group.
Platform
Description
This command is supported by the RGOS10.4 (1T17) or later versions.
vlan-list
Use this command to set the list of VLANs in a VLAN group on an AP device. Use the no form of this
command to remove the setting.
vlan-list vlan-list
no vlan-list
Parameter
Description
Defaults
Configuration
Mode
Usage Guide
Parameter
vlan-lis
Description
Specifies a list of VLANs in a VLAN group. A VLAN group
includes a maximum of 32 VLANs.
A VLAN group has no VLAN.
VLAN group configuration mode
If a WLAN needs to map multiple VLANs, add them to the same VLAN group, and then
associate the VLAN group with the WLAN.
Command Reference
WLAN-VLAN Mapping Commands
The following example shows how to add VLANs 100 to 105 to VLAN group 100 on an AP or
Configuration
Examples
AC:
Ruijie# configure terminal
Ruijie(config)# vlan-group 100
Ruijie(config-vlan-group)# vlan-list 100-105
Related
Command
Description
Commands
show vlan-group [group-id]
Display information about a VLAN group.
Platform
Description
This command is supported by the RGOS10.4 (1T17) or later versions.
vlan-group
Use this command to associate a VLAN group with the current WLAN on an AP. Use the no form of
this command to remove the configuration.
vlan-group group-id
no vlan-group
Parameter
Description
Defaults
Configuration
Mode
Usage Guide
Parameter
group-id
Description
Specifies the ID of a VLAN group, which ranges from 1 to
128.
The WLAN is not associated with any VLAN group.
WLAN configuration mode
None
The following example shows how to associate WLAN 1 with VLAN group 100:
Configuration
Ruijie# configure terminal
Examples
Ruijie(config)# dot11 wlan 1
Ruijie(dot11-wlan-config)# vlan-group 100
Related
Command
Description
Commands
Platform
Description
This command is supported by the RGOS10.4 (1T17) or later versions.
Command Reference
WLAN-VLAN Mapping Commands
encapsulation dot1Q
Use this command to configure encapsulation for a VLAN or VLAN group on the dot11 radio
sub-interface of an AP. Use the no form of this command to remove the configuration.
encapsulation dot1Q [group] {vlan-id | vlan-group-id}
no encapsulation dot1Q [group] {vlan-id | vlan-group-id}
Parameter
Parameter
Description
vlan -id
Specifies a VLAN ID.
Description
vlan-group-id
Defaults
Configuration
Mode
Specifies the ID of a VLAN group, which ranges from 1 to
128.
Packets of a VLAN or VLAN group are not encapsulated.
Interface mode
To configure VLAN encapsulation on a dot1q sub-interface, run the encapsulation dot1Q
Usage Guide
vlan-id command.
To configure VLAN group encapsulation on a dot1q sub-interface, run the encapsulation
dot1Q group vlan-group-id command.
The following example shows how to configure encapsulation for VLAN group 100 on the
Configuration
Examples
sub-interface Dot11radio 1/0.1 on an AP:
Ruijie# configure terminal
Ruijie(config)# interface dot11radio 1/0.1
Ruijie(config-subif)# encapsulation dot1Q group 100
Related
Command
Description
Commands
Platform
Description
This command is supported by the RGOS10.4 (1T17) or later versions.
show vlan-group
Use this command to display information about a VLAN group on an AP device.
show vlan-group [group-id]
Parameter
Parameter
Description
Command Reference
WLAN-VLAN Mapping Commands
Description
group-id
Defaults
None
Configuration
Mode
Usage Guide
Specifies the ID of a VLAN group.
Privileged mode
None
The following example shows how to display information about VLANs in the VLAN group on
an AP:
Ruijie# show vlan-group
Configuration
VLAN-Group ID
Examples
-------------
Default VLAN Assign-Mode
VLAN-List
------------
-----------------
-----------------------------
Related
100
10
dhcp-server-state 1-10, 21-30, 51-70
128
NA
dot1x
Command
110-130, 141-150
Description
Commands
Platform
Description
This command is supported by the RGOS10.4 (1T17) or later versions.
Command Reference
WLAN-WLOG Commands
WLAN-WLOG Commands
wlan diag enable
Use this command to enable the WLAN-WLOG function on ACs and APs. Use the no form of this
command to disable this function.
wlan diag enable
no wlan diag enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The WLAN-WLOG function is disabled on ACs and APs.
Command
Global configuration mode
mode
Usage Guide
The memory pre-allocation is performed when the WLAN-WLOG function is enabled. If the memory is
insufficient, the WLAN-WLOG function cannot be enabled.
Memories of all saved information and pre-allocated memories are reclaimed when the WLAN-WLOG
function is disabled.
Configuration
The following example shows how to enable or disable the WLAN-WLOG function:
Examples
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#wlan diag enable
Ruijie(config)#no wlan diag enable
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported on ACs and APs in WLANs.
Description
show wlan diag sta
Use the following command to display terminal statistics on an AC:
show wlan diag sta [ sta-mac STA_MAC ] [ ip-range IP_PREFIX ] [ action ACTION [ result
RESULT ] ] [ number NUMBER ]
Command Reference
WLAN-WLOG Commands
Use the following command to display terminal statistics on an AP:
show wlan diag sta [ sta-mac STA_MAC ] [ number NUMBER ]
Parameter
Description
Parameter
Description
STA_MAC
Specifies the MAC address of an STA.
Specifies the range of IP addresses for the STA, which is limited by
IP_PREFIX
an IP prefix.
ACTION
Specifies the type of STA action records.
RESULT
Specifies the result of STA action records.
NUMBER
Specifies the maximum number of records to be displayed.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
This example shows how to display terminal statistics on an AC:
Examples
Ruijie# show wlan diag sta
sta_record: c83a.35c6.0c72
TIME
RADIO
IP Address
Rssi
Action
Link Rate
Result
-------------------
---------------
AP MAC
SSID
Reason
-------
-----------
--------------
---------------------------------- --------- ----------------------------------
------------------------------
09:59:28
1
192.168.248.2
0
STA UP BY APMG
10:12:07
1
0
00d0.f822.33b0 lxh-ssid
SUCCESS
192.168.248.2
21
5500
STA DOWN BY RSNA
00d0.f822.33b0 lxh-ssid
SUCCESS AP circular AC user is offline
This example shows how to Display terminal statistics on an AP:
Ruijie# show wlan diag sta
sta mac: c83a.35c6.0c72
==========================================================================
===============================================================
2012-05-28 19:31:08
wlan id
state
rssi_rt
rs_rate_mcs tx_frm_cnts rx_frm_cnts tx_frm_flow
rx_frm_flow tx_cnts_error tx_flow_error mgmt_cnts mgmt_flow
-------- -------- -------- ----------- ----------- ----------- --------------------- ------------- ------------- --------- --------1
0
3
23
0
80
3
18
381
59
4384
5967
Command Reference
tx/rxmcs
WLAN-WLOG Commands
mcs0, mcs1
mcs10, mcs11
-------------
mcs2, mcs3
mcs4, mcs5
mcs6, mcs7
mcs8, mcs9
mcs12, mcs13 mcs14, mcs15
-------------
-------------
-------------
-------------
------------- ------------- ------------- ------------txmcspercent : 0
0
0
0
0
0
0
0
rxmcspercent : 0
0
0
0
0
0
0
0
12, 18 24, 36 48, 54
--
tx/rxrate
1, 2
5.5, 11 6, 9
--
------------- ------- ------- ------- ------- ------- ------- ------- ------txratepercent: 16
0
0
7
50
27
0
0
rxratepercent: 57
3
0
5
13
22
0
0
Field
Description
sta_record
Specifies STA records.
TIME
Specifies the time when STA records are collected.
IP Address
Specifies signal strength.
Link Rate
Specifies a connection rate.
SSID
Commands
Platform
Description
collected.
Rssi
AP MAC
Related
Specifies the IP address of an STA whose statistics are
Specifies the MAC address of an AP associated with
the STA.
Specifies the SSID of the WLAN associated with the
STA.
RADIO
Specifies the ID of the radio associated with the STA.
Action
Specifies the type of STA action records.
Result
Specifies the result of STA action records.
Reason
Specifies the reason for STA action records.
Command
Description
N/A
N/A
This command is supported on ACs and APs in WLANs.
Command Reference
WLAN Location Commands
WLAN Location Commands
wlocation enable
Use this command to enable the WLAN Location (WL) function on the specified AP. Use the no form
of this command to disable this function.
[ no ] wlocation enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled
Command
AP configuration mode on the fit AP or AC
mode
Or:
Wlocation mode on the fat AP.
Usage Guide
N/A
Configuration
This example shows how to enable wireless location on the AP.
Examples
Ruijie(config-ap)# wlocation enable
This example shows how to disable wireless location on the AP.
Ruijie(config-ap)# wlocation enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
wlocation ae-ip x.x.x.x
Use this command to configure the IP address of the AE server connected with the specified AP.
[ no ] wlocation ae-ip x.x.x.x
Parameter
Description
Defaults
Parameter
Description
x.x.x.x
The IP address of AE
0.0.0.0
Command Reference
WLAN Location Commands
Command
AP configuration mode on the fit AP or AC
mode
Or:
Wlocation mode on the fat AP.
Usage Guide
N/A
Configuration
This example shows how to configure the IP address of the AE server on the specified AP.
Examples
Ruijie(config-ap)# wlocation ae-ip 1.1.1.1
This example shows how to restore the IP address of the AE to the default configuration.
Ruijie(config-ap)# no wlocation ae-ip
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
wlocation ae-port number
Use this command to set the port number of the AE server connected with the specified AP.
[ no ] wlocation ae-port number
Parameter
Description
Parameter
Description
number
The port number of AE.
Defaults
12092
Command
AP configuration mode on the fit AP or AC
mode
Or:
Wlocation mode on the fat AP.
Usage Guide
N/A
Configuration
This example shows how to set the port number of the AE server connected with the specified AP.
Examples
Ruijie(config-ap)# wlocation ae-port 12093
This example shows how to restore the port number of the AE server connected with the specified AP
to the default configuration.
Ruijie(config-ap)# no wlocation ae-port
Related
Command
Description
Command Reference
WLAN Location Commands
Commands
N/A
Platform
N/A
N/A
Description
wlocation compound enable
Use this command to enable the function of transmitting aggregate data of wireless location. Use the
no form of this command to disable this function.
[ no ] wlocation compound enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled
Command
AP configuration mode on the fit AP or AC
mode
Or:
Wlocation mode on the fat AP.
Usage Guide
N/A
Configuration
This example shows how to enable the function of transmitting aggregate data of wireless location on
Examples
the specified AP.
Ruijie(config-ap)# wlocation compound enable
This example shows how to disable the function of transmitting aggregate data of wireless location on
the specified AP.
Ruijie(config-ap)# no wlocation compound enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
wlocation mu enable
Use this command to enable Mobile Unit (MU) wireless location on the specified AP. Use the no form
of this command to disable this function.
Command Reference
WLAN Location Commands
[ no ] wlocation mu enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled
Command
AP configuration mode on the fit AP or AC
mode
Or:
Wlocation mode on the fat AP.
Usage Guide
N/A
Configuration
This example shows how to enable MU wireless location on the specified AP.
Examples
Ruijie(config-ap)# wlocation mu enable
This example shows how to disable MU wireless location on the specified AP.
Ruijie(config-ap)# no wlocation mu enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
wlocation tag enable
Use this command to enable tag wireless location on the specified AP. Use the no form of this
command to disable this function.
[ no ] wlocation tag enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled.
Command
AP configuration mode on the fit AP or AC
mode
Or:
Wlocation mode on the fat AP.
Usage Guide
N/A
Command Reference
WLAN Location Commands
Configuration
This example shows how to enable tag wireless location on the specified AP.
Examples
Ruijie(config-ap)# wlocation tag enable
This example shows how to disable tag wireless location on the specified AP.
Ruijie(config-ap)# no wlocation tag enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
wlocation send-mu-time time
Use this command to set frequency of sending MU location packets on the specified AP.
[ no ] wlocation send-mu-time time
Parameter
Description
Parameter
Description
time
Packets sending interval within the range from 100-5000 ms
Defaults
300 ms
Command
AP configuration mode on the fit AP or AC
mode
Or:
Wlocation mode on the fat AP.
Usage Guide
N/A
Configuration
This example shows how to set frequency to send MU location packets on the specified AP.
Examples
Ruijie(config-ap)# wlocation send-mu-time 400
This example shows how to restore the frequency of sending MU location packets to the default
value.
Ruijie(config-ap)# no wlocation send-mu-time
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
WLAN Location Commands
wlocation send-tag-time time
Use this command to set frequency to send tag location packets on the specified AP.
[ no ] wlocation send-tag-time time
Parameter
Description
Parameter
Description
time
Packets sending interval within the range from 100-5000 ms.
Defaults
300 ms
Command
AP configuration mode on the fit AP or AC
mode
Or:
Wlocation mode on the fat AP.
Usage Guide
N/A
Configuration
This example shows how to set frequency to send tag location packets on the specified AP.
Examples
Ruijie(config-ap)# wlocation send-tag-time 400
This example shows how to restore frequency of sending tag location packets to the default value.
Ruijie(config-ap)# no wlocation send-tag-time
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Wireless Security Commands
Wireless Security Commands
security rsn
The command is used to configure the authentication mode of a WLAN to RSN. This command has
no no prefix, and any configuration prefixed with no does not work at all. The command format is:
security rsn { enable | disable }
Parameter
Description
Parameter
Description
enable
Indicates that you enable the RSN authentication mode.
disable
Indicates to disable the RSN authentication mode.
Defaults
N/A
Command
WLAN security configuration mode.
mode
Usage Guide
The command is used to enable the RSN authentication mode. Only after the RSN authentication
mode is enabled can encryption and authentication methods be configured in the RSN mode.
Otherwise, any configuration is invalid. When you use the RSN authentication, you need to configure
an encryption method and an authentication method. If only an encryption or authentication method is
configured, or neither is configured, the wireless client cannot be associated with the wireless
network. The RSN authentication mode is what is usually called WPA2 authentication mode. If both
WPA and RSN authentication modes are configured simultaneously for a WLAN, the encryption and
authentication methods in these two authentication modes are identical, and the newly configured
encryption and authentication methods will override the previous ones.
Configuration
The following example configures the authentication mode of WLAN1 to RSN.
Examples
Ruijie(config)#wlansec 1
Ruijie(wlansec)# security rsn enable
The followint example disables the RSN authentication mode of WLAN1.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn disable
Related
Commands
Command
Description
security rsn akm { psk | 802.1x } { enable |
Configures an authentication method in the
disable }
RSN authentication mode.
security rsn ciphers { aes | tkip } { enable |
Configures an encryption method in the RSN
disable }
authentication mode.
security rsn akm psk set-key ascci
Configures a shared password for RSNs.
Command Reference
Platform
Wireless Security Commands
N/A
Description
security rsn akm
The command is used to configure an authentication method for a WLAN in the RSN authentication
mode. This command has no no prefix, and any configuration prefixed with no does not work at all.
The command format is:
security rsn akm { psk | 802.1x } { enable | disable }
Parameter
Description
Parameter
psk
802.1x
enable
disable
Defaults
Command
mode
Usage Guide
Description
Indicates to configure the authentication method to pre-shared key
identity verification.
Indicates to configure the authentication method to IEEE802.1x
authentication.
Indicates that you enable an authentication method in the RSN
authentication mode.
Indicates to disable an authentication method in the RSN
authentication mode.
N/A
WLAN security configuration mode.
The command is used to enable an authentication method in the RSN authentication mode. Only
after the RSN authentication mode is enabled can an authentication method be configured. There are
two authentication methods: PSK and 802.1x.
Configuration
The following example configures the authentication method for WLAN1 in the RSN authentication
Examples
mode to PSK.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn akm psk enable
The following example disables the PSK authentication for WLAN1 in the RSN authentication mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn akm psk disable
The following example configures the authentication method for WLAN1 in the RSN authentication
mode to 802.1x authentication.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn akm 802.1x enable
The following example disables the 802.1x authentication for WLAN1 in the RSN authentication
mode.
Command Reference
Wireless Security Commands
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn akm 802.1x disable
Related
Commands
Platform
Command
Description
security rsn { enable | disable }
Configures the WLAN configuration mode.
security rsn ciphers { aes | tkip } { enable |
Configures an encryption method in the RSN
disable } authentication mode.
security rsn akm psk set-key ascci
Configures a shared password for RSNs.
N/A
Description
security rsn akm psk set-key ascci
The command is used to configure a shared password for RSNs of a WLAN.
security wpa akm psk set-key ascci key
Parameter
Description
Parameter
Description
key
Indicates a shared password.
Defaults
N/A
Command
WLAN security configuration mode.
mode
Usage Guide
This shared password is of use only when the PSK authentication mode is enabled.
Configuration
The following example configures the shared password for WLAN 1 RSN to 12345678.
Examples
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn enable
Ruijie(wlansec)# security rsn akm psk enable
Ruijie(wlansec)# security rsn akm psk set-key ascci 12345678
Related
Commands
Command
Description
security rsn { enable | disable }
Configures the RSN authentication mode.
security rsn ciphers { aes | tkip } { enable |
Configures an encryption method in the RSN
disable }
authentication mode.
security rsn akm { psk | 802.1x } { enable |
Configures an authentication method in the
disable }
RSN authentication mode.
Command Reference
Platform
Wireless Security Commands
N/A
Description
security rsn ciphers
The command is used to configure an encryption method for a WLAN in the RSN authentication
mode. This command has no no prefix, and any configuration prefixed with no does not work at all.
The command format is:
security rsn ciphers { aes | tkip } { enable | disable }
Parameter
Description
Parameter
Description
aes
Indicates to configure the encryption method to AES.
tkip
The parameter indicates to configure the encryption method to TKIP.
enable
disable
Indicates that you enable an encryption method in the RSN
authentication mode.
Indicates to disable an encryption method in the RSN authentication
mode.
Defaults
N/A
Command
WLAN security configuration mode.
mode
Usage Guide
The command is used to enable an encryption method in the RSN authentication mode. Only after
the RSN authentication mode is enabled can an encryption method be configured. There are two
encryption methods: AES and TKIP. When you use the RSN authentication, you need to configure an
encryption method and an authentication method. If only an encryption or authentication method is
configured, or neither is configured, the wireless client cannot be associated with the wireless
network. The RSN authentication mode is what is usually called WPA2 authentication mode. If both
WPA and RSN authentication modes are configured simultaneously for a WLAN, the encryption and
authentication methods in these two authentication modes are identical, and the newly configured
encryption and authentication methods will override the previous ones.
Configuration
The following example configures the encryption method for WLAN1 in the RSN authentication mode
Examples
to AES. Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn ciphers aes enable
The following example disables the AES encryption method for WLAN1 in the RSN authentication
mode. Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers aes disable
The following example configures the encryption method for WLAN1 in the RSN authentication mode
to TKIP. Command Reference
Wireless Security Commands
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn ciphers tkip enable
The following example disables the TKIP encryption method for WLAN1 in the RSN authentication
mode. Ruijie (config)#wlansec 1
Ruijie(wlansec)# security rsn ciphers tkip disable
Related
Commands
Platform
Command
Description
security rsn { enable | disable }
Configures the RSN authentication mode.
security rsn akm { psk | 802.1x } { enable |
Configures an authentication method in the
disable }
RSN authentication mode.
security rsn akm psk set-key ascci
Configures a shared password for RSNs.
N/A
Description
security static-wep-key authentication
The command is used to configure an authentication method for a WLAN in the static WEP mode.
This command has no no prefix, and any configuration prefixed with no does not work at all. The
command format is:
security static-wep-key authentication { open | share-key }
Parameter
Description
Parameter
Description
open
Indicates the open system authentication mode.
share-key
Indicates the shared key configuration mode.
Defaults
The default setting is open.
Command
WLAN security configuration mode.
mode
Usage Guide
This command must be used with the security static-wep-key encryption command. Usually, the
static WEP key must be configured before the shared key authentication method can be configured.
In any security mode other than the static WEP security mode, it is of no use to configure the link
authentication mode.
Configuration
The following example configures the authentication mode of WLAN1 to open system authentication.
Examples
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security static-wep-key authentication open
The following example configures the authentication mode of WLAN1 to shared key authentication.
Ruijie (config)#wlansec 1
Command Reference
Wireless Security Commands
Ruijie(wlansec)# security static-wep-key authentication share-key
Related
Commands
Command
Description
security static-wep-key encryption
Platform
Configures the static WEP key, and enable the
static WEP security mode.
N/A
Description
security static-wep-key encryption
The command is used to configure the static WEP key for a WLAN and configure the security mode of
this WLAN to static WEP. The no option of the command can be used to delete the configured key,
and restore the WLAN to the OPEN mode. The command format is:
[ no ]security static-wep-key encryption key-length { ascii|hex } key-index key
Parameter
Description
Parameter
key-length
key-index
Description
The key length is measured by bit, which can be 40, 104, and 128
bits.
Indicates a key index number, ranging from 1 to 4.
Indicates key data. In the ascii mode, 5-byte, 13-byte, and 16-byte
data can serve as a key depending on the key-length parameter. In
key
the hex mode, 10-byte, 26-byte, and 32-byte data can serve as a key
depending on the key-length parameter.
ascii
Indicates that the password takes the form of ASCII code.
hex
Indicates that the password is hexadecimal.
As a command prefix, the parameter indicates cancellation of the
no
configured static key.
Defaults
N/A
Command
WLAN security configuration mode.
mode
Usage Guide
The prerequisite of configuring security mode for a WLAN is that this WLAN has been created.
Attention should be paid to the following points:
1.
This command can be used repeatedly for configuration, and the last configuration will take
effect.
2.
This command configures the static WEP key as well as the static-WEP security mode.
Configuration
The following example configures the static WEP key of WLAN 1 to 12345.
Examples
Ruijie (config)#wlansec 1
Command Reference
Wireless Security Commands
Ruijie(wlansec)# security static-wep-key encryption 40 ascii 1 12345
Or use the hexadecimal form, which has the same effect:
Ruijie(wlansec)# security static-wep-key encryption 40 hex 1 3132333435
Related
Commands
Command
Description
security static-wep-key authentication { open |
share-key }
Configures the authentication method in the
static WEP security mode to open system
authentication or shared key authentication.
Platform
The client cannot support a 128-bit WEP password if you use the Windows XP operating system in
Description
the wireless client management software. If the client software does not support a 128-bit WEP
password, as Ruijie’s devices are configured with 128-bit encryption, the consequence is either the
client software cannot be associated with the wireless network or the data channel is unavailable,
depending on the authentication mode.
security wpa
The command is used to configure the authentication mode of a WLAN to WPA. This command has
no no prefix, and any configuration prefixed with no does not work at all. The command format is:
security wpa { enable | disable }
Parameter
Description
Parameter
Description
enable
Indicates that you enable the WPA authentication mode.
disable
Indicates to disable the WPA authentication mode.
Defaults
N/A
Command
WLAN security configuration mode.
mode
Usage Guide
The command is used to enable the WPA authentication mode. Only after the WPA authentication
mode is enabled can encryption and authentication methods be configured in the WPA mode.
Otherwise, configuration is impossible. When you use the WPA authentication, you need to configure
an encryption method and an authentication method. If only an encryption or authentication method is
configured, or neither is configured, the wireless client cannot be associated with the wireless
network.
Configuration
The following example configures the authentication mode of WLAN1 to WPA.
Examples
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa enable
The following example disables the WPA authentication mode of WLAN1.
Ruijie (config)#wlansec 1
Command Reference
Wireless Security Commands
Ruijie(wlansec)# security wpa disable
Related
Commands
Command
Description
security wpa akm { psk | 802.1x } { enable |
Configures an authentication method in the
disable }
WPA authentication mode.
security wpa ciphers { aes | tkip } { enable |
Configures an encryption method in the WPA
disable }
authentication mode.
security wpa akm psk set-key ascci
Platform
Configures the shared password in the WPA
authentication mode.
N/A
Description
security wpa akm
The command is used to configure an authentication method for a WLAN in the WPA authentication
mode. This command has no no prefix, and any configuration prefixed with no does not work at all.
The command format is:
security wpa akm { psk | 802.1x } { enable | disable }
Parameter
Description
Parameter
psk
802.1x
enable
disable
Description
Indicates to configure the authentication method to pre-shared key
identity verification.
Indicates to configure the authentication method to IEEE802.1x
authentication.
Indicates that you enable an authentication method in the WPA
authentication mode.
indicates to disable an authentication method in the WPA
authentication mode.
Defaults
N/A
Command
WLAN security configuration mode.
mode
Usage Guide
The command is used to enable an authentication method in the WPA authentication mode. Only
after the WPA authentication mode is enabled can an authentication method be configured. There are
two authentication methods: PSK and 802.1x. When you use the WPA authentication, you need to
configure an encryption method and an authentication method. If only an encryption or authentication
method is configured, or neither is configured, the wireless client cannot be associated with the
wireless network.
Command Reference
Wireless Security Commands
Configuration
The following example configures the authentication method for WLAN1 in the WPA authentication
Examples
mode to pre-shared key identity authentication.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa akm psk enable
The following example disables the pre-shared key identity authentication for WLAN1 in the WPA
authentication mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa akm psk disable
The following example configures the authentication method for WLAN1 in the WPA authentication
mode to 802.1x authentication.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa akm 802.1x enable
The following example disables the 802.1x authentication for WLAN1 in the WPA authentication
mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa akm 802.1x disable
Related
Commands
Platform
Command
Description
security wpa { enable | disable }
Configures the WLAN configuration mode.
security wpa ciphers { aes | tkip } { enable |
Configures an encryption method in the WPA
disable }
authentication mode.
N/A
Description
security wpa akm psk set-key ascci
The command is used to configure a WPA shared password for a WLAN.
security wpa akm psk set-key ascci key
Parameter
Description
Parameter
Description
key
Indicates a shared password.
Defaults
N/A
Command
WLAN security configuration mode.
mode
Usage Guide
This shared password is of use only when the PSK authentication mode is enabled.
Configuration
The following example configures the shared password for WLAN 1 WPA to 12345678.
Examples
Ruijie (config)#wlansec 1
Command Reference
Wireless Security Commands
Ruijie(wlansec)# security wpa enable
Ruijie(wlansec)# security wpa akm psk enable
Ruijie(wlansec)# security wpa akm psk set-key ascci 12345678
Related
Commands
Platform
Command
Description
security wpa { enable | disable }
Configures the WLAN configuration mode.
security wpa ciphers { aes | tkip } { enable |
Configures an encryption method in the WPA
disable }
authentication mode.
security wpa akm { psk | 802.1x } { enable |
Configures an authentication method in the
disable }
WPA authentication mode.
N/A
Description
security wpa ciphers
The command is used to configure an encryption method for a WLAN in the WPA authentication
mode. This command has no no prefix, and any configuration prefixed with no does not work at all.
The command format is:
security wpa ciphers { aes | tkip } { enable | disable }
Parameter
Description
Parameter
Description
aes
Indicates to configure the encryption method to AES.
tkip
Indicates to configure the encryption method to TKIP.
enable
disable
Indicates that you enable an encryption method in the WPA
authentication mode.
Indicates to disable an encryption method in the WPA authentication
mode.
Defaults
N/A
Command
WLAN security configuration mode.
mode
Usage Guide
The command is used to enable an encryption method in the WPA authentication mode. Only after
the WPA authentication mode is enabled can an encryption method be configured. There are two
encryption methods: AES and TKIP. When you use the WPA authentication, you need to configure an
encryption method and an authentication method. If only an encryption or authentication method is
configured, or neither is configured, the wireless client cannot be associated with the wireless
network.
Configuration
The following example configures the encryption method for WLAN1 in the WPA authentication mode
Command Reference
Examples
Wireless Security Commands
to AES.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers aes enable
The following example disables the AES encryption method for WLAN1 in the WPA authentication
mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers aes disable
The following example configures the encryption method for WLAN1 in the WPA authentication mode
to TKIP.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers tkip enable
The following example disables the TKIP encryption method for WLAN1 in the WPA authentication
mode.
Ruijie (config)#wlansec 1
Ruijie(wlansec)# security wpa ciphers tkip disable
Related
Commands
Command
Description
security wpa { enable | disable }
Configures the WLAN configuration mode.
security wpa akm { psk | 802.1x } { enable |
Configures an authentication method in the
disable }
WPA authentication mode.
Configures a shared password in the WPA
security wpa akm psk set-key ascci
Platform
authentication mode.
N/A
Description
webauth prevent-jitter
Use this command to set the timeout for jitter prevention during Web authentication of a particular
WLAN. Use the no or default form of this command to restore the default setting.
webauth prevent-jitter timeout
Parameter
Description
Parameter
timeout
no/default
Description
Sets
timeout
for
jitter
prevention
during
authentication. The range is from 0 to 86400 seconds.
Restores the default value of 300 seconds.
Defaults
N/A
Command
WLAN security configuration mode.
mode
the
Web
Command Reference
Wireless Security Commands
Usage Guide
N/A
Configuration
The following example sets the timeout for jitter prevention during Web authentication of WLAN 1 to
Examples
900 seconds.
Step 1: Enter WLAN security configuration mode:
(config)#wlansec 1
Step 2: Use the webauth prevent-jitter command to configure the timeout:
webauth prevent-jitter 900
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show wlan security
The command is used to display security configuration of a WLAN.
show wlan security wlan-id
Parameter
Description
Parameter
Description
wlan-id
Indicates the ID of the WLAN to be checked, ranging from 1 to 512.
Defaults
N/A
Command
Privileged mode
mode
Usage Guide
N/A
Configuration
The following example displays the security configuration of WLAN1.
Examples
Ruijie# show wlan security 1
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Wireless Security Commands
show wclient security
The command is used to display security configuration of a wireless client. It takes the form as
follows:
Show wclient security mac-address
Parameter
Description
Parameter
mac-address
Defaults
N/A
Command
Privileged mode.
Description
Indicates the MAC address of the wireless client to be shown, in the
format of H.H.H.
mode
Usage Guide
N/A
Configuration
The following example displays the security configuration of wireless client 1 with a MAC address of
Examples
0023.cdad.d3d5.
Ruijie# show wclient security 0023.cdad.d3d5
Security policy finished
Related
Commands
Platform
Description
:TRUE
Security policy type
:WPA-802.1X
Security cipher mode
:CCMP
Security EAP type
:NONE
Security NAC status
:CLOSE
Command
Description
N/A
N/A
N/A
Command Reference
WIDS Commands
WIDS Commands
attack-detection enable
Use this command to enable the IDS attack detection function. Use the no form of this command to
disable the IDS attack detection function.
attack-detection enable { all | flood | weak-iv | spoof }
no attack-detection enable { all | flood | weak-iv | spoof }
Parameter
Description
Parameter
Description
all
The parameter indicates that you enable all types of IDS attack
detection function.
flood
The parameter indicates that you enable the Flooding IDS attack
detection function.
weak-iv
The parameter indicates that you enable the Weak-IV IDS attack
detection function.
spoof
The parameter indicates that you enable the Spoofing IDS attack
detection function.
no
The parameter indicates that you disable the IDS attack detection
function.
Defaults
The default is no.
Command
WIDS configuration mode.
mode
Usage Guide
N/A
Configuration
#Enable the Weak-IV IDS attack detection function.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# attack-detection enable weak-iv
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
WIDS Commands
countermeasures ap-max
Use this command to configure the maximum number of APs for the countermeasures.
Use the no form of this command to restore the default setting.
countermeasures ap-max number
no countermeasures ap-max
Parameter
Description
Parameter
Description
number
Specifies the maximum number of APs for the countermeasures.
Value range: 1 to 256
no
Restores the maximum number of APs for the countermeasures to
30.
Defaults
The maximum number of APs for the countermeasures is 30 by default.
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Set the maximum number of APs for the countermeasures to 100.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# countermeasures ap-max 100
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
countermeasures enable
Use this command to enable the device countermeasures. Use the no form of this command to
disable the device countermeasures.
countermeasures enable
no countermeasure enable
Parameter
Description
Parameter
Description
no
The
parameter
countermeasures.
indicates
that
you
disable
the
device
Command Reference
WIDS Commands
Defaults
This function is disabled by default.
Command
WIDS configuration mode.
mode
Usage Guide
N/A
Configuration
#Enable the device countermeasures.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# countermeasure enable
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported on ACs and fat APs.
Description
countermeasures mode
Use this command to configure the device countermeasures mode. Use the no form of this command
to restore the default countermeasures mode.
countermeasures mode { SSID | rogue | adhoc | config }
no countermeasure mode
Parameter
Description
Parameter
Description
SSID
The parameter indicates the SSIDs that are detected by the
countermeasures and are not on the same AC.
rogue
The parameter indicates that only detected rogue devices are
subjected to the countermeasures.
adhoc
The parameter indicates that only detected adhoc devices are
subjected to the countermeasures.
config
The parameter indicates that only the devices configured in the static
attack list are subjected to the countermeasures.
no
The parameter indicates that the current countermeasures mode is
cancelled.
Defaults
N/A
Command
WIDS configuration mode.
mode
Command Reference
WIDS Commands
Usage Guide
N/A
Configuration
#Set the device countermeasure mode to rogue.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# countermeasure mode rogue
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported on ACs and fat APs.
Description
countermeasures rssi-min
Use this command to configure the lower limit of the signal for the countermeasures.
Use the no form of this command to restore the default setting.
countermeasures rssi-min number
no countermeasures rssi-min
Parameter
Description
Parameter
Description
number
Specifies
the
lower
limit
of
the
signal
strength
for
the
limit
of
the
signal
strength
for
the
countermeasures.
Value range: 0 to 75
no
Restores
the
lower
countermeasures to 25.
Defaults
The lower limit of the signal strength for the countermeasures is 25 by default.
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Set the lower limit of the signal strength for the countermeasures to 0.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# countermeasures rssi-min 0
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Command Reference
WIDS Commands
Description
device aging duration
Use this command to configure device aging duration. Use the no form of this command to restore
the default aging duration.
device aging duration seconds
no device aging duration
Parameter
Description
Parameter
Description
seconds
The parameter indicates device aging duration, ranging from 500 to
5000 seconds.
no
The parameter indicates that you restore the aging duration to the
default.
Defaults
The default aging duration is 1200 seconds.
Command
WIDS configuration mode.
mode
Usage Guide
N/A
Configuration
#Set the device aging duration to 1200s.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device aging duration 1200
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
device attack mac-address
Use this command to configure a static attack list for device countermeasures. Use the no form of this
command to delete a configured static attack address entry.
device attack mac-address H.H.H
no device attack mac-address H.H.H
Parameter
Description
Parameter
Description
Command Reference
H.H.H
WIDS Commands
The parameter indicates that the device with this source MAC
address is subjected to the countermeasures.
no
Defaults
No setting by default.
Command
WIDS configuration mode.
The parameter indicates that you delete a static attack address.
mode
Usage Guide
This configuration is one of the policies for detecting Rogue devices.
Configuration
#Set the device with the static attack source MAC address of 0000.0000.0001.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device attack mac-address 0000.0000.0001
Related
Commands
Platform
Description
Command
Description
N/A
N/A
This command is supported on ACs and fat APs.
device attack max
Use this command to configure the maximum number of attack MAC address list members.
Use the no form of this command to restore the default setting.
device attack max number
no device attack max
Parameter
Description
Parameter
Description
number
Specifies the maximum number of attack MAC address list members.
Value range: 1 to 256
no
Restores the maximum number of attack MAC address list members
to 128.
Defaults
The maximum number of attack MAC address list members is 128 by default.
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
The following example sets the maximum number of attack MAC address list members to 100.
Command Reference
Examples
WIDS Commands
Ruijie(config)# wids
Ruijie(config-wids)# device attack max 100
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
device mode
Use this command to configure the working mode of the AP. Use the no form of this command to
restore the default working mode.
device mode { monitor | normal | hybrid }
no device mode
Parameter
Description
Parameter
Description
monitor
The parameter indicates AP works in the monitor mode.
normal
The parameter indicates AP works in the normal mode.
hybrid
The parameter indicates AP works in the hybrid mode.
no
The parameter indicates that you restore the working mode of AP to
the default.
Defaults
The AP works in normal mode by default..
Command
WIDS configuration mode on an AP; AP configuration mode on an AC.
mode
Usage Guide
N/A
Configuration
#Set the working mode of the AP to monitor.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device mode monitor
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
WIDS Commands
device permit mac-address
Use this command to configure a permissible MAC address list. Use the no form of this command to
delete a configured static attack entry.
device permit mac-address H.H.H
no device permit mac-address H.H.H
Parameter
Description
Parameter
Description
H.H.H
The parameter indicates that the device with this source MAC
address is legal.
no
The parameter indicates to delete a permissible MAC address.
Defaults
There is no permissible MAC entry by default.
Command
WIDS configuration mode.
mode
Usage Guide
This configuration is one of the policies for detecting Rogue devices.
Configuration
#Set the device with the permissible source MAC address of 0000.0000.0001.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device permit mac-address 0000.0000.0001
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
device permit mac-address max
Use this command to configure the maximum number of permissible MAC address list members.
Use the no form of this command to restore the default setting.
device permit mac-address max number
no device permit mac-address max
Parameter
Description
Parameter
Description
number
Specifies the maximum number of permissible MAC address list
members.
Value range: 1 to 1280
Command Reference
no
WIDS Commands
Restores the maximum number of permissible MAC address list
members to 1024.
Defaults
The maximum number of permissible MAC address list members is 1024 by default.
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Set the maximum number of permissible MAC address list members to 100.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device permit mac-address max 100
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
device permit max-ssid
Use this command to configure the maximum number of permissible SSID list members.
Use the no form of this command to restore the default setting.
device permit max-ssid number
no device permit max-ssid
Parameter
Description
Parameter
Description
number
Specifies the maximum number of permissible SSID list members.
Value range: 1 to 1024
no
Restores the maximum number of permissible SSID list members to
512.
Defaults
The maximum number of permissible SSID list members is 512 by default.
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Set the maximum number of permissible SSID list members to 100.
Examples
Ruijie(config)# wids
Command Reference
WIDS Commands
Ruijie(config-wids)# device permit max-ssid 100
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
device permit ssid
Use this command to configure a permissible SSID list. Use the no form of this command to delete a
configured permissible SSID entry.
device permit ssid ssid
no device permit ssid ssid
Parameter
Description
Parameter
Description
ssid
The parameter indicates this is the permissible SSID.
no
The parameter indicates that you delete a permissible SSID.
Defaults
There is no permissible SSID entry by default.
Command
WIDS configuration mode.
mode
Usage Guide
This configuration is one of the policies for detecting Rogue devices.
Configuration
#Set the SSID of my-wlan as the permissible SSID.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device permit ssid my-wlan
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
device permit vendor bssid
Use this command to configure a permissible vendor list. Use the no form of this command to delete a
configured permissible vendor entry.
Command Reference
WIDS Commands
device permit vendor bssid H.H.H
no device permit vendor bssid H.H.H
Parameter
Description
Parameter
Description
H.H.H
The parameter indicates this vendor’s address is a permissible
address.
no
The parameter indicates that you delete a permissible vendor entry.
Defaults
There is no permissible vendor entry by default.
Command
WIDS configuration mode.
mode
Usage Guide
The vendor number is used to configure the first three bytes of a MAC address. Do not configure
multiple MAC addresses with the same vendor number. This configuration is one of the policies for
detecting Rogue devices.
Configuration
#Set the MAC address 0011.2200.0001 as a permissible vendor address.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device permit vendor bssid 0011.2200.0001
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
device permit vendor bssid max
Use this command to configure the maximum number of permissible vendor list members.
Use the no form of this command to restore the default setting.
device permit vendor bssid max number
no device permit vendor bssid max
Parameter
Description
Parameter
Description
number
Specifies the maximum number of permissible vendor list members.
Value range: 1 to 1024
no
Restores the maximum number of permissible vendor list members to
512.
Defaults
The maximum number of permissible vendor list members is 512 by default.
Command Reference
Command
WIDS Commands
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Set the maximum number of permissible vendor list members to 100.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device permit vendor bssid max 100
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
device statistics max
Use this command to configure the maximum number of statistic list members.
Use the no form of this command to restore the default setting.
device statistics max number
no device statistics max
Parameter
Description
Parameter
Description
number
Specifies the maximum number of statistic list members.
Value range: 1 to 1024
no
Restores the maximum number of statistic list members to 512.
Defaults
The maximum number of statistic list members is 1024 by default.
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Set the maximum number of statistic list members to 100.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# device statistics max 100
Related
Commands
Command
Description
N/A
N/A
Command Reference
Platform
WIDS Commands
N/A
Description
dynamic-blacklist enable
Use this command to enable the dynamic blacklist. Use the no form of this command to disable the
dynamic blacklist.
dynamic-blacklist enable
no dynamic-blacklist enable
Parameter
Description
Parameter
Description
no
The parameter indicates that you disable the dynamic blacklist.
Defaults
Dynamic blacklist is disabled by de fault.
Command
WIDS configuration mode.
mode
Usage Guide
N/A
Configuration
#Enable the dynamic blacklist.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# dynamic-blacklist enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
dynamic-blacklist lifetime
Use this command to configure the dynamic blacklist entry lifetime. Use the no form of this command
to restore the default dynamic blacklist entry lifetime.
dynamic-blacklist lifetime seconds
no dynamic-blacklist lifetime
Parameter
Description
Parameter
Description
seconds
The parameter indicates the dynamic blacklist entry lifetime, ranging
Command Reference
WIDS Commands
from 60 to 5000 seconds.
no
The parameter indicates that you restore the dynamic blacklist entry
lifetime to the default.
Defaults
The default is 300s.
Command
WIDS configuration mode.
mode
Usage Guide
N/A
Configuration
#Set the dynamic blacklist entry lifetime to 600s.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# dynamic-blacklist lifetime 600
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
dynamic-blacklist max
Use this command to configure the maximum number of MAC addresses in the dynamic blacklist.
Use the no form of this command to restore the default setting.
dynamic-blacklist max number
no dynamic-blacklist max
Parameter
Description
Parameter
Description
number
Specifies the maximum number of MAC addresses in the dynamic
blacklist.
Value range: 1 to 1024
no
Restores the maximum number of MAC addresses in the dynamic
blacklist to 512.
Defaults
The maximum number of MAC addresses in the dynamic blacklist is 1024 by default.
Command
WIDS configuration mode
mode
Usage Guide
N/A
Command Reference
WIDS Commands
Configuration
#Set the maximum number of MAC addresses in the dynamic blacklist to 100.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# dynamic-blacklist max 100
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
flood-detect { auth | deauth | assoc | disassoc } total number number
time time
Use this command to configure attack detection in which an attack is considered to have occurred if
the threshold for determining an attack using frames of the specified type is reached in the specified
detection duration for different MAC addresses.
flood-detect { auth | deauth | assoc | disassoc } total number number time time
Parameter
Description
Parameter
Description
auth
Threshold for determining an authentication frame attack during
attack detection for different MAC addresses
Default value: 500
deauth
Threshold for determining a de-authentication frame attack during
attack detection for different MAC addresses
Default value: 500
assoc
Threshold for determining an association frame attack during attack
detection for different MAC addresses
Default value: 500
disassoc
Threshold for determining a de-association frame attack during attack
detection for different MAC addresses
Default value: 500
time
Duration of attack detection
Default value: 10 seconds
Defaults
Attack detection is disabled by default.
Command
Ap-config mode for fit APs and WIDS configuration mode for fat APs
mode
Usage Guide
Use this command on ACs and fat APs.
Command Reference
WIDS Commands
Configuration
#Configure attack detection in which the threshold for determining an authentication packet attack
Examples
within 10 seconds for different MAC addresses is 200.
Ruijie-AC(config)# ap-config ap-name
Ruijie-AC(config-ap)# flood-detect auth total number 200 time 10
Ruijie-AP(config)# wids
Ruijie-AP(config-wids ) flood-detect auth total number 200 time 10
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported on ACs and fat APs.
Description
kickout threshold
Use this command to kick out the low-rate STA.
kickout threshold rate
Parameter
Description
Parameter
Description
rate
Packet sending-receiving rate with the unit of M/Second.
Defaults
The low-rate STA is not filtered by default,
Command
WIDS configuration mode.
mode
Usage Guide
This command is used to filter the low-rate STA. When the wireless access end detects that the
sending-receiving rate of STA is less than the configured threshold, it disconnects the association.
Configuration
#Filter the STA with sending-receiving rate less than 30M/S
Examples
Ruijie(config)# wids
Ruijie(config-ac)# kickout threshold 30
Related
Commands
Platform
Description
Command
Description
wids
Enters WIDS configuration mode.
N/A
Command Reference
WIDS Commands
reset attack-list all
Use this command to clear the entries of all attack lists.
reset attack-list all
Parameter
Description
Parameter
Description
all
Specifies that the entries of all attack lists are cleared.
Defaults
N/A
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Clear the entries of all attack lists.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset attack-list all
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
reset detected
Use this command to reset the device list detected in a WLAN.
reset detected { all | rogue { ap | client } | mac-address H.H.H }
Parameter
Description
Parameter
Description
all
The parameter indicates that you reset all devices detected in a
WLAN.
rogue ap
The parameter indicates that you reset the detected Rogue AP.
rogue client
The parameter indicates that you reset the detected Rogue Client.
mac-address H.H.H
The parameter indicates that you reset the device with the source
MAC address H.H.H.
Defaults
N/A
Command Reference
Command
WIDS Commands
WIDS configuration mode.
mode
Usage Guide
N/A
Configuration
#Reset the Rogue AP detected in a WLAN.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset detected rogue ap
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
reset dynamic-blacklist
Use this command to reset dynamic blacklist entries.
reset dynamic-blacklist { all | mac-address H.H.H }
Parameter
Description
Parameter
Description
all
The parameter indicates that you reset all dynamic blacklist entries.
mac-address H.H.H
The parameter indicates that you reset the dynamic blacklist entry
with the source MAC address H.H.H.
Defaults
N/A
Command
WIDS configuration mode.
mode
Usage Guide
N/A
Configuration
#Reset the dynamic blacklist entry with the source MAC address 0000.0000.0001.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset dynamic-blacklist mac-address 0000.0000.0001
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
WIDS Commands
reset permit-mac all
Use this command to clear the entries of all permissible MAC address lists.
reset permit-mac all
Parameter
Description
Parameter
Description
all
Specifies that the entries of all permissible MAC address lists are
cleared.
Defaults
N/A
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Clear the entries of all permissible MAC address lists.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset permit-mac all
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
reset permit-ssid all
Use this command to clear the entries of all permissible SSID lists.
reset permit-ssid all
Parameter
Description
Parameter
Description
all
Specifies that the entries of all permissible SSID lists are cleared.
Defaults
N/A
Command
WIDS configuration mode
mode
Usage Guide
N/A
Command Reference
WIDS Commands
Configuration
#Clear the entries of all permissible SSID lists.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset permit-ssid all
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
reset permit-vendor all
Use this command to clear the entries of all permissible vendor lists.
reset permit-vendor all
Parameter
Description
Parameter
Description
all
Specifies that the entries of all permissible vendor lists are cleared.
Defaults
N/A
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Clear the entries of all permissible vendor lists.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset permit-vendor all
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
reset static-blacklist all
Use this command to clear the entries of all static blacklists.
reset static-blacklist all
Command Reference
Parameter
Description
WIDS Commands
Parameter
Description
all
Specifies that the entries of all static blacklists are cleared.
Defaults
N/A
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Clear the entries of all static blacklists.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset static-blacklist all
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
reset statistics
Use this command to reset the IDS attack detection statistics in a WLAN.
reset statistics
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
WIDS configuration mode.
mode
Usage Guide
N/A
Configuration
#Reset the attack statistics detected in a WLAN.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset statistics
Related
Command
Description
Command Reference
WIDS Commands
Commands
N/A
Platform
N/A
N/A
Description
reset user-isolation-permit-list all
Use this command to clear the entries of all permissible lists for user isolation.
reset user-isolation-permit-list all
Parameter
Description
Parameter
Description
all
Specifies that the entries of all permissible lists for user isolation are
cleared.
Defaults
N/A
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Clear the entries of all permissible lists for user isolation.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset user-isolation-permit-list all
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
reset whitelist all
Use this command to clear the entries of all whitelists.
reset whitelist all
Parameter
Description
Parameter
Description
all
Specifies that the entries of all whitelists are cleared.
Command Reference
Defaults
N/A
Command
WIDS configuration mode
WIDS Commands
mode
Usage Guide
N/A
Configuration
#Clear the entries of all whitelists.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# reset whitelist all
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
sigmac { auth | deauth | assoc | diassoc } number number time time
Use this command to configure attack detection in which an attack is considered to have occurred if
the threshold for determining an attack using frames of the specified type is reached in the specified
detection duration for the same MAC address.
sigmac { uth | deauth | assoc | disassoc } number number time time
Parameter
Description
Parameter
Description
auth
Threshold for determining an authentication frame attack during
attack detection for the same MAC address
Default value: 300
deauth
Threshold for determining a de-authentication frame attack during
attack detection for the same MAC address
Default value: 300
assoc
Threshold for determining an association frame attack during attack
detection for the same MAC address
Default value: 300
disassoc
Threshold for determining a de-association frame attack during attack
detection for the same MAC address
Default value: 300
time
Duration of attack detection
Default value: 10 seconds
Defaults
Attack detection disabled by default.
Command Reference
Command
WIDS Commands
Ap-config mode for fit APs and WIDS configuration mode for fat APs
mode
Usage Guide
Use this command on ACs and fat APs.
Configuration
#Configure attack detection in which the threshold for determining an authentication packet attack
Examples
within 10 seconds for the same MAC addresses is 200.
Ruijie-AC(config)# ap-config ap-name
Ruijie-AC(config-ap)# sigmac {auth | deauth | assoc | disassoc} number 200
time 10
Ruijie-AP(config)# wids
Ruijie-AP(config-wids) sigmac {auth | deauth | assoc | disassoc} number 200
time 10
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
static-blacklist mac-address
Use this command to configure the static blacklist. Use the no form of this command to delete the
static blacklist
static-blacklist mac-address H.H.H
no static-blacklist mac-address H.H.H
Parameter
Description
Parameter
Description
H.H.H
The parameter indicates that you set the device with the source MAC
address H.H.H as a static blacklist entry.
no
Defaults
No setting by default..
Command
WIDS configuration mode.
The parameter indicates that you delete the static blacklist.
mode
Usage Guide
N/A
Configuration
#Configure the device with the source MAC address 0000.0000.0001 to the static blacklist.
Examples
Ruijie(config)# wids
Command Reference
WIDS Commands
Ruijie(config-wids)# static-blacklist mac-address 0000.0000.0001
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
static-blacklist max
Use this command to configure the maximum number of static blacklists.
Use the no form of this command to restore the default setting.
static-blacklist max number
no static-blacklist max
Parameter
Description
Parameter
Description
number
Specifies the maximum number of static blacklists.
Value range: 1 to 1024
no
Restores the maximum number of static blacklists to 512.
Defaults
The maximum number of static blacklists is 512 by default.
Command
WIDS configuration mode
mode
Usage Guide
N/A
Configuration
#Set the maximum number of static blacklists to 100.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# static-blacklist max 100
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
whitelist mac-address
Use this command to configure the whitelist. Use the no form of this command to delete the whitelist
Command Reference
WIDS Commands
whitelist mac-address H.H.H
no whitelist mac-address H.H.H
Parameter
Description
Parameter
Description
H.H.H
The parameter indicates that you set the device with the source MAC
address H.H.H as a whitelist entry.
no
Defaults
The default is null.
Command
WIDS configuration mode.
The parameter indicates that you delete the whitelist.
mode
Usage Guide
N/A
Configuration
#Configure the device with the source MAC address 0000.0000.0001 to the whitelist.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# whitelist mac-address 0000.0000.0001
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
whitelist max
Use this command to configure the maximum number of whitelists.
Use the no form of this command to restore the default setting.
whitelist max number
no whitelist max
Parameter
Description
Parameter
Description
number
Specifies the maximum number of whitelists.
Value range: 1 to 1024
no
Restores the maximum number of whitelists to 512.
Defaults
The maximum number of whitelists is 512 by default.
Command
WIDS configuration mode
mode
Command Reference
WIDS Commands
Usage Guide
N/A
Configuration
#Set the maximum number of whitelists to 100.
Examples
Ruijie(config)# wids
Ruijie(config-wids)# whitelist max 100
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
wids
Use this command to enter WIDS configuration mode.
wids
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Global configuration mode.
mode
Usage Guide
N/A
Configuration
#Enter WIDS configuration mode.
Examples
Ruijie(config)# wids
Ruijie(config-wids)#
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
WIDS Commands
show wids attack-list
Use this command to show the WIDS attack list.
show wids attack-list
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
mode
Usage Guide
N/A
Configuration
#Show the WIDS attack list.
Examples
Ruijie# show wids attack-list
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show wids blacklist
Use this command to show the static or dynamic blacklist.
show wids blacklist { static | dynamic }
Parameter
Description
Parameter
Description
static
Shows the static blacklist.
dynamic
Shows the dynamic blacklist.
Defaults
N/A
Command
Privileged EXEC mode.
mode
Usage Guide
N/A
Command Reference
WIDS Commands
Configuration
#Show the dynamic blacklist.
Examples
Ruijie# show wids blacklist dynamic
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show wids detected
Use this command to show the devices detected in a WLAN.
show wids detected { adhoc | all | friendly ap | interfering ap | rogue { adhoc-ap | ap | client |
config-ap | ssid-ap } | mac-address H.H.H }
Parameter
Description
Parameter
Description
adhoc
Shows the detected ad-hoc network.
all
Shows all devices detected in a WLAN.
friendly ap
Shows the detected friendly AP.
interfering ap
Shows the detected interference AP.
rogue adhoc-ap
Shows the detected Rogue ad-hoc AP.
rogue ap
Shows the detected Rogue AP.
rogue client
Shows the detected Rogue Client.
rogue config-ap
Shows the detected Rogue config AP.
rogue ssid -ap
Shows the detected Rogue SSID AP.
mac-address H.H.H
Shows the detected device with the source MAC address H.H.H.
Defaults
N/A
Command
Privileged EXEC mode.
mode
Usage Guide
N/A
Configuration
#Show the Rogue AP detected in a WLAN.
Examples
Ruijie# show wids detected rogue ap
Related
Commands
Command
Description
N/A
N/A
Command Reference
Platform
WIDS Commands
N/A
Description
show wids permitted
Use this command to show the MAC address, SSID, and vendor lists trusted in a WLAN.
show wids permitted { mac-address | ssid | vendor }
Parameter
Description
Parameter
Description
mac-address
Shows the trusted MAC address list.
ssid
Shows the trusted SSID list.
vendor
Shows the trusted vendor list.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
#Show the SSID list trusted in WLAN.
Examples
Ruijie# show wids permitted ssid
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show wids statistics
Use this command to show the detected attack statistics.
show wids statistics
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Command Reference
WIDS Commands
mode
Usage Guide
N/A
Configuration
#Show the detected attack statistics.
Examples
Ruijie# show wids statistics
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported on ACs and fat APs.
Description
show wids user-isolation permit-mac
Use this command to show the information of the permissible MAC address list for user isolation.
show wids user-isolation permit-mac
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
#Show the information of the permissible MAC address list for user isolation.
Examples
Ruijie# show wids user-isolation permit-mac
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show wids whitelist
Use this command to show the whitelist.
Command Reference
WIDS Commands
show wids whitelist
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
mode
Usage Guide
N/A
Configuration
#Show the whitelist.
Examples
Ruijie# show wids whitelist
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
WDS Commands
WDS Commands
data-plane wireless-broadcast
Use this command to configure broadcast packets to be forwarded from wired ports to wireless ports.
data-plane wireless-broadcast { enable | disable }
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
This command is not configured by default.
Command
Global configuration mode
Mode
Usage Guide
Use this command when broadcast packets need to be forwarded from wired ports to wireless ports
in Wireless Distribution Systems (WDSs).
Configuration
#Configure to forward packets from wired ports to wireless ports.
Examples
Ruijie(config)# data-plane wireless-broadcast enable
Related
Commands
Command
Description
station-role { access-point | non-root-bridge |
root-bridge }
Platform
Configures AP working modes.
N/A
Description
parent mac-address
Use this command to set the MAC address of the parent node.
parent mac-addrss HHHH.HHHH.HHHH
Parameter
Description
Parameter
Description
HHHH.HHHH.HHHH
MAC address of the parent node to be configured.
Defaults
N/A
Command
Interface configuration mode
Command Reference
WDS Commands
Mode
Usage Guide
Use this command to configure the MAC address of the parent node when AP is in the
non-root-bridge mode.
Configuration
#Set the MAC address of the parent node as HHHH.HHHH.HHHH
Examples
Ruijie(config-if-Dot11radio 1/0)# parent mac-address HHHH.HHHH.HHHH
Related
Commands
Command
Description
station-role { access-point | non-root-bridge |
root-bridge | repeater workgroup-bridge }
Platform
Configures the AP working mode.
N/A
Description
station-role
Use this command to set the AP working mode.
station-role { access-point | non-root-bridge | root-bridge }
Parameter
Description
Parameter
Description
access-point
Sets the AP working mode as root access point.
repeater
Sets the AP working mode as repeater.
non-root-bridge
Sets the AP working mode as non-boot bridge.
root-bridge
Sets the AP working mode as root bridge.
workgroup-bridge
Sets the AP working mode as workgroup bridge.
Defaults
The default working mode is access-point.
Command
Interface configuration mode
Mode
Usage Guide
N/A
Configuration
#Set the AP working mode as root-bridge.
Examples
Ruijie(config-if-Dot11radio 1/0)# station-role root-bridge
Related
Commands
Command
parent mac-address HHHH.HHHH.HHHH
Description
Configures the MAC address of the parent
node.
Command Reference
Platform
Description
N/A
WDS Commands
Command Reference
Anti-ARP Spoofing Commands
Anti-ARP Spoofing Commands
anti-arp-spoofing ip
Use this command to enable anti-ARP spoofing. Use the no form of this command to disable this
function.
anti-arp-spoofing ip ip-address
no anti-arp-spoofing ip ip-address
Parameter
Description
Parameter
Description
ip-address
IP address of the gateway.
Defaults
Anti-ARP spoofing is disabled by default.
Command
Interface configuration mode.
Mode
The interface can be a wired interface or a wireless wlansec interface.
Usage Guide
You can use the show anti-arp-spoofing command to display the configuration.
Up to 16 IP addresses can be configured with this command in an interface.
Configuration
The following example enables anti-ARP spoofing in a wired interface.
Examples
Ruijie(config)#interface fastEthernet 0/1
Ruijie(config-if)#anti-arp-spoofing ip 192.168.1.1
The following example enables anti-ARP spoofing in a wireless wlansec interface.
Ruijie(config)#wlansec 1
Ruijie(config-wlansec)#anti-arp-spoofing ip 192.168.1.2
Related
Commands
Command
show anti-arp-spoofing
Platform
Description
Displays the configuration of anti-ARP spoofing
on all interfaces.
N/A
Description
show anti-arp-spoofing
Use this command to display the configuration of anti-ARP spoofing on all interfaces.
Command Reference
Anti-ARP Spoofing Commands
show anti-arp-spoofing
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show anti-arp-spoofing
Examples
Anti-arp-spoofing
Related
Commands
Platform
Description
port
ip
-------
-------
GigabitEthernet 0/1
192.168.1.1
Wlan 1
192.168.1.2
Command
Description
anti-arp-spoofing ip
Enables anti-ARP spoofing.
N/A
Command Reference
Link Checking Commands
Link Checking Commands
link-check
Use this command to enable link checking. Use the no form of this command to disable link checking.
link-check { enable | disable }
no link-check { enable | disable }
Parameter
Description
Parameter
Description
no
Disables link checking.
Defaults
Link checking is disabled by default.
Command
Global configuration mode
mode
Usage Guide
N/A
Configuration
The following example enables link checking.
Examples
Ruijie(config)# link-check enable
The following example disables link checking.
Ruijie(config)# link-check disable
or
Ruijie(config)# no link-check enable
Related
Commands
Platform
Command
Description
show running-config
Checks whether link checking is enabled.
This command is supported only on wireless AC and fat AP series.
Description
schedule session
Use this command to configure a scheduling session. Use the no form of this command to delete the
configuration.
schedule session num
no schedule session num
Parameter
Parameter
Description
Command Reference
Link Checking Commands
Description
num
Specifies the ID of the scheduling session to be created or to be
applied to a WLAN. The range is from 1 to 64.
Deletes the scheduling session or
no
cancels the ID (in the range from 1 to 64) of the scheduling session
applied to a WLAN.
Defaults
No scheduling session is configured by default.
No scheduling session is applied to a WLAN by default.
Command
Global configuration mode
mode
or WLAN configuration mode on fit AP networking topology
Usage Guide
In global configuration mode, you can use this command to create a scheduling session and
configure parameters for it. If the scheduling session has been created, the configuration is invalid.
On fit AP networking topology, the scheduling session created in WLAN configuration mode will be
applied to a WLAN.
Configuration
The following example creates or configures scheduling session 1.
Examples
Ruijie(config)# schedule session 1
The following example deletes scheduling session 1.
Ruijie(config)#no schedule session 1
The following example applies scheduling session 1 to WLAN 1 on fit AP networking topology.
Ruijie(config)# wlan-config 1
Ruijie(config-wlan)# schedule session 1
The following example deletes scheduling session 1 from WLAN 1 on fit AP networking topology.
Ruijie(config)# wlan-config 1
Ruijie(config-wlan)# no schedule session 1
Related
Commands
Command
Description
Checks configuration information about the
show schedule session
scheduling session.
Checks current configuration information.
show running-config
Platform
This command is supported only on wireless AC and fat AP series.
Description
schedule session period/time
Use this command to set a scheduling period for a scheduling session. Use the no form of this
command to delete the configuration.
schedule session num time-range
hh2:mm2]
time-range
period day1 [to day2] time hh1:mm1 [to
Command Reference
Link Checking Commands
no schedule session num time-range time-range period day1 [to day2] time hh1:mm1 [to
hh2:mm2]
Parameter
Description
Parameter
num
time-range
Description
Specifies the ID of the scheduling session for which a scheduling
period is set. The range is from 1 to 64.
Time range ID. The range is from 1 to 4.
Specifies the starting day of the period.
day1
The value can be Sunday, Monday, Tuesday, Wednesday, Thursday,
Friday, or Saturday.
Specifies the end day of the period.
day2
The value can be Sunday, Monday, Tuesday, Wednesday, Thursday,
Friday, or Saturday.
hh1:mm1
hh2:mm2
no
Specifies the start time for scheduling. The range is from 00:00 to
24:00.
Specifies the end time for scheduling. The range is from 00:00 to
24:00.
Deletes the scheduling period.
Defaults
No scheduling period is set for a scheduling session by default.
Command
Global configuration mode
mode
Usage Guide
You can run this command for many times. The configuration at the last time overwrites that at the
previous time.
Configuration
The following example creates scheduling session 1 and sets the scheduling period.
Examples
Ruijie(config)# schedule session 1
Ruijie(config)# schedule session 1 time-range 1 period mon to fri time 00:00
to 10:00
Ruijie(config)# schedule session 1 time-range 2 period sat to sun time 10:00
to 12:00
Related
Commands
Command
show schedule session
Platform
Description
Description
Checks configuration information about the
scheduling session.
This command is supported only on wireless AC and fat AP series.
Command Reference
Link Checking Commands
schedule session radio
Use this command to apply a scheduling session to the radio on an AP or AP group. Use the no form
of this command to delete the configuration.
schedule session num radio mem
no schedule session num radio mem
Parameter
Description
Parameter
num
Description
Specifies the ID of the scheduling session to be applied. The range is
from 1 to 64.
Specifies the ID of the radio to which the scheduling session is
mem
applied.
The range is from 1 to the number of radios on an AP or AP group.
no
Defaults
Cancels the application of the scheduling session.
No scheduling session is applied to an AP or AP group by default.
No scheduling session is applied to a fat AP by default.
Command
AP or AP group configuration mode on fit AP networking topology or
mode
or global configuration mode on fat AP networking topology
Usage Guide
Apply a scheduling session to the radio on an AP or AP group. The scheduling session must have
been created and the radio marked by the radio ID exists on the AP or AP group. Otherwise, the
configuration fails.
Configuration
The following example applies scheduling session 1 to radio 2 of single AP on fit AP networking
Examples
topology.
Ruijie(config)#ap-config AP-001
AP-001 specifies the AP to which the
scheduling session is applied.
You are going to config AP(AP-001), which is on line now.
Ruijie(config-ap)# schedule session 1 radio 2
The following example applies scheduling session 1 to radio 2 of a specific AP group on fit AP
networking topology.
Ruijie(config)#ap-group APG-001
AP-001 specifies the AP group to which the
scheduling session is applied.
Ruijie(config-ap-group)# schedule session 1 radio 2
The following example applies scheduling session 1 to radio 2 on fat AP networking topology.
Ruijie(config)# schedule session 1 radio 2
Related
Commands
Command
show schedule session
Description
Checks configuration information about the
scheduling session.
Command Reference
Link Checking Commands
Checks current configuration information.
show running-config
Platform
This command is supported only on wireless AC and fat AP series.
Description
schedule session wlan
Use this command to apply a scheduling session to a WLAN on fat AP networking topology. Use the
no form of this command to delete the configuration.
schedule session num wlan wid
no schedule session num wlan wid
Parameter
Description
Parameter
num
Description
Specifies the ID of the scheduling session to be applied. The range is
from 1 to 64.
Specifies the ID of the WLAN to which the scheduling session is
wid
applied.
The range is from 1 to 4094.
no
Deletes the scheduling time of the specific scheduling session.
Defaults
No scheduling session is configured by default.
Command
Global configuration mode on fat AP networking topology
mode
Usage Guide
Use this command to apply a scheduling session to a WLAN. The scheduling session and WLAN
must have been created. Otherwise, the configuration fails.
Configuration
The following example applies scheduling session 1 to WLAN 2 on fat AP networking topology.
Examples
Ruijie(config)# schedule session 1 wlan 2
Related
Commands
Command
show schedule session
show running-config
Platform
Description
Description
Checks configuration information about the
scheduling session.
Checks current configuration information.
This command is supported only on wireless fat AP series.
Command Reference
Link Checking Commands
show schedule session
Use this command to display configuration about scheduling sessions.
show schedule session [ num ]
Parameter
Description
Parameter
Description
num
Specifies a scheduling session ID in the range from 1 to 64.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
If no scheduling session ID is specified, configuration about all scheduling sessions will be displayed.
Configuration
The following example displays configuration about scheduling session 1.
Examples
Ruijie(config)#show schedule session 1
Schedule session [1]:
Schedule period ............................... Sun, Wed to Fri
Schedule time ................................. 0:00 to 9:30
The following example displays configuration about all scheduling sessions.
Ruijie(config)#show schedule session
Schedule session [1]:
Schedule period ............................... Sun, Wed to Fri
Schedule time ................................. 0:00 to 9:30
Schedule session [3]:
Schedule period ............................... Mon to Fri
Schedule time ................................. 2:00 to 9:00
Related
Commands
Platform
Description
Command
Description
schedule session
Configures a scheduling session.
This command is supported only on wireless AC and fat AP series.
Command Reference
RADIUS Dynamic Authorization Extension Commands
RADIUS Dynamic Authorization Extension Commands
clear radius dynamic-authorization-extension statistics
Use this command to clear statistics about RADIUS dynamic authorization extension.
clear radius dynamic-authorization-extension statistics
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
#Clear statistics about RADIUS dynamic authorization extension:
Examples
Ruijie# show radius dynamic-authorization-extension statistics
Disconnect-Request Received:
50
Incorrect Disconnect-Request Received:
1
Disconnect-Request Dropped for Queue Full:
0
Disconnect-Request Process Timeout:
0
Disconnect-Request Process Success:
Disconnect-ACK Sent:
49
25
Disconnect-ACK Sent Failed:
Disconnect-NAK Sent:
0
24
Disconnect-NAK Sent Failed:
0
Ruijie# clear radius dynamic-authorization-extension statistics
Ruijie# show radius dynamic-authorization-extension statistics
Disconnect-Request Received:
0
Incorrect Disconnect-Request Received:
0
Disconnect-Request Dropped for Queue Full:
0
Disconnect-Request Process Timeout:
0
Disconnect-Request Process Success:
Disconnect-ACK Sent:
0
0
Disconnect-ACK Sent Failed:
Disconnect-NAK Sent:
Disconnect-NAK Sent Failed:
0
0
0
Command Reference
Related
Commands
Platform
RADIUS Dynamic Authorization Extension Commands
Command
Description
show radius dynamic-authorization-extension
Shows
statistics
authorization extension.
statistics
about
RADIUS
dynamic
N/A
Description
radius dynamic-authorization-extension enable
Use this command to enable RADIUS dynamic authorization extension. Use the no form of this
command to disable this function.
radius dynamic-authorization-extension enable
no radius dynamic-authorization-extension enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
RADIUS dynamic authorization extension is disabled by default.
Command
Global configuration mode
mode
Usage Guide
Check whether RADIUS dynamic authorization extension can be properly enabled or disabled.
Configuration
#Enable RADIUS dynamic authorization extension.
Examples
Ruijie(config)# radius dynamic-authorization-extension enable
Related
Commands
Command
show running-config
Platform
Description
Checks
whether
RADIUS
dynamic
authorization extension is enabled.
N/A
Description
radius dynamic-authorization-extension port
Use this command to set a UDP port for receiving packets about RADIUS dynamic authorization
extension. Use the no form of this command to remove the setting.
radius dynamic-authorization-extension port num
no radius dynamic-authorization-extension port
Command Reference
Parameter
Description
RADIUS Dynamic Authorization Extension Commands
Parameter
Description
num
Specifies a UDP port for receiving packets about RADIUS dynamic
authorization extension. The port number ranges from 1025 to 65535.
The default value is 3799.
Defaults
The default UDP port number is 3799.
Command
Global configuration mode
mode
Usage Guide
Ensure that the configured UDP port is not being used.
Configuration
#Set the UDP port numbered 4000:
Examples
Ruijie(config)# radius dynamic-authorization-extension port 4000
Related
Commands
Command
Description
Shows the UDP port for receiving packets
about
show running-config
RADIUS
dynamic
authorization
extension.
Platform
N/A
Description
radius dynamic-authorization-extension timeout
Use this command to set the timeout time for processing packets about RADIUS dynamic
authorization extension. Use the no form of this command to remove the setting.
radius dynamic-authorization-extension timeout seconds
no radius dynamic-authorization-extension timeout
Parameter
Description
Parameter
Description
seconds
Specifies the timeout time for processing packets about RADIUS
dynamic authorization extension, in seconds. The value ranges from
0 to 600. 0 indicates that the timeout time for processing packets
about RADIUS dynamic authorization extension will not expire.
Defaults
The default timeout time is 30 seconds.
Command
Global configuration mode
mode
Command Reference
RADIUS Dynamic Authorization Extension Commands
Usage Guide
The timeout time needs to be changed based on application requirements.
Configuration
#Set the timeout time for processing packets about RADIUS dynamic authorization extension to 40
Examples
seconds:
Ruijie(config)# radius dynamic-authorization-extension timeout 40
Related
Commands
Platform
Command
Description
show running-config
Shows the configuration.
N/A
Description
radius dynamic-authorization-extension event-timestamp interval
Use this command to set the timeout time for the event-timestamp attribute of packets about
RADIUS dynamic authorization extension. Use the no form of this command to remove the setting.
radius dynamic-authorization-extension event-timestamp interval seconds
no radius dynamic-authorization-extension event-timestamp interval
Parameter
Description
Parameter
Description
seconds
Specifies the timeout time for the event-timestamp attribute of
packets about RADIUS dynamic authorization extension, in seconds.
The value ranges from 0 to 600. The default value is 6. 0 indicates
that the timeout time for the event-timestamp attribute will not
expire.
Defaults
6
Command
Global configuration mode
mode
Usage Guide
The timeout time needs to be changed based on application requirements. It takes effect only after
the event-timestamp attribute check function is enabled.
Configuration
#Set the timeout time for the event-timestamp attribute of packets about RADIUS dynamic
Examples
authorization extension to 40 seconds:
Ruijie(config)#
radius
dynamic-authorization-extension
interval 40
Related
Commands
Command
Description
event-timestamp
Command Reference
RADIUS Dynamic Authorization Extension Commands
Shows the configuration.
show running-config
radius
dynamic-authorization-extension
attribute check
Platform
Enables
the
function
of
checking
the
event-timestamp attribute of packets about
RADIUS dynamic authorization extension.
N/A
Description
radius dynamic-authorization-extension attribute check
Use this command to enable the function of checking the event-timestamp attribute of packets about
RADIUS dynamic authorization extension. Use the no form of this command to disable this function.
radius dynamic-authorization-extension attribute check event-timestamp
no radius dynamic-authorization-extension attribute check event-timestamp
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
The function of checking the event-timestamp attribute of packets about RADIUS dynamic
authorization extension is disabled by default.
Command
Global configuration mode
mode
Usage Guide
N/A
Configuration
#Enable the function of checking the event-timestamp attribute of packets about RADIUS dynamic
Examples
authorization extension:
Ruijie(config)#
radius
dynamic-authorization-extension
attribute
check
event-timestamp
Related
Commands
Command
Description
show running-config
Shows the configuration.
radius
dynamic-authorization-extension
event-timestamp interval
Platform
Description
N/A
Sets the timeout time for the event-timestamp
attribute of packets about RADIUS dynamic
authorization extension.
Command Reference
RADIUS Dynamic Authorization Extension Commands
radius dynamic-authorization-extension duplicate-packet discard
Use this command to discard duplicated packets about RADIUS dynamic authorization extension.
Use the no form of this command to disable the function.
radius dynamic-authorization-extension duplicate-packet discard
no radius dynamic-authorization-extension duplicate-packet discard
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Duplicated packets about RADIUS dynamic authorization extension are not discarded.
Command
Global configuration mode
mode
Usage Guide
N/A
Configuration
#Discard duplicated packets about RADIUS dynamic authorization extension:
Examples
Ruijie(config)#
radius
dynamic-authorization-extension
duplicate-packet
discard
Related
Commands
Platform
Command
Description
show running-config
Shows the configuration.
N/A
Description
radius dynamic-authorization-extension max-request
Use this command to set the number of RADIUS Disconnect-Request packets that can be processed
concurrently. Use the no form of this command to remove the setting.
radius dynamic-authorization-extension max-request num
no radius dynamic-authorization-extension max-request
Parameter
Description
Parameter
Description
num
Specifies the number of RADIUS Disconnect-Request packets that
can be processed concurrently. This value ranges from 0 to 1000. 0
indicates that the number of concurrently processed RADIUS
Disconnect-Request packets is not limited. The default value is 100.
Command Reference
Defaults
100
Command
Global configuration mode
RADIUS Dynamic Authorization Extension Commands
mode
Usage Guide
N/A
Configuration
#Set the number of concurrently processed RADIUS Disconnect-Request packets to 1:
Examples
Ruijie(config)# radius dynamic-authorization-extension max-request 1
Related
Commands
Platform
Command
Description
show running-config
Shows the configuration.
N/A
Description
show radius dynamic-authorization-extension statistics
Use this command to show statistics about RADIUS dynamic authorization extension.
show radius dynamic-authorization-extension statistics
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Use this command to show statistics about RADIUS dynamic authorization extension, including
received and sent packets and the processing results about received request packets.
Configuration
#Show statistics about RADIUS dynamic authorization extension:
Examples
Ruijie# show radius dynamic-authorization-extension statistics
Disconnect-Request Received:
50
Incorrect Disconnect-Request Received:
1
Disconnect-Request Dropped for Queue Full:
0
Disconnect-Request Process Timeout:
0
Disconnect-Request Process Success:
49
Disconnect-ACK Sent:
Disconnect-ACK Sent Failed:
25
0
Command Reference
RADIUS Dynamic Authorization Extension Commands
Disconnect-NAK Sent:
24
0
Disconnect-NAK Sent Failed:
Related
Commands
Platform
Description
Command
Description
clear radius dynamic-authorization-extension
Clears
statistics
authorization extension.
N/A
statistics
about
RADIUS
dynamic
Command Reference
WLAN QoS Commands
WLAN QoS Commands
enable-qos
Use this command to enable the wireless QoS function. Use the no form of this command to disable
this function.
enable-qos
no enable-qos
Parameter
Description
Parameter
Description
no
The parameter indicates that you disable the wireless QoS function.
Defaults
The wireless QoS function is enabled by default.
Command
WLAN configuration mode.
mode
Usage Guide
N/A
Configuration
Example 1: Disable the wireless QoS function for WLAN 1.
Examples
Ruijie(config)# wlan-config 1
Ruijie(wids-config)# no enable-qos
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
fair-schedule
Use this command to enable the fair scheduling function on the wireless AP. Use the no form of this
command to disable this function.
fair-schedule
no fair-schedule
Parameter
Description
Parameter
Description
Command Reference
WLAN QoS Commands
The parameter indicates that you disable the fair scheduling function
no
on the AP.
Defaults
This function is enabled by default.
Command
AC: AP configuration mode
mode
AP: configuration mode
Usage Guide

On a fat AP, the command of configuring fair scheduling is used in configuration mode and you
can use the show run command to show configuration.

When the AP works in fit AP mode, the fair scheduling can be configured only on the AC.
Configuration
Example 1: Disable the fair scheduling on the AP.
Examples
Ruijie(config)# ap-config ap-name
Ruijie(wids-config)# no fair-schedule
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported on ACs and fat APs.
Description
wlan-based
Use this command to configure the upstream and downstream traffic limit of the current WLAN. Use
the no form of this command to restore the default value.
wlan-based { down-streams | up-streams } average-data-rate average-data-rate burst-data-rate
burst-data-rate
no wlan-based { down-streams | up-streams }
Parameter
Description
Parameter
Description
per-user-limit
Limit for each user on the WLAN
total-user-limit
Limit for the entire WLAN
down-streams
Total downstream traffic limit of the WLAN
up-streams
Total upstream traffic limit of the WLAN
average-data-rate
average-data-rate
burst-data-rate
burst-data-rate
no
Average rate limit, ranging from 1 to 819200 in 8Kbps
Burst rate limit, ranging from 1 to 819200 in 8Kbps
Restores the traffic limit to the default value.
Command Reference
WLAN QoS Commands
Defaults
No traffic limit is set by default.
Command
WLAN configuration mode.
mode
Usage Guide
N/A
Configuration
Example 1: Configure the average downstream rate of WLAN 1 to 800Kbps and burst rate to
Examples
1600Kbps.
Ruijie(config)# wlan-config 1
Ruijie(wids-config)#
wlan-based
down-streams
average-data-rate
800
burst-data-rate 1600
Related
Commands
Command
Description
ap-based { down-streams | up-streams }
average-data-rate
average-data-rate
burst-data-rate burst-data-rate
netuser
H.H.H
{
inbound
average-data-rate
|
outbound
}
average-data-rate
burst-data-rate burst-data-rate
Platform
Configures
the
AP-based
in-band
and
out-of-band traffic rate limit.
Configures
the
Client-based
in-band
and
out-of-band traffic rate limit.
This command is supported on ACs.
Description
wlan-qos ap-based
Use this command to configure the upstream and downstream traffic limit of the current AP.
Use the no form of this command to restore the default value.
wlan-qos ap-based { per-user-limit | total-user-limit } { down-streams | up-streams }
average-data-rate average-data-rate burst-data-rate burst-data-rate
no ap-based { per-user-limit | total-user-limit } { down-streams | up-streams }
Parameter
Description
Parameter
Description
per-user-limit
Limit for each user on the AP
total-user-limit
Limit for the entire AP
down-streams
Total downstream traffic limit of the AP
up-streams
Total upstream traffic limit of the AP
average-data-rate
Average rate limit, ranging from 1 to 819200 in 8Kbps
average-data-rate
Command Reference
WLAN QoS Commands
Defaults
No traffic limit is set by default.
Command
Configuration mode.
mode
Usage Guide
N/A
Configuration
Example 1: Configure the average downstream rate of AP wlan-ap-001 to 800Kbps and burst rate to
Examples
1600Kbps.
Ruijie(config)#
wlan-qos
ap-based
per-user-limit
down-streams
average-data-rate 800 burst-data-rate 1600
Related
Commands
Command
Description
wlan-qos netuser mac-address { inbound |
outbound } average-data-rate average-data-rate
burst-data-rate burst-data-rate
wlan-qos
{
wlan-based
{
per-user-limit
{
down-streams
|
wlan-id
|
ssid
}
up-streams
}
average-data-rate
the
Client-based
in-band
and
out-of-band traffic rate limits.
}
total-user-limit
|
Configures
average-data-rate
Configures the WLAN-based in-band and
out-of-band traffic rate limits.
burst-data-rate burst-data-rate
Platform
This command is supported on fat APs.
Description
wlan-qos netuser
Use this command to configure the in-band and out-of-band traffic limits for a specified user in the
current WLAN.
Use the no form of this command to restore the default value.
wlan-qos netuser mac-address { inbound | outbound } average-data-rate average-data-rate
burst-data-rate burst-data-rate
no netuser mac-address { inbound | outbound }
Parameter
Description
Parameter
Description
mac-address
User's MAC address to be set
inbound
User’s in-band traffic limit
outbound
User’s out-of-band traffic limit
average-data-rate
average-data-rate
burst-data-rate
burst-data-rate
Average rate limit, ranging from 1 to 819200 in 8Kbps
Burst rate limit, ranging from 1 to 819200 in 8Kbps
Command Reference
WLAN QoS Commands
Restores the traffic limit to the default value.
no
Defaults
No traffic limit is set by default.
Command
Configuration mode.
mode
N/A
Usage Guide
Configuration
Example 1: Set the average in-band rate to 800Kbps and burst rate to 1600Kbps for the user
Examples
0000.0000.0001 in WLAN 1.
Ruijie(config)# wlan-qos netuser 0000.0000.0001 inbound average-data-rate 800
burst-data-rate 1600
Related
Commands
Command
wlan-qos
Description
{
wlan-based
{
per-user-limit
{
down-streams
wlan-id
|
|
|
ssid
total-user-limit}
up-streams
average-data-rate
}
}
average-data-rate
Configures the WLAN-based in-band and
out-of-band traffic rate limits.
burst-data-rate burst-data-rate
wlan-qos
ap-based
{
per-user-limit
|
total-user-limit } { down-streams | up-streams }
Configures
average-data-rate
out-of-band traffic rate limits.
average-data-rate
the
AP-based
in-band
and
burst-data-rate burst-data-rate
Platform
This command is supported on fat APs.
Description
wlan-qos wlan-based
Use this command to configure the upstream and downstream traffic limit of the current WLAN.
Use the no form of this command to restore the default value.
wlan-qos wlan-based { wlan-id | ssid } { per-user-limit | total-user-limit } { down-streams |
up-streams } average-data-rate average-data-rate burst-data-rate burst-data-rate
no wlan-qos wlan-based { wlan-id | ssid } { per-user-limit | total-user-limit } { down-streams |
up-streams }
Parameter
Description
Parameter
Description
wlan-id
WLAN ID
ssid
SSID configured by the WLAN
per-user-limit
Limit for each user on the WLAN
Command Reference
WLAN QoS Commands
total-user-limit
Limit for the entire WLAN
down-streams
Total downstream traffic limit of the WLAN
up-streams
Total upstream traffic limit of the WLAN
average-data-rate
Average rate limit, ranging from 1 to 819200 in 8Kbps
average-data-rate
burst-data-rate
Burst rate limit, ranging from 1 to 819200 in 8Kbps
burst-data-rate
Restores the traffic limit to the default value.
no
Defaults
No traffic limit is set by default.
Command
Configuration mode.
mode
Usage Guide
N/A
Configuration
Example 1: Configure the average downstream rate of WLAN 1 to 800Kbps and burst rate to
Examples
1600Kbps.
Ruijie(config)# wlan-based 1 per-user-limit down-streams average-data-rate
800 burst-data-rate 1600
Related
Commands
Command
wlan-qos
Description
ap-based
{
per-user-limit
|
total-user-limit } { down-streams | up-streams }
Configures
average-data-rate
out-of-band traffic rate limits.
average-data-rate
the
AP-based
in-band
and
burst-data-rate burst-data-rate
netuser mac-address { inbound | outbound }
average-data-rate
average-data-rate
burst-data-rate burst-data-rate
Platform
Configures
the
Client-based
in-band
and
out-of-band traffic rate limits.
This command is supported on fat APs.
Description
wmm edca-client
Use this command to configure the client EDCA. Use the no form of this command to restore the
parameters to the default values.
wmm edca-client { back-groud | best-effort | video | voice } { aifsn [ aifsn-value ] cwmin
[ cwmin-value ] cwmax [ cwmax-value ] txop [ txop-value ] [ noack ] | cac [ optional ] } radio
[ radio-id ]
no wmm edca-client { back-groud | best-effort | video | voice } radio [ radio-id ]
Command Reference
Parameter
Description
WLAN QoS Commands
Parameter
Description
back-groud
Sets the back-ground queue.
best-effort
Sets the best-effort queue.
video
Sets the video queue.
voice
Sets the voice queue.
aifsn aifsn-value
aifsn value, ranging from 1 to 127
cwmin cwmin-value
cwmin value, ranging from 0 to 32767
cwmax cwmax-value
cwmax value, ranging from 0 to 1023
txop txop-value
txop value, ranging from 0 to 344
radio [ radio-id ]
Radio of the client EDCA, ranging from 1 to 2
Defaults
For the default EDCA policy for the AP, see the 802.11 standard.
Command
AP configuration mode.
mode
Usage Guide
N/A
Configuration
Example 1: Configure the value of aifsn, that is the business type of edca-client voice to 10, cwmin to
Examples
1, cwmax to 5, and txop to 50, and allocate edca-client voice to interface radio 1 on the AP.
ruijie(config-ap)#wmm edca-client voice aifsn 10 cwmin 1 cwmax 5 txop 50 radio
1
Related
Commands
Command
Description
wmm edca-radio { back-groud | best-effort |
video | voice } { aifsn [ aifsn-value ] cwmin
[ cwmin-value ] cwmax [ cwmax-value ] txop
Configures the EDCA used by AP.
[ txop-value ] length [ queue-length ] | cac
[ optional ] } radio [ radio-id ]
Platform
N/A
Description
wmm edca-radio
Use this command to configure the EDCA used by AP. Use the no form of this command to restore
the parameters to the default values.
wmm edca-radio { back-groud | best-effort | video | voice } { aifsn [ aifsn-value ] cwmin
[ cwmin-value ] cwmax [ cwmax-value ] txop [ txop-value ] length [ queue-length ] | cac [ optional ] }
radio [ radio-id ]
no wmm edca-radio { back-groud | best-effort | video | voice } radio [ radio-id ]
Command Reference
Parameter
Description
WLAN QoS Commands
Parameter
Description
back-groud
Sets the back-ground queue.
best-effort
Sets the best-effort queue.
video
Sets the video queue.
voice
Sets the voice queue.
aifsn aifsn-value
aifsn value, ranging from 1 to 127.
cwmin cwmin-value
cwmin value, ranging from 0 to 32767.
cwmax cwmax-value
cwmax value, ranging from 0 to 1023.
txop txop-value
txop value, ranging from 0 to 344.
radio [ radio-id ]
Radio selected for setting the client EDCA parameter, which ranges
from 1 to 2
Defaults
For the default EDCA policy for the AP, see the 802.11 standard.
Command
AP configuration mode.
mode
Usage Guide
N/A
Configuration
Example 1: Configure the value of aifsn, that is the business type of edca-radio voice to 10, cwmin to
Examples
1, cwmax to 5, and txop to 50, and allocate edca-radio voice to interface radio 1 on the AP.
ruijie(config-ap)#wmm edca-client voice aifsn 10 cwmin 1 cwmax 5 txop 50 radio
1
Related
Commands
Command
Description
wmm edca-client { back-groud | best-effort |
video | voice } { aifsn [ aifsn-value ] cwmin
[ cwmin-value ] cwmax [ cwmax-value ] txop
Configures the client EDCA.
[ txop-value ] [ noack ] | cac [ optional ] } radio
[ radio-id ]
Platform
N/A
Description
show client details
Use this command to display the QoS information related to a specified client.
show client details H.H.H
Command Reference
Parameter
Description
Parameter
H.H.H
Defaults
Command
mode
WLAN QoS Commands
Description
Displays the QoS information of the client with the specified source
MAC address.
N/A
Privileged EXEC mode.
Usage Guide
N/A
Configuration
Example 1: Display the QoS information of the user with the source MAC address of 0000.0000.0001.
Examples
Ruijie# show client details 0000.0000.0001
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Smart Antenna Commands
Smart Antenna Commands
smart antenna enable
Use this command to enable the Smart antenna (SA) function of the specified radio on the specified
AP. Use the no form of this command to disable the SA function.
smart antenna enable radio radio-id
no smart antenna enable radio radio-id
Parameter
Description
Parameter
Description
radio-id
Configures the ID for a radio.
Defaults
The SA function is enabled by default.
Command
AP configuration mode.
Mode
Usage Guide
N/A
Configuration
#Enable the SA function of Radio 1 on a specified AP.
Examples
Ruijie(config-ap)# smart antenna enable radio 1
#Disable the SA function of Radio 1 on a specified AP.
Ruijie(config-ap)# no smart antenna enable radio 1
Related
Commands
Platform
Description
Command
Description
N/A
N/A
This command is supported only on wireless AC/AP series products.
Command Reference
i-Share Antenna Feeder Commands
i-Share Antenna Feeder Commands
antdetect enable
Use this command to enable feeder link detection function. Use the no form of this command to
restore to the default value.
antdetect enable
no antdetect enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled
Command
AP-Config Configuration Mode
Mode
Usage Guide
N/A
Configuration
The following example enables I-share antenna feeder link detection function:
Examples
ruijie(config-ap)#antdetect enable
Related
Commands
Command
Description
N/A
N/A
Platform
This command is supported only in RGOS10.4(1T19) and the laters. This command is supported only
Description
on the AP220-E(M) v3.0 and above.
show antenna all
Use this command to display feeder status of all APs.
show antenna all
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
N/A
Command Reference
Command
i-Share Antenna Feeder Commands
Privileged EXEC Mode.
Mode
Usage Guide
Use this command to display the feeder status.
Configuration
The following example displays the feeder status:
Examples
ruijie# Show antenna all
Related
Commands
Command
Description
N/A
N/A
Platform
This command is supported only in RGOS10.4(1T19) and the laters. This command is supported only
Description
on the AP220-E(M) v3.0 and above.
show sntenna single
Use this command to display antenna feeder status of a single AP.
show antenna single ap-name
Parameter
Description
Parameter
Description
ap-name
The name of a single AP.
Defaults
N/A
Command
Privileged EXEC Mode.
Mode
Usage Guide
Use this command to display the feeder status.
Configuration
The following example displays the feeder status:
Examples
ruijie# Show antenna single ap-name
Related
Commands
Command
Description
N/A
N/A
Platform
This command is supported only in RGOS10.4(1T19) and the laters. This command is supported only
Description
on the AP220-E(M) v3.0 and above.
Command Reference
WLAN Capture Commands
WLAN Capture Commands
channel all
Use this command to enable AP sniffing all channels. Use the no form of this command to restore the
preceding configuration.
channel all radio-id
no channel all radio-id
Parameter
Description
Parameter
Description
radio-id
The parameter indicates the ID of the radio to be configured, which
ranges from 1 to the actual number of radio the AP has.
Defaults
By default, the AP is sniffering the working channel only.
Command
WLAN Capture configuration mode
mode
Usage Guide
Deployment of AP sniffing all channels can be enabled only in the monitor mode.
In the mirror mode, an AP can only captures and forwards all the packets on a particular
channel to a remote device running the analyzer software.
Configuration
Example 1: Configure the AP to capture packets on all channels of radio 1
Examples
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#channel all 1
Ruijie(wlan-cap)#exit
Related
Commands
Platform
Description
Command
Description
service enable
Enables the WLAN capture service.
show wlan-cap config
Shows the WLAN capture configuration.
This command is supported only on the fat AP.
Command Reference
WLAN Capture Commands
service enable
Use this command to enable the WLAN capture service. Use the no form of this command to disable
the WLAN capture service.
service enable
no service enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled
Command
After the WLAN capture service is enabled can the remote device connect and control the fat AP.
mode
Usage Guide
Only when the WLAN capture service is enabled, can the remote host access and control the fat AP.
After you enable the WLAN capture, all configurations in this mode are unmodifiable.
Configuration
Example 1: enable the WLAN capture service.
Examples
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#service enable
Ruijie(wlan-cap)#exit
Related
Commands
Platform
Command
Description
show wlan-cap config
Shows the WLAN capture configuration.
This command is supported only on the fat AP.
Description
forward
Use this command to configure the forwarding mode of WLAN capture packets.
forward { central | local }
Parameter
Description
Parameter
Description
central
Centralized forwarding mode. Packets of the WLAN capture from AP
Command Reference
WLAN Capture Commands
are centralized by AC, and then will be forwarded to the remote
device.
Local forwarding mode. Packets of the WLAN capture are forwarded
local
by AP directly to the remote device.
Defaults
Centralized forwarding mode.
Command
WLAN capture configuration mode
mode
Usage Guide
This command does not have the no form.
The forwarding mode must be configured before the WLAN capture service is
configured.
Configuration
Example 1: Configure the local forwarding mode for the AP.
Examples
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#forward local
Ruijie(wlan-cap)#exit
Related
Commands
Platform
Command
Description
service enable
Enables the WLAN capture.
show wlan-cap config
Shows the WLAN capture configuration.
This command is supported only on the AC.
Description
rpcap port
Use this command to configure a TCP port to be a Wireless Sniffer. Use the no form of this command
to restore the default settings.
rpcap port port-value
no rpcap port
Parameter
Description
Defaults
Parameter
Description
port-value
Monitoring port number, ranging from 1 to 65535.
The default value is 2002
Command Reference
Command
WLAN Capture Commands
WLAN capture configuration mode
mode
Usage Guide
The sniffing ports must be configured before the WLAN capture is configured.
The designated ports must be idle TCP ports, or failure occurs when binding the WLAN
capture to the designated ports.
Configuration
Example 1: Configure monitoring port 3000
Examples
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#rpcap port 3000
Ruijie(wlan-cap)#exit
Related
Commands
Platform
Command
Description
service enable
Enables the WLAN capture service.
show wlan-cap config
Shows the WLAN capture configuration.
This command is supported only on the AC and fat AP.
Description
rpcap login
Use this command to configure remote devices login authentication, including username and
password. Use the no form of this command to restore the default settings.
rpcap login username password
no rpcap login
Parameter
Description
Parameter
Description
username
Username, string, maximum length is 64 characters.
password
Password, string, maximum length is 64 characters.
Defaults
By default, the username and the password are null.
Command
WLAN capture configuration mode
mode
Command Reference
Usage Guide
WLAN Capture Commands
Only one set of the username and the password is allowed when configuring remote device login
authentication.
Only when the username and the password are null, can anonymous logins are allowed.
Login authentication must be configured before the WLAN capture service is configured.
Configuration
Example 1: Configure both the username and the password as “wlan-capture”
Examples
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Ruijie(wlan-cap)#rpcap login wlan-capture wlan-capture
Ruijie(wlan-cap)#exit
Related
Commands
Platform
Command
Description
service enable
Enable the WLAN capture service.
show wlan-cap config
Shows the WLAN capture configuration.
This command is supported only on the AC and fat AP.
Description
wlan-cap
Use this command to create the WLAN capture service or enter WLAN capture configuration service.
Use the no form of this command to remove the configuration.
wlan-cap
no wlan-cap
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
By default, the WLAN capture service is disabled.
Command
Global configuration mode
mode
Usage Guide
When this command is executed for the first time, terminals create and enable the WLAN capture
service.
Configuration
Example 1: create and enable the WLAN capture service.
Examples
Ruijie# configure terminal
Ruijie(config)#wlan-cap
Command Reference
WLAN Capture Commands
Ruijie(wlan-cap)#exit
Related
Commands
Platform
Command
Description
show wlan-cap config
Shows the WLAN capture configuration.
This command is supported only on the AC and fat AP.
Description
wlan-cap channel
Use this command to enable AP sniffing all channels.Use the no form of this command to restore the
preceding configuration.
wlan-cap channel all radio-id
no wlan-cap channel all radio-id
Parameter
Description
Parameter
Description
radio-id
The parameter indicates the ID of the radio to be configured, which
ranges from 1 to 31.
Defaults
By default, an terminal can only captures and forwards all the packets on current channel.
Command
AP configuration mode
mode
Usage Guide
Configuration to a non-existent Radio is invalid.
This command is invalid in ap-config all mode.
Configuration
Example 1: Configure the online
Examples
monitor mode of the radio 1.
AP (1414.4b61.09c7) to capture packets on all channels in the
Ruijie# configure terminal
Ruijie(config)#ap-config 1414.4b61.09c7
You are going to config AP(1414.4b61.09c7), which is on line now.
Ruijie(config-ap)#wlan-cap channel all 1
Ruijie(config-ap)#exit
Related
Commands
Command
Description
service enable
Enables the WLAN capture service.
show wlan-cap config
Shows the WLAN capture configuration.
Command Reference
Platform
WLAN Capture Commands
This command is supported only on the AC.
Description
wlan-cap enable
Use this command to enable the WLAN capture service on the radio of the AP.
Use the no form of this command to disable the WLAN capture service on the radio of the AP.
wlan-cap enable radio-id
no wlan-cap enable radio-id
Parameter
Description
Parameter
Description
radio-id
The parameter indicates the ID of the radio to be configured, which
ranges from 1 to 31.
Defaults
By default, this function is disabled.
Command
AP configuration mode
mode
Usage Guide
Configuration to a non-existent Radio is invalid.
This command is invalid in ap-config all mode.
Configuration
Example 1: Configure the online AP (1414.4b61.09c7) to capture packets on all channels of radio 1.
Examples
Ruijie# configure terminal
Ruijie(config)#ap-config 1414.4b61.09c7
You are going to config AP(1414.4b61.09c7), which is on line now.
Ruijie(config-ap)#wlan-cap enable 1
Ruijie(config-ap)#exit
Related
Commands
Platform
Command
Description
show wlan-cap interfaces
Shows the WLAN capture interfaces list.
This command is supported only on the AC.
Description
show wlan-cap
Use these commands to show information about the WLAN capture service.
Command Reference
WLAN Capture Commands
show wlan-cap config
show wlan-cap state
show wlan-cap interface
Parameter
Description
Parameter
Description
config
Shows current configuration of the WLAN capture.
state
Shows current state of the WLAN capture.
interface
Shows the WLAN capture interfaces list.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
Example 1: Show current configuration of the WLAN capture.
Examples
Ruijie#show wlan-cap config
========================= Wlan-cap-config =======================
Listen port: 2002
Login info: Anonymous
Forward: Central
Service enable: No
Example 2: Show current state of the WLAN capture.
Ruijie#show wlan-cap interface
Wlan capture interface info:
Total interface num: 1
Total running num: 0 (monitor: 0, mirror: 0)
Total idle num: 1
Index AP Name
AP Mac
Radio Channel Status User Num
----- ---------------- -------------- ----- ------- ------ -------1
ap320
00d0.f822.33d0
1
11
Idle
0
Example 3: Show the WLAN capture interfaces list.
Ruijie#show wlan-cap state
Total user num: 1
Capture mode: mirror(0); monitor(1)
Forward mode: central(1); local(0)
Index AP Name
AP Mac
Radio Channel Capture Forward Peer_ip
Port
----- ------------------ -------------- ----- ------- -------- ---------------------- ----1
apr2
1414.4b61.0a0f
1
11
Monitor
Central
Command Reference
20.0.0.10
Related
Commands
Platform
Description
WLAN Capture Commands
54990
Command
Description
N/A
N/A
This command is supported only on the AC and fat AP.
Command Reference
EF-DHCP Commands
EF-DHCP Commands
central dhcp enable
Use this command to forward the DHCP packet through the wireless access controller in local
forwarding mode. Use the no form of this command to restore the default setting.
central dhcp enable
no central dhcp enable
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
By default, the DHCP packets are sent in local forwarding mode, namely the packets are forwarded
through the access point.
Command
WLAN configuration mode
mode
Usage Guide
Ruijie recommends enabling this function for easy management of the DHCP address pool in WLAN
and simplification of the DHCP topology.
Configuration
The following example enables this function.
Examples
Ruijie(config)#wlan-config 100 ruijie_wlan
Ruijie(config-wlan)#tunnel local
Ruijie(config-wlan)#central dhcp enable
Related
Commands
Command
Description
N/A
N/A
Platform
This command is supported only in RGOS10.4(1b19)p1, including RGOS10.4(1b19)p2.
Description
This command is supported on access points and wireless access controllers.
Command Reference
Spectral Analysis Commands
Spectral Analysis Commands
spectral enable
Use this command to enable the Spectral Analysis (SA) function on the AP. Use the no form of this
command to disable this function.
spectral enable
no spectral enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The spectral function is disabled by default.
Command
AP configuration mode on the fit AP or AC
mode
Or:
Spectral configuration mode on the fat AP
Usage Guide
N/A
Configuration
This example shows how to enable the SA function on the specified AP.
Examples
Ruijie(config-ap)# spectral enable
This example shows how to disable the SA function on the specified AP.
Ruijie(config-ap)# no spectral enable
Related
Commands
Command
Description
N/A
N/A
Platform
This command is supported on all wireless AC products and several AP products, including
Description
AP220-SH v1.0 v1.1, AP320-I, AP330-I, AP110-W, AP220-I v2.0, AP220-E v5.0.
spectra l stability vbr | bth | bts | cph | mwo | cwa num
Use this command to configure interference with recognition accuracy.
[ no ] spectral stability vbr | bth | bts | cph | mwo | cwa num
Parameter
Description
Parameter
Description
vbr
Configures recognition accuracy of the video bridge within the range
from 1 to 5.
Command Reference
bth
Spectral Analysis Commands
Configures recognition accuracy of the Bluetooth headset within the
range from 1 to 4.
bts
Configures recognition accuracy of the Bluetooth voice within the
range from 1 to 2.
cph
Configures recognition accuracy of the cordless phone within the
range from 3 to 5.
mwo
Configures recognition accuracy of the microwave within the range
from 1 to 5.
cwa
Configures recognition accuracy of the continuous wave within the
range from 4 to 10.
Defaults
vbr: 5
bth: 1
bts: 1
cph: 5
mwo: 1
cwa: 8
Command
AP configuration mode on the fit AP or AC
mode
Or:
Spectral configuration mode on the fat AP
Usage Guide
N/A
Configuration
This example shows how to configure recognition accuracy of the SA video bridge on the specified
Examples
AP.
Ruijie(config-ap)# spectral stability vbr 2
This example shows how to restore recognition accuracy of the video bridge to the default value on
the specified AP.
Ruijie(config-ap)# no spectral stability vbr
Related
Commands
Command
Description
N/A
N/A
Platform
This command is supported on wireless AC products and several AP products, including AP220-SH
Description
v1.0 v1.1, AP320-I, AP330-I, AP110-W, AP220-I v2.0, AP220-E v5.0.
spectral period num
Use this command to configure the AP scanning cycle.
[ no ] spectral period num
Parameter
Parameter
Description
Command Reference
Spectral Analysis Commands
Description
num
Configures the scanning cycle within the range from 1 to 100. The
unit of the cycle is 5 microseconds.
Defaults
5 microseconds
Command
AP configuration mode on the fit AP or AC
mode
Or:
Spectral configuration mode on the fat AP
Usage Guide
N/A
Configuration
This example shows how to configure the SA scanning cycle of the specified AP.
Examples
Ruijie(config-ap)# spectral period 10
This example shows how to restore the scanning cycle of the specified AP to the default value.
Ruijie(config-ap)# no spectral speriod
Related
Commands
Command
Description
N/A
N/A
Platform
This command is supported on all wireless AC products and several AP products, including
Description
AP220-SH v1.0 v1.1, AP320-I, AP330-I, AP110-W, AP220-I v2.0, AP220-E v5.0.
Command Reference
CLI Authorization
CLI Authorization
alias
Use this command to configure a command alias in global configuration mode. Use the no form of
this command to remove the alias of a specified command or all the aliases in a specified mode.
alias mode command-alias original-command
no alias mode command-alias
Parameter
Description
Parameter
Description
mode
Mode of the command represented by the alias
command-alias
Command alias
original-command
Syntax of the command represented by the alias
Defaults
Some commands in EXEC mode have default alias.
Command
Global configuration mode.
Mode
Usage Guide
The following table lists the default alias of the commands in privileged EXEC mode.
Alias
Actual Command
h
help
p
ping
s
show
u
undebug
un
undebug
The default alias cannot be removed by the no alias exec command.
After configuring the alias, you can use a word to replace a command. For example, you can create
an alias to represent the first part of a command, and then type the rest part of the command.
The mode of the command represented by the alias is the command mode existing in the current
system. In the global configuration mode, you can use the alias ? command to list all the modes
under which you can configure alias for commands.
Ruijie(config)# alias ?
aaa-gs
AAA server group mode
acl
acl configure mode
bgp
Configure bgp Protocol
config
globle configure mode
......
Command Reference
CLI Authorization
The alias also has its help information that is displayed after * in the following format:
*command-alias=original-command
For example, in the privileged EXEC mode, the default alias s stands for show. You can enter s? to
query the key words beginning with s and the help information of the alias.
Ruijie#s?
*s=show show start-chat start-terminal-service
If an alias represents more than one word, the command will be displayed in brackets. For example, if
you set sv stand for show version in the privileged EXEC mode, then:
Ruijie#s?
*s=show *sv="show version" show start-chat
start-terminal-service
The alias must begin with the first letter of the command. The first letter of the command cannot be a
space. The space before the command cannot be used as a valid alias.
Ruijie# s?
show start-chat start-terminal-service
The command alias also has its help information. For example, if the alias ia represents ip address in
the interface configuration mode, then:
Ruijie(config-if)#ia ?
A.B.C.D IP address
dhcp
IP Address via DHCP
Ruijie(config-if)# ip address
The above help information lists the parameters of ip address and shows the actual command name.
You must enter an entire alias; otherwise it cannot be recognized.
Use the show aliases command to show the aliases setting in the system.
Configuration
#In global configuration mode, use def-route to represent the default route setting of ip route 0.0.0.0
Examples
0.0.0.0 192.168.1.1:
Ruijie# configure terminal
Ruijie(config)# alias config def-route ip route 0.0.0.0 0.0.0.0 192.168.1.1
Ruijie(config)#def-route?
*def-route="ip route 0.0.0.0 0.0.0.0 192.168.1.1"
Ruijie(config)# end
Ruijie# show aliases config
globle configure mode alias:
def-route
ip route 0.0.0.0 0.0.0.0
192.168.1.1
Related
Commands
Platform
Description
Command
Description
show aliases
Shows the aliases settings.
N/A
Command Reference
CLI Authorization
privilege
Use this command to attribute the execution rights of a command to a command level in global
configuration mode. Use the no form of this command to restore the execution rights of a command to
the default setting.
privilege mode [ all ] [ level level | reset ] command-string
no privilege mode [ all ] [ level level ] command-string
Parameter
Description
Parameter
Description
mode
CLI mode of the command to which the execution rights are
attributed.
all
Command alias
level
Specifies the execution right levels (0–15) of a command or
sub-commands
reset
Restores the command execution rights to its default level
command-string:
Command string to be authorized
Defaults
N/A.
Command
Global configuration mode.
Mode
Usage Guide
The following table lists some key words that can be authorized by the privilege command in CLI
mode. The number of command modes that can be authorized may vary with different devices. In the
global configuration mode, you can use the privilege ? command to list all CLI command modes that
can be authorized.
Mode
Descripton
config
Global configuration mode.
exec
Privileged EXEC mode
interface
Interface configuration mode
ip-dhcp-pool
DHCP address pool configuration mode
ip-dhcp-pool
DHCP address pool configuration mode
keychain
KeyChain configuration mode
keychain-key
KeyChain-key configuration mode
Configuration
#Set the password of CLI level 1 as test and attribute the reload rights to reset the device:
Examples
Ruijie(config)#enable secret level 1 0 test
Ruijie(config)#privilege exec level 1 reload
After the above setting, you can access the CLI window as level-1 user to use
the reload command:
Ruijie>reload ?
LINE
<cr>
Reason for reload
Command Reference
CLI Authorization
#You can use the key word all to attribute all sub-commands of reload to level-1 users:
Ruijie(config)# privilege exec all level 1 reload
#After the above setting, you can access the CLI window as level-1 user to use all sub commands of
the reload command:
Ruijie>reload ?
LINE
Reason for reload
at
reload at a specific time/date
cancel
cancel pending reload scheme
in
reload after a time interval
<cr>
Related
Commands
Platform
Command
Description
enable secret
Sets the CLI-level password.
N/A.
Description
show aliases
Use this command to show all the command aliases or aliases in special command modes.
show aliases [ mode ]
Parameter
Description
Parameter
Description
mode
Mode of the command represented by the alias.
Defaults
N/A.
Command
EXEC mode.
Mode
Usage Guide
Show the configuration of all aliases if no command mode is input.
Configuration
#Show the command alias in EXEC mode:
Examples
Ruijie#show aliases exec
exec mode alias:
Related
h
help
p
ping
s
show
u
undebug
un
undebug
Command
Description
Command Reference
CLI Authorization
Commands
alias
Platform
Description
N/A.
Sets a command alias.
Command Reference
LINE Commands
LINE Commands
access-class
Set the applied ACL (Access Control List) in Line. Use the access-class
{ access-list-number |
access-list-name } { in | out } command to configure the ACL in Line. Use the no access-class
{ access-list-number | access-list-name} { in | out } command to cancel the ACL configuration in
LINE.
access-class { access-list-number | access-list-name } { in | out }
no access-class { access-list-number | access-list-name } { in | out }
Parameter
Description
Parameter
access-list-number|
access-list-name
Description
Specifies the ACL defined by access-list
in
Performs access control over the incoming connections
out
Performs access control over the outgoing connections
Defaults
By default, no ACL is configured under Line. All connections are accepted, and all outgoing
connections are allowed.
Command
Line configuration mode.
Mode
Usage Guide
This command is used to configure ACLs under Line. By default, all the incoming and
outgoing connections are allowed, and no connection is filtered. After access-class is
configured, only the connections that pass access list filtering can be established successfully.
Use the show running command to view configuration information under Line.
Configuration
In line vty 0 4, configure access-list for the accepted connections to 10:
Examples
Ruijie# configure terminal
Ruijie(config)# line vty 0 4
Ruijie(config-line)# access-class 10 in
Related
Commands
Platform
Description
Command
Description
show running
Shows status information
Command Reference
LINE Commands
line
To enter the specified LINE mode, use the following command:
line [ aux | console | tty | vty ] first-line [ last-line ]
Parameter
Description
Parameter
Description
aux
Auxiliary port, on the routers.
console
Console port
tty
Asynchronous port, on the routers.
vty
Virtual terminal line, applicable for telnet/ssh connection.
first-line
Number of first-line to enter
Last-line
Number of last-line to enter
Defaults
N/A
Command
Global configuration mode.
Mode
Usage Guide
Access to the specified LINE mode.
Configuration
Enter the LINE mode from LINE VTY 1 to 3:
Examples
Ruijie(config)# line vty 1 3
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
line vty
This command can be used to increase the number of VTY connections currently available. The
number of currently available VTY connections can be decreased by using the no form of this
command.
line vty line-number
no line vty line-number
Parameter
Description
Parameter
Description
line-number
Number of vty to enter
Command Reference
LINE Commands
Defaults
By default, there are five available VTY connections, numbered 0 to 4.
Command
Global configuration mode.
Mode
Usage Guide
When you need to increase or decrease the number of available VTY connections, use the
above commands.
Configuration
Increase the number of available VTY connections to 20. The available VTY connections are
Examples
numbered 0 to 19.
Ruijie(config)# line vty 19
Decrease the number of available VTY connections to 10. The available VTY connections are
numbered 0-9.
Ruijie(config)# line vty 10
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
transport input
To set the specified protocol under Line that can be used for communication, use the transport input
command. Use the default
transport
input command to restore the protocols under Line that can
be used for communication to the default value.
transport input { all | ssh | telnet | none }
default transport input
Parameter
Description
Defaults
Parameter
Description
all
Allows all the protocols under Line to be used for
communication
ssh
Allows only the SSH protocol under Line to be used for
communication
telnet
Allows only the Telnet protocol under Line to be used for
communication
none
Allows none of protocols under Line to be used for
communication
By default, VTY allows all the protocols to be used for communication. The default value of
other types of TTYs is NONE, indicating that no protocols are allowed for communication.
After some protocols are set to be available for communication, use the default transport
Command Reference
LINE Commands
input command to restore the setting to the default value.
Command
Line configuration mode.
Mode
Usage Guide
This command is used to set the protocols in the Line mode that are available for
communication. By default, VTY allows all the protocols for communication. After protocols
available for communication are set, only these protocols can connect on the specific VTY
successfully. Use the show running command to view configuration information under Line.
Note: You can restore the default configuration by using the default transport input
command. The no transport input command is used to disable all the communication
protocols in the LINE mode. The setting result is the same as that of transport input
none.
Configuration
Specify that only the Telnet protocol is allowed to login in line vty 0 4:
Examples
Ruijie# configure terminal
Ruijie(config)# line vty 0 4
Ruijie(config-line)# transport input telnet
Related
Commands
Platform
Description
Command
Description
show running
Shows status information
Command Reference
Basic Management Commands
Basic Management Commands
disable
To switch from privileged user mode to normal user mode or lower the privilege level, run the disable
command.
disable [ privilege-level ]
Parameter
Parameter
Description
Description
privilege-level
Privilege level
Defaults
None
Command
Mode
Privileged EXEC mode
Use this command to switch to user mode from privileged EXEC mode. If a new privilege level is
added, the current privilege level will be lowered.
Usage Guide
The privilege level that follows the disable command must be lower than the current
level.
Configuration
The following example lowers the current privilege level of the device to level 10:
Examples
Ruijie# disable 10
Related
Commands
Platform
Description
Command
enable
Description
Moves from user mode enter to privileged EXEC mode or
reaches a higher level of authority.
None
enable password
To configure passwords for different privilege levels, run the global configuration command enable
password. The no form of this command is used to delete the password of a specified level.
enable password [level level] {password | [0|7] encrypted-password}
no enable password [level level]
Command Reference
Basic Management Commands
Parameter
Description
password
Password for the user to enter the EXEC configuration layer
level
User's level.
Password encryption type, "0" for no encryption, "7" for simple encryption
Parameter
(Optional) Ruijie’s private algorithm will be used for password encryption.
Description
0|7
If the password type is 0, the password is in plain text. If the type is 7, the
password is encrypted by a Ruijie device.
encrypted-password
Defaults
Command
Mode
Password text.
None
Global configuration mode
No encryption is required in general. The encryption type must be specified for copying and pasting a
encrypted password for the device.
A valid password is defined as follows:

Consists of 1-26 upper/lower case letters and numbers

Leading spaces are allowed but usually ignored. Spaces in between or at the end are regarded
as part of the password.
Usage Guide
If an encryption type is specified and a plaintext password is entered, you cannot enter
privileged EXEC mode. A lost password that has been encrypted using any method
cannot be restored. In this case, you can only reconfigure the device password.
Configuration
The following example configures the password as pw10:
Examples
Ruijie(config)# enable password pw10
Related
Command
Description
Commands
enable secret
Sets the security password
Platform
Description
None
enable secret
To configure a security password for different privilege levels, run the global configuration command
enable secret. The no form of this command is used to delete the password of a specified level.
enable secret [level level] {secret | [0|5] encrypted-secret}
no enable secret [level level]
Command Reference
Parameter
Description
Defaults
Command
Mode
Basic Management Commands
Parameter
Description
secret
Password for the user to enter the EXEC configuration layer
level
User's level.
0|5
Password encryption type, "0" for no encryption, "5" for security encryption
encrypted-password
Password text
None
Global configuration mode
A password comes under two caetgories: "password" and "security". "Password" indicates a simple
password, which can be set only for level 15. "Security" means a security password, which can be set
for levels 0-15. If both types of passwords coexist in the system, no "password" type is allowed. If a
Usage Guide
"password" type password is set for a level other than 15, the system gives an alert and the password
is automatically converted into a "security" password. If a "password" type password is set for level 15
and the same as a "security" password, an alert is given. The password must be encrypted, with
simple encryption for "password" type passwords and security encryption for "security" type
passwords.
Configuration
The following example configures the security password as pw10:
Examples
Ruijie(config)# enable secret 0 pw10
Related
Command
Description
Commands
enable password
Sets passwords for different privilege levels.
Platform
Description
None
enable service
To enable or disable a specified service such as SSH Server/Telnet Server/Web Server/SNMP
Agent, use the enable service command in global configuration mode:
enable service { ssh-sesrver | telnet-server | web-server | snmp-agent}
Parameter
Description
Defaults
Keyword
Description
ssh-server
Enables SSH Server. IPv4 and IPv6 services are enabled at the same time.
telnet-server
Enables Telnet Server. IPv4 and IPv6 services are enabled at the same time.
web-server
Enables HTTP Server. IPv4 and IPv6 services are enabled at the same time.
snmp-agent
Enables SNMP Agent. IPv4 and IPv6 services are enabled at the same time.
None
Command Reference
Command
Mode
Basic Management Commands
Global configuration mode
Use this command to enable or disable a specified service.
Use the no enable service command to
disable the specified service.
The enable service web-server command is followed by three optional keywords: [http |
Usage Guide
https | all]. If the command is followed by no keyword or by all, the command enables
http and https services. Followed by http, the command enables http service only.
Followed by https, the command enables https service only.
Configuration
The following example enables the SSH Server:
Examples
Ruijie(Config)# enable service ssh-sesrver
Related
Command
Description
commands
show service
Views the service status in the current system.
Platform
Description
None
execute
To run the commands in batches, use the execute command in privileged EXEC mode.
run [flash: ] filename
Parameter
Description
Defaults
Command
Mode
Parameter
Description
flash:
Parent directory of the batch file
filename
Name of the batch file
None
Privileged EXEC mode
This command is used to run commands in batches.
Usage Guide
You can define the filename and content of each batch file. When edited, the batch files on your
computer are transferred to the flash memory of the device through TFTP. These batch files imitate
Command Reference
Basic Management Commands
user input, so you should edit the content in the order of CLI command configuration. For some
interactive commands, the response message should be pre-written into the batch files to ensure the
commands can be normally rund.
Caution: The size of each batch file must not exceed 128 KB. Otherwise, the execution may fail. For
over-sized batch files, you can divide them into several files smaller than 128 KB.
The following example runs the batch file line_rcms_script.text, which is used to enable the reverse
Telnet function for all asynchronous interfaces with contents as follows:
configure terminal
line tty 1 16
transport input all
no exec
end
Configuration
Examples
The execution result is as follows:
Ruijie# execute flash:line_rcms_script.text
executing script file line_rcms_script.text ......
executing done
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# line tty 1 16
Ruijie(config-line)# transport input all
Ruijie(config-line)# no exec
Ruijie(config-line)# end
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
ip http authentication
An Http Server requires logon authentication for access to a Web page. Use this command to set
Web logon authentication mode.
ip http authentication {enable | local }
Parameter
Keyword
Description
Uses the password set by the enable password or enable command.
Description
enable
The password must be level 15.
The system performs enable authentication by default.
local
Uses the username and password set by the local username
command. The user must be bound to the privileges of level 15.
Command Reference
Defaults
Basic Management Commands
enable
Command
Mode
Usage Guide
Global configuration mode
This command is used to set the mode of Web logon authentication. Use the no ip http
authentication command to restore it to the default setting.
Configuration
The following example sets the mode of Web logon authentication as local:
Examples
Ruijie(Config)# ip http authentication local
Related
Command
Description
Commands
enable service
Enables or disables the specified service.
Platform
Description
None
ip http port
To set an HTTP service port, use this command in global configuration mode:
ip http port number
Parameter
Keyword
Description
Description
number
Port number of the HTTP server, 80 by default.
Defaults
80
Command
Mode
Usage Guide
Global configuration mode
This command is used to set an HTTP service port. Use the no ip http port command to restore it to
the default setting.
Configuration
The following example sets an HTTP service port as 8080:
Examples
Ruijie(Config)# ip http port 8080
Related
Command
Description
Commands
enable service
Enables or disables the specified service.
Platform
None
Command Reference
Basic Management Commands
Description
ip telnet source-interface
To specify the IP address of an interface as the source address for Telnet connection, use the ip
telnet source-interface command in global configuration mode:
ip telnet source-interface interface-name
Parameter
Keyword
Description
interface-name
Defaults
None
Command
Mode
Description
Specifies the IP address of the interface as the source address for
Telnet connection.
Global configuration mode
This command is used to specify the IP address of an interface as the source address for global
Usage Guide
Telnet connetction. When using the telnet command to log in a Telnet server, apply the global setting
if no source interface or source address is specified. Use the no ip telnet source-interface
command to restore it to the default setting.
Configuratio
n Examples
The following example specifies the IP address of the
for global Telnet connection.
Ruijie(Config)# ip telnet source-interface Loopback 1
Related
Command
Description
Commands
telnet
Logs in a Telnet server.
Platform
Description
Loopback1 interface as the source address
None
lock
To set a temporary password for the terminal, run the lock command in EXEC mode .
lock
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command Reference
Command
Mode
Basic Management Commands
Privileged EXEC mode
You can lock the terminal interface and maintain the session continuity to prevent access to the
interface by setting a temporary password. Take the following steps to lock the terminal interface:
Usage Guide

Enter the lock command, and the system will prompt you for a password:

Enter the password, which can be any character string. The system will prompt you to confirm
the password, clear the screen, and show the "Locked" information.

To access the terminal, enter the preset temporary password.
To lock the terminal, run the lockable command in line configuration mode and enable terminal
locking in the corresponding line.
The following example locks a terminal interface:
Ruijie(config-line)# lockable
Ruijie(config-line)# end
Ruijie# lock
Configuration
Examples
Password: <password>
Again: <password>
Locked
Password: <password>
Ruijie#
Related
Command
Description
Commands
lockable
Supports terminal locking in the line.
Platform
Description
None
lockable
To support the lock command at the terminal, run the lockable command in line configuration mode.
The terminal does not support the lock command by default. Use the no command to cancel the
setting.
lockable
no lockable
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command Reference
Command
Mode
Usage Guide
Basic Management Commands
Line configuration mode
This command is used to lock a terminal interface in the corresponding line. To lock the terminal, run
the lock command in EXEC mode.
The following example enables terminal locking at the console port and locks the console:
Ruijie(config)# line console 0
Ruijie(config-line)# lockable
Ruijie(config-line)# end
Configuration
Examples
Ruijie# lock
Password: <password>
Again: <password>
Locked
Password: <password>
Related
Command
Description
Commands
lock
Locks the terminal.
Platform
Description
None
login
If AAA is disabled, run the login command to enable simple login password authentication on the
interface. The no form of this command is used to delete the line login password authentication.
login
no login
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command
Mode
Usage Guide
Line configuration mode
If the AAA security server is inactive, this command enables simple password authentication at login.
The password is configured for a VTY or console interface.
Command Reference
Basic Management Commands
Configuration
The following example shows how to set a login password authentication on VTY.
Examples
Ruijie(config)# no aaa new-model
Ruijie(config)# line vty 0
Ruijie(config-line)# password 0 normatest
Ruijie(config-line)# login
Related
Command
Description
Commands
password
Configures the line login password
Platform
Description
None
login authentication
If the AAA is enabled, login authentication must be performed on the AAA server. Use this command
to associate login authentication method list. The no form of this command is used to delete the list.
login authentication {default | list-name}
no login authentication {default | list-name}
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
default
Name of the default authentication method list
list-name
Name of the method list
None
Line configuration mode
If the AAA security server is active, this command is used for login authentication using the specified
method list.
The following example shows how to associate the method list on VTY and perform login
authentication on a radius server.
Configuration
Ruijie(config)# aaa new-model
Examples
Ruijie(config)# aaa authentication login default radius
Ruijie(config)# line vty 0
Ruijie(config-line)# login authentication default
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
Command Reference
Basic Management Commands
Configures the login authentication method list.
aaa authentication login
Platform
Description
None
login local
If AAA is disabled, run the login local command to enable local user authentication on the interface.
The no form of this command is used to delete the line for local user authentication.
login local
no login local
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command
Mode
Usage Guide
Line configuration mode
If the AAA security server is inactive, this command is used for local user login authentication. The
user is allowed to use the username command.
Configuration
The following example shows how to set local user authentication on VTY.
Examples
Ruijie(config)# no aaa new-model
Ruijie(config)# username
test password 0 test
Ruijie(config)# line vty 0
Ruijie(config-line)# login local
Related
Command
Description
Commands
username
Configures local user information.
Platform
Description
None
privilege mode
See the “Configuring CLI Authorization Commands” chapter.
Command Reference
Basic Management Commands
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
See the “Configuring CLI Authorization Commands” chapter.
Command
Mode
Usage Guide
Configuration
Examples
See the “Configuring CLI Authorization Commands” chapter.
See the “Configuring CLI Authorization Commands” chapter.
See the “Configuring CLI Authorization Commands” chapter.
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
password
To configure a password for line login, run the password command. The no form of this command is
used to delete the line login password.
password {password | [0|7] encrypted-password}
no password
Parameter
Description
password
Password for remote line login
Password encryption type, "0" for no encryption, "7" for simple encryption
Parameter
Description
0|7
(Optional) Ruijie’s private algorithm will be used for password encryption. If
the password type is 0, the password is in plain text. If the type is 7, the
password is encrypted by a Ruijie device.
encrypted-password
Defaults
Command
Mode
Password text
None
Line configuration mode
Command Reference
Usage Guide
Configuration
Examples
Related
Commands
Platform
Description
Basic Management Commands
This command is used to configure a authentication password for remote line login.
The following example configures the line login password as "red":
Ruijie(config)# line vty 0
Ruijie(config-line)# password red
Command
login
Description
Moves from user mode to privileged EXEC mode or enables a higher level of
authority.
None
service password-encryption
To encrypt a password, run this command. The no form of this command is used to restore to the
default value, but a password in cipher text cannot be restored to plain text.
service password-encryption
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
N/A
N/A
None
Global configuration mode
This command is disabled by default. Various passwords are displayed in plain text, unless they are
encrypted. After you run the service password-encryption and show running or write command to
save your configuration, the password changes into cipher text. If you disable the command, the
password in cipher text cannot be restored to plain text.
Configuration
The following example encrypts the password:
Examples
Ruijie(config)# service password-encryption
Related
Command
Description
Commands
enable password
Sets passwords of different privileges.
Platform
None
Command Reference
Basic Management Commands
Description
telnet
To log in a server that supports telnet connection, use the telnet command in EXEC (privileged)
mode.
telnet host [port] [/source {ip A.B.C.D | ipv6 X:X:X:X::X | interface interface-name}] [/vrf vrf-name]
Parameter
Description
Defaults
Command
Mode
Parameter
Description
Host
The IP address of the host or host name you want to log in.
Port
Selects the TCP port number for login, 23 by default.
Specifies the source IP address or source interface used by the
/source
Telnet client.
ip A.B.C.D
Specifies the source IPv4 address used by the Telnet client.
ipv6 X:X:X:X::X
Specifies the source IPv6 address used by the Telnet client.
interface interface-name
Specifies the source interface used by the Telnet client.
/vrf vrf-name
Specifies the VRF routing table you want to query.
None
Privileged mode
This command is used to log in a telnet server.
Usage Guide
The /vrf keyword only applies to the RSR series of routers.
Example 1: The following example sets telnet to 192.168.1.11. The port number is the default, and
Configuration
Examples
the source interface is Gi 0/1. The queried VRF routing table is vpn1.
Ruijie# telnet 192.168.1.11 /source-interface gigabitEthernet 0/1 /vrf vpn1
Example 2: The following example sets telnet to 2AAA:BBBB::CCCC
Ruijie# telnet 2AAA:BBBB::CCCC
Command
Related
ip telnet source-interface
Commands
Platform
Description
Specifies the IP address of the interface as the source
address for Telnet connection.
show sessions
Shows the currently established Telnet sessions.
exit
Exits current connection.
None
Command Reference
Basic Management Commands
Description
username
To set a local username, run the username command in global configuration mode.
username name {nopassword | password { password | [0|7]
encrypted-password }} username name privilege privilege-level
no username name
Parameter
Parameter
Description
Description
name
Username
password
User password
Password encryption type, 0 for no encryption, 7 for simple encryption
(Optional) Ruijie’s private algorithm will be used for password encryption. If
0|7
the password type is 0, the password is in plain text. If the type is 7, the
password is encrypted by a Ruijie device.
Defaults
Command
Mode
Usage Guide
encrypted-password
Password text
privilege-level
User bound privilege level
None
Global configuration mode
This command is used to establish a local user database for authentication.
If encryption type is 7, the cipher text you enter should contain seven characters to be
valid.
In general, do not set the entryption type 7.
Instead, specify the type of encryption as 7 only when the encrypted password is copied
and pasted.
Configuration
The following example configures a username and password and bind the user to level 15.
Examples
Ruijie(config)# username test privilege 15 password 0 pw15
Related
Command
Description
Commands
login local
Enables local authentication
Platform
Description
None
Command Reference
Basic Management Commands
banner login
To configure the login banner, run the banner login command in clobal configuration mode. Use the
no banner login command to remove the configuration.
banner login c message c
Parameter
Parameter
Description
c
message
Defaults
Command
Mode
Usage Guide
Description
Separator of the message contained in the login banner.
Delimiters are not allowed in the MOTD.
Contents of the login banner
None
Global configuration mode
This command sets the login banner message, which is displayed at login. The system discards all
the characters next to the terminating symbol.
Configuration
The following example shows how to configure the login banner:
Examples
Ruijie(config)# banner login $ enter your password $
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
banner motd
To set the Message-of-the-Day (MOTD), run the banner motd command in global configuration
mode. To delete the MOTD setting, run the no banner motd command.
banner motd c message c
Parameter
Description
Defaults
Command
Mode
Parameter
Description
c
Separator of the MOTD. Delimiters are not allowed in the MOTD.
message
Contents of an MOTD
None
Global configuration mode
Command Reference
Usage Guide
Basic Management Commands
This command sets the MOTD, which is displayed at login. The letters that follow the separator will be
discarded.
Configuration
The following example shows the configuration of MOTD:
Examples
Ruijie(config)# banner motd $ hello,world $
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
clock set
To configure system clock manually, run one of the two formats of the clock set command in
privileged user mode:
clock set hh:mm:ss month day year
Parameter
Description
Defaults
Command
Mode
Parameter
Description
hh:mm:ss
Current time: Hour (24-hour): Minute: Second
day
Date (1-31) of month
month
Month (1-12) of year
year
Year (1993-2035): No abbreviation is allowed.
None
Privileged EXEC mode
Use this command to set the system time to facilitate management.
Usage Guide
For devices without hardware clock, the time set by the clock set command applies only for the
current setting. Once the device is powered off, the set time becomes invalid.
th
The following example configures the current time as 10:20:30AM March 17 2003.
Configuration
Ruijie# clock set 10:20:30 Mar 17 2003
Examples
Ruijie# show clock
clock: 2003-3-17 10:20:32
Related
Command
Description
Commands
show clock
Shows current clock.
Command Reference
Platform
Description
Basic Management Commands
None
clock update-calendar
In privileged EXEC mode, use the clock update-calendar command to overwrite the value of
hardware clock by software clock.
clock update-calendar
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command
Mode
Privileged EXEC mode
Some platforms use hardware clock as a complement. As the battery enables hardware clock to run
continuously hardware clock still runs, whether the device is turned off or restarted.
Usage Guide
If hardware clock and software clock are out of sync, the software clock is more reliable. Execute the
clock update-calendar command to copy the date and time indicated by the software clock to the
hardware clock.
Configuration
Examples
The following example copies the current time and date indicated by the software clock to the
hardware clock:
Ruijie# clock update-calendar
Related
Command
Description
Commands
N/A
N/A
Platform
Description
N/A
exec-timeout
To configure connection timeout for this device in LINE mode, use the exec-timeout command.
Once the connection timeout in LINE is cancelled by using the no exec-timeout command, the
connection never expires.
exec-timeout minutes [seconds]
no exec-timeout
Parameter
Parameter
Description
Command Reference
Description
Defaults
Command
Mode
Usage Guide
Basic Management Commands
minutes
Timeout in minutes.
seconds
(Optional) Timeout in minutes
The default timeout is 10 minutes.
Line configuration mode
If there is no input or output for this connection within a specified time, this connection will expire, and
this LINE will be restored to the free status.
Configuration
The following example specifies the connection timeout as 5’30’’.
Examples
Ruijie(config-line)#exec-timeout 5 30
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
hostname
To specify or modify the hostname of a device, run the hostname command in global configuration
mode.
hostname name
Parameter
Parameter
Description
Description
name
Device hostname, string, number or hyphen, up to 63 characters.
Defaults
The default hostname is Ruijie.
Command
Mode
Usage Guide
Global configuration mode
This hostname is mainly used to identify the device and is taken as the username for the local device
during dialup and CHAP authentication.
Configuration
The following example configures the hostname of the device as BeiJingAgenda:
Examples
Ruijie(config)# hostname BeiJingAgenda
BeiJingAgenda(config)#
Related
Command
Description
Command Reference
Commands
Platform
Description
Basic Management Commands
N/A
N/A
None
prompt
To set the prompt command, run the prompt command in global configuration mode. To delete the
prompt setting, run the no prompt command.
prompt string
Parameter
Parameter
Description
Description
string
Character string of the prompt command, containing up to 32 letters.
Defaults
None
Command
Mode
Usage Guide
Global configuration mode
If no prompt string is configured, the system name applies and varies with the system name. The
prompt command is valid only in EXEC mode.
Sets the prompt string to rgnos:
Configuration
Ruijie(config)# prompt rgnos
Examples
Ruijie(config)# end
RGOS
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
reload
To restart the device system, run the privileged user command reload.
reload [ text | in [ hh: ] mm [ text ] | at hh:mm [month day year ] [ text ] | cancel ]
Parameter
Parameter
Description
Description
text
Causes the system to restart, 1-255 bytes
in [ hh: ] mm
The system is restarted after a specified time interval of up to 24 days.
at hh:mm
The system is restarted at the specified time.
Command Reference
Defaults
Command
Mode
Usage Guide
Configuration
Examples
Basic Management Commands
month
Indicates a month using characters, such as Mar for March.
day
Date in the range of 1 to 31
year
Year in the range of 1993 to 2035. No abbreviation is allowed.
cancel
Cancels the scheduled restart.
None
Privileged EXEC mode
This command is used to restart the device at a specified time to facilitate management.
The following example restarts the system in 10 minutes:
Ruijie# reload in 10
Router will reload in 600 seconds.
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
session-timeout
To configure the session timeout for a remote terminal in current LINE mode, use the
session-timeout command. When the session timeout for the remote terminal in LINE mode is
cancelled, the session never expires.
session-timeout minutes [output]
no session-timeout
Parameter
Description
Defaults
Command
Mode
Usage Guide
Configuration
Parameter
Description
minutes
Timeout in minutes.
output
Regards data output as the input to determine whether the session expires.
The default timeout is 0 min.
LINE configuration mode
If no input or output in current LINE mode is found on the remote terminal for the session within a
specified time, this connection will expire, and this LINE will be restored to the free status.
The following example specifies the timeout as 5 minutes.
Command Reference
Basic Management Commands
Examples
Ruijie(config-line)#exec-timeout 5 output
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
speed
To set the speed at which the terminal transmits packets, run the speed speed command in line
configuration mode. To restore the speed to its default, run the no speed command.
speed speed
Parameter
Parameter
Description
Transmission rate (bps) on the terminal. For serial ports, optional rates include 9600,
Description
speed
Defaults
The default rate is 9600.
Command
Mode
Usage Guide
Configuration
Examples
19200, 38400, 57600, and 115200 bps. The default rate is 9600 bps.
Global configuration mode
This command is used to set the speed at which the terminal transmits packets.
The following example shows how to set the rate of the serial port to 57600 bps:
Ruijie(config)# line console 0
Ruijie(config-line)# speed 57600
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
write
Use this command to save running-config to a specified location.
write [ memory | network | terminal ]
Parameter
Description
Parameter
Description
memory
Writes the system configuration (running-config) into NVRAM, which is equivalent
Command Reference
Basic Management Commands
to copy running-config startup-config.
Saves the system configuration to the TFTP server, which is equivalent to copy
network
running-config tftp.
Shows the system configuration, which is equivalent to show running-config.
terminal
Defaults
Command
Mode
Privileged EXEC mode
Despite the presence of alternative commands, these commands are widely used and accepted.
Therefore, they are reserved to facilitate user operations.
On a device that enables you to specify a boot configuration file, use the write [memory]
command to do the following:
● If you have not specified a boot configuration file using the boot config command, the
system stores configurations in /config.text in the built-in flash memory by default.
● If you have specified a boot configuration file using the boot config command, the
system stores configurations in the file.
● If you have used the boot config command to specify a boot configuration file but the
Usage Guide
file does not exist:
■ The system automatically creates the specified file and writes it into system
configuration if the device that stores the file exists;
■ The system will ask you whether to save the current configuration in the default
boot configuration file /config and perform an action as required if the device
that stores the file does not exist possibly because the boot configuration file is
stored on a removable storage device such as USB drive or SD card, and the
device has not been loaded when you run the write [memory] command.
The boot config command is supported only on the RSR10, RSR20, R2700 V5.0,
RSR50, and NPE50 series of routers.
Example 1: The following example shows how to save system configuration on a device that does not
support boot config.
Ruijie# write
Building configuration...
[OK]
Configuration
Example 2: The following example shows how to use the write command on a device that supports
Examples
boot config before and after removing a USB drive you have set up to store the boot configuration
file:
Ruijie(config)# boot config /mnt/usb1/config.text
Ruijie# write
Building configuration...
Write to boot config file: [/mnt/usb1/config.text]
Command Reference
Basic Management Commands
[OK]
Ruijie# usb remove 1
0:1:1:38 Ruijie: USB-5-USB_DISK_REMOVED: USB Device <USB Mass Storage Device>
Removed!
Ruijie# write
Building configuration...
Write to boot config file: [/mnt/usb1/config.text]
[Failed]
The
device
[usb1]
does
not
exist,
write
to
the
default
config
[/config.text]? [no] yes
Write to the default config file: [/config.text]
[OK]
Command
Description
Related
boot config
Names the boot configuration file on the device.
Commands
copy
Copies device configuration files.
show running-config
Views the system configuration.
Platform
Description
None
show clock
To view the system time, run the show clock command in privileged user mode.
show clock
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command
Mode
Usage Guide
Configuration
Examples
Privileged EXEC mode
This command is used to view the current system clock.
The following example shows a result of the show clock command:
Ruijie# show clock
clock: 2003-3-17 10:27:21
Related
Command
Description
Commands
clock set
Sets the system clock.
file
Command Reference
Platform
Description
Basic Management Commands
None
show line
To show the configuration of a line, run the show line command in privileged EXEC mode.
show line {console line-num | vty line-num | line-num}
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
console
Shows the configuration of a console line.
aux
Checks configuration information relating to the aux line.
vty
Shows the configuration of a vty line.
line-num
Number of the line.
None
Privileged EXEC mode
This command shows the configuration of a line.
The following example shows the configuration of a console port:
Ruijie# show line console 0
CON
Type
speed
Overruns
* 0
CON
9600
45927
Line 0, Location: "", Type: "vt100"
Length: 24 lines, Width: 79 columns
Special Chars: Escape Disconnect Activation
Configuration
Examples
^^x
Timeouts:
none
Idle EXEC
never
^M
Idle Session
never
History is enabled, history size is 10.
Total input: 53564 bytes
Total output: 395756 bytes
Data overflow: 27697 bytes
stop rx interrupt: 0 times
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
Command Reference
Basic Management Commands
show reload
To show the system restart settings, run the show reload command in privileged EXEC mode.
show reload
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command
Mode
Usage Guide
Privileged EXEC mode
This command is used to show the restart settings of the system.
The following example shows the restart settings of the system:
Ruijie# show reload
Configuration
Examples
Reload scheduled in 595 seconds.
At 2003-12-29 11:37:42
Reload reason: test.
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
show running-config
To show how the current device system is configured, run the show running-config command in
privileged user mode.
show running-config
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command
Mode
Privileged EXEC mode
Command Reference
Usage Guide
Configuration
Examples
Basic Management Commands
None
None
Related
Command
Description
Commands
N/A
N/A
Platform
Description
None
show startup-config
To view the device configuration stored in the Non Volatile Random Access Memory (NVRAM), run
the show startup-config command in privileged user mode.
show startup-config
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None
Command
Mode
Privileged EXEC mode
The device configuration stored in the NVRAM is executed while the device is starting.
On a device that does not support boot config, startup-config is contained in the default
configuration file /config.text in the built-in flash memory.
On a device that supports boot config, configure startup-config as follows:
Usage Guide
If you have specified a boot configuration file using the boot config command and the file exists,
startup-config is stored in the specified configuration file.
If the boot configuration file you have specified using the boot config command does not exist or you
have not specified a boot configuration file using the command, startup-config is contained in
/config.text in the built-in flash memory.
Configuration
Examples
Related
Commands
None
Command
boot config
Description
Sets the name of the boot configuration
file.
Command Reference
Platform
Description
Basic Management Commands
None
show version
To view information about the system, run the show version command in privileged EXEC mode.
show version [devices | module | slots]
Parameter
Description
Parameter
devices
Current information about the device.
Description
module
Current information about the module.
slots
Current information about the slot.
Defaults
Command
Mode
Usage Guide
None
Privileged mode
This command is used to view current system information, including the system start time, version,
device information, and serial number.
The following example shows system information.
Ruijie# show version
System description : Ruijie Dual Stack Multi-Layer Switch(S3760-24) By Ruijie
Network
System start time: 1970-6-14 11:49:53
Configuration
Examples
System uptime: 3:17:1:17
System hardware version: 2.0
System software version: RGOS 10.3.00(4), Release(34679)
System boot version: 10.2.34077
System CTRL version: 10.2.24136
System serial number: 1234942570001
Related
Command
Description
Commands
N/A
N/A
Platform
The parameters such as devices and module are only supported on some modular networking
Description
devices.
Command Reference
HTTP Service Commands
HTTP Service Commands
enable service web-server
Use this command to enable the HTTP service function.
Use the no form of this command to disable the HTTP service function.
enable service web-server [ http | https | all ]
no enable service web-server [ http | https ]
Parameter
Description
Parameter
Description
http
Enables the HTTP service.
https
Enables the HTTPS service.
all
Enables both the HTTP service and the HTTPS service.
Defaults
By default, the HTTP service function is disabled.
Command
Global configuration mode.
mode
Usage Guide
If run a command ends with the keyword all or without keyword, it indicates enabling both the HTTP
service and the HTTPS service; if run a command ends with keyword http, it indicates enabling the
HTTP service; if run a command ends with keyword https, it indicates enabling the HTTPS service.
Use the command no enable service web-server to disable the corresponding HTTP service.
Configuration
The following example enables both the HTTP service and the HTTPS service:
Examples
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#enable service web-server
Related
Commands
Command
Description
show service
Displays the configuration information and
status of system service.
show web-server status
Displays the configuration information and
status of the web service.
Platform
N/A
Description
http web-file update
Use this command to update the Web package.
Command Reference
HTTP Service Commands
http web-file update
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
When the latest installation package is acquired and is stored in local device, user can run this
command directly without restarting the device to update the Web package.
To enable the new web package to take effect, log in to the web interface again.
Configuration
The following example updates the Web package
Examples
Ruijie#http web-file update
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ip http port
Use this command to configure the HTTP port number.
Use the no form of this command to restore the HTTP port number to the default value.
ip http port port-number
no ip http port
Parameter
Description
Parameter
Description
port-number
Configures the HTTP port number, the value includes 80,
1025-65535.
Defaults
The default HTTP port number is 80.
Command
Global configuration mode.
mode
Command Reference
HTTP Service Commands
Usage Guide
Use this command to configure the HTTP port number.
Configuration
The following example configures the HTTP port number as 8080:
Examples
Ruijie#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Ruijie(config)#ip http port 8080
Related
Commands
Command
Description
enable service web-server
Enables the HTTP service function.
show web-server status
Displays the configuration information and
status of the web service.
Platform
N/A
Description
ip http secure-port
Use this command to configure the HTTPS port number.
Use the no form of this command to restore the HTTPS port number to the default value.
ip http secure-port port-number
no ip http secure-port
Parameter
Description
Parameter
Description
port-number
Configures the HTTPS port number, the value includes 443,
1025-65535.
Defaults
The default HTTP port number is 443.
Command
Global configuration mode.
mode
Usage Guide
Use this command to configure the HTTPS port number.
Configuration
The following example configures the HTTPS port number as 4443:
Examples
Ruijie#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Ruijie(config)#ip http secure-port 4443
Related
Commands
Command
Description
enable service web-server
Enables the HTTP service function.
show web-server status
Displays the configuration information and
status of the web service.
Command Reference
Platform
HTTP Service Commands
N/A
Description
webmaster level
Use this command to configure HTTP authentication information, including the username and
password.
webmaster level privilege-level username name password { password | [ 0 | 7 ]
encrypted-password }
no webmaster level privilege-level [ username name ]
Parameter
Description
Parameter
Description
privilege-level
Configures the user privilege-level.
name
Username.
password
Password.
0|7
Password type; 0 indicates plaintext, 7 indicates ciphertext.
encrypted-password
Password text.
Defaults
N/A
Command
Global configuration mode.
mode
Usage Guide
When HTTP is enabled, users can log in to the web interface only after being authenticated. Use this
command to configure the username and password for the HTTP authentication information.
Run the command no webmaster level privilege-level I to delete all the usernames and the
password with a designated privilege-level.
Run the command no webmaster level privilege-level username name to delete the designated
username and password.
Usernames and passwords come with three permission levels, each of which includes
at most 20 usernames and passwords.
Configuration
The following example configures HTTP authentication information, including the username and
Examples
password:
Ruijie#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Ruijie(config)#webmaster level 0 username ruijie password admin
Related
Commands
Command
Description
Command Reference
HTTP Service Commands
Enables the HTTP service function.
enable service web-server
Platform
N/A
Description
http check-version
Use this command to detect the available upgrade files on the HTTP server.
http check-version
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Use this command to detect the available upgrade files. The detected upgrade files version is later
than that of local files,
Configuration
The following example demonstrates the version of the detected HTTP upgrade file.
Examples
Ruijie#http check-version
Files need to be updated: web.
app name:web
sn
version
filename
-- ------------------- -------------------------
Related
Commands
Platform
0
1.2.1(82381)
web1.2.1(145680).upd
1
1.2.1(82380)
web1.2.1(145680).upd
2
1.2.1(82379)
web1.2.1(145680).upd
3
1.2.1(82378)
web1.2.1(145680).upd
Command
Description
http update
Manually updates designated files.
N/A
Description
http update
Use this command to manually update the web file.
http update web [ version string ]
Command Reference
Parameter
Description
HTTP Service Commands
Parameter
Description
string
Version of the Web package to be updated.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Use this command to download the available Web package from a remote server to local device.
If the version is specified, then use the update package with specified version to update the Web
package; otherwise, use the latest update package to update the Web package.
Configuration
The following example demonstrates how to manually download the latest Web package form the
Examples
designated remote server.
Ruijie#http update web
Related
Commands
Command
Description
http check-vesion
Detects the available update package on the
HTTP server.
Platform
N/A
Description
http update mode
Use this command to configure the HTTP update mode.
http update mode auto-detect
no http update mode
Parameter
Description
Parameter
Description
auto-detect
Auto-detect mode
Defaults
By default, the auto-detect function is disabled.
Command
Global configuration mode.
mode
Usage Guide
Use this command to configure the HTTP update mode
Use this command to configure the HTTP working in the auto-detect mode. The device will detect files
on the server at detection time. User can check the available Web update files on the Web interface.
Use the no form of this command to convert the auto-detect mode into manual mode. The device
working in the manual mode cannot update automatically, so the user must configure the update
Command Reference
HTTP Service Commands
manually.
Configuration
The following example enables the Auto-detect mode:
Examples
Ruijie#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Ruijie(config)#http update mode auto-detect
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
http update server
Use this command to configure the IP address and the HTTP port number of the HTTP upgrade
server.
http update server { host-name | ip-address } [ port port-number ]
no http update server
Parameter
Description
Parameter
Description
host-name
Host name of the HTTP remote upgrade server.
ip-address
IP address of the HTTP remote upgrade server.
port-number
Port number of the HTTP remote upgrade server; value ranges from
1-65535.
Defaults
By default, the IP address of the HTTP remote upgrade server is 0.0.0.0 and the port number is 80.
Command
Global configuration mode.
mode
Usage Guide
Use this command to configure the IP address and the HTTP port number of the HTTP upgrade
server. When processing the update, the user-configured server address is preferentially used. If the
connection fails, the server address in store in the local upgrade record file will be used to establish
the connection. When all the above connection fails, the update will be suspended.
At least one IP address of upgrade server is stored in the local upgrade record file, and this IP
address cannot be modified.
The HTTP upgrade server address is not need to be configured because the local
upgrade record file records available upgrade server addresses.
Command Reference
HTTP Service Commands
If the server domain needs to be configured, enable the DNS function on the device and
configure the DNS server address.
The server IP address cannot be an IPv6 address.
Configuration
The following example configures the IP address and the HTTP port number of the HTTP upgrade
Examples
server:
Ruijie#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Ruijie(config)#http update server 10.83.132.1 port 90
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
http update time
Use this command to configure the HTTP auto-detection time
http update time daily hh:mm
no http update time
Parameter
Description
Parameter
Description
hh:mm
Specific auto-detection time; (24-hour system); accurate to minute.
Defaults
By default, the remote HTTP auto-detection time is random.
Command
Global configuration mode.
mode
Usage Guide
Use this command to configure the HTTP auto-detection time. The device detects the files available
for upgrade on the server at the specified detection time. Use can read these detected file information
through Web interface.
Use the no form of this command to reset the auto-detection time as random.
Configuration
The following example configures the HTTP auto-detection time:
Examples
Ruijie#configure terminal
Enter configuration commands, one per line.
End with CNTL/Z.
Ruijie(config)#http update time daily 23:40
Related
Command
Description
Command Reference
HTTP Service Commands
Commands
Configures the HTTP update mode
http update mode
Platform
N/A
Description
show web-server status
Use this command to display the configuration information and status of the web.
show web-server status
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
The following example displays the configuration information and status of the web:
Examples
Ruijie#show web-server status
http server status : enabled
http server port : 80
https server status: enabled
https server port: 443
http(s) use memory block: 768, create task num: 0
Related
Commands
Platform
Description
Command
Description
enable service web-server
Enables the HTTP service function.
ip http port
Configures the HTTP port number.
ip http secure-port
Configures the HTTPS port number.
N/A
Command Reference
Network Connectivity Test Tool Commands
Network Connectivity Test Tool Commands
ping
Use this command to test the connectivity of a network to locate the network connectivity problem. The
command format is as follows:
ping [ vrf vrf-name | ip ] [ ip-address [ length length ] [ ntimes times ] [ timeout seconds] [ data
data ] [ source source ] [ df-bit ] [ validate ] ]
Parameter
Description
Parameter
Description
vrf-name
VRF name
ip-address
Specifies an IPv4 address.
length
Specifies the length of the packet to be sent.
times
Specifies the number of packets to be sent.
seconds
Specifies the timeout time.
data
Specifies the data to fill in.
Specifies the source IPv4 address or the source interface. The
seconds
loopback interface address (for example: 127.0.0.1) is not allowed to
be the source address.
df-bit
validate
Defaults
Sets the DF bit for the IP address. DF bit=1 indicates not to
segmentate the datagrams. By default, the DF bit is 0.
Sets whether to validate the reply packets or not.
Five packets with 100Byte in length are sent to the specified IP address within specified time (2s by
default).
Command
Privileged EXEC mode.
Mode
Usage Guide
The ping command can be used in the ordinary user mode and the privileged EXEC mode. In the
ordinary mode, only the basic functions of ping are available. In the privileged EXEC mode, in addition
to the basic functions, the extension functions of the ping are also available. For the ordinary functions
of ping, five packets of 100Byte in length are sent to the specified IP address within the specified
period (2s by default). If response is received, ‘!’ is displayed. If no response is received, ‘.’ displayed,
and the statistics is displayed at the end. For the extension functions of ping, the number, quantity and
timeout time of the packets to be sent can be specified, and the statistics is also displayed in the end.
To use the domain name function, configure the domain name server firstly. For the concrete
configuration, refer to the DNS Configuration section.
Configuration
The example below shows the ordinary ping.
Examples
Ruijie# ping 192.168.5.1
Sending 5, 100-byte ICMP Echoes to 192.168.5.1, timeout is 2 seconds:
Command Reference
Network Connectivity Test Tool Commands
< press Ctrl+C to break >
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
The example below shows the extension ping.
Ruijie# ping 192.168.5.197 length 1500 ntimes 100 timeout 3
Sending 100, 1500-byte ICMP Echoes to 192.168.5.197, timeout is 3 seconds, data
ffff source 192.168.4.10:
< press Ctrl+C to break >
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 2/2/3 ms
Ruijie#
Related
Commands
Command
Description
N/A
N/A
The command is supported by all equipments.
Platform
Description
ping ipv6
Use this command to test the connectivity of a network to locate the network connectivity problem. The
command format is as follows:
ping [ ipv6 ] [ ipv6-address [ length length ] [ ntimes times ] [ timeout seconds ] [ data data ] [ source
source ]
Parameter
Descriptio
Parameter
Description
Ipv6-address
Specifies an IPv6 address.
length
Specifies the length of the packet to be sent.
times
Specifies the number of packets to be sent.
seconds
Specifies the timeout time.
data
Specifies the data to fill in.
n
Specifies the source IPv6 address or the source interface. The
source
loopback interface address (for example: 127.0.0.1) is not allowed to
be the source address.
Defaults
Five packets with 100Byte in length are sent to the specified IP address within specified time 2s by default
Command
Privileged EXEC mode.
Mode
Command Reference
Network Connectivity Test Tool Commands
Usage
The ping ipv6 command can be used in the ordinary user mode and the privileged EXEC mode. In the
Guide
ordinary mode, only the basic functions of ping ipv6 are available. In the privileged EXEC mode, in addition
to the basic functions, the extension functions of the ping ipv6 are also available. For the ordinary functions
of ping ipv6, five packets of 100Byte in length are sent to the specified IP address within the specified
period (2s by default). If response is received, ‘!’ is displayed. If no response is received, ‘.’ displayed, and
the statistics is displayed at the end. For the extension functions of ping ipv6, the number, quantity and
timeout time of the packets to be sent can be specified, and the statistics is also displayed in the end. To
use the domain name function, configure the domain name server firstly. For the concrete configuration,
refer to the DNS Configuration section.
Configurat
The example below shows the ordinary ping ipv6.
ion
Ruijie# ping ipv6 2000::1
Examples
Sending 5, 100-byte ICMP Echoes to 2000::1, timeout is 2 seconds:
< press Ctrl+C to break >
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
The example below shows the extension ping ipv6.
Ruijie# ping
ipv6 2000::1
length 1500 ntimes 100 timeout 3 data ffff source
192.168.4.10:
Sending 100, 1500-byte ICMP Echoes to 2000::1, timeout is 3 seconds
< press Ctrl+C to break >
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 2/2/3 ms
Related
Command
Command
Description
N/A
N/A
s
Platform
The command is supported by all ipv6 equipments.
Descriptio
n
traceroute
Execute the traceroute command to show all gateways passed by the test packets from the source
address to the destination address.
traceroute [ vrf vrf-name | ip ] [ ip-address [ probe number ] [ source source ] [ timeout seconds]
[ ttl minimum maximum ] ]
Parameter
Parameter
Description
Command Reference
Network Connectivity Test Tool Commands
Description
vrf-name
VRF name
ip-address
Specifies an IPv4 address.
number
Specifies the number of probe packets to be sent.
Specifies the source IPv4 address or the source interface. The
loopback interface address (for example: 127.0.0.1) is not allowed to
source
be the source address.
seconds
Specifies the timeout time.
minimum maximum
Specifies the minimum and maximum TTL values.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Use the traceroute command to test the connectivity of a network to exactly locate the network
connectivity problem when the network failure occurs. To use the function domain name, configure
the domain name server. For the concrete configuration, refer to the DNS Configuration part.
Configuration
The following is two examples of the application bout traceroute, the one is of the smooth network,
Examples
and the other is the network in which some gateways aren’t connected successfully.
1. When the network is connected smoothly:
Ruijie# traceroute 61.154.22.36
< press Ctrl+C to break >
Tracing the route to 61.154.22.36
1
192.168.12.1
0 msec
0 msec
0 msec
2
192.168.9.2
4 msec
4 msec
4 msec
3
192.168.9.1
8 msec
8 msec
4 msec
4
192.168.0.10
4 msec
28 msec 12 msec
5
192.168.9.2
4 msec
4 msec
6
202.101.143.154
7
61.154.22.36
4 msec
12 msec 8 msec
12 msec 8 msec
24 msec
22 msec
From above result, it’s clear to know that the gateways passed by the packets sent to the host with an
IP address of 61.154.22.36 (gateways 1~6) and the spent time are displayed. Such information is
helpful for network analysis.
2. When some gateways in the network fail:
Ruijie# traceroute 202.108.37.42
< press Ctrl+C to break >
Tracing the route to 202.108.37.42
1
192.168.12.1
0 msec
0 msec 0 msec
2
192.168.9.2
0 msec
4 msec 4 msec
3
192.168.110.1
16 msec 12 msec 16 msec
Command Reference
Network Connectivity Test Tool Commands
4
* * *
5
61.154.8.129
12 msec
28 msec 12 msec
6
61.154.8.17
8 msec
12 msec 16 msec
7
61.154.8.250
12 msec
12 msec 12 msec
8
218.85.157.222
12 msec
12 msec 12 msec
9
218.85.157.130
16 msec
16 msec 16 msec
10
218.85.157.77
16 msec
48 msec 16 msec
11
202.97.40.65
76 msec
24 msec 24 msec
12
202.97.37.65
32 msec
24 msec 24 msec
13
202.97.38.162
52 msec
52 msec 224 msec
14
202.96.12.38
84 msec
52 msec 52 msec
15
202.106.192.226 88 msec
52 msec 52 msec
16
202.106.192.174
17
210.74.176.158
100 msec 52 msec 84 msec
18
202.108.37.42
48 msec
52 msec
52 msec 88 msec
48 msec 52 msec
The above result clearly shown that the gateways passed by the packets sent
to the host with an IP address of 202.108.37.42 (gateways 1~17) and the spent
time are displayed, and gateway 4 fails.
Ruijie# traceroute www.ietf.org
Translating "www.ietf.org"...[OK]
< press Ctrl+C to break >
Tracing the route to 64.170.98.32
Related
1
192.168.217.1
0 msec 0 msec 0 msec
2
10.10.25.1
0 msec 0 msec 0 msec
3
10.10.24.1
0 msec 0 msec 0 msec
4
10.10.30.1
10 msec 0 msec 0 msec
5
218.5.3.254
0 msec 0 msec 0 msec
6
61.154.8.49
10 msec 0 msec 0 msec
7
202.109.204.210 0 msec 0 msec 0 msec
8
202.97.41.69
20 msec 10 msec 20 msec
9
202.97.34.65
40 msec 40 msec 50 msec
10
202.97.57.222
50 msec 40 msec 40 msec
11
219.141.130.122 40 msec 50 msec 40 msec
12
219.142.11.10
40 msec 50 msec 30 msec
13
211.157.37.14
50 msec 40 msec 50 msec
14
222.35.65.1
40 msec 50 msec 40 msec
15
222.35.65.18
40 msec 40 msec 40 msec
16
222.35.15.109
50 msec 50 msec 50 msec
17
*
18
64.170.98.32
Command
*
*
40 msec 40 msec 40 msec
Description
Command Reference
Network Connectivity Test Tool Commands
Commands
N/A
N/A
Platform
The command is supported by all equipments. Where, the VRF function can only be provided in the
Description
RSR equipment.
traceroute ipv6
Use this command to show all gateways passed by the test packets from the source address to the
destination address.
traceroute [ ipv6 ] [ ip-address [ probe number ] [ timeout seconds ] [ ttl minimum maximum ] ]
Parameter
Description
Parameter
Description
ipv6-address
Specifies an IPv6 address.
number
Specifies the number of probe packets to be sent.
seconds
Specifies the timeout time.
minimum maximum
Specifies the minimum and maximum TTL values.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Use the traceroute ipv6 command to test the connectivity of a network to exactly locate the network
connectivity problem when the network failure occurs. To use the function domain name, configure
the domain name server. For the concrete configuration, refer to the DNS Configuration part.
Configuration
The following is two examples of the application bout traceroute ipv6, the one is of the smooth
Examples
network, and the other is the network in which some gateways aren’t connected successfully.
1. When the network is connected smoothly:
Ruijie# traceroute ipv6 3004::1
< press Ctrl+C to break >
Tracing the route to 3004::1
1
3000::1
0 msec 0 msec 0 msec
2
3001::1
4 msec 4 msec 4 msec
3
3002::1
8 msec 8 msec 4 msec
4
3004::1
4 msec 28 msec 12 msec
From above result, it’s clear to know that the gateways passed by the packets sent to the host with an
IP address of 3004::1 (gateways 1~4) and the spent time are displayed. Such information is helpful
for network analysis.
2. When some gateways in the network fail:
Ruijie# traceroute ipv6 3004::1
< press Ctrl+C to break >
Command Reference
Network Connectivity Test Tool Commands
Tracing the route to 3004::1
1
3000::1
0 msec 0 msec 0 msec
2
3001::1
4 msec 4 msec 4 msec
3
3002::1
8 msec 8 msec 4 msec
4
* * *
5
3004::1
4 msec 28 msec 12 msec
The above result clearly shown that the gateways passed by the packets sent to the host with an IP
address of 3004::1 (gateways 1~5) and the spent time are displayed, and gateway 4 fails.
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Upgrade and Maintenance Commands
Upgrade and Maintenance Commands
copy tftp
Upgrade and maintain by the tftp protocol or upload and download by the tftp protocol.
copy flash: filename tftp://location/filename
copy tftp://location/filename flash: filename
copy flash: filename tftp://location/filename vrf vrfname
copy tftp://location/filename flash: filename vrf vrfname
Parameter
Description
Parameter
Description
filename
File name
vrfname
VRF name
Defaults
N/A
Command
Privileged user mode.
mode
Usage Guide
If there is a space in the source file name, quotation mask is necessary for the TFTP link, for
example:
copy tftp:”//location/filename” flash: filename vrf vrfname
So does the destination file name, for example:
copy tftp://localtion/filename flash:”filename” vrf vrfname
copy tftp://localtion/filename flash:”filename” vrf vrfname
If there is a space in the source file name, quotation mask is necessary for the TFTP
link, for example:
copy tftp:”//location/filename” flash: filename vrf vrfname
So does the destination file name, for example:
copy tftp://localtion/filename flash:”filename” vrf vrfname
Configuration
The following is two examples: The first one transmits the backup parameter file (config.bak) from the
Examples
local host (ip 192.168.12. 1) to the switch; The second one transmits the file (switch.bin) from the
switch to the local switch (ip 192.168.12.1):
Ruijie# copy tftp://192.168.12.1/config.bak flash:
config.text
Ruijie# copy flash: switch.bin tftp://192.168.12.1/
Command Reference
Upgrade and Maintenance Commands
Config.bak
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
copy tftp ipv6
Use this command to perform the following operations:

Download files: download the specified source files from the TFTP server to the local.

Upload files:upload the local specified source files to the TFTP server.
copy flash: :filename tftp:// location /filename
copy tftp://location/filename flash: filename
Parameter
Description
Parameter
Description
filename
File name
Defaults
N/A
Command
N/A
mode
Usage Guide
N/A
Configuration
The following example downloads the config.text file to the TFTP server.
Examples
Ruijie# copy tftp://[2000::100]/config.text
flash:config.text
Accessing tftp://[2000::100]/config.text...
Success : Transmission success,file length 1496
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
copy xmodem
Upgrade and maintain by using the xmodem protocol or upload and download by using the xmodem
Command Reference
Upgrade and Maintenance Commands
protocol.
copy flash: filename xmodem
copy xmodem flash: filename
Parameter
Description
Parameter
Description
filename
The name of files in the equipment.
Defaults
N/A
Command
Privileged EXEC mode.
mode
Usage Guide
If the file is transmitted successfully, show the length of the transmitted file; otherwise, show the
failure information. Any files can be transmitted by TFTP, such as main program file and parameter
file. The Xmodem can only be transmitted in the out-band (serial ports).
The following shows two examples: The first one transmits the files to the switch from the host via the
xmodem protocol. The second uploads the configuration file in the switch to the host via the xmodem
protocol.
If there is a space in the file name, quotation mask is necessary, for example:
copy xmodeam flash: “filename” or copy flash: ”filename” xmodem
Configuration
The following is an example of upload and download:
Examples
Ruijie# copy xmodem flash: config.text
Ruijie# copy flash: config.text xmodem
Success : Transmission success,file length 1496
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Interface Commands
Interface Commands
carrier-delay
In the interface configuration mode, execute the carrier-delay command to set the carrier delay on
the interface, and the no carrier-delay command to restore it to the default value.
carrier-delay [ seconds ]
no carrier-delay
Parameter
Description
Parameter
Description
seconds
Optional parameter in the range of 1 to 60 seconds
Defaults
The default carrier delay is 2 seconds.
Command
Interface configuration mode
Mode
Usage Guide
This parameter refers to the delay after which the carrier detection signal DCD of the interface link
changes from the Down status to the Up status. If the DCD changes within the delay, the system will
ignore such changes without disconnecting the upper data link layer for renegotiation.
If the DCD carrier is disconnected for a long time, the parameter should be set longer to accelerate
route aggregation so that the routing table can be converged more quickly. On the contrary, if the
DCD carrier interruption period is shorter than the time used for route aggregation, you should set the
parameter to a higher value to avoid unnecessary route vibration.
Configuration
The following example shows how to configure the carrier delay of serial interface to 5 seconds:
Examples
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config)# carrier-delay 5
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
clear counters
Use this command to clear the counters on the specified interface.
clear counters [ interface-id ]
Command Reference
Parameter
Description
Interface Commands
Parameter
Description
interface-id
Interface type and interface ID
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
In the privileged EXEC mode, use the show interfaces command to display the counters or the clear
counters command to clear the counters. If the interface is not specified, the counters on all
interfaces will be cleared.
Configuration
Ruijie# clear counters gigabitethernet 1/1
Examples
Related
Commands
Platform
Command
Description
show interfaces
Show the interface information.
N/A
Description
clear interface
Reset the interface hardware.
clear interface interface-id
Parameter
Description
Parameter
Description
interface-id
Interface type and interface ID
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
This command is only used on the switch port, member port of the L2 Aggregate port, routing port,
and member port of the L3 aggregate port. This command is equal to the shutdown and no
shutdown commands.
Configuration
Examples
Ruijie# clear interface gigabitethernet 1/1
Command Reference
Related
Commands
Platform
Interface Commands
Command
Description
shutdown
Shutdown the interface.
N/A
Description
description
Use this command to set the alias of interface.. Use the no form of the command to restore the
default setting.
description string
no description
Parameter
Description
Parameter
Description
string
Interface alias
Defaults
By default, there is no alias.
Command
Interface configuration mode.
Mode
Usage Guide
Use show interfaces to display the interface information, including the alias.
Configuration
Ruijie(config)# interface gigabitethernet 1/1
Examples
Ruijie(config-if)# description GBIC-1
Related
Commands
Platform
Command
Description
show interfaces
Show the interface information.
N/A
Description
duplex
Use the duplex command in the interface configuration mode to specify the duplex mode for the
interface. Use the no form of the command to restore it to the default setting.
duplex { auto | full | half }
no duplex
Command Reference
Parameter
Description
Interface Commands
Parameter
Description
auto
Self-adaptive full duplex and half duplex
full
Full duplex
half
Half duplex
Defaults
Auto.
Command
Interface configuration mode.
Mode
Usage Guide
The duplex mode is associated with the interface type. Use show interfaces to display the duplex
mode of the interface
Configuration
Ruijie(config-if)# duplex full
Examples
Related
Commands
Platform
Command
Description
show interfaces
Show the interface information.
N/A
Description
interface fastEthernet
Use this command to select a Ethernet interface, and enter the interface configuration mode.
interface fastEthernet mod-num/port-num
Parameter
Description
Parameter
Description
mod-num/port-num
The range depends on the device and the extended module.
Defaults
N/A
Command
Global configuration mode.
Mode
Usage Guide
The no form of the command is not available, and this interface type cannot be deleted. Use show
interfaces or show interfaces fastEthernet to display the interface configurations.
Configuration
Ruijie(config)# interface fastEthernet 1/2
Examples
Ruijie(config-if)#
Command Reference
Related
Commands
Platform
Interface Commands
Command
Description
show interfaces
Show the interface information.
N/A
Description
interface giagbitEthernet
Use this command to select a Gigabit Ethernet interface, and enter the interface configuration mode.
interface gigabitEthernet mod-num/port-num
Parameter
Description
Parameter
Description
mod-num/port-num
The range depends on the device and the extended module.
Defaults
N/A
Command
Global configuration mode.
Mode
Usage Guide
The no form of the command is not available, and this interface type cannot be deleted. Use show
interfaces or show interfaces gigabitEthernet to display the interface configurations.
Configuration
Ruijie(config)# interface gigabitEthernet 1/2
Examples
Ruijie(config-if)#
Related
Commands
Platform
Command
Description
show interfaces
Show the interface information.
N/A
Description
medium-type
Use this command to select the medium type for an interface. Use the no form of the command to
restore it to the default setting.
medium-type { auto-select [ prefer [ fiber | copper ] ] | fiber | copper }
no medium-type
Parameter
Parameter
Description
Command Reference
Interface Commands
Description
fiber
Optical interface.
prefer[fiber| copper]
The preferred medium type for the interface is selected.
auto-select
Auto-select the medium type for the interface.
copper
Copper interface.
Defaults
Copper interface.
Command
Interface configuration (physical interface, except for AP and SVI)
Mode
Usage Guide
If a port can be selected as an optical port or electrical port, you can only select one of them. Once
the media type is selected, the attributes of the port, for example, status, duplex, flow control, and
rate, all mean those of the currently selected media type. After the port type is changed, the attributes
of the new port type take the default values, which can be modified as needed.
Configuration
Ruijie(config)# interface gigabitethernet 1/1
Examples
Ruijie(config-if)# medium-type copeer
Related
Commands
Command
Description
show interfaces
Show the interface information.
Platform
The 12 SFP interfaces of the 24SFP/12GT line cards and 1210/100/1000M BASE-T interfaces allow
Description
for dynamic switching.
The combo interface is not supported to automatically determine whether the current port is the SFP
interface or the 10/100/1000M BASE-T interface.
mtu
Use this command to set the MTU supported on the interface.
mtu num
Parameter
Description
Parameter
Description
num
64 to 9216 (or 65536, which varies by products)
Defaults
By default, the num is 1500.
Command
Interface configuration mode.
Mode
Usage Guide
Set the maximum transmission unit (MTU) supported on the interface.
Command Reference
Interface Commands
Configuration
Ruijie(config)# interface gigabitethernet 1/1
Examples
Ruijie(config-if)# mtu 9216
Related
Commands
Platform
Command
Description
show interfaces
Show the interface information.
N/A
Description
shutdown
Use the shutdown command in the interface configuration mode to disable an interface. Use the no
form of the command to enable a disabled port.
shutdown
no shutdown
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Interface configuration mode
Mode
Usage Guide
Use this command to stop the forwarding on the interface (Gigabit Ethernet interface, Aggregate port
or SVI). You can enable the port with the no shutdown command. If you shut down the interface, the
configuration of the interface exists, but does not take effect. You can view the interface status by
using the show interfaces command.
If you use the script to run no shutdown frequently and rapidly, the system may prompt
the interface status reversal.
Configuration
Shut down Ap 1:
Examples
Ruijie(config)# interface aggregateport 1
Ruijie(config-if)# shutdown
Enable Ap 1:
Ruijie(config)# interface aggregateport 1
Ruijie(config-if)# no shutdown
Command Reference
Related
Commands
Platform
Interface Commands
Command
Description
clear interface
Reset the hardware.
show interfaces
Show the interface information.
N/A
Description
snmp trap link-status
You can set whether to send LinkTrap on a port. If the function is enabled, the SNMP will send the
LinkTrap when the link status of the port changes. The no form of this command prevents the SNMP
from sending the LinkTrap.
snmp trap link-status
no snmp trap link-status
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
This function is enabled. If the link status of the port changes, the SNMP sends the LinkTrap.
Command
Interface configuration mode.
Mode
Usage Guide
For an interface (for instance, Ethernet interface, AP interface, and SVI interface), this command sets
whether to send LinkTrap on the interface. If the function is enabled, the SNMP sends the LinkTrap
when the link status of the interface changes.
Configuration
Do not send LinkTrap on the interface:
Examples
Ruijie(config)# interface gigabitEthernet 1/1
Ruijie(config-if)# no snmp trap link-status
Following configuration shows how to configure the interface to forwarding Link trap:
Ruijie(config)# interface gigabitEthernet 1/1
Ruijie(config-if)# snmp trap link-status
Related
Commands
Platform
Description
Command
Description
snmp trap link-status
Enable sending LinkTrap on the interface.
no snmp trap link-status
Disable sending LinkTrap on the interface.
N/A
Command Reference
Interface Commands
speed
Use this command to configure the speed on the port. Use the no form of the command to restore it to
the default setting.
Parameter
Description
Parameter
Description
10
Means that the transmission rate of the interface is 10Mbps.
100
Means that the transmission rate of the interface is 100Mbps.
1000
Means that the transmission rate of the interface is 1000Mbps.
10G
Means that the transmission rate of the interface is 10Gbps.
auto
Self-adaptive
Defaults
Auto.
Command
Interface configuration mode.
Mode
Usage Guide
If an interface is the member of an aggregate port, the rate of the interface depends on the rate of the
aggregate port. You can set the rate of the interface, but it does not take effect until the interface exits
the aggregate port. Use show interfaces to display configuration. The rate varies by interface types.
For example, you cannot set the rate of a SFP interface to 10M or 100M.
Configuration
Ruijie(config)# interface gigabitethernet 1/1
Examples
Ruijie(config-if)# speed 100
Related
Commands
Platform
Command
Description
show interfaces
Show the interface information.
N/A
Description
show interfaces
Use this command to show the interface information and optical module information.
show interfaces [interface-id] [counters | description | status | switchport | trunk | transceiver
[alarm | diagnosis] | mtu | usage]
Parameter
Description
Parameter
interface-id
Description
Interface (including Ethernet interface, aggregate port, SVI or
loopback interface).
Command Reference
Interface Commands
counters
The counters on the interface.
description
The description of the interface, including the link status.
status
All the link status of the Layer 2 interface, including the rate and
duplex.
switchport
Layer 2 interface information.
trunk
Trunk port, applicable for physical port and aggregate port.
transceiver
Basic optical module information.
alarm
Alarm information of the optical module. The “None” is displayed
when no fault exists.
diagnosis
Diagnosis parameter value of the optical module.
line-detect
Line detecting status of the port.
mtu
Show the value of MTU on the interface.
usage
Show the bandwidth usage of the interface.
Defaults
Show all the information.
Command
Privileged EXEC mode.
Mode
Usage Guide
Show the basic information if no parameter is specified.
The functions of showing the optical module information, alarming the fault and diagnosing the
parameters shall be used combining with the optical module of the RG network.
To show the optical module and alarm the fault and diagnose the parameters, the function of Digital
Diagnostic Monitoring must be supported by the optical module.
Configuration
The follow example shows the interface information when the Gi0/1 is Trunk port:
Examples
SwitchA#show interfaces gigabitEthernet 0/1
Index(dec):1 (hex):1
GigabitEthernet 0/1 is DOWN , line protocol is DOWN
Hardware is Broadcom 5464 GigabitEthernet
Interface address is: no ip address
MTU 1500 bytes, BW 1000000 Kbit
Encapsulation protocol is Bridge, loopback not set
Keepalive interval is 10 sec , set
Carrier delay is 2 sec
RXload is 1 ,Txload is 1
Queueing strategy: FIFO
Output queue 0/0, 0 drops;
Input queue 0/75, 0 drops
Switchport attributes:
interface's description:""
medium-type is copper
lastchange time:0 Day: 0 Hour: 0 Minute:13 Second
Priority is 0
Command Reference
Interface Commands
admin duplex mode is AUTO, oper duplex is Unknown
admin speed is AUTO, oper speed is Unknown
flow receive control admin status is OFF,flow send control admin status is
OFF,flow receive control oper status is Unknown,flow send control oper status
is Unknown
broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm
Control is OFF
Port-type: trunk
Native vlan:1
Allowed vlan lists:1-4094
Active vlan lists:1, 3-4
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer, 0 dropped
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
0 packets output, 0 bytes, 0 underruns , 0 dropped
0 output errors, 0 collisions, 0 interface resets
The following example shows the interface information when the Gi0/1 is Access port:
SwitchA#show interfaces gigabitEthernet 0/1
Index(dec):1 (hex):1
GigabitEthernet 0/1 is DOWN , line protocol is DOWN
Hardware is Broadcom 5464 GigabitEthernet
Interface address is: no ip address
MTU 1500 bytes, BW 1000000 Kbit
Encapsulation protocol is Bridge, loopback not set
Keepalive interval is 10 sec , set
Carrier delay is 2 sec
RXload is 1 ,Txload is 1
Queueing strategy: FIFO
Output queue 0/0, 0 drops;
Input queue 0/75, 0 drops
Switchport attributes:
interface's description:""
medium-type is copper
lastchange time:0 Day: 0 Hour: 0 Minute:13 Second
Priority is 0
admin duplex mode is AUTO, oper duplex is Unknown
admin speed is AUTO, oper speed is Unknown
flow receive control admin status is OFF,flow send control admin status
is OFF,flow receive control oper status is Unknown,flow send control oper status
is Unknown
broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm
Command Reference
Interface Commands
Control is OFF
Port-type: access
Vlan id : 2
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer, 0 dropped
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
0 packets output, 0 bytes, 0 underruns , 0 dropped
0 output errors, 0 collisions, 0 interface resets
The following example shows the layer-2 interface information when the Gi0/1 is Hybrid port.
SwitchA#show interfaces gigabitEthernet 0/1
Index(dec):1 (hex):1
GigabitEthernet 0/1 is DOWN , line protocol is DOWN
Hardware is Broadcom 5464 GigabitEthernet
Interface address is: no ip address
MTU 1500 bytes, BW 1000000 Kbit
Encapsulation protocol is Bridge, loopback not set
Keepalive interval is 10 sec , set
Carrier delay is 2 sec
RXload is 1 ,Txload is 1
Queueing strategy: FIFO
Output queue 0/0, 0 drops;
Input queue 0/75, 0 drops
Switchport attributes:
interface's description:""
medium-type is copper
lastchange time:0 Day: 0 Hour: 0 Minute:13 Second
Priority is 0
admin duplex mode is AUTO, oper duplex is Unknown
admin speed is AUTO, oper speed is Unknown
flow receive control admin status is OFF,flow send control admin status
is OFF,flow receive control oper status is Unknown,flow send control oper status
is Unknown
broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm
Control is OFF
Port-type: hybrid
Tagged vlan id:2
Untagged vlan id:none
5 minutes input rate 0 bits/sec, 0 packets/sec
5 minutes output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer, 0 dropped
Received 0 broadcasts, 0 runts, 0 giants
Command Reference
Interface Commands
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort
0 packets output, 0 bytes, 0 underruns , 0 dropped
0 output errors, 0 collisions, 0 interface resets
The following example shows the layer-2 information of the Gi0/1.
Ruijie# show interfacesgigabitEthernet 0/1 switchport
Interface Switchport ModeAccess Native Protected VLAN lists
--------- ---------- --------- ------ ------ --------GigabitEthernet 0/1 enabled Access 11 Disabled ALL
The following example shows the MTU information on the interface GigabitEthernet 1/1.
Ruijie#show interfaces GigabitEthernet 1/1 mtu
interface
------------------GigabitEthernet 1/1
MTU
------1500
The following example shows the bandwidth usage on the interface GigabitEthernet 1/1.
Ruijie#show interfaces GigabitEthernet 1/1 usage
Related
Commands
Interface
Bandwidth
Bandwidth Usage
-------------------
---------------
----------------
GigabitEthernet 1/1
1,000,000 Kbit
20%
Command
Description
duplex
Duplex
flowcontrol
Flow control status.
interface gigabitEthernet
interface aggregateport
Select the interface and enter the interface
configuration mode.
Create or access the aggregate port, and enter
the interface configuration mode.
Create or access the switch virtual interface
interface vlan
(SVI), and enter the interface configuration
mode.
Platform
Description
shutdown
Disable the interface.
speed
Configure the speed on the port.
switchport priority
Configure the default 802.1q interface priority.
switchport protected
Specify the interface as a protected port.
N/A
Command Reference
MAC Address Commands
MAC Address Commands
address-bind ipv6-mode
Use this command to set the IP mode of address binding. Use the no form of this command to delete
the configuration.
Set the IP mode to the compatible mode.
address-bind ipv6-mode compatible
Set the IP mode to the loose mode.
address-bind ipv6-mode loose
Set the IP mode to the strict mode.
address-bind ipv6-mode strict
no address-bind ipv6-mode
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
Strict mode
Command
Global configuration mode.
Mode
Usage Guide
There are three IP address binding modes: compatible, loose and strict. The following table shows
the forwarding rule corresponding to each binding mode.
Mode
IPv4 forwarding rule
Strict
Only the packets matching IPv4 and MAC are forwarded.
Loose
Only the packets matching IPv4 and MAC are forwarded.
compatible
Only the packets matching IPv4 and MAC are forwarded.
Mode
IPv4 forwarding rule
Strict
No IPv6 packets are forwarded. (Default)
Loose
All IPv6 packets are forwarded.
compatible
Only the IPv6 packets whose source MAC addresses are
bound MAC addresses are forwarded.
Command Reference
MAC Address Commands
Configuration
The following example binds the IP address 192.168.5.2 and the MAC address 00do.f822.33aa and
Examples
forward the corresponding packets:
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# address-bind 192.168.5.2 00d0.f822.33aa
Ruijie(config)# address-bind ipv6-mode compatible
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
clear mac-address-table dynamic
Use this command to clear the dynamic MAC address.
clear mac-address-table dynamic [ address mac-addr [ interface interface-id ] [ vlan vlan-id ]
Parameter
Parameter
Description
Description
dynamic
Clear all the dynamic MAC addresses.
address mac-addr
Clear the specified dynamic MAC address.
interface interface-id
Clear all the dynamic MAC addresses of the specified interface.
vlan vlan-id
Clear all the dynamic MAC addresses of the specified VLAN.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Use the show mac-address-table dynamic command to display all the dynamic MAC addresses.
Configuration
The following example clears all the dynamic MAC addresses:
Examples
Ruijie# clear mac-address-table dynamic
Related
Command
Description
Commands
show mac-address-table dynamic
Use this command to display dynamic MAC address.
Platform
N/A
Description
mac-address-table aging-time
Use this command to specify the aging time of the dynamic MAC address. Use the no form of the
Command Reference
MAC Address Commands
command to restore the default value.
mac-address-table aging-time seconds
no mac-address-table aging-time
Parameter
Description
Parameter
Description
Aging time of the dynamic MAC address, in seconds. The
seconds
Defaults
300 seconds.
Command
Global configuration mode.
time range varies with switches.
Mode
Usage Guide
Use the show mac-address-table aging-time command to display configuration.
Use the show mac-address-table dynamic command to display the dynamic MAC address table.
Configuration
Ruijie(config)# mac-address-table aging-time 150
Examples
Related
Command
Description
Commands
show mac-address-table aging-time
Display the aging time of the dynamic MAC address.
show mac-address-table dynamic
Display the dynamic MAC address table.
Platform
N/A
Description
mac-address-table filtering
Use this command to configure the MAC address to be filtered. Use the no form of the command to
remove the configuration.
mac-address-table filtering mac-address vlan vlan-id [ source | destination ]
no mac-address-table filtering mac-address vlan vlan-id
Parameter
Parameter
Description
Description
mac-address
MAC address to be filtered
vlan vlan-id
VLAN ID. Its range varies with switches.
source
Filter frames based on the source MAC address only.
destination
Filter frames based on the destination MAC address only.
Defaults
No filtered address is configured by default.
When this command is configured without the source or destination specified, the frame received in
the specified VLAN, which has the same source or destination MAC address with the specified MAC
address, will be filtered.
Command Reference
Command
MAC Address Commands
Global configuration mode.
Mode
Usage Guide
The filtered MAC address shall not be a multicast address. Use show mac-address-table filtering to
display the filtered MAC addresses.
Configuration
Ruijie(config)# mac-address-table filtering 00d0f8000000 vlan 1
Examples
Related
Command
Description
Commands
clear mac-address-table filtering
Clear the MAC address filtering table
show mac-address-table filtering
Show the configuration of the address filtering table.
Platform
N/A
Description
mac-address-table notification
Use this command to enable the MAC address notification function. Use the no form of the command
to disable this function.
mac-address-table notification [ interval value | history-size value ]
no mac-address-table notification [interval | history-size ]
Parameter
Description
Parameter
interval value
history-size value
Defaults
Description
Specify the interval of sending the MAC address trap message,
1 second by default.
Specify the maximum number of the entries in the MAC
address notification table, 50 entries by default.
By default, the interval is one second and the maximum number of the entries in the MAC address
notification table is 50.
Command
Global configuration mode.
Mode
Usage Guide
The MAC address notification function is specific for only dynamic MAC address and secure MAC
address. No MAC address trap message is generated for static MAC addresses. In the global
configuration mode, you can use the snmp-server enable traps mac-notification command to
enable or disable the switch to send the MAC address trap message.
Configuration
Ruijie(config)# mac-address-table notification
Examples
Ruijie(config)# mac-address-table notification interval 40
Ruijie(config)# mac-address-table notification history-size 100
Command Reference
MAC Address Commands
Related
Command
Description
Commands
snmp-server enable traps
Set the method of handling the MAC address trap message..
show mac-address-table
Show the MAC address notification configuration and the MAC
notification
address trap notification table.
snmp trap mac-notification
Platform
Enable the MAC address trap notification function on the
specified interface.
N/A
Description
mac-address-table static
Use this command to configure a static MAC address. Use the no form of the command to remove a
static MAC address.
mac-address-table static mac-addr vlan vlan-id interface interface-id
no mac-address-table static mac-addr vlan vlan-id interface interface-id
Parameter
Parameter
Description
Description
mac-addr
Destination MAC address of the specified entry
vlan-id
VLAN ID of the specified entry.
interface-id
Interface (physical interface or aggregate port) that packets are forwarded to
Defaults
No static MAC address is configured by default.
Command
Global configuration mode.
Mode
Usage Guide
A static MAC address has the same function as the dynamic MAC address that the switch learns.
Compared with the dynamic MAC address, the static MAC address will not be aged out. It can only be
configured and removed by manual. Even if the switch is reset, the static MAC address will not be
lost. A static MAC address shall not be configured as a multicast address. Use the show
mac-address-table static command to show the configuration of the static MAC address table. Use
the clear mac-address-table static command to clear the settings to the static address table.
Configuration
When the packet destined to 00d0 f800 073c arrives at VLAN4, it will be forwarded to the specified
Examples
port gigabitethernet 1/1:
Ruijie(config)# mac-address-table static 00d0.f800.073c vlan 4 interface gigabitethernet 1/1
Related
Command
Description
Commands
show mac-address-table static
Show the configuration of the static address table.
clear mac-address-table static
Clear the settings to the static address table.
Command Reference
Platform
MAC Address Commands
N/A
Description
show address-bind
Use this command to show IP address-MAC address binding.
show address-bind
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show address-bind
Examples
IP Address
Binding MAC Addr
------------
-----------------
3.3.3.3
00d0.f811.1112
3.3.3.4
00d0.f811.1117
Related
Command
Description
Commands
address-bind
Enable IP address-MAC address binding.
Platform
N/A
Description
show address-bind uplink
Use this command to show the uplink port.
show address-bind uplink
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
N/A
mode
Command Reference
MAC Address Commands
Usage Guide
N/A
Configuration
Ruijie# show address-bind uplink
Examples
Ports
State
------------ -----Fa0/1
Disabled
Fa0/2
Disabled
……
Related
Command
Description
Commands
address-bind uplink
Set the uplink port.
Platform
N/A
Description
show mac-address-table address
Use this command to show all types of MAC addresses (including dynamic address, static address
and filtering address)
show mac-address-table [ address mac-addr ] [ interface interface-id ] [ vlan vlan-id ]
Parameter
Parameter
Description
Description
address mac-addr
Specified MAC address.
interface interface-id
Interface ID
vlan vlan-id
VLAN ID
Defaults
N/A
Command
Privileged EXEC mode.
mode
Usage Guide
N/A
Configuration
Ruijie# show mac-address-table address 00d0.f800.1001
Examples
Vlan
MAC Address
Type
Interface
---------- -------------------- -------1
00d0.f800.1001
STATIC
Gi1/1
Related
Command
Description
Commands
show mac-address-table static
Show the static MAC address.
show mac-address-table filtering
Show the filtering MAC address.
show mac-address-table dynamic
Show the dynamic MAC address.
show mac-address-table interface
Show all types of MAC addresses of the specified interface
Command Reference
Platform
MAC Address Commands
show mac-address-table vlan
Show all types of MAC addresses of the specified VLAN
show mac-address-table count
Show the address counts in the MAC address table.
show mac-address-table static
Show the static MAC address.
show mac-address-table filtering
Show the filtering MAC address.
N/A
Description
show mac-address-table aging-time
Use this command to display the aging time of the dynamic MAC address.
show mac-address-table aging-time
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Configuration
Ruijie# show mac-address-table aging-time
Examples
Aging time
Related
Command
Description
Commands
mac-address-table aging-time
Specify the aging time of the dynamic MAC address.
Platform
N/A
: 300
Description
show mac-address-table count
This command is used to display the number of address entries in the address table.
show mac-address-table count [interface interface-id | vlan vlan-id]
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Command Reference
MAC Address Commands
Mode
Usage Guide
N/A
Configuration
Ruijie# show mac-address-table count
Examples
Dynamic Address Count : 51
Static Address Count : 0
Filter Address Count : 0
Total Mac Addresses
: 51
Total Mac Address Space Available: 8139
Related
Command
Description
Commands
show mac-address-table static
Display the static address.
show mac-address-table filtering
Display the filtering address.
show mac-address-table dynamic
Display the dynamic address.
Display all the address information of the specified
show mac-address-table address
address.
Display all the address information of the specified
show mac-address-table interface
interface.
Display all the address information of the specified vlan.
show mac-address-table vlan
Platform
N/A
Description
show mac-address-table dynamic
Use this command to show the dynamic MAC address.
show mac-address-table dynamic [ address mac-add r] [ interface interface-id ] [ vlan vlan-id ]
Parameter
Parameter
Description
Description
mac-addr
Destination MAC address of the entry
vlan-id
VLAN of the entry
interface-id
Interface that the packet is forwarded to.
It may be a physical port or an aggregate port
Defaults
All the MAC addresses are displayed by default.
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show mac-address-table dynamic
Command Reference
Examples
MAC Address Commands
Vlan
MAC Address
Type
Interface
------------------------- -------- ------------------1
0000.0000.0001
DYNAMIC gigabitethernet 1/1
1
0001.960c.a740
DYNAMIC gigabitethernet 1/1
1
0007.95c7.dff9
DYNAMIC gigabitethernet 1/1
1
0007.95cf.eee0
DYNAMIC gigabitethernet 1/1
1
0007.95cf.f41f
DYNAMIC gigabitethernet 1/1
1
0009.b715.d400
DYNAMIC gigabitethernet 1/1
1
0050.bade.63c4
DYNAMIC gigabitethernet 1/1
Related
Command
Description
Commands
clear mac-address-table dynamic
Clear the dynamic MAC address.
Platform
N/A
Description
show mac-address-table filtering
Use this command to show the filtering MAC address.
show mac-address-table filtering [ ddr mac-addr ] [ vlan vlan-Id ]
Parameter
Parameter
Description
Description
mac-addr
Destination MAC address of the entry
vlan-id
VLAN ID of the entry
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show mac-address-table filtering
Examples
Vlan
MAC Address
Type
Interface
------- ----------------- ------- ----------1
0000.2222.2222
Related
Command
Commands
clear
FILTER Not available
Description
mac-address-table
filtering
mac-address-table filtering
Platform
Description
N/A
Clear the address filtering table.
Set the address filtering table.
Command Reference
MAC Address Commands
show mac-address-table interface
Use this command to show the dynamic MAC address management and learning mode.
show mac-address-table mac-manage-learning
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show mac-address-table mac-manage-learning
Examples
######MAC manage-learning
running mode: uniform
configuration mode: uniform
dynamic address learning-synchronization: off.
Related
Commands
Command
mac-manage-learing uniform
Set the dynamic MAC address management and learning
mode to uniform mode.
mac-manage-learning uniform
Set synchronization of the dynamic MAC addresses of the
learning-synchronization
entire switch. .
mac-manage-learning dispersive
Platform
Description
Set the dynamic MAC address management and learning
mode to dispersive mode.
N/A
Description
show mac-address-table notification
Use this command to show the MAC address notification configuration and the MAC address
notification table.
show mac-address-table notification [ interface [ interface-id ] | history ]
Parameter
Parameter
Description
interface interface-id
history
Description
Interface ID. Show the MAC address notification configuration
on the interface.
Show the MAC address notification history.
Command Reference
MAC Address Commands
Defaults
The MAC address notification configuration is shown by default.
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show mac-address-table notification interface
Examples
Interface
MAC Added Trap MAC Removed Trap
---------
--------------
GigabitEthernet1/14
--------------
Disabled
Disabled
Ruijie# show mac-address-table notification
MAC Notification Feature: Disabled
Interval between Notification Traps: 1 secs
Maximum Number of entries configured in History Table:1
Current History Table Length: 0
Ruijie# show mac-address-table notification history
History Index: 0
MAC Changed Message:
Operation:ADD Vlan: 1 MAC Addr: 00f8.d012.3456 GigabitEthernet 3/1
Related
Command
Description
Commands
mac-address-table notification
Enable MAC address notification.
snmp trap mac-notification
Platform
Enable the MAC address trap notification function on the
specified interface.
N/A
Description
show mac-address-table static
Use this command to show the static MAC address.
show mac-address-table static [addr mac-add r] [ interface interface-Id ] [ vlan vlan-id ]
Parameter
Parameter
Description
Description
mac-addr
Destination MAC address of the entry
vlan-id
VLAN ID of the entry
interface-id
Interface of the entry physical interface or aggregate port
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Command Reference
MAC Address Commands
Usage Guide
N/A
Configuration
Show only static MAC addresses
Examples
Ruijie# show mac-address-table static
Vlan
MAC Address
Type
Interface
---------- -------------------- -------- --------1
00d0.f800.1001
STATIC
gigabitethernet 1/1
1
00d0.f800.1002
STATIC
gigabitethernet 1/1
1
00d0.f800.1003
STATIC
gigabitethernet 1/1
Related
Command
Description
Commands
mac-address-table static
Configure the static MAC address.
clear mac-address-table static
Clear the static addresses.
Platform
N/A
Description
show mac-address-table vlan
Use this command to display all addresses of the specified VLAN.
show mac-address-table vlan [vlan-id]
Parameter
Parameter
Description
Description
vlan-id
VLAN ID
Defaults
-
Command
Privileged mode
Mode
Usage Guide
-
Configuration
Ruijie# show mac-address-table vlan 1
Examples
Vlan
MAC Address
----- -------------
Type
Interface
------- ------------------
1
00d0.f800.1001
STATIC
gigabitethernet 1/1
1
00d0.f800.1002
STATIC
gigabitethernet 1/1
1
00d0.f800.1003
STATIC
gigabitethernet 1/1
Related
Command
Description
Commands
show mac-address-table static
This command is used to display static addresses.
show mac-address-table filtering
This command is used to display filtered addresses.
show mac-address-table dynamic
This command is used to display dynamic addresses.
Command Reference
show mac-address-table address
show mac-address-table interface
show mac-address-table count
Platform
MAC Address Commands
This command is used to display all address information
about the specified address.
This command is used to display all address information
about the specified interface.
This command is used to display the number of addresses
in the address table.
-
Description
snmp trap mac-notification
Use this command to enable the MAC address trap notification on the specified interface. You can
use The no form of the command to disable this function.
snmp trap mac-notification { added | removed }
no snmp trap mac-notification { added | removed }
Parameter
Parameter
Description
Description
added
Notify when a MAC address is added.
removed
Notify when a MAC address is removed
Defaults
Disabled.
Command
Interface configuration mode.
Mode
Usage Guide
Use show mac-address-table notification interface to display configuration.
Configuration
Ruijie(config)# interface gigabitethernet 1/1
Examples
Ruijie(config-if)# snmp trap mac-notification added
Related
Command
Description
Commands
mac-address-table notification
Enable MAC address notification.
show mac-address-table
Show the MAC address notification configuration and the MAC
notification
address notification table.
Platform
Description
N/A
Command Reference
VLAN Commands
VLAN Commands
vlan
Use this command to enter vlan configuration mode. Use the no form of this command to delete vlan.
vlan vlan-id
no vlan vlan-id
Parameter
Description
Parameter
Description
vlan-id
VLAN ID.
Note: The default VLAN 1 cannot be deleted.
Defaults
N/A
Command
Global configuration mode
Mode
Usage Guide
Execute the end command or press Ctrl+C to return to priviledged EXEC mode.
Execute the exit command to returen to global configuration mode.
Configuration
Ruijie(config)# vlan 1
Examples
Ruijie(config-vlan)#
Related
Commands
Platform
Description
Command
Description
show vlan
Displays VLAN member ports information.
N/A
Command Reference
IP Address Commands
IP Address Commands
ip-address
Use this command to configure the IP address of an interface. Use the no form of this command to
delete the IP address of the interface.
ip address ip-address network-mask [ secondary ] | [ gateway ip-address ]
no ip address [ip-address network-mask [ secondary ] | [ gateway ] ]
Parameter
Description
Parameter
ip-address
Description
32-bit IP address, which comprises multiple groups of 8 bits in
decimal format. Groups are separated by dots.
32-bit network mask, which comprises multiple groups of 8 bits in
network-mask
decimal format. 1 stands for the mask bit, and 0 stands for the
host bit. Groups are separated by dots.
secondary
Indicates the secondary IP address that has been configured.
Configures the gateway address for the Layer-2 switch. The
gateway ip-address
gateway address is only supported on Layer-2 switches. No
address follows the gateway parameter when using the no form of
this command.
Defaults
No IP address is configured for the interface.
Command
Interface configuration mode
Mode
Usage Guide
The device cannot receive and send IP packets before it is configured with an IP address. After an IP
address is configured for the interface, the interface is allowed to run the Internet Protocol (IP).
The network mask is also a 32-bit value that identifies which bits of the IP address is the network
address portion. Among the network mask, the IP address bits set to 1s are the network address
portion. The IP address bits that set to 0s are the host address. For example, the network mask of a
Class A IP address is 255.0.0.0. You can divide a network into different subnets using the network
mask. Subnet division means to use the bits in the host address as the network address portion, so
as to reduce the capacity of a host and increase the number of networks. In this case, the network
mask is called a subnet mask.
The RGOS software supports multiple IP addresses for an interface. One is the primary IP address
and the others are secondary IP addresses. Theoretically, there is no limit on the number of
secondary IP addresses. The primary IP address, however, must be configured before the secondary
IP addresses are configured. The secondary IP addresses and the primary IP address must belong
Command Reference
IP Address Commands
to different networks, and different secondary IP addresses must also belong to different networks.
Secondary IP addresses are often used in network construction. Typically, you can try to use
secondary IP addresses in the following situations:
A network does not have enough host addresses. At present, a LAN should be a class C network
where 254 hosts can be configured. However, when there are more than 254 hosts in the LAN,
another class C network address is necessary since one class C network is not enough. Therefore,
the device should be connected to two networks and multiple IP addresses should be configured.
Many older networks are L2-based bridge networks that have not been divided into different subnets.
Use of secondary IP addresses will make it very easy to upgrade this network to an IP layer-based
routing network. The equipment is configured with an IP address for each subnet.
Two subnets of a network are separated by another network. You can create a subnet for the
separated network, and connect the separated subnet by configuring a secondary IP address. One
subnet cannot appear on two or more interfaces of a device.
In general, the Layer-2 switch is configured with a default gateway by using the ip default-gateway
command. Sometimes the Layer-2 switch may be managed through Telnet, and the management IP
address and default gateway of the Layer-2 switch need to be modified. In this case, after configuring
either of the ip address and ip default-gateway commands, the other command cannot be
configured any more due to the configuration change which causes a failure to access this device
through the network. So you need to use the keyword gateway in the ip address command to modify
both the management IP address and the default gateway. The keyword gateway is not in the output
of the show running config command but in the output of the ip default-gate command.
Configuration
The following example sets the primary IP address to 10.10.10.1, and the network mask to
Examples
255.255.255.0.
ip address 10.10.10.1 255.255.255.0
The following example sets the default gateway to 10.10.10.254.
ip address 10.10.10.1 255.255.255.0 gateway 10.10.10.254
Related
Commands
Command
show interface
Description
Shows
detailed
information
about
the
interface.
Platform
For the Layer 2 switch, the IP address can be configured only for a Layer 3 interface. The Level-2
Description
address is not supported, that is, the secondary IP address option is unavailable.
The keyword gateway is only supported by Layer-2 switches.
Command Reference
IP Address Commands
ip unnumbered
Use this command to configure an unnumbered interface. After an interface is configured as an
unnumbered interface, it is allowed to run the IP protocol and can receive and send IP packets. Use
the no form of this command to cancel this configuration.
ip unnumbered interface-type interface-number
no ip unnumbered
Parameter
Description
Parameter
Description
interface-type
Interface type
interface-number
Interface number
Defaults
No unnumbered interface is configured.
Command
Interface configuration mode
Mode
Usage Guide
An unnumbered interface is an interface on which IP is enabled but no IP address is assigned to it.
The unnumbered interface should be associated to an interface with an IP address. The source IP
address of the IP packet generated by an unnumbered interface is the IP address of the associated
interface. In addition, the routing protocol process determines whether to send route update packets
to an unnumbered interface according to the IP address of the associated interface. The following
restrictions apply when an unnumbered interface is used:
(1) An Ethernet interface cannot be configured as an unnumbered interface.
(2) A serial interface can be configured as an unnumbered interface when it is encapsulated with
SLIP, HDLC, PPP, LAPB and Frame Relay. However, when Frame Relay is used for encapsulation,
only the point-to-point interface can be configured as an unnumbered interface. X.25 encapsulation
does not allow configuration as an unnumbered interface.
(3) You cannot detect whether an unnumbered interface works normally using the ping command,
because no IP address is configured for the unnumbered interface. However, the status of the
unnumbered interface can be monitored remotely using SNMP.
(4) The network cannot be started using an unnumbered interface.
Configuration
The following example configures the local interface as an unnumbered interface, and sets the
Examples
associated interface to the FE interface 0/1. An IP address must be configured for the associated
interface.
ip unnumbered fastEthernet 0/1
Related
Commands
Command
Description
show interface
Shows detailed information about the interface.
Command Reference
Platform
IP Address Commands
This command is not supported on Layer 2 switches.
Description
arp
Use this command to add a permanent IP-MAC address mapping to the ARP cache table. Use the no
form of this command to delete the static MAC address mapping.
arp [ vrf name ] ip-address MAC-address type
no arp [ vrf name ] ip-address
Parameter
Description
Parameter
vrf name
Description
Specifies the VRF instance. The name parameter indicates the name
of the VRF instance.
The IP address that corresponds to the MAC address. It
ip-address
comprises four groups of numeric values in decimal format
separated by dots.
MAC-address
type
48-bit data link layer address
ARP encapsulation type. The keyword is arpa for Ethernet
interfaces.
Defaults
There is no static mapping record in the ARP cache table.
Command
Global configuration mode
Mode
Usage Guide
RGOS finds the 48-bit MAC address according to the 32-bit IP address using the ARP cache table.
Since most hosts support dynamic ARP resolution, usually static ARP mapping is not necessary. The
clear arp-cache command can be used to delete the ARP mapping that is learned dynamically.
Configuration
The following example sets an ARP static mapping record for an Ethernet host.
Examples
arp 1.1.1.1 4e54.3800.0002 arpa
Related
Commands
Platform
Description
Command
Description
clear arp-cache
Clears the ARP cache table
N/A
Command Reference
IP Address Commands
arp anti-ip-attack
For a message that hits a directly-connected route, if the switch does not learn the ARP entry that
corresponds to the destination IP address, the switch is not able to forward the message via hardware
and needs to send the message to the CPU to parse the address. This process is called ARP
learning. Sending a large number of such messages to the CPU, however, will influence the other
tasks of the switch. To prevent the IP messages from attacking the CPU, a discard entry is set to the
hardware during address resolution, so that all sequential messages with that destination IP address
are not sent to the CPU at all. After the address resolution, the entry is updated to the forwarding
status, so that the switch can forward the messages with that destination IP address via hardware.
In general, during the ARP request ,if the switch CPU receives three destination IP address
messages that hit the ARP entry, the switch considers that there is possibility to attack the CPU and
thus sets a discard entry to prevent unknown unicast messages from attacking the CPU. Users can
set the num parameter of this command to decide whether it attacks the CPU in the specific network
environment or disable this function. Use the arp anti-ip-attack num command to set the parameter
or disable this function. Use the no form of this command to restore the num parameter to the default
value 3.
arp anti-ip-attack num
no arp anti-ip-attack
Parameter
Description
Parameter
Description
The number of IP messages to trigger the ARP to set a discard entry.
num
The value ranges from 0 to 100. 0 stands for disabling the ARP
anti-IP-attack function.
Defaults
The switch sets a discarded entry after three unknown unicast messages are sent to the CPU.
Command
Global configuration mode
Mode
Usage Guide
The ARP anti-IP-attack function will occupy the switch hardware routing resources when the switch is
attacked by unknown unicast messages. If there are enough resources, you can set the num
parameter in the arp anti-ip-attack to a smaller value. If not, in order to first ensure normal routing,
you can set the num parameter to a larger value or simply disable this function.
Configuration
The following example sets the number of IP messages that will trigger ARP to set a discard entry to.
Examples
Ruijie(config)# arp anti-ip-attack 5
The following example disables the ARP anti-IP-attack function.
Ruijie(config)# arp anti-ip-attack 0
Related
Command
Description
Command Reference
IP Address Commands
Commands
N/A
Platform
N/A
This command is supported on Layer 3 switches.
Description
arp gratuitous-send interval
Use this command to set the interval of sending free ARP request messages on an interface. Use the
no form of this command to disable this function on the interface.
arp gratuitous-send interval seconds
no arp gratuitous-send
Parameter
Description
Parameter
seconds
Description
The time interval in seconds for sending free ARP request messages
in the range from 1 to 3600
Defaults
Periodically sending free ARP request messages is disabled on an interface.
Command
Interface configuration mode
Mode
Usage Guide
If a network interface of the switch is used as the gateway of its downlink devices but a downlink
device pretends to be the gateway, you can configure the function to send free ARP request
messages regularly on this interface to notify that the switch is the real gateway.
Configuration
The following example sets the interval for sending free ARP request messages to SVI 1 to 1 second.
Examples
Ruijie(config)# interface vlan 1
Ruijie(config-if)# arp gratuitous-send interval 1
The following example disables the function of sending free ARP request messages to SVI 1.
Ruijie(config)# interface vlan 1
Ruijie(config-if)# no arp gratuitous-send
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
IP Address Commands
arp retry interval
Use this command to set the interval for sending ARP request messages locally, namely, the time
interval between two continuous ARP requests sent for parsing one IP address. Use the no form of
this command to restore the default value, that is, retry an ARP request per second.
arp retry interval seconds
no arp retry interval
Parameter
Description
Parameter
Description
Time interval in seconds for retrying ARP request messages in the
seconds
range from 1 to 3600
1 second by default
Defaults
The retry interval of ARP requests is 1 second.
Command
Global configuration mode
Mode
Usage Guide
The switch sends ARP request messages frequently, thus causing problems like network congestion.
In this case, you can set the retry interval of ARP request messages to a larger value. In general, it
should not exceed the aging time of dynamic ARP entries.
Configuration
The following example sets the retry interval of ARP request messages to 30 seconds.
Examples
arp retry interval 30
Related
Commands
Platform
Command
Description
arp retry times number
Sets the retry times of ARP request messages.
N/A
Description
arp retry times
Use this command to set the local retry times of ARP request messages, namely, the times of
sending ARP request messages to parse one IP address. Use the no form of this command to
restore the default settings (five ARP requests).
arp retry times number
no arp retry times
Parameter
Description
Parameter
Description
Command Reference
IP Address Commands
The times of sending the same ARP request in the range from 1 to
number
100. 1 indicates that the ARP request is not retransmitted but only
one ARP request message is sent.
Defaults
If the ARP response message is not received, the ARP request message will be sent for 5 times, and
then timeout occurs.
Command
Global configuration mode
Mode
Usage Guide
The switch sends ARP request messages frequently, thus causing problems like network congestion.
In this case, you can set the retry times of ARP request messages to a smaller value. In general, the
retry times should not be set to an excessively large value.
Configuration
The following example sets the retry times of local ARP request messages to 1.
Examples
arp retry times 1
The following example sets the retry times of local ARP request messages to 2.
arp retry times 2
Related
Commands
Command
Description
Sets
arp retry interval seconds
Platform
the
retry
interval
of
ARP
request
messages.
N/A
Description
arp timeout
Use this command to configure the timeout for ARP static mapping records in the ARP cache. Use
the no form of this command to restore the default settings.
arp timeout seconds
no arp timeout
Parameter
Description
Parameter
Description
seconds
The timeout in seconds ranging from 0 to 2147483
Defaults
The default timeout is 3600 seconds.
Command
Interface configuration mode
Mode
Command Reference
Usage Guide
IP Address Commands
The ARP timeout setting is only applicable to the IP and MAC address mapping records that are
learned dynamically. The shorter the timeout, the truer the mapping table saved in the ARP cache,
but the more network bandwidth occupied by ARP. Therefore, weight the advantages and
disadvantages of ARP timeout before using it. Generally you do not need to configure the ARP
timeout unless specially required.
Configuration
The following example sets the timeout for dynamic ARP mapping records that are learned
Examples
dynamically from FE port 0/1 to 120 seconds.
interface fastEthernet 0/1
arp timeout 120
Related
Commands
Platform
Command
Description
clear arp-cache
ClearS the ARP cache table.
show interface
Shows interface information.
N/A
Description
arp unresolve
Use this command to configure the maximum number of unresolved ARP entries. Use the no form of
this command to restore the default value 8192.
arp unresolve number
no arp unresolve
Parameter
Description
Parameter
number
Description
The maximum number of unresolved ARP entries in the range from 1
to 8192. The default value is 8192.
Defaults
The ARP cache table can contain up to 8192 unresolved entries.
Command
Global configuration mode
Mode
Usage Guide
If there are a large number of unresolved entries in the ARP cache table and they do not disappear
after a period of time, use this command to limit the number of unresolved entries.
Configuration
The following example sets the maximum number of unresolved entries to 500.
Command Reference
Examples
Related
Commands
Platform
IP Address Commands
arp unresolve 500
Command
Description
N/A
N/A
N/A
Description
ip proxy-arp
Use this command to enable the proxy ARP function on the interface. Use the no form of this
command to disable the proxy ARP function.
ip proxy-arp
no ip proxy-arp
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
The proxy ARP function is disabled on L3 switches of 10.2(3) and later versions, but enabled on
routers.
Command
Interface configuration mode
Mode
Usage Guide
Proxy ARP helps hosts without routing information to obtain MAC addresses of other networks or
subnet IP addresses. For example, a device receives an ARP request. The IP addresses of the
request sender and receiver are in different networks. However, the device knows a route to the IP
address of the request receiver and sends an ARP response, in which the MAC address is the
Ethernet MAC address of the device itself. This process is known as proxy ARP.
Configuration
The following example enables proxy ARP on FE port 0/1.
Examples
interface fastEthernet 0/1
ip proxy-arp
Related
Commands
Platform
Description
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Command Reference
IP Address Commands
service trustedarp
Use this command to enable the trusted ARP function. Use the no form of this command to disable
the trusted ARP function.
service trustedarp
no service trustedarp
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The trusted ARP function is disabled.
Command
Global configuration mode
Mode
Usage Guide
The trusted ARP function of the device is used to prevent ARP proofing. As a part of the GSN
scheme, it should be used together with the GSN scheme.
Configuration
The following example enables the trusted ARP function in global configuration mode.
Examples
config
service trustedarp
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ip broadcast-address
Use this command to define a broadcast address for an interface in interface configuration mode. Use
the no form of this command to cancel the broadcast address configuration.
ip broadcast-address ip-address
no ip broadcast-address
Parameter
Description
Defaults
Parameter
Description
ip-address
Broadcast address of the IP network
The IP broadcast address is 255.255.255.255.
Command Reference
Command
IP Address Commands
Interface configuration mode
Mode
Usage Guide
At present, the destination address of an IP broadcast packet is all-1s, indicating 255.255.255.255.
The RGOS software can generate broadcast packets with other defined IP addresses, and can
receive both all-1s packets and broadcast packets defined by itself.
Configuration
The following example sets the destination address of IP broadcast packets generated by this
Examples
interface to 0.0.0.0.
ip broadcast-address
Related
Commands
Platform
0.0.0.0
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Description
ip directed-broadcast
Use this command to enable the conversion from IP directed broadcast to physical broadcast in
interface configuration mode. Use the no form of this command to cancel the configuration.
ip directed-broadcast [ access-list-number ]
no ip directed-broadcast
Parameter
Description
Parameter
Description
(Optional) Access list number ranging from 1 to 199 or from 1300 to
access-list-number
2699. After an access list number is defined, only the IP directed
broadcast packets that match this access list are converted.
Defaults
The conversion function is disabled.
Command
Interface configuration mode
Mode
Usage Guide
An IP directed broadcast packet is an IP packet whose destination address is an IP subnet broadcast
address. For example, a packet with the destination address 172.16.16.255 is called a directed
broadcast packet. However, the node that generates this packet is not a member of the destination
subnet.
The device that is not directly connected to the destination subnet receives an IP directed broadcast
Command Reference
IP Address Commands
packet and handles this packet in the same way as forwarding a unicast packet. After the directed
broadcast packet reaches a device that is directly connected to this subnet, the device converts the
directed broadcast packet into a flooding broadcast packet (typically the broadcast packet whose
destination IP address is all-1s), and then sends the packet to all hosts in the destination subnet as
with link layer broadcast.
You can enable conversion from directed broadcast into physical broadcast on a specified interface,
so that this interface can forward a directed broadcast packet to a directly connected network. This
command affects only the final transmission of directed broadcast packets that have reached the
destination subnet instead of normal forwarding of other directed broadcast packets.
You can also define an access list on an interface to control which directed broadcast packets to
forward. After an access list is defined, only the packets that conform to the conditions defined in the
access list will perform the conversion from directed broadcast to physical broadcast.
If the no ip directed-broadcast command is configured on an interface, RGOS will discard the
directed broadcast packets received from the directly connected network.
Configuration
The following example enables the forwarding of directed broadcast packet on the FE port 0/1 of the
Examples
device.
interface fastEthernet 0/1
ip directed-broadcast
Related
Commands
Platform
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Description
ip address-pool
Use this command to enable the IP address pool function. Use the no form of this command to
disable the IP address pool function.
ip address-pool local
no ip address-pool local
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The IP address pool function is enabled.
Command
Global configuration mode
Mode
Command Reference
Usage Guide
IP Address Commands
By default, the IP address pool function is enabled, the user can configure the IP address pool, and
the PPP user can assign an IP address to the peer end from the IP address pool. Use the no ip
address-pool local command to disable the IP address pool function and delete all IP address pools
previously configured.
Configuration
The following example enables the IP address pool function.
Examples
ip address-pool local
Related
Commands
Platform
Command
Description
ip local pool
Configures the IP address pool.
This command is not supported on switches.
Description
clear arp-cache
Use this command to remove dynamic ARP mapping records from the ARP cache table in privileged
mode.
clear arp-cache [ vrf vrf_name | trusted ] [ p [mask ] ] | interface interface-name ]
Parameter
Description
Parameter
Description
trusted
Removes trusted ARP entries.
vrf vrf_name
Removes dynamic ARP entries of the specified VRF instance.
Specifies the IP address so as to remove ARP entries of this IP
ip
address. If the trusted keyword is specified, trusted ARP entries are
removed; otherwise, dynamic ARP entries are removed.
Specifies the subnet mask so as to remove ARP entries of the
specified subnet. The preceding IP address must be a subnet
mask
number. If the trusted keyword is specified, trusted ARP entries of the
subnet are removed; otherwise, dynamic ARP entries of the subnet
are removed.
interface interface-name
Defaults
N/A
Command
Privileged user mode
Mode
Removes dynamic ARP entries of the specified interface.
Command Reference
Usage Guide
IP Address Commands
This command can be used to refresh an ARP cache table.
A Network Foundation Protection Policy (NFPP) device receives one ARP packet for
every MAC or IP address per second by default. If the interval between twice ARP
clearing is within 1 second, the second response packet will be filtered out and the ARP
packet will fail to be parsed in a short time.
Configuration
The following example removes all dynamic ARP mapping records.
Examples
clear arp-cache
The following example removes the dynamic ARP entry 1.1.1.1.
clear arp-cache 1.1.1.1
The following example removes dynamic ARP table entries on interface SVI1.
clear arp-cache interface Vlan 1
Related
Commands
Platform
Command
Description
arp
Adds a static mapping record to the ARP table.
The parameter trusted is not supported by routers.
Description
clear ip route
Use this command to remove the entire IP routing table or a particular routing record in the IP routing
table in privileged user mode.
clear ip route { * | network [ netmask ] }
Parameter
Description
Parameter
Description
*
Removes all the routes.
network
The network or subnet address to be removed
netmask
(Optional) Network mask
Defaults
N/A
Command
Privileged user mode
Mode
Command Reference
Usage Guide
IP Address Commands
Once an invalid route is found in the routing table, you can immediately refresh the routing table to get
the updated routes. Note that, however, refreshing the entire routing table will result in a temporary
communication failure on the entire network.
Configuration
The following example refreshes only the route 192.168.12.0.
Examples
1
Related
Commands
Platform
clear ip route 192.168.12.0
Command
Description
show ip route
Shows the IP routing table.
This command is not supported on Layer 2 switches.
Description
show arp
Use this command to show the ARP cache table
show arp [ [ vrf vrf-name ] [ trusted ] ip [ mask ] | static | complete | incomplete | mac-address ]
Parameter
Description
Parameter
Description
vrf vrf-name
Shows ARP entries of the specified VRF instance.
trusted
Shows trusted ARP entries. Currently, only the global VRF supports
the trusted ARP.
Shows the ARP entries of the specified IP address.
ip
If the trusted keyword is specified, only trusted ARP entries are
shown; otherwise, non-trusted ARP entries are shown.
Shows the ARP entries of the IP subnet.
ip mask
If the trusted keyword is specified, only trusted ARP entries are
shown; otherwise, non-trusted ARP entries are shown.
static
Shows all the static ARP entries.
complete
Shows all the resolved dynamic ARP entries.
incomplete
Show alls the unresolved dynamic ARP entries.
mac-address
Shows the ARP entry with the specified MAC address.
Defaults
N/A
Command
Priviledged user mode
Mode
Usage Guide
N/A
Command Reference
IP Address Commands
Configuration
The following example shows the output result of the show arp command.
Examples
Ruijie# show arp
Total Numbers of Arp: 7
Protocol
Type
Address
Age(min)
Hardware
Interface
Internet
192.168.195.68
0
0013.20a5.7a5f
arpa
VLAN 1
Internet
192.168.195.67
0
001a.a0b5.378d
arpa
VLAN 1
Internet
192.168.195.65
0
0018.8b7b.713e
arpa
VLAN 1
Internet
192.168.195.64
0
0018.8b7b.9106
arpa
VLAN 1
Internet
192.168.195.63
0
001a.a0b5.3990
arpa
VLAN 1
Internet
192.168.195.62
0
001a.a0b5.0b25
arpa
VLAN 1
Internet
192.168.195.5
--
00d0.f822.33b1
arpa
VLAN 1
Field
Description
Protocol
Protocol of the network address,which is
Address
IP address corresponding to the hardware address
Age (min)
always set to Internet
Age of the ARP cache record in minutes
If it is locally or statically configured, the value of the field is represented with “-”.
Hardware
Hardware address corresponding to the IP address
Type
Hardware address type, which is ARPA for Ethernet addresses
Interface
Interface associated with the IP address
The following example shows the output result of the show arp 192.168.195.68 command.
Ruijie# show arp 192.168.195.68
Protocol
Address
Age(min)
Internet
192.168.195.68
1
Hardware
Type
Interface
0013.20a5.7a5f
arpa
VLAN 1
The example shows the output result of the show arp 192.168.195.0 255.255.255.0 command.
Ruijie# show arp 192.168.195.0 255.255.255.0
Protocol
Address
Age(min)
Hardware
Type
Internet
192.168.195.64
0
0018.8b7b.9106
arpa
VLAN 1
Internet
192.168.195.2
1
00d0.f8ff.f00e
arpa
VLAN 1
Internet
192.168.195.5
--
Internet
192.168.195.1
0
00d0.f822.33b1
00d0.f8a6.5af7
Interface
arpa
arpa
VLAN 1
VLAN 1
Command Reference
Internet
IP Address Commands
192.168.195.51
1
0018.8b82.8691
arpa
VLAN 1
The following example shows the output result of the show arp 001a.a0b5.378d command.
Ruijie# show arp 001a.a0b5.378d
Related
Commands
Platform
Protocol
Address
Age(min)
Internet
192.168.195.67
Hardware
4
Type
001a.a0b5.378d
Interface
arpa
VLAN 1
Command
Description
N/A
N/A
This command is not supported by routers or Layer 2 switches.
Description
show arp counter
Use this command to show the number of ARP entries in the ARP cache table.
show arp counter
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Any mode
Mode
Usage Guide
N/A
Configuration
The following example shows the output result of the show arp counter command:
Examples
Ruijie# show arp counter
The Arp Entry counter:0
The Unresolve Arp Entry:0
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
IP Address Commands
show arp detail
Use this command to show details about the ARP cache table.
show arp detail [ interface-type interface-number | ip [ mask ] | mac-address | static | complete |
incomplete ]
Parameter
Description
Parameter
Description
interface-type
Shows the ARP entry of a Layer 2 or Layer 3 port.
interface-number
Shows the ARP entry of the specified IP address.
ip
Shows the ARP entries of the network segment included within the IP
ip mask
mask.
mac-address
Shows the ARP entry of the specified MAC address.
static
Shows all the static ARP entries.
complete
Show all the resolved dynamic ARP entries.
incomplete
Show all the unresolved dynamic ARP entries.
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
Use this command to show ARP details, such as the ARP type (Dynamic, Static, Local, Trust) and
information about a specific Layer 2 port.
Configuration
The following example shows the output result of the show arp detail command.
Examples
Ruijie# show arp detail
IP Address
MAC Address
Type
Age(min)
Interface
Port
20.1.1.1
000f.e200.0001
Static
--
--
--
20.1.1.1
000f.e200.0001
Static
--
Vl3
--
20.1.1.1
000f.e200.0001
Static
--
Vl3
Gi2/0/1
193.1.1.70
00e0.fe50.6503
Dynamic
1
Vl3
Gi2/0/1
192.168.0.1
0012.a990.2241
Dynamic
10
Gi2/0/3
Gi2/0/3
192.168.0.1
0012.a990.2241
Dynamic
20
Ag1
Ag1
192.168.0.1
0012.a990.2241
Dynamic
30
Vl2
Ag2
192.168.0.39
0012.a990.2241
Local
--
Vl3
--
192.168.0.39
0012.a990.2241
Local
--
Gi2/0/3
--
192.168.0.1
0012.a990.2241
Local
--
Vl3
--
192.168.0.1
0012.a990.2241
Local
--
Gi2/3/2
--
Command Reference
Related
Commands
Platform
IP Address Commands
IP Address
IP address corresponding to the hardware address
MAC Address
hardware address corresponding to the IP address
Type
ARP type, including Static, Dynamic, Trust, and Local.
Age (min)
Age of the ARP learning in minutes
Interface
Layer 3 interface associated with the IP address
Command
Description
N/A
N/A
This command is supported on Layer 3 switches but not supported on routers.
Description
show arp timeout
Use this command to show the aging time of the dynamic ARP entry on an interface.
show arp timeout
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Any mode
Mode
Usage Guide
N/A
Configuration
The following example shows the output result of the show arp timeout command:
Examples
Ruijie# show arp timeout
Interface
arp timeout(sec)
----------------------
----------------
VLAN 1
3600
Command Reference
Related
Commands
Platform
IP Address Commands
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Description
show ip arp
Use this command to show the ARP cache table in privileged user mode.
show ip arp
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
N/A
Configuration
The following example shows the output result of the show ip arp command.
Examples
Ruijie# show ip arp
Protocol Address
Age(min)Hardware
Type
Interface
Internet 192.168.7.233
23
0007.e9d9.0488
ARPA FastEthernet 0/0
Internet 192.168.7.112
10
0050.eb08.6617
ARPA FastEthernet 0/0
Internet 192.168.7.79
12
00d0.f808.3d5c
ARPA FastEthernet 0/0
Internet 192.168.7.1
50
00d0.f84e.1c7f
ARPA FastEthernet 0/0
Internet 192.168.7.215
36
00d0.f80d.1090
ARPA FastEthernet 0/0
Internet 192.168.7.127
0
0060.97bd.ebee
ARPA FastEthernet 0/0
Internet 192.168.7.195
57
0060.97bd.ef2d
ARPA FastEthernet 0/0
Internet 192.168.7.183
--
00d0.f8fb.108b
ARPA FastEthernet 0/0
Field
Description
Protocol
Network address protocol, which is always set to Internet
Address
IP address corresponding to the hardware address
Age (min)
Age of the ARP cache record in minutes
If it is locally or statically configured, the value of the field is represented with “-”.
Command Reference
Type
Related
Commands
Platform
IP Address Commands
The type of hardware address, which is ARPA for Ethernet addresses
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Description
show ip interface
Use this command to show information about the IP status of an interface.
show ip interface [ interface-type interface-number | brief ]
Parameter
Description
Parameter
Description
interface-type
Speciies the interface type.
interface-number
Specifies the interface number.
Shows brief configuration information about the IP addresses of the
layer-3 interface, including the interface primary IP address,
brief
secondary IP address, and interface status.
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
When an interface is available, RGOS will create a direct route in the routing table. An available
interface means that the RGOS software can receive and send packets through this interface. If the
interface changes from available status to unavailable status, the RGOS software removes the direct
route from the routing table.
If the interface is unavailable (two-way communication is allowed), the line protocol status will be
shown as UP. If only the physical line is available, the interface status will be shown as UP.
The results shown may vary with the interface type, because some contents are interface-specific
options.
Configuration
The following example shows the output result of the show ip interface brirf command.
Examples
Ruijie#show ip interface brief
Interface
IP-Address(Pri)
IP-Address(Sec) Status Protocol
GigabitEthernet 0/10
2.2.2.2/24
3.3.3.3/24
down
down
GigabitEthernet 0/11
no address
no address
down
down
Command Reference
2
IP Address Commands
VLAN 1
1.1.1.1/24
no address
down
down
Status: link status of the interface. The options include up, down, and administratively
down. The link status of an interface will be administratively down if you run the
shutdown command to forcibly shut down the interface.
Protocol: IPv4 protocol status of the interface.
The following example shows the output result of the show ip interface vlan command.
SwitchA#show ip interface vlan 1
VLAN 1
IP interface state is: DOWN
IP interface type is: BROADCAST
IP interface MTU is: 1500
IP address is:
1.1.1.1/24 (primary)
IP address negotiate is: OFF
Forward direct-broadcast is: OFF
ICMP mask reply is: ON
Send ICMP redirect is: ON
Send ICMP unreachabled is: ON
DHCP relay is: OFF
Fast switch is: ON
Help address is:
Proxy ARP is: OFF
ARP packet input number:
0
Request packet:
0
Reply packet:
0
Unknown packet:
0
TTL invalid packet number:
0
ICMP packet input number:
0
Echo request:
Echo reply:
0
0
Unreachable:
0
Source quench:
0
Routing redirect:
Field
IP interface state is:
0
Description
The network interface is available, and both its interface hardware
status and line protocol status are UP.
IP interface type is:
Shows the interface type, such as broadcast or point-to-point.
IP interface MTU is:
Shows the MTU value of the interface.
Command Reference
IP Address Commands
IP address is:
Shows the IP address and mask of the interface.
IP address negotiate is:
Shows whether to obtain the IP address through negotiation.
Forward
Shows whether to forward directed broadcast packets.
direct-broadcast is:
ICMP mask reply is:
Shows whether to send ICMP mask response messages.
Send ICMP redirect is:
Shows whether to send ICMP redirection messages.
Send
ICMP
unreachabled is:
Shows whether to send ICMP unreachable messages.
DHCP relay is:
Shows whether DHCP relay is enabled.
Fast switch is:
Shows whether the IP fast switching function is enabled.
Route horizontal-split is:
Shows whether horizontal split is enabled, which will affect the route
update behavior of the distance vector protocol.
Help address is:
Shows the helper IP address.
Proxy ARP is:
Shows whether the proxy ARP is enabled.
ARP
packet
number:
input
0
Request
packet:
0
Reply
packet:
0
Unknown
packet:
TTL
including:
ARP request packets
ARP reply packets
Unknown packets
0
invalid
packet
number:
ICMP
Shows the total number of ARP packets received on the interface,
packet
Shows the number of packets with invalid TTL.
input
number: 0
Echo
request:
0
Echo
reply:
0
Shows the total number of ICMP packets received on the interface,
including:
Echo request packets
Echo reply packets
Unreachable:
Unreachable packets
0
Source
quench:
Routing
redirect:
0
Source quench packets
Routing redirection packets
0
Outgoing access list is
Inbound access list is
Shows whether an outgoing access list has been configured for an
interface.
Shows whether an incoming access list has been configured for an
interface.
Command Reference
Related
Commands
Platform
IP Address Commands
Command
Description
N/A
N/A
N/A
Description
show ip pool
Use this command to display an IP address pool of the system.
show ip pool [ pool-name ]
Parameter
Description
Parameter
Description
pool-name
Address pool name
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
N/A
Configuration
The following example shows the output result of the show ip pool command.
Examples
Ruijie#show ip pool
Related
Commands
Platform
Description
Pool
Begin
End
Free
In use
aaa
1.1.1.1
1.1.1.200
200
0
ccc
2.2.2.2
2.2.2.211
210
0
Command
Description
ip local pool
Configures the IP address pool.
This command is not supported on switches.
Command Reference
IP Address Commands
ip mask-reply
Use this command to configure the RGOS software to respond to the ICMP mask request and send
an ICMP response message in interface configuration mode. Use the no form of this command to
disable the sending of the ICMP mask response message.
ip mask-reply
no ip mask-reply
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
No ICMP mask response message is sent.
Command
Interface configuration mode
Mode
Usage Guide
Sometimes a network device needs to know the subnet mask of a subnet on the Internet. To obtain
such information, the network device can send an ICMP mask request message, and the network
device that receives this message will return a mask response message.
Configuration
The following example sets the FE interface 0/1 of a device to respond to the ICMP mask request
Examples
message.
interface fastEthernet 0/1
ip mask-reply
Related
Commands
Platform
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Description
ip mtu
Use this command to set the Maximum Transmission Unit (MTU) for IP packets in interface
configuration mode. Use the no form of this command to restore the default settings.
ip mtu bytes
no ip mtu
Parameter
Description
Parameter
Description
Command Reference
bytes
IP Address Commands
Maximum transmission unit of IP packets ranging from 68 to 1500
bytes
Defaults
The MTU is the same as the MTU value configured by the interface command mtu.
Command
Interface configuration mode
Mode
Usage Guide
If an IP packet is larger than the IP MTU, the RGOS software will split this packet. All the devices in
the same physical network segment must have the same IP MTU for the interconnected interface.
If the interface configuration command mtu is used to set the MTU value of the interface, IP MTU will
automatically match with the MTU value of the interface. However, if the IP MTU value is changed,
the MTU value of the interface will remain unchanged.
Configuration
The following example sets the IP MTU value of the FE interface 0/1 to 512 bytes.
Examples
interface fastEthernet 0/1
ip mtu 512
Related
Commands
Platform
Command
Description
mtu
Sets the MTU value of an interface.
This command is not supported on Layer 2 switches.
Description
ip redirects
Use this command to allow the RGOS software to send an ICMP redirection message in interface
configuration mode. Use the no form of this command to disable the ICMP redirection function.
ip redirects
no ip redirects
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The ICMP redirection function is enabled.
Command
Interface configuration mode
Mode
Command Reference
Usage Guide
IP Address Commands
When the route is not optimal, it may cause the device to receive packets through one interface and
send it though the same interface. If the device sends the packet from the same interface through
which this packet is received, the device will send an ICMP redirection message to the data source,
telling the data source that the gateway for the destination address is another device in the subnet. In
this way, the data source will send subsequent packets along the optimal path.
The RGOS software enables ICMP redirection by default.
Configuration
The following example disables ICMP redirection on the FE interface 0/1.
Examples
interface fastEthernet 0/1
no ip redirects
Related
Commands
Platform
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Description
ip source-route
Use this command to allow the RGOS software to process an IP packet with source route information
in global configuration mode. Use the no form of this command to disable the source route
information processing function.
ip source-route
no ip source-route
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The function is enabled.
Command
Global configuration mode
Mode
Usage Guide
RGOS supports IP source routes. When the device receives an IP packet, it will check the options of
the IP packet, such as strict source route, loose source route and record route. Details about these
options can be found in RFC 791. If an option is found to be enabled in this packet, a response will be
made. If an invalid option is detected, an ICMP parameter error message will be sent to the data
source, and then this packet is discarded.
The RGOS software supports IP source routes by default.
Command Reference
IP Address Commands
Configuration
The following example disables the IP source route feature.
Examples
no ip source-route
Related
Commands
Platform
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Description
ip unreachables
Use this command to allow the RGOS software to generate ICMP destination unreachable
messages. Use the no form of this command to disable this function.
ip unreachables
no ip unreachables
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The function is enabled.
Command
Interface configuration mode
Mode
Usage Guide
RGOS software will send an ICMP destination unreachable message if it receives a unicast message
in which the destination address is itself and cannot process the upper protocol of this message.
RGOS software will send an ICMP host unreachable message to the data source if it cannot forward
a message due to no routing.
This command influences all ICMP destination unreachable messages.
Configuration
The following example disables the sending of ICMP destination unreachable messages on the FE
Examples
interface 0/1.
interface fastEthernet 0/1
no ip unreachables
Command Reference
Related
Commands
Platform
Description
IP Address Commands
Command
Description
N/A
N/A
This command is not supported on Layer 2 switches.
Command Reference
TCP Commands
TCP Commands
ip tcp mss
Use this command to configure the upper limit of the MSS value. Use the no form of this command to
remove the configuration.
ip tcp mss max-segment-size
no ip tcp mss
Parameter
Description
Parameter
Description
max-segment-size
Upper limit of the MSS value in the range from 68 to 10000 bytes
Defaults
The upper limit is not set by default.
Command
Global configuration mode
Mode
Usage Guide
This command is used to limit the maximum value of MSS for the TCP connection to be created. The
negotiated MSS cannot exceed the configured value. You can use this command to reduce the
maximum value of MSS. However, this configuration is not needed in general.
Configuration
Ruijie(config)# ip tcp mss 1300
Examples
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported by RGOS 10.3 and later versions.
Description
ip tcp not-send-rst
Use this command to prohibit sending the reset packet when a port-unreachable packet is received.
Use the no form of this command to remove the configuration.
ip tcp not-send-rst
no ip tcp not-send-rst
Parameter
Description
Parameter
Description
Command Reference
N/A
TCP Commands
N/A
Defaults
The reset packet is sent when a port-unreachable packet is received.
Command
Global configuration mode
Mode
Usage Guide
When the TCP module distributes TCP packets, if the TCP connection to which such packets belong
cannot be found, a reset packet will be returned to the peer end to terminate the TCP connection. The
attacker may initiate attacks by sending a large number of port-unreachable TCP packets. You can
use this command to prohibit sending the reset packet when a port-unreachable packet is received.
Configuration
Ruijie(config)# ip tcp not-send-rst
Examples
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported by RGOS 10.3 and later versions.
Description
ip tcp path-mtu-discovery
Use this command to enable Path Maximum Transmission Unit (PMTU) discovery function for TCP in
global configuration mode. Use the no form of this command to disable this function.
ip tcp path-mtu-discovery [ age-timer minutes | age-timer infinite ]
no ip tcp path-mtu-discovery
Parameter
Description
Parameter
age-timer minutes
age-timer infinite
Description
The time interval for further discovery after discovering PMTU. Its
value ranges from 10 to 30 minutes. The default value is 10.
No further discovery after discovering PMTU
Defaults
The PMTU discovery function is disabled.
Command
Global configuration mode
Mode
Usage Guide
Based on RFC1191, the TCP path MTU function improves the network bandwidth utilization and data
transmission when the user uses TCP to transmit the data in batch.
Enabling or disabling this function takes no effect for existent TCP connections and is only effective
for TCP connections to be created. This command is valid for both IPv4 and IPv6 TCP.
Command Reference
TCP Commands
According to RFC1191, after discovering the PMTU, the TCP uses a greater MSS to detect the new
PMTU at a certain interval, which is specified by the parameter age-timer. If the PMTU discovered is
smaller than the MSS negotiated between two ends of the TCP connection, the device will be trying to
discover the greater PMTU at the specified interval untill the PMTU value reaches the MSS or the
user stops this timer. Use the parameter age-timer infinite to stop this timer.
Configuration
Ruijie(config)# ip tcp path-mtu-discovery
Examples
Related
Commands
Command
Description
Shows
show tcp pmtu
Platform
the
PMTU
value
for
the
TCP
connection.
This command is supported by RGOS 10.3 and later versions.
Description
ip tcp syntime-out
Use this command to set the timeout value for SYN packets (the maximum time from SYN
transmission to successful three-way handshake). Use the no form of this command to restore the
default value.
ip tcp syntime-out seconds
no ip tcp syntime-out
Parameter
Description
Parameter
seconds
Defaults
20 seconds
Command
Global configuration mode
Description
Timeout value for SYN packets in the range from 5 to 300 seconds.
The default value is 20.
Mode
Usage Guide
If there is an SYN attack in the network, reducing the SYN timeout value can prevent resource
consumption, but it takes no effect for successive SYN attacks. When the device actively requests a
connection with an external device, reducing the SYN timeout value can shorten the time for the user
to wait, such as telnet login. For poor network conditions, the timeout value can be increased
properly.
Configuration
Examples
Ruijie(config)# ip tcp syntime-out 10
Command Reference
Related
Commands
Platform
TCP Commands
Command
Description
N/A
N/A
This command is supported by RGOS 10.3 and later versions.
Description
ip tcp window-size
Use this command to change the size of receiving buffer and sending buffer for TCP connections.
Use the no form of this command to restore the default value.
ip tcp window-size size
no ip tcp window-size
Parameter
Description
Parameter
size
Description
Size of receiving buffer and sending buffer for TCP connections in the
range from 0 to 65535 bytes. The default value is 4096.
Defaults
The size of receiving buffer and sending buffer is 4096 bytes.
Command
Global configuration mode
Mode
Usage Guide
The TCP receiving buffer is used to buffer the data received from the peer end. These data will be
subsequently read by application programs. Generally, the window size of TCP packets implies the
size of free space in the receiving buffer. For connections involving a large bandwidth and mass data,
increasing the size of receiving buffer will remarkably improve TCP transmission performance.
The sending buffer is used to buffer the data of application programs. Each byte in the sending buffer
has a sequence number, and bytes with sequence numbers acknowledged will be removed from the
sending buffer. Increasing the sending buffer will improve the interaction between TCP and
application programs, thus enhancing the performance. However, increasing the receiving buffer and
sending buffer will result in more memory consumption of TCP.
This command is used to change the size of receiving buffer and sending buffer for TCP connections.
This command changes both the receiving buffer and sending buffer, and only applies to subsequent
connections.
Configuration
Ruijie(config)# ip tcp window-size 16386
Examples
Related
Commands
Command
Description
N/A
N/A
Command Reference
Platform
TCP Commands
This command is supported by RGOS 10.3 and later versions.
Description
show tcp connect
Use this command to display basic information about the current TCP connections.
show tcp connect
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
N/A
Configuration
Ruijie#sh tcp connect
Examples
tcp connect status:
TCB
Local Address
Foreign Address
State
cf25000
0.0.0.0.2650
0.0.0.0.0
LISTEN
c441000
0.0.0.0.23
0.0.0.0.0
LISTEN
c441800
1.1.1.1.23
1.1.1.2.64201
c444cc0
::.23
c429980
3000::1.23
::.0
3000::2.64236
ESTABLISHED
LISTEN
ESTABLISHED
Field
Description
TCB
The control block’s location in the current memory
Local Address
Th Local address and port number. The number after the last
“.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
Foreign Address
The remote address and port number. The number after the
last “.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
State
Current status of the TCP connection. There are eleven
possible states:
CLOSED: The connection has been closed.
LISTEN: Listening state
SYNSENT: In the three-way handshake phase when the SYN
packet has been sent out.
SYNRCVD: In the three-way handshake phase when the SYN
packet has been received.
Command Reference
TCP Commands
ESTABLISHED: The connection has been established.
FINWAIT1: The local end has sent the FIN packet.
FINWAIT2: The FIN packet sent by the local end has been
acknowledged.
CLOSEWAIT: The local end has received the FIN packet from
the peer end.
LASTACK: The local end has received the FIN packet from the
peer end, and then sent its own FIN packet.
CLOSING: The local end has sent the FIN packet from the peer
end, and received the FIN packet from the peer end before the
ACK packet for the peer end to respond with this FIN packet is
received.
TIMEWAIT: The FIN packet sent by the local end has been
acknowledged, and the local end has also acknowledged the
FIN packet.
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported by RGOS 10.3 and later versions.
Description
show tcp pmtu
Use this command to display information about TCP PMTU.
show tcp pmtu
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
N/A
Configuration
Ruijie# show tcp pmtu
Examples
No.
Local Address
Foreign Address
[1]
2002::1.18946
2002::2.23
[2]
192.168.195.212.23
PMTU
1440
192.168.195.112.13560 1440
Command Reference
TCP Commands
Field
Description
No.
Sequence number
Local Address
The local address and the port number. The number after the last
“.” is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
Foreign Address
The remote address and the port number. The number after the
last "." is the port number. For example, in “2002::2.23” and
“192.168.195.212.23” , “23” is the port number.
PMTU
Related
Commands
Platform
PMTU value
Command
Description
ip tcp path-mtu-discovery
Enables the TCP PMTU discovery function.
This command is supported by RGOS 10.3 and later versions.
Description
show tcp port
Use this command to show information about the current TCP port.
show tcp port
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
N/A
Configuration
Ruijie#sh tcp port
Examples
tcp port status:
Tcpv4 listen on 2650 have connections:
TCB
Foreign Address
Port
State
Port
State
Tcpv4 listen on 2650 have total 0 connections.
Tcpv4 listen on 23 have connections:
TCB
c340800
Foreign Address
1.1.1.2
Tcpv4 listen on 23 have total 1 connections.
Tcpv6 listen on 23 have connections:
64571
ESTABLISHED
Command Reference
TCB
c429980
TCP Commands
Foreign Address
Port
3000::2
64572
State
ESTABLISHED
Tcpv6 listen on 23 have total 1 connections.
Field
Description
TCB
The control block’s location in the current memory
Foreign Address
Remote address
Port
Remote port number
State
Status of the current TCP connection. There are eleven possible
states:
CLOSED: The connection has been closed.
LISTEN: Listening state
SYNSENT: In the three-way handshake phase when the SYN
packet has been sent.
SYNRCVD: In the three-way handshake phase when the SYN
packet has been received.
ESTABLISHED: The connection has been established.
FINWAIT1: The local end has sent the FIN packet.
FINWAIT2: The FIN packet sent by the local end has been
acknowledged.
CLOSEWAIT: The local end has received the FIN packet from
the peer end.
LASTACK: The local end has received the FIN packet from the
peer end, and then sent its own FIN packet.
CLOSING: The local end has sent the FIN packet from the peer
end, and received the FIN packet from the peer end before the
ACK packet for the peer end to respond with this FIN packet is
received.
TIMEWAIT: The FIN packet sent by the local end has been
acknowledged, and the local end has also acknowledged the FIN
packet.
Related
Commands
Platform
Description
Command
Description
N/A
N/A
This command is supported by RGOS 10.3 and later versions.
Command Reference
DHCP Commands
DHCP Commands
bootfile
Use this command to define the startup mapping file name of the DHCP client in DHCP address pool
configuration mode. Use the no form of this command to remove the definition.
bootfile file-name
no bootfile
Parameter
Parameter
Description
Description
file-name
Startup file name
Defaults
No startup file name is defined by default.
Command
DHCP address pool configuration mode.
Mode
Usage Guide
Some DHCP clients need to download the operating system and the configuration file during startup.
The DHCP server should provide the mapping file name required for the startup, so that DHCP clients
can download the file from the corresponding server such as Trivial File Transfer Protocol (TFTP).
Other servers are defined by the next-server command.
Configuration
The following example defines device.conf as the startup file name.
Examples
bootfile device.conf
Related
Command
Commands
ip dhcp pool
next-server
Platform
Description
Defines the name of the DHCP address pool and enters DHCP address pool
configuration mode.
Configures the next server IP address of the DHCP client startup process.
N/A
Description
client-identifier
Use this command to define the unique ID of the DHCP client (indicated in hexadecimal separated by
dot) in DHCP address pool configuration mode. Use the no form of this command to delete the client
ID.
client-identifier unique-identifier
no client-identifier
Command Reference
Parameter
DHCP Commands
Parameter
Description
DHCP client ID indicated in hexadecimal and separated by dot, for
Description
instance,
unique-identifier
0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31.
Defaults
N/A
Command
DHCP address pool configuration mode
Mode
Usage Guide
When some DHCP clients request the DHCP server to assign IP addresses, they use their client IDs
rather then their hardware addresses. The client ID consists of the media type, MAC addresses and
interface name. For example, the MAC address is 00d0.f822.33b4, the interface name is
GigabitEthernet 0/1, and the corresponding client ID is
0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31, where, 01 denotes the type of
the Ethernet media.
The 67.6967.6162.6974.4574.6865.726e.6574.302f.31 is the hexadecimal code of GigabitEthernet0/1.
For the definition of the media code, see the section "Address Resolution Protocol Parameters" in the
RFC1700.
This command is used only when the DHCP is defined by manual binding.
Configuration
The following example defines the client ID of the Ethernet DHCP client whose MAC address is
Examples
00d0.f822.33b4.
Ruijie(dhcp-config)#
client-identifier
0100.d0f8.2233.b467.6967.6162.6974.4574.6865.726e.6574.302f.31
Related
Command
Description
Commands
hardware-address
Defines the hardware address of DHCP client.
host
ip dhcp pool
Platform
Defines the IP address and network mask, which is used to configure the
DHCP manual binding.
Defines the name of the DHCP address pool and enters DHCP address pool
configuration mode.
N/A
Description
client-name
Use this command to define the name of the DHCP client in DHPC address pool configuration mode.
Use the no form of this command to delete the name of the DHCP client.
client-name client-name
no client-name
Parameter
Parameter
Description
Command Reference
DHCP Commands
Name of DHCP client, which is a set of standard-based ASCII
Description
client-name
characters. The name should not include the suffix domain
name. For example, you can define the name of the DHCP
client as river, not river.i-net.com.cn.
Defaults
No client name is defined by default.
Command
DHCP address pool configuration mode
Mode
Usage Guide
This command can be used to define the name of the DHCP client only when the DHCP is defined by
manual binding. This name should not include the suffix domain name.
Configuration
The following example defines a string river as the name of the client.
Examples
Ruijie(dhcp-config)# client-name river
Related
Command
Commands
host
ip dhcp pool
Platform
Description
Defines the IP address and network mask, which is used to
configure the DHCP manual binding.
Defines the name of the DHCP address pool and enters DHCP
address pool configuration mode.
N/A
Description
default-router
Use this command to define the default gateway of the DHCP client in DHPC address pool
configuration mode. Use the no form of this command to delete the definition of the default gateway.
default-router ip-address [ ip-address2…ip-address8 ]
no default-router
Parameter
Description
Parameter
ip-address
ip-address2…ip-address8
Description
Defines the IP address of the equipment. It is required to
configure one IP address at least.
(Optional) Up to eight gateways can be configured.
Defaults
No gateway is defined by default.
Command
DHCP address pool configuration mode
Mode
Usage Guide
In general, the DHCP client should get the information of the default gateway from the DHCP server.
The DHCP server should specify at least one gateway address for the client, and this address should
Command Reference
DHCP Commands
be of the same network segment as the address assigned to the client.
Configuration
The following example defines 192.168.12.1 as the default gateway.
Examples
Ruijie(dhcp-config)# default-router 192.168.12.1
Related
Command
Commands
Platform
Description
Defines the name of the DHCP address pool and enters DHCP
ip dhcp pool
address pool configuration mode.
N/A
Description
dns-server
Use this command to define the Domain Name System (DNS) server of the DHCP client in DHPC
address pool configuration mode. Use the no form of this command to delete the definition of the
DNS server.
dns-server
{
ip-address
[
ip-address2…ip-address8
]
|
use-dhcp-client
interface-type
interface-number }
no dns-server
Parameter
Description
Parameter
Description
Defines the IP address of the DNS server. At least one IP address
ip-address
should be configured.
ip-address2…ip-address8
(Optional) Up to eight DNS servers can be configured.
Defaults
No DNS server is defined by default.
Command
DHCP address pool configuration mode
Mode
Usage Guide
When multiple DNS servers are defined, the former will possess higher priory, so the DHCP client will
select the next DNS server only when its communication with the former DNS server fails.
Configuration
The following example specifies the DNS server 192.168.12.3 for the DHCP client.
Examples
Ruijie(dhcp-config)# dns-server 192.168.12.3
Related
Command
Description
Commands
domain-name
Defines the suffix domain name of the DHCP client.
ip address dhcp
Enables the DHCP client on the interface to obtain the IP address information.
ip dhcp pool
Defines the name of the DHCP address pool and enters DHCP address pool
configuration mode.
Command Reference
Platform
DHCP Commands
N/A
Description
domain-name
Use this command to define the suffix domain name of the DHCP client in DHPC address pool
configuration mode. Use the no form of this command to delete the suffix domain name.
domain-name domain-name
no domain-name
Parameter
Parameter
Description
Description
domain-name
Defines the suffix domain name string of the DHCP client.
Defaults
No suffix domain name is defined by default.
Command
DHCP address pool configuration mode
Mode
Usage Guide
After the DHCP client obtains specified suffix domain name, it can access a host with the same suffix
domain name by the host name directly.
Configuration
The following example defines the suffix domain name i-net.com.cn for the DHCP client.
Examples
Ruijie(dhcp-config)# domain-name i-net.com.cn
Related
Command
Description
Commands
dns-server
Defines the DNS server of the DHCP client.
ip dhcp pool
Platform
Defines the name of the DHCP address pool and enters DHCP address pool
configuration mode.
N/A
Description
hardware-address
Use this command to define the hardware address of the DHCP client in DHPC address pool
configuration mode. Use the no form of this command to delete the definition of the hardware
address.
hardware-address hardware-address [ type ]
no hardware-address
Parameter
Parameter
Description
Description
hardware-address
Defines the hardware address of the DHCP client.
Command Reference
DHCP Commands
Uses the string definition or digits definition to indicate the hardware
platform protocol of the DHCP client,:
String options:
type
Ethernet
ieee802
Digits options:
1 (10M Ethernet)
6 (IEEE 802)
Defaults
No hardware address is defined by default.
If there is no option when the hardware address is defined, it is Ethernet by default.
Command
DHCP address pool configuration mode
Mode
Usage Guide
This command can be used only when the DHCP is defined by manual binding.
Configuration
The following example defines the MAC address 00d0.f838.bf3d with the type ethernet.
Examples
Ruijie(dhcp-config)# hardware-address 00d0.f838.bf3d
Related
Command
Commands
client-identifier
host
ip dhcp pool
Platform
Description
Defines the unique ID of the DHCP client (Indicated in hexadecimal
separated by dot).
Defines the IP address and network mask, which is used to configure
the DHCP manual binding.
Defines the name of the DHCP address pool and enters DHCP
address pool configuration mode.
N/A
Description
host
Use this command to define the IP address and network mask of the DHCP client host in DHCP
address pool configuration mode. Use the no form of this command to delete the definition of the IP
address and network mask for the DHCP client.
host ip-address [ netmask ]
no host
Parameter
Parameter
Description
Description
ip-address
Defines the IP address of DHCP client.
netmask
Defines the network mask of DHCP client.
Defaults
No IP address or network mask of the host is defined by default.
Command Reference
Command
DHCP Commands
DHCP address pool configuration mode
Mode
Usage Guide
If the network mask is not defined definitely, the DHCP server will use the natural network mask of
this IP address: 255.0.0.0 for class A IP address, 255.255.0 for class B IP address, and
255.255.255.0 for class C IP address.
This command can be used only when the DHCP is defined by manual binding.
Configuration
The following example sets the client IP address as 192.168.12.91, and the network mask as
Examples
255.255.255.240.
Ruijie(dhcp-config)# host 192.168.12.91 255.255.255.240
Related
Commands
Command
Description
Defines the unique ID of the DHCP client (Indicated in
client-identifier
hexadecimal separated by dot).
Defines the hardware address of DHCP client.
hardware-address
Defines the name of the DHCP address pool and enters DHCP
ip dhcp pool
Platform
address pool configuration mode.
N/A
Description
ip address dhcp
Use this command to make the Ethernet interface or the Point-to-Point Protocol (PPP),
High-Level Data Link Control (HDLC) and Frame Relay (FR) encapsulated interface obtain the IP
address information by DHCP in interface configuration mode. Use the no form of this command to
cancel this configuration.
ip address dhcp
no ip address dhcp
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The interface cannot obtain the ID address by the DHCP by default.
Command
Interface configuration mode
Mode
Usage Guide
When requesting the IP address, the DHCP client of the RGOS software also requires the DHCP
server to provide information about five configuration parameters: 1) DHCP option 1, indicates the
client subnet mask; 2) DHCP option 3, indicates the same as the gateway information of the same
subnet; 3) DHCP option 6, indicates the DNS server information; 4) DHCP option 15, indicates the
Command Reference
DHCP Commands
host suffix domain name; 5) DHCP option 44, indicates the WINS server information (optional).
The client of the RGOS software is allowed to obtain the address on the PPP, FR or HDL link by the
DHCP, which should be supported by the server. At present, our server supports this function.
Configuration
The following example makes the FastEthernet 0 port obtain the IP address automatically.
Examples
Ruijie(config)# interface fastEthernet 0/1
Ruijie(config-FastEthernet 0/1)# ip address dhcp
Related
Command
Description
Commands
dns-server
Defines the DNS server of DHCP client.
ip dhcp pool
Platform
Defines the name of the DHCP address pool and enters DHCP
address pool configuration mode.
N/A
Description
ip dhcp excluded-address
Use this command to define some IP addresses and prevent the DHCP server from assigning them
to the DHCP client in global configuration mode. Use the no form of this command to cancel this
definition.
ip dhcp excluded-address low-ip-address [ high-ip-address ]
no ip dhcp excluded-address low-ip-address [ high-ip-address ]
Parameter
Description
Parameter
low-ip-address
high-ip-address
Description
Excludes the IP address, or excludes the start IP address
within the range of the IP address.
Excludes the end IP address within the range of the IP
address.
Defaults
The DHCP server assigns the IP addresses of the whole address pool by default.
Command
Global configuration mode
Mode
Usage Guide
If no excluded IP address is configured, the DHCP server attempts to assign all IP addresses in the
DHCP address pool. This command can reserve some IP addresses for specific hosts to prevent the
DHCP from assigning these addresses to the DHCP client, and define the excluded IP address
accurately to reduce the conflict detecting time when the DHCP server assigns the address.
Configuration
The following example configures that the DHCP server will not assign the IP addresses within
Examples
192.168.12.100 to 150.
Ruijie(config)# ip dhcp excluded-address 192.168.12.100 192.168.12.150
Command Reference
Related
Commands
Command
ip dhcp pool
network (DHCP)
Platform
DHCP Commands
Description
Defines the name of the DHCP address pool and enters
DHCP address pool configuration mode.
Defines the network number and network mask of the
DHCP address pool.
N/A
Description
ip dhcp ping packets
Use this command to configure the times of pinging the IP address when the DHCP server detects
the address conflict in global configuration mode. Use the no form of this command to restore the
default configuration
ip dhcp ping packets [ number ]
no ip dhcp ping packets
Parameter
Parameter
Description
(Optional) Number of packets in the range from 0 to 10, where 0
Description
number
indicates disabling the ping operation. The ping operation sends
two packets by default.
Defaults
The ping operation sends two packets by default.
Command
Global configuration mode
Mode
Usage Guide
When the DHCP server attempts to assign the IP address from the DHCP address pool, use the ping
operation to check whether this address is occupied by other hosts. Record it if the address is
occupied, otherwise, assign it to the DHCP client. The ping operation will send up to 10 packets (two
packets by default).
Configuration
The following example sets the number of the packets sent by the ping operation to 3.
Examples
Ruijie(config)# ip dhcp ping packets 3
Related
Command
Description
Commands
clear ip dhcp conflict
Clears the DHCP history conflict record.
Configures the timeout that the DHCP server waits for
the ping response. If all the ping packets are not
ip dhcp ping packets
responded within the specified time, this IP address
can be assigned. Otherwise, it will record the address
conflict.
show ip dhcp conflict
Shows the DHCP server detects address conflict
Command Reference
DHCP Commands
when it assigns an IP address.
Platform
N/A
Description
ip dhcp ping timeout
Use this command to configure the timeout that the DHCP server waits for a response when it uses
the ping operation to detect the address conflict in global configuration mode. Use the no form of this
command to restore it to the default configuration.
ip dhcp ping timeout milli-seconds
no ip dhcp ping timeout
Parameter
Description
Parameter
milli-seconds
Defaults
The timeout is 500 seconds by default.
Command
Global configuration mode
Description
Time that the DHCP server waits for ping response in
the range 100 to 10000 milliseconds.
Mode
Usage Guide
This command defines the time that the DHCP server waits for a ping response packet.
Configuration
The following example configures that the waiting time of the ping response packet is 600ms.
Examples
Ruijie(config)# ip dhcp ping timeout 600
Related
Command
Description
Commands
clear ip dhcp conflict
Clears the DHCP history conflict record.
Defines the number of the packets sent by the ping
ip dhcp ping packets
operation for the detection of the address conflict
when the DHCP server assigns an IP address.
show ip dhcp conflict
Platform
Shows the address conflict the DHCP server detects
when it assigns an IP address.
N/A
Description
ip dhcp pool
Use this command to define a name of the DHCP address pool and enter DHCP address pool
configuration mode in global configuration mode. Use the no form of this command to delete the
DHCP address pool.
Command Reference
DHCP Commands
ip dhcp pool pool-name
no ip dhcp pool pool-name
Parameter
Description
Parameter
pool-name
Defaults
No DHCP address pool is defined by default.
Command
Global configuration mode
Description
String of characters and positive integers, for
example, mypool or 1.
Mode
Usage Guide
Execute the command to enter DHCP address pool configuration mode, which is shown as:
Ruijie(dhcp-config)#
In this configuration mode, you can configure the IP address range, the DNS server and the default
gateway.
Configuration
The following example defines a DHCP address pool with the name mypool0.
Examples
Ruijie(config)# ip dhcp pool mypool0
Ruijie(dhcp-config)#
Related
Commands
Command
host
ip dhcp excluded-address
network (DHCP)
Platform
Description
Defines the IP address and network mask, which is
used to configure the DHCP manual binding.
Defines the IP addresses that the DHCP server
cannot assign to the clients.
Defines the network number and network mask of the
DHCP address pool.
N/A
Description
lease
Use this command to define the lease time of the IP address that the DHCP server assigns to the
client in DHCP address pool configuration mode. Use the no form of this command to restore the
default configuration.
lease { days [ hours ] [ minutes ] | infinite }
no lease
Parameter
Parameter
Description
Description
days
Lease time in days
Command Reference
hours
DHCP Commands
(Optional) Lease time in hours. It is necessary to
define the days before defining the hours.
(Optional) Lease time in minutes. It is necessary to
minutes
define the days and hours before defining the
minutes.
infinite
Defaults
The lease time is 1 day by default.
Command
DHCP address pool configuration mode
Infinite lease time
Mode
Usage Guide
When the lease is getting near to expire, the DHCP client will send the request of renewing the lease.
In general, the DHCP server will allow renewing the lease of the original IP address.
Configuration
The following example sets the DHCP lease to 1 hour.
Examples
Ruijie(dhcp-config)# lease 0 1
The following example sets the DHCP lease to 1 minute.
Ruijie(dhcp-config)# lease 0 0 1
Related
Commands
Platform
Command
ip dhcp pool
Description
Defines the name of the DHCP address pool and
enters DHCP address pool configuration mode.
N/A
Description
netbios-name-server
Use this command to configure the WINS name server of the Microsoft DHCP client NETBIOS in
DHCP address pool configuration mode. Use the no form of this command to delete the WINS
server.
netbios-name-server ip-address [ ip-address2…ip-address8 ]
netbios-name-server
Parameter
Description
Parameter
ip-address
ip-address2…ip-address8
Defaults
No WINS server is defined by default.
Command
DHCP address pool configuration mode
Description
IP address of the WINS server. It is required to
configure one IP address at least.
(Optional) IP addresses of WINS servers. Up to
eight WINS servers can be configured.
Command Reference
DHCP Commands
Mode
Usage Guide
When more than one WINS server is defined, the former has higher priory. The DHCP client will
select the next WINS server only when its communication with the former WINS server fails.
Configuration
The following example specifies the WINS server 192.168.12.3 for the DHCP client.
Examples
Ruijie(dhcp-config)# netbios-name-server 192.168.12.3
Related
Command
Commands
ip address dhcp
ip dhcp pool
Platform
Description
Enables the DHCP client on the interface to obtain
the IP address.
Defines the name of the DHCP address pool and
enter DHCP address pool configuration mode.
N/A
Description
netbios-node-type
Use this command to define the node type of the master NetBIOS of the Microsoft DHCP client in the
DHCP address configuration mode. Use the no form of this command to delete the configuration of
the NetBIOS node type.
netbios-node-type type
no netbios-node-type
Parameter
Parameter
Description
Type of node in two modes:
Description
Digit in hexadecimal form in the range of 0 to FF.
Only the following numerals are available:
1: b-node.
2: p-node.
type
4: m-node.
8: h-node.
String:
b-node: broadcast node
p-node: peer-to-peer node
m-node: mixed node
h-node: hybrid node
Defaults
No type of the NetBIOS node is defined by default.
Command
DHCP address pool configuration mode
Mode
Command Reference
Usage Guide
DHCP Commands
There are four types of the NetBIOS nodes of the Microsoft DHCP client: 1) Broadcast, which carries
out the NetBIOS name resolution by the broadcast method, 2) Peer-to-peer, which directly requests
the WINS server to carry out the NetBIOS name resolution, 3) Mixed, which requests the name
resolution by the broadcast method firstly, and then carry out the name resolution by the WINS server
connection, 4) Hybrid, which requests the WINS server to carry out the NetBIOS name resolution
firstly, and it will carry out the NetBIOS name resolution by the broadcast method if the response is
not received.
By default, the node type for Microsoft operating system is broadcast or hybrid. If the WINS server is
not configured, broadcast node is used. Otherwise, hybrid node is used. It is recommended to set the
type of the NetBIOS node to Hybrid.
Configuration
The following example sets the NetBIOS node of Microsoft DHCP client as Hybrid.
Examples
Ruijie(dhcp-config)# netbios-node-type h-node
Related
Command
Commands
ip dhcp pool
netbios-name-server
Platform
Description
Defines the name of DHCP address pool and enter
DHCP address pool configuration mode.
Configures the WINS name server of the Microsoft
DHCP client NETBIOS.
N/A
Description
network (DHCP)
Use this command to define the network number and network mask of the DHCP address pool. Use
the no form of this command to delete the definition.
network net-number net-mask
no network
Parameter
Parameter
Description
Description
net-number
Network number of the DHCP address pool
Network mask of the DHCP address pool. If the
net-mask
network mask is not defined, the natural network
mask will be used by default.
Defaults
No network number or network mask is defined by default.
Command
DHCP address pool configuration mode
Mode
Usage Guide
This command defines the subnet and subnet mask of a DHCP address pool, and provides the
DHCP server with an address space which can be assigned to the clients. Unless excluded
addresses are configured, all the addresses of the DHCP address pool can be assigned to the
Command Reference
DHCP Commands
clients. The DHCP server assigns the addresses in the address pool in priority order. If the DHCP
server found an IP address is in the DHCP binding table or in the network segment, it checks the next
until it assigns an effective IP address.
The show ip dhcp binding command can be used to view the address assignment, and the show ip
dhcp conflict command can be used to view the address conflict detection.
Configuration
The following example defines the network number of the DHCP address pool as 192.168.12.0, and
Examples
the network mask as 255.255.255.240.
Ruijie(dhcp-config)# network 192.168.12.0 255.255.255.240
Related
Commands
Command
ip dhcp excluded-address
ip dhcp pool
Platform
Description
Defines the IP addresses that the DHCP server
cannot assign to the clients.
Defines the name of the DHCP address pool and
enters DHCP address pool configuration mode.
N/A
Description
next-server
Use this command to define the startup sever list that the DHCP client accesses during startup. Use
the no form of this command to delete the definition of the startup server list.
next-server ip-address [ ip-address2…ip-address8 ]
no next-server
Parameter
Parameter
Description
Defines the IP address of the startup server, which
Description
ip-address
is usually the TFTP server. It is required to
configure one IP address at least.
ip-address2…ip-address8
Defaults
N/A
Command
DHCP address pool configuration mode
(Optional) Configures IP addresses of up to eight
startup servers.
Mode
Usage Guide
When multiple servers are defined, the former will possess higher priory. The DHCP client will select
the next startup server only when its communication with the former startup server fails.
Configuration
The following example specifies the startup server 192.168.12.4 for the DHCP client.
Examples
Ruijie(dhcp-config)# next-server 192.168.12.4
Command Reference
Related
Commands
DHCP Commands
Command
Description
Defines the default startup mapping file name of
bootfile
the DHCP client.
Defines the name of the DHCP address pool and
ip dhcp pool
enters DHCP address pool configuration mode.
Defines the Helper address on the interface.
ip help-address
Configures the option of the RGOS software DHCP
option
Platform
server.
N/A
Description
option
Use this command to configure the option of the DHCP server. Use the no form of this command to
delete the definition of option.
option code { ascii string | hex string | ip ip-address }
no option
Parameter
Description
Parameter
Description
code
Defines the DHCP option codes.
ascii string
Defines an ASCII string.
hex string
Defines a hexadecimal string.
ip ip-address
Defines an IP address list.
Defaults
N/A
Command
DHCP address pool configuration mode
Mode
Usage Guide
The DHCP provides a mechanism to transmit the configuration information to the host in the TCP/IP
network. The DHCP message has a variable option field that can be defined according to the actual
requirement. The DHCP client needs to carry the DHCP message with at least 312 bytes of option
information. Furthermore, the fixed data field in the DHCP message is also referred to as an option.
For the current definition of DHCP option, see the RFC 2131.
Configuration
The following example defines the option code 19, which determines whether the DHCP client can
Examples
enable the IP packet forwarding. 0 indicates to disable the IP packet forwarding, and 1 indicates to
enable the IP packet forwarding. The following configuration enables the IP packet forwarding on the
DHCP client.
Ruijie(dhcp-config)# option 19 hex 1
Command Reference
DHCP Commands
The following example defines the option code 33, which provides the DHCP client with the static
route information. The DHCP client will install two static routes: 1) the destination network
172.16.12.0 and the gateway 192.168.12.12, 2) the destination network 172.16.16.0 and the gateway
192.168.12.16.
option 33 ip 172.16.12.0 192.168.12.12 172.16.16.0 192.168.12.16
Related
Commands
Platform
Command
ip dhcp pool
Description
Defines the name of the DHCP address pool and
enters DHCP address pool configuration mode.
N/A
Description
service dhcp
Use this command to enable the DHCP server and the DHCP relay on the device in global
configuration mode. Use the no form of this command to disable the DHCP server and the DHCP
relay agent.
service dhcp
no service dhcp
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The DHCP server and the DHCP relay agent are disabled by default.
Command
Global configuration mode
Mode
Usage Guide
The DHCP server can assign the IP addresses to the clients automatically and provide them with the
network configuration information such as the configuration information about the DNS server and
default gateway. The DHCP relay can forward the DHCP requests to other servers, and the returned
DHCP responses to the DHCP client, serving as the relay for DHCP packets.
Configuration
The following example enables the DHCP server and the DHCP relay agent on the device.
Examples
Ruijie(config)# service dhcp
Related
Command
Commands
Platform
Description
show ip dhcp server statistics
N/A
Description
Shows various statistics information of the
DHCP server.
Command Reference
DHCP Commands
clear ip dhcp binding
Use this command to clear the DHCP binding table in privileged user mode.
clear ip dhcp binding { * | ip-address }
Parameter
Parameter
Description
Description
*
Deletes all DHCP bindings.
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
This command can only clear the automatic DHCP binding, but the manual DHCP binding can be
deleted by the no ip dhcp pool command.
Configuration
The following example clears the DHCP binding with the IP address 192.168.12.100.
Examples
Ruijie# clear ip dhcp binding 192.168.12.100
Related
Command
Description
Commands
show ip dhcp binding
Shows the address binding of the DHCP server.
Platform
N/A
Description
clear ip dhcp conflict
Use this command to clear the DHCP address conflict record in privileged user mode.
clear ip dhcp conflict { * | ip-address }
Parameter
Parameter
Description
Description
*
Deletes all DHCP address conflict records.
ip-address
Defaults
N/A
Command
Privileged user mode
Deletes the conflict record of the specified IP
addresses.
Mode
Usage Guide
The DHCP server uses the ping session to detect the address conflict, while the DHCP
client uses the address resolution protocol (ARP) to detect the address conflict. The
clear ip dhcp conflict command can be used to delete the history conflict record.
Command Reference
DHCP Commands
Configuration
The following example clears all address conflict records.
Examples
Ruijie# clear ip dhcp conflict *
Related
Command
Description
Defines the number of the packets sent by the ping
Commands
ip dhcp ping packets
operation for the detection of the address conflict when
the DHCP server assigns an IP address.
show ip dhcp conflict
Platform
Shows the address conflict that the DHCP server
detects when it assigns an IP address.
N/A
Description
clear ip dhcp server statistics
Use this command to reset the counter of the DHCP server in privileged user mode.
clear ip dhcp server statistics
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
The counter of the DHCP server records the entries of the DHCP address pool, automatic binding,
manual binding and expired binding. Furthermore, it also collects statistics about the number of sent
and received DHCP packets. The clear ip dhcp server statistics command can be used to delete
the history counter record and restart the statistics collecting.
Configuration
The following example clears the statistics record of the DHCP server.
Examples
clear ip dhcp server statistics
Related
Command
Description
Commands
show ip dhcp server statistics
Shows the statistics record of the DHCP server.
Platform
N/A
Description
Command Reference
DHCP Relay Commands
DHCP Relay Commands
ip dhcp relay check server-id
Use this command to enable the ip dhcp relay check server-id function. Use the no form of this
command to disable the ip dhcp relay check server-id function.
ip dhcp relay check server-id
no ip dhcp relay check server-id
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The ip dhcp relay check server-id function is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
Use this command to select the destination DHCP server according to server-id option when
forwarding a DHCP request. If this comand is not configured, the DHCP request is forwarded to all
DHCP servers.
Configuration
The following example enables the ip dhcp relay check server-id function.
Examples
Ruijie# configure terminal
Ruijie(config)# ip dhcp relay check server-id
Related
Commands
Platform
Command
Description
service dhcp
Enables the DHCP Relay.
This command is only supported by the switches.
Description
ip dhcp relay information option dot1x
Use this command to enable the dhcp option dot1x function of DHCP relay.
Use the no form of the command to disable the dhcp option dot1x function.
ip dhcp relay information option dot1x
no ip dhcp relay information option dot1x
Parameter
Parameter
Description
Command Reference
DHCP Relay Commands
Description
N/A
N/A
Defaults
The dhcp option dot1x function is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
It is necessary to enable the DHCP Relay, and combine with the 802.1x related configuration to
configure this command.
Configuration
The following example enables the DHCP option dot1x function on the device.
Examples
Ruijie# configure terminal
Ruijie(config)# ip dhcp relay information option dot1x
Related
Commands
Command
Description
service dhcp
Enables the DHCP Relay.
ip dhcp relay information
Configures the option dot1x acl.
option dot1x access-group
Platform
This command is only supported by switches.
Description
ip dhcp relay information option dot1x access-group
Use this command to configure the ACL associated with the DHCP relay option dot1x. Use the no
form of this command to disable the ACL associated with the DHCP relay option dot1x.
ip dhcp relay information option dot1x access-group acl-name
no ip dhcp relay information option dot1x access-group acl-name
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
No ACL is associated by default.
Command
Global configuration mode
Mode
Usage Guide
Ensure that the ACL does not conflict with the existing ACE of the configured ACL on the interface.
Configuration
The following example enables the dhcp option dot1x acl function.
Examples
Ruijie# configure terminal
Command Reference
DHCP Relay Commands
Ruijie(config)# ip access-list extended DenyAccessEachOtherOfUnauthrize
Ruijie(config-ext-nacl)# permit ip any host 192.168.3.1
//Permit sending the packets to the gateway.
Ruijie(config-ext-nacl)# permit ip any host 192.168.4.1
Ruijie(config-ext-nacl)# permit ip any host 192.168.5.1
Ruijie(config-ext-nacl)# permit ip host 192.168.3.1 any
// Permit the communication between the packets whose source IP address is that
of the gateway.
Ruijie(config-ext-nacl)# permit ip host 192.168.4.1 any
Ruijie(config-ext-nacl)# permit ip host 192.168.5.1 any
Ruijie(config-ext-nacl)# deny ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255
//Deny the exchange between the unauthenticated users.
Ruijie(config-ext-nacl)#
deny
ip
192.168.3.0
0.0.0.255
192.168.4.0
deny
ip
192.168.3.0
0.0.0.255
192.168.5.0
deny
ip
192.168.4.0
0.0.0.255
192.168.4.0
deny
ip
192.168.4.0
0.0.0.255
192.168.5.0
deny
ip
192.168.5.0
0.0.0.255
192.168.5.0
deny
ip
192.168.5.0
0.0.0.255
192.168.3.0
deny
ip
192.168.5.0
0.0.0.255
192.168.4.0
0.0.0.255
Ruijie(config-ext-nacl)#
0.0.0.255
Ruijie(config-ext-nacl)#
0.0.0.255
Ruijie(config-ext-nacl)#
0.0.0.255
Ruijie(config-ext-nacl)#
0.0.0.255
Ruijie(config-ext-nacl)#
0.0.0.255
Ruijie(config-ext-nacl)#
0.0.0.255
Ruijie(config-ext-nacl)# exit
Ruijie(config)#
ip
dhcp
relay
information
option
dot1x
access-group
DenyAccessEachOtherOfUnauthrize
Related
Commands
Command
Description
service dhcp
Enables DHCP relay.
ip dhcp relay information
option dot1x
Platform
Enables the DHCP option dot1x function.
This command is only supported by switches.
Description
ip dhcp relay information option82
Use this command to configure to enable the option82 function of DHCP relay. Use the no form of
this command to disable the function.
ip dhcp relay information option82
Command Reference
DHCP Relay Commands
no ip dhcp relay information option82
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The option82 function of DHCP relay is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
This function is exclusive with the option dot1x function.
Configuration
The following example enables the option82 function on the DHCP relay.
Examples
Ruijie# configure terminal
Ruijie(config)# Ip dhcp relay information option82
Related
Commands
Platform
Command
Description
service dhcp
Enables the DHCP Relay.
ip dhcp relay information option dot1x
Enables the DHCP option dot1x function.
This command is only supported by switches.
Description
ip dhcp relay suppression
Use this command to enable the DHCP relay suppression function on a specified interface. Use the
no form of this command to disable ththis function.
ip dhcp relay suppression
no ip dhcp relay suppression
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The function is disabled by default.
Command
Interface configuration mode
Mode
Usage Guide
After this command is executed, the system will not relay the DHCP request message on the
interface.
Command Reference
DHCP Relay Commands
Configuration
The following example enables the DHCP relay suppression function on interface 1.
Examples
Ruijie# configure terminal
Ruijie(config)# interface fastEthernet 0/1
Ruijie(config-if)# ip dhcp relay suppression
Ruijie(config-if)# exit
Ruijie(config)#
Related
Commands
Platform
Command
Description
service dhcp
Enables the DHCP relay.
This command is only supported by switches.
Description
ip helper-address
Use this command to add the IP address of a DHCP server. Use the no form of this command to
delete the IP address of the DHCP server.
The server address can be configured in global configuration mode or interface configuration mode.
ip helper-address [ vrf vrf-name ]A.B.C.
no ip helper-address [ vrf vrf-name ]A.B.C.
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
No server address is configured by default.
Command
Global configuration mode, or interface configuration mode
Mode
Usage Guide
Up to 20 DHCP server can be configured globally or on each layer-3 interface.
If the DHCP server address is not configured on the interface, the DHCP relay uses the address of
the global DHCP server. If the DHCP address is configured on the interface, the DHCP relay uses the
configured server address.
For the vrf parameter, the global configuration and interface-based configuration are slightly different.
In global configuration mode, if the vrf parameter is not specified, the default address of the current
server does not belong to any vrf. In interface-based configuration, if the vrf parameter is not
specified, the current default server and port configurations belong to the same vrf.
Configuration
The following example:
Examples
1. Configures the IP address for the global server to 192.168.1.1.
2. Configures the IP address for the vrf instance-based server delp1 to 192.168.2.1.
Ruijie# configure terminal
Command Reference
DHCP Relay Commands
Ruijie(config)# ip helper-address 192.168.1.1
Ruijie(config)# ip helper-address vrf dep1 192.168.2.1
Related
Commands
Platform
Command
Description
service dhcp
Enables the DHCP relay.
N/A
Description
service dhcp
Use this command to enable the DHCP relay in global configuration mode. Use the no form of this
command to disable this function.
no service dhcp
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
This function is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
The DHCP relay can forward the DHCP request to other servers and the DHCP response packets to
the DHCP client, serving as the relay for DHCP packets.
Configuration
The following configuration example enables the DHCP relay.
Examples
Ruijie# configure terminal
Ruijie(config)# service dhcp
Related
Commands
Platform
Description
Command
Description
ip helper-address
Adds the IP address of an DHCP server.
N/A
Command Reference
DHCP Snooping Commands
DHCP Snooping Commands
clear ip dhcp snooping binding
Use this command to delete the dynamic user information from the DHCP snooping binding
database.
clear ip dhcp snooping binding [mac | vlan vlan-id | ip | interface interface-id ]
Parameter
Description
Parameter
Description
mac
MAC address of the specified user to be deleted.
vlan-id
VLAN ID of the specified user to be deleted.
ip
IP address of the specified user to be deleted.
interface-id
Interface where the specified user to be deleted belongs.
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Usage Guide
If users want to clear the current dynamic user information from the DHCP snooping binding
database, use this command.
Configuration
The following example demonstrates how to clear the dynamic database information from the DHCP
Examples
snooping binding database.
Ruijie# clear ip dhcp snooping binding
Ruijie# show ip dhcp snooping binding
Total number of bindings: 0
MacAddress IpAddress Lease(sec) Type VLAN Interface
---------- ---------- ---------- -------- ---- ---------
Related
Commands
Command
show ip dhcp snooping binding
Platform
Description
N/A.
Description
Show the information of the DHCP snooping
binding database.
Command Reference
DHCP Snooping Commands
ip dhcp snooping
Use this command to enable the DHCP snooping function globally. The no form of this command will
disable the DHCP snooping function globally.
ip dhcp snooping
no ip dhcp snooping
Parameter
Description
Parameter
Description
N/A.
N/A.
Defaults
Disabled
Command
Global configuration mode
Mode
Usage Guide
Enable the DHCP snooping function on the switch. You can use the show ip dhcp snooping
command to view whether the DHCP snooping function is enabled.
DHCP Snooping cannot coexist with private VLAN.
Configuration
The following is an example of enabling the DHCP snooping function.
Examples
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status: ENABLE
DHCP snooping Verification of hwaddr field status: DISABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
DHCP Snooping Support Bootp bind status: ENABLE
Interface
Trusted
------------------------
Related
Commands
Command
show ip dhcp snooping
Platform
Description
N/A.
Rate limit (pps)
-------
---------------
Description
View the configuration information of DHCP
snooping.
Command Reference
DHCP Snooping Commands
ip dhcp snooping bootp-bind
Use this command to enable DHCP snooping bootp bind function. The no form of this command will
disable the function.
ip dhcp snooping bootp-bind
no ip dhcp snooping bootp-bind
Parameter
Description
Parameter
Description
N/A.
N/A.
Defaults
Disabled
Command
Global configuration mode.
Mode
Usage Guide
By default, the DHCP Snooping only forwards Bootp packets. With this function enabled, it can snoop
Bootp packets. After the Boop client requests an address successfully, the DHCP Snooping adds the
Bootp user to the static binding database.
Configuration
The following example enables the DHCP snooping bootp bind function.
Examples
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping bootp-bind
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status :ENABLE
Verification of hwaddr field status :DISABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
DHCP snooping Support Bootp bind status: ENABLE
Interface
Trusted
------------------------
Related
Commands
Platform
-------
Rate limit (pps)
------------
Command
Description
show ip dhcp snooping
Show the configuration of the DHCP snooping.
N/A.
Description
ip dhcp snooping database write-delay
Use this command to configure the switch to write the dynamic user information of the DHCP
Command Reference
DHCP Snooping Commands
snooping binding database into the flash periodically. The no form of this command will disable this
function
ip dhcp snooping database write-delay time
\
Parameter
Description
no ip dhcp snooping database write-delay time
Parameter
Description
The interval at which the system writes the dynamic user information
of the DHCP snooping database into the flash. The range is from 600
time
to 86400 seconds.
Defaults
Disabled
Command
Global configuration mode.
Mode
Usage Guide
This function can avoid loss of user information after restart. In that case, users need to obtain IP
addresses again for normal communication.
Configuration
The following is an example of setting interval at which the switch writes the user information into the
Examples
flash as 3600s:
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping database write-delay 3600
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status: ENABLE
DHCP snooping Verification of hwaddr field status: ENABLE
DHCP snooping database write-delay time: 3600
DHCP snooping option 82 status: DISABLE
DHCP Snooping Support Bootp bind status: ENABLE
Interface
Trusted
------------------------
Related
Commands
Rate limit (pps)
-------
Command
show ip dhcp snooping
Platform
---------------
Description
View the configuration information of the DHCP
snooping.
N/A.
Description
ip dhcp snooping database write-to-flash
Use this command to write the dynamic user information of the DHCP binding database into flash in
Command Reference
DHCP Snooping Commands
real time.
ip dhcp snooping database write-to-flash
Parameter
Description
Parameter
Description
N/A.
N/A.
Defaults
N/A.
Command
Global configuration mode.
Mode
Usage Guide
Use this command to write the dynamic user information of the DHCP binding database into flash in
real time.
Configuration
The following is an example of writing the dynamic user information of the DHCP binding database
Examples
into flash.
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping database write-to-flash
Ruijie(config)# end
Ruijie#
Related
Commands
Platform
Command
Description
N/A.
N/A.
N/A.
Description
ip dhcp snooping information option
Use this command to add option82 to the DHCP request message. The no form of this command
disables this function.
ip dhcp snooping information option [ standard-format ]
no ip dhcp snooping information option [ standard-format ]
Parameter
Description
Parameter
Description
standard-format
The option82 uses the standard format.
Defaults
Disabled.
Command
Global configuration mode.
Mode
Command Reference
Usage Guide
DHCP Snooping Commands
This command adds option82 to the DHCP request message based on which the DHCP server
assigns IP address.
Configuration
Add option82 to the DHCP request message:
Examples
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping information option
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status
:
ENABLE
DHCP snooping Verification of hwaddr status
:
ENABLE
DHCP snooping database write-delay time
:
0
DHCP snooping option 82 status
:
DISABLE
DHCP Snooping Support Bootp bind status: ENABLE
Interface
Trusted
------------------------ -------
Related
Commands
Platform
Rate limit (pps)
----------------
Command
Description
show ip dhcp snooping
Show the configuration of the DHCP Snooping.
N/A.
Description
ip dhcp snooping trust
Use this command to set the ports of the switch as trusted ports. The no form of this command sets
the ports as untrust ports.
ip dhcp snooping trust
no ip dhcp snooping trust
Parameter
Description
Parameter
Description
N/A.
N/A.
Defaults
All ports are untrust ports.
Command
Interface configuration mode.
Mode
Usage Guide
Use this command to set the port as trust port. The DHCP response messages received under the
trust port are forwarded normally, but the response messages received under the untrust port will be
discarded.
Command Reference
DHCP Snooping Commands
Configuration
The following is an example of setting fastEthernet 0/1 as a trust port:
Examples
Ruijie# configure terminal
Ruijie(config)# interface fastEthernet 0/1
Ruijie(config-if)# ip dhcp snooping trust
Ruijie(config-if)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status: ENABLE
DHCP snooping Verification of hwaddr field status: DISABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
DHCP Snooping Support Bootp bind status:ENABLE
Interface
Trusted
-----------------
-------
FastEthernet0/1 yes
Related
Commands
---------------unlimited
Command
Description
View the configuration information of the DHCP
show ip dhcp snooping
Platform
Rate limit (pps)
snooping.
N/A.
Description
ip dhcp snooping verify mac-address
Use this command to check whether the source MAC address of the DHCP request message
matches against the client addr field of the DHCP message. The no form of this command disables
this function.
ip dhcp snooping verify mac-address
no ip dhcp snooping verify mac-address
Parameter
Description
Parameter
Description
N/A.
N/A.
Defaults
Disabled.
Command
Global configuration mode.
Mode
Usage Guide
Use this command to enable checking the validity of the source MAC address of the DHCP request
message. Once the function is enabled, the system will discard the DHCP request message that fails
to pass the source MAC address check.
Command Reference
DHCP Snooping Commands
Configuration
The following is an example of enabling the check of the source MAC address of the DHCP request
Examples
message.
Ruijie# configure terminal
Ruijie(config)# ip dhcp snooping verify mac-address
Ruijie(config)# end
Ruijie# show ip dhcp snooping
Switch DHCP snooping status: ENABLE
Verification of hwaddr field status: ENABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
DHCP Snooping Support Bootp bind status: ENABLE
Interface
Related
Commands
Trusted
Rate limit (pps)
Command
Description
View the configuration information of the DHCP
show ip dhcp snooping
Platform
snooping.
N/A.
Description
show ip dhcp snooping
Use this command to view the setting of the DHCP snooping.
show ip dhcp snooping
Parameter
Description
Parameter
Description
N/A.
N/A.
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A.
Configuration
Show the information of DHCP Snooping.
Examples
Ruijie# show ip dhcp snooping
Switch DHCP snooping status :ENABLE
Verification of hwaddr field status :DISABLE
DHCP snooping database write-delay time: 0 seconds
DHCP snooping option 82 status: ENABLE
Command Reference
DHCP Snooping Commands
DHCP snooping Support Bootp bind status: ENABLE
Related
Commands
Interface
Trusted
Rate limit (pps)
------------------------
-------
------------
Command
Description
ip dhcp snooping
Enable the DHCP snooping globally.
ip dhcp snooping verify mac-address
DHCP Snooping packets.
Set the interval of writing user information to
ip dhcp snooping write-delay
FLASH periodically.
ip dhcp snooping information option
ip dhcp snoooping bootp-bind
Add option82 to the DHCP request message.
Enable
the
DHCP
snooping
function.
Set the port as a trust port.
ip dhcp snooping trust
Platform
Enable the check of source MAC address of
N/A.
Description
show ip dhcp snooping binding
Use this command to view the information of the DHCP snooping binding database.
show ip dhcp snooping binding
Parameter
Description
Parameter
Description
N/A.
N/A.
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A.
Configuration
Show the information of the DHCP Snooping binding database.
Examples
Ruijie# show ip dhcp snooping binding
Total number of bindings: 1
MacAddress
IpAddress Lease Type VLAN Interface
00d0.f801.0101 192.168.1.1 - static 1 fastethernet 0/1
Related
Commands
Command
Description
bootp
bind
Command Reference
ip dhcp snooping binding
clear ip dhcp snooping binding
Platform
Description
N/A.
DHCP Snooping Commands
Add the static user information to the DHCP
Snooping database.
Clear the dynamic user information from the
DHCP snooping binding database.
Command Reference
DNS Module Commands
DNS Module Commands
ip domain-lookup
Use this command to enable the DNS to carry out the domain name resolution. Use the no form of
this command to disable the DNS domain name resolution function.
ip domain-lookup
no ip domain-lookup
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Enabled
Command
Global configuration mode.
Mode
Usage Guide
This command enables the domain name resolution function.
Configuration
The following example enables the DNS domain name resolution function.
Examples
Ruijie(config)# ip domain-lookup
Related
Commands
Command
Description
Shows
show hosts
Platform
the
DNS
related
configuration
information.
N/A
Description
ip name-server
Use this command to configure the IP address of the domain name server. Use the no form of this
command to delete the configured domain name server.
ip name-server { ip-address | ipv6-address }
no ip name-server [ ip-address | ipv6-address ]
Parameter
Description
Parameter
Description
ip-address
The IP address of the domain name server.
Command Reference
ipv6-address
Defaults
N/A
Command
Global configuration mode.
DNS Module Commands
The IPv6 address of the domain name server.
Mode
Usage Guide
Add the IP address of the DNS server. Once this command is executed, the equipment will add a
DNS server. When the device cannot obtain the domain name from a DNS server, it will attempt to
send the DNS request to subsequent servers until it receives a response.
Up to 6 DNS servers are supported. You can delete a DNS server with the ip-address option or all the
DNS servers.
Configuration
Ruijie(config)# ip name-server 192.168.5.134
Examples
Ruijie(config)# ip name-server
2001:0DB8::250:8bff:fee8:f800 2001:0DB8:0:f004::1
Related
Commands
Command
Description
Shows
show hosts
Platform
the
DNS
related
configuration
information.
N/A
Description
ip host
Use this command to configure the mapping of the host name and the IP address by manual. Use the
no form of the command to remove the host list.
ip host host-name ip-address
no ip host host-name ip-address
Parameter
Description
Parameter
Description
host-name
The host name of the equipment, in the maximum of 255 characters.
ip-address
The IP address of the equipment
Defaults
N/A
Command
Global configuration mode.
Mode
Usage Guide
To delete the host list, use the no ip host host-name ip-address command.
Command Reference
Configuration
DNS Module Commands
Ruijie(config)# ip host switch 192.168.5.243
Examples
Related
Commands
Command
Description
Shows
show hosts
Platform
the
DNS
related
configuration
information.
N/A
Description
clear host
Use this command to clear the dynamically learned host name in privileged user mode.
clear host [ host-name ]
Parameter
Description
Parameter
host-name
Defaults
N/A
Command
Privileged EXEC mode.
Description
Deletes the dynamically learned host. “*” denotes to clear all the
dynamically learned host names.
Mode
Usage Guide
You can obtain the mapping record of the host name buffer table in two ways: 1) the ip host static
configuration, 2) the DNS dynamic learning. Execute this command to delete the host name records
learned by the DNS dynamically.
Configuration
Examples
The following configuration will delete the dynamically learned mapping records from the host
name-IP address buffer table.
clear host *
Related
Commands
Platform
Description
Command
Description
show hosts
Shows the host name buffer table.
N/A
Command Reference
DNS Module Commands
show hosts
Use this command to display DNS configuration.
show hosts [ hostname ]
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Show the DNS related configuration information.
Configuration
Ruijie# show hosts
Examples
Name servers are:
192.168.5.134 static
Related
Commands
Host
type
Address
switch
static
192.168.5.243
---
www.ruijie.com
dynamic
192.168.5.123
126
Command
ip host
ipv6 host
ip name-server
Platform
Description
N/A
TTL(sec)
Description
Configures the host name and IP address
mapping by manual.
Configures the host name and IPv6 address
mapping by manual.
Configures the DNS server.
Command Reference
SNTP Commands
SNTP Commands
sntp enable
Use this command to enable the Simple Network Time Protocol (SNTP). Use the no form of this
command to restore the default value Disable.
sntp enable
no sntp enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
SNTP is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
This command shows SNTP parameters.
Configuration
Ruijie(config)# sntp enable
Examples
Related
Commands
Command
Description
show sntp
Shows the SNTP configuration.
Synchronizes the software clock with the
clock update-calendar
hardware clock.
Sets the software clock.
clock set
Platform
N/A
Description
sntp interval
Use this command to set the interval for the SNTP Client to synchronize its clock with the NTP/SNTP
Server.
sntp interva seconds
no sntp interval
Parameter
Parameter
Description
Command Reference
SNTP Commands
Description
Synchronization interval in the range 60 to 65535 seconds
seconds
Defaults
The interval is 1800 seconds by default.
Command
Global configuration mode
Mode
Usage Guide
The show sntp command shows SNTP parameters.
The interval will take effect after the sntp enable command is executed.
Configuration
Ruijie(config)# sntp interval 3600
Examples
Related
Commands
Command
Description
sntp enable
Enables SNTP.
show sntp
Shows the SNTP configuration.
Synchronizes the software clock with the
clock update-calendar
Platform
hardware clock.
N/A
Description
sntp server
Use this command to set the SNTP server. You can configure the SNTP server as the public NTP
server on the Internet, since SNTP is completely compatible with NTP.
sntp server ip-address
no sntp server
Parameter
Description
Parameter
ip-address
Description
IP address of the NTP/SNTP server.
Defaults
No NTP/SNTP server is configured by default.
Command
Global configuration mode
Mode
Usage Guide
The show sntp command shows SNTP parameters.
Command Reference
Configuration
SNTP Commands
Ruijie(config)# sntp server 192.168.4.12
Examples
Related
Commands
Platform
Command
Description
show sntp
Shows the SNTP configuration status.
sntp enable
Enables SNTP.
N/A
Description
show sntp
Use this command to show SNTP parameters.
show sntp
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged mode
Mode
Usage Guide
This command shows SNTP parameters.
Configuration
Ruijie# show sntp
Examples
SNTP state
: Enable
SNTP server
: 192.168.4.12
SNTP sync interval
: 60
Time zone
: +8
Related
Commands
Platform
Description
Command
Description
sntp enable
Enables SNTP.
show sntp
Shows the SNTP parameters.
N/A
Command Reference
NTP Commands
NTP Commands
no ntp
Use this command to disable the ntp synchronization service with the time server and clear all
configuration information of ntp.
no ntp
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The NTP service is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
By default, the NTP service is disabled. However, the NTP service will be enabled once the NTP
server or the NTP security identification mechanism is configured.
Configuration
The following example disables the NTP service.
Examples
Ruijie(config)# no ntp
Related
Commands
Platform
Command
Description
ntp server
Specifies the NTP server.
N/A
Description
ntp access-group
Use this command to configure the access control priority of the NTP service. Use the no form of this
command to cancel the access control priority.
ntp access-group { peer | serve | serve-only | query-only } access-list-number | access-list-name
no ntp access-group { peer | serve | serve-only | query-only } access-list-number |
access-list-name
Parameter
Description
Parameter
Description
peer
Allows the time request for, control and query for the local NTP
Command Reference
NTP Commands
service, as well as time synchronization between the local device and
the peer device (full access permission).
Allows the time request for, and control and query for the local NTP
service, but not time synchronization between the local device and
serve
the peer device
serve-only
Allows the time request for the time of local NTP service.
query-only
Allows the control and query for the local NTP service.
access-list-number
access-list-name
Number of the IP access control list (ACL), in the range 1 to 99 and
1300 to 1999.
Name of the IP ACL
Defaults
No NTP access control rule is configured by default.
Command
Global configuration mode
Mode
Usage Guide
Use this command to configure the access control priority of the NTP service. The NTP services
access control function provides a minimal security measure (the more secure way is to use the NTP
authentication mechanism).
When an access request arrives, the NTP service matches the rules in accordance from the smallest
to the largest to access restriction, and the first matched rule shall prevail. The matching order is
peer, serve, serve-only, and query-only.
The control and query function is not supported in the current system. Although it
matches with the order in accordance with the preceding rules, requests related to the
control and query function are not supported.
If you do not configure any access control rules, all accesses are allowed. Once the
access control rules are configured, only the rule that allows access can be carried out.
Configuration
The following example shows how to allow the peer device in acl1 to control, query, request for, and
Examples
synchronize the time with the local device; and limit the peer device in acl2 to request the time for the
local device:
Ruijie(config)# ntp access-group peer 1
Ruijie(config)# ntp access-group serve-only 2
Related
Commands
Command
Description
ip access-list
Creates the IP access control list.
Command Reference
Platform
NTP Commands
N/A
Description
ntp authenticate
Use this command to enable NTP authentication globally.
ntp authenticate
no ntp authenticate
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Global NTP authentication is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
If the global security identification mechanism is not used, the synchronization communication is not
encrypted. To enable encrypted communication on the server, enable the security identification
mechanism and configure other keys globally.
The authentication standard is that the trusted key has been specified by ntp authentication-key
and ntp trusted-key.
Configuration
The following example enables the authentication mechanism after an authentication key is
Examples
configured and specified as the global trusted key.
Ruijie(config)# ntp authentication-key 6 md5 wooooop
Ruijie(config)# ntp trusted-key 6
Ruijie(config)# ntp authenticate
Related
Commands
Platform
Command
Description
ntp authentication-key
Sets the global authentication key.
ntp trusted-key
Configures the global trusted key.
N/A
Description
ntp authentication-key
Use this command to configure a global NTP authentication key for the NTP service.
ntp authentication-key key-id md5 key-string [ enc-type ]
no ntp authentication-key key-id
Command Reference
Parameter
Description
NTP Commands
Parameter
Description
key-id
Key ID
key-string
Key string
(Optional) Whether this key is encrypted.
enc-type
0 indicates the key is not encrypted, and 7 indicates the key is
encrypted simply.
Defaults
N/A
Command
Global configuration mode
Mode
Usage Guide
Configure the global authentication key and adopt md5 for encryption. Each key has unique key-id.
You can use the ntp trusted-key to set the key of key-id as the global trusted key.
At most 1024 keys are allowed. However, each server can support only one key.
Configuration
The following example configures an authentication key with ID 6.
Examples
Ruijie(config)# ntp authentication-key 6 md5 wooooop
Related
Commands
Command
Description
Enables
ntp authenticate
Platform
the
global
security
mechanism.
ntp trusted-key
Configures the global trusted key.
ntp server
Specifies an NTP server.
N/A
Description
ntp disable
Use this command to disable the function of receiving the NTP packet on the interface.
ntp disable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The NTP packet is received on the interface by default.
Command
Interface configuration mode
identification
Command Reference
NTP Commands
Mode
Usage Guide
The NTP packet received on any interface can be provided to the client to perform the clock
adjustment by default. The function can shield the NTP packet received from the corresponding
interface.
Note: This command takes effect only for the interface whose IP address can be configured to receive
and send packets.
Configuration
The following example disables the function of receiving the NTP packet on the interface.
Examples
Ruijie(config)# no ntp disable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ntp server
Use this command to specify an NTP server for the NTP client.
ntp server ip-addr [ version version ] [ source if-name ] [ key keyid ] [ prefer ]
no ntp server ip-addr
Parameter
Description
Parameter
Description
ip-addr
Sets the IP address of the NTP server. IPv4 and IPv6 are supported.
version
if-name
keyid
prefer
(Optional) Specifies the version (1-3) of NTP. The default version is
NTPv3.
(Optional) Specifies the source interface from which the NTP packet
is sent (Layer 3 interface).
(Optional) Specifies the encryption key adopted in communication
with the corresponding server.
(Optional) Specifies the corresponding server as the Prefer server.
Defaults
No NTP server is configured by default.
Command
Global configuration mode
Mode
Usage Guide
Currently, Ruijie system only acts as clients that can synchronize time from a maximum of 20 servers.
To initiate the encrypted communication with the server, set the global encryption key and global
trusted key firstly, and then specify the corresponding key as the trusted key of the server to launch
the encrypted communication of the server. To complete the encrypted communication with the
Command Reference
NTP Commands
server, the server should have the identical global encryption key and global trust key.
In the same condition (for instance, precision), the prefer clock is used for synchronization.
Note that the NTP-packet-sending source interface is configured with the IP address and can
communicate with the corresponding NTP server.
Configuration
The following example configures the network device as the NTP server.
Examples
IPv4 configuration: Ruijie(config)# ntp server 192.168.210.222
IPv6 configuration: Ruijie(config)# ntp server 10::2
Related
Commands
Platform
Command
Description
no ntp
Disables the NTP service.
This command is unavailable on some devices that do not support this function.
Description
ntp synchronize
Use this command to perform real-time synchronization.
ntp synchronize
no ntp synchronize
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Global configuration mode
Mode
Usage Guide
Eight consecutive packets are synchronized for the first synchronization between the client and the
server. Follow-up NTP synchronization occurs automatically every one minute. To manually
implement real-time synchronization during the auto-synchronization interval, you can use this
command.
Configuration
The following example implement NTP real-time synchronization.
Examples
Ruijie(config)# ntp synchronize
Related
Commands
Command
ntp server
Description
Specifies an NTP server and implements
synchronization.
Command Reference
Platform
NTP Commands
This command is supported only by specific products.
Description
ntp trusted-key
Use this command to set a key corresponding to an ID as the global trusted key.
ntp trusted-key key-id
no ntp trusted-key key-id
Parameter
Description
Parameter
Description
key-id
Global trusted key ID
Defaults
No trusted key is configured by default.
Command
Global configuration mode
Mode
Usage Guide
The NTP communication parties must use the same trusted key. To improve security, the key is
identified by ID and is not transmitted.
Configuration
The following example configures an authentication key and sets it as the trusted key of
Examples
corresponding server.
Ruijie(config)# ntp authentication-key 6 md5 wooooop
Ruijie(config)# ntp trusted-key 6
Ruijie(config)# ntp server 192.168.210.222 key 6
Related
Commands
Command
ntp authenticate
Platform
Description
Enables
the
security
authentication
mechanism.
ntp authentication-key
Sets the NTP authentication key.
ntp server
Specifies an NTP server.
N/A
Description
ntp update-calendar
Use this command to update the calendar for the NTP client using the time synchronized from an
external clock source. Use the no form of this command to disable the update-calendar function
ntp update-calendar
no ntp update-calendar
Command Reference
Parameter
Description
NTP Commands
Parameter
Description
N/A
N/A
Defaults
The NTP update-calendar function is not configured by default.
Command
Global configuration mode
Mode
Usage Guide
This function enables NTP clients to update the calendars of devices periodically using the time
synchronized from an external clock source. The calendar of the device is still available even if the
device is shut down or reset.
By default, the NTP update-calendar function is not configured. After configuration, the NTP client
updates the calendar every time the time synchronization of external clock source is successful.
Configuration
The following example configures the NTP update-calendar function.
Examples
Ruijie(config)# ntp update-calendar
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
debug ntp
Use this command to show NTP debugging information.
debug ntp
no debug ntp
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
This function is disabled by default.
Command
Privileged user mode
Mode
Usage Guide
Use this command to debug the NTP service, export necessary debugging information for failure
diagnosis and troubleshooting.
Command Reference
NTP Commands
Configuration
The following example enables NTP debugging.
Examples
Ruijie(config)# debug ntp
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show ntp status
Use this command to show the NTP information.
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged mode
Mode
Usage Guide
If the NTP service of the system is enabled, the command shows existing NTP information. This
command will display no information until the synchronization server is added for the first time.
Configuration
The following example shows the existing NTP information of the system.
Examples
Ruijie# show ntp status
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
FTP Server Commands
FTP Server Commands
debug ftp server
Use this command to enable outputting the debugging messages in the FTP server. Use the no form
of this command to disable this function.
debug ftpserve
no debug ftpserver
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled
Command
Privileged user mode.
Mode
Usage Guide
Use this command to display the detailed debugging information during FTP server operation.
Configuration
The following example shows how to enable outputting the debugging messages in the FTP Server:
Examples
Ruijie# debug ftpserver
FTPSRV_DEBUG:(RECV)
SYST
FTPSRV_DEBUG:(REPLY) 215 RGOS Type: L8
FTPSRV_DEBUG:(RECV)
PORT 192,167,201,82,7,120
FTPSRV_DEBUG:(REPLY) 200 PORT Command okay.
The following example shows how to disable outputting the debugging messages in the FTP Server:
Ruijie# no debug ftpserver
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ftp-server enable
Use this command to enable the FTP server. Use the no form of this command to disable the FTP
server.
Command Reference
FTP Server Commands
ftp-server enable
no ftp-server enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled
Command
Global configuration mode.
Mode
Usage Guide
This command is used to enable the FTP server to connect the FTP client to upload/download the
files.
To enable the FTP client to access to the FTP server files, this command shall be
co-used with the ftp-server topdir command.
Configuration
The following example shows how to enable the FTP Server and make the FTP client access to the
Examples
syslog content only:
Ruijie(config)# ftp-server topdir /syslog
Ruijie(config)# ftp-server enable
The following example shows how to disable the FTP Server:
Ruijie(config)# no ftp-server enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ftp-server password
Use this command to set the login password for the FTP server. Use the no form of this command to
cancel the password configuration.
ftp-server password [ type ] password
no ftp-server password
Command Reference
Parameter
Description
FTP Server Commands
Parameter
Description
Define the encryption type of the password: 0 or 7. The default type is
0.
type
0 indicates the password is not encrypted.
7 indicates the password is encrypted.
The login password for the FTP server.
password
Defaults
By default, there is no password.
Command
Global configuration mode.
Mode
Usage Guide
For the FTP server, the login username and the login password must be configured to verify the client
connection. One password can be set at most.
The password must include the letter or number. The space in front of / behind the password is
allowed, but it is ignored. While the space in the middle of the password is a part of password.
The minimum and maximum lengths of the plain-text password are 1 character and 25 characters.
The minimum and maximum lengths of the encrypted password are 4 characters and 52 characters
respectively.
The encrypted password is generated by plain-text password encryption and its format must comply
with the encryption specification. If the encrypted password is used for the setting, the client must use
the corresponding plain-text password for the purpose of successful login.
Null password is not supported by the FTP server. Without the password configuration,
the client fails to pass the identity verification of the server.
Configuration
The following example shows how to set the plain-text password as pass:
Examples
Ruijie(config)# ftp-server password pass
OR:
Ruijie(config)# ftp-server password 0 pass
The following example shows how to set the cipher-text password as 8001:
Ruijie(config)# ftp-server password 7 8001
The following example shows how to delete the password configuration:
Ruijie(config)# no ftp-server password
Related
Commands
Command
Description
N/A
N/A
Command Reference
Platform
FTP Server Commands
N/A
Description
ftp-server timeout
Use this command to set the FTP session idle timeout. Use the no form of this command to restore
the idle timeout to the default value 30 minutes
ftp-server timeout time
no ftp-server timeout
Parameter
Description
Parameter
Description
time
Set the session idle timeout, in minutes. The valid range is 1-3600.
Defaults
Default time is 30 minutes.
Command
Global configuration mode.
Mode
Usage Guide
Use this command to set the FTP session idle timeout. If the session is idle, the FTP server deems
the session connection is invalid and disconnects with the user.
The session idle time refers to the time for the FTP session between two FTP operations
Configuration
The following example shows how to set the session idle timeout as 5m:
Examples
Ruijie(config)# ftp-server timeout 5
The following example shows how to restore the session idle timeout to the default value 30m
Ruijie(config)# no ftp-server timeout
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
FTP Server Commands
ftp-server topdir
Use this command to set the directory range for the FTP client to access to the FTP server files. Use
the no form of this command to prevent the FTP client from accessing to the FTP server files.
ftp-server topdir directory
no ftp-server topdir
Parameter
Description
Parameter
Description
directory
Set the top-directory.
Defaults
By default, no top-directory is configured.
Command
Global configuration mode.
Mode
Usage Guide
The FTP server top directory specifies the directory range of the files accessed by the client. Can the
FTP client accesses to the files on the FTP server with the top directory correctly specified.
Without this command configured, FTP client fails to access to any file or directory on the FTP server.
Configuration
The following example shows how to enable the FTP Server and make the FTP client access to the
Examples
syslog content only:
Ruijie(config)# ftp-server topdir /syslog
Ruijie(config)# ftp-server enable
The following example shows how to remove the top-directory configuration:
Ruijie(config)# no ftp-server topdir
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ftp-server username
Use this command to set the login username for the FTP server. Use the no form of this command to
cancel the username configuration.
ftp-server username username
no ftp-server username
Parameter
Parameter
Description
Command Reference
FTP Server Commands
Description
Set the login username.
username
Defaults
By default, no username is set.
Command
Global configuration mode
Mode
Usage Guide
Use this command to set the login username for the FTP server. To log in to the FTP server, the
correct username and password shall be provided.
The maximum length of the username is 64 characters and the spaces are not allowed in the middle
of the username. The username consists of letters, semiangle number and semiangle mark. One
username can be configured for the FTP server at most.
The anonymous user login is not supported on the FTP server. The client fails to pass
the identity verification if the username is removed.
Configuration
The following example shows how to set the username as user:
Examples
Ruijie(config)# ftp-server username user
The following example shows how to remove the username configuration:
Ruijie(config)# no ftp-server username
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show ftp-server
Use this command to show the status information of the FTP server.
show ftp-server
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
N/A
Command Reference
Command
FTP Server Commands
Privileged EXEC mode
Mode
Usage Guide
The FTP server status information includes:

Enabled/Disabled server

The control connection is set up or not (the related IP, Port are shown)

The data connection is set up or not (the related IP, Port and the working mode are shown)

The current file transmission type

The login username and password

The FTP server top directory

The session idle timeout setting
Configuration
The following example shows the related status information of the FTP server:
Examples
Ruijie# show ftp-server
ftp-server information
=======================================
enable : Y
topdir : /
timeout: 20min
username config : Y
password config : Y
type: BINARY
control connect : Y
ftp-server: ip=192.167.201.245 port=21
ftp-client: ip=192.167.201.82 port=4978
port data connect : Y
ftp-server: ip=192.167.201.245 port=22
ftp-client: ip=192.167.201.82 port=4982
passive data connect : N
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
UDP-Helper Module Commands
UDP-Helper Module Commands
ip forward-protocol
Use this command to configure the User Datagram Protocol (UDP) port to enable relay forwarding.
Use the no form of this command to disable forwarding on the UDP port.
ip forward-protocol udp [ port | tftp | domain | time | netbios-ns | netbios-dgm | tacacs ]
no ip forward-protocol udp [ port | tftp | domain | time | netbios-ns | netbios-dgm | tacacs ]
Parameter
Description
Parameter
Description
Port where relay forwarding is enabled. If this parameter is not
port
specified, the broadcast packet from the ports 69, 53, 37, 137, 138,
and 49 will be forwarded by default.
Specified by Trivial File Transfer Protocol(69).
tftp
If this parameter is specified, the broadcast packet from port 69 is
relayed and forwarded.
Specified by Domain Name System(53).
domain
If this parameter is specified, the broadcast packet from port 53 is
forwarded.
Specified by Time service(37).
time
If this parameter is specified, the broadcast packet from port 37 is
forwarded.
Specified by NetBIOS Name Service(137).
netbios-ns
If this parameter is specified, the broadcast packet from port 137 is
forwarded.
Specified by NetBIOS Datagram Service(138).
netbios-dgm
If this parameter is specified, the broadcast packet from port 138 is
forwarded.
Specified by TAC Access Control System(49).
tacacs
If this parameter is specified, the broadcast packet from port 49 is
forwarded.
Defaults
No UDP port for forwarding is configured by default.
Command
Global configuration mode
Mode
Usage Guide
Enabling UDP-Helper means to forward the broadcast packet of the UDP ports 69, 53, 37, 137, 138,
and 49 without any additional configuration, by default.
Command Reference
Configuration
UDP-Helper Module Commands
Ruijie(config)# ip forward-protocol udp 134
Examples
Related
Commands
Command
Description
Enables the forwarding of the UDP broadcast
udp-helper enable
packet.
Configures the UDP port to enalbe relay
ip forward-protocol
Platform
forwarding.
N/A
Description
ip helper-address
Use this command to configure the destination server which the UDP broadcast packet will be
forwarded to. Use the no form of this command to delete the destination server.
ip helper-address address
no ip helper-address address]
Parameter
Description
Parameter
address
Defaults
N/A
Command
Interface configuration mode
Description
IP address of the destination server in the dotted decimal format.
Each interface supports up to 20 server addresses.
Mode
Usage Guide
Up to 20 destination servers can be configured on an interface. If the destination server is configured
on an interface and UDP-Helper is enabled, the broadcast packet of the specified port received from
this interface will be sent to the destination server configured on this interface in unicast form.
Use the no ip helper-address command to remove the destination server.
Configuration
#Configure the destination server where the UDP broadcast packet will be forwarded to.
Examples
Ruijie(config-if)# ip helper-address 192.168.100.1
Related
Commands
Command
ip forward-protocol
Platform
N/A
Description
Enables the forwarding function on the UDP
port.
Command Reference
UDP-Helper Module Commands
Description
udp-helper enable
Use this command to enable relay forwarding for the UDP broadcast packet. Use the no form of this
command to disable this function.
udp-helper enable
no udp-helper enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The relay and forwarding of the UDP broadcast packet is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
Enable the forwarding function of UDP-Helper. The UDP broadcast packets from the port 69, 53, 37,
137, 138, and 49 are relayed and forwarded by default.
Configuration
#Enable the UDP forwarding function.
Examples
Ruijie(config)# udp-helper enable
Related
Commands
Command
ip forward-protocol
Platform
Description
N/A
Description
Enables the forwarding function on the UDP
port.
Command Reference
SNMP Commands
SNMP Commands
no snmp-server
Use this command to disable the SNMP agent function in global configuration mode.
no snmp-server
Parameter
Description
Defaults
Command
mode
Parameter
Description
N/A
N/A
The SNMP agent function is disabled.
Global configuration mode
Usage Guide
This command disables the SNMP agent services of all Versions supported on the device.
Configuration
The following example disables the SNMP agent service.
Examples
Ruijie(config)# no snmp-server
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
snmp-server chassis-id
Use this command to specify the SNMP system serial number in global configuration mode. Use the
no form of this command to restore it to the initial value.
snmp-server chassis-id text
no snmp-server chassis-id
Parameter
Description
Defaults
Parameter
Description
text
Text of the system serial number, digits or characters.
The default serial number is 60FF60.
Command Reference
Command
mode
Usage Guide
SNMP Commands
Global configuration mode
The SNMP system serial number is generally the serial number of the machine to facilitate the device
identification. The serial number can be viewed by the show snmp command.
Configuration
The following example specifies the SNMP system serial number as 123456:
Examples
Ruijie(config)# snmp-server chassis-id 123456
Related
Commands
Platform
Description
Command
Description
show snmp
Shows the SNMP statistics.
N/A
snmp-server community
Use this command to specify the SNMP community access string in global configuration mode. Use
the no form of this command to cancel the specified SNMP community access string.
snmp-server community string [ view view-name ] [ [ ro | rw ] [ host ipaddr ] [ ipv6 ipv6-aclname ]
[ aclnum ] [ aclname ]
no snmp-server community string
Parameter
Description
Parameter
string
Description
Community string, which is equivalent to the communication
password between the NMS and the SNMP agent
view-name
Name of the view used for view-based management
ro
Indicates that the NMS can only read the variables of the MIB.
rw
Indicates that the NMS can read and write the variables of the MIB.
Serial number of the ACL,
aclnum
which is associated with a specified
access list, specifies the IPV4 address range of the NMS that are
permitted to access the MIB.
Name of the ACL, which is associated with a specified access list,
aclname
specifies the IPV4 address range of the NMS that are permitted to
access the MIB.
Name of the IPv6 ACL, which is associated with a specified access
ipv6-aclname
list, specifies the IPv6 address range of the NMS that are permitted to
access the MIB
ipaddr
Specifies IP address of the NMS accessing the MIB, which is
associated with NMS addresses.
Command Reference
Defaults
Command
mode
Usage Guide
SNMP Commands
All communities are read only by default.
Global configuration mode
This command is the first important command to enable the SNMP agent function. It specifies the
community attribute, range of the NMSs that can access the MIB, and more.
To disable the SNMP agent function, run the no snmp-server command.
Configuration
The following example restricts the access to the MIB using the access list, which allows only the
Examples
NMS of the IP address 192.168.12.1 to access the MIB.
Ruijie(config)# access-list 2 permit 192.168.12.1
Ruijie(config)# access-list 2 deny any
Ruijie(config)# snmp-server community public ro 2
Related
Commands
Platform
Description
Command
Description
access-list
Defines the access list.
N/A
snmp-server contact
Use this command to specify the SNMP system contact in global configuration mode. Use the no
form of this command to delete the system contact.
snmp-server contact text
no snmp-server contact
Parameter
Description
Defaults
Command
mode
Parameter
Description
text
Character string describing the system contact.
N/A
Global configuration mode
Usage Guide
N/A
Configuration
The following example specifies the SNMP system contract to i-net800@i-net.com.cn:
Command Reference
Examples
Related
Commands
Platform
Description
SNMP Commands
Ruijie(config)# snmp-server contact i-net800@i-net.com.cn
Command
Description
show snmp-server
Checks the SNMP information.
N/A
snmp-server enable traps
Use this command to enable the SNMP server to actively send the SNMP Trap massage to NMS
when some emergent and important events occur in global configuration mode. Use the no form of
this command to disable the SNMP server to actively send the SNMP Trap massage to NMS.
snmp-server enable traps [ snmp ]
no snmp-server enable traps
Parameter
Description
Defaults
Command
mode
Usage Guide
Parameter
Description
snmp
Enables the trap notification of SNMP events.
The Trap notification is disabled by default.
Global configuration mode
This command must work with the global configuration command snmp-server host to send the
SNMP Trap message.
Configuration
The following example enables the SNMP server to actively send the SNMP Trap message.
Examples
Ruijie(config)# snmp-server enable traps snmp
Ruijie(config)# snmp-server host 192.168.12.219 public snmp
Related
Commands
Platform
Description
Command
Description
snmp-server host
Specifies the SNMP host
N/A
Command Reference
SNMP Commands
snmp-server group
Use this command to set the SNMP user group in the global configuration mode. The no form of this
command is used to remove the user group.
snmp-server group groupname { v1 | v2c | v3 { auth | noauth | priv } } [ read readview ] [ write
writeview ] [ access { ipv6 ipv6-aclname | aclnum | aclname } ]
no snmp-server group groupname { v1 | v2c | v3 { auth | noauth | priv } }
Parameter
Description
Parameter
Description
v1 | v2c | v3
Specifies SNMP Version.
auth
noauth
priv
Authenticates the messages transmitted by the user group without
encryption. This applies to only SNMPv3.
Neither authenticate nor encrypt the messages transmitted by the
user group. This applies only to SNMPv3.
Authenticates and encrypts the messages transmitted by the user
group. This applies only to SNMPv3.
readview
Associates with a read-only view.
writeview
Associates with a read-write view.
Serial number of the ACL,
aclnum
which is associated with a specified
access list, specifies the IPV4 address range of the NMS that are
permitted to access the MIB.
Name of the ACL, which is associated with a specified access list,
aclname
specifies the IPV4 address range of the NMS that are permitted to
access the MIB.
Name of the IPv6 ACL, which is associated with a specified access
ipv6_aclname
list, specifies the IPv6 address range of the NMS that are permitted to
access the MIB
Defaults
Command
mode
No user group is set by default.
Global configuration mode
Usage Guide
None
Configuration
The following example sets a user group.
Examples
Ruijie(config)# snmp-server group mib2user v3 priv read mib2
Related
Commands
Command
Description
show snmp group
Shows the SNMP user group configuration.
Command Reference
Platform
Description
SNMP Commands
N/A
snmp-server host
Use this command to specify the SNMP host (NMS) to send the trap message in global configuration
mode. Use the no form of this command to remove the specified SNMP host.
snmp-server host { host-addr | ipv6 ipv6-addr } [ vrf vrfname ] [ traps ] [ version { 1 | 2c | 3 { auth |
noauth | priv } ] community-string [ udp-port port-num ] [ notification-type ]
no snmp-server host { host-addr | ipv6 ipv6-addr } [ vrf vrfname ] [ traps ] [ version { 1 | 2c | 3
{ auth | noauth | priv } ] community-string [ udp-port port-num ]
Parameter
Description
Defaults
Parameter
Description
host-addr
SNMP host address
ipv6-addr
SNMP host address(ipv6)
vrfname
Sets the name of vrf forwarding table
Version
SNMP Version: V1, V2C or V3
auth | noauth | priv
Security level of SNMPv3 users
community-string
Community string or username (SNMPv3 Version)
port-num
Port of the SNMP host
notification-type
The type of the SNMP trap message sent actively, such as snmp.
No SNMP host is specified by default.
If no type of the SNMP trap message is specified, all types of the SNMP trap message are included.
Command
mode
Usage Guide
Global configuration mode
This command must work with the snmp-server enable traps command in global configuration
mode to actively send the SNMP trap messages to NMS.
You can configure multiple SNMP hosts to receive the SNMP Trap messages. One host can use
different combinations of the types of the SNMP trap message, different ports and different VRF
forwarding tables, but the last configuration for the same host (same port, same VRF configuration)
will overwrite the previous configurations. In other words, to send different SNMP trap messages to
the same host, different combination of SNMP trap messages have to be configured.
Configuration
The following example specifies an SNMP host to receive the SNMP event trap:
Examples
Ruijie(config)# snmp-server host 192.168.12.219 public snmp
Related
Commands
Command
Description
snmp-server enable traps
Enables to send the SNMP trap message.
Command Reference
Platform
Description
SNMP Commands
N/A
snmp-server location
Use this command to set the SNMP system location information in global configuration mode. Use
the no form of this command to remove the specified SNMP system location information.
snmp-server location text
no snmp-server location
Parameter
Description
Defaults
Command
mode
Parameter
Description
text
Character string describing the system information
Null
Global configuration mode
Usage Guide
N/A
Configuration
The following example specifies the system information:
Examples
Ruijie(config)# snmp-server location start-technology-city 4F of A Buliding
Related
Commands
Platform
Description
Command
Description
snmp-sever contact
Specifies the system contact information.
N/A
snmp-server packetsize
Use this command to specify the maximum size of the SNMP packet in global configuration mode.
Use the no form of this command to restore it to the default value.
snmp-server packetsize byte-count
no snmp-server packetsize
Parameter
Description
Parameter
Description
byte-count
Packet size in the range from 484 to 17876 bytes
Command Reference
Defaults
Command
mode
SNMP Commands
1472 bytes.
Global configuration mode
Usage Guide
None
Configuration
The following example specifies the maximum SNMP packet size as 1,492 bytes:
Examples
Ruijie(config)# snmp-server packetsize 1492
Related
Commands
Command
Description
Specifies the length of the SNMP trap message
snmp-server queue-length
Platform
Description
queue.
N/A
server queue-length
Use this command to specify the length of the SNMP trap message queue in global configuration
mode.
snmp-server queue-length length
Parameter
Description
Defaults
Parameter
Description
length
Queue length in the range from 1 to 1000
10.
Command
mode
Global configuration mode
Usage Guide
The SNMP trap message queue is used to store the SNMP trap messages. This command can be
used to adjust the size of the SNMP trap message queue to control the speed to sending the SNMP
trap messages.
The maximum speed to send messages is 4 messages per second.
Configuration
The following example specifies the speed to send the trap message as 4 messages per second:
Examples
Ruijie(config)# snmp-server queue-length 4
Related
Commands
Command
Description
snmp-server packetsize
Specifies the maximum size of the SNMP
Command Reference
SNMP Commands
packet.
Platform
Description
N/A
snmp-server system-shutdown
Use this command to enable the SNMP system restart notification function in global configuration
mode. Use the no form of this command to disable the SNMP system notification function.
snmp-server system-shutdown
no snmp-server system-shutdown
Parameter
Description
Defaults
Command
mode
Usage Guide
Parameter
Description
N/A
N/A
The SNMP system restart notification function disabled by default.
Global configuration mode
This command is used to enable the SNMP system restart notification function. The RGOS sends the
SNMP trap messages to the NMS to notify the system restart before the device is reloaded or
rebooted.
Configuration
The following example enables the SNMP system restart notification function:
Examples
Ruijie(config)# snmp-server system-shutdown
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
snmp-server trap-source
Use this command to specify the source address of the SNMP trap message in global configuration
mode. Use the no form of this command to restore it to the default value.
snmp-server trap-source interface
no snmp-server trap-source
Parameter
Parameter
Description
Command Reference
SNMP Commands
Description
interface
Defaults
Command
mode
Usage Guide
Interface used as the source of the SNMP trap message.
The IP address of the interface where the NMP message is sent from is used as the source address.
Global configuration mode
The IP address of the interface where the NMP message is sent from is just the source address by
default. For easy management and identification, this command can be used to fix a local IP address
as the SNMP source address.
Configuration
The following example specifies the IP address of Ethernet interface 0/1 as the source of the SNMP
Examples
trap message:
Ruijie(config)# snmp-server trap-source fastethernet 0/1
Related
Commands
Command
Description
Enables the sending of the SNMP trap
snmp-server enable traps
message.
Specifies the NMS host.
snmp-server enable host
Platform
Description
N/A
snmp-server trap-timeout
Use this command to define the retransmission timout time of the SNMP trap message in the global
configuration mode. The no form of this command is used to restore it to the default value.
snmp-server trap-timeout seconds
no snmp-server trap-timeout
Parameter
Description
Defaults
Command
mode
Parameter
Description
seconds
Timeout period (in seconds) in the range from 1 to 1000.
30 seconds.
Global configuration mode
Usage Guide
N/A
Configuration
The following example specifies the timeout period as 60 seconds.
Command Reference
Examples
Related
Commands
SNMP Commands
Ruijie(config)# snmp-server trap-timeout 60
Command
Description
Specifies the length of the SNMP trap message
snmp-server queue-length
queue.
Specifies the NMS host
snmp-server enable host
Platform
Description
N/A
snmp-server user
Use this command to set the SNMP user in global configuration mode. Use the no form of this
command to delete the user.
snmp-server user username groupname { v1 | v2 | v3 [ encrypted ] [ auth { md5 | sha }
auth-password ] [ priv des56 priv-password ] } [ access { [ ipv6 ipv6_aclname ] [ aclnum |
aclname } ] ]
no snmp-server user username groupname { v1 | v2c | v3 }
Parameter
Description
Parameter
Description
username
User name
groupname
Group name of the user.
v1 | v2 | v3
SNMP Version. But only SNMPv3 supports the following security
parameters.
Input the password in cipher text mode.
In cipher text mode, input consecutive HEX alphanumeric characters.
encrypted
Note that the authentication password of MD5 has a length of 16
bytes, while that of SHA has a length of 20 bytes. Two characters
make a byte. The encrypted key can only be used by the local SNMP
engine on the switch.
auth
md5
Specifies whether to use the authentication.
Enables the MD5 authentication protocol. While the sha enables the
SHA authentication protocol.
Password string (no more than 32 characters) used by the
auth-password
authentication protocol. The system will change the password to the
corresponding authentication key.
priv
Specifies whether to use the encryption. des56 refers to 56-bit DES
encryption protocol.
Password string (no more than 32 characters) used for encryption.
priv-password
The system will change the password to the corresponding
encryption key.
Command Reference
SNMP Commands
Serial number of the ACL, which is associated with the specified
aclnum
access list, specifies the IPV4 address range of the NMS that are
permitted to access the MIB.
Name of the ACL, which is associated with the specified access list,
aclname
specifies the IPV4 address range of the NMS that are permitted to
access the MIB.
Name of the IPv6 ACL, which is associated with the specified access
ipv6_aclname
list, specifies the IPv6 address range of the NMS that are permitted to
access the MIB.
Defaults
Command
mode
No user is set by default.
Global configuration mode
Usage Guide
N/A
Configuration
The following example configures an SNMPv3 user with MD5 authentication and DES encryption:
Examples
Ruijie(config)# snmp-server user user-2 mib2user v3 auth md5 authpassstr priv
des56 despassstr
Related
Commands
Platform
Description
Command
Description
show snmp user
Shows the SNMP user configuration.
N/A
snmp-server view
Use this command to set an SNMP view in global configuration mode. Use the no form of this
command to delete the view.
snmp-server view view-name oid-tree { include | exclude }
no snmp-server view view-name [ oid-tree ]
Parameter
Description
Parameter
Description
view-name
View name
oid-tree
The MIB object associated with the view is an MIB sub tree.
include
Indicates that the sub trees of the MIB object are included in the view.
exclude
Indicates that the sub trees of the MIB object are excluded from the
view.
Command Reference
Defaults
Command
mode
SNMP Commands
A default view is set to access all MIB objects by default.
Global configuration mode
Usage Guide
None
Configuration
The following example sets a view that includes all MIB-2 sub-trees (oid is 1.3.6.1).
Examples
Ruijie(config)# snmp-server view mib2 1.3.6.1 include
Related
Commands
Platform
Description
Command
Description
show snmp view
Shows the view configuration.
N/A
snmp trap link-status
For this command, refer to the INTF-CREF.doc
Parameter
Description
Defaults
Command
mode
Usage Guide
Configuration
Examples
Related
Commands
Platform
Description
Parameter
Description
N/A
N/A
Refer to the INTF-CREF.doc.
Refer to the INTF-CREF.doc.
Refer to the INTF-CREF.doc.
Refer to the INTF-CREF.doc
Command
Description
N/A
N/A
N/A
Command Reference
SNMP Commands
show snmp
Use this comand to show the SNMP status information in privileged user mode.
show snmp [ mib | user | view | group | host ]
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
N/A
Command
mode
Privileged user mode
Usage Guide
show snmp: Show the SNMP statistics.
show snmp mib: Show the SNMP MIBs supported in the system.
show snmp user: Show the SNMP user information.
show snmp view: Show the SNMP view information.
show snmp group: Show the SNMP user group information.
Show snmp host: show the display information configured by users.
Configuration
The following example shows an SNMP statistics:
Examples
Ruijie# show snmp
Chassis: 60FF60
0 SNMP packets input
0 Bad SNMP Version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
SNMP global trap: disabled
SNMP logging: disabled
SNMP agent: enabled
Command Reference
Related
Commands
Platform
Description
SNMP Commands
Command
Description
snmp-server chassis-id
Specifies the SNMP system serial number.
N/A
Command Reference
IPv6 Commands
IPv6 Commands
clear ipv6 neighbors
Use this command to clear the dynamically learned neighbors.
clrear ipv6 neighbors [ vrf vrf-name ]
Parameter
Parameter
Description
Description
vrf-name
VRF name
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
This command can be used to clear all the neighbors dynamically learned by the neighbor
discovering. Note that the static neighbors will not be cleared.
Configuration
Ruijie# clear ipv6 neighbors
Examples
Related
Command
Description
Commands
ipv6 neighbor
Configure the neighbor.
show ipv6 neighbors
Show the neighbor information.
Platform
N/A
Description
ipv6 address
Use this command to configure an IPv6 address for a network interface. Use the no form of this
command to delete the configured address.
ipv6 address ipv6-address/prefix-length
ipv6 address ipv6-prefix/prefix-length eui-64
ipv6 address prefix-name sub-bits/prefix-length [ eui-64 ]
no ipv6 address
no ipv6 address ipv6-address/prefix-length
no ipv6 address ipv6-prefix/prefix-length eui-64
no ipv6 address prefix-name sub-bits/prefix-length [ eui-64 ]
Parameter
Parameter
Description
Command Reference
Description
iipv6-prefix
IPv6 Commands
IPv6 address prefix in the format defined in RFC4291. The address
shall be in hex; the fields in the address shall be separated by comma,
and each field shall contain 16 bits.
ipv6-address
IPv6 address in the format defined in RFC4291. The address shall be
in hex; the fields in the address shall be separated by comma, and
each field shall contain 16 bits.
prefix-length
Length of the IPv6 prefix, the network address of the IPv6 address.
prefix-name
The general prefix name. Use the specified general prefix to generate
the interface address.
sub-bits
The value of the sub-prefix bit and the host bit generates the interface
address combining with the general prefix. The value shall be in the
format defined in the RFC4291.
eui-64
The generated IPV6 address consists of the address prefix and the 64
bit interface ID
Defaults
N/A
Command
Interface configuration mode
Mode
Usage Guide
When an IPv6 interface is created and the link status is UP, the system will automatically generate a
local IP address for the interface.
The IPv6 address could also be generated using the general prefix. That is, the IPv6 address consists
of the general prefix and the sub-prefix and the host bit. The general prefix could be configured using
the ipv6 general-prefix command or may be learned through the DHCPv6 agent PD (Prefix
Discovery) function (please refer to the DHCPv6 Configuration). Use the sub-bits/prefix-length
parameter of this command to configure the sub-prefix and the host bit.
If no deleted address is specified when using no ipv6 address, all the manually configured
addresses will be deleted.
no ipv6 address ipv6-prefix/prefix-length eui-64 can be used to delete the addresses configured with
ipv6 address ipv6-prefix/prefix-length eui-64.
Configuration
Ruijie(config-if)# ipv6 address 2001:1::1/64
Examples
Ruijie(config-if)# no ipv6 address 2001:1::1/64
Ruijie(config-if)# ipv6 address 2002:1::1/64 eui-64
Ruijie(config-if)# no ipv6 address 2002:1::1/64 eui-64
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
Command Reference
IPv6 Commands
ipv6 address autoconfig
Use this command to automatically configure an IPv6 stateless address for a network interface. Use
the no form of this command to delete the auto-configured address.
ipv6 address autoconfig[default]
no ipv6 address autoconfig
Parameter
Parameter
Description
Description
default
(Optional) If this keyword is configured, a default routing is generated. Note that only
one layer3 interface on the entire device is allowed to use the default keyword
Defaults
N/A
Command
Interface configuration mode
Mode
Usage Guide
The stateless automatic address configuration is that when receiving the RA (Route Advertisement)
message, the device could use the prefix information of the RA message to automatically generate
the EUI-64 interface address.
If the RA message contains the flag of the “other configurations”, the interface will obtain these “other
configurations” through the DHCPv6. The “other configurations” usually means the IPv6 address of
the DNS server, the IPv6 address of the NTP server, etc.
Use the no ipv6 address autoconfig command to delete the IPv6 address.
Configuration
Ruijie(config-if)# ipv6 address autoconfig default
Examples
Ruijie(config-if)# no ipv6 address autoconfig
Related
Command
Description
Commands
ipv6 address ipv6-prefix/prefix-length [eui-64]
Configure the IPv6 address for the interface
manually.
Platform
N/A
Description
ipv6 enable
Use this command to enable the IPv6 function on an interface. Use the no form of this command to
disable this function.
ipv6 enable
no ipv6 enable
Parameter
Parameter
Description
Description
N/A
N/A
Command Reference
IPv6 Commands
Defaults
Disabled.
Command
Interface configuration mode.
Mode
Usage Guide
The IPv6 function of an interface can be enabled by configuring ipv6 enable or by configuring IPv6
address for the interface.
If an IPv6 address is configured for the interface, the IPv6 function will be enabled
automatically on the interface and cannot be disabled with no ipv6 enable.
Configuration
Ruijie(config-if)# ipv6 enable
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the related information of an interface.
Platform
N/A
Description
ipv6 general-prefix
Use this command to configure the IPv6 general prefix in the global configuration mode.
ipv6 general-prefix prefix-name ipv6-prefix/prefix-length
no ipv6 general-prefix prefix-name ipv6-prefix/prefix-length
Parameter
Parameter
Description
Description
prefix-name
The general prefix name.
pv6-prefix
The network prefix value of the general-prefix following the
format defined in RFC4291.
prefix-length
Defaults
N/A
Command
Global configuration mode.
The length of the general prefix.
Mode
Usage Guide
It is convenient to number the network by using the general prefix, which defines a prefix so that many
longer specified prefixes could refer to it. These specified prefixes are updated whenever the general
prefix changes. If the network number changes, just modify the general prefix.
Command Reference
IPv6 Commands
A general prefix could contain multiple prefixes.
These longer specified prefixes are usually used for the Ipv6 address configuration on the interface.
Configuration
The following example configures manually a general prefix as my-prefix.
Examples
Ruijie(config)# ipv6 general-prefix my-prefix 2001:1111:2222::/48
Related
Command
Description
Commands
ipv6 address prefix-name
Configure the interface address using the general prefix.
sub-bits/prefix-length
show ipv6 general-prefix
Platform
Show the general prefix.
N/A
Description
ipv6 hop-limit
Use this command to configure the default hop count to send unicast messages in the global
configuration mode.
ipv6 hop-limit value
no ipv6 hop-limit
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The default is 64.
Command
Global configuration mode.
Mode
Usage Guide
This command takes effect for the unicast messages only, not for multicast messages.
Configuration
Ruijie(config)# ipv6 hop-limit 100
Examples
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
ipv6 nd dad attempts
Use this command to set the number of the NS packets to be continuously sent for IPv6 address
Command Reference
IPv6 Commands
collision check on the interface. Use the no form of this command to restore it to the default setting.
ipv6
no
Parameter
Description
Parameter
value
Description
Number of the NS packets. If it is set to 0, it indicates that the IPv6
address collision check is disabled on the interface. The range is 0 to 600.
Defaults
1.
Command
Interface configuration mode.
Mode
Usage Guide
When the interface is configured with a new IPv6 address, the address collision shall be checked
before the address is assigned to the interface, and the address shall be in the ”tentative” status. After
the address collision check is completed, if no collision is detected, the address can be used
normally; if collision is detected and the interface ID of the address is an EUI-64 ID, it indicates that
the link-layer address is repeated, and the system will automatically shut down the interface (that is,
to prohibit IPv6 operations on the interface). In this case, you shall modify and configure a new
address manually, and restart address collision check for the down/up interface. Whenever the state
of an interface changes from down to up, the address collision check function of the interface will be
enabled.
Configuration
Ruijie(config-if)# ipv6 nd dad attempts 3
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
Platform
N/A
Description
ipv6 nd managed-config-flag
Use this command to set the “managed address configuration” flag bit of the RA message. Use the
no form of this command to remove the setting.
ipv6 nd managed-config-flag
no ipv6 nd managed-config-flag
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
None.
Command Reference
IPv6 Commands
Command
Mode
Interface configuration mode.
Usage Guide
This flag determines whether the host that receives the RA message obtains an IP address through
stateful auto configuration. If the flag is set, the host obtains an IP address through stateful auto
configuration, otherwise it does not be used.
Configuration
Ruijie(config-if)# ipv6 nd managed-config-flag
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
ipv6 nd other-config-flag
Set the flag for obtaining all information except IP address
through stateful auto configuration.
Platform
N/A
Description
ipv6 nd ns-interval
Use this command to set the interval for the interface to retransmitting NS (Neighbor Solicitation). Use
the no form of this command to restore it to the default setting.
ipv6 nd ns-interval milliseconds
no ipv6 nd ns-interval
Parameter
Parameter
Description
Description
milliseconds
Interval for retransmitting NS in the range of 1000 to 429467295 milliseconds
Defaults
The default value in RA is 0 (unspecified); the interval for retransmitting NS is 1000ms(1s).
Command
Interface configuration mode.
mode
Usage Guide
The configured value will be advertised through RA and will be used by the device itself. It is not
recommended to set a too short interval.
Configuration
Ruijie(conifig-if)# ipv6 nd ns-interval 2000
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
Platform
N/A
Description
Command Reference
IPv6 Commands
ipv6 nd other-config-flag
Use this command to set “other stateful configuration” flag bit of the RA message. Use the no form of
this command to delete the flag bit.
ipv6 nd other-config-flag
no ipv6 nd other-config-flag
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The flag bit is not set by default.
Command
Interface configuration mode.
mode
Usage Guide
With this flag bit set, the flag bit of the RA message sent by the device is set. After receiving this flag
bit, the host uses the dhcpv6 to acquire the information excluding the IPv6 address for the purpose of
automatic configuration. When the managed address configuration is set, the default other
stateful configuration is also set
Configuration
Ruijie(config-if)# ipv6 nd other-config-flag
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
Platform
N/A
Description
ipv6 nd prefix
Use this command to configure the address prefix included in the RA. Use the no form of this
command to delete the set prefix or restore it to the default setting.
ipv6 nd prefix { ipv6-prefix/prefix-length | default } [ [ valid-lifetime preferred-lifetime ] | [ at valid-date
preferred-date ] | [infinite | preferred-lifetime ] ] [no-advertise] | [[ off-link ] [ no-autoconfig ] ]
no ipv6 nd prefix { ipv6-prefix/prefix-length | default } [ [ off-link ] [ no-autoconfig ] |
[ no-advertise ] ]
Parameter
Parameter
Description
Description
ipv6-prefix
IPv6 network ID following the format defined in RFC4291
prefix-length
Length of the IPv6 prefix. “/” shall be added in front of the prefix
valid-lifetime
Valid lifetime of the RA prefix received by the host
preferred-lifetime
Preferred lifetime of the RA prefix received by the host
Command Reference
at valid-date preferred-date
IPv6 Commands
Set the dead line for the valid lifetime and that of the preferred
lifetime, in day, month, year, hour, minute.
infinite
Indicate that the prefix is always valid.
default
Set the default prefix.
no-advertise
The prefix will not be advertised by the device.
When the host sends an IPv6 packet, if the prefix of the destination
off-link
address matches the set prefix, it is considered that the destination is
on-link and is directly reachable. If this option is set, it indicates that
the prefix is not used for on-link judgment.
no-autoconfig
Defaults
Indicate that the RA prefix received by the host cannot be used for
auto address configuration.
By default, the advertised prefix is the one set with ipv6 address on the interface. The default
parameters of the prefix configured in the RA are as follows:
valid-lifetime: 2592000s (30 days)
preferred-lifetime: 604800s (7 days),
The prefix is advertised and is used for on-link judgment and auto address configuration.
Command
Interface configuration mode.
Mode
Usage Guide
This command can be used to configure the parameters of each prefix, including whether to advertise
the prefix. By default, the prefix advertised in RA is the one set with ipv6 address on the interface. To
add other prefixes, use this command.
ipv6 nd prefix default
Set the default parameters to be used by the interface. If no parameter is specified for an added
prefix, the parameters set with ipv6 nd prefix default will be used. Note that after a parameter is
specified for the prefix, the default configuration will not be used. That is to say, the configuration of
the prefix cannot be modified with ipv6 nd prefix default; only the prefix that uses all the default
configurations can be modified with this command.
at valid-date preferred-date
The valid lifetime of a prefix can be specified in two ways. One way is to specify a fixed time for each
prefix in the RA; the other way is to specify the end time (in this mode, the valid lifetime of the prefix
sent in RA will be gradually reduced until the end time is 0).
Command Reference
IPv6 Commands
Configuration
The following example adds a prefix for SVI 1.
Examples
Ruijie(config)# interface vlan 1
Ruijie(conifig-if)# ipv6 nd prefix 2001::/64 infinite 2592000
The following example sets the default prefix parameters for SVI 1 (they cannot be used for auto
address configuration):
Ruijie(config)# interface vlan 1
Ruijie(config-if)# ipv6 prefix default no-autoconfig
If no parameter is specified, the default parameters will be used, and the prefix cannot be used for
auto address configuration.
Related
Command
Description
Commands
show ipv6 interface
Show the RA information of an interface.
Platform
N/A
Description
ipv6 nd ra-hoplimit
Use this command to set the hopcount of the RA message. Use the no form of this command to
restore it to the default setting.
ipv6 nd ra-hoplimit value
no ipv6 nd ra-hoplimit
Parameter
Parameter
Description
Description
value
Hopcount
Defaults
The default value is 64.
Command
Interface configuration mode.
Mode
Usage Guide
It is used to set the hopcount of the RA message.
Configuration
Ruijie(config -if)# ipv6 nd ra-hoplimit 110
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
ipv6 nd ra-lifetime
Set the lifetime of the device.
ipv6 nd ra-interval
Set the interval of sending the RA message.
ipv6 nd ra-mtu
Set the MTU of the RA message.
Command Reference
Platform
IPv6 Commands
N/A
Description
ipv6 nd ra-interval
Use this command to set the interval of sending the RA. Use the no form of this command to restore it
to the default setting.
ipv6 nd ra-interval { seconds | min-max min_value max_value }
no ipv6 nd ra-interva l
Parameter
Parameter
Description
Description
seconds
Interval of sending the RA message in seconds, 3-1800s.
min-max
Maximum and minimum interval sending the RA message in seconds
min_value
Minimum interval sending the RA message in seconds
max_value
Maximum interval sending the RA message in seconds
Defaults
200s. The actual interval of sending the RA message will be fluctuated 20% based on 200s.
Command
Interface configuration mode.
Mode
Usage Guide
If the device serves as the default device, the set interval shall not be longer than the lifetime of the
device. Besides, to ensure other devices along the link occupies network bandwidth while sending the
RA message, the actual interval for sending the RA message will be fluctuated 20% based on the set
value.
If the key word min-max is specified, the actual interval for sending the packet will be chosen
between the range of minimum value and maximum value.
Configuration
Ruijie(conifig-if)# ipv6 nd ra-interval 110
Examples
Ruijie(config-if)# ipv6 nd ra-interval min-max 110 120
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
ipv6 nd ra-lifetime
Set the lifetime of the device.
ipv6 nd ra-hoplimit
Set the hopfcount of the RA message.
ipv6 nd ra-mtu
Set the MTU of the RA message.
Platform
Description
N/A
Command Reference
IPv6 Commands
ipv6 nd ra-lifetime
Use this command to set the device lifetime of the RA sent on the interface. Use the no form of this
command to restore it to the default setting.
ipv6 nd ra-lifetime seconds
no ipv6 nd ra-lifetime
Parameter
Parameter
Description
Description
seconds
Default life time of the device on the interface, 0-9000.
Defaults
1800s.
Command
Interface configuration mode.
Mode
Usage Guide
The router lifetime field is available in each RA. It specifies the time during which the hosts along the
link of the interface can select the device as the default device. If the value is set to 0, the device will
not serve as the default device any longer. If it is not set to 0, it shall be larger than or equal to the
interval of sending the RA (ra-interval
Configuration
Ruijie(conifig-if)# ipv6 nd ra-lifetime 2000
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
ipv6 nd ra-interval
Set the interval of sending the RA.
ipv6 nd ra-hoplimit
Set the hopcount of the RA.
ipv6 nd ra-mtu
Set the MTU of the RA.
Platform
N/A
Description
ipv6 nd ra-mtu
Use this command to set the MTU of the RA message. Use the no form of this command to restore it
to the default setting.
ipv6 nd ra-mtu value
no ipv6 nd ra-mtu
Parameter
Parameter
Description
Description
value
MTU value, 0-4294967295.
Defaults
IPv6 MTU value of the network interface.
Command Reference
Command
IPv6 Commands
Interface configuration mode.
Mode
Usage Guide
If it is specified as 0, the RA will not have the MTU option
Configuration
Ruijie(config -if)# ipv6 nd ra-mtu 1400
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
ipv6 nd ra-lifetime
Set the lifetime of the device.
ipv6 nd ra-interval
Set the interval of sending the RA message.
ipv6 nd ra-hoplimit
Set the hopcount of the RA message.
Platform
N/A
Description
ipv6 nd reachable-time
Use this command to set the reachable time after the interface checks the reachability of the neighbor
dynamically learned through NDP. Use the no form of this command to restore it to the default
setting.
ipv6 nd reachable-time milliseconds
no ipv6 nd reachable-time
Parameter
Parameter
Description
Description
milliseconds
Reachable time for the neighbor in the range 0 to 3600000 milliseconds.
Defaults
The default value in RA is 0 (unspecified); the reachable time for the neighbor is 30000ms(30s) when
the device discovers the neighbor.
Command
Interface configuration mode.
Mode
Usage Guide
The device checks the unreachable neighbor through the set time. A shorter time means that the
device can check the neighbor failure more quickly, but more network bandwidth and device resource
will be occupied. Therefore, it is not recommended to set a too short reachable time.
The configured value will be advertised through RA and will be used by the device itself. If the value is
set to 0, it indicates that the time is not specified, that is, the default value is used.
According to RFC4861, the actual time to reach neighbor is not consistent with the configured value,
ranging from 0.5*configured value to 1.5*configured value.
Configuration
Ruijie(config-if)# ipv6 nd reachable-time 1000000
Command Reference
IPv6 Commands
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
Platform
N/A
Description
ipv6 nd suppress-ra
Use this command to disable the interface from sending the RA message. Use the no form of this
command to enable the function.
ipv6 nd suppress-ra
no ipv6 nd suppress-ra
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The RA message is not sent on the IPv6 interface by default.
Command
Interface configuration mode.
Mode
Usage Guide
This command suppresses the sending of the RA message on an interface.
Configuration
Ruijie(config-if)# ipv6 nd suppress-ra
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
Platform
N/A
Description
ipv6 neighbor
Use this command to configure a static neighbor. Use the no form of this command to remove the
setting.
ipv6 neighbor ipv6-address interface-id hardware-address
no ipv6 neighbor ipv6-address interface-id
Parameter
Parameter
Description
Description
ipv6-address
IPv6 address of the neighbor. It must follow the address format defined
Command Reference
IPv6 Commands
in RFC4291.
interface-id
Network interface of the neighbor (including routed Port, L3 AP
interface, or SVI interface).
hardware-address
Hardware address of the neighbor. It shall be a 48-bit MAC address in
the format of XXXX.XXXX.XXXX, where “X” is a hexadecimal number.
Defaults
No static neighbor is configured.
Command
Global configuration mode.
Mode
Usage Guide
Similar to the ARP command, the static neighbor can only be configured on an IPv6 protocol enabled
interface.
If the neighbor to be configured has been learned through NDP and has been stored in the neighbor
list, the dynamically generated neighbor will be automatically switched to a static one. The configured
static neighbor is always in the Reachable status.
Use clear ipv6 neighbors to clear all the neighbors dynamically learned through NDP.
Use show ipv6 neighbors to view the neighbor information.
Configuration
Ruijie(config)# ipv6 neighbor 2001::1 vlan 1 00d0.f811.1111
Examples
Related
Command
Description
Commands
show ipv6 neighbors
Show the neighbor information.
clear ipv6 neighbors
Clear the neighbors learned dynamically.
Platform
N/A
Description
ipv6 ns-linklocal-src
Use this command to set the local address of the link as the source IP address to send neighbor
requests. When no ipv6 ns-linklocal-src is executed, the global IP address will be taken as the
source address to send neighbor requests.
ipv6 ns-linklocal-src
no ipv6 ns-linklocal-src
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The local address of the link is always used as the source address to send neighbor requests.
Command
Global configuration mode.
Mode
Command Reference
IPv6 Commands
Usage Guide
None.
Configuration
Ruijie(config)# no ipv6 ns-linklocal-src
Examples
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
ipv6 redirects
Use this command to control whether to send ICMPv6 redirect message when the switch receives
and forwards an IPv6 packet through an interface. Use the no form of this command to disable the
function.
ipv6 redirects
no ipv6 redirects
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The ICMPv6 redirect message is permitted to be sent on the IPV6 interface.
Command
Interface configuration mode.
Mode
Usage Guide
The transmission rate of any ICMPv6 error message is limited. By default, it is 10pps.
Configuration
Ruijie(config-if)# ipv6 redirects
Examples
Related
Command
Description
Commands
show ipv6 interface
Show the interface information.
Platform
N/A
Description
ipv6 route
Use this command to configure an IPv6 static route. Use the no form of this command to remove the
setting.
Command Reference
IPv6 Commands
ipv6 route [ vrf vrf-name ] ipv6-prefix/prefix-length {ipv6-address [ nexthop-vrf { vrf-name1 |
default } ] | interface-id [ ipv6-address [ nexthop-vrf { vrf-name1 | default } ] ] } [distance ] [ weight
number ]
Parameter
Description
Parameter
ipv6-prefix
vrf-name
Description
IPV6 network number following the format specified in RFC4291.
prefix-length:
Length of the IPv6 prefix. “/” must be added in front of the prefix.
VRF in the routes, which must be the multi-protocol VRF with the IPv6 address
family configured.
Next-hop IP address to the destination address. It shall be in the format defined in
ipv6-address
RFC4291. The next-hop IP address and the next-hop outgoing interface can be
specified at the same time. Note that if the next-hop IP address is a link-local
address, the outgoing interface must be specified.
vrf-name1
default
VRF in the nexthop, which must be the multi-protocol VRF with the IPv6 address
family configured.
The nexthop belongs to the global.
The outgoing interface toward the destination network. If the static route is
configured with the outgoing interface but no next-hop address is specified, the
interface-id
destination address will be considered on the link connected with the outgoing
interface; that is to say, the static route will be treated as a directly-connected
route. Note that if the destination network or next-hop address is a link-local
address, the outgoing interface must be specified.
Defaults
N/A
Command
Global configuration mode.
Mode
Usage Guide
If the destination IP address or next-hop IP address is a link-local IP address, the outgoing interface
must be specified; if the destination address is a link-local IP address, the next-hop must be also a
link-local IP address. When configuring a route, the destination IP address and the next-hop IP
address shall not be a multicast address. If both the next hop IP address and the outgoing interface
are specified, the outgoing interface of the direct route that matches the next hop shall be the same
as the configured outgoing interface. 2.
Configuration
Ruijie(config)# ipv6 route 2001::/64 vlan 1 2005::1
Examples
Related
Command
Description
Commands
show ipv6 route
Show the IPv6 route information.
Platform
N/A
Description
Command Reference
IPv6 Commands
ipv6 source-route
Use this command to forward the IPv6 packet with route header. The no form of this command
disables the forwarding.
ipv6 source-route
no ipv6 source-route
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
Disabled.
Command
Global configuration mode.
Mode
Usage Guide
Because of the potential security of the header of type 0 route, it’s easy for the device to suffer from
the denial service attack. Therefore, forwarding the IPv6 packet with route header is disabled by
default. However, the IPv6 packet of route header with type 0 that destined to the local machine is
processed.
Configuration
Ruijie(config)# no ipv6 source-route
Examples
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
ping ipv6
Use this command to diagnose the connectivity of the IPv6 network.
ping ipv6 [ ipv6-address ]
Parameter
Parameter
Description
Description
ipv6-address
Destination IP address to be diagnosed.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
If no destination address is entered in the command, the user interaction mode is entered, and you
Command Reference
IPv6 Commands
can specify the parameters. The following table shows the meanings of symbols returned by the ping
command:
Signs
Meaning
!
The response to each request sent is received.
.
The response to the request sent is not received within a regulated time.
U
The device has no route to the destination host.
R
Parameter error.
F
No system resource is available.
A
The source IP address of the packet is not selected.
D
The network interface is in the Down status, or the IPv6 function is disabled on the the
interface (for example, IP address collision is detected).
?
Configuration
Unknown error
Ruijie# ping ipv6 fec0::1
Examples
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
show ipv6 general-prefix
Use this command to show the information of the general prefix.
show ipv6 general-prefix
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Use this command to show the information of the general prefix including the manually configured
and learned from the DHCPv6 agent.
Configuration
The following example shows the information of the general prefix
Examples
Ruijie# show ipv6 general-prefix
There is 1 general prefix.
Command Reference
IPv6 Commands
IPv6 general prefix my-prefix, acquired via Manual configuration
2001:1111:2222::/48
2001:1111:3333::/48
Related
Command
Description
Commands
ipv6 general-prefix
Configure the general prefix.
Platform
N/A
Description
show ipv6 interface
Use this command to show the IPv6 interface information.
show ipv6 interface [ interface-id ] [ ra-info ]
Parameter
Parameter
Description
Description
interface-id
Interface (including Ethernet interface, aggregate port, or SVI)
ra-info
Show the RA information of the interface.
Defaults
N/A v
Command
Privileged EXEC mode.
Mode
Usage Guide
Use this command to show the address configuration, ND configuration and other information of an
IPv6 interface.
Configuration
Examples
Ruijie# show ipv6 interface vlan 1
Interface vlan 1 is Up, ifindex: 2001
address(es):
Mac Address: 00:00:00:00:00:01
INET6: fe80::200:ff:fe00:1 , subnet is fe80::/64
Joined group address(es):
ff01:1::1
ff02:1::1
ff02:1::2
ff02:1::1:ff00:1
INET6: 2001::1 , subnet is 2001::/64 [TENTATIVE]
Joined group address(es):
ff01:1::1
ff02:1::1
ff02:1::2
ff02:1::1:ff00:1
Command Reference
IPv6 Commands
MTU is 1500 bytes
ICMP error messages limited to one every 10 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND retransmit interval is 1000 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds<240--160>
ND device advertisements live for 1800 seconds
The following line is included in the above information: 2001::1, subnet is 2001::/64 [TENTATIVE].
The flag bit in the [ ] following the INET6 address is explained as follows:
Flag
Meaning
ANYCAST
Indicate that the address is an anycast address.
Indicate that the DAD is underway. The address is a tentative
TENTATIVE
before the DAD is completed.
DUPLICATED
Indicate that a duplicate address exists.
DEPRECATED
Indicate that the preferred lifetime of the address expires.
NODAD
Indicate that no DAD is implemented for the address.
Indicate that the interface ID of the address is automatically
AUTOIFID
generated by the system, which is usually an EUI-64 ID.
Ruijie# show ipv6 interface vlan 1 ra-info
vlan 1: DOWN
RA timer is stopped
waits: 0, initcount: 3
statistics: RA(out/in/inconsistent): 4/0/0, RS(input): 0
Link-layer address: 00:00:00:00:00:01
Physical MTU: 1500
ND device advertisements live for 1800 seconds
ND device advertisements are sent every 200 seconds<240--160>
Flags: !M!O, Adv MTU: 1500
ND advertised reachable time is 0 milliseconds
ND advertised retransmit time is 0 milliseconds
ND advertised CurHopLimit is 64
Prefixes: (total: 1)
fec0:1:1:1::/64(Def,Auto,vltime: 2592000, pltime: 604800, flags: LA)
Description of the fields in ra-info:
Field
Meaning
Command Reference
RA timer is stopped (on)
waits
initcount
IPv6 Commands
Indicate whether the RA timer is started.
Indicate that the RS is received but the number of the responses is
not available.
Indicate the number of the RAs when the RA timer is restarted.
out: Indicate the number of the RAs that are sent.
In: Indicate the number of the RAs that are received.
RA(out/in/ inconsistent)
inconsistent: Indicate the number of the received RAs in which the
parameters are different from those contained in the RAs advertised
by the device.
RS(input)
Indicate the number of the RSs that are received.
Link-layer address
Link-layer address of the interface.
Physical MTU
Link MTU of the interface.
!M | M
!O | O
!M indicates the managed-config-flag bit in the RA is not set.
M: Conversely
!O indicates the other-config-flag bit in the RA is not set.
O: Conversely
Description of the fields of the prefix list in ra-info:
Field
Meaning
total
The number of the prefixes of the interface.
fec0:1:1:1::/64
A specific prefix.
Def
Indicate that the interfaces use the default prefix.
Auto: Indicate the prefix is automatically generated after the
Auto | CFG
interface is configured with the corresponding IPv6 address. CFG:
Indicate that the prefix is manually configured.
!Adv
Indicate that the prefix will not be advertised.
vltime
Valid lifetime of the prefix, measured in seconds.
pltime
Preferred lifetime of the prefix, measured in seconds.
L | !L
A | !A
L: Indicate that the on-link in the prefix is set.
!L: Indicate that the on-link in the prefix is not set.
A: Indicate that the auto-configure in the prefix is set. !A: It indicates
that the auto-configure in the prefix is not set.
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
Command Reference
IPv6 Commands
show ipv6 neighbors
Use this command to show the IPv6 neighbors.
show ipv6 neighbors [ vrf vrf-name ] [ verbose ] [ interface-id ] [ ipv6-address ]
show ipv6 neighbors static
Parameter
Parameter
Description
Description
verbose
Show the neighbor details.
static
Show the validity status of static neighbors.
vrf-name
VRF name
interface-id
Show the neighbors of the specified interface.
ipv6-addres
Show the neighbors of the specified IPv6 address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Show the neighbors on the SVI 1 interface:
Ruijie# show ipv6 neighbors vlan 1
IPv6 Address Linklayer Addr Interface
fa::1 00d0.0000.0002 vlan 1
fe80::200:ff:fe00:2 00d0.0000.0002 vlan 1
Show the neighbor details:
Ruijie# show ipv6 neighbors verbose
IPv6 Address Linklayer Addr Interface
2001::1 00d0.f800.0001 vlan 1
State: Reach/H Age: - asked: 0
fe80::200:ff:fe00:1 00d0.f800.0001 vlan 1
State: Reach/H Age: - asked: 0
Field
IPv6
Address
Linklayer
Addr
Interface
Meaning
IPv6 address of the Neighbor
Link address, namely, MAC address. If it is not available, incomplete is displayed.
Interface the neighbor locates.
State of the neighbor: state/H(R)
State
The values of STATE are as below:
INCMP (Incomplete): The address resolution of the neighbor is underway, the NS is
sent, but the NA is not received.
Command Reference
IPv6 Commands
REACH (Reachable): The switch is connected with the neighbor. In this state, the
switch takes no additional action when sending packets to the neighbor.
STALE: The reachable time of the neighbor expires. In this state, the switch takes no
additional action; it only starts NUD (Neighbor Unreachability Detection) after a
packet is sent to the neighbor.
DELAY: A packet is sent to the neighbor in STALE state. If the STALE state changes
to DELAY, DELAY will be changed to PROBE if no neighbor reachability notification
is received within DELAY_FIRST_PROBE_TIME seconds (5s), the NS will be sent to
the neighbor to start NUD.
PROBE: The NUD is started to check the reachability of the neighbor. The NS
packets are sent to the neighbor at the interval of RetransTimer milliseconds until the
response from the neighbor is received or the number of the sent NSs hits
MAX_UNICAST_SOLICIT(3).
?: Unknown state.
/R—indicate the neighbor is considered as a device
/H: The neighbor is a host.
The reachable time of the neighbor. ’-‘ indicates that the neighbor is always
Age
reachable. Note that the reachability of a static neighbor depends on the actual
situation. ’expired’ indicates that the lifetime of the neighbor expires, and the
neighbor is waits for the triggering of NUD.
Asked
Configuration
The number of the NSs that are sent to the neighbor for the resolution of the link
address of the neighbor.
Ruijie# show ipv6 neighbors
Examples
Related
Command
Description
Commands
ipv6 neighbor
Configure a neighbor.
Platform
N/A
Description
show ipv6 route
Use this command to show the IPv6 route information.
show ipv6 route [ vrf vrf-name ] [ static | local | connected ]
Parameter
Parameter
Description
Description
static
Show the static routes.
vrf-name
VRF name
local
Show the local routes.
connected
Show the directly-connected routes.
Command Reference
Defaults
N/A
Command
Privileged EXEC mode.
IPv6 Commands
Mode
Usage Guide
Use this command to view the routing table.
Configuration
Examples
Ruijie# show ipv6 route
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
I1 - ISIS L1, I2 - ISIS L2, IA - IIS interarea
L ::1/128
via ::1, loopback 0
C fa::/64
via ::, vlan 1
L fa::1/128
via ::, loopback 0
C 2001::/64
via ::, vlan 2
L 2001::1/128
via ::, loopback 0
L fe80::/10
via ::1, Null0
C fe80::/64
via ::, vlan 1
L fe80::200:ff:fe00:1/128
via ::, loopback 0
C fe80::/64
via ::, vlan 2
Related
Command
Description
Commands
ipv6 route
Configure a static route.
Platform
N/A
Description
show ipv6 router
In the IPv6 network, some neighbor routers send out the advertisement messages. Use this
command to show the neighbor routers and the advertisement.
show ipv6 routers [ interface-type interface-number ]
Command Reference
Parameter
Parameter
Description
interface-type
interface-number
Defaults
N/A
Command
Privileged EXEC mode.
IPv6 Commands
Description
( Optional ) Show the routing advertisement of the specified interface.
Mode
Usage Guide
Use this command to show the neighbor routers and the routing advertisement. If no interface is
specified, all the routing advertisement of this device will be displayed.
Configuration
The following example shows the IPv6 router
Examples
Ruijie# show ipv6 routers
Router FE80::2D0:F8FF:FEC1:C6E1 on VLAN 2, last update 62 sec
Hops 64, Lifetime 1800 sec, ManagedFlag=0, OtherFlag=0, MTU=1500
Preference=MEDIUM
Reachable time 0 msec, Retransmit time 0 msec
Prefix 6001:3::/64 onlink autoconfig
Valid lifetime 2592000 sec, preferred lifetime 604800 sec
Prefix 6001:2::/64 onlink autoconfig
Valid lifetime 2592000 sec, preferred lifetime 604800 sec
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
tunnel destination
Use this command to specify the destination address for the tunnel. Use the no form of this command
to remove the setting.
tunnel destination { ipv4-address | ipv6-address }
no tunnel destination
Parameter
Description
Parameter
ipv4-address
Description
Destination address of the tunnel, namely the IPv4 address in the
other side of the tunnel.
Destination address of the tunnel. With the tunnel mode ipv6
ipv6-address
configured, the destination address of the tunnel shall be the
IPv6 address. If the tunnel mode gre ipv6 is configured, the
Command Reference
IPv6 Commands
destination address of the tunnel shall also be the IPv6 address.
Defaults
The destination address encapsulated by the tunnel is not configured by default.
Command
Interface configuration mode.
Mode
Usage Guide
A device shall not be configured multiple tunnels with the same encapsulation type, source address
and destination address.
Note: For auto tunnel 6to4 and isatap, the destination address shall not be configured.
Configuration
The following example configures an IPv6 manual tunnel.
Examples
Ruijie(config)# interface tunnel 1
Ruijie(config-if)# tunnel mode ipv6ip
Ruijie(config-if)# tunnel source vlan 1
Ruijie(config-if)# tunnel destination 192.168.5.1
Related
Command
Description
Commands
tunnel source
Configure the source IP address of the tunnel.
tunnel mode
Configure the mode of a tunnel.
Tunnel ttl
Configure the TTL of the tunnel.
Platform
Description
N/A
Command Reference
DHCPv6 Relay Agent Commands
DHCPv6 Relay Agent Commands
show ipv6 dhcp relay destination
Use this command to display the destination addresses of the DHCPv6 Relay Agent.
show ipv6 dhcp relay destination
Parameter
Description
Parameter
Description
all
Displays all destination addresses and interfaces.
interface
interface-type
specified interface.
interface-number
Defaults
N/A
Command
Privileged EXEC mode
Displays the destination addresses and interfaces configured for a
Mode
Usage Guide
You can use this command to check that DHCPv6 packets received by the DHCPv6 Relay interface
are forwarded to specified destination addresses.
Configuration
The following example displays the configuration of all destination addresses on the Relay Agent.
Examples
Ruijie# show ipv6 dhcp relay destination all
Interface: Vlan1
// Interface where DHCPv6 Relay is enabled
Destination address(es)
Output Interface
3001::2
Related
Commands
Platform
Description
FF02::1:2
Vlan2
//Specify the destination address.
//Specify the outbound interface.
Command
Description
N/A
N/A
N/A
show ipv6 dhcp relay statistics
Use this command to view the statistics on transmitted packets after DHCPv6 Relay is enabled on a
device.
show ipv6 dhcp relay statistics
Command Reference
Parameter
Description
DHCPv6 Relay Agent Commands
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
Mode
Usage Guide
You can use this command to view the statistics on transmitted packets after DHCPv6 Relay is
enabled on the device.
Configuration
The following example queries DHCPv6 Relay Agent statistics.
Examples
Ruijie# show ipv6 dhcp relay statistics
Packets dropped
Error
Excess of rate limit
Packets received
Description
: 28
REQUEST
: 0
CONFIRM
: 0
RENEW
: 0
REBIND
: 0
RELEASE
: 0
DECLINE
: 0
//Discard packets that are not processed
//Discard error packets
//Discard excessive packets
//Count the received DHCPv6 packets
: 14
RELAY-FORWARD
: 0
RELAY-REPLY
: 14
: 16
ADVERTISE
: 0
RECONFIGURE
: 0
REPLY
Platform
: 0
: 0
Packets sent
Commands
: 2
SOLICIT
INFORMATION-REQUEST
Related
: 2
//Count the sent DHCPv6 packets
: 8
RELAY-FORWARD
: 8
RELAY-REPLY
: 0
Command
Description
clear ipv6 dhcp relay statistics
Clears the statistics.
N/A
Command Reference
DHCPv6 Relay Agent Commands
clear ipv6 dhcp relay statistics
Use this command to clear the statistics on transmitted packets after DHCPv6 Relay is enabled on a
device.
clear ipv6 dhcp relay statistics
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
Mode
Usage Guide
You can use this command to clear the statistics on transmitted packets after DHCPv6 Relay is
enabled on the device.
Configuration
The following example clears the statistics on DHCPv6 Relay Agent packets (all packets counts
Examples
become 0 after this command is executed).
Ruijie#clear ipv6 dhcp relay statistics
Related
Commands
Command
show ipv6 dhcp relay statistics
Platform
Description
N/A
Description
Displays the statistics on DHCPv6 Relay
packets.
Command Reference
DHCPv6 Commands
DHCPv6 Commands
dns-server
Use this command to set the DNS Server list information for the DHCPv6 Server. Use the no form of
this command to remove the configuration.
dns-server ipv6-address
no dns-server ipv6-address
Parameter
Parameter
Description
Description
ipv6-address
Set the IPv6 address or the DNS server.
Defaults
By default, no DNS server list is configured.
Command
DHCPv6 pool configuration mode.
Mode
Usage Guide
To configure several DNS Server addresses, use the dns-server command for several times. The
newly-configured DNS Server address will not overwrite the former ones.
Configuration
Examples
Ruijie(config-dhcp)# dns-server 2008:1::1
Related
Command
Description
Commands
domain-name
Set the DHCPv6 domain name information.
ipv6 dhcp pool
Set a DHCPv6 pool.
Platform
N/A
Description
domain-name
Use this command to set the domain name for the DHCPv6 server. Use the no form of this command
to remove the domain name.
domain-name domain
no domain-name domain
Parameter
Parameter
Description
Description
domain
Set the domain name.
Defaults
By default, no domain name is configured.
Command Reference
Command
DHCPv6 Commands
DHCPv6 pool configuration mode.
Mode
Usage Guide
To configure several domain names, use the domain-name command for several times. The
newly-configured domain name will not overwrite the former ones.
Configuration
Ruijie(config-dhcp)# domain-name example.com
Examples
Related
Command
Description
Commands
dns-server
Set the DHCPv6 DNS server list.
ipv6 dhcp pool
Set the DHCPv6 pool.
Platform
N/A
Description
iana-address prefix
Use this command to set the IA_NA address prefix for the DHCPv6 Server. Use the no form of this
command to remove the IA_NA address prefix.
iana-address prefix ipv6-prefix/prefix-length [ lifetime { valid-lifetime | preferred-lifetime } ]
no iana-address prefix
Parameter
Parameter
Description
Description
ipv6-prefix/prefix-length
Set the IPv6 prefix and prefix length.
Set the lifetime of the address allocated to the client.
lifetime
With the keyword lifetime configured, both parameters valid-lifetime
amd preferred-lifetime shall be configured.
Defaults
valid-lifetime
Set the valid lifetime of using the allocated address for the client.
preferred-lifetime
Set the preferred lifetime of the address allocated to the client.
By default, no IA_NA address prefix is configured;
The default valid-lifetime is 3600s (1 hour).
The default preferred-lifetime is 3600s (1 hour).
Command
DHCPv6 pool configuration mode.
Mode
Usage Guide
This command is used to set the IA_NA address prefix for the DHCPv6 Server, and allocate the
IA_NA address to the client.
The Server attempts to allocate a usable address within the IA_NA address prefix range to the client
upon receiving the IA_NA address request from the client. That address will be allocated to other
clients if the client no longer uses that address again.
Command Reference
DHCPv6 Commands
Configuration
Ruijie(config-dhcp)#
Examples
1000Ruijie(config-if)# ip verify urpf drop-rate notify
Related
Command
Description
Commands
ipv6 dhcp pool
Set the DHCPv6 pool.
show ipv6 dhcp pool
Show the DHCPv6 pool information.
Platform
iana-address
prefix
2008:50::/64
lifetime
2000
N/A
Description
ipv6 dhcp client pd
Use this command to enable the DHCPv6 client and request for the prefix address information. Use
the no form of this command to disable the prefix address request
ipv6 dhcp client pd prefix-name [ rapid-commit ]
no ipv6 dhcp client pd
Parameter
Parameter
Description
Description
prefix-name
Define the IPv6 prefix name.
rapid-commit
Allow the simplified interaction process.
Defaults
Disabled
Command
Interface configuration mode.
Mode
Usage Guide
With the DHCPv6 client mode disabled, use this command to enable the DHCPv6 client mode on the
interface.
With the ipv6 dhcp client pd command enabled, the DHCPv6 client sends the prefix request to the
DHCPv6 server
The keyword rapid-commit allows the client and the server two-message interaction process. With
this keyword configured, the solicit message sent by the client includes the rapid-commit item.
Configuration
The following example shows how to enable the prefix information request on the interface:
Examples
Ruijie(config)# interface fastethernet 0/1
Ruijie(config-if)# ipv6 dhcp client pd pd_name
Related
Command
Commands
clear ipv6 dhcp client
show ipv6 dhcp interface
Description
Reset the DHCPv6 client function on the
interface.
Show the DHCPv6 interface configuration.
Command Reference
Platform
DHCPv6 Commands
N/A
Description
ipv6 dhcp pool
Use this command to set the DHCPv6 server pool. Use the no form of this command to remove the
information pool.
ipv6 dhcp pool poolname
no ipv6 dhcp pool poolname
Parameter
Parameter
Description
Description
poolname
Define the DHCPv6 pool name.
Defaults
By default, the DHCPv6 server information pool is not configured
Command
Global configuration mode.
Mode
Usage Guide
This command is used to create a DHCPv6 Server configuration pool. After configuring this
command, it enters the DHCPv6 pool configuration mode, in which the administrator can set the pool
parameters, such as the prefix and the DNS Server information, ect.
After creating the DHCPv6 Server configuration pool, use the ipv6 dhcp server command to
associate the pool and the DHCPv6 Server on one interface.
Configuration
Ruijie# configure terminal
Examples
Ruijie(config)# ipv6 dhcp pool pool1
Ruijie(config-dhcp)#
Related
Commands
Command
ipv6 dhcp server
show ipv6 dhcp pool
Platform
Description
Enable the DHCPv6 server function on the
interface.
Show the DHCPv6 pool information.
N/A
Description
ipv6 dhcp relay destination
Use this command to enable the DHCPv6 relay service and configure the destination address to
which the messages are forwarded. Use the no form of this command to delete the forwarding
address configuration or delete the output interface configuration of the forwarding address.
ipv6 dhcp relay destination ipv6-address [ interface-type interface-number ]
no ipv6 dhcp relay destination ipv6-address [ interface-type interface-number ]
Command Reference
DHCPv6 Commands
Parameter
Parameter
Description
Description
ipv6-address
Set the DHCPv6 relay destination address.
interface-type
Specify the forwarding output interface if the forwarding address is
interface-number
the local link address.
Defaults
The relay and forward function is disabled, and the forwarding destination address and the output
interface are not configured.
Command
Interface configuration mode.
Mode
Usage Guide
With the DHCPv6 relay service enabled on the interface, the DHCPv6 message received on the
interface can be forwarded to all configured destination addresses. Those received DHCPv6
messages can be from the client, or from another DHCPv6 relay service.
The forwarding output interface configuration is mandatory if the forwarding address is the local link
address or the multicast address. And the forwarding output interface configuration is optional if the
forwarding address is global or station unicast or multicast address.
Without the forwarding output interface configured, the interface is selected according to the unicast
or multicast routing protocol.
The relay reply message can be forwarded without the relay function enabled on the interface.
The DHCPv6 Relay Destination command can only be enabled on layer-3 interface.
When Destination is configured as multicast address, it must be followed by outgoing
interface ID.
Configuration
The following example shows how to set the relay destination address on the interface:
Examples
Ruijie(config)# interface fastethernet 0/1
Ruijie(config-if)# ipv6 dhcp relay destination 2008:1::1
The following example specifies the destination as 3001::2 while enabling DHCPv6 Relay service on
the interface Interface VLAN1.
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#interface vlan 1
Ruijie(config-if)#ipv6 dhcp relay destination 3001::2
Ruijie(config-if)#end
Related
Command
Description
Commands
show ipv6 dhcp interface
Show the DHCPv6 interface information.
show ipv6 dhcp relay destination { all |
Show the destination address list of the current
interface interface-type interface-number }
Relay.
Command Reference
Platform
DHCPv6 Commands
N/A
Description
ipv6 dhcp server
Use this command to enable the DHCPv6 server on the interface. Use the no form of this command
to disable this function.
ipv6 dhcp server poolname [ rapid-commit ] [ preference value ]
no ipv6 dhcp server
Parameter
Parameter
Description
Description
poolname
Define the DHCPv6 pool name.
rapid-commit
Allow to use the two-message interaction process.
preference value
Defaults
Disabled
Command
Interface configuration mode.
Set the preference level for the advertise message. The valid range is
1-100 and the default value is 0.
Mode
Usage Guide
Use the ipv6 dhcp server command to enable the DHCPv6 service.
Configuring the keyword rapid-commit allows the two-message interaction for the server and the
client when allocating the address prefix and setting other configurations. With this keyword
configured, if the client solicit message includes the rapid-commit item, the DHCPv6 Server will send
the Reply message immediately.
DHCPv6 Server carries with the preference value when sending the advertise message if the
preference level is not 0.
If the preference level is 0, the advertise message will not include this field. If the preference value is
255, the client sends the request message to the server to obtain the configurations.
DHCPv6 Client, Server and Relay functions are exclusive, and only one of the functions can be
configured on the interface.
Configuration
Ruijie(config)# interface fastethernet 0/1
Examples
Ruijie(config-if)# ipv6 dhcp server pool1
Related
Command
Description
Commands
ipv6 dhcp pool
Set the DHCPv6 pool.
show ipv6 dhcp pool
Show the DHCPv6 pool information.
Platform
Description
N/A
Command Reference
DHCPv6 Commands
prefix-delegation
Use this command to set the static binding address prefix information for the DHCPv6 server. Use the
no form of this command to delete the address prefix information.
prefix-delegation ipv6-prefix/prefix-length client-DUID [ lifetime ]
no prefix-delegation ipv6-prefix/prefix-length client-DUID [ lifetime ]
Parameter
Parameter
Description
Description
ipv6-prefix/prefix-length
Set the IPv6 address prefix and the prefix length.
client-DUID
Set the client DUID.
lifetime
Set the interval of using the prefix by the client.
Defaults
By default, no address prefix information is configured.
Command
DHCPv6 pool configuration mode.
Mode
Usage Guide
The administrator uses this command to manually set the address prefix information list for the client
IA_PD and set the valid lifetime for those prefixes.
The parameter client-DUID allocates the address prefix to the first IA_PD in the specified client.
Before receiving the request message for the address prefix from the client, DHCPv6 Server
searches for the corresponding static binding first. If it succeeds, the server returns to the static
binding; otherwise, the server will attempt to allocate the address prefix from other prefix information
sources.
Configuration
Ruijie(config-dhcp)# prefix-delegation 2008:2::/64 0003000100d0f82233ac
Examples
Related
Command
Description
Commands
ipv6 dhcp pool
Set a DHCPv6 pool.
ipv6 local pool
Set a local prefix pool.
prefix-delegation pool
Specify the DHCPv6 local prefix pool.
show ipv6 dhcp pool
Show the DHCPv6 pool information.
Platform
N/A
Description
prefix-delegation pool
Use this command to specify the local prefix pool for the DHCPv6 server. Use the no form of this
command to remove the local prefix pool.
prefix-delegation pool poolname [ lifetime { valid-lifetime | preferred-lifetime } ]
no prefix-delegation pool poolname
Command Reference
DHCPv6 Commands
Parameter
Parameter
Description
Description
poolname
Set the local prefix pool name.
Set the lifetime of the address prefix allocated to the client.
lifetime
With the keyword lifetime configured, both parameters valid-lifetime and
preferred-lifetime shall be configured.
Defaults
valid-lifetime
Set the valid lifetime of using the allocated address prefix for the client.
preferred-lifetime
Set the preferred lifetime of the address prefix allocated to the client.
By default, no address prefix pool is specified.
The default valid-lifetime is 3600s (1 hour).
The default preferred-lifetime is 3600s (1 hour).
Command
DHCPv6 pool configuration mode.
Mode
Usage Guide
Use the prefix-delegation pool command to set the prefix pool for the DHCPv6 Server and allocate
the prefix to the client. Use the ipv6 local pool command to set the prefix pool.
The Server attempts to allocate a usable prefix from the prefix pool to the client upon receiving the
prefix request from the client. That prefix will be allocated to other clients if the client no longer uses
that prefix again.
Configuration
Ruijie(config-dhcp)# prefix-delegation pool client-prefix-pool lifetime 2000
Examples
1000
Related
Command
Description
Commands
ipv6 dhcp pool
Set a DHCPv6 pool.
ipv6 local pool
Set a local prefix pool.
prefix-delegation
Statically bind the client with the address prefix.
show ipv6 dhcp pool
Show the DHCPv6 pool information.
Platform
N/A
Description
show ipv6 dhcp
Use this command to show the device DUID.
show ipv6 dhcp
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command Reference
Command
DHCPv6 Commands
Privileged EXEC mode.
Mode
Usage Guide
The server, client and relay on the same device share a DUID.
Configuration
Ruijie# show ipv6 dhcp
Examples
This device's DHCPv6 unique identifier(DUID): 00:03:00:01:00:d0:f8:22:33:b0
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
show ipv6 dhcp binding
Use this command to show the address binding information for the DHCPv6 server.
show ipv6 dhcp binding [ ipv6-address ]
Parameter
Parameter
Description
Description
ipv6-address
Set the IPv6 address or the prefix.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
If the ipv6-address is not specified, all prefixes dynamically assigned to the client and IANA address
binding information are shown. If the ipv6-address is specified, the binding information for the
specified address is shown.
Configuration
Ruijie# show ipv6 dhcp binding
Examples
Client DUID: 00:03:00:01:00:d0:f8:22:33:ac
IAPD: iaid 0, T1 1800, T2 2880
Prefix: 2001:20::/72
preferred lifetime 3600, valid lifetime 3600
expires at Jan 1 2008 2:23 (3600 seconds)
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
Command Reference
DHCPv6 Commands
show ipv6 dhcp conflict
Use this command to show the DHCPv6 address conflicts.
show ipv6 dhcp conflict
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show ipv6 dhcp conflict
Examples
2008:50::2
declined
2108:50::2
declined
2008:50::3
declined
2008:50::4
declined
2108:50::4
declined
2008:50::5
declined
Related
Command
Description
Commands
clear ipv6 dhcp conflict
Clear address conflicts.
Platform
N/A
Description
show ipv6 dhcp interface
Use this command to show the DHCPv6 interface information.
show ipv6 dhcp interface [ interface-name ]
Parameter
Parameter
Description
Description
interface-name
Set the interface name.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
If the interface-name is not specified, all DHCPv6 interface information is shown. If the
Command Reference
DHCPv6 Commands
interface-name is specified, the specified interface information is shown.
Configuration
Ruijie# show ipv6 dhcp interface
Examples
VLAN 1 is in server mode
Server pool dhcp-pool
Rapid-Commit: disable
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
show ipv6 dhcp pool
Use this command to show the DHCPv6 pool information
show ipv6 dhcp pool [ poolname ]
Parameter
Parameter
Description
Description
poolname
Define the DHCPv6 pool name.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
If the poolname is not specified, all DHCPv6 interface information is shown. If the poolname is
specified, the specified interface information is shown.
Configuration
Ruijie# show ipv6 dhcp pool
Examples
DHCPv6 pool: dhcp-pool
DNS server: 2011:1::1
DNS server: 2011:1::2
Domain name: example.com
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
Command Reference
DHCPv6 Commands
show ipv6 dhcp relay destination
Use this command to show the destination information about DHCPv6 Relay Agent.
show ipv6 dhcp relay destination
Parameter
description
Parameter
Description
Show information about all configured destination addresses and
all
interface
relay exits.
interface-type
specified interface.
interface-number
Defaults
-
Command
Privileged mode
Show the relay destination address and relay exit configured for a
mode
Usage
Use this command to show the relay destination address to which DHCPv6 packets sent from a client
guideline
are forwarded through a specified relay exit (optional) by an interface for which the relay function has
been enabled by Relay Agent.
Examples
The example below shows all the relay destination addresses.
Ruijie# show ipv6 dhcp relay destination all
Interface: Vlan1
//interface for which the relay function has been enabled
Destination address(es)
Output Interface
3001::2
FF02::1:2
//specified destination address
Vlan2
//specified
relay exit
Related
Command
Description
commands
N/A
N/A
Platform
N/A
description
show ipv6 dhcp relay statistics
Use this command to show the packet sending and receiving condition with the DHCPv6 Relay
function enabled.
show ipv6 dhcp relay statistics
Parameter
Parameter
Description
Description
N/A.
N/A.
Command Reference
DHCPv6 Commands
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A.
Configuration
Ruijie# show ipv6 dhcp relay statistics
Examples
Packets dropped
: 2
Error
: 2
Excess of rate limit
: 0
Packets received
: 28
SOLICIT
: 0
REQUEST
: 0
CONFIRM
: 0
RENEW
: 0
REBIND
: 0
RELEASE
: 0
DECLINE
: 0
INFORMATION-REQUEST
: 14
RELAY-FORWARD
: 0
RELAY-REPLY
: 14
Packets sent
: 16
ADVERTISE
: 0
RECONFIGURE
: 0
REPLY
: 8
RELAY-FORWARD
: 8
RELAY-REPLY
: 0
Related
Command
Description
Commands
clear ipv6 dhcp relay statistics
Clear the statistical information.
Platform
N/A
Description
show ipv6 dhcp server statistics
Use this command to show the DHCPv6 server statistics.
show ipv6 dhcp server statistics
Parameter
Parameter
Description
Description
N/A
N/A
Command Reference
Defaults
N/A
Command
Privileged EXEC mode.
DHCPv6 Commands
Mode
Usage Guide
This command is used to show the DHCPv6 server statistics.
Configuration
Ruijie# show ipv6 dhcp server statistics
Examples
DHCPv6 server statistics:
Packet statistics:
DHCPv6 packets received:
7
Solicit received:
7
Request received:
0
Confirm received:
0
Renew received:
0
Rebind received:
0
Release received:
0
Decline received:
0
Relay-forward received:
0
Information-request received:
0
Unknown message type received:
0
Error message received:
0
DHCPv6 packet sent:
0
Advertise sent:
0
Reply sent:
0
Relay-reply sent:
0
Send reply error:
0
Send packet error:
0
Binding statistics:
Bindings generated:
0
IAPD assigned:
0
IANA assigned:
0
Configuration statistics:
DHCPv6 server interface:
1
DHCPv6 pool:
0
DHCPv6 iapd binding:
0
Related
Command
Description
Commands
ipv6 dhcp pool
Set a DHCPv6 pool.
Command Reference
Platform
Description
N/A
DHCPv6 Commands
Command Reference
DHCPv6 Server Commands
DHCPv6 Server Commands
clear ipv6 dhcp binding
use the clear ipv6 dhcp binding command to delete a DHCPv6 binding. .
clear ipv6 dhcp binding [ipv6-address]
Parameter
Parameter
Description
Description
ipv6-address
IPv6 address or prefix
Defaults
N/A
Command
Mode
Privileged EXEC mode
Function
If you do not specify ipv6-address, all DHCPv6 bindings will be deleted. If you specify ipv6-address,
Description
only the DHCPv6 binding for the specified IPv6 address will be deleted.
Configuration
The following example deletes a DHCPv6 binding.
Examples
Ruijie# clear ipv6 dhcp binding
Related
Command
Description
Commands
N/A
N/A
Platform
Description
N/A
dns-server
Use this command in DHCPv6 pool configuration mode to configure a DNS server list for the
DHCPv6 server.
Use the no form of this command to delete a DNS server list.
dns-server ipv6-address
no dns-server ipv6-address
Parameter
Parameter
Description
Command Reference
DHCPv6 Server Commands
Description
ipv6-address
Defaults
No DNS server list is configured along with the DHCPv6 server configuration pool.
Command
Mode
IP address of a DNS server
DHCPv6 pool configuration mode
Function
You can use the dns-server command for multiple times to configure multiple DNS server
Description
addresses. Old DNS server addresses will not be overwritten by new ones.
Configuration
The following example configures a DNS server address.
Examples
Ruijie(config-dhcp)# dns-server 2008:1::1
Related
Command
Description
Commands
domain-name
Configures the domain name of the DHCPv6 server.
ipv6 dhcp pool
Configures a DHCPv6 pool.
Platform
Description
N/A
domain-name
Use this command in DHCPv6 pool configuration mode to configure the domain name of a
DHCPv6 server.
Use the no form of this command to delete a domain name.
domain-name domain
no domain-name domain
Parameter
Parameter
Description
Description
domain
Domain name to be assigned to a user
Defaults
No domain name is configured along with the DCHPv6 server configuration pool.
Command
Mode
DHCPv6 pool configuration mode
Function
You can use the domain-name command for multiple times to create multiple domain names. Old
Description
domain names will not be overwritten by new ones.
Command Reference
DHCPv6 Server Commands
Configuration
The following example creates a domain name.
Examples
Ruijie(config-dhcp)# domain-name example.com
Related
Command
Description
Commands
dns-server
Configures a DNS server list for the DHCPv6 server.
ipv6 dhcp pool
Configures a DHCPv6 pool.
Platform
Description
N/A
iana-address prefix
Use this command to configure an IA_NA address prefix for a DHCPv6 server.
Use the no form of this command to delete an IA_NA address prefix.
iana-address prefix ipv6-prefix/prefix-length [lifetime {valid-lifetime | preferred-lifetime}]
no iana-address prefix
Parameter
Description
ipv6-prefix/prefix-length
Prefix and prefix length of an IPv6 address
Validity time of the address assigned to a client. This
Parameter
lifetime
Description
and preferred-lifetime.
valid-lifetime
preferred-lifetime
Default
Configuration
Command
Mode
keyword must be configured together with valid-lifetime
Remaining validity time of an address
Time, in which an address is preferentially assigned to a
client
The IA_NA address prefix is not configured by default.
The default value of valid-lifetime is 3600(s) (an hour).
The default value of preferred-lifetime is 3600(s) (an hour).
DHCPv6 pool configuration mode
You can use the iana-address prefix command to configure IA_NA address prefixes for a
Function
Description
DHCPv6 server, some of which are assigned to clients.
When receiving an IA_NA address request from a client, the DHCPv6 server selects an available
address according to the IA_NA address prefix range to the client. When the client does not use
this address, the DHCPv6 server assigns the address to another client.
Command Reference
DHCPv6 Server Commands
Configuration
The following example configures an IA_NA address prefix for the DHCPv6 server.
Examples
Ruijie(config-dhcp)# iana-address prefix 2008:50::/64 lifetime 2000 1000
Related
Command
Description
Commands
ipv6 dhcp pool
Configures a DHCPv6 pool.
show ipv6 dhcp pool
Displays the information of the DHCPv6 pool
Platform
Description
N/A
ipv6 dhcp server
Use this command to enable the DHCPv6 server service on an interface.
Use the no form of this command to disable the DHCPv6 server service on the interface.
ipv6 dhcp server poolname [rapid-commit] [preference value]
no ipv6 dhcp server
Parameter
Description
Parameter
Description
poolname
Name of a DHCPv6 pool
rapid-commit
Two-message interaction permitted
preference value
Default
Configuration
Command
Mode
Priority of an advertise message. The value range is 1 to
100, with 0 as the default value.
The DHCPv6 server service is disabled by default.
Interface configuration mode
Use the ipv6 dhcp server command to enable the DHCPv6 service on an interface.
When the rapid-commit keyword is configured, two-message interaction with a client is permitted
when address prefixes or other configuration is being allocated. If the Solicit packet from a client
contains the rapid-commit option, the DHCPv6 server will respond with a Reply message directly.
Function
When preference is set to a non-zero value, the advertise message sent by the DHCPv6 server
Description
will contain the preference option. The preference option determines whether a DHCPv6 server will
be selected. If an advertise message does not contain this option, the client regards that the
preference of the DHCPv6 server is 0. If the preference of a DHCPv6 server is 255, the client
directly sends a request message to the server.
The DHCPv6 Client, Server, and Relay are mutually exclusive. An interface can work only in one
Command Reference
DHCPv6 Server Commands
mode at the same time.
Configuration
Examples
The following example configures the DHCPv6 Server service on an interface.
Ruijie(config)# interface fastethernet 0/1
Ruijie(config-if)# ipv6 dhcp server pool1
Related
Command
Description
Commands
ipv6 dhcp pool
Configures a DHCPv6 pool.
show ipv6 dhcp interface
Displays the DHCPv6 interface information.
Platform
Description
N/A
ipv6 dhcp pool
Use this command to configure a DHCPv6 server configuration pool.
Use the no form of this command to delete a configuration pool.
ipv6 dhcp pool poolname
no ipv6 dhcp pool poolname
Parameter
Parameter
Description
Description
poolname
Name of a DHCPv6 pool
Default
Configuration
Command
Mode
No DHCPv6 server configuration pool is configured by default.
Global configuration mode
You can use the ipv6 dhcp pool command to create a DHCPv6 server configuration pool. After
Function
Description
using this command, you may enter DHCPv6 pool configuration mode, in which you can set the
pool parameters such as the prefix and DNS server.
After creating a DHCPv6 server configuration pool, you can use the ipv6 dhcp server command to
associate the pool with the DHCPv6 Server service on an interface.
The following example creates a DHCPv6 server configuration pool.
Configuration
Ruijie# configure terminal
Examples
Ruijie(config)# ipv6 dhcp pool pool1
Ruijie(config-dhcp)#
Command Reference
DHCPv6 Server Commands
Related
Command
Description
Commands
ipv6 dhcp server
Enables the DHCPv6 Server service on an interface.
show ipv6 dhcp pool
Displays the information of the DHCPv6 pool.
Platform
Description
N/A
prefix-delegation
Use this command to configure the address prefix for a static binding on the DHCPv6 server.
Use the no form of this command to delete an address prefix.
prefix-delegation ipv6-prefix/prefix-length client-DUID [lifetime]
no prefix-delegation ipv6-prefix/prefix-length client-DUID [lifetime]
Parameter
Description
Parameter
ipv6-prefix/prefix-length
Prefix and prefix length of an IPv6 address
Description
client-DUID
DUID of a client
lifetime
Time interval, at which a client is delegated to use a prefix
Default
Configuration
Command
Mode
No address prefix is configured by default.
DHCPv6 pool configuration mode
You can use the prefix-delegation command to manually configure a prefix list for an IA_PD of a
client and specify the validity time of these prefixes.
Function
Description
The client-DUID parameter specifies the client, to which an address prefix is assigned. The
address prefix will be assigned to the first IA_PD of the client.
When receiving a request for a prefix from a client, the DHCPv6 server queries whether the
corresponding static binding exists. If the static binding exists, the DHCPv6 server returns it to the
client; otherwise, the DHCPv6 server assigns an address prefix to the client.
Configuration
The following example configures an address prefix for a client.
Examples
Ruijie(config-dhcp)# prefix-delegation 2008:2::/64 0003000100d0f82233ac
Related
Command
Description
Command Reference
Commands
Platform
Description
DHCPv6 Server Commands
ipv6 dhcp pool
Configures a DHCPv6 pool.
ipv6 local pool
Configures a local prefix pool.
prefix-delegation pool
Assigns a local prefix pool for a DHCPv6 client.
show ipv6 dhcp pool
Displays the information of the DHCPv6 pool.
N/A
prefix-delegation pool
Use this command to specify a local prefix pool for a DHCPv6 server.
Use the no form of this command to delete a local prefix pool.
prefix-delegation pool poolname [lifetime {valid-lifetime | preferred-lifetime}]
no prefix-delegation pool poolname
Parameter
Description
Default
Configuration
Command
Mode
Parameter
Description
poolname
Name of a user-defined local prefix pool
Validity time of the prefix assigned to a client. This keyword
lifetime
must be configured together with valid-lifetime and
preferred-lifetime.
valid-lifetime
Remaining validity time of a prefix
preferred-lifetime
Time, in which a prefix is preferentially assigned to a client
No address prefix pool is configured by default.
The default value of valid-lifetime is 3600(s) (an hour).
The default value of preferred-lifetime is 3600(s) (an hour).
DHCPv6 pool configuration mode
You can use prefix-delegation pool command to configure a prefix pool for a DHCPv6 server.
Then the DHCPv6 server assigns prefixes to clients. The ipv6 local pool command is used to
Function
configure a prefix pool.
Description
When receiving a prefix request from a client, the DHCPv6 server selects an available prefix from
the prefix pool and assigns it to the client. When the client does not use this prefix, the DHCPv6
server assigns the prefix to another client.
Configuration
The following example configures a prefix pool for a DHCPv6 server.
Examples
Ruijie(config-dhcp)# prefix-delegation pool client-prefix-pool lifetime
Command Reference
DHCPv6 Server Commands
2000 1000
Related
Command
Description
Commands
ipv6 dhcp pool
Configures a DHCPv6 pool.
ipv6 local pool
Configures a local prefix pool.
prefix-delegation
Statically binds an address prefix for a client.
show ipv6 dhcp pool
Displays the information of the DHCPv6 pool.
Platform
Description
N/A
show ipv6 dhcp
Use this command to display the DUID of a device.
show ipv6 dhcp
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Mode
Function
Description
Configuration
Examples
Privileged EXEC mode
The DHCPv6 server, client, and relay on the same device share a DUID.
The following example displays the DUID of a device.
Ruijie# show ipv6 dhcp
This device's DHCPv6 unique identifier(DUID): 00:03:00:01:00:d0:f8:22:33:b0
Related
Command
Description
Commands
N/A
N/A
Platform
Description
N/A
Command Reference
DHCPv6 Server Commands
show ipv6 dhcp binding
Use this command to display the address bindings of a DHCPv6 server.
show ipv6 dhcp binding [ipv6-address]
Parameter
Parameter
Description
Description
ipv6-address
IPv6 address or prefix
Default
Configuration
Command
Mode
Function
Description
N/A
Privileged EXEC mode
If you do not specify ipv6-address, all the prefixes dynamically assigned to clients and IANA
address bindings are displayed. If you specify ipv6-address, only the DHCPv6 binding for the
specified IPv6 address will be displayed.
The following example displays DHCPv6 bindings.
Ruijie# show ipv6 dhcp binding
Client DUID: 00:03:00:01:00:d0:f8:22:33:ac
Configuration
IAPD: iaid 0, T1 1800, T2 2880
Examples
Prefix: 2001:20::/72
preferred lifetime 3600, valid lifetime 3600
expires at Jan 1 2008 2:23 (3600 seconds)
Related
Command
Description
Commands
N/A
N/A
Platform
Description
N/A
show ipv6 dhcp interface
Use this command to display the DHCPv6 interface information.
show ipv6 dhcp interface [interface-name]
Parameter
Parameter
Description
Command Reference
Description
Default
Configuration
Command
Mode
DHCPv6 Server Commands
interface-name
Interface name
N/A
Privileged EXEC mode
Function
If you do not specify interface-name, all DHCPv6 interfaces will be displayed. If you specify
Description
interface-name, only information of the specified interface will be displayed.
The following example displays DHCPv6 interfaces.
Ruijie# show ipv6 dhcp interface
Configuration
Examples
VLAN 1 is in server mode
Server pool dhcp-pool
Rapid-Commit: disable
Related
Command
Description
Commands
N/A
N/A
Platform
Description
N/A
show ipv6 dhcp pool
Use this command to display the DHCPv6 pool information.
show ipv6 dhcp pool [poolname]
Parameter
Parameter
Description
Description
poolname
Name of a DHCPv6 pool
Default
Configuration
Command
Mode
Function
N/A
Privileged EXEC mode
If you do not specify poolname, all DHCPv6 pools will be displayed. If you specify poolname, only
Command Reference
Description
DHCPv6 Server Commands
information of the specified pool will be displayed.
The following example displays DHCPv6 pools.
Ruijie# show ipv6 dhcp pool
Configuration
Examples
DHCPv6 pool: dhcp-pool
DNS server: 2011:1::1
DNS server: 2011:1::2
Domain name: example.com
Related
Command
Description
Commands
ipv6 dhcp pool
Configures a DHCPv6 pool.
Platform
Description
N/A
Command Reference
Port-based Flow Control Commands
Port-based Flow Control Commands
arp-check
Use this command to enable the ARP check function to avoid arp-spoofing in the network. Use the no
form of this command to disable the ARP check function.
arp-check
no arp-check
Parameter
Description
Parameter
Description
arp-check
Enables the ARP check function.
Defaults
The ARP check function on the interface is disabled by default.
Command
Interface configuration mode and WLANSEC configuration mode.
Mode
Usage Guide
Firstly, the ARP check function generates the trusted user information (IP or IP+MAC). Then it checks
whether the Sender IP field or the <Sender IP, Sender MAC> field of all ARP packets on the logic
interface matches with the trusted user information, and the ARP packets that not match with the
trusted user information will be discarded.
Configuration
The following example shows how to enable the ARP check function in interface configuration mode:
Examples
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# switchport port-security
The following example shows how to enable the ARP check function in WLANSEC configuration
mode:
Ruijie(config)#wlansec 1
Ruijie(config-wlansec)#arp-check
Related
Commands
Platform
Command
Description
show arp-check list
Displays the ARP check entries.
N/A.
Description
show arp-check list
Use this command to show the ARP check entries.
Command Reference
Port-based Flow Control Commands
show interface { interface-type interface-number } arp-check list
Parameter
Description
Parameter
Description
interface-type
Displays the ARP check entries of a designated interface.
interface-number
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
If the parameter is not specified, all ARP check entries will be displayed.
Configuration
The following example shows how to display the ARP check entries on the interface:
Examples
Ruijie#show interfaces arp-check list:
Interface Sender MAC
Sender IP
Policy Source
---------- -------------- --------------- -------------------Gi 0/1
00D0.F800.0003 192.168.1.3
address-bind
The following example shows how to display the ARP check entries in the WLANSEC configuration
mode:
Ruijie#show interfaces arp list
Interface Sender MAC
Sender IP
Policy Source
---------- -------------- --------------- -------------------WLAN 1
Related
Commands
Platform
Description
0026.c79f.6e4c 172.168.131.1
web-auth
Command
Description
arp-check
Enables the ARP check function.
N/A
Command Reference
802.1X Commands
802.1X Commands
dot1x auto-req
Use this command to configure 802.1X active authentication function in the global configuration
command. The no form of this command disables the automatic authentication function.
dot1x auto-req
no dot1x auto-req
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Enabled
Command
Global configuration mode.
Mode
Usage Guide
This command is used to actively initiate 802.1x authentication on the device. Use the show dot1x
auto-req command to view the setting of this function.
Configuration
The following example sets the device to automatically initiate 802.1x authentication:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x auto-req
Ruijie(config)# end
Ruijie(config)# show dot1x auto-req
Auto-Req: Enabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 30 Second
Related
Commands
Command
show dot1x auto-req
Platform
Description
N/A
Description
Shows the automatic authentication request
information.
Command Reference
802.1X Commands
dot1x auto-req packet-num
Use this command to set the number of authentication request messages that the device
automatically sends. The no form is used to specify the default value.
dot1x auto-req packet-num num
no dot1x auto-req packet-num
Parameter
Description
Parameter
num
Description
Number of authentication request messages that the device sends
automatically.
Defaults
num = 0; namely the packets are sent continuously
Command
Global configuration mode.
Mode
Usage Guide
Use the show dot1x auto-req command to view the setting of this function.
Configuration
The following example sets the device to automatically initiate 802.1x authentication continuously:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x auto-req packet-num 0
Ruijie(config)# end
Ruijie# show dot1x auto-req
Auto-Req: Enabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 30 Second
Related
Commands
Command
show dot1x auto-req
Platform
Description
N/A
Description
Shows the automatic authentication request
information.
Command Reference
802.1X Commands
dot1x auto-req req-interval
Use this command to set the interval of sending authentication request messages. The no form is
used to specify the default value
dot1x auto-req req-interval interval
no dot1x auto-req req-interval
Parameter
Description
Parameter
interval
Defaults
30 seconds
Command
Global configuration mode.
Description
The time interval of actively sending authentication request
messages by the device, in second.
Mode
Usage Guide
Use the show dot1x auto-req command to view the setting of this function.
Configuration
The following example sets the time interval of sending authentication request message to 60s:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x auto-req req-interval 60
Ruijie(config)# end
Ruijie# show dot1x auto-req
Auto-Req: Enabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 60 Second
Related
Commands
Platform
Command
Description
show dot1x auto-req
Shows the authentication request information.
N/A
Description
dot1x auto-req user-detect
Use this command to disable the device to send authentication request message after receiving the
response. The no form is used to specify the default value.
Command Reference
802.1X Commands
dot1x auto-req user-detect
no dot1x auto-req user-detect
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Enabled
Command
Global configuration mode.
Mode
Usage Guide
Use the show dot1x auto-req command to view the setting of this function.
Configuration
The following example sets the device to stop sending authentication request messages after the
Examples
user gets on line:
Ruijie# configure terminal
Ruijie(config)# dot1x auto-req user-detect
Ruijie(config)# end
Ruijie# show dot1x auto-req
Auto-Req: Enabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 60 Second
Related
Commands
Platform
Command
Description
show dot1x auto-req
Shows the authentication request information.
N/A
Description
dot1x timeout quiet-period
Use this command to set the time (in seconds) for the device to wait before reauthentication after the
authentication failure (for example, incorrect authentication password). Use the no form of the
command to restore it tothe default setting.
dot1x timeout quiet-period seconds
no dot1x timeout quiet-period
Parameter
Description
Parameter
Description
seconds
Time (in seconds) for the device to wait before reauthentication after
Command Reference
802.1X Commands
the authentication failure The range is from 0 to 65535, in seconds.
Defaults
10 seconds.
Command
Global configuration mode.
Mode
Usage Guide
When authentication fails, the solicitator must wait for a period of time before reauthentication.
Configuration
The following example sets the time for waiting re-authentication to 1000s:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x timeout quiet-period 1000
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status:
Related
Commands
Platform
Enabled
Authentication mode:
EAP-MD5
Authed User Number:
0
Re-authen Enabled:
Disabled
Re-authen Period:
3600 sec
Quiet Timer Period:
1000 sec
Tx Timer Period:
3 sec
Supplicant Timeout:
3 sec
Server Timeout:
5 sec
Re-authen Max:
3 times
Maximum Request:
3 times
Filter Non-RG Supp:
Disabled
Client Oline Probe:
Disabled
Eapol Tag Enable:
Disabled
Authorization Mode:
Group Server
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Description
dot1x timeout re-authperiod
Use this command to set re-authentication interval when re-authentication is enabled. Use the no
form of the command to restore it to the default value.
dot1x timeout re-authperiod seconds
Command Reference
802.1X Commands
no dot1x timeout re-authperiod
Parameter
Description
Parameter
Description
seconds
Period of authentication. The range is from 0 to 65535 seconds.
Defaults
3600 seconds
Command
Global configuration mode.
Mode
Usage Guide
Use show dot1x command to show the 802.1X configuration.
Configuration
The following example sets the period of re-authentication to 1000s:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x timeout re-authperiod 1000
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status:
Related
Commands
Platform
Description
Enabled
Authentication mode
EAP-MD5
Authed User Number:
0
Re-authen Enabled:
Disabled
Re-authen Period:
1000 sec
Quiet Timer Period:
1000 sec
Tx Timer Period:
3 sec
Supplicant Timeout:
3 sec
Server Timeout:
5 sec
Re-authen Max:
3 times
Maximum Request:
3 times
Filter Non-RG Supp:
Disabled
Client Oline Probe:
Disabled
Eapol Tag Enable:
Disabled
Authorization Mode:
Group Server
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Command Reference
802.1X Commands
dot1x timeout server-timeout
Use this command to set the authentication timeout between the device and the authentication
server. Use the no form of the command to restore it to the default setting.
dot1x timeout server-timeout seconds
no dot1x timeout server-timeout
Parameter
Description
Parameter
seconds
Defaults
5 seconds.
Command
Global configuration mode.
Description
Authentication timeout between the device and the authentication
server. The range is 0 to 65535 seconds.
Mode
Usage Guide
Use the show dot1x command to show 802.1X configuration.
Configuration
The following example sets the authentication timeout of the authentication server to 10s:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x timeout server-timeout 10
Ruijie(config)# end
Ruijie# show dot1x
Related
Commands
802.1X Status:
Enabled
Authentication mode:
EAP-MD5
Authed User Number:
0
Re-authen Enabled:
Disabled
Re-authen Period:
1000 sec
Quiet Timer Period:
1000 sec
Tx Timer Period:
3 sec
Supplicant Timeout:
3 sec
Server Timeout:
10 sec
Re-authen Max:
3 times
Maximum Request:
3 times
Filter Non-RG Supp:
Disabled
Client Oline Probe:
Disabled
Eapol Tag Enable:
Disabled
Authorization Mode:
Group Server
Command
Description
Command Reference
802.1X Commands
show dot1x
Platform
Shows the information about 802.1x.
N/A
Description
dot1x timeout supp-timeout
Use this command to set the authentication timeout between the device and the supplicant. Use the
no form of the command to restore it to the default setting.
dot1x timeout supp-timeout seconds
no dot1x timeout supp-timeout
Parameter
Description
Parameter
seconds
Defaults
3 seconds.
Command
Global configuration mode.
Description
Authentication timeout between the device and the supplicant The
range is from 0 to 65535 seconds.
Mode
Usage Guide
Use the show dot1x command to show 802.1X configuration.
Configuration
The following example sets the authentication timeout between the device and
Examples
the supplicant to 10s:
Ruijie# configure terminal
Ruijie(config)# dot1x timeout supp-timeout 10
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status:
Enabled
Authentication Mode:
EAP-MD5
Authed User Number:
0
Re-authen Enabled:
Disabled
Re-authen Period:
1000 sec
Quiet Timer Period:
1000 sec
Tx Timer Period:
3 sec
Supplicant Timeout:
10 sec
Server Timeout:
10 sec
Re-authen Max:
3 times
Maximum Request:
3 times
Filter Non-RG Supp:
Disabled
Command Reference
Related
Commands
Platform
802.1X Commands
Client Oline Probe:
Disabled
Eapol Tag Enable:
Disabled
Authorization Mode:
Group Server
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Description
dot1x timeout tx-period
Use this command to set the interval of transmitting packets after the maximum number of
retransmission times is configured. Use the no form of the command to restore it to the default
setting.
dot1x timeout tx-period seconds
no dot1x timeout tx-period
Parameter
Description
Parameter
Description
Authentication timeout between the device and the supplicant The
seconds
range is from 0 to 65535 seconds.
Defaults
3 seconds.
Command
Global configuration mode.
Mode
Usage Guide
Use the show dot1x command to show 802.1X configuration.
Configuration
The following example sets the interval of retransmission to 10s:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x timeout tx-period 10
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status:
Enabled
Authentication mode:
EAP-MD5
Authed User Number:
0
Re-authen Enabled:
Disabled
Re-authen Period:
1000 sec
Quiet Timer Period:
1000 sec
Tx Timer Period:
10 sec
Command Reference
Related
Commands
Platform
802.1X Commands
Supplicant Timeout:
10 sec
Server Timeout:
10 sec
Re-authen Max:
3 times
Maximum Request:
3 times
Filter Non-RG Supp:
Disabled
Client Oline Probe:
Disabled
Eapol Tag Enable:
Disabled
Authorization Mode:
Group Server
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Description
dot1x re-authentication
Use this command to enable periodic re-authentication. Use the no form of the command to restore it
to the the default setting.
dot1x re-authentication
no dot1x re-authentication
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
By default, it is not required to re-authenticate the supplicant periodically.
Command
Global configuration mode.
Mode
Usage Guide
This command will reauthenticate the supplicant periodically after he passes the authentication. Use
show dot1x command to show 802.1X configuration.
Configuration
The following example enables the re-authentication function:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x re-authentication
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status:
Enabled
Authentication mode:
EAP-MD5
Command Reference
Related
Commands
Platform
802.1X Commands
Authed User Number:
0
Re-authen Enabled:
Enabled
Re-authen Period:
1000 sec
Quiet Timer Period:
1000 sec
Tx Timer Period:
10 sec
Supplicant Timeout:
10 sec
Server Timeout:
10 sec
Re-authen Max:
3 times
Maximum Request:
3 times
Filter Non-RG Supp:
Disabled
Client Oline Probe:
Disabled
Eapol Tag Enable:
Disabled
Authorization Mode:
Group Server
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Description
dot1x reauth-max
Use this command to set the maximum number of supplicant reauthentication. Use the no form of
the command to restore it to the default value.
dot1x reauth-max count
no dot1x reauth-max
Parameter
Description
Parameter
Description
count
Maximum number of re-authentications
Defaults
The default value is 3.
Command
Global configuration mode.
Mode
Usage Guide
Use this command to specify the maximum number of supplicant reauthentications. Use show dot1x
command to show 802.1X configuration.
Configuration
The following example sets the maximum number of re-authentications:
Examples
Ruijie# configure terminal
Command Reference
802.1X Commands
Ruijie(config)# dot1x reauth-max 5
Ruijie(config)# end
Ruijie# show dot1x
802.1X Status:
Enabled
Authentication mode:
EAP-MD5
Authed User Number:
0
Re-authen Enabled: Enable
Related
Commands
Platform
Re-authen Period:
1000 sec
Quiet Timer Period:
1000 sec
Tx Timer Period:
10 sec
Supplicant Timeout:
10 sec
Server Timeout:
10 sec
Re-authen Max:
5 times
Maximum Request:
3 times
Filter Non-RG Supp:
Disabled
Client Oline Probe:
Disabled
Eapol Tag Enable:
Disabled
Authorization Mode:
Group Server
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Description
dot1x authentication
In case the AAA is enabled, the authentication with the AAA server must be performed for logon.
Use this command to associate logon authentication method list. The no form of this command is
used to delete the logon authentication method list.
dot1x authentication {default | list-name}
no dot1x authentication {default | list-name}
Parameter
Description
Parameter
Description
default
Name of the default authentication method list
list-name
Name of the method list available
Defaults
If AAA is enabled, the AAA service is used for login authentication by default.
Command
Global configuration mode.
Mode
Command Reference
Usage Guide
802.1X Commands
If the AAA security server is enabled, this command is used for the login authentication with the
specified method list.
Configuration
The following command demonstrates how to associate a method list on the interface and use group
Examples
radius for authentication.
Ruijie# configure terminal
Ruijie(config)# aaa new-model
Ruijie(config)# aaa authentication dot1x default group radius
Ruijie(config)# interface fastEthernet0/1
Ruijie(config-if)# dot1x authentication default
Ruijie(config-if)# end
Ruijie#
Related
Commands
Command
Description
aaa new-model
Enables the AAA security service.
Configures the logon authentication method
aaa authentication dot1x
Platform
list.
N/A
Description
dot1x auth-mode
Use this command to specify the 802.1x authentication mode.
dot1x auth-mode {eap-md5 | chap | pap}
no dot1x auth-mode
Parameter
Description
Parameter
Description
eap-md5
Uses EAP-MD5 for authentication.
chap
Uses CHAP for authentication.
pap
Uses PAP for authentication.
Defaults
EAP-MD5 mode.
Command
Global configuration mode.
Mode
Usage Guide
Use the show dot1x command to show the 802.1X configurations.
Command Reference
802.1X Commands
Configuration
This example shows how to configure the 802.1X authentication mode:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x auth-mode chap
Ruijie(config)# end
Ruijie#
Related
Commands
Platform
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Description
dot1x default
Use this command to restore part of 802.1x parameters to the default value.
dot1x default }
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Global configuration mode.
Mode
Usage Guide
Use the show dot1x command to show the 802.1X configurations.
Configuration
The following example sets the default parameters of 802.1x:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x default
Ruijie(config)# end
Ruijie# end
Related
Commands
Platform
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Command Reference
802.1X Commands
Description
dot1x dhcp-before-acct enable
Use this command to enable the accounting function after the IP address is obtained in global
configuration mode. Use the no form of this command to restore the default settings.
dot1x dhcp-before-acct enable
no dot1x dhcp-before-acct enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
This function is disabled by default.
Command
Global configuration mode.
Mode
Usage Guide
Use the show running-config command to view the setting.
Configuration
The following example only uses a private client :
Examples
Ruijie# configure t
Ruijie(config)# dot1x dhcp-before-acct enable
Ruijie(config)# end
Ruijie#
Related
Commands
Platform
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Description
dot1x dhcp-before-acct timeout time
Use this command in global configuration mode to configure the timeout period of the accounting
function which is enabled after the IP address is obtained. Use the no form of this command to
restore the default settings.
dot1x dhcp-before-acct timeout time
no dot1x dhcp-before-acct timeout
Command Reference
Parameter
Description
Defaults
802.1X Commands
Parameter
Description
time
Timeout time, 5 minutes by default.
The timeout time is 5 minutes by default. This function takes effect when the accounting function is
enabled after the IP address is obtained.
Command
Global configuration mode.
Mode
Usage Guide
Use the show running-config command to view the setting.
Configuration
The following settings use a private client only:
Examples
Ruijie# configure t
Ruijie(config)# dot1x dhcp-before-acct timeout 1
Ruijie(config)# end
Ruijie#
Related
Commands
Platform
Command
Description
show running-config
Views the settings.
N/A
Description
dot1x max-req
During interaction between the dot1x and the server, the dot1x will send a request to the server
again if it does not receive a response from the server within a certain period of time. Use this
command to set the maximum number of authentication requests sent to the server. Use the no form
of the command to restore it to the default value.
dot1x max-req count
no dot1x max-req
Parameter
Description
Parameter
Description
count
Maximum number of authentication requests sent to the server.
Defaults
The default value is 3.
Command
Global configuration mode.
Mode
Usage Guide
Use the show dot1x command to show the 802.1X configuration.
Command Reference
802.1X Commands
Configuration
The following example demonstrates how to set the maximum number of authentication requests to
Examples
7:
Ruijie# configure terminal
Ruijie(config)# dot1x max-req 7
Ruijie(config)# end
Ruijie#
Related
Commands
Platform
Command
Description
show dot1x
Shows the information about 802.1x.
N/A
Description
dot1x offline-detect
The low flow detect is used to detect whether the flow of the terminal is lower than the designated
threshold value. If it is, the terminal is logged out. By default, this function is enabled. The default
detect time is 15 minutes and the detect flow is 0 byte. Use the no option of this command to restore
the setting as the default value.
dot1x offline-detect flow interval val flow num
no dot1x offline-detect
Parameter
Description
Parameter
Description
val
This parameter detects the period.
num
This parameter detects the threshold value.
Defaults
The default values are 15 minutes and 0 byte.
Command
Global configuration mode and WLANSEC configuration mode.
Mode
Usage Guide
By default, this function is enabled. It is helpful to solve wrong fee-deduction problems due to
abnormal terminal offline.
Configuration
The following example demonstrates how to set the 802.1x flow detect:
Examples
Ruijie# configure terminal
Ruijie(config)# wlansec 1
Ruijie(config-wlansec)dot1x offline-detect interval 10 flow 10
Ruijie(config-wlansec)# end
Related
Command
Description
Command Reference
802.1X Commands
Commands
show dot1x
Platform
Shows the information about 802.1x.
N/A
Description
dot1x redirect url
Use this command to set the redirect url. Before the 802.1x authentication success/failure for the
terminal user, if the browser is used to access the network, the switch will redirect the URL accessed
by the user to the configured URL, which is began with http://, take http://ruijie.net/web for example.
It is worth mentioning that only http:// is supported and only one redirection address can be
configured. The latter url address will cover the former one. Use the no form of this command to
delete the redirect url address.
dot1x redirect url [url-string]
no dot1x redirect url
Parameter
Description
Parameter
Description
url-string
The URL address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example redirects the network address: ruijie.net/web:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x redirect url http://ruijie.net/web
Related
Commands
Command
dot1x redirect for special tcp-destination port
dot1x redirect time-out
dot1x redirect num for special source-ip
show dot1x
Platform
N/A
Description
Sets the specific destination port and redirect
the web request for the destination IP.
Sets the timeout time maintaining the redirect
connection.
Sets the allowed number of redirect connection
of the same source.
Shows the dot1x redirection information.
Command Reference
802.1X Commands
Description
dot1x redirect for special tcp-destination port
Use this command to set the specific destination port and redirect the web request for the destiantion
IP. Except for the port number 80 and 8080, up to 16 TCP destination ports are supported. Use the
no form of this command to delete the configured redirect port numbers.
dot1x redirect for special tcp-destination port port num
no dot1x redirect for special tcp-destination port port num
Parameter
Description
Parameter
Description
port-num
TCP destination port number.
Defaults
The default TCP destination port number is 80 and 8080.
Command
Privileged EXEC mode.
Mode
Usage Guide
The valid TCP port number range is 1-65535.
Configuration
The following example sets the redirect tcp destination port as 8443:
Examples
Ruijie# configure terminal
Ruijie(config)# dot1x redirect for special tcp-destination port 8443
Related
Commands
Command
Description
dot1x redirect url
Sets the redirect url address.
dot1x redirect time-out
dot1x redirect num for special source-ip
show dot1x
Platform
Sets the timeout time maintaining the redirect
connection.
Sets the allowed number of redirect connection
of the same source.
Shows the dot1x redirection information.
N/A
Description
dot1x redirect time-out
Use this command to set the timeout time maintaining the redirect connection. Use the no form of
this command to restore to the default value.
Command Reference
802.1X Commands
dot1x redirect time-out port time-out-interval
no dot1x redirect time-out port
Parameter
Description
Parameter
Description
time-out-interval
The timeout time, in seconds. The valid range is 1-10s.
Defaults
The default value is 3.
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example set the redirect timeout time as 5s:
Examples
Ruijie(config)# dot1x redirect time-out 5
Related
Commands
Command
Description
dot1x redirect url
Sets the redirect url address.
dot1x redirect for special tcp-destination port
dot1x redirect num for special source-ip
show dot1x
Platform
Sets the specific destination port and redirect
the web request for the destination IP.
Sets the allowed number of redirect connection
of the same source.
Shows the dot1x redirection information.
N/A
Description
dot1x redirect num for special source-ip
Use this command to set the allowed number of redirect connection of the same source. Use the no
form of this command to restore to the default value.
dot1x redirect num for special source-ip num
no dot1x redirect num for special source-ip
Parameter
Description
Defaults
Parameter
Description
num
The redirect connection number. The valid range is 1-10.
The default value is 1.
Command Reference
Command
802.1X Commands
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example set the redirect connection number as 3:
Examples
Ruijie(config)# dot1x redirect num for special source-ip 3
Related
Commands
Command
Description
dot1x redirect url
Sets the redirect url address.
dot1x redirect for special tcp-destination port
the web request for the destination IP.
Sets the timeout time maintaining the redirect
dot1x redirect time-out
connection.
Shows the dot1x redirection information.
show dot1x
Platform
Sets the specific destination port and redirect
N/A
Description
show dot1x
Use this command to display the information about 802.1x setting.
show dot1x
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the information about 802.1x:
Examples
Ruijie# show dot1x
802.1X Status:
Enabled
Authentication Mode:
EAP-MD5
Command Reference
802.1X Commands
Authed User Number:
0
Re-authen Enabled:
Disabled
Re-authen Period:
3600 sec
Quiet Timer Period:
10 sec
Tx Timer Period:
3 sec
Supplicant Timeout:
3 sec
Server Timeout:
5 sec
Re-authen Max:
3 times
Maximum Request:
3 times
Filter Non-RG Supp:
Disabled
Client Oline Probe:
Disabled
Eapol Tag Enable:
Disabled
Authorization Mode:
Group Server
Ruijie#
Related
Commands
Command
Description
dot1x auth-mode
Sets the 802.1x authentication mode.
dot1x max-req
dot1x port-control auto
dot1x reauth-max
dot1x re-authentication
dot1x timeout quiet-period
dot1x timeout re-authperiod
dot1x timeout server-timeout
dot1x timeout supp-timeout
dot1x timeout tx-period
Platform
Sets the maximum number of authentication
request retransmissions.
Sets the port to participate in authentication.
Sets the maximum number of the supplicant
re-authentications.
Sets the re-authentication attribute.
Sets
the
time
the
device
waits
reauthentication.
Sets the re-authentication period for the
supplicant.
Sets the authentication timeout between the
device and authentication server.
Sets the authentication timeout between the
device and the supplicant.
Sets the retransmission period.
N/A
Description
show dot1x auto-req
Use this command to show the configuration information of automatic 802.1x authentication.
show dot1x auto-req
before
Command Reference
Parameter
Description
802.1X Commands
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the information about automatic 802.1x authentication:
Examples
Ruijie# show dot1x auto-req
Auto-Req: Disabled
User-Detect : Enabled
Packet-Num : 0
Req-Interval: 30 Seconds
Ruijie#
Related
Commands
Command
Description
dot1x auth-mode
Setsthe 802.1x authentication mode.
dot1x max-req
dot1x port-control auto
dot1x reauth-max
dot1x re-authentication
dot1x timeout quiet-period
dot1x timeout re-authperiod
dot1x timeout server-timeout
dot1x timeout supp-timeout
dot1x timeout tx-period
Platform
Description
N/A
Sets the maximum number of authentication
request retransmissions.
Sets the port to participate in authentication.
Sets the maximum number of the supplicant
re-authentications.
Sets the re-authentication attribute.
Sets
the
time
the
device
waits
before
reauthentication.
Sets the re-authentication period for the
supplicant.
Sets the authentication timeout between the
device and authentication server.
Sets the authentication timeout between the
device and the supplicant.
Sets the retransmission period.
Command Reference
802.1X Commands
show dot1x max-req
Use this command to show the maximum number of authentication request retransmissions to the
client.
show dot1x max-req
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the information about the private supplicant:
Examples
Ruijie# show dot1x private-supplicant-only
private-supplicant-only:: disabled
Ruijie#
Related
Commands
Command
Description
dot1x auth-mode
Set the 802.1x authentication mode.
dot1x max-req
dot1x port-control auto
dot1x reauth-max
dot1x re-authentication
dot1x timeout quiet-period
dot1x timeout re-authperiod
dot1x timeout server-timeout
dot1x timeout supp-timeout
dot1x timeout tx-period
Platform
N/A
Set the maximum number of authentication
request retransmissions.
Set the port to participate in authentication.
Set the maximum number of the supplicant
re-authentications.
Set the re-authentication attribute.
Set
the
time
the
device
waits
before
reauthentication.
Set
the
re-authentication
period
for
the
supplicant.
Set the authentication timeout between the
device and authentication server.
Set the authentication timeout between the
device and the supplicant.
Set the retransmission period.
Command Reference
802.1X Commands
Description
show dot1x probe-timer
Use this command to show the online probing configurations.
show dot1x probe-timer
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the online probing configuration:
Examples
Ruijie# show dot1x probe-timer
Hello Interval: 20 Seconds
Hello Alive: 250 Seconds
Ruijie#
Related
Commands
Command
Description
dot1x auth-mode
Set the 802.1x authentication mode.
dot1x max-req
dot1x port-control auto
dot1x reauth-max
dot1x re-authentication
dot1x timeout quiet-period
dot1x timeout re-authperiod
dot1x timeout server-timeout
dot1x timeout supp-timeout
Set the maximum number of authentication
request retransmissions.
Set the port to participate in authentication.
Set the maximum number of the supplicant
re-authentications.
Set the re-authentication attribute.
Set
the
time
the
device
waits
before
reauthentication.
Set
the
re-authentication
period
for
the
supplicant.
Set the authentication timeout between the
device and authentication server.
Set the authentication timeout between the
device and the supplicant.
Command Reference
802.1X Commands
Set the retransmission period.
dot1x timeout tx-period
Platform
N/A
Description
show dot1x re-authentication
Use this command to show re-authentication configuration.
show dot1x re-authentication
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the information about reauthentication:
Examples
Ruijie# show dot1x re-authentication
eauth-enabled: disabled
Ruijie#
Related
Commands
Command
Description
dot1x auth-mode
Set the 802.1x authentication mode.
dot1x max-req
dot1x port-control auto
dot1x reauth-max
dot1x re-authentication
dot1x timeout quiet-period
dot1x timeout re-authperiod
dot1x timeout server-timeout
Set the maximum number of authentication
request retransmissions.
Set the port to participate in authentication.
Set the maximum number of the supplicant
re-authentications.
Set the re-authentication attribute.
Set
the
time
the
device
waits
before
reauthentication.
Set
the
re-authentication
period
for
the
supplicant.
Set the authentication timeout between the
device and authentication server.
Command Reference
802.1X Commands
Set the authentication timeout between the
dot1x timeout supp-timeout
device and the supplicant.
Set the retransmission period.
dot1x timeout tx-period
Platform
N/A
Description
show dot1x reauth-max
Use this command to show the maximum number of re-authentications.
show dot1x reauth-max
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the information about the maximum number of re-authentications:
Examples
Ruijie# show dot1x reauth-max
reauth-max: 2 times
Ruijie#
Related
Commands
Command
Description
dot1x auth-mode
Set the 802.1x authentication mode.
dot1x max-req
dot1x port-control auto
dot1x reauth-max
dot1x re-authentication
dot1x timeout quiet-period
dot1x timeout re-authperiod
Set the maximum number of authentication
request retransmissions.
Set the port to participate in authentication.
Set the maximum number of the supplicant
re-authentications.
Set the re-authentication attribute.
Set
the
time
the
device
waits
before
reauthentication.
Set
the
supplicant.
re-authentication
period
for
the
Command Reference
802.1X Commands
Set the authentication timeout between the
dot1x timeout server-timeout
device and authentication server.
Set the authentication timeout between the
dot1x timeout supp-timeout
device and the supplicant.
Set the retransmission period.
dot1x timeout tx-period
Platform
N/A
Description
show dot1x summary
Use this command to display the 802.1X authentication summary.
show dot1x summary
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the summary of 802.1x authentication:
Examples
Ruijie# show dot1x summary
ID
User
MAC
Interface VLAN Auth-State
Backend-State Port-Status User-Type Time
--------
----------
--------------
---------
----
---------------
------------- ----------- --------- -----------------2
ts-user
Idle
0023.aeaa.4286 Fa0/5
Authed
static
1
Authenticated
0days 0h 8m 8s
Ruijie#
Related
Commands
Command
Description
dot1x auth-mode
Sets the 802.1x authentication mode.
dot1x max-req
dot1x port-control auto
Sets the maximum number of authentication
request retransmissions.
Sets the port to participate in authentication.
Command Reference
802.1X Commands
Sets the maximum number of the supplicant
dot1x reauth-max
re-authentications.
Sets the re-authentication attribute.
dot1x re-authentication
Sets
dot1x timeout quiet-period
time
the
device
waits
before
reauthentication.
Sets the re-authentication period for the
dot1x timeout re-authperiod
supplicant.
Sets the authentication timeout between the
dot1x timeout server-timeout
device and authentication server.
Sets the authentication timeout between the
dot1x timeout supp-timeout
device and the supplicant.
Sets the retransmission period.
dot1x timeout tx-period
Platform
the
N/A
Description
show dot1x timeout
The commands show the information about the 802.1X timeout.
show dot1x timeout quiet-period
show dot1x timeout re-authperiod
show dot1x timeout server-timeout
show dot1x timeout supp-timeout
show dot1x timeout tx-period
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the information about the time
Examples
reauthentication:
Ruijie# show dot1x timeout quiet-period
quiet-period: 60 sec
Ruijie#
for the device to wait before
Command Reference
Related
Commands
Command
Description
dot1x auth-mode
Sets the 802.1x authentication mode.
dot1x max-req
dot1x port-control auto
dot1x reauth-max
dot1x re-authentication
dot1x timeout quiet-period
dot1x timeout re-authperiod
dot1x timeout server-timeout
dot1x timeout supp-timeout
dot1x timeout tx-period
Platform
Description
802.1X Commands
N/A
Sets the maximum number of authentication
request retransmissions.
Sets the port to participate in authentication.
Sets the maximum number of the supplicant
re-authentications.
Sets the re-authentication attribute.
Sets
the
time
the
device
waits
before
reauthentication.
Sets the re-authentication period for the
supplicant.
Sets the authentication timeout between the
device and authentication server.
Sets the authentication timeout between the
device and the supplicant.
Sets the retransmission period.
Command Reference
Web Authentication Commands
Web Authentication Commands
http redirect
In global configuration mode, use this command to configure the IP address of the HTTP redirection,
which is the IP address of the first generation Portal server deployed on the network. Use the no form
of this command to remove the IP address of the HTTP redirection.
http redirects ip-address
no http redirect
Parameter
Description
Parameter
Description
ip-address
The IPv4 address of the HTTP redirection.
Defaults
By default, the IP address of the HTTP redirection is not configured.
Command
Global configuration mode
mode
Usage Guide
This command configuration is for the first generation Web authentication Portal server address, not
for the second generation Web authentication.
Configuration
#Designate the IPv4 address of the HTTP redirection as 172.16.0.1.
Examples
Ruijie(config)# http redirect 172.16.0.1
Related
Commands
Command
Description
show http redirect
Shows the configurations of HTTP redirection.
http redirect homepage
Platform
Sets
the
homepage
IP
address
of
the
authentication page.
N/A
Description
http redirect direct-site
Use this command to set the scope of authentication-free network resources. Use the no form of this
command to delete the scope of authentication-free network resources.
http redirects direct-site ipv6-address | { ip-address [ ip-mask ] [ arp ] }
no http redirects direct-site ipv6-address | { ip-address [ ip-mask ] }
Command Reference
Parameter
Description
Parameter
ip-address
ipv6-address
ip-mask
Web Authentication Commands
Description
The parameter indicates the IP address of an authentication-free
network resource.
IPv6 address of an authentication-free network resource.
(Optional) The parameter indicates the IP address mask of an
authentication-free network resource.
(Optional) If the ARP CHECK function is enabled on the access
device, the IP address, including the VRRP address of the gateway
arp
uplinked
with
authentication-free
terminal
resource
users
with
must
the
be
configured
keyword
arp.
as
Other
authentication-free resources do not need to carry the keyword arp.
Defaults
By default, no authentication-free network resource is configured.
Command
Global configuration mode
mode
Usage Guide
After Web authentication is enabled, all users need to pass Web authentication for accessing the
network resources. To open certain network resources to the unauthenticated users, run this
command. When a Website is an authentication-free network resource, all users can access the
Website.
You can configure a maximum of 100 authentication-free network resources.
Configuration
#Set the Website with the IP address of 172.16.0.0 as an authentication-free network resource.
Examples
Ruijie(config)# http redirect direct-site 172.16.0.1
Related
Commands
Platform
Command
Description
show http redirect
Shows the configuration of HTTP redirection.
N/A
Description
http redirect direct-arp
Use this command to configure the address range of direct ARP. Use the no form of this command to
remove the configuration.
http redirects direct-arp { ip-address [ ip-mask ] | local-address }
no http redirects direct-arp { ip-address [ ip-mask ] | local-address }
Parameter
Description
Parameter
Description
Command Reference
Web Authentication Commands
ip-address
This parameter indicates the IP address range of direct ARP.
ip-mask
(Optional) This parameter indicates the IP address mask of direct
ARP.
local-address
This parameter indicates the configuration of the local direct ARP.
Defaults
By default, no direct arp resource is configured.
Command
Global configuration mode
mode
Usage Guide
After web authentication and ARP check are enabled, ARP messages of unauthenticated terminals
will be intercepted. The terminal cannot learn the gateway arp or initiate HTTP requests. This
command discharges the ARP messages with the specified IP address to help the terminal learn the
gateway ARP.
In general, while using the external web authentication, configure the released gateway arp; while
using the built-in web authentication, configure the released host arp.
Configuration
#Configure the direct gateway ARP with the IP address 172.16.0.1.
Examples
Ruijie(config)# http redirect direct-arp 172.16.0.1
Related
Commands
Platform
Command
Description
show http redirect
Shows the configuration of HTTP redirection.
N/A
Description
http redirect homepage
Use this command to set the authentication homepage address of the Portal server. Use the no form
of this command to delete the address of the authentication homepage.
http redirects homepage url-string
no http redirect homepage
Parameter
Description
Parameter
Description
The homepage address must begin with http:// or https://. Otherwise,
url-string
the system prompts configuration failure. The maximum length of the
homepage address is 255 characters.
Defaults
By default, the homepage address of the authentication page is not specified.
Command
Global configuration mode
mode
Command Reference
Usage Guide
Web Authentication Commands
To apply Ruijie first generation Web authentication function successfully, you need to configure the
homepage address of the authentication page.
Configuration
#Set the homepage address of the authentication page to http://www.ruijie-eportal.net:8080/login
Examples
Ruijie(config)#
http redirect homepage http://www.ruijie-eportal.net:8080/login
Related
Commands
Command
Description
show http redirect
Shows the configuration of HTTP redirection.
Sets the IP address for the authentication
http redirect
Platform
server.
N/A
Description
http redirect port
Use this command is used to redirect the Web request of the HTTP that a terminal sends to a specific
destination port. Use the no form of this command to remove the redirection of the Web request of the
HTTP to a specific destination port.
http redirects port port-num
no http redirects port port-num
Parameter
Description
Parameter
port-num
Defaults
Command
mode
Description
The parameter indicates the destination port number of the Web
request of the HTTP.
By default, the HTTP requests sent to the destination port 80 and port 8081 are intercepted.
Global configuration mode
Usage Guide
N/A
Configuration
#Redirect the Web request of the HTTP that the user initiates to the port 8080.
Examples
Ruijie(config)# http redirect port 8080
#Remove the redirection the Web request of the HTTP that the user initiates to the port 80.
Ruijie(config)# no http redirect port 80
Related
Commands
Command
Description
Command Reference
Web Authentication Commands
Shows the configuration of HTTP redirection.
show http redirect
Platform
Description
N/A
http redirect session-limit
Use this command to set the maximum number of HTTP sessions for each unauthenticated user or
the total number of HTTP sessions for all users under each port. Use the no form of the command to
restore the default value.
http redirect session-limit session-num [ port port-session-num ]
no http redirects session-limit
Parameter
Description
Parameter
Description
The parameter indicates the maximum number of HTTP sessions for
session-num
the same global unauthenticated user, which ranges from 1 to 255.
(Optional) The parameter indicates the total number of HTTP
port-session-num
sessions for unauthenticated users under each port, which ranges
from 1 to 65535.
Defaults
By default, the maximum number of HTTP sessions for each global unauthenticated user is 255 and
the total number of HTTP sessions for unauthenticated users under each port is 1000.
The description of the port on the wireless device is as follows:
In the fit AP mode, the CTI port on AC (CAPWAP TUNNEL INTERFACE, the CAPWAP
tunnel port between the AP and the AC).
In the fat AP, the radio port.
Command
mode
Usage Guide
Global configuration mode
You need to limit the maximum number of HTTP sessions for unauthenticated users on the access
device. Otherwise, unauthenticated users may initiate an HTTP attack, thus exhausting the TCP
connections of the access device.
When a user is authenticated, one HTTP session is occupied and other applications of the user may
also occupy HTTP sessions. Therefore, it is not recommended to set the maximum number of HTTP
sessions for unauthenticated users to 1.
Configuration
#Set the maximum number of HTTP sessions for an unauthenticated user to 4.
Examples
Ruijie(config)# http redirect session-limit 4
Command Reference
Related
Commands
Platform
Web Authentication Commands
Command
Description
show http redirect
Shows the configurations of HTTP redirection.
N/A
Description
http redirect timeout
Use this command to set the timeout period that maintains the redirection connection. Use the no
form of this command to restore the timeout period for maintaining the redirection connection to 3
seconds.
http redirect timeout seconds
no http redirect timeout
Parameter
Description
Parameter
seconds
Defaults
3 seconds by default
Command
Global configuration mode
Description
The parameter indicates the timeout period that maintains the
redirection connection, which ranges from 1 to 10 (seconds).
mode
Usage Guide
The command is used to set the timeout period that maintains the redirection connection. After three
handshakes succeeded, the system needs to wait for the HTTP GET/HEAD message sent by the
user and then return the HTTP redirection message before the connection is disabled. If the timeout
period is not set, the user may occupy the TCP connection for a long time but not send the
GET/HEAD message.
Configuration
#Set the timeout period that maintains the redirection connection to 4 seconds.
Examples
Ruijie(config)# http redirect timeout 4
Related
Commands
Platform
Description
Command
Description
show http redirect
Shows the configuration of HTTP redirection.
N/A
Command Reference
Web Authentication Commands
iportal service
Use this command to set the names of the intranet and extranet service types of the built-in Portal
server.
iportal service { internet service-name | local service-name }
no iportal service { internet | local }
Parameter
Description
Parameter
Description
service-name
The parameter indicates the name of the service, which is a string of
characters.
Defaults
By default, the name of the Internet service is “internet”, and the name of local service is “local”.
Command
Global configuration mode
mode
Usage Guide
The field must be identical with the intranet and extranet service names configured on SAM. By
default, they can be used mutually. You need to configure the same name as the SAM when the
device is self-defined.
Configuration
#Set the service name of the extranet as intranet.
Examples
Ruijie(config)# iportal service internet intranet
Related
Commands
Platform
Command
Description
show running-config
Shows the system configuration.
N/A
Description
iportal user-agent
Use this command to configure the terminal identification policy and identify a specific terminal as a
mobile terminal based on the feature string.
iportal user-agent name type mobile strin
no iportal user-agent name
Parameter
Description
Parameter
Description
name
This parameter indicates the name specified for the UA configured.
string
This parameter indicates the UA feature string for identification.
Command Reference
Defaults
N/A
Command
Global configuration mode
Web Authentication Commands
mode
Usage Guide
Use this command to specify a terminal type as a mobile terminal.
The feature string of the terminal type in UA requests is configured in string. The field name is used to
identify a self-defined terminal. Different self-defined terminals cannot share the same name.
Configuration
#Add an ipod terminal with “ipod” as its feature string.
Examples
Ruijie(config)# iportal user-agent ipod type mobile ipod
Related
Commands
Platform
Command
Description
show running-config
Shows the system configuration.
N/A
Description
iportal retransmit
Use this command to set the message retransmission count for the built-in Portal server.
iportal retransmit times
no iportal retransmit
Parameter
Description
Parameter
Description
times
Sets the page retransmission count for the built-in Portal server,
which ranges from 1 to 13.
Defaults
By default, the count is 3.
Command
Global configuration mode
mode
Usage Guide
The configuration of this command depends on network environment. It is not recommended to
modify this parameter except that it is in special environment.
Excessive messages retransmissions may cause low message processing efficiency, while few
messages retransmissions may cause message transmission failure in bad network environment.
Configuration
#Set the count of time-out retransmission to 4.
Examples
Ruijie(config)# iportal retransmit 4
Related
Command
Description
Command Reference
Web Authentication Commands
Commands
Shows the system configuration.
show running-config
Platform
N/A
Description
portal-server
Use this command to configure the Portal Server used in the second-generation web authentication,
including the name, IP address, URL of authentication page, and UDP monitoring port of the server.
Use the no form of this command to clear configurations of Portal Server.
portal-server { eportalv2 | portal-name } [ type v2 ] ip { ip-address | ipv6-address } [ port port-num ]
[ url url-string ]
portal-server { iportal | portal-name } type intra [ page-suite pagename ] [ authentication mlist1 ]
[ accounting mlist2 ]
portal-server { iportal | portal-name } announcement-page { url-string }
portal-server { iportal | portal-name } homepage { url-string }
{ no | default } portal-server { eportalv2 | iportal | portal-name }
Parameter
Description
Parameter
Description
The server name serves as the index and unique identifier of a Ruijie
second-generation Portal Server. Naming restrictions are as follows:
The name cannot be the same as the keyword.
portal-name
The name can be a combination of uppercase/lowercase English
letters, digits and special symbols. The following special symbols are
supported (partitioned by comma): _, @, $, -, # and *.
The length of the name ranges from 1 to 63 bytes.
ip-address
IPv4 address of the server.
ipv6-address
IPv6 address of the server.
url-string
(Optional) Page URL, which ranges from 10 to 255 bytes.
port-num
pagename
mlist1
mlist2
Defaults
(Optional) UDP listening port of the server, which ranges from 1 to
65535.
Name of the customized page package.
Authentication method list specified by the server, which ranges from
1 to 63
Accounting method list specified by the server, which ranges from 1
to 63
In the second-generation authentication, the URL of authentication page uses the root page of the
server's HTTP service based on its IP address by default. For example, if the server IP is 172.20.1.1,
the default authentication page URL will be: http://172.20.1.1/.
In the second-generation authentication, the default UDP listening port of the server is 50100.
Command Reference
Web Authentication Commands
In the built-in authentication, the system uses the default page and default method list, and the default
HTTP port is 8081.
By default, there are different default names for different portal servers:
The name of V1 server: eportalv1
The name of V2 server: eportalv2
The name of built-in server: iportal
Although the parameters of the default server can be altered or reset, the parameters cannot be
deleted.
Command
Global configuration mode.
mode
Usage Guide
To successfully deploy Ruijie second-generation or built-in portal web authentication, you must
properly configure Ruijie second-generation or built-in portal server.
The no form of a single command is not supported currently.
Configuration
#Enable the second-generation web authentication and configure the second-generation portal
Examples
server named edu_portal, with 172.20.1.1 as the IPv4 address and http://172.20.1.1:7080/login.php
as the authentication page URL.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#portal-server
edu_portal
ip
172.20.1.1
url
http://172.20.1.1:7080/login.php
Related
Commands
Command
Description
Shows
show web-auth portal
Platform
the
information
about
Ruijie
second-generation portal server.
This command is only supported by wireless products.
Description
web-auth accounting v2
Use this command to specify the accounting method list used for Ruijie second-generation web
authentication. This command is supported in both global mode and WLAN security mode. Use the
no form of this command to restore the default settings.
web-auth accounting v2 list-name
no web-auth accounting v2
Parameter
Parameter
Description
Command Reference
Web Authentication Commands
Description
This parameter indicates the network-related AAA accounting method
list-name
list. Please refer to the section of AAA for specific description.
Defaults
By default, the global accounting method list is named "default" and it is used by the WLAN.
Command
Global configuration mode and WLAN security configuration mode.
mode
Usage Guide
You can specify different accounting methods for different WLANs.
While configuring and using the specified accounting method list, make sure the
corresponding AAA accounting method list has been configured, or else the global
accounting method list for the corresponding type will be used.
Configuration
#Configure a network-related AAA accounting method list named "comm_acct", use the default
Examples
RADIUS server group named "radius" and apply it to the accounting method list for Ruijie
second-generation web authentication based on WLAN 100.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# aaa accounting network comm_acct start-stop group radius
Ruijie(config)# wlansec 100
Ruijie(wlansec)# web-auth accounting v2 comm_acct
Ruijie(wlansec)# exit
Related
Commands
Command
aaa accounting network
Platform
Description
Configures the network-related AAA accounting
method list.
This command is supported only on wireless products.
Description
web-auth acct-update-interval
Use this command to configure the default accounting update interval for web authentication. Use the
no form of this command to restore the default settings.
web-auth acct-update-interval minutes
no web-auth acct-update-interval
Command Reference
Parameter
Description
Web Authentication Commands
Parameter
Description
This parameter indicates the accounting update interval in minutes,
which ranges from 0 to 60 minutes. The default value is 0, indicating
minutes
no accounting update.
Defaults
0 minutes by default.
Command
Global configuration mode
mode
Usage Guide
If the Access-Accept message replied by the server carries the attribute of accounting
update interval and the attribute value is not 0, this value will be used as the accounting
update interval, or else the accounting update interval configured on the device will be
used.
This command can only be displayed and supported after the second-generation web
authentication has been enabled.
Configuration
#Configure the accounting update interval for Ruijie second-generation web authentication as 3
Examples
minutes.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# web-auth acct-update-interval 3
Related
Commands
Command
show web-auth portal parameters
Platform
Description
Shows parameters of the second-generation
web authentication.
This command is supported only on wireless products.
Description
web-auth accounting jitter-off
The web authentication accounting jitter-off function is disabled by default. When this function is
enabled, the checking time will not be counted in the users’ on-line time if users drop due to signal
problems or traffic problems. Use the no form of this command to include the checking time in the
Command Reference
Web Authentication Commands
users’ on-line time.
web-auth accounting jitter-off
no web-auth accounting jitter-off
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
By default, the checking time will not be counted in the users’ on-line time.
Command
Global configuration mode.
mode
Usage Guide
1. This function is only for counting time.
2. The default configuration is recommended.
3. Please refer to Wireless Security Configuration for the details of this function.
Configuration
# Include the checking time in the on-line time.
Examples
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# web-auth accounting jitter-off
Related
Commands
Platform
Command
Description
webauth prevent-jitter
Configures WEB authentication jitter-off time.
web-auth offline-detect flow
Enables the traffic detection.
This command is supported only on wireless products.
Description
web-auth authen-mode
Use this command to configure controlled mode for web authentication. IPv4 controlled is configured
by default, which means the device only intercept IPv4 packets and deliver IPv6 packets by default.
Use the no or default form of this command to restore the default configuration.
web-auth authen-mode { ipv4 | ipv6 | both }
no web-auth authen-mode
Parameter
Description
Parameter
Description
ipv4
Configures the web authentication as IPv4 controlled.
ipv6
Configures the web authentication as IPv6 controlled.
both
Configures the web authentication as both IPv4 and IPv6 controlled.
Command Reference
Web Authentication Commands
Defaults
The web authentication is IPv4 controlled by default.
Command
WLAN security configuration mode
mode
Usage Guide
This command can be configured only after the web authentication is disabled in WLAN security
mode.
Configuration
#Configure only IPv6 authentication mode in WLAN 100.
Examples
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# wlansec 100
Ruijie(wlansec)# web-auth authen-mode ipv6
Ruijie(wlansec)# exit
Related
Commands
Platform
Command
Description
N/A
N/A
This command is supported only on wireless products.
Description
web-auth dhcp-check
Use this command to enable the dhcp resource check function. Use the no form of this command to
disable this function.
web-auth dhcp-check
no web-auth dhcp-check
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The dhcp resource check function is disabled by default.
Command
Global configuration mode.
mode
Usage Guide
This command supports only the IPv4.
This command takes effect only after the DHCP Snooping is enabled.
Configuration
# Enable the dhcp resource check function.
Examples
Ruijie# configure terminal
Command Reference
Web Authentication Commands
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#web-auth dhcp-check
%Warning: web-auth dhcp-check will not take effect until dhcp-snooping
is enabled.
Ruijie(config)#ip dhcp snooping
Ruijie(config)#
Related
Commands
Platform
Command
Description
ip dhcp snooping
Enables the DHCP Snooping function.
This command is supported only on wireless products.
Description
web-auth authentication v2
Use this command to specify the authentication method list used for Ruijie second-generation web
authentication. This command is supported in both the global mode and WLAN security mode. Use
the no form of this command to restore the default settings.
web-auth authentication v2 list-name
no web-auth authentication v2
Parameter
Description
Parameter
list-name
Description
AAA method list for web authentication. Please refer to the section of
AAA for specific description.
Defaults
By default, the global authentication method list for the corresponding type is used.
Command
WLAN security configuration mode.
mode
Usage Guide
Relevant options can only be displayed and supported after the second-generation web
authentication has been enabled.
While configuring to use the specified authentication method list, make sure the
corresponding authentication method list has been configured in AAA, or the global
authentication method list for the corresponding type will be used.
Configuration
# Configure an AAA authentication method list named "edu_authen", use the default RADIUS server
Examples
group named "radius" and apply it to the authentication method list for WLAN 100.
Ruijie# configure terminal
Command Reference
Web Authentication Commands
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# aaa authentication web-auth edu_authen group radius
Ruijie(config)# wlansec 100
Ruijie(wlansec)# web-auth authentication v2 edu_authen
Ruijie(wlansec)# exit
Related
Commands
Command
Description
Configures AAA authentication method list for
aaa authentication web-auth
Platform
web authentication.
This command is supported only on wireless products.
Description
web-auth direct-host
Use this command to the set the scope of the IP addresses free from authentication. Use the no form
of this command to delete authentication-free IP addresses.
web-auth direct-host ipv6-address | { ip-address [ ip-mask ] [ port interface-name ] [ arp ] }
no web-auth direct-host ipv6-address | ip-address
Parameter
Description
Parameter
ip-address
ipv6-address
ip-mask
Description
The parameter indicates the address of an authentication-free IP
address.
IPv6 address free from authentication.
(Optional) The parameter indicates the IP address mask of an
authentication-free user.
(Optional) If the ARP CHECK functionality is enabled on the access
device, the IP address, including the VRRP address of the gateway
arp
uplinked
with
authentication-free
terminal
resource
users
with
must
the
be
configured
keyword
arp.
as
Other
authentication-free resources do not need to carry the keyword arp.
Defaults
By default, the authentication-free users are not set, that is, all IPs must pass the Web authentication
before accessing the restricted network resources.
Command
Global configuration mode
mode
Usage Guide
If you set an IP as authentication-free, the IP can access all reachable network resources without
undergoing the Web authentication.
Up to 100 authentication-free IPs are allowed.
Command Reference
Web Authentication Commands
Configuration
#Set the user with the IP address of 172.16.0.1 as an authentication-free user.
Examples
Ruijie(config)# web-auth direct-host 172.16.0.1
Related
Commands
Command
Description
Shows the IP address scope free of web
show web-auth direct-host
Platform
authentication.
N/A
Description
web-auth httprd-guard
Use this command to the configure the Web authentication redirection guard. Use the no form of this
command to disable the Web authentication redirection guard.
web-auth httprd-guard {enable | {redirect-count count silence-period period interval interval}
no web-auth httprd-guard [enable]
Parameter
Description
Parameter
count
period
Description
The parameter indicates the redirection count. The default count is
10.
The parameter indicates the time to forbid redirection after the
redirection times exceed the configured value. The default period is 3
seconds.
interval
The parameter indicates the interval for redirection attack detection.
The default interval is 5 seconds.
Defaults
By default, redirection guard is disabled.
Command
Global configuration mode
mode
Usage Guide
Use the web-auth httprd-guard enable command to enable the Web authenticaiton redirection
guard. Then you can configure the detection parameters using the web-auth httprd-guard
redirect-count count silence-period period interval interval command.
Configuration
#Configure the Web authentication redirection guard.
Examples
Ruijie(config)# web-auth httprd-guard enable
Ruijie(config)# web-auth httprd-guard redirect-count 20 silence-period 5
interval 10
Related
Commands
Command
Description
Command Reference
Web Authentication Commands
show web-auth httprd-guard user
Platform
Shows
the
redirection
attack
user
and
configuration.
N/A
Description
web-auth offline-detect flow
Use this command to configure the traffic detection functionality. After the setting, if a user’s traffic in
the specified time is lower than a specified threshold value, the user will be assumed as not online
and forced to be offline. Use the no form of this command to restore the default value of the traffic
detection functionality.
web-auth offline-detect flow [ idle-timeout minutes ] [ threshold bytes ]
no web-auth offline-detect flow [ idle-timeout ] [ threshold ]
Parameter
Description
Parameter
bytes
bytes
Defaults
Command
mode
Description
This parameter specifies the detection threshold, which ranges from 0
to 4294967294 bytes. 0 byte is the default value.
This parameter specifies the detection threshold, which ranges from 0
to 4294967294 bytes. 0 byte is the default value.
By default, when the traffic detection is enabled, the default parameters are 15 minutes and 0 byte.
Global configuration mode
Usage Guide
N/A
Configuration
#Enable the traffic detection function, and set the detection interval as 3 minutes, and the detection
Examples
threshold as 1024 bytes.
Ruijie(config)# web-auth offline-detect flow idle-timeout 3 threshold 1024
Related
Commands
Command
show web-auth user
Platform
Description
N/A
Description
Shows online information about all users or
specified users.
Command Reference
Web Authentication Commands
web-auth portal key
Use this command to set communication key used between the device and portal server. Use the no
form of this command to delete the key for communication between new Web requests and the
authentication server after the HTTP Web request is redirected.
web-auth portal key key-string
no web-auth portal key
Parameter
Description
Parameter
Description
key-string
This parameter indicates the communication key used between the
device and the authentication server, the maximum length is 255
bytes.
Defaults
By default, no key is set.
Command
Global configuration mode
mode
Usage Guide
Configuration of this parameter is required for the first generation Web authentication
Configuration
#Set the communication key used between device and authentication server as ruijie.
Examples
Ruijie(config)# web-auth portal key ruijie
Related
Commands
Command
http redirect
http redirect homepage
webauth
Platform
Description
Sets IP address of Ruijie first generation portal
server.
Sets authentication homepage address of
Ruijie first generation portal server.
Initiates Web authentication on WLAN.
N/A
Description
web-auth portal
Use this command to configure the web authentication version. In the case of the second-generation
web authentication, specify the name of Portal Server as well. Use the no form of this command to
restore the default settings. This command supports both the global mode and the WLAN security
mode. If no version is specified in the WLAN security mode, the system will by default use the version
configured in the global mode.
web-auth portal { eportalv1 | eportalv2 | iportal | portal-name }
Command Reference
Web Authentication Commands
no web-auth portal
To be compatible with the old command, the device also supports the following hidden command:
web-auth portal-type { v1 | v2 portal-name }
Parameter
Description
Parameter
Description
eportalv1
Ruijie first-generation web authentication
eportalv2
Ruijie second-generation web authentication
iportal
Ruijie built-in portal auth
portal-name
Defaults
Command
mode
Usage Guide
Name of Portal Server. The portal-name must have been created
using the portal-server command.
First-generation web authentication
Global configuration mode and WLAN security configuration mode.
Both the portal and portal-type keywords can be applied to the portal server, but portal-type
keyword is not recommended and will be abandoned gradually.
At most, five commands can be configured in the WLAN security configuration mode. Portal-name
must be created using the portal-server command, and it is required that every portal-name is
different. The system will choose the first configured portal-name as the master authentication server
and followings as back-ups by priority. The priority level decreases based on the configuration
sequence.
If this command is configured in the WLAN safe configuration mode, the global commands will not
take effect in the WLAN security configuration.
Configuration
#Enable Ruijie second-generation web authentication, configure the name of Portal Server as
Examples
"edu-portal" and specify this server as the Portal Server for WLAN 100.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#portal-server
edu-portal
ip
172.20.1.1
url
http://172.20.1.1:7080/index.php
Ruijie(config)# wlansec 100
Ruijie(wlansec)# web-auth portal edu-portal
Related
Commands
Command
portal-server
Platform
Description
Description
Creates the information about the Portal Server
for the second-generation web authentication.
This command is supported only on wireless products.
Command Reference
Web Authentication Commands
web-auth portal-check
Use this command to configure the function which detects whether the portal created by the portal
server command is available or not. Use the no form of this command to disable this function.
web-auth portal-check [ interval intsec ] [ timeout tosec ] [ retransmit retries ]
no web-auth portal [ interval ] [ timeout ] [ retransmit ]
Parameter
Description
Parameter
Description
This parameter indicates the interval for the Portal server to send the
interval
detection information, which ranges from 1 to 1000 seconds. 10
seconds is the default value.
This parameter indicates the maximum timeout period for waiting the
timeout
detection reply; which ranges from 1 to 1000 seconds. 5 seconds is
the default value.
This parameter indicates the times for a portal to retransmit from
retransmit
normal state to dead state, and the times for the portal receives
replied messages to recover from the dead state to the normal state,
which ranges from 1 to 100; the default is 3 times.
Defaults
By default, the portal-based detection is disabled. If it is enabled, the interval is 10 seconds, the
timeout is 5 seconds and the retransmission time is 3 times.
Command
Global configuration mode
mode
Usage Guide
N/A
Configuration
#Enable portal detection, and configure the detection interval as 5 seconds, information reply-waiting
Examples
timeout as 2 seconds and retransmission time as 4 times.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#web-auth portal-check interval 5 timeout 2 retransmit 4
Related
Commands
Command
portal-server
Platform
Description
Description
Configures the Portal Server information for the
second-generation web authentication.
This command is supported only on wireless products.
Command Reference
Web Authentication Commands
web-auth portal-escape
Use this command to enable portal escape. Use the no form of this command to disable portal
escape.
web-auth portal-escape
no web-auth portal-escape
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
By default, portal escape is disabled.
Command
Global configuration mode
mode
Usage Guide
N/A
Configuration
#Enable portal escape.
Examples
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#web-auth portal-escape
Related
Commands
Command
Description
Configures the Portal Server information for the
portal-server
Platform
second-generation web authentication.
This command is supported only on wireless products.
Description
web-auth sta-leave detection
Use this command to configure the link detection functionality. Use the no form of this command to
disable this function.
web-auth sta-leave detection
no web-auth sta-leave detection
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
By default, the wireless link failure detection is enabled on the device.
Command Reference
Command
Web Authentication Commands
Global configuration mode.
mode
Usage Guide
When the wireless network environment is good (good signal and minor interference), it is suggested
to enable the wireless link failure detection so that the device can instantly detect the link failure of
users.
When the wireless network environment is poor (excessive interference), the user's wireless terminal
may log out and log in frequently. In such a case, it is suggested to disable this function and enable
the traffic detection function to detect whether the user has logged out, thus enhancing the user's
surfing experience.
Configuration
#Disable link detection and enable traffic detection.
Examples
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# no web-auth sta-leave detection
Ruijie(config)# web-auth offline-detect flow
Related
Commands
Platform
Command
Description
web-auth offline-detect flow
Low-traffic and connection failure detection.
This command is supported only on wireless products.
Description
web-auth update-interval
Use this command to set the interval of updating the online user information. Use the no form of this
command to restore the interval of updating the online user’s information to the default value.
web-auth update-interval seconds
no web-auth update-interval
Parameter
Description
Parameter
Description
seconds
The parameter indicates the update interval, which ranges from 30 to
3,600 seconds.
Defaults
180 seconds by default
Command
Global configuration mode
mode
Usage Guide
N/A
Command Reference
Web Authentication Commands
Configuration
#Set the interval of updating the online user’s information to 120 seconds.
Examples
Ruijie(config)# web-auth update-interval 120
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
webauth-proxy enable
Use this command to enable proxy detection. Use the no form of this command to disable proxy
detection.
Webauth-proxy enable
no webauth-proxy enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Proxy detection is disabled by default.
Command
Global configuration mode
mode
Usage Guide
If the proxy option has been configured on the browser of a terminal on network, this function must be
enabled so that the web authentication of the terminals can be performed.
Configuration
#Enable proxy detection.
Examples
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# webauth-proxy enable
Related
Commands
Platform
Description
Command
Description
N/A
N/A
This command is supported only on wireless products.
Command Reference
Web Authentication Commands
webauth
Use this command to enable Web authentication on WLAN. Use the no form of this command to
disable the Web authentication.
webauth
no webauth
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
By default, Web authentication on WLAN is disabled.
Command
WLAN security configuration mode.
mode
Usage Guide
By default, the first generation Web authentication is used after being enabled.
Configuration
# Enable the Web authentication function on port WLAN 1, and use Ruijie first generation portal
Examples
server to perform authentication. The IP address of the portal server is 172.20.1.1, the authentication
page URL is http://172.20.1.1/eportal.htm, the key is ruijie. The device communicates with ePortal
through SNMP. The device and the ePortal both belong to the community named public.
Ruijie# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# snmp-server community public rw
Ruijie(config)# snmp-server enable traps web-auth
Ruijie(config)# snmp-server host 172.20.1.1 inform version 2c public web-auth
Ruijie(config)# http redirect 172.20.1.1
Ruijie(config)# http redirect homepage http://172.20.1.1/eportal.htm
Ruijie(config)# web-auth portal key ruijie
Ruijie(config)# wlansec 1
Ruijie(wlansec)# webauth
Ruijie(wlansec)# exit
Related
Commands
Command
show web-auth control
http redirect
http redirect homepage
web-auth portal key
Description
Shows the Web authentication information
corresponding to WLAN.
Sets IP address for Ruijie first generation portal
server.
Sets
homepage
address
of
Ruijie
first
generation portal server.
Sets communication key used between the
device and Ruijie first generation portal server.
Command Reference
Web Authentication Commands
Switches on or off the AAA functionality.
aaa new-model
Configures the AAA network-related accounting
aaa accounting network
Platform
method list.
This command is supported only on wireless products.
Description
clear web-auth portal statistics
Use this command to clear the statistics of Ruijie second-generation and built-in portal web
authentication.
clear web-auth portal statistics
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
The user can use this command to clear the statistics of Ruijie second-generation web authentication
and restart statistics.
Configuration
#Clear statistics of Ruijie second-generation web authentication on the device.
Examples
Ruijie# clear web-auth portal statistics Ruijie(config-interface-vfc)#bind
mac-address 001d.0928.b62f
Related
Commands
Command
Description
Shows relevant configuration and statistics
show web-auth portal
about
the
second-generation
web
authentication.
Platform
This command is supported only on wireless products.
Description
clear web-auth user
Use this command to log out the user according to IP address, MAC address, username or AAA
index.
Command Reference
Web Authentication Commands
clear web-auth user by { ip { ip-address | ipv6-address } | mac mac-address | name name-string | id
id }
Parameter
Description
Parameter
Description
ip
Logs out the user through IP address.
ip-address
Specifies the IPv4 address.
ipv6-address
Specifies the IPv6 address.
mac
Logs out the user through MAC address.
mac-address
Specifies user's MAC address.
name
Logs out the user through username.
name-string
Specifies the username.
aaa-id
Logs out the online user through AAA session identifier.
id
AAA session ID.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
The administrator can log out the online user through the above commands.
If the server allows users with different IP addresses to get authenticated with the same
username, then using the username to log out the user may cause multiple online users
with the specified username to be forced to log out.
Configuration
#Log out the web authenticated user with the IP address 172.250.22.14.
Examples
Ruijie# clear web-auth user by ip 172.250.22.14
Related
Commands
Command
show web-auth user
Platform
Description
Shows
the
authenticated user.
N/A
Description
show http redirect
Use this command to show the configuration of HTTP redirection.
display http redirect
information
about
a
Web
Command Reference
Parameter
Description
Web Authentication Commands
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
You can show the configurations such as HTTP redirection server, interception port, direct user and
direct destination IP address by this command.
Configuration
#Show the configuration of HTTP redirection.
Examples
Ruijie# display http redirect
HTTP redirection settings:
server:
192.168.32.123
port:
80 8000
homepage:
http://192.168.32.123:8888/ePortal/index.jsp
session-limit: 10
timeout:
5
Direct sites:
Address
MASK
ARP Binding
---------------- ---------------- ----------61.233.3.215
255.255.255.255
On
61.233.3.220
255.255.255.255
Off
192.168.5.140
255.255.255.255
Off
218.30.66.101
255.255.0.0
Off
218.30.66.101
255.255.255.255
Off
Direct hosts:
Address
Mask
Port
ARP Binding
---------------- ---------------- ---------- -----------192.168.1.1
255.255.255.255 Fa0/1
Field
HTTP redirection settings
server
port
homepage
session-limit
On
Description
The
field
indicates
the
global
redirection
configuration.
The field indicates the IP address of the redirection
server.
The field indicates the list of redirection HTTP ports.
The field indicates the homepage address of the
redirection page.
The field indicates the maximum number of HTTP
sessions for the same unauthenticated user.
Command Reference
timeout
Direct sites
Direct arp addresses
Address
Mask
ARP Binding
Direct hosts
Address
Mask
Port
ARP Binding
Related
Commands
the redirection connection.
The field indicates the direct destination IP of an
authentication-free network resource.
The field indicates the direct ARP address.
The
field
indicates
the
IP
address
of
an
authentication-free network resource.
The field indicates the IP address mask of an
authentication-free network resource.
(Optional) The field indicates whether ARP binding is
enabled.
The field indicates the direct authentication-free user.
The
field
indicates
the
IP
address
of
an
authentication-free user.
The field indicates the IP address mask of an
authentication-free user.
(Optional) The field indicates the port of the access
device bound to the IP address of the user.
(Optional) The field indicates whether ARP binding is
enabled.
Description
http redirect
Sets the IP address of an authentication server.
http redirect homepage
http redirect port
http redirect session-limit
http redirect timeout
web-auth direct-host
Description
The filed indicates the timeout period that maintains
Command
http redirect direct-site
Platform
Web Authentication Commands
N/A
Sets the scope of authentication-free network
resources.
Sets
the
homepage
address
of
the
authentication page.
Redirects the Web request of the HTTP that the
user initiates to a specific port number.
Indicates the maximum number of HTTP
sessions for the same unauthenticated user.
Sets the timeout period that maintains the
redirection connection.
Sets
the
information
authentication-free users.
of
direct
Command Reference
Web Authentication Commands
show httprd-guard user
Use this command to show the redirection attack user and configuration.
show httprd-guard user
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
#Show the redirection attack user and conifguration.
Examples
Ruijie#show httprd-guard user
Redirect count: 10
Silence period: 3
Interval
: 5
Timer pending : NO
Current time : 2014-7-11 11:02:07
Http redirect guard user number 1:
Wlan
IP
MAC
guard-time
--------- ------------------- -------------- ------------------10
192.168.1.1
FFFF:FFFF:FFFF 2014-7-11 11:02:07
--------- ------------------- -------------- -------------------
Related
Commands
Command
web-auth httprd-guard
Platform
Description
Configures the Web authentication redirection
guard.
N/A
Description
show web-auth portal
Use this command to show relevant configuration and statistics of Ruijie second-generation portal
Command Reference
Web Authentication Commands
web authentication.
show web-auth portal [ v2 [ parameters | aaa | statistics | by-name { eportalv2 | portal-name } ] |
intra [ parameters | statistics | by-name portal-name ] ]
Parameter
Description
Parameter
parameters
Description
(Optional) Shows relevant parameters of Ruijie second-generation
web authentication.
(Optional) Shows the configuration of the global AAA method list for
aaa
Ruijie second-generation web authentication.
statistics
by-name
portal-name
Defaults
N/A
Command
Privileged EXEC mode
(Optional) Shows statistics of Ruijie second-generation web
authentication.
(Optional)
Shows
the
information
a
specified
Ruijie
second-generation Portal Server.
(Optional) Shows the information of the specified Portal Server for
Ruijie second-generation web authentication.
mode
Usage Guide
N/A
Configuration
#Show statistics about Ruijie second-generation web authentication.
Examples
Ruijie# display web-auth portal v2 statistics
V2 Portal User Statistics
Current Online User Count:
20
Max. Online User Count:
23000
Online User Limit:
24576
V2 Portal Communication Statistics
Challenge Req Count:
67000
Challenge Rsp Count:
67000
Challenge Passed Count:
66950
Challenge Failure Count:
50
Challenge Rsp Send Succ Count:
67000
Auth Req Count:
66950
Auth Rsp Count:
66950
Auth Passed Count:
57000
Auth Failure Count:
9950
Auth Rsp Send Succ Count:
66950
Field
of
Description
Command Reference
V2 Portal User Statistics
Web Authentication Commands
Statistics
of
Ruijie
second-generation
web
authentication users.
Current Online User Count
Total amount of current online users.
Max. Online User Count
Maximum number of online users.
Online User Limit
Upper limit of online users.
Statistics of the communication between the
V2 Portal Communication Statistics
device
and
Ruijie
second-generation
Portal
Server.
Challenge Req Count
Challenge Rsp Count
Total amount of Challenge requests received by
the device.
Total amount of Challenge responses sent by the
device.
Challenge Passed Count
Total amount of passed challenge requests.
Challenge Failure Count
Total amount of failed challenge requests.
Challenge Rsp Send Succ Count
Auth Req Count
Auth Rsp Count
Total challenge responses successfully sent by
the device.
Total amount of authentication requests received
by the device.
Total amount of authentication responses sent by
the device.
Auth Passed Count
Total amount of passed authentication requests.
Auth Failure Count
Total amount of failed authentication requests
Auth Rsp Send Succ Count
Total
amount
of
authentication
responses
successfully sent by the device.
Ruijie(config)#interface vfc 2
Ruijie(config-interface-vfc)#bind mac-address 001d.0928.b62f
Related
Commands
Command
clear web-auth portal statistics
Platform
Description
Clears
the
statistics
about
second-generation web authentication.
This command is supported only on wireless products.
Description
show web-auth direct-host
Use this command to show the configuration of Web-authentication-free users (direct users).
show web-auth direct-host
Ruijie
Command Reference
Parameter
Description
Web Authentication Commands
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
#Display the authentication-free users.
Examples
Ruijie# display web-auth direct-host
Direct hosts:
Address
Mask
Port
ARP Binding
---------------- ---------------- ---------- -----------192.168.0.1
255.255.255.255
Fa0/2
On
192.168.4.11
255.255.255.255
Fa0/10
On
192.168.5.0
255.255.255.0
Fa0/16
Off
Field
Description
Address
The field indicates the IP address of an authentication-free user.
Mask
Port
ARP Binding
Related
Commands
The field indicates the IP address mask of an authentication-free
user.
The field indicates the port of the access device bound to the IP
address of the user.
The field indicates whether ARP binding is enabled.
Command
web-auth direct-host
Platform
Description
Sets the IP addresses of the authentication-free
users.
N/A
Description
show web-auth control
Use this command to show the authentication configuration and statistics of a basic controlled unit
(the controlled unit is WLAN on a wireless device)
show web-auth port-control
Command Reference
Parameter
Description
Web Authentication Commands
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Use this command to show the status of web authentication.
Configuration
#Show the authentication configuration and statistics on an interface.
Examples
Ruijie#show web-auth control
Port
Control
Server Name
Authentication mode
Online User Count
------------------------- -------- --------------------- ----------------Wlan 1
On
gateway
0
......
Field
Description
Port
The parameter indicates a basic controlled unit.
Control
Authentication Mode
Online User Count
Related
Commands
Platform
The parameter indicates whether Web authentication of the
controlled unit is enabled.
Controlled type of Web authentication of the controlled unit.
The parameter indicates the number of current online users of the
controlled unit.
Command
Description
webauth
Enables Web authentication on WLAN.
N/A
Description
show web-auth user
Use this command to show the online information (including the IP address, interface, and online
hours) of all users or specified users
show web-auth user { { { all | intra | v1 | v2 } [ online-only ] [ start-from index ] [ display-amount ] } |
statistics | ip-address { ip-address | ipv6-address } }
Parameter
Description
Parameter
Description
Command Reference
Web Authentication Commands
all
Shows all types of Web authentication users.
v1
Shows all Ruijie first generation Web authentication users.
Online-only
(Optional) Shows only online users.
Shows all Ruijie second generation portal Web authentication
v2
users.
intra
Shows all Ruijie built-in portal Web authentication users.
start-from
(Optional) Shows users starting from the index user.
index
(Optional) Specifies from which user to display
display-amount
(Optional) Specifies the maximum number of users displayed
statistics
Shows statistics of Web authentication users.
ip-address
Shows information about users with a specified IP.
ipv6-address
Shows information about users with a specified IP.
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
#Show all Web authentication users.
Examples
Ruijie# display web-auth user all
Statistics:
Type
Online Total
Accumulation
-------------- ------- ------- -----------V1 Portal
2
4
10
V2 Portal
0
1
39
-------------- ------- ------- -----------Total
2
5
49
V1 Portal Authentication Users
--------------------------------------------------Index Address
Online Time Limit
Time Used
Status
----- ------------- ------ ------------- ------------- 1
0d 01:00:00
0d 00:15:10
192.168.0.11 On
Active
2
192.168.0.13 On
0d 00:00:00
0d 00:00:59
Active
3
192.168.0.25 Off
0d 00:00:00
0d 00:00:00
Create
4
192.168.0.46 Off
0d 01:00:00
0d 01:00:00
Destroy
--------------------------------------------------V2 Portal Authentication Users
--------------------------------------------------Index Address
Online Time Limit
Time Used Status
----- ------------- ------ ----------- ---------1
172.16.20.2
Off
0d 00:00:00 0d 00:00:00 Authenticating
Command Reference
Web Authentication Commands
---------------------------------------------------
Users get online and offline during the check, therefore, the statistics of current user
number might be different from the following list of detailed user status.
#Show users with the IP addresses 172.250.22.14 and 172.16.20.2
Ruijie# display web-auth user 172.16.20.2
Type
Address
:
V2 Portal
:
172.16.20.2
Mac
:
00d0.f800.2234
Wlan
:
200
Online
:
Off
Time Limit
:
0d 00:00:00
Time Used
:
0d 00:00:00
Time Start
:
N/A
Flow used
:
xxxx Bytes
FLOW limit
:
xxxx Bytes
Status
:
Authenticating
AAA Id
:
0
Username
:
N/A
Field
Description
Statistics:
Statistics of Web authentication users
Type
Web authentication type
Online
Number of currently online users
Total
Total number of current users (offline included)
Accumulation
Accumulated number of online users
V1
Portal
Information about Ruijie first generation Web authentication users.
Authentication Users
V2
Portal
Information about Ruijie second generation Web authentication users.
Authentication Users
Index
Index number of current display
Address
IP addresses of users
Online
The status of users, which can be displayed as “on” or “off”.
Time Limit
Online hours available to users, only applicable for online users. For
online users, "0d 00:00:00” means unlimited online hours.
Time Used
Used online hours, only applicable for online users.
The specific status of users
The specific status of Ruijie first authentication users is as follows:
Active: meaning users are normally online
Status
Create: meaning users have been just created and configuration has not
been finished
Destroy: meaning users have been just deleted and configuration has not
been deleted
Command Reference
Web Authentication Commands
The specific status of Ruijie second authentication users is as follows:
Initialized: the device has been initialized and is waiting for user
authentication.
Chap: Central moving portal is performing the user CHAP authentication
with device.
Authenticating: Authentication is in progress.
WaitAffAckAuth: Authentication succeeds; the result has been reported
to Ruijie second generation Portal and the device is waiting for Portal
confirmation.
Authenticated: Users’ authentication succeeds, and users are online.
WaitAckLogout: The device logs out the user, and has reported to Portal.
The device is waiting for confirmation from the Portal .
StopAcct: The accounting is suspended.
WaitDelete: Users are in the status of waiting to be deleted, during which,
if HTTP redirection happens or users send authentication requests, users
can be reactivated.
Time start
The time that a user pass the authentication and be online
AAA id
Internal AAA identification index of Ruijie second generation Web
authentication users’ device.
Username
Related
Commands
Platform
Description
Username of a Ruijie second generation Web authentication online user.
Command
Description
N/A
N/A
This command is supported only on wireless products.
Command Reference
AAA Commands
AAA Commands
aaa authentication dot1x
Use this command to enable AAA authentication 802.1x and configure an 802.1x user authentication
method list in global configuration mode.
Use the no form of this command to delete the 802.1x user authentication method list.
aaa authentication dot1x { default | list-name } method1 [ method2...]
no aaa authentication dot1x { default | list-name }
Parameter
Description
Parameter
default
list-name
method
Description
When this parameter is used, the following defined 802.1x user authentication
method list is used as the default method of user authentication.
Specifies the name of an 802.1x user authentication method list, which can be
any character string.
It must be one of the keywords: local, none, and group. One method list can
contain up to four methods.
local
Uses the local user name database for authentication.
none
Authentication is not performed.
group
Uses a server group for authentication. Currently, the RADIUS server group is
supported.
Defaults
N/A
Command
Global configuration mode
Mode
Usage Guide
If the AAA 802.1x security service is enabled on equipment, AAA is required for 802.1x user
authentication negotiation. Use the aaa authentication dot1x command to configure a default or
an optional method list of 802.1x user authentication.
The next method can be used for authentication only when the current method does not respond.
Configuration
The following example defines an AAA 802.1x user authentication method list named rds_d1x. In
Examples
the authentication method list, the RADIUS security server is used for authentication first. If the
RADIUS security server does not respond within the specified period of time, the local user database
is used for authentication..
Ruijie(config)# aaa authentication dot1x rds_d1x group radius local
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
dot1x authentication
Associates a specific method list with the 802.1x user.
Command Reference
username
Platform
AAA Commands
Defines a local user database.
N/A
Description
aaa authentication enable
Use this command to enable AAA Enable authentication and configure an Enable authentication
method list in global configuration mode.
Use the no form of this command to delete the user authentication method list.
aaa authentication enable default method1 [method2...]
no aaa authentication enable default
Parameter
Parameter
Description
When this parameter is used, the following defined
Description
authentication method list is used as the default method of
default
Enable authentication. Enable authentication is global
authentication. Currently, only configuration of a default
authentication method list is supported.
method
It must be one of the keywords: local, none, and group.
One method list can contain up to four methods.
local
Uses the local user name database for authentication.
none
Authentication is not performed.
group
Defaults
N/A
Command
Global configuration mode
Uses a server group for authentication. Currently, the
RADIUS and TACACS+ server groups are supported.
Mode
Usage Guide
If the AAA Enable authentication service is enabled on equipment, AAA is required for Enable
authentication negotiation. Use the aaa authentication enable command to configure a default
method list of Enable authentication.
The next method can be used for authentication only when the current method does not respond.
The Enable authentication function automatically takes effect after the Enable authentication method
list is configured.
Configuration
The following example defines an AAA Enable authentication method list. In the authentication
Examples
method list, the RADIUS security server is used for authentication first. If the RADIUS security server
does not respond with the specified period of time, the local user database is used for authentication.
Ruijie(config)# aaa authentication enable default group radius local
Related
Command
Description
Command Reference
Commands
Platform
AAA Commands
aaa new-model
Enables the AAA security service.
enable
Switches the user level.
username
Defines a local user database.
N/A
Description
aaa authentication login
Use this command to enable AAA login authentication and configure a login authentication method
list in global configuration mode.
Use the no form of this command to delete the authentication method list.
aaa authentication login { default | list-name } method1 [ method2..]
no aaa authentication login { default | list-name }
Parameter
Description
Parameter
default
list-name
method
Description
When this parameter is used, the following defined authentication
method list is used as the default method of login authentication.
Specifies the name of a login authentication method list, which can be
any character strings.
It must be one of the keywords: local, none, and group. One
method list can contain up to four methods.
local
Uses the local user name database for authentication.
none
Identify authentication is not performed.
group
Defaults
N/A
Command
Global configuration mode
Uses a server group for authentication. Currently, the RADIUS and
TACACS+ server groups are supported.
Mode
Usage Guide
If the AAA login authentication security service is enabled on equipment, AAA is required for login
authentication negotiation. Use the aaa authentication login command to configure a default or
an optional method list of login authentication.
The next method can be used for authentication only when the current method does not respond.
You must apply the configured login authentication method to the terminal line that requires login
authentication; otherwise, the configured login authentication method is ineffective.
Configuration
The following example defines an AAA login authentication method list named list-1. In the
Examples
authentication method list, the RADIUS security server is used for authentication first. If the RADIUS
security server does not respond within the specified period of time, the local user database is used
for authentication.
Command Reference
AAA Commands
Ruijie(config)# aaa authentication login list-1 group radius local
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
username
Defines a local user database.
login authentication
Applies the login authentication method to a terminal line.
Platform
N/A
Description
aaa authentication ppp
Use this command to enable AAA PPP user authentication and configure a PPP user authentication
method list in global configuration mode.
Use the no form of this command to delete the authentication method list.
aaa authentication ppp { default | list-name } method1 [ method2...]
no aaa authentication ppp { default | list-name }
Parameter
Parameter
Description
When this parameter is used, the following defined authentication
Description
default
method list is used as the default method of PPP user
authentication.
list-name
method
Specifies the name of a PPP user authentication method list, which
can be any character strings.
It must be one of the keywords: local, none, and group. One
method list can contain up to four methods.
local
Uses the local user name database for authentication.
none
Identity authentication is not performed.
group
Defaults
N/A
Command
Global configuration mode
Uses a server group for authentication. Currently, the RADIUS and
TACACS+ server groups are supported.
Mode
Usage Guide
If the AAA PPP security service is enabled on equipment, AAA is required for PPP authentication
negotiation. Use the aaa authentication ppp command to configure a default or an optional
method list of PPP user authentication.
The next method can be used for authentication only when the current method does not respond.
Configuration
The following example defines an AAA PPP authentication method list named rds_ppp. In the
Examples
authentication method list, the RADIUS security server is used for authentication first. If the RADIUS
Command Reference
AAA Commands
security server does not respond within the specified period of time, the local user database is used
for authentication.
Ruijie(config)# aaa authentication ppp rds_ppp group radius local
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
ppp authentication
Associates a specific method list with a PPP user.
username
Defines a local user database.
Platform
N/A
Description
login authentication
Use this command to apply a login authentication method list to the specified terminal line.
Use the no form of this command to remove the application of the login authentication method list.
login authentication {default | list-name}
no login authentication
Parameter
Parameter
Description
Description
default
Applies the default login authentication method list.
list-name
Applies a defined login authentication method list.
Defaults
N/A
Command
Line configuration mode
Mode
Usage Guide
Once the default login authentication method list has been configured, it will be applied to all terminals
automatically. If a non-default login authentication method list has been applied to a terminal, it will
replace the default one. If you attempt to apply an undefined method list, you will be notified that the
login authentication on this line is ineffective until the method list is defined.
Configuration
The following example defines an AAA login authentication method list named list-1. In the
Examples
authentication method list, the local user database is used for authentication first. Then, apply this
method to VTY 0-4.
Ruijie(config)# aaa authentication login list-1 local
Ruijie(config)# line vty 0 4
Ruijie(config-line)# login authentication list-1
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
username
Defines a local user database.
Command Reference
AAA Commands
login authentication
Platform
Configures a login authentication method list.
N/A
Description
aaa authorization commands
Use this command to authorize the commands executed by users that have logged in to the network
access server (NAS) command-line interface (CLI).
Use the no form of this command to disable the AAA command authorization function.
aaa authorization commands level { default | list-name} method1 [method2...]
no aaa authorization commands level { default | list-name}
Parameter
Parameter
Description
Description
level
Specifies the command level to be authorized, in the range from 0 to 15. You can
run this command after the authorization of a specific command level is passed.
default
When this parameter is used, the following defined method list is used as the
default method of command authorization.
list-name
Specifies the name of a command authorization method list, which can be any
character strings.
method
It must be one of the keywords: local, none, and group. One method list can
contain up to four methods.
none
Authorization is not performed.
group
Uses a server group for authorization. Currently, the TACACS+ server group is
supported
Defaults
AAA command authorization is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
RGOS supports authorization of the commands executed by users. When a user inputs and attempts
to run a command, AAA sends this command to the security server. This command will be executed if
the security server allows command execution; otherwise, it will prompt command execution denial.
You are required to specify the command level when configuring command authorization. This
specified command level is the default command level (for example, the default level of a command is
14 when the command is visible for users above level 14).
You must apply the configured command authorization method to the terminal line that requires
command authorization; otherwise, the configured command authorization method is ineffective.
Configuration
The following example uses the TACACS+ server to authorize level 15 commands.
Examples
Ruijie(config)# aaa authorization commands 15 default group tacacs+
Command Reference
AAA Commands
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa authorization commands
Applies command authorization to a terminal line.
Platform
N/A
Description
aaa authorization config-commands
Use this command to authorize configuration commands (including in global configuration mode and
its sub-mode) through AAA.
Use the no form of this command to disable the AAA authorization function for configuration
commands.
aaa authorization config-commands
no aaa authorization config-commands
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
Configruation command authorization is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
If you only need to authorize commands in non-configuration mode (for example, in privileged EXEC
mode), use the no form of this command to disable the authorization function in configuration mode.
This action allows you to run commands in configuration mode and its sub-mode without command
authorization.
Configuration
The following example enables the configuration command authorization function.
Examples
Ruijie(config)# aaa authorization config-commands
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa authorization commands
Defines AAA command authorization.
Platform
N/A
Description
aaa authorization console
Use this command to authorize the commands executed by users that log in from the console in
global configuration mode.
Command Reference
AAA Commands
Use the no form of this command to disable the AAA command authorization function.
aaa authorization console
no aaa authorization console
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
Command authorization for users on the console is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
RGOS supports identifying users that log in from the console and from other terminals. You can
configure whether to authorize the commands executed by users that log in from the console. If the
command authorization function is disabled on the console, the command authorization method list
applied to the console line is ineffective.
Configuration
Examples
The following example enables the command authorization function for users that log in from the
console.
Ruijie(config)# aaa authorization console
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa authorization commands
Defines
authorization commands
Applies command authorization to a terminal line.
Platform
AAA command authorization.
N/A
Description
aaa authorization exec
Use this command to perform AAA EXEC authorization on users that have logged in to the NAS CLI
and assign authority levels.
Use the no form of this command to disable the AAA EXEC authorization function.
aaa authorization exec { default | list-name } method1 [ method2...]
no aaa authorization exec { default | list-name }
Parameter
Parameter
Description
default
list-name
method
Description
When this parameter is used, the following defined method list is used as the default
method of EXEC authorization.
Specifies the name of an EXEC authorization method list, which can be any
character strings.
It must be one of the keywords: local, none, and group.. One method list can
Command Reference
AAA Commands
contain up to four methods.
local
Uses the local user name database for authorization.
none
Authorization is not performed.
group
Uses a server group for authorization. Currently, the RADIUS and TACACS+ server
groups are supported.
Defaults
AAA EXEC authorization is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
RGOS supports authorization of users that have logged in to the NAS CLI and assignment of CLI
authority levels (in the range from 0 to 15). The EXEC authorization function is effective only for users
that pass login authentication. Users cannot enter the CLI if EXEC authorization fails.
You must apply the configured EXEC authorization method to the terminal line that requires EXEC
authorization; otherwise the configured method is ineffective.
Configuration
The following example uses the RADIUS server to implement EXEC authorization.
Examples
Ruijie(config)# aaa authorization exec default group radius
Related
Command
Commands
aaa
new-model
authorization
exec
username
Platform
Description
Enables the AAA security service.
Applies authorization to a terminal line.
Defines a local user database.
N/A
Description
aaa authorization network
Use this command to perform AAA authorization on the service requests (including such protocols as
PPP and SLIP) from users that access networks in global configuration mode.
Use the no form of this command to disable the AAA authorization function.
aaa authorization network { default | list-name } method1 [ method2...]
no aaa authorization network { default | list-name }
Parameter
Description
Parameter
default
method
Description
When this parameter is used, the following defined method list is used
as the default method of network authorization.
It must be one of the keywords: none and group. One method list can
contain up to four methods.
Command Reference
AAA Commands
Network authorization is not performed.
none
Uses a server group for authorization. Currently, the RADIUS and
group
TACACS+ server groups are supported.
Defaults
AAA network authorization is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
RGOS supports authorization of all network-related service requests, such as PPP and SLIP. If
authorization is configured, all authenticated users or interfaces will be authorized automatically.
Three different authorization methods can be specified. Like identity authentication, the next method
can be used for authorization only when the current authorization method does not respond. If the
current authorization method fails, the subsequent authorization method is not used.
The RADIUS or TACACS+ server authorizes authenticated users by returning a series of attributes.
Therefore, network authorization is based on autheitcation. Network authorization is performed only
on authenticated users.
Configuration
The following example uses the RADIUS server to authorize network services.
Examples
Ruijie(config)# aaa authorization network default group radius
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa accounting
Defines AAA accounting.
aaa authentication
Defines AAA identity authentication.
username
Defines a local user database.
Platform
N/A
Description
authorization commands
Use this command to apply a command authorization method list to the specified terminal line in line
configuration mode.
Use the no form of this command to remove the application of the command authentication method
list.
authorization commands level { default | list-name}
no authorization commands level
Parameter
Parameter
Description
Specifies the command level to be authorized, in the range from 0 to 15. You
Description
level
can run this command after the authorization of a specific command level is
passed
Command Reference
default
list-name
AAA Commands
When this parameter is used, the following defined method list is used as the
default method of command authorization.
Applies a defined command authorization method list.
Defaults
AAA command authorization is disabled by default.
Command
Line configuration mode
Mode
Usage Guide
Once the default command authorization method list has been configured, it will be applied to all
terminals automatically. If a non-default command authorization method list is applied to a terminal, it
will replace the default one. If you attempt to apply an undefined method list, you will be notified that
the command authorization on this line is ineffective until the method list is defined.
Configuration
The following example defines a command authorization method list named cmd to authorize level 15
Examples
commands, and uses TACACS+ as the security server. The none method will be used if the server
does not respond. The configured method list is applied to the VTY 0 – 4 line.
Ruijie(config)# aaa authorization commands 15 cmd group tacacs+ none
Ruijie(config)# line vty 0 4
Ruijie(config-line)# authorization commands 15 cmd
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
authorization commands
Applies the AAA command authorization method list.
Platform
N/A
Description
authorization exec
Use this command to apply an EXEC authorization method list to the specified terminal line.
Use the no form of this command to remove the application of the EXEC authentication method list.
authorization exec { default | list-name }
no authorization exec
Parameter
Parameter
Description
Description
default
Applies the default EXEC authorization method.
list-name
Applies a defined EXEC authorization method list.
Defaults
No default AAA EXEC authentication method list is configured.
Command
Line configuration mode.
Mode
Command Reference
Usage Guide
AAA Commands
Once the default EXEC authorization method list has been configured, it will be applied to all
terminals automatically. If a non-default EXEC authorization method list is applied to a line, it will
replace the default one. If you attempt to apply an undefined method list, you will be notified that the
EXEC authorization on this line is ineffective until the method list is defined.
Configuration
The following example defines an EXEC authorization method list named exec-1, and uses RADIUS
Examples
as the security server. The none method will be used if the server does not respond. The configured
method list is applied to the VTY 0 – 4 line.
Ruijie(config)# aaa authorization exec exec-1 group radius none
Ruijie(config)# line vty 0 4
Ruijie(config-line)# authorization exec exec-1
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa authorization commands
Defines an AAA EXEC authorization method list.
Platform
N/A
Description
aaa accounting commands
Use this command to perform accounting on the command activities of users that have logged in to
the NAS in global configuration mode in order to manage user activities.
Use the no form of this command to disable the command accounting function.
aaa accounting commands level { default | list-name} start-stop method1 [method2...]
no aaa accounting commands level { default | list-name}
Parameter
Description
Parameter
level
default
list-name
method
none
group
Description
Specifies the command level for accounting, in the range from 0 to 15. Related
messages are recorded when you determine which command level is executed.
When this parameter is used, the following defined method list is used as the default
method of command accounting.
Speficies the name of a command accounting method list, which can be any
character strings.
It must be one of the keywords none and group. One method list can contain up to
four methods:
Accounting is not performed.
Uses a server group for accounting. Currently, the TACACS+ server group is
supported.
Defaults
Accounting is disabled by default.
Command
Global configuration mode
Command Reference
AAA Commands
Mode
Usage Guide
RGOS enables the command accounting function only after users pass login authentication.
Command accounting is not performed when users are not anthenticated upon login or the none
authentication method is used. After the accounting function is enabled, command information is sent
to the security service each time when users run the specified level of commands.
You must apply the configured command accounting method to the terminal line that requires
command accounting; otherwise, the configured command accounting method is ineffective.
Configuration
The following example performs accounting on the command requests from usersby using
Examples
TACACS+, and configures the accounting command level to 15.
Ruijie(config)# aaa accounting commands 15 default start-stop group tacacs+
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa authentication
Defines AAA identity authentication.
accounting commands
Applies command accounting to a terminal line.
Platform
N/A
Description
aaa accounting exec
Use this command to perform accounting on the access activities of users that log in to the NAS in
global configuration mode in order to manage user activities.
Use the no form of this command to disable the EXEC accounting function.
aaa accounting exec { default | list-name } start-stop method1 [ method2... ]
no aaa accounting exec { default | list-name }
Parameter
Parameter
Description
default
list-name
method
none
group
Description
When this parameter is used, the following defined method list is used as
the default method of EXEC accounting.
Specifies the name of an EXEC accounting method list, which can be any
character strings.
It must be one of the keywords: none and group. One method list can
contain up to four methods.
Accounting is not performed.
Uses a server group for accounting. Currently, the RADIUS and
TACACS+ server groups are supported.
Defaults
Accounting is disabled by default.
Command
Global configuration mode
Command Reference
AAA Commands
Mode
Usage Guide
RGOS enables the EXEC accounting function only after users pass login authentication. EXEC
accounting is not performed when users are not anthenticated upon login or the none authentication
method is used.
After the accounting function is enabled, an accounting start message is sent to the security server
when a user logs in to the NAS CLI, and an accounting stop message is sent to the security server
when the user logs out. If an accounting start message is not sent to the security server when a user
logs in, an accounting stop message is not sent to the security server when the user logs out.
You must apply the configured EXEC accounting method to the terminal line that requires command
accounting; otherwise, the configured EXEC accounting method is ineffective..
Configuration
The following example performs accounting on users' NAS login activities by using RADIUS, and
Examples
sends accounting messages at the start time and end time of access.
Ruijie(config)# aaa accounting exec default start-stop group radius
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa authentication
Defines AAA identity authentication.
accounting commands
Applies EXEC accounting to a terminal line.
Platform
N/A
Description
aaa accounting network
Use this command to perform accounting on users' access activities in global configuration mode in
order to count network access fees or manage user activities.
Use the no form of this command to disable the network accounting function.
aaa accounting network { default | list-name } start-stop
method1 [ method2... ]
no aaa accounting network { default | list-name }
Parameter
Parameter
Description
default
list-name
Description
When this parameter is used, the following defined method list is used as the
default method of network accounting.
Specifies the name of an accounting method list.
Sends accounting messages at both the start time and end time of users'
start-stop
network access. Users are allowed to access networks regardless of
whether the accounting start message enables accounting successfully.
method
It must be one of the keywords: none and group. One method list can
contain up to four methods.
none
Accounting is not performed.
group
Uses a server group for accounting. Currently, the RADIUS and TACACS+
Command Reference
AAA Commands
server groups are supported.
Defaults
Accounting is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
RGOS performs accounting on user activities by sending record attributes to the security server. Use
the start-stop keyword to set the user accounting option.
Configuration
The following example performs accounting on the network service requests from users by using
Examples
RADIUS, and sends accounting messages at the start time and end time of network access:
Ruijie(config)# aaa accounting network default start-stop group radius
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa
authorization
network
Platform
Defines AAA network authorization.
aaa authentication
Defines AAA identity authentication.
username
Defines a local user database.
N/A
Description
aaa accounting update
Use this command to enable the accounting update function in global configuration mode.
Use the no form of this command to disable the accounting update function.
aaa accounting update
no aaa accounting update
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
Accounting update is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
If the AAA security service is not enabled, the accounting update function cannot be used. This
command is used to set the accounting update function after the AAA security service is enabled.
Configuration
The following example enables the accounting update function.
Examples
Ruijie(config)# aaa new-model
Command Reference
AAA Commands
Ruijie(config)# aaa accounting updatee
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa accounting network
Defines a network accounting method list.
Platform
N/A
Description
aaa accounting update periodic
Use this command to set the accounting update interval in global confguration mode after the
accounting update function is enabled.
Use the no form of this command to restore the accounting update interval to the default value.
aaa accounting update periodic interval
no aaa accounting update periodic
Parameter
Description
Parameter
interval
Description
Specifies the accounting update interval, in minutes.
The shortest interval is one minute.
Defaults
The default accounting update interval is five minutes.
Command
Global configuration mode
Mode
Usage Guide
If the AAA security service is not enabled, the accounting update function cannot be used. This
command is used to set the accounting update interval after the AAA security service is enabled.
Configuration
The following example sets the accounting update interval to one minute.
Examples
Ruijie(config)# aaa new-model
Ruijie(config)# aaa accounting update
Ruijie(config)# aaa accounting update periodic 1
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa accounting network
Defines a network accounting method list.
Platform
Description
N/A
Command Reference
AAA Commands
accounting commands
Use this command to apply a command accounting list to the specified terminal line in line
configruation mode.
Use the no form of this command to disable the command accounting function on the terminal line.
accounting commands level { default | list-name }
no accounting commands level
Parameter
Parameter
Description
Description
level
Specifies the command level for accounting, in the range from 0 to 15.
default
Applies the default command accounting method.
list-name
Uses a defined command accounting method list.
Defaults
Accounting is disabled by default.
Command
Line configuration mode
Mode
Usage Guide
Once the default command accounting method list has been configured, it will be applied to all
terminals automatically. If a non-default command accounting method list has been applied to a line,
it will replace the default one. If you attempt to apply an undefined method list, you will be notified that
the command accounting on this line is ineffective until the method list is defined.
Configuration
The following example defines a command accounting method list named cmd to authorize level 15
Examples
commands, and uses TACACS+ as the security server. The none method will be used if the server
does not respond. The configured method list is applied to the VTY 0 – 4 line.
Ruijie(config)# aaa accounting commands 15 cmd group tacacs+ none
Ruijie(config)# line vty 0 4
Ruijie(config-line)# accounting commands 15 cmd
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa accouting commands
Defines an AAA command accounting method list.
Platform
N/A
Description
accounting exec
Use this command to apply an EXEC accouting method list to the specified terminal line in line
configuration mode.
Use the no form of this command to disable the EXEC accounting function on the terminal line.
accounting exec { default | list-name }
Command Reference
AAA Commands
no accounting exec
Parameter
Parameter
Description
Description
default
Applies the default EXEC accounting method.
list-name
Uses a defined EXEC accounting method list.
Default
Accounting is disabled by defaults.
Command
Line configuration mode
Mode
Usage Guide
Once the default EXEC accounting method list has been configured, it will be applied to all terminals
automatically. If a non-default EXEC accounting method list has been applied to a line, it will replace
the default one. If you attempt to apply an undefined method list, you will be notified that the EXEC
accounting on this line is ineffective until the method list is defined.
Configuration
The following example defines an EXEC accounting method list named exec-1, and uses RADIUS as
Examples
the security server. The none method will be used if the server does not respond. The configured
method list is applied to the VTY 0 – 4 line.
Ruijie(config)# aaa accounting exec exec-1 group radius none
Ruijie(config)# line vty 0 4
Ruijie(config-line)# accounting exec exec-1
Related
Commands
Platform
Command
Description
aaa new-model
Enables the AAA security service.
aaa accouting commands
Defines an AAA EXEC accouting method list.
N/A
Description
aaa domain
Use this command to enter domain configuation mode and configure domain attributes.
Use the no form of this command to remove the setting.
aaa domain { default | domain-name }
no aaa domain { default | domain-name }
Parameter
Parameter
Description
Description
default
Configures the default domain.
domain-name
Specifies the name of a domain.
Defaults
No domain is configured by default.
Command Reference
Command
AAA Commands
Global configuration mode
Mode
Usage Guide
Use this command to configure the domain name-based AAA service. The default parameter is used
to configure the default domain. That is the method list used by network equipment if users do not
carry domain information. The domain-name parameter is used to configure the specified domain
name. If users carry this domain name, the method lists associated with this domain are used.
Currently, the system can configure up to 32 domains.
Configuration
The following example configures a domain name.
Examples
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)#
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa domain enable
Enables the domain name-based AAA service.
show aaa domain
Displays domain configuration.
Platform
N/A
Description
aaa doman enable
Use this command to enable the domain name-based AAA service, which is disabled by default.
When the domain name-based AAA service is enabled, the domain name-based AAA service
configuration is preferred.
Use the no form of this command to disable the domain name-based AAA service.
aaa domain enable
no aaa domain enable
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The domain name-based AAA service is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
Use this command to enable the domain name-based AAA service when you perform domain
name-based AAA service configuration.
Configuration
The following example enables the domain name-based AAA service.
Examples
Ruijie(config)# aaa domain enable
Command Reference
AAA Commands
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
show aaa doamain
Displays domain configuration.
Platform
N/A
Description
access-limit
Use this command to configure the maximum number of users for domains, which is valid only for
IEEE802.1x users.
Use the no form of this command to remove the setting.
access-limit num
no access-limit
Parameter
Parameter
Description
Description
num
Maximum number of users for domains, which is valid only for IEEE802.1x users
Defaults
The number of users is not limited by default.
Command
Domain configuration mode
Mode
Usage Guide
Use this command to configure the maximum number of users for domains.
Configuration
The following example sets the maximum number of users to 20 for the domain named ruijie.com.
Examples
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# access-limit 20
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa domain enable
Enables the domain name-based AAA service.
show aaa domain
Displays domain configuration.
Platform
N/A
Description
accounting network
Use this command to configure a network accounting method list in domain conifguration mode.
Use the no form of this command to remove the setting.
accounting network { default | list-name }
Command Reference
AAA Commands
no accounting network
Parameter
Parameter
Description
Description
default
Specifies the default method list.
list-name
Specifies the name of a method list.
Defaults
With no method list specified, if a user sends a request, network equipment will attempt to specify the
default method list for the user.
Command
Mode
Domain configuration mode
Usage Guide
Use this command to configure a network accounting method list for a domain.
Configuration
Examples
The following example configures a network accounting method list for a domain.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# accounting network default
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa domain enable
Enables the domain name-based AAA service.
show aaa domain
Displays domain configuration.
Platform
N/A
Description
authentication dot1x
Use this command to configure an IEEE802.1x authentication method list in domain configuration
mode.
Use the no form of this command to remove the setting.
authentication dot1x { default | list-name }
no authentication dot1x
Parameter
Description
Defaults
Parameter
Description
default
Specifies the default method list.
list-name
Specifies the name of a method list.
With no method list specified, if a user sends a request, network equipment will attempt to specify the
default method list for the user.
Command
Mode
Domain configuration mode
Command Reference
Usage Guide
Configuration
Examples
AAA Commands
Use this command to configure an IEEE802.1x authentication method list for a domain.
The following example configures an IEEE802.1x authentication method list for a domain.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# authentication dot1x default
Command
Description
Related
aaa new-model
Enables the AAA security service.
Commands
aaa domain enable
Enables the domain name-based AAA service.
show aaa domain
Displays domain configuration.
Platform
N/A
Description
authorization network
Use this command to configure a network authorization list in domain configuration mode.
Use the no form of this command to remove the setting.
authorization network { default | list-name }
no authorization network
Parameter
Parameter
Description
Description
default
Specifies the default method list.
list-name
Specifies the name of a method list.
Defaults
With no method list specified, if a user sends a request, network equipment will attempt to specify the
default method list for the user.
Command
Domain configuration mode
Mode
Usage Guide
Use this command to configure a network authorization list for a domain.
Configuration
The following example configures a network authorization list for a domain.
Examples
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# authorization network default
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa domain enable
Enables the domain name-based AAA service.
show aaa domain
Displays domain configuration.
Command Reference
Platform
AAA Commands
N/A
Description
state
Use this command to set whether the configured domain is valid.
Use the no form of this command to restore to the default setting.
state { block | active }
no state
Parameter
Parameter
Description
Description
block
The configured domain is invalid.
active
The configured domain is valid.
Defaults
The configured domain is valid by default.
Command
Domain configuration mode
Mode
Usage Guide
Use this command to set whether the specified configured domain is valid.
Configuration
The following example sets the configured domain to be invalid.
Examples
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# state block
Related
Command
Description
Commands
aaa new-model
Enables the AAA security service.
aaa domain enable
Enables the domain name-based AAA service.
show aaa domain enable
Displays domain configuration .
Platform
N/A
Description
show aaa domain
Use this command to query all current domain information
show aaa domain [ default | domain-name ]
Parameter
Description
Defaults
Parameter
Description
default
Displays the default domain information.
domain-name
Displays information about the specified domain.
N/A
Command Reference
Command
AAA Commands
Privileged EXEC mode
Mode
Usage Guide
If no domain name is specified, all domain information will be displayed.
The following example displays the domain named domain.com.
Ruijie# show aaa domain domain.com
=============Domain domain.com=============
State: Active
Configuration
Examples
Username format: Without-domain
Access limit: No limit
802.1X Access statistic: 0
Selected method list:
authentication dot1x default
Related
Commands
Platform
Command
Description
aaa new-model
Enables the AAA security service.
aaa domain enable
Enables the domain name-based AAA service.
N/A
Description
username-format
Use this command to configure whether user names carry domain information when the NAS
interacts with servers.
Use the no form of this command restores to the default setting.
username-format { without-domain | with-domain }
no username-format
Parameter
Description
Parameter
Description
without-domain
Domain information is removed from user names.
with-domain
Domain information is retained in user names.
Defaults
Domain information is retained in user names by default.
Command
Domain configuration mode
Mode
Usage Guide
Use this command to configure whether user names carry domain information when the NAS
interacts with servers.
Command Reference
Configuration
Examples
AAA Commands
The following example configures a user name to remove domain information.
Ruijie(config)# aaa domain ruijie.com
Ruijie(config-aaa-domain)# username-domain without-domain
Command
Description
Related
aaa new-model
Enables the AAA security service.
Commands
aaa domain enable
Enables the domain name-based AAA service.
show aaa domain
Displays domain configuration.
Platform
N/A
Description
aaa group server
Use this command to enter AAA server group comfiguration mode.
Use the no form of this command to delete server groups.
aaa group server { radius | tacacs+ } name
no aaa group server { radius | tacacs+ } name
Parameter
Description
Parameter
Description
Name of a server group. It cannot be the keywords radius or tacacs+
name
because RADIUS and TACACS+ are the default server group names.
Defaults
N/A
Command
Global configuration mode
Mode
Usage Guide
Use this command to confgure AAA server groups. Currently, the RADIUS and TACACS+ server
groups are supported.
Configuration
The following example configures an AAA server group.
Examples
Ruijie(config)# aaa group server radius ss
Ruijie(config-gs-radius)# end
Ruijie# show aaa group
Group Name: ss
Group Type: radius
Referred:
1
Server List:
Related
Command
Description
Commands
show aaa group
Displays AAA server group information.
Platform
N/A
Command Reference
AAA Commands
Description
ip vrf forwarding
Use this command to select VPN routing and forwarding (VRF) for an AAA server group.
Use the no form of this command to remove the setting.
ip vrf forwarding vrf_name
no ip vrf forwarding
Parameter
Parameter
Description
Description
vrf_name
VRF name
Defaults
N/A
Command
Mode
Server group configuration mode
Usage Guide
Use this command to select VRF for the specified server group.
The following example selects VRF for a server group.
Ruijie(config)# aaa group server radius ss
Configuration
Ruijie(config-gs-radius)# server 192.168.4.12
Examples
Ruijie(config-gs-radius)# server 192.168.4.13
Ruijie(config-gs-radius)# ip vrf forwarding vrf_name
Ruijie(config-gs-radius)# end
Related
Commands
Platform
Command
Description
aaa group server
Configures an AAA server group.
show aaa group
Displays AAA server group information.
N/A
Description
server
Use this command to add a server to an AAA server group.
Use the no form to delete a server.
server ip-addr [ auth-port port1 ] [ acct-port port2 ]
no server ip-addr [ auth-port port1 ] [ acct-port port2 ]
Parameter
Parameter
Description
Description
ip-addr
IP address of a server
port1
Authentication port of a server (which is supported only by the
Command Reference
AAA Commands
RADIUS server group)
Accounting port of a server (which is supported only by the RADIUS
port2
server group)
Defaults
No server is configured by default.
Command
Mode
Usage Guide
Server group configuration mode
Use this command to add a server to the specified server group. The default value is used if no port is
specified.
The following example adds a server to a server group.
Ruijie(config)# aaa group server radius ss
Ruijie(config-gs-radius)# server 192.168.4.12 acct-port 5 auth-port 6
Ruijie(config-gs-radius)# end
Ruijie# show aaa group
Configuration
Examples
Ruijie# show aaa group
Type
Reference Name
---------- ---------- ----------
Related
Commands
Platform
radius
1
radius
tacacs+
1
tacacs+
radius
1
ss
Command
Description
aaa group server
Configures an AAA server group.
show aaa group
Displays AAA server group information.
N/A
Description
show aaa group
Use this command to query all the server groups configured for AAA.
show aaa group
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
Mode
Command Reference
Usage Guide
AAA Commands
Use this command to query all the server groups configured for AAA.
The following example displays all the server groups configured for AAA.
Ruijie# show aaa group
Type
Reference Name
---------- ---------- ---------Configuration
Examples
radius
1
radius
tacacs+
1
tacacs+
radius
1
dot1x_group
radius
1
login_group
radius
1
enable_group
Related
Command
Description
Commands
aaa group server
Configures an AAA server group.
Platform
N/A
Description
aaa local authentication attempts
Use this command to configure the maximum number of login attempt times.
aaa local authentication attempts max-attempts
Parameter
Parameter
Description
Description
max-attempts
Maximum number of login attempt times, in the range from 1 to 2147483647
Defaults
The default value is 3.
Command
Global configuration mode
Mode
Usage Guide
Use this command to configure the maximum login attempt times.
The following example sets the maximum login attempt times to 6.
Configuration
Ruijie# configure terminal
Examples
Ruijie(config)# aaa local authentication attempts 6
Related
Command
Description
Commands
show running-config
Displays the current equipment configuration.
show aaa lockout
Displays the lockout configuration parameter of the current login.
Platform
Description
N/A
Command Reference
AAA Commands
aaa local authentication lockout-time
Use this command to configure the length of lockout-time when the maximum login attempt times are
exceeded.
aaa local authentication lockout-time lockout-time
Parameter
Parameter
Description
Description
lockout-time
Length of lockout-time, in the range from 1 to 2147483647.
Defaults
15 hours.
Command
Global configuration mode
Mode
Usage Guide
Use this command to configure the length of lockout-time when the maximum login attempt times are
exceeded.
The following example sets the length of lockout-time to 5 hours.
Configuration
Ruijie# configure terminal
Examples
Ruijie(config)# aaa local authentication lockout-time 5
Related
Command
Description
Commands
show running-config
Displays the current equipment configuration.
show aaa lockout
Displays the lockout configuration parameter of the current login.
Platform
N/A
Description
aaa new-model
Use this command to enable the RGOS AAA security service in global configuration mode.
Use the no form of this command to disable the AAA security service.
aaa new-model
no aaa new-model
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The AAA security service is disabled by default.
Command
Global configuration mode
Mode
Command Reference
Usage Guide
AAA Commands
Use this command to enable AAA. If AAA is not enabled, none of the AAA commands can be
configured.
Configuratio
The following example enables the AAA security service.
n Examples
Ruijie(config)# aaa new-model
Related
Command
Description
Commands
aaa authentication
Defines a user authentication method list.
aaa authorization
Defines a user authorization method list.
aaa accounting
Defines a user accounting method list.
Platform
N/A
Description
clear aaa local user lockout
Use this command to clear a lockout user list.
clear aaa local user lockout {all | user-name <word>}
Parameter
Parameter
Description
Description
<word>
User ID
Defaults
N/A.
Command
Privileged EXEC mode
Mode
Usage Guide
Use this command to clear all lockout user lists or the specified lockout user list.
Configuration
The following example clears all lockout user lists
Examples
Ruijie# clear aaa local user lockout all
Related
Commands
Platform
Command
Description
show running-config
Displays the current equipment configuration.
show aaa lockout
Displays the lockout configuration parameter of the current login.
N/A
Description
debug aaa
Use this command to enable the AAA service debugging switch.
Use the no form of this command to disable the debugging switch.
Command Reference
AAA Commands
debug aaa event
no debug aaa event
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A.
Command
Mode
Privileged EXEC mode
Usage Guide
N/A
Configuration
N/A
Examples
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
show aaa method-list
Use this command to query all AAA method lists.
show aaa method-list
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
Mode
Usage Guide
Use this command to query all AAA method lists.
The following example displays AAA method lists.
Ruijie# show aaa method-list
Configuratin
Authentication method-list
Examples
aaa authentication login default group radius
aaa authentication ppp default group radius
aaa authentication dot1x default group radius
Command Reference
AAA Commands
aaa authentication dot1x san-f local group angel group rain none
aaa authentication enable default group radius
Accounting method-list
aaa accounting network default start-stop group radius
Authorization method-list
aaa authorizating network default group radius
Command
Description
Related
aaa authentication
Defines a user authentication method list.
Commands
aaa authorization
Defines a user authorization method list.
aaa accounting
Defines a user accounting method list.
Platform
N/A
Description
show aaa user lockout
Use this command to query the current lockout user list.
show aaa user lockout
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Mode
Privileged EXEC mode
Usage Guide
Use this command to query the current lockout user list and the length of lockout-time.
Configuration
The following example displays the current lockout user list.
Examples
Ruijie# show aaa user lockout
Related
Commands
Platform
Description
Command
Description
show running-config
Displays the current equipment configuration.
show aaa lockout
Displays the lockout configuration parameter of the current login.
N/A
Command Reference
RADIUS Commands
RADIUS Commands
ip radius source-interface
Use this command to specify the source IP address of the RADIUS packet in global configuration
mode.
Use the no form of this command to delete the source IP address of the RADIUS packet.
ip radius source-interface interface
no radius source-interface
Parameter
Parameter
Description
Description
Interface
Interface that the source IP address of the RADIUS packet belongs to
Defaults
The source IP address of the RADIUS packet is set by the network layer by default.
Command
Global configuration mode
Mode
Usage Guide
In order to reduce the NAS information to be maintained on the RADIUS server, use this
command to set the source IP address of the RADIUS packet. This command uses the first IP
address of the specified interface as the source IP address of the RADIUS packet. This command
is used on Layer 3 devices.
Configuration
The following example specifies that the RADIUS packet obtains an IP address from the
Examples
fastEthernet 0/0 interface and uses it as the source IP address of the RADIUS packet.
Ruijie(config)# ip radius source-interface
fastEthernet 0/0
Related
Commands
Platform
Description
Command
Description
radius-server host
Defines the RADIUS server.
ip address
Configures the IP address of an interface.
N/A
Command Reference
RADIUS Commands
radius attribute
radius attribute {id | down-rate-limit | dscp | mac-limit | up-rate-limit} vendor-type type
no radius attribute { id | down-rate-limit | dscp | mac-limit | up-rate-limit} vendor-type
Parameter
Parameter
Description
Description
id
Function ID in the range from 1 to 255
type
Private attribute type
Defaults
Only the default configuration of private attributes in Ruijie is recognized.
id
Function
Type
1
max down-rate
1
2
qos
2
3
user ip
3
4
vlan-id
4
5
version to client
5
6
net ip
6
7
user name
7
8
password
8
9
file-directory
9
10
file-count
10
11
file-name-0
11
12
file-name-1
12
13
file-name-2
13
14
file-name-3
14
15
file-name-4
15
16
max up-rate
16
17
version to server
17
18
flux-max-high32
18
19
flux-max-low32
19
20
proxy-avoid
20
21
dialup-avoid
21
22
ip privilege
22
23
login privilege
42
Extended attributes:
id
Function
Type
1
max down-rate
76
2
qos
77
3
user ip
3
4
vlan-id.
4
5
version to client
5
6
net ip
6
7
user name
7
Command Reference
Command
RADIUS Commands
8
password
8
9
file-directory
9
10
file-count
10
11
file-name-0
11
12
file-name-1
12
13
file-name-2
13
14
file-name-3
14
15
file-name-4
15
16
max up-rate
75
17
version to server
17
18
flux-max-high32
18
19
flux-max-low32
19
20
proxy-avoid
20
21
dialup-avoid
21
22
ip privilege
22
23
login privilege
42
24
limit to user number
50
Global configuration mode
Mode
Usage Guide
Use this command to configure the type value of a private attribute.
Configuration
The following example sets the type of max up-rate to 211.
Examples
Ruijie(config)# radius attribute 16 vendor-type 211
Related
Command
Description
Commands
radius set qos cos
Sets the qos value sent by the RADIUS server as the cos
value of the interface.
Platform
N/A
Description
radius-server attribute 31
Use this command to specify the MAC-based format of the RADIUS Calling-Station-ID attribute in
global configuration mode.
Use the no form of this command to restore to the default value.
radius-server attribute 31 mac format {ietf | normal | unformatted}
no radius-server attribute 31 mac format
Parameter
Parameter
Description
Description
ietf
Standard format specified by the IETF (RFC3580). The
Command Reference
RADIUS Commands
hyphen (-) is used as the separator, for example:
00-D0-F8-33-22-AC.
Normal format representing the MAC address. The hyphen
normal
(-) is used as the separator. For example: 00d0.f833.22ac.
No format and separator, which is used by default, for
unformatted
example: 00d0f83322ac
Defaults
The default format is unformatted.
Command
Mode
Usage Guide
Global configuration mode
Some RADIUS security servers (mainly used in 802.1x authentication) may identify only the IETF
format. In this case, the RADIUS Calling-Station-ID attribute must be set to the IETF format type.
Configuration
The following example defines the RADIUS Calling-Station-ID attribute as the IETF format.
Examples
Ruijie(config)# radius-server attribute 31 mac format ietf
Related
Command
Description
Commands
N/A
N/A
Platform
Description
N/A
radius-server dead-ctriteria
Use this command to configure criteria on a device to determine that the RADIUS security server
is unreachable in global configuration mode.
Use the no form of this command to restore to the default value.
radius-server dead-criteria {time seconds [tries number] | tries number}
no radius-server dead-criteria {time seconds [tries number] | tries number}
Parameter
Parameter
Description
Description
time seconds
Configures the timeout period. If a device does not receive a correct
response packet from the RADIUS security server within the
specified time, the RADIUS security server is considered to be
unreachable. The value ranges from 1s to 120s.
tries number
Configures the successive timeout times. When sending a request
from a device to the same RADIUS security server times out for the
specified times successively, the device considers the RADIUS
security server to be unreachable. The value ranges from 1 to 100.
Defaults
time seconds: 60s
tries number: 10
Command Reference
Command
RADIUS Commands
Global configuration mode
Mode
Usage Guide
If a RADIUS security server meets the timeout period and successive timeout times at the same
time, the device considers the RADIUS security server to be unreachable. You can use this
command to adjust the parameters of the timeout period and successive timeout times.
Configuration
The following example sets the timeout period to 120s and the successive timeout times to 20.
Examples
Ruijie(config)# radius-server dead-criteria time 120 tries 20
Related
Command
Description
commands
radius-server host
Defines the host of the RADIUS security server.
radius-server deadtime
Defines the duration when a device stops sending any
requests to an unreachable RADIUS security server.
Defines
radius-server timeout
the
timeout
period
of
RADIUS
packet
retransmission.
Platform
N/A
Description
radius-server deadtime
Use this command to configure the duration when a device stops sending any requests to an
unreachable RADIUS security server in global configuration mode.
Use the no form of this command to return to the default value.
radius-server deadtime minnutes
no radius-server deadtime
Parameter
Parameter
Description
Description
minutes
Defines the duration (in minutes) when a device stops sending any
requests to the unreachable RADIUS security server. The value
ranges from 1 minute to 1440 minute (24 hours).
Defaults
The default value of the minutes parameter is 0 minutes. That is, a device keeps sending requests
to the unreachable RADIUS security server.
Command
Global configuration mode
Mode
Usage Guide
If active RADIUS server detection is enabled on a device, the minutes parameter of this command
does not take effect on the RADIUS server. Otherwise, the RADIUS server becomes reachable
when the duration set by this command is shorter than the unreachable time.
Command Reference
RADIUS Commands
Configuration
The following example sets the duration when a device stops sending requests to a RADIUS
Examples
server to 1 minute.
Ruijie(config)# radius-server deadtime 1
Related
Command
Description
Commands
radius-server dead-criteria
Defines the criteria of determining that a RADIUS
server is unreachable.
Defines host information of the RADIUS security server.
radius-server host
Platform
N/A
Description
radius-server host
Use this command to specify a RADIUS security server host in global configuration mode.
Use the no form of this command to delete the RADIUS security server host.
radius-server host { ipv4-address | ipv6-address} [auth-port port-number] [acct-port
port-number] [test username name [idle-time time] [ignore-auth-port] [ignore-acct-port]]
no radius-server host { ipv4-address | ipv6-address}
Parameter
Description
Parameter
Description
ipv4-address
IPv4 address of the RADIUS security server host
ipv6-address
IPv6 address of the RADIUS security server host
auth-port
UDP port for RADIUS authentication
port-number
Number of the UDP port used for RADIUS authentication. If it is set to 0,
the host does not perform authentication.
acct-port
UDP port for RADIUS accounting
port-number
Number of the UDP port for RADIUS accounting. If it is set to 0, the host
does not perform accounting.
test
username
(Optional) Enables active detection of the RADIUS security server and
name
specifies the user name used by active detection.
idle-time time
(Optional) Sets the interval of sending test packets to the reachable
RADIUS security server, which is 60 minutes by default and in minute the
range from 1 to 1440 minutes (namely 24 hours).
ignore-auth-port
(Optional) Disables detection of the authentication port on the RADIUS
security server. It is enabled by default.
ignore-acct-port
(Optional) Disables detection of the accounting port on the RADIUS
security server. It is enabled by default.
Defaults
No RADIUS host is specified by default.
Command
Global configuration mode
Mode
Command Reference
Usage Guide
RADIUS Commands
In order to implement the AAA security service using RADIUS, you must define a RADIUS
security server. You can define one or more RADIUS security servers by using this command.
Configuration
The following example defines an IPv4 RADIUS security server host.
Examples
Ruijie(config)# radius-server host 192.168.12.1
The following example defines an IPv4 RADIUS security server host, enables active detection
with the detection interval 60 minutes, and disables accounting UDP port detection.
Ruijie(config)# radius-server host 192.168.100.1 test username viven
idle-time 60 ignore-acct-port
The following example defines an IPv6 RADIUS security server host.
Ruijie(config)# radius-server host 3000::100
Related
Command
Description
aaa authentication
Defines the AAA identity authentication method list.
radius-server key
Defines a shared password for the RADIUS security
Commands
server.
radius-server retransmit
Define the RADIUS packet retransmission times.
radius-server timeout
Defines the
timeout period of RADIUS
packet
retransmission.
radius-server dead-criteria
Defines the criteria of determining that a RADIUS
server is unreachable.
radius-server deadtime
Defines the duration when a device stops sending any
requests to an unreachable RADIUS security server.
Platform
N/A
Description
radius-server key
Use this command to define a shared password for the network access server (a router) to
communicate with the RADIUS security server.
Use the no form of this command to remove the shared password.
radius-server key [0 | 7] text-string
no radius-server key
Parameter
Parameter
Description
Description
text-string
Text of the shared password
0|7
Password encryption type
0: no encryption
7: simple encryption
Command Reference
RADIUS Commands
Defaults
No shared password is specified by default.
Command
Global configuration mode
Mode
Usage Guide
A shared password is the basis for communication between a device and the RADIUS security
server. In order to allow the device to communicate with the RADIUS security server, define the
same shared password on the device and the RADIUS security server.
Configuration
The following example defines the shared password aaa for the RADIUS security server.
Examples
Ruijie(config)# radius-server key aaa
Related
Command
Description
Commands
radius-server host
Defines the RADIUS security server host.
radius-server retransmit
Defines the RADIUS packet retransmission times.
radius-server timeout
Defines the timeout period of RADIUS packet retransmission.
Platform
N/A
Description
radius-server retransmit
Use this command to configure the packet retransmission times before a device determines that
the RADIUS security server fails to respond.
Use the no form of this command to restore to the default setting.
radius-server retransmit retries
no radius-server retransmit
Parameter
Parameter
Description
Description
retries
Retransmission times
Defaults
The default retransmission times are 3.
Command
Global configuration mode
Mode
Usage Guide
AAA uses the next method to authenticate users only when the current security server for
authentication does not respond. When a device retransmits the RADIUS packet for the specified
times and the interval between every two retries times out, the device considers that the security
sever fails to respond.
Configuration
The following example sets the retransmission times to 4.
Examples
Ruijie(config)# radius-server retransmit 4
Command Reference
RADIUS Commands
Related
Command
Description
Commands
radius-server host
Defines the RADIUS security server host.
radius-server key
Define a shared password for the RADIUS server.
radius-server timeout
Defines the timeout period of RADIUS packet retransmission.
Platform
N/A
Description
radius-server timeout
Use this command to set the time for a device to wait for a response from the security server
before retransmitting the RADIUS packet.
Use the no form of this command to restore to the default setting.
radius-server timeout seconds
no radius-server timeout
Parameter
Parameter
Description
Description
seconds
Timeout period in the range from 1 second to1000 seconds
Defaults
The default timeout period is five seconds.
Command
Global configuration mode
Mode
Usage Guide
Use this command to change the timeout period of packet retransmission.
Configuration
The following example sets the timeout period to 10 seconds.
Examples
Ruijie(config)# radius-server timeout 10
Related
Command
Description
Commands
radius-server host
Defines the RADIUS security server host.
radius-server retransmit
Defines the RADIUS packet retransmission times.
radius-server key
Defines a shared password for the RADIUS server.
Platform
N/A
Description
radius set qos cos
Use this command to set the qos value sent by the RADIUS server as the cos value of an
interface.
Command Reference
RADIUS Commands
radius set qos cos
no radius set qos cos
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
The qos value sent by the RADIUS server is set to the dscp value by default.
Command
Global configuration mode
Mode
Usage Guide
Use this command to set the qos value sent by the RADIUS server to the cos value. The qos
value sent by the RADIUS server is set to the dscp value by default.
Configuration
The following example sets the qos value sent by the RADIUS server to the cos value of an
Examples
interface.
Ruijie(config)# radius set qos cos
Related
Command
Description
Commands
radius vendor-specific extend
RADIUS is extended not to differentiate the IDs of
private vendors.
Platform
N/A
Description
radius vendor-specific extend
Use this command to extend RADIUS not to differentiate the IDs of private vendors.radius
vendor-specific extend
no radius vendor-specific extend
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
Only the private vendor IDs of Ruijie are recognized by default.
Command
Global configuration mode
Mode
Usage Guide
Use this command to identify the attributes of all vendor IDs by type.
Configuration
The following example extends RADIUS not to differentiate the IDs of private vendors.
Command Reference
RADIUS Commands
Examples
Ruijie(config)# radius vendor-specific extend
Related
Command
Description
Commands
radius attribute
Configures the private vendor type.
radius set qos cos
Configures whether the qos value sent by the
RADIUS server to the cos value of an interface.
N/A
Platform
Description
debug radius
Use this command to turn on the RADIUS debugging switch.
Use the no form of this command to turn off the RADIUS debugging switch.
debug radius {event | detail}
no debug radius {event | detail}
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC configuration mode
Mode
Usage
N/A
Guide
Configurati
N/A
on
Examples
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
show radius parameter
Use this command to query the global parameters of the RADIUS server.
show radius parameter
Command Reference
RADIUS Commands
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A.
Command
Privileged EXEC mode
Mode
Usage Guide
Use this command to query the global parameters of the RADIUS server.
Configuration
Ruijie# show radius parameter
Examples
Server Timout: 5 Seconds
Server Deadtime: 0 Minutes
Server Retries: 3
Server Dead Critera:
Time:
Tries:
10 Seconds
10
Related
Command
Description
Commands
radius-server host
Defines the RADIUS security server host.
radius-server retransmit
Defines the RADIUS packet retransmission times.
radius-server key
Defines a shared password for the RADIUS server.
radius-server timeout
Defines the timeout period of RADIUS packet retransmission
radius-server dead-criteria
Defines the criteria of determining that a RADIUS server is
unreachable.
radius-server deadtime
Defines the duration when a device stops sending any requests
to an unreachable RADIUS security server.
Platform
N/A
Description
show radius server
Use this command to query the configuration of the RADIUS server.
show radius server
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A.
Command Reference
Command
RADIUS Commands
Privileged EXEC mode
Mode
Usage Guide
Use this command to query the configuration of the RADIUS server.
Configuration
Ruijie# show radius server
Examples
Server IP: 192.168.4.12
Accounting Port: 23
Authen Port:
77
Test Username: viven
Test Idle Time: 10 Minutes
Test Ports:
Authen
Server State:
Active
Current duration 765s, previous duration 0s
Dead: total time 0s, count 0
Statistics:
Authen: request 15, timeouts 1
Author: request 0, timeouts 0
Account: request 0, timeouts 0
Server IP: 192.168.4.13
Accounting Port: 45
Authen Port:
74
Test Username: <Not Configured>
Test Idle Time: 60 Minutes
Test Ports:
Authen and Accounting
Server State:
Active
Current duration 765s, previous duration 0s
Dead: total time 0s, count 0
Statistics:
Authen: request 0, timeouts 0
Author: request 0, timeouts 0
Account: request 20, timeouts 0
Related
Command
Description
Commands
radius-server host
Defines the RADIUS security server host.
radius-server retransmit
Defines the RADIUS packet retransmission times.
radius-server key
Defines a shared password for the RADIUS server.
radius-server timeout
Defines the timeout period of RADIUS packet retransmission.
Platform
Description
N/A
Command Reference
RADIUS Commands
show radius vendor-specific
Use this command to query the configuration of the private attribute types of RADIUS.
show radius vendor-specific
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
Mode
Usage Guide
Use this command to query the configuration of the private attribute types of RADIUS.
Configuration
Ruijie# show radius vendor-specific
Examples
Ruijie#show radius vendor-specific
id vendor-specific
type-value
----- -------------------- ---------1
max-down-rate
1
2
port-priority
2
3
user-ip
3
4
vlan-id
4
5
last-supplicant-vers 5
ion
6
net-ip
6
7
user-name
7
8
password
8
9
file-directory
9
10 file-count
10
11 file-name-0
11
12 file-name-1
12
13 file-name-2
13
14 file-name-3
14
15 file-name-4
15
16 max-up-rate
16
17 current-supplicant-v 17
ersion
18 flux-max-high32
18
19 flux-max-low32
19
20 proxy-avoid
20
21 dialup-avoid
21
22 ip-privilege
22
Command Reference
RADIUS Commands
23 login-privilege
42
26 ipv6-multicast-addre 79
ss
27 ipv4-multicast-addre 87
ss
Related
Command
Description
Commands
radius-server host
Defines the RADIUS security server host.
radius-server retransmit
Defines the RADIUS packet retransmission times.
radius-server key
Defines a shared password for the RADIUS server.
radius-server timeout
Defines the timeout period of RADIUS packet retransmission.
Platform
Description
N/A
Command Reference
TACACS+ Commands
TACACS+ Commands
aaa group server tacacs+
Use this command to configure TACACS+ group server, dividing different TACACS+ servers to
different groups.
aaa group server tacacs+ group-name
no aaa group server tacacs+ group-name
Parameter
Description
Parameter
Description
group-name
The TACACS+ server group name.
Defaults
No TACACS+ server group is configured.
Command
Global configuration mode.
Mode
Usage Guide
By dividing TACACS+ servers into several groups, the tasks of anthentication, authorization and
accounting can be implemented by different server groups.
Configuration
The following example configures a TACACS+ server group named tac1 and a TACACS+ server
Examples
address 1.1.1.1 in this group:
Ruijie(config)#aaa group server tacacs+ tac1
Ruijie(config-gs-tacacs+)# server 1.1.1.1
Ruijie(config-gs-tacacs+)# ip vrf forwarding vpn1
Related
Commands
Command
server
ip vrf forwarding
Platform
Description
Configures the server list of a TACACS+ server
group.
Configures
a
VRF
name
supported
by
TACACS+ server group.
N/A
Description
debug tacacs+
Use this command to turn on the TACACS+ debugging switch. The no form of this command turns off
the TACACS+ debugging switch.
Command Reference
TACACS+ Commands
debug tacacs+
no debug tacacs+
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
N/A
Examples
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ip tacacs source-interface
Use this command to configure the source IP address of TACACS+ packet.
ip tacacs source-interface
interface
no ip tacacs source-interface
Parameter
Description
Parameter
Description
interface
Source IP address interface of the TACACS+ packets
Defaults
Source IP address of TACACS+ packets is set on the network layer.
Command
Global configuration mode.
Mode
Usage Guide
To decrease the work of maintaining massive NAS messages in the TACACS+ server, use this
command to set the source IP address of TACACS+ packets. This command specifies the first ip
address of the specified interface as the source IP address of TACACS+ packets and is used on L3
devices.
Command Reference
TACACS+ Commands
Configuration
The following example specifies TACACS+ packet to obtain ip address from fastEthernet 0/0 as the
Examples
source IP address of TACACS+ packets:
Ruijie(config)# ip tacacs source-interface fastEthernet 0/0
Related
Commands
Platform
Command
Description
tacacs-server host
Defines a TACACS+ server.
ip address
Configures the ip address of the interface.
This command is not supported on AP110-W.
Description
ip vrf forwarding(TACACS+)
Use this command to configure vrf name used by the TACACS+ group server (this command is
supported by the device supporting VRF).
ip vrf forwarding vrf-name
no ip vrf forwarding
Parameter
Description
Parameter
Description
vrf-name
VRF name.
Defaults
N/A
Command
TACACS+ group server configuration mode.
Mode
Usage Guide
Specify vrf name to the specified TACACS+ server.
Configuration
The following example specifies VRF name as vpn1 to TACACS+ server group:
Examples
Ruijie(config)# aaa group server tacacs+ tac1
Ruijie(config-gs-tacacs+)# server 1.1.1.1
Ruijie(config-gs-tacacs+)# ip vrf forwarding vpn1
Related
Commands
Command
Description
aaa group server tacacs+
Configures a TACACS+ server group.
server
Platform
Description
N/A
Configures the server list of aTACACS+ server
group.
Command Reference
TACACS+ Commands
server(TACACS+)
Use this command to configure server address in TACACS+ group server.
server { ip-address | ipv6-address }
no server { ip-address | ipv6-address }
Parameter
Description
Parameter
Description
ip-address
The IP address of the server in the TACACS+ server group
ipv6-address
The IPv6 address of the server in the TACACS+ server group
Defaults
N/A
Command
TACACS+ group server configuration mode.
Mode
Usage Guide
You must enter the TACACS+ server group configuration mode to configure this command.
To configure server addresses in a TACACS+ group server, you must execute the tacacs-server
host command in global configuration mode.
For the IP address of the servers in TACACS+ group servers, when one server does not reply, it will
send the request to the next server.
Configuration
The following example configures a TACACS+ server group named tac1 and a TACACS+ server
Examples
address 1.1.1.1 in this group:
Ruijie(config)#aaa group server tacacs+ tac1
Ruijie(config-gs-tacacs+)#server 1.1.1.1
Related
Commands
Command
Description
aaa group server tacacs+
Configures a TACACS+ server group.
Configures
ip vrf forwarding
Platform
a
VRF
TACACS+ server group.
N/A
Description
show tacacs
Use this command to show the interoperation of each TACACS+ server.
show tacacs+
Parameter
Description
Parameter
name
Description
supported
by
Command Reference
N/A
Defaults
N/A
Command
Privileged EXEC mode.
TACACS+ Commands
N/A
Mode
Usage Guide
Use this command to show the interoperation of each TACACS+ server.
Configuration
Ruijie# show tacacs
Examples
Tacacs+ Server : 172.19.192.80/49
Socket Opens: 0
Socket Closes: 0
Total Packets Sent: 0
Total Packets Recv: 0
Reference Count: 0
Related
Commands
Platform
Command
Description
tacacs-server host
Defines a TACACS+ secure server host.
N/A
Description
tacacs-server host
Use this command to configure IP address of aTACACS+ server host
tacacs-server host { ip-address | ipv6-address } [ port integer ] [ timout integer ] [ key string ]
no tacacs-server host { ip-address | ipv6-address }
Parameter
Description
Parameter
Description
ip-address
The IP address of a TACACS+ server host.
ipv6-address
The IPv6 address of a TACACS+ server host.
port integer
The TCP port used in TACACS+ communication.
timeout integer
The Timeout time of TACACS+ host.
key string
The shared keyword of the TACACS+ client and server.
Defaults
No specified TACACS+ host
Command
Global configuration mode.
Mode
Command Reference
Usage Guide
TACACS+ Commands
To use TACACS+ to implement AAA security service, you must define the TACACS+ secure server.
You can define one or multiple TACACS+ secure servers by using the tacacs-server host
command.
Configuration
The following example defines a TACACS+ secure server host:
Examples
Ruijie(config)# tacacs-server host 192.168.12.1
Ruijie(config)# tacacs-server host 2001::1
Related
Commands
Command
Description
Defines a AAA identity authentication method
aaa authentication
list.
Defines the shared password of TACACS+
tacacs-server key
secure server globally.
Defines a timeout timer of reply packet of
tacacs-server timeout
Platform
TACACS+ server globally.
This command is not supported on AP110-W.
Description
tacacs-server key
Use this command to configure global password of TACACS+
tacacs-server key [ 0 | 7 ] string
no tacacs-server key
Parameter
Description
Parameter
Description
string
Text of shared password.
0|7
Encryption type of password, 0 indicates no encryption ; 7 indicates
being simply encrypted.
Defaults
No specified shared password.
Command
Global configuration mode.
Mode
Usage Guide
The device and TACACS+ secure server communicates with each other successfully on the basis of
the shared password. Therefore, to make the device and TACACS+ secure server communicate with
each other, the same shared password must be defined on both of the device and the server. When
we need to specify different passwords for every server, use key option in tacacs-server host
command. We can set a key to all the servers that have not set key option in global configuration
mode.
Command Reference
Configuration
Examples
TACACS+ Commands
The following example defines the shared password of TACACS+ secure server as
aaa:
Ruijie(config)# tacacs-server key aaa
Related
Commands
Platform
Command
Description
tacacs-server host
Defines a TACACS+ secure server host.
tacacs-server timeout
Defines the timeout timer of TACACS+ packet.
This command is not supported on AP110-W.
Description
tacacs-server timeout
Use this command to configure the global timeout time waiting for the server when the device is
communicating with TACACS+ server.
tacacs-server timeout seconds
no tacacs-server timeout
Parameter
Description
Parameter
Description
seconds
Timeout time (s) in the range 1 to 1000s.
Defaults
5 seconds
Command
Global configuration mode.
Mode
Usage Guide
Use this command to adjust the timeout time of reply packets. When we specify different timeout
times for every server, use timeout option in tacacs-server host command. We can set a timeout to
all the servers that have not set timeout option in global configuration mode.
Configuration
The following example shows how to define the timeout time as 10 seconds:
Examples
Ruijie(config)# tacacs-server timeout 10
Related
Commands
Platform
Description
Command
Description
tacacs-server host
Defines a TACACS+ secure server host.
tacacs-server key
Defines the shared password of TACACS+.
This command is not supported on AP110-W.
Command Reference
SSH Commands
SSH Commands
crypto key generate
Use this command to generate a public key on the SSH server in global configuration mode.
crypto key generate {rsa | dsa}
Parameter
Parameter
Description
Description
rsa
Generates an RSA key.
dsa
Generates a DSA key.
Defaults
The SSH server does not generate a public key by default.
Command
Global configuration mode
Mode
Usage Guide
When you need to enable the SSH server service, use this command to generate a public key on the
SSH server and enable the SSH server service by running the enable service ssh-server command
at the same time. SSH 1 uses the RSA key; SSH 2 uses the RSA or DSA key. Therefore, if an RSA
key has been generated, both SSH1 and SSH2 can use it. If only a DSA key is generated, only SSH2
can use it.
A key can be deleted by using the crypto key zeroize command. The no crypto key
generate command is not available.
Configuration
Ruijie# configure terminal
Examples
Ruijie(config)# crypto key generate rsa
Related
Command
Description
Commands
show ip ssh
Displays the current status of the SSH server.
crypto key zeroize {rsa | dsa}
Platform
Deletes the DSA and RSA keys and disables the SSH server
function.
N/A
Description
crypto key zeroize
Use this command to delete the public key on the SSH server in global configuration mode.
crypto key zeroize {rsa | dsa}
Command Reference
SSH Commands
Parameter
Parameter
Description
Description
rsa
Deletes the RSA key.
dsa
Deletes the DSA key.
Defaults
N/A.
Command
Global configuration mode
Mode
Usage Guide
Use this command to delete the public key on the SSH server. After the key is deleted, the SSH
server state becomes DISABLE. If you want to disable the SSH server, run the no enable service
ssh-server command.
Configuration
Ruijie# configure terminal
Examples
Ruijie(config)# crypto key zeroize rsa
Related
Command
Description
Commands
show ip ssh
Displays the current status of the SSH server.
crypto key generate { rsa|dsa }
Generates the DSA and RSA keys.
Platform
N/A
Description
ip ssh authentication-retries
Use this command to set the user authentication retry times of the SSH server.
Use the no form of this command to restore to the default setting.
ip ssh authentication-retries retry times
no ip ssh authentication-retries
Parameter
Parameter
Description
Description
retry times
User authentication retry times, in the range from 0 to 5
Defaults
The default authentication retry times are 3. You can use the no ip ssh authentication-retries
command to restore to the default value.
Command
Global configuration mode
Mode
Usage Guide
User authentication is considered failed if authentication is not successful when the configured
authentication retry times on the SSH server are exceeded. Use the show ip ssh command to view
the configuration of the SSH server.
Configuration
The following example sets the user authentication retry times to 2.
Command Reference
Examples
SSH Commands
Ruijie# configure terminal
Ruijie(config)# ip ssh authentication-retries 2
Related
Command
Description
Commands
show ip ssh
Displays the current status of the SSH server.
Platform
N/A
Description
ip ssh time-out
Use this command to set the user authentication timeout period on the SSH server.
Use the no form of this command to restore to the default setting.
ip ssh time-out time
no ip ssh time-out
Parameter
Parameter
Description
Description
time
User authentication timeout period
Defaults
The default user authentication timeout period is 120 seconds. You can use the no ip ssh time-out
command to restore to the default value.
Command
Global configuration mode
Mode
Usage Guide
The authentication is considered timeout and failed if the authentication is not successful within 120
seconds starting from reception of a connection request. Use the show ip ssh command to view the
configuration of the SSH server.
Configuration
The following example sets the timeout period to 100 seconds.
Examples
Ruijie# configure terminal
Ruijie(config)# ip ssh time-out 100
Related
Command
Description
Commands
show ip ssh
Displays the current status of the SSH server.
Platform
N/A
Description
ip ssh version
Use this command to set the version of the SSH server.
Use the no form of this command to restore to the default setting.
Command Reference
SSH Commands
ip ssh version {1 | 2}
no ip ssh version
Parameter
Parameter
Description
Description
1
Supports the SSH1 client connection request.
2
Supports the SSH2 client connection request.
Defaults
SSH1 and SSH2 are compatible by default. When a version is set, only the connection sent by the
SSH client of this version is accepted. You can use the no ip ssh version command to restore to the
default setting.
Command
Global configuration mode
Mode
Usage Guide
Use this command to configure the SSH connection protocol version supported by the SSH server.
By default, the SSH server supports SSH1 and SSH2, and the clients of these versions can connect
to the SSH server. If Version 1 or 2 is set, only the SSH client of this version can connect to the SSH
server. Use the show ip ssh command to display the current status of SSH server.
Configuration
The following example sets the version of the SSH server to Version 2.
Examples
Ruijie# configure terminal
Ruijie(config)# ip ssh version 2
Related
Command
Description
Commands
show ip ssh
Displays the current status of the SSH server.
Platform
N/A
Description
disconnect ssh
Use this command to disconnect the established SSH connection.
disconnect ssh [vty] session-id
Parameter
Parameter
Description
Description
session-id
ID of the established SSH connection session
Defaults
N/A
Command
Privileged EXEC mode
Mode
Usage Guide
You can disconnect an SSH connection by entering the ID of the SSH connection or the specified
VTY connection ID. Only connections of the SSH type can be disconnected.
Command Reference
SSH Commands
Configuration
Ruijie# disconnect ssh 1 Or
Examples
Ruijie# disconnect ssh vty 1
Related
Command
Description
Commands
show ssh
Displays information about the established SSH connection.
clear line vty line_number
Disconnects the current VTY connection.
Platform
N/A
Description
show crypto key mypubkey
Use this command to query the public key part of the public key on the SSH server.
show crypto key mypubkey {rsa/dsa}
Parameter
Parameter
Description
Description
rsa
Displays the public key part of the RSA key.
dsa
Displays the public key part of the DSA key.
Defaults
N/A.
Command
Privileged EXEC mode
Mode
Usage Guide
Use this command to query the public key part of the generated public key on the SSH server,
including the key generation time, key name, and contents of the public key part.
Configuration
Ruijie# show crypto key mypubkey rsa
Examples
Related
Command
Description
Commands
crypto key generate {rsa | dsa}
Generates the DSA and RSA keys.
Platform
N/A
Description
show ip ssh
Use this command to query the effective configuration of the SSH server.
show ip ssh
Parameter
Parameter
Description
Command Reference
Description
N/A
Defaults
N/A
Command
Privileged EXEC mode
SSH Commands
N/A
Mode
Usage Guide
Use this command to query the effective configuration of the SSH server, including the version,
whether the SSH server is enabled, authentication timeout period, and authentication retry times.
Note: If no key is generated for the SSH server, the SSH version is still unavailable even if this SSH
version has been configured.
Configuration
Ruijie# show ip ssh
Examples
Related
Command
Description
Commands
ip ssh version {1 | 2}
Configures the version of the SSH server.
ip ssh time-out time
ip ssh authentication-retries
Platform
Sets the user authentication timeout period on the SSH
server.
Sets the user authentication retry times on the SSH server.
N/A
Description
show ssh
Use this command to query each SSH connection.
show ssh
Parameter
Parameter
Description
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode
Mode
Usage Guide
Use this command to query the established SSH connections, including the VTY number of
connection, SSH version, encryption algorithm, message authentication algorithm, connection status,
and user name.
Configuration
Examples
Ruijie# show ssh
Command Reference
SSH Commands
Related
Command
Description
Commands
N/A
N/A
Platform
N/A
Description
Command Reference
FTP Client Commands
FTP Client Commands
copy ftp
This section introduces how to use the copy ftp command to transfer files at the CLI in the main
program. To use the FTP client to download files to the device, execute the copy ftp:url flash:url
command in the privileged mode. Use the copy flash:url ftp:url command to upload files of the local
client to the server.
copy ftp://username:password@dest-address [/remote-directory]/remote-file
flash:[local-directory/]local-file [vrf vrfname]
copy flash:[local-directory/]local-file ftp://username:password@dest-address [/remote-directory]/
remote-file [vrf vrfname]
Parameter
Description
Parameter
Description
Username for logging in to the FTP server, with a length no more than
username
40 bytes. The username does not contain dot (.), at sign (@), slash (/),
and space. This parameter is mandatory.
Password for logging in to the FTP server, with a length no more than
password
32 bytes. The password does not contain dot (.), at sign (@), slash (/),
and space. This parameter is mandatory.
dest-address
IP address of the FTP server
Name of the optional directory on the FTP server for uploading files,
remote-directory
with a length no more than 255 bytes. The directory name does not
contain space and Chinese characters. If this parameter is empty, the
current directory of the FTP server is used.
remote-file
Name of the file on the remote server, with a length no more than 255
bytes. The name does not contain space and Chinese characters.
Optional directory of the folder on the local device. Create the folder on
the local device before specifying the directory of the folder because
local-directory
this command cannot automatically create a folder. If this parameter is
empty, the current directory is used, with a length no more than 255
bytes, and does not contain space and Chinese characters.
local-file
vrfname
Defaults
Command
Modes
N/A
Privileged EXEC mode
Name of the file on the local server, with a length no more than 255
bytes. The name does not contain space and Chinese characters.
Name of the specified VRF
Command Reference
FTP Client Commands
Usage
Use the copy ftp:url flash:url command to download files.
Guidelines
Use the copy flash:url ftp: url command to upload files.
Examples
The username is user; password is pass, IP address is 192.168.23.69. Download the file named
remote-file under the root directory of the FTP server to the home directory of the device, and save it
as local-file.
Ruijie# copy ftp://user:pass@192.168.23.69/root/remote-file flash:home/local-file
Upload the file local-file under the home directory of the device to the root directory of the FTP server,
and save it as remote-file.
Ruijie# copy flash:home/local-file ftp://user:pass@192.168.23.69/root/remote-file
Related
Commands
Platform
Command
Description
N/A
N/A
-
Description
default ftp-client
Use the default ftp-client command to restore the default setting of the FTP client in the global
configuration mode, namely, passive (PASV) mode for data connection, binary mode for file transfer,
and client source IP address not bound.
default ftp-client [vrf vrfname]
Parameter
Description
Defaults
Parameter
Description
vrfname
Restores the default setting for the specified VRF.
The data connection mode is passive (PASV), file transfer mode is binary, and no local source IP
address is specified.
Command
Modes
Usage
Global configuration mode
Use this command to restore the default setting of the FTP client.
Guidelines
Examples
Restore the default setting of the FTP client.
Ruijie (config)# default ftp-client
Related
Command
Description
Command Reference
FTP Client Commands
Commands
Restors ftp client default configuration.
default ftp-client
Platform
N/A
Description
ftp-client ascii
Use the ftp-client ascii command to set the FTP transfer mode to text (ASCII). Use the no form of this
command to restore the default setting.
ftp-client [vrf vrfname] ascii
no ftp-client [vrf vrfname] ascii
Parameter
Description
Defaults
Command
Modes
Usage
Parameter
Description
vrfname
Sets the file transfer mode for the specified VRF.
The default FTP transfer mode is binary.
Global configuration mode
This command sets the file transfer mode to the text (ASCII) mode.
Guidelines
Examples
Set the file transfer mode to ASCII.
Ruijie (config)# ftp-client ascii
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ftp-client port
Use the ftp-client port command to set the FTP data connection mode to active (PORT). Use the no
form of this command to restore the passive mode, in which the client initiates a connection to the
server for data transmission.
ftp-client [vrf vrfname] port
Command Reference
FTP Client Commands
no ftp-client [vrf vrfname] port
Parameter
Description
Defaults
Command
Modes
Parameter
Description
vrfname
Sets the data connection mode for the specified VRF.
The default FTP connection mode is passive (PASV).
Global configuration mode
Usage
You can use this command to set the active mode for data connection, in which the server initiates a
Guidelines
connection to the client.
Examples
Set the active mode for FTP connection.
Ruijie (config)# ftp-client port
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
ftp-client source-address
Use the ftp-client source-address command to configure the source address of the FTP client for
transmitted FTP packets.
Use the no form of this command to remove the binding.
ftp-client [vrf vrfname] source-address {ip-address | ipv6-address}
no ftp-client [vrf vrfname] source-address
Parameter
Description
Defaults
Parameter
Description
ip-address
IP address of the FTP client
ipv6-address
IPv6 address of the FTP client
vrfname
Binds the source IP address with the specified VRF.
By default, no source IP address is specified for the client. The device uses the IP address of the
interface determined by the matched route as the source IP address to communicate with an FTP
server.
Command
Global configuration mode
Command Reference
FTP Client Commands
Modes
Usage
This command configures a source IP address for a client to connect to the server.
Guidelines
Examples
Set the active mode for FTP connection.
Ruijie (config)# ftp-client source-address 192.168.23.236
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
CPU Protection Commands
CPU Protection Commands
cpu-protect type packet-type pps pps_value
Use this command to set the bandwidth for receiving packets of a specified type for the CPU port.
cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |
unknown-ipmc | dvmrp | …}
pps pps_value
Parameter
Parameter
Description
Description
pps_value
Number of packets per second
Defaults
The CPU's default bandwidth for receiving packets of each type is 1000 pps.
Command
Mode
Usage Guide
Configuration
Examples
Related
Commands
Platform
Description
Global configuration mode
N/A
The following example sets the CPU's bandwidth for receiving BPDU packets.
Ruijie(config)# cpu-pr type bpdu pps 100
Set packet type bpdu pps 100 .
Command
Description
cpu-protect type packet-type pri pri_num
Sets the priority of the packets of a
specified type received by the CPU port.
N/A
cpu-protect type packet-type pri pri_num
Use this command to set the priority of the packets of a specified type received by the CPU port.
cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |
unknown-ipmc | dvmrp | …} pri
pri_num
Parameter
Parameter
Description
Description
pri_num
ID, value range: 0 to 7
Defaults
The default value of the queue corresponding to the packets of each type is 0.
Command Reference
Command
Mode
Usage Guide
Configuration
Examples
Related
Commands
Platform
Description
CPU Protection Commands
Global configuration mode
N/A
The following example maps BPDU packets to queue 7.
Ruijie(config)# cpu-protect type bpdu pri 7
Set packet type bpdu pri 7.
Command
Description
cpu-protect type packet-type pps pps_value
Sets
the
bandwidth
for
transmitting
packets of a specified type.
N/A
show cpu-protect type
Use this command to display statistics about the packets of a specified type.
show cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 |
unknown-ipmc | dvmrp | …} dvmrp
Parameter
Parameter
Description
Description
slot_num
Value range: 1 to 16
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
Use this command to display statistics about the packets of a specified type.
The following example uses the show cpu-protect type bpdu command to display statistics of
receiving BPDU packets.
Ruijie(config)# show cpu-protect type arp
Configuration
Examples
Slot
Type
Slot-2
Command
Total
Drop
--------- ------------ --------- --------- --------MainBoard bpdu
Related
Pps
bpdu
100
100
30
30
0
0
Command
Description
show cpu-protect type packet-type
Displays statistics of packets of a specified
type protected by the CPU.
Command Reference
Platform
CPU Protection Commands
N/A
Description
In the configuration command of the CPP, the ellipsis (…) refers to the CPP types not
listed.
Command Reference
Threshold Commands
Threshold Commands
threshold set
Use this command to set the threshold value for the device. Use the no form of this command to
restore the default value.
threshold set {cpu | memory | temperature} warning_value [critical_value]
no threshold set {cpu | memory | temperature}
Parameter
Description
Parameter
cpu
|
Description
memory
temperature
|
Specifies the threshold type.
cpu indicates the CPU utilization threshold.
memory indicates the memory utilization threshold.
temperature indicates the temperature threshold.
warning_value
Configures the warning threshold.
The range of CPU and memory utilization threshold is from 1 to 100.
The range of temperature threshold is 0 to 200.
critical_value
Configures the critical threshold, which must be greater than the
warning threshold.
The range of CPU and memory utilization threshold is from 1 to 100.
The range of temperature threshold is 0 to 200.
Defaults
CPU threshold: warning threshold: 90; critical threshold: 100.
Memory threshold: warning threshold: 90; critical threshold: 100.
Temperature threshold: warning threshold: 90; critical threshold: 100.
Command
Global configuration mode
mode
Usage Guide
You can use this command to configure the thresholds of CPU utilization, memory utilization and
temperature. These thresholds can be read through MIB to learn the CPU and memory usage. There
is no related syslog for the threshold.
Configuration
The following example sets the memory utilization threshold.
Examples
Ruijie(config)# threshold set memory 70 90
The following example sets the CPU utilization threshold.
Ruijie(config)# threshold set cpu 70 90
The following example sets the temperature threshold.
Ruijie(config)# threshold set temperature 60 80
Command Reference
Related
Commands
Platform
Threshold Commands
Command
Description
show threshold
Displays the system threshold values.
N/A
Description
show threshold
Use this command to display the system threshold values.
show threshold {cpu | memory | temperature}
Parameter
Description
Parameter
cpu
|
Description
memory
|
Specifies the threshold type.
temperature
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
N/A
Configuration
The following example displays the CPU utilization threshold.
Examples
Ruijie# show threshold cpu
The following example displays the memory utilization threshold.
Ruijie# show threshold memory
Related
Commands
Platform
Description
Command
Description
threshold set
Sets the threshold value.
N/A
Command Reference
NFPP Commands
NFPP Commands
arp-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
arp-guard attack-threshold { per-src-ip | per-src-mac | per-port } pps
Parameter
Description
Defaults
Parameter
Description
per-src-ip
Set the attack threshold for each source IP address.
per-src-mac
Set the attack threshold for each source MAC address.
per-port
Set the attack threshold for each port.
pps
Set the attack threshold, in pps. The valid range is 1 to 9999.
By default, the attack threshold for each source IP address and source MAC address is 8pps; and the
attack threshold for each port is 200pps.
Command
NFPP configuration mode.
Mode
Usage Guide
The attack threshold shall be equal to or greater than the rate-limit threshold.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# arp-guard attack-threshold per-src-ip 2
Ruijie(config-nfpp)# arp-guard attack-threshold per-src-mac 3
Ruijie(config-nfpp)# arp-guard attack-threshold per-port 50
Related
Commands
Command
nfpp arp-guard policy
Platform
Description
Description
Show the rate-limit threshold and attack
threshold.
show nfpp arp-guard summary
Show the configurations.
show nfpp arp-guard hosts
Show the monitored host.
clear nfpp arp-guard hosts
Clear the isolated host.
N/A
Command Reference
NFPP Commands
arp-guard enable
Use this command to enable the anti-ARP guard function globally.
arp-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Enabled.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# arp-guard enable
Related
Commands
Platform
Command
Description
nfpp arp-guard enable
Enable the anti-ARP attack on the interface.
show nfpp arp-guard summary
Show the configurations.
N/A
Description
arp-guard isolate-period
Use this command to set the arp-guard isolate time globally.
arp-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
Description
seconds
Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
permanent
Permanent isolation.
Defaults
The default isolate time is 0, which means no isolation.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Command Reference
NFPP Commands
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# arp-guard isolate-period 180
Related
Commands
Platform
Command
Description
nfpp arp-guard isolate-period
Set the isolate time on the interface.
show nfpp arp-guard summary
Show the configurations.
N/A
Description
arp-guard monitored-host-limit
Use this command to set the maximum monitored host number.
arp-guard monitored-host-limit number
Parameter
Description
Parameter
Description
number
The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults
1000
Command
NFPP configuration mode
Mode
Usage Guide
If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR: The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# arp-guard monitored-host-limit 200
Related
Commands
Platform
Description
Command
Description
show nfpp arp-guard summary
Show the configurations.
N/A
Command Reference
NFPP Commands
arp-guard monitor-period
Use this command to configure the arp guard monitor time.
arp guard monitor-period seconds
Parameter
Description
Parameter
Description
seconds
Set the monitor time, in seconds. The valid range is 180 to 86400.
Defaults
600s
Command
NFPP configuration mode.
Mode
Usage Guide
When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# arp-guard monitor-period 180
Related
Commands
Platform
Command
Description
show nfpp arp-guard summary
Show the configurations.
show nfpp arp-guard hosts
Show the monitored host list.
clear nfpp arp-guard hosts
Clear the isolated host.
N/A
Description
arp-guard rate-limit
Use this command to set the arp guard rate limit.
arp-guard rate-limit { per-src-ip | per-src-mac | per-port } pps
Parameter
Description
Parameter
Description
per-src-ip
Set the rate limit for each source IP address.
per-src-mac
Set the rate limit for each source MAC address.
per-port
Set the rate limit for each port.
Command Reference
pps
Defaults
NFPP Commands
Set the rate limit, in the range of 1 to 9999
The default rate limit for each source IP address and MAC address is 4pps; the default rate limit for
each port is 100pps.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# arp-guard rate-limit per-src-ip 2
Ruijie(config-nfpp)# arp-guard rate-limit per-src-mac 3
Ruijie(config-nfpp)# arp-guard rate-limit per-port 50
Related
Commands
Platform
Command
Description
nfpp arp-guard policy
Set the rate limit and the attack threshold.
show nfpp arp-guard summary
Show the configurations.
N/A
Description
arp-guard scan-threshold
Use this command to set the global scan threshold.
arp-guard scan-threshold pkt-cnt
Parameter
Description
Parameter
Description
pkt-cnt
Set the scan threshold, in the range of 1 to 9999.
Defaults
The default scan threshold is 15, in 10 seconds.
Command
NFPP configuration mode
Mode
Usage Guide
The scanning may occur on the condition that:
more than 15 packets are received within 10 seconds;
the source MAC address for the link layer is constant while the source IP address is uncertain;
the source MAC and IP address for the link layer is constant while the destination IP address is
uncertain.
Configuration
Ruijie(config)# nfpp
Command Reference
Examples
Related
Commands
Platform
NFPP Commands
Ruijie(config-nfpp)# arp-guard scan-threshold 20
Command
Description
nfpp arp-guard scan-threshold
Set the scan threshold on the port.
show nfpp arp-guard summary
Show the configurations.
show nfpp arp-guard scan
Show the ARP guard scan table.
clear nfpp arp-guard scan
Clear the ARP guard scan table.
N/A
Description
clear nfpp arp-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp arp-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address | mac-address ]
Parameter
Description
Parameter
Description
vid
Set the VLAN ID.
interface-id
Set the interface name and number.
ip-address
Set the IP address.
mac-address
Set the MAC address.
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Usage Guide
Use this command without the parameter to clear all monitored hosts
Configuration
Ruijie# clear nfpp arp-guard hosts vlan 1 interface g0/1
Examples
Related
Commands
Platform
Description
Command
Description
arp-guard attack-threshold
Set the global attack threshold.
nfpp arp-guard policy
Set the limit threshold and attack threshold.
show nfpp arp-guard hosts
Show the monitored host.
N/A
Command Reference
NFPP Commands
clear nfpp arp-guard scan
Use this command to clear ARP scanning table.
clear nfpp arp-guard scan
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# clear nfpp arp-guard scan
Examples
Related
Commands
Platform
Command
Description
arp-guard attack-threshold
Set the global attack threshold.
nfpp arp-guard policy
Set the attack threshold.
show nfpp arp-guard scan
Show the ARP scanning table.
N/A
Description
clear nfpp dhcp-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp dhcp-guard hosts [ vlan vid ] [ interface interface-id ] [ mac-address ]
Parameter
Description
Parameter
Description
vid
Set the VLAN ID.
interface-id
Set the interface name and number.
mac-address
Set the MAC address.
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Command Reference
NFPP Commands
Usage Guide
Use this command without the parameter to clear all monitored hosts.
Configuration
Ruijie# clear nfpp dhcp-guard hosts vlan 1 interface g0/1
Examples
Related
Commands
Platform
Command
Description
dhcp-guard attack-threshold
Set the global attack threshold.
nfpp dhcp-guard policy
Set the limit threshold and attack threshold.
show nfpp dhcp-guard hosts
Show the monitored host.
N/A
Description
clear nfpp dhcpv6-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp dhcpv6-guard hosts [ vlan vid ] [ interface interface-id ] [ mac-address ]
Parameter
Description
Parameter
Description
vid
Set the VLAN ID.
interface-id
Set the interface name and number.
mac-address
Set the MAC address.
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Usage Guide
Use this command without the parameter to clear all monitored hosts
Configuration
Ruijie# clear nfpp dhcpv6-guard hosts vlan 1 interface g0/1
Examples
Related
Commands
Platform
Command
Description
dhcpv6-guard attack-threshold
Set the global attack threshold.
nfpp dhcpv6-guard policy
Set the limit threshold and attack threshold.
show nfpp dhcpv6-guard hosts
Show the monitored host.
N/A
Command Reference
NFPP Commands
Description
clear nfpp icmp-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp icmp-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address ]
Parameter
Description
Parameter
Description
vid
Set the VLAN ID.
interface-id
Set the interface name and number.
ip-address
Set the IP address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Use this command without the parameter to clear all monitored hosts.
Configuration
Ruijie# clear nfpp icmp-guard hosts vlan 1 interface g0/1
Examples
Related
Commands
Platform
Command
Description
icmp-guard attack-threshold
Set the global attack threshold.
nfpp icmp-guard policy
Set the limit threshold and attack threshold.
show nfpp icmp-guard hosts
Show the monitored host.
N/A
Description
clear nfpp ip-guard hosts
Use this command to clear the monitored host isolation.
clear nfpp ip-guard hosts [ vlan vid ] [ interface interface-id ] [ ip-address ]
Parameter
Description
Parameter
Description
vid
Set the VLAN ID.
interface-id
Set the interface name and number.
ip-address
Set the IP address.
Command Reference
Defaults
N/A.
Command
Privileged EXEC mode.
NFPP Commands
Mode
Usage Guide
Use this command without the parameter to clear all monitored hosts.
Configuration
Ruijie# clear nfpp ip-guard hosts vlan 1 interface g0/1
Examples
Related
Commands
Platform
Command
Description
ip-guard attack-threshold
Set the global attack threshold.
nfpp ip-guard policy
Set the limit threshold and attack threshold.
show nfpp ip-guard hosts
Show the monitored host.
N/A
Description
clear nfpp log
Use this command to clear the NFPP log buffer area.
clear nfpp log
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# clear nfpp log
Examples
32 log-buffer entries were cleared.
Related
Commands
Command
show nfpp log
Platform
N/A
Description
Show the NFPP log configurations or the log
buffer area.
Command Reference
NFPP Commands
Description
dhcp-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
dhcp-guard attack-threshold { per-src-mac | per-port } pps
Parameter
Description
Defaults
Parameter
Description
per-src-mac
Set the attack threshold for each source MAC address.
per-port
Set the attack threshold for each port.
pps
Set the attack threshold, in pps. The valid range is 1 to 9999.
By default, the attack threshold for each source MAC address is 10pps; and the attack threshold for
each port is 300pps.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcp-guard attack-threshold per-src-mac 15
Ruijie(config-nfpp)# dhcp-guard attack-threshold per-port 200
Related
Commands
Command
Description
Show the rate-limit threshold and attack
nfpp dhcp-guard policy
Platform
threshold.
show nfpp dhcp-guard summary
Show the configurations.
show nfpp dhcp-guard hosts
Show the monitored host list.
clear nfpp dhcp-guard hosts
Clear the monitored host.
N/A
Description
dhcp-guard enable
Use this command to enable the DHCP anti-attack function.
dhcp-guard enable
Parameter
Parameter
Description
Command Reference
NFPP Commands
Description
N/A
Defaults
Disabled
Command
NFPP configuration mode.
N/A
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcp-guard enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
dhcp-guard isolate-period
Use this command to set the isolate time globally.
dhcp-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
Description
seconds
Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
permanent
Permanent isolation.
Defaults
The default isolate time is 0, which means no isolation.
Command
NFPP configuration mode.
Mode
Usage Guide
The isolate period can be configured globally or based on the interface. For one interface, if the
isolate period is not set based on the interface, the global value shall be adopted; or the
interface-based isolate period shall be adopted.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcp-guard isolate-period 180
Related
Command
Description
Command Reference
NFPP Commands
Commands
Platform
nfpp dhcp-guard isolate-period
Set the isolate time on the interface.
show nfpp dhcp-guard summary
Show the configurations.
N/A
Description
dhcp-guard monitored-host-limit
Use this command to set the maximum monitored host number.
dhcp-guard monitored-host-limit number
Parameter
Description
Parameter
Description
number
The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults
1000
Command
NFPP configuration mode
Mode
Usage Guide
If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR:The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcp-guard monitored-host-limit 200
Related
Commands
Platform
Command
Description
show nfpp dhcp-guard summary
Show the configurations.
N/A
Description
dhcp-guard monitor-period
Use this command to configure the monitor time
Command Reference
NFPP Commands
dhcp-guard monitor-period seconds
Parameter
Description
Parameter
Description
seconds
Set the monitor time, in seconds. The valid range is 180 to 86400.
Defaults
600s
Command
NFPP configuration mode.
Mode
Usage Guide
When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcp-guard monitor-period 180
Related
Commands
Platform
Command
Description
show nfpp dhcp-guard summary
Show the configurations.
show nfpp dhcp-guard hosts
Show the monitored host list.
clear nfpp dhcp-guard hosts
Clear the isolated host.
N/A
Description
dhcp-guard rate-limit
Use this command to set the rate-limit threshold globally.
dhcp-guard rate-limit { per-src-mac | per-port } pps
Parameter
Description
Defaults
Parameter
Description
per-src-mac
Set the rate limit for each source MAC address.
per-port
Set the rate limit for each port.
pps
Set the rate limit, in the range of 1 to 9999
The default rate limit for each source MAC address is 5pps; the default rate limit for each port is
150pps.
Command Reference
Command
NFPP Commands
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcp-guard rate-limit per-src-mac 8
Ruijie(config-nfpp)# dhcp-guard rate-limit per-port 100
Related
Commands
Platform
Command
Description
nfpp dhcp-guard policy
Set the rate limit and the attack threshold.
show nfpp dhcp-guard summary
Show the configurations.
N/A
Description
dhcpv6-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
dhcpv6-guard attack-threshold { per-src-mac | per-port } pps
Parameter
Description
Defaults
Parameter
Description
per-src-mac
Set the attack threshold for each source MAC address.
per-port
Set the attack threshold for each port.
pps
Set the attack threshold, in pps. The valid range is 1 to 9999.
By default, the attack threshold for each source MAC address is 10pps; and the attack threshold for
each port is 300pps
Command
NFPP configuration mode.
Mode
Usage Guide
N/A.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcpv6-guard attack-threshold per-src-mac 15
Ruijie(config-nfpp)# dhcpv6-guard attack-threshold per-port 200
Related
Commands
Command
Description
Command Reference
NFPP Commands
Show the rate-limit threshold and attack
nfpp dhcpv6-guard policy
Platform
threshold.
show nfpp dhcpv6-guard summary
Show the configurations.
show nfpp dhcpv6-guard hosts
Show the monitored host list.
clear nfpp dhcpv6-guard hosts
Clear the monitored host.
N/A
Description
dhcpv6-guard enable
Use this command to enable the DHCPv6 anti-attack function.
dhcpv6-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Disabled
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcpv6-guard enable
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
dhcpv6-guard isolate-period
Use this command to set the isolate time globally.
dhcpv6-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
Description
seconds
Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
Command Reference
permanent
NFPP Commands
Permanent isolation.
Defaults
The default isolate time is 0, which means no isolation.
Command
NFPP configuration mode.
Mode
Usage Guide
The isolate period can be configured globally or based on the interface. For one interface, if the
isolate period is not set based on the interface, the global value shall be adopted; or the
interface-based isolate period shall be adopted.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcpv6-guard isolate-period 180
Related
Commands
Platform
Command
Description
nfpp dhcpv6-guard isolate-period
Set the isolate time on the interface.
show nfpp dhcpv6-guard summary
Show the configurations.
N/A
Description
dhcpv6-guard monitored-host-limit
Use this command to set the maxmum monitored host number.
dhcpv6-guard monitored-host-limit number
Parameter
Description
Parameter
Description
number
The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults
1000
Command
NFPP configuration mode
Mode
Usage Guide
If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR:The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Command Reference
NFPP Commands
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcpv6-guard monitored-host-limit 200
Related
Commands
Platform
Command
Description
show nfpp dhcpv6-guard summary
Show the configurations.
N/A
Description
dhcpv6-guard monitor-period
Use this command to configure the monitor time.
dhcpv6-guard monitor-period seconds
Parameter
Description
Parameter
Description
seconds
Set the monitor time, in seconds. The valid range is 180 to 86400.
Defaults
600s
Command
NFPP configuration mode.
Mode
Usage Guide
When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcpv6-guard monitor-period 180
Related
Commands
Platform
Description
Command
Description
show nfpp dhcpv6-guard summary
Show the configurations.
show nfpp dhcpv6-guard hosts
Show the monitored host list.
clear nfpp dhcpv6-guard hosts
Clear the isolated host.
N/A
Command Reference
NFPP Commands
dhcpv6-guard rate-limit
Use this command to set the rate-limit threshold globally.
dhcpv6-guard rate-limit { per-src-mac | per-port } pps
Parameter
Description
Defaults
Parameter
Description
per-src-mac
Set the rate limit for each source MAC address.
per-port
Set the rate limit for each port.
pps
Set the rate limit, in the range of [1,9999]
The default rate limit for each source MAC address is 5pps; the default rate limit for each port is
150pps.
Command
NFPP configuration mode
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# dhcpv6-guard rate-limit per-src-mac 8
Ruijie(config-nfpp)# dhcpv6-guard rate-limit per-port 100
Related
Commands
Platform
Command
Description
nfpp dhcpv6-guard policy
Set the rate limit and the attack threshold.
show nfpp dhcpv6-guard summary
Show the configurations.
N/A
Description
icmp-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
icmp-guard attack-threshold { per-src-ip | per-port } pps
Parameter
Description
Parameter
Description
per-src-ip
Set the attack threshold for each source IP address.
per-port
Set the attack threshold for each port.
pps
Set the attack threshold, in pps. The valid range is 1 to 9999.
Command Reference
Defaults
NFPP Commands
By default, the attack threshold and the rate-limit threshold for each source IP address and each port
are the same. For the default rate-limit threshold value, see the icmp-guard rate-limit command.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# icmp-guard attack-threshold per-src-ip 600
Ruijie(config-nfpp)# icmp-guard attack-threshold per-port 1200
Related
Commands
Command
Description
Show the rate-limit threshold and attack
nfpp icmp-guard policy
Platform
threshold.
show nfpp icmp-guard summary
Show the configurations.
show nfpp icmp-guard hosts
Show the monitored host list.
clear nfpp icmp-guard hosts
Clear the monitored host.
N/A
Description
icmp-guard isolate-period
Use this command to set the isolate time globally.
icmp-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
Description
seconds
Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
permanent
Permanent isolation.
Defaults
The default isolate time is 0, which means no isolation.
Command
NFPP configuration mode.
Mode
Usage Guide
The isolate period can be configured globally or based on the interface. For one interface, if the
isolate period is not set based on the interface, the global value shall be adopted; or the
interface-based isolate period shall be adopted.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# icmp-guard isolate-period 180
Command Reference
Related
Commands
Platform
NFPP Commands
Command
Description
nfpp icmp-guard isolate-period
Set the isolate time on the interface.
show nfpp icmp-guard summary
Show the configurations.
N/A
Description
icmp-guard enable
Use this command to enable the ICMP anti-attack function.
icmp-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Enabled
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# icmp-guard enable
Related
Commands
Command
Description
Enable the ICMP anti-attack function on the
nffp icmp-guard enable
interface.
show nfpp icmp-guard summary
Platform
Show the configurations.
N/A
Description
icmp-guard monitored-host-limit
Use this command to set the maxmum monitored host number.
icmp-guard monitored-host-limit number
Parameter
Parameter
Description
Command Reference
NFPP Commands
Description
number
The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults
1000
Command
NFPP configuration mode
Mode
Usage Guide
If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR:The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# icmp-guard monitored-host-limit 200
Related
Commands
Platform
Command
Description
show nfpp icmp-guard summary
Show the configurations.
N/A
Description
icmp-guard monitor-period
Use this command to configure the monitor time.
icmp-guard monitor-period seconds
Parameter
Description
Parameter
Description
seconds
Set the monitor time, in seconds. The valid range is [180, 86400].
Defaults
600s
Command
NFPP configuration mode.
Mode
Usage Guide
When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
Command Reference
NFPP Commands
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# icmp-guard monitor-period 180
Related
Commands
Platform
Command
Description
show nfpp icmp-guard summary
Show the configurations.
show nfpp icmp-guard hosts
Show the monitored host list.
clear nfpp icmp-guard hosts
Clear the isolated host.
N/A
Description
icmp-guard rate-limit
Use this command to set the rate-limit threshold globally.
icmp-guard rate-limit { per-src-ip | per-port } pps
Parameter
Description
Defaults
Parameter
Description
per-src-ip
Set the rate limit for each source IP address.
per-port
Set the rate limit for each port.
pps
Set the rate limit, in the range of [1,9999]
The default rate-limit threshold for each source IP address is half of the value for each port. And the
default rate-limit threshold value for each port varies with the products.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# icmp-guard rate-limit per-src-ip 500
Ruijie(config-nfpp)# icmp-guard rate-limit per-port 800
Related
Commands
Command
Description
nfpp icmp-guard policy
Set the rate limit and the attack threshold.
show nfpp icmp-guard summary
Show the configurations.
Command Reference
Platform
NFPP Commands
N/A
Description
icmp-guard trusted-host
Use this command to set the trusted hosts free form monitoring.
icmp-guard trusted-host ip mask
no icmp-guard trusted-host { all | ip mask }
Parameter
Description
Parameter
Description
ip
Set the IP address.
mask
Set the IP mask.
all
Delete the configurations of all trusted hosts.
Defaults
N/A.
Command
NFPP configuration mode.
Mode
Usage Guide
The administrator can use this command to set the trusted host free from monitoring. The ICMP
packets are allowed to send to the trusted host CPU without any rate-limit and warning configuration.
Configure the mask to set all hosts in one network segment free from monitoring.
UP to 500 trusted hosts are supported.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# icmp-guard trusted-host 1.1.1.0 255.255.255.0
Related
Commands
Platform
Command
Description
show nfpp icmp-guard trusted-host
Show the configurations.
N/A
Description
ip-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
ip-guard attack-threshold { per-src-ip | per-port } pps
Parameter
Parameter
Description
Command Reference
NFPP Commands
Description
Defaults
per-src-ip
Set the attack threshold for each source IP address.
per-port
Set the attack threshold for each port.
pps
Set the attack threshold, in pps. The valid range is 1 to 9999.
By default, the attack threshold for each source IP address and each port are 20pps and 2000pps
respectively.
Command
NFPP configuration mode.
Mode
Usage Guide
The attack threshold shall be equal to or larger than the rate-limit threshold.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# ip-guard attack-threshold per-src-ip 2
Ruijie(config-nfpp)# ip-guard attack-threshold per-port 50
Related
Commands
Command
Description
Show the rate-limit threshold and attack
nfpp ip-guard policy
Platform
threshold.
show nfpp ip-guard summary
Show the configurations.
show nfpp ip-guard hosts
Show the monitored host list.
clear nfpp ip-guard hosts
Clear the monitored host.
N/A
Description
ip-guard enable
Use this command to enable the IP anti-scanfunction.
ip-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
Enabled
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Command Reference
NFPP Commands
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# ip-guard enable
Related
Commands
Command
Description
Enable the IP anti-scan function on the
nffp ip-guard enable
Platform
interface.
N/A
Description
ip-guard isolate-period
Use this command to set the isolate time globally.
ip-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
Description
seconds
Set the isolate time, in seconds. The valid range is 0, or 30 to 86400.
permanent
Permanent isolation.
Defaults
The default isolate time is 0, which means no isolation.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# ip-guard isolate-period 180
Related
Commands
Platform
Command
Description
nfpp ip-guard isolate-period
Set the isolate time on the interface.
show nfpp ip-guard summary
Show the configurations.
N/A
Description
ip-guard monitor-period
Use this command to configure the monitor time.
Command Reference
NFPP Commands
ip-guard monitor-period seconds
Parameter
Description
Parameter
Description
seconds
Set the monitor time, in seconds. The valid range is 180 to 86400.
Defaults
600s
Command
NFPP configuration mode.
Mode
Usage Guide
When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software
and the timeout time will be the monitor period. During the software monitoring, if the isolate period is
not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will
be the isolate period. The monitor period is valid with the isolate period 0.
If the isolate period has changed to be 0, the attackers on the interface will be removed rather than
being monitored by the software
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# ip-guard monitor-period 180
Related
Commands
Platform
Command
Description
show nfpp ip-guard summary
Show the configurations.
show nfpp ip-guard hosts
Show the monitored host list.
clear nfpp ip-guard hosts
Clear the isolated host.
N/A
Description
ip-guard monitored-host-limit
Use this command to set the maxmum monitored host number.
ip-guard monitored-host-limit number
Parameter
Description
Parameter
Description
number
The maximum monitored host number. The valid range is 1 to
4294967295.
Defaults
1000
Command
NFPP configuration mode
Mode
Command Reference
Usage Guide
NFPP Commands
If the monitored host number has reached the default 1000, the administrator shall set the
max-number smaller than 1000 and it will prompt the message that %ERROR: The value that you
configured is smaller than current monitored hosts 1000, please clear a part of monitored hosts. to
remind the administrator of the invalid configuration and removing the monitored hosts.
When the maximum monitored host number has been exceeded, it prompts the message that %
NFPP_ARP_GUARD-4-SESSION_LIMIT: Attempt to exceed limit of 1000 monitored hosts.to remind
the administrator.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# ip-guard monitored-host-limit 200
Related
Commands
Platform
Command
Description
show nfpp ip-guard summary
Show the configurations.
N/A
Description
ip-guard rate-limit
Use this command to set the rate-limit threshold globally.
ip-guard rate-limit { per-src-ip | per-port } pps
Parameter
Description
Defaults
Parameter
Description
per-src-ip
Set the rate limit for each source IP address.
per-port
Set the rate limit for each port.
pps
Set the rate limit, in the range of 1 to 9999
By default, the the rate-limit threshold for each source IP address and each port is 20pps and 100pps
respectively.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# ip-guard rate-limit per-src-ip 2
Ruijie(config-nfpp)# ip-guard rate-limit per-port 50
Command Reference
Related
Commands
Platform
NFPP Commands
Command
Description
nfpp ip-guard policy
Set the rate limit and the attack threshold.
show nfpp ip-guard summary
Show the configurations.
N/A
Description
ip-guard scan-threshold
Use this command to set the global scan threshold.
ip-guard scan-threshold pkt-cnt
Parameter
Description
Parameter
Description
pkt-cnt
Set the scan threshold, in the range of 1 to 9999.
Defaults
The default scan threshold is 100, in 10 seconds.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# ip-guard scan-threshold 2
Related
Commands
Platform
Command
Description
nfpp ip-guard scan-threshold
Set the scan threshold on the port.
show nfpp ip-guard summary
Show the configurations.
N/A
Description
ip-guard trusted-host
Use this command to set the trusted hosts free form monitoring.
ip-guard trusted-host ip mask
no ip-guard trusted-host { all | ip mask }
Parameter
Parameter
Description
Command Reference
NFPP Commands
Description
ip
Set the IP address.
mask
Set the IP mask.
all
Delete the configurations of all trusted hosts.
Defaults
N/A.
Command
NFPP configuration mode.
Mode
Usage Guide
The administrator can use this command to set the trusted host free from monitoring. The ICMP
packets are allowed to sent to the trusted host CPU without any rate-limit and warning configuration.
Configure the mask to set all hosts in one network segment free from monitoring.
UP to 500 trusted hosts are supported.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# ip-guard trusted-host 1.1.1.0 255.255.255.0
Related
Commands
Platform
Command
Description
show nfpp ip-guard trusted-host
Show the configurations.
N/A
Description
log-buffer entries
Use this command to set the NFPP log buffer area size.
log-buffer entries number
Parameter
Description
Parameter
Description
number
The buffer area size. The valid range is 0 to 1024.
Defaults
256.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# log-buffer entries 50
Command Reference
Related
Commands
NFPP Commands
Command
Description
log-buffer logs number_of_message interval
Show the rate of the syslog generated from the
length_in_seconds
NFPP buffer area.
Show the NFPP log configuration or the log
show nfpp log
Platform
buffer area.
N/A
Description
log-buffer logs
Use this command to set the rate of syslog generated from the NFPP log buffer area.
log-buffer logs number_of_message interval length_in_seconds
Parameter
Description
Parameter
Description
The valid range is 0-1024.
number_of_message
0 indicates that all logs are recorded in the specific buffer area and no
syslogs are generated.
The valid range is 0-86400(one day).
0 indicates not to write the log to the buffer area but generate the
syslog immediately.
length_in_seconds
With both the number_of_message and length_in_seconds values
are 0, it indicates not to write the log to the buffer area but generate
the syslog immediately.
The parameter number_of_message /length_in_second indicates the
rate of syslog generated from the NFPP log buffer area.
Defaults
By default, the number_of_message is 1 and the length_in_seconds is 30.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# log-buffer logs 2 interval 12
Related
Commands
Command
Description
log-buffer entries number
Set the NFPP log buffer area size.
Command Reference
NFPP Commands
Show the NFPP log configurations or the log
show nfpp log summary
Platform
buffer area.
N/A
Description
logging
Use this command to set the VLAN or the interface log for NFPP
logging vlan vlan-range
logging interface interface-id
Parameter
Description
Parameter
Description
vlan-range
Set the specified VLAN range, in the format such as “1-3, 5”.
interface-id
Set the interface ID.
Defaults
All logs are recorded..
Command
NFPP configuration mode.
Mode
Usage Guide
Use this command to filter the logs and records the logs within the specified VLAN range or the
specified port
Configuration
The following example shows the administrator how to record the logs in VLAN 1,VLAN 2,VLAN 3
Examples
and VLAN 5 only:
Ruijie(config)# nfpp
Ruijie(config-nfpp)# logging vlan 1-3,5
The following example shows the administrator how to record the logs on the interface
GigabitEthernet 0/1 only:
Ruijie(config)# nfpp
Ruijie(config-nfpp)# logging interface G 0/1
Related
Commands
Command
show nfpp log summary
Platform
Description
N/A
Description
Show the NFPP log configurations or the log
buffer area.
Command Reference
NFPP Commands
nd-guard attack-threshold
Use this command to set the global attack threshold. When the packet rate exceeds the attack
threshold, the attack occurs.
nd-guard attack-threshold per-port { ns-na | rs | ra-redirect } pps
Parameter
Description
Parameter
Description
ns-na
Set the neighbor request and neighbor advertisement.
rs
Set the router request.
ra-redirect
Set the router advertisement and the redirect packets.
pps
Set the attack threshold, in pps. The valid range is [1,9999].
Defaults
By default, the default attack threshold for the ns-na, rs and ra-redirect on each port is 30.
Command
NFPP configuration mode.
Mode
Usage Guide
The attack threshold shall be equal to or larger than the rate-limit threshold.
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# nd-guard attack-threshold per-port ns-na 20
Ruijie(config-nfpp)# nd-guard attack-threshold per-port rs 10
Ruijie(config-nfpp)# nd-guard attack-threshold per-port ra-redirect 10
Related
Commands
Command
Description
Show the rate-limit threshold and attack
nfpp ip-guard policy
threshold.
show nfpp ip-guard summary
Platform
Show the configurations.
N/A
Description
nd-guard enable
Use this command to enable the ND anti-attack function.
nd-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Command Reference
Defaults
Enabled
Command
NFPP configuration mode.
NFPP Commands
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# nd-guard enable
Related
Commands
Command
Description
Enable the ND anti-attack function on the
nffp nd-guard enable
interface.
show nfpp nd-guard summary
Platform
Show the configurations.
N/A
Description
nd-guard rate-limit
Use this command to set the rate-limit threshold globally.
nd-guard rate-limit per-port { ns-na | rs | ra-redirect } pps
Parameter
Description
Parameter
Description
ns-na
Set the neighbor request and neighbor advertisement.
rs
Set the router request.
ra-redirect
Set the router advertisement and the redirect packets.
pps
Set the attack threshold, in pps. The valid range is [1,9999].
Defaults
By default, the default rate-limit threshold for the ns-na, rs and ra-redirect on each port is 15.
Command
NFPP configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# nfpp
Examples
Ruijie(config-nfpp)# nd-guard rate-limit per-port ns-na 10
Ruijie(config-nfpp)# nd-guard rate-limit per-port rs 5
Ruijie(config-nfpp)# nd-guard rate-limit per-port ra-redirect 5
Command Reference
Related
Commands
Platform
NFPP Commands
Command
Description
nfpp nd-guard policy
Set the rate limit and the attack threshold.
show nfpp nd-guard summary
Show the configurations.
N/A
Description
nfpp arp-guard enable
Use this command to enable the anti-ARP attack function on the interface.
nfpp arp-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The anti-ARP attack function is not enabled on the interface.
Command
Interface configuration mode.
Mode
Usage Guide
The interface anti-ARP attack configuration is prior to the global configuration.
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp arp-guard enable
Related
Commands
Platform
Command
Description
arp-guard enable
Enable the anti-ARP attack function.
show nfpp arp-guard summary
Show the configurations.
N/A
Description
nfpp arp-guard isolate-period
Use this command to set the isolate period in the interface configuration mode
nfpp arp-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
Description
seconds
Set the isolate period, in second. The valid range is 0, or [30, 86400].
Command Reference
NFPP Commands
0 indicates no isolation.
permanent
Permanent isolation.
Defaults
By default, the isolate period is not configured.
Command
Interface configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp arp-guard isolate-period 180
Related
Commands
Platform
Command
Description
arp-guard isolate-period
Set the global isolate period.
show nfpp arp-guard summary
Show the configurations.
N/A
Description
nfpp arp-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp arp-guard policy { per-src-ip | per-src-mac | per-port } rate-limit-pps attack-threshold-pps
Parameter
Description
Parameter
per-src-ip
per-src-mac
Description
Set the rate-limit threshold and the attack threshold for each source
IP address.
Set the rate-limit threshold and the attack threshold for each source
MAC address.
per-port
Set the rate-limit threshold and the attack threshold for each port.
rate-limit-pps
Set the rate-limit threshold with the valid range of [1, 9999].
attack-threshold-pps
Set the attack threshold with the valid range of [1, 9999].
Defaults
By default, the rate-limit threshold and the attack threshold are not configured.
Command
Interface configuration mode.
Mode
Usage Guide
The attack threshold value shall be equal to or greater than the rate-limit threshold.
Command Reference
NFPP Commands
Configuration
Ruijie(config)# interface G 0/1
Examples
Ruijie(config-if)# nfpp arp-guard policy per-src-ip 2 10
Ruijie(config-if)# nfpp arp-guard policy per-src-mac 3 10
Ruijie(config-if)# nfpp arp-guard policy per-port 50 100
Related
Commands
Platform
Command
Description
arp-guard attack-threshold
Set the global attack threshold.
arp-guard rate-limit
Set the global rate-limit threshold.
show nfpp arp-guard summary
Show the configurations.
show nfpp arp-guard hosts
Show the monitored host.
clear nfpp arp-guard hosts
Clear the isolated host.
N/A
Description
nfpp arp-guard scan-threshold
Use this command to set the scan threshold.
nfpp arp-guard scan-threshold pkt-cnt
Parameter
Description
Parameter
Description
pkt-cnt
Set the scan threshold with the valid range of [1, 9999].
Defaults
By default, the sport-based scan threshold is not configured.
Command
Interface configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# interface G 0/1
Examples
Ruijie(config-if)# nfpp arp-guard scan-threshold 20
Related
Commands
Platform
Command
Description
arp-guard attack-threshold
Set the global attack threshold.
show nfpp arp-guard summary
Show the configurations.
show nfpp arp-guard scan
Show the ARP scan table.
clear nfpp arp-guard scan
Clear the ARP scan table.
N/A
Command Reference
NFPP Commands
Description
nfpp dhcp-guard enable
Use this command to enable the DHCP anti-attack function on the interface.
nfpp dhcp-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The DHCP anti-attack function is not enabled on the interface.
Command
Interface configuration mode.
Mode
Usage Guide
The interface DHCP anti- attack configuration is prior to the global configuratio
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp dhcp-guard enable
Related
Commands
Platform
Command
Description
dhcp-guard enable
Enable the anti-ARP attack function.
show nfpp dhcp-guard summary
Show the configurations.
N/A
Description
nfpp dhcp-guard isolate-period
Use this command to set the isolate period in the interface configuration mode.
nfpp dhcp-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
seconds
permanent
Description
Set the isolate period, in second. The valid range is 0, or [30, 86400].
0 indicates no isolation.
Permanent isolation.
Defaults
By default, the isolate period is not configured
Command
Interface configuration mode.
Command Reference
NFPP Commands
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp dhcp-guard isolate-period 180
Related
Commands
Platform
Command
Description
dhcp-guard isolate-period
Set the global isolate period.
show nfpp dhcp-guard summary
Show the configurations.
N/A
Description
nfpp dhcpv6-guard enable
Use this command to enable the DHCPv6 anti-attack function on the interface.
nfpp dhcpv6-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The DHCPv6 anti-attack function is not enabled on the interface.
Command
Interface configuration mode.
Mode
Usage Guide
The interface DHCPv6 anti- attack configuration is prior to the global configuration.
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp dhcpv6-guard enable
Related
Commands
Platform
Description
Command
Description
dhcpv6-guard enable
Enable the anti-ARP attack function.
show nfpp dhcpv6-guard summary
Show the configurations.
N/A
Command Reference
NFPP Commands
nfpp dhcpv6-guard isolate-period
Use this command to set the isolate period in the interface configuration mode.
nfpp dhcpv6-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
seconds
permanent
Description
Set the isolate period, in second. The valid range is 0, or [30, 86400].
0 indicates no isolation.
Permanent isolation.
Defaults
By default, the isolate period is not configured.
Command
Interface configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp dhcpv6-guard isolate-period 180
Related
Commands
Platform
Command
Description
dhcpv6-guard isolate-period
Set the global isolate period.
show nfpp dhcpv6-guard summary
Show the configurations.
N/A
Description
nfpp icmp-guard enable
Use this command to enable the ICMP anti-attack function on the interface.
nfpp icmp-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The ICMP anti-attack function is not enabled on the interface.
Command
Interface configuration mode.
Mode
Command Reference
NFPP Commands
Usage Guide
The interface ICMP anti- attack configuration is prior to the global configuration.
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp icmp-guard enable
Related
Commands
Platform
Command
Description
icmp-guard enable
Enable the anti-ARP attack function.
show nfpp icmp-guard summary
Show the configurations.
N/A
Description
nfpp icmp-guard isolate-period
Use this command to set the isolate period in the interface configuration mode.
nfpp icmp-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
seconds
permanent
Description
Set the isolate period, in second. The valid range is 0, or [30, 86400].
0 indicates no isolation.
Permanent isolation.
Defaults
By default, the isolate period is not configured.
Command
Interface configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp icmp-guard isolate-period 180
Related
Commands
Platform
Description
Command
Description
icmp-guard isolate-period
Set the global isolate period.
show nfpp icmp-guard summary
Show the configurations.
N/A
Command Reference
NFPP Commands
nfpp icmp-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp icmp-guard policy { per-src-ip | per-port } rate-limit-pps attack-threshold-pps
Parameter
Description
Parameter
per-src-ip
Description
Set the rate-limit threshold and the attack threshold for each source
IP address.
per-port
Set the rate-limit threshold and the attack threshold for each port.
rate-limit-pps
Set the rate-limit threshold with the valid range of [1, 9999].
attack-threshold-pps
Set the attack threshold with the valid range of [1, 9999].
Defaults
By default, the rate-limit threshold and the attack threshold are not configured.
Command
Interface configuration mode.
Mode
Usage Guide
The attack threshold value shall be equal to or greater than the rate-limit threshold.
Configuration
Ruijie(config)# interface G 0/1
Examples
Ruijie(config-if)# nfpp icmp-guard policy per-src-ip 5 10
Ruijie(config-if)# nfpp icmp-guard policy per-port 100 200
Related
Commands
Platform
Command
Description
icmp-guard attack-threshold
Set the global attack threshold.
icmp-guard rate-limit
Set the global rate-limit threshold.
show nfpp icmp-guard summary
Show the configurations.
show nfpp icmp-guard hosts
Show the monitored host.
clear nfpp icmp-guard hosts
Clear the isolated host.
N/A
Description
nfpp ip-guard enable
Use this command to enable the ICMP anti-attack function on the interface.
nfpp ip-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Command Reference
NFPP Commands
Defaults
The IP anti-scan function is not enabled on the interface.
Command
Interface configuration mode.
Mode
Usage Guide
The interface IP anti-scan configuration is prior to the global configuration.
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp ip-guard enable
Related
Commands
Platform
Command
Description
ip-guard enable
Enable the anti-ARP attack function.
show nfpp ip-guard summary
Show the configurations.
N/A
Description
nfpp ip-guard isolate-period
Use this command to set the isolate period in the interface configuration mode.
nfpp ip-guard isolate-period { seconds | permanent }
Parameter
Description
Parameter
seconds
permanent
Description
Set the isolate period, in second. The valid range is 0, or [30, 86400].
0 indicates no isolation.
Permanent isolation.
Defaults
By default, the isolate period is not configured.
Command
Interface configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp ip-guard isolate-period 180
Related
Commands
Command
Description
ip-guard isolate-period
Set the global isolate period.
Command Reference
NFPP Commands
show nfpp ip-guard summary
Platform
Show the configurations.
N/A
Description
nfpp ip-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp ip-guard policy { per-src-ip | per-port } rate-limit-pps attack-threshold-pps
Parameter
Description
Parameter
per-src-ip
Description
Set the rate-limit threshold and the attack threshold for each source
IP address.
per-port
Set the rate-limit threshold and the attack threshold for each port.
rate-limit-pps
Set the rate-limit threshold with the valid range of [1, 9999].
attack-threshold-pps
Set the attack threshold with the valid range of [1, 9999].
Defaults
By default, the rate-limit threshold and the attack threshold are not configured.
Command
Interface configuration mode.
Mode
Usage Guide
The attack threshold value shall be equal to or greater than the rate-limit threshold.
Configuration
Ruijie(config)# interface G 0/1
Examples
Ruijie(config-if)# nfpp ip-guard policy per-src-ip 2 10
Ruijie(config-if)# nfpp ip-guard policy per-port 50 100
Related
Commands
Platform
Command
Description
ip-guard attack-threshold
Set the global attack threshold.
ip-guard rate-limit
Set the global rate-limit threshold.
show nfpp ip-guard summary
Show the configurations.
show nfpp ip-guard hosts
Show the monitored host.
clear nfpp ip-guard hosts
Clear the isolated host.
N/A
Description
nfpp dhcp-guard policy
Use this command to set the rate-limit threshold and the attack threshold
Command Reference
NFPP Commands
nfpp dhcp-guard policy { per-src-mac | per-port } rate-limit-pps attack-threshold-pps
Parameter
Description
Parameter
per-src-mac
Description
Set the rate-limit threshold and the attack threshold for each source
MAC address.
per-port
Set the rate-limit threshold and the attack threshold for each port.
rate-limit-pps
Set the rate-limit threshold with the valid range of [1, 9999].
attack-threshold-pps
Set the attack threshold with the valid range of [1, 9999].
Defaults
By default, the rate-limit threshold and the attack threshold are not configured.
Command
Interface configuration mode.
Mode
Usage Guide
The attack threshold value shall be equal to or greater than the rate-limit threshold.
Configuration
Ruijie(config)# interface G 0/1
Examples
Ruijie(config-if)# nfpp dhcp-guard policy per-src-mac 3 10
Ruijie(config-if)# nfpp dhcp-guard policy per-port 50 100
Related
Commands
Platform
Command
Description
dhcp-guard attack-threshold
Set the global attack threshold.
dhcp-guard rate-limit
Set the global rate-limit threshold.
show nfpp dhcp-guard summary
Show the configurations.
show nfpp dhcp-guard hosts
Show the monitored host.
clear nfpp dhcp-guard hosts
Clear the isolated host.
N/A
Description
nfpp ip-guard scan-threshold
Use this command to set the scan threshold.
nfpp ip-guard scan-threshold pkt-cnt
Parameter
Description
Defaults
Parameter
Description
pkt-cnt
Set the scan threshold with the valid range of [1, 9999].
By default, the sport-based scan threshold is not configured.
Command Reference
Command
NFPP Commands
Interface configuration mode.
Mode
Usage Guide
N/A
Configuration
Ruijie(config)# interface G 0/1
Examples
Ruijie(config-if)# nfpp ip-guard scan-threshold 20
Related
Commands
Platform
Command
Description
ip-guard attack-threshold
Set the global attack threshold.
show nfpp ip-guard summary
Show the configurations.
N/A
Description
nfpp nd-guard enable
Use this command to enable the ND anti-attack function on the interface.
nfpp nd-guard enable
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The ND anti-attack function is not enabled on the interface.
Command
Interface configuration mode.
Mode
Usage Guide
The interface ND anti-attack configuration is prior to the global configuration.
Configuration
Ruijie(config)# interface G0/1
Examples
Ruijie(config-if)# nfpp nd-guard enable
Related
Commands
Platform
Description
Command
Description
nd-guard enable
Enable the ND anti- attack function.
show nfpp nd-guard summary
Show the configurations.
N/A
Command Reference
NFPP Commands
nfpp nd-guard policy
Use this command to set the rate-limit threshold and the attack threshold.
nfpp nd-guard policy per-port { ns-na | rs | ra-redirect } rate-limit-pps attack-threshold-pps
Parameter
Description
Parameter
Description
ns-na
Set the neighbor request and neighbor advertisement.
rs
Set the router request.
ra-redirect
Set the router advertisement and the redirect packets.
rate-limit-pps
Set the rate-limit threshold with the valid range of [1, 9999].
Defaults
By default, the rate-limit threshold and the attack threshold are not configured.
Command
Interface configuration mode.
Mode
Usage Guide
The attack threshold value shall be equal to or greater than the rate-limit threshold.
For ND snooping, the port is classified into untrusted port and trusted port. The untrusted port
connects to the host and the trusted port connects to the gateway. The rate-limt threshold for the
trusted port shall higher than the one for the untrusted port because the traffic of the trusted port
generally is higher than the traffic of the untrusted port. For the trusted port with ND snooping
enabled, ND snooping advertises ND guard to set the rate-limit threshold and attack threshold for the
three categories of packets as 800pps and 900pps respectively.
Configuration
Ruijie(config)# interface G 0/1
Examples
Ruijie(config-if)# nfpp nd-guard policy per-port ns-na 50 100
Ruijie(config-if)# nfpp nd-guard policy per-port rs 10 20
Ruijie(config-if)# nfpp nd-guard policy per-port ra-redirect 10 20
Related
Commands
Platform
Command
Description
nd-guard attack-threshold
Set the global attack threshold.
nd-guard rate-limit
Set the global rate-limit threshold.
show nfpp nd-guard summary
Show the configurations.
N/A
Description
show nfpp arp-guard hosts
Use this command to show the monitored host.
show nfpp arp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |
Command Reference
NFPP Commands
mac-address ] ] ]
Parameter
Description
Parameter
Description
statistics
Show the statistical information of the monitored host.
vid
The VLAN ID.
interface-id
The interface name.
ip-address
The IP address.
mac-address
The MAC address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the statistical information of the monitored host:
Examples
Ruijie# show nfpp arp-guard hosts statistics
success
fail
total
-------
----
-----
100
20
120
The following example shows the monitored host:
Ruijie# show nfpp arp-guard hosts
If column 1 shows '*', it means "hardware do not isolate user" .
VLAN interface IP address
MAC address
remain-time(s)
---- --------
-----------
-------------
---------
1
Gi0/1
1.1.1.1
-
110
2
Gi0/2
1.1.2.1
-
61
*3
Gi0/3
-
0000.0000.1111 110
4
Gi0/4
-
0000.0000.2222
61
Total:4 hosts
Related
Commands
Platform
Command
Description
clear nfpp arp-guard hosts
Clear the monitored host.
N/A
Description
show nfpp arp-guard scan
Use this command to show the ARP scan list.
Command Reference
NFPP Commands
show nfpp arp-guard scan [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address ]
[ mac-address ] ] ]
Parameter
Description
Parameter
Description
statistics
Show the statistical information of the ARP scan list.
vid
The VLAN ID.
interface-id
The interface name.
ip-address
The IP address.
mac-address
The MAC address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp arp-guard scan statistics
Examples
ARP scan table has 4 record(s).
Ruijie# show nfpp arp-guard scan
VLAN
interface
IP address
MAC address
----
--------
1
Gi0/1
N/A
0000.0000.0001
2008-01-23 16:23:10
2
Gi0/2
1.1.1.1
0000.0000.0002
2008-01-23 16:24:10
3
Gi0/3
N/A
0000.0000.0003
2008-01-23 16:25:10
4
Gi0/4
N/A
0000.0000.0004
2008-01-23 16:26:10
---------- -----------
timestamp
---------
Total:4 record(s)
Ruijie# show nfpp arp-guard scan vlan 1 interface G 0/1 0000.0000.0001
VLAN
interface
IP address
----
--------
----------
1
Gi0/1
N/A
MAC address
----------0000.0000.0001
timestamp
------2008-01-23 16:23:10
Total:1 record(s)
Related
Commands
Platform
Description
Command
Description
arp-guard scan-threshold
Set the global scan threshold.
nfpp arp-guard scan-threshold
Set the scan threshold.
clear nfpp arp-guard scan
Clear the ARP scan list.
N/A
Command Reference
NFPP Commands
show nfpp arp-guard summary
Use this command to show the configurations.
show nfpp arp-guard summary
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp arp-guard summary
Examples
(Format
of
column
Rate-limit
and
Attack-threshold
is
per-src-ip/per-src-mac/per-port.)
Interface Status Isolate-period Rate-limit Attack-threshold Scan-threshold
Global
Enable 300
4/5/60
8/10/100
Gi 0/1
Enable 180
5/-/-
8/-/-
Gi 0/2
Disable 200
4/5/60
8/10/100
15
20
Maximum count of monitored hosts: 1000
Monitor period:300s
Field
Description
Interface(Global)
Global configuration
Status
Enable/Disable the anti-attack function.
Rate-limit
In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Related
Commands
Attack-threshold
In the same format as the rate-limit.
-
No configuration.
Command
Description
arp-guard attack-threshold
Set the global attack threshold.
arp-guard enable
Enable the anti-ARP attack function.
arp-guard isolate-period
Set the global isolate time.
arp-guard monitor-period
Set the monitor period.
arp-guard monitored-host-limit
Set the maximum number of the monitored hosts.
arp-guard rate-limit
Set the global rate-limit threshold.
Command Reference
NFPP Commands
Set the global scan threshold.
arp-guard scan-threshold
Enable the anti-ARP attack function on the
nfpp arp-guard enable
Platform
interface.
nfpp arp-guard isolate-period
Set the isolate time.
nfpp arp-guard policy
Set the rate-limit threshold and attack threshold.
nfpp arp-guard scan-threshold
Set the scan threshold.
N/A
Description
show nfpp dhcp-guard hosts
Use this command to show the monitored host.
show nfpp dhcp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |
mac-address ] ] ]
Parameter
Description
Parameter
Description
statistics
Show the statistical information of the monitored host.
vid
The VLAN ID.
interface-id
The interface name.
ip-address
The IP address.
mac-address
The MAC address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the statistical information of the monitored host:
Examples
Ruijie# show nfpp dhcp-guard hosts statistics
success
fail
total
-------
----
-----
100
20
120
The following example shows the monitored host:
Ruijie# show nfpp dhcp-guard hosts
If column 1 shows '*', it means "hardware failed to isolate host".
VLAN interface
---1
MAC address
--------gi0/2
remain-time(seconds)
-----------
0000.0000.0001
------------------10
Command Reference
*2
NFPP Commands
gi0/1
0000.0000.0002
20
Total:2 host(s)
Related
Commands
Platform
Command
Description
clear nfpp dhcp-guard hosts
Clear the monitored host.
N/A
Description
show nfpp dhcp-guard summary
Use this command to show the configurations.
show nfpp dhcp-guard summary
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp dhcp-guard summary
Examples
(Format
of
column
Rate-limit
and
Attack-threshold
is
per-src-ip/per-src-mac/per-port.)
Interface Status Isolate-period Rate-limit Attack-threshold
Global
Enable 300
-/5/150
-/10/300
Gi 0/1
Enable 180
-/6/-
-/8/-
Gi 0/2
Disable 200
-/5/30
-/10/50
Maximum count of monitored hosts: 1000
Monitor period:300s
Field
Description
Interface(Global)
Global configuration
Status
Enable/Disable the anti-attack function.
Rate-limit
In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Command Reference
NFPP Commands
-
Related
Commands
No configuration.
Command
Description
dhcp-guard attack-threshold
Set the global attack threshold.
dhcp-guard enable
Enable the DHCP anti-attack function.
dhcp-guard isolate-period
Set the global isolate time.
dhcp-guard monitor-period
Set the monitor period.
dhcp-guard monitored-host-limit
Set the maximum number of the monitored hosts.
dhcp-guard rate-limit
Set the global rate-limit threshold.
Enable the DHCP anti-attack function on the
nfpp dhcp-guard enable
Platform
interface.
nfpp dhcp-guard isolate-period
Set the isolate time.
nfpp dhcp-guard policy
Set the rate-limit threshold and attack threshold.
N/A
Description
show nfpp dhcpv6-guard hosts
Use this command to show the monitored host.
show nfpp dhcpv6-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-id ] [ ip-address |
mac-address ] ] ]
Parameter
Description
Parameter
Description
statistics
Show the statistical information of the monitored host.
vid
The VLAN ID.
interface-id
The interface name.
ip-address
The IP address.
mac-address
The MAC address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the statistical information of the monitored host:
Examples
Ruijie# show nfpp dhcpv6-guard hosts statistics
success
fail
total
-------
----
-----
Command Reference
NFPP Commands
100
20
120
The following example shows the monitored host:
Ruijie# show nfpp dhcpv6-guard hosts
If column 1 shows '*', it means "hardware failed to isolate host".
VLAN interface
----
MAC address
---------
remain-time(seconds)
-----------
-------------------
1
gi0/2
0000.0000.0001
10
*2
gi0/1
0000.0000.0002
20
Total:2 host(s)
Related
Commands
Platform
Command
Description
clear nfpp dhcpv6-guard hosts
Clear the monitored host.
N/A
Description
show nfpp dhcpv6-guard summary
Use this command to show the configurations.
show nfpp dhcpv6-guard summary
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp dhcpv6-guard summary
Examples
(Format
of
column
Rate-limit
and
Attack-threshold
per-src-ip/per-src-mac/per-port.)
Interface Status Isolate-period Rate-limit Attack-threshold
Global
Enable 300
-/5/150
-/10/300
Gi 0/1
Enable 180
-/6/-
-/8/-
Gi 0/2
Disable 200
-/5/30
-/10/50
Maximum count of monitored hosts: 1000
Monitor period:300s
is
Command Reference
NFPP Commands
Field
Description
Interface(Global)
Global configuration
Status
Enable/Disable the anti-attack function.
Rate-limit
In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Related
Commands
Attack-threshold
In the same format as the rate-limit.
-
No configuration.
Command
Description
dhcpv6-guard attack-threshold
Set the global attack threshold.
dhcpv6-guard enable
Enable the DHCPv6 anti-attack function.
dhcpv6-guard isolate-period
Set the global isolate time.
dhcpv6-guard monitor-period
Set the monitor period.
dhcpv6-guard monitored-host-limit
Set the maximum number of the monitored hosts.
dhcpv6-guard rate-limit
Set the global rate-limit threshold.
Enable the DHCPv6 anti-attack function on the
nfpp dhcpv6-guard enable
Platform
interface.
nfpp dhcpv6-guard isolate-period
Set the isolate time.
nfpp dhcpv6-guard policy
Set the rate-limit threshold and attack threshold.
N/A
Description
show nfpp icmp-guard hosts
Use this command to show the monitored host.
show nfpp icmp-guard hosts [ statistics | [ [ vlan vid ] [ interface interface-Id ] [ ip-address |
mac-address ] ] ]
Parameter
Description
Parameter
Description
statistics
Show the statistical information of the monitored host.
vid
The VLAN ID.
interface-id
The interface name.
ip-address
The IP address.
mac-address
The MAC address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Command Reference
NFPP Commands
Usage Guide
N/A
Configuration
The following example shows the statistical information of the monitored host:
Examples
Ruijie# show nfpp icmp-guard hosts statistics
success
fail
total
-------
----
-----
100
20
120
The following example shows the monitored host:
Ruijie# show nfpp icmp-guard hosts
If column 1 shows '*', it means "hardware failed to isolate host".
VLAN interface IP address
----
--------
remain-time(s)
---------
-------------
1
Gi0/1
1.1.1.1
110
2
Gi0/2
1.1.2.1
61
Total:2 host(s)
Related
Commands
Platform
Command
Description
clear nfpp icmp-guard hosts
Clear the monitored host.
N/A
Description
show nfpp icmp-guard summary
Use this command to show the configurations.
show nfpp icmp-guard summary
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp icmp-guard summary
Examples
(Format
of
column
Rate-limit
per-src-ip/per-src-mac/per-port.)
and
Attack-threshold
is
Command Reference
NFPP Commands
Interface Status Isolate-period Rate-limit Attack-threshold
Global
Enable 300
4/-/60
8/-/100
Gi 0/1
Enable 180
5/-/-
8/-/-
Gi 0/2
Disable 200
4/-/60
8/-/100
Maximum count of monitored hosts: 1000
Monitor period:300s
Field
Description
Interface(Global)
Global configuration
Status
Enable/Disable the anti-attack function.
Rate-limit
In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Related
Commands
Attack-threshold
In the same format as the rate-limit.
-
No configuration.
Command
Description
icmp-guard attack-threshold
Set the global attack threshold.
icmp-guard enable
Enable the ICMP anti-attack function.
icmp-guard isolate-period
Set the global isolate time.
icmp-guard monitor-period
Set the monitor period.
icmp-guard monitored-host-limit
Set the maximum number of the monitored hosts.
icmp-guard rate-limit
Set the global rate-limit threshold.
Enable the ICMP anti-attack function on the
nfpp icmp-guard enable
Platform
interface.
nfpp icmp-guard isolate-period
Set the isolate time.
nfpp icmp-guard policy
Set the rate-limit threshold and attack threshold.
N/A
Description
show nfpp icmp-guard trusted-host
Use this command to show the trusted host free from being monitored.
show nfpp icmp-guard summary
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
N/A
Command Reference
Command
NFPP Commands
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp icmp-guard trusted-host
Examples
IP address
mask
---------
------
1.1.1.0
255.255.255.0
1.1.2.0
255.255.255.0
Total:2 record(s)
Related
Commands
Platform
Command
Description
icmp-guard trusted-host
Set the trusted host.
N/A
Description
show nfpp ip-guard hosts
Use this command to show the monitored host.
show nfpp ip-guard hosts [ statistics | [ [ vlan vid ] [ Interface interface-id ] [ ip-address |
mac-address ] ] ]
Parameter
Description
Parameter
Description
statistics
Show the statistical information of the monitored host.
vid
The VLAN ID.
interface-id
The interface name.
ip-address
The IP address.
mac-address
The MAC address.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
The following example shows the statistical information of the monitored host:
Examples
Ruijie# show nfpp ip-guard hosts statistics
success
fail
total
-------
----
-----
Command Reference
NFPP Commands
100
20
120
Ruijie#show nfpp ip-guard hosts
If column 1 shows '*', it means "hardware do not isolate host" .
VLAN interface IP address
Reason
remain-time(s)
---- --------
-------
-------------
---------
1
Gi0/1
1.1.1.1
ATTACK
110
2
Gi0/2
1.1.2.1
SCAN
61
Total:2 host(s)
Related
Commands
Platform
Command
Description
clear nfpp ip-guard hosts
Clear the monitored host.
N/A
Description
show nfpp ip-guard summary
Use this command to show the configurations.
show nfpp ip-guard summary
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp ip-guard summary
Examples
(Format
of
column
Rate-limit
and
Attack-threshold
is
per-src-ip/per-src-mac/per-port.)
Interface Status Isolate-period Rate-limit Attack-threshold Scan-threshold
Global
Enable 300
4/-/60
8/-/100
Gi 0/1
Enable 180
5/-/-
8/-/-
Gi 0/2
Disable 200
4/-/60
8/-/100
Maximum count of monitored hosts: 1000
Monitor period..300s
15
20
Command Reference
NFPP Commands
Field
Description
Interface(Global)
Global configuration
Status
Enable/Disable the anti-attack function.
Rate-limit
In the format of the rate-limit threshold for the source IP address/ the rate-limit
threshold for the source MAC address/ the rate-limit threshold for the port
Related
Commands
Platform
Attack-threshold
In the same format as the rate-limit.
-
No configuration.
Command
Description
ip-guard attack-threshold
Set the global attack threshold.
ip-guard enable
Enable the IP anti-scan function.
ip-guard isolate-period
Set the global isolate time.
ip-guard monitor-period
Set the monitor period.
ip-guard monitored-host-limit
Set the maximum number of the monitored hosts.
ip-guard rate-limit
Set the global rate-limit threshold.
nfpp ip-guard enable
Enable the IP anti-scan function on the interface.
nfpp ip-guard isolate-period
Set the isolate time.
nfpp ip-guard policy
Set the rate-limit threshold and attack threshold.
N/A
Description
show nfpp ip-guard trusted-host
Use this command to show the trusted host free from being monitored.
show nfpp ip-guard summary
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp ip-guard trusted-host
Examples
IP address
mask
---------
------
1.1.1.0
255.255.255.0
Command Reference
NFPP Commands
1.1.2.0
255.255.255.0
Total:2 record(s)
Related
Commands
Platform
Command
Description
ip-guard trusted-host
Set the trusted host.
N/A
Description
show nfpp log
Use this command to show the NFPP log configuration.
show nfpp log summary
Use this command to show the NFPP log buffer area content.
show nfpp log buffer [ statistics ]
Parameter
Description
Parameter
Description
statistics
Show the statistical information of the NFPP log buffer area.
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
When the log buffer area is full, the subsequent logs are to be dropped, and an entry with all
attributes ”-” is displayed in the log buffer area. The administrator shall increase the capacity of the log
buffer area or improve the rate of generating the syslog.
The generated syslog in the log buffer area carries with the timestamp, for example:
%NFPP_ARP_GUARD-4-DOS_DETECTED:
Host<IP=N/A,MAC=0000.0000.0004,port=Gi4/1,VLAN=1> was detected.(2009-07-01 13:00:00)
Configuration
The following example shows the NFPP log configurations:
Examples
Ruijie#show nfpp log summary
Total log buffer size : 10
Syslog rate : 1 entry per 2 seconds
Logging:
VLAN
1-3, 5
interface Gi 0/1
interface Gi 0/2
The following example shows the log number in the buffer area:
Ruijie#show nfpp log buffer statistics
Command Reference
NFPP Commands
There are 6 logs in buffer.
The following example shows the NFPP log buffer area:
Ruijie#show nfpp log buffer
Protocol VLAN Interface IP address MAC address
------- ---- -------ARP
1
Reason
--------- -----------
Gi0/1
1.1.1.1
Gi0/1
1.1.1.1
-
-----DoS
Timestamp
--------2009-05-30
16:23:10
ARP
1
-
ISOLATED
2009-05-30
16:23:10
ARP
1
Gi0/1
1.1.1.2
-
DoS
2009-05-30
16:23:15
ARP
1
Gi0/1
1.1.1.2
-
ISOLATE_FAILED 2009-05-30
16:23:15
ARP
1
Gi0/1
-
0000.0000.0001
SCAN
2009-05-30
16:30:10
ARP
-
Gi0/2
-
-
PORT_ATTACKED
2009-05-30
16:30:10
Field
Description
Protocol
ARP, IP, ICMP, DHCP,DHCPv6, NS-NA, RS, RA-REDIRECT
Reason
1. DoS
2. ISOLATED
3. ISOLATE_FAILE
4. SCAN
5. PORT_ATTACKED
Related
Commands
Platform
Command
Description
clear nfpp log
Clear the NFPP log buffer area.
N/A
Description
show nfpp nd-guard summary
Use this command to show the configurations.
show nfpp nd-guard summary
Parameter
Description
Defaults
Parameter
Description
N/A
N/A
N/A
Command Reference
Command
NFPP Commands
Privileged EXEC mode.
Mode
Usage Guide
N/A
Configuration
Ruijie# show nfpp nd-guard summary
Examples
(Format of column Rate-limit and
Attack-threshold is NS-NA/RS/RA-REDIRECT.)
Interface Status Rate-limit Attack-threshold
Global
Enable 20/5/10
Gi 0/1
Enable 15/15/15
Gi 0/2
Disable -/5/30
40/10/20
30/30/30
-/10/50
Field
Related
Commands
Interface(Global)
Global configuration
Status
Enable/Disable the anti-attack function.
Rate-limit
In the format of the rate-limit threshold for the NS-NA/RS/RA-REDIRECT.
Attack-threshold
In the same format as the rate-limit.
-
No configuration.
Command
Description
nd-guard attack-threshold
Set the global attack threshold.
nd-guard enable
Enable the ND anti-attack function.
nd-guard rate-limit
Set the global rate-limit threshold.
nfpp nd-guard enable
nfpp nd-guard policy
Platform
Description
Description
N/A
Enable the ND anti-attack function on the
interface.
Set the rate-limit threshold and attack threshold.
Command Reference
ACL Commands
ACL Commands
access-list
Use this command to create an access list rule to filter data packets. The no form of this command
deletes the specified access list entries.
1)
Standard IP access list (1 to 99, 1300 to 1999)
access-list id { deny | permit } { source source-wildcard | host source | any | interface idx }
[time-range tm-range-name ] [ log ]
2)
Extended IP access list (100 to 199, 2000 to 2699 )
access-list id { deny | permit } protocol {source source-wildcard | host source | any | interface idx }
{ destination destination-wildcard | host destination | any } [ precedence precedence] [ tos tos ]
[ fragment ] [ range lower upper ] [ time-range time-range-name] [ log ]
3)
Extended MAC access list (700 to 799)
access-list
id
{
deny
|
permit}
{any
|
host source-mac-address
}
{
any
|
host
destination-mac-address } [ ethernet-type ] [ cos [ out ] [ inner in ] ]
4)
Extended expert access list (2700 to 2899)
access-list id { deny | permit } [ protocol | [ ethernet-type ] [ cos [ out ] [ inner in ] ] ] [ VID [ out ]
[ inner in ] ] { source source-wildcard | host source | any } { host source-mac-address | any }
{ destination destination-wildcard | host destination | any} { host destination-mac-address | any } ]
[ precedence precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]

When you select the Ethernet-type field or cos field:
access-list id { deny | permit } { ethernet-type | cos [ out ] [ inner in ] } [ VID [ out ] [ inner in ] ]
{ source source-wildcard | host source | any } { host source-mac-address | any } { destination
destination-wildcard | host destination | any } { host destination-mac-address | any } [ time-range
time-range-name ]

When you select the protocol field:
access-list id { deny | permit } protocol [ VID [out][inner in ] ] {source source-wildcard | host source |
any } { host source-mac-address | any } {destination destination-wildcard | host destination | any }
{ host destination-mac-address | any } [ precedence precedence ] [ tos tos ] [ fragment] [range
lower upper ] [ time-range time-range-name ]

Extended expert ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
access-list id { deny | permit } icmp [ VID [ out ] [ inner in ] ] { source source-wildcard | host source
| any } { host source-mac-address | any } { destination destination-wildcard | host destination | any}
{host destination-mac-address | any} [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ]
[precedence precedence] [tos tos] [fragment] [time-range time-range-name]
Transmission Control Protocol (TCP)
access-list id {deny | permit} tcp [VID [out][inner in]]{source source-wildcard | host Source | any}
{host source-mac-address | any } [operator port [port] ] {destination destination-wildcard | host
destination | any} {host destination-mac-address | any} [operator port [port] ] [precedence
precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [ match-all
Command Reference
ACL Commands
tcp-flag | established ]
User Datagram Protocol (UDP)
access-list id {deny | permit} udp[VID [out][inner in]] {source source –wildcard | host source | any}
{host source-mac-address | any } [ operator port [port] ] {destination destination-wildcard | host
destination | any}{host destination-mac-address | any} [operator port [port] ] [precedence
precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name]
5)
List remark
access-list id list-remark text
Parameter
Description
Parameter
id
Description
Access list ID. The ranges available are 1 to 99, 100 to 199, 1300 to
1999, 2000 to 2699, 2700 to 2899, and 700 to 799.
deny
If not matched, access is denied.
permit
If matched, access is permitted.
source
Specify the source IP address (host address or network address).
source-wildcard
It can be discontinuous, for example, 0.255.0.32.
IP protocol number. It can be one of EIGRP, GRE, IPINIP, IGMP,
protocol
NOS, OSPF, ICMP, UDP, TCP, and IP. It can also be a number
representing the IP protocol between 0 and 255. The important
protocols such as ICMP, TCP, and UDP are described separately.
destination
destination-wildcard
Specify the destination IP address (host address or network
address).
Wildcard of the destination IP address. It can be discontinuous, for
example, 0.255.0.32.
fragment
Packet fragment filtering
precedence
Specify the packet priority.
precedence
Packet precedence value (0 to 7)
range
Layer4 port number range of the packet.
lower
Lower limit of the layer4 port number.
upper
Upper limit of the layer4 port number.
time-range
Time range of packet filtering
time-range-name
Time range name of packet filtering
tos
Specify type of service.
tos
ToS value (0 to 15)
icmp-type
ICMP message type (0 to 255)
icmp-code
ICMP message type code (0 to 255)
icmp-message
ICMP message type name
operator
Operator (lt-smaller, eq-equal, gt-greater, neq-unequal, range-range)
port [ port ]
Port number; range needs two port numbers, while other operators
only need one port number.
host source-mac-address
Source physical address
host
Destination physical address
destination-mac-address
Command Reference
ACL Commands
VID vid
Match the specified VID.
ethernet-type
Ethernet type
match-all
Match all the bits of the TCP flag.
tcp-flag
Match the TCP flag.
established
Match the RST or ACK bits, not other bits of the TCP flag.
text
Remark information
Defaults
None
Command
Global configuration mode.
Mode
Usage Guide
To filter the data by using the access control list, you must first define a series of rule statements by
using the access list. You can use ACLs of the appropriate types according to the security needs:
The standard IP ACL (1 to 99, 1300 to 1999) only controls the source IP addresses.
The extended IP ACL (100 to 199, 2000 to 2699) can enforce strict control over the source and
destination IP addresses.
The extended MAC ACL (700 to 799) can match against the source/destination MAC addresses and
Ethernet type.
The extended expert access list (2700 to 2899) is a combination of the above and can match and filter
the VLAN ID.
For the layer-3 routing protocols including the unicast routing protocol and multicast routing protocol,
the following parameters are not supported by the ACL: precedence precedence/tos
tos/fragments/range lower upper/time-range time-range-name
The TCP Flag includes part or all of the following:

urg

ack

psh

rst

syn

fin
The packet precedence is as below:

critical

flash

flash-override

immediate

internet

network

priority

routine
The service types are as below:

max-reliability
Command Reference
ACL Commands

max-throughput

min-delay

min-monetary-cost

normal
The ICMP message types are as below:

administratively-prohibited

dod-host-prohibited

dod-net-prohibited

echo

echo-reply

fragment-time-exceeded

general-parameter-problem

host-isolated

host-precedence-unreachable

host-redirect

host-tos-redirect

host-tos-unreachable

host-unknown

host-unreachable

information-reply

information-request

mask-reply

mask-request

mobile-redirect

net-redirect

net-tos-redirect

net-tos-unreachable

net-unreachable

network-unknown

no-room-for-option

option-missing

packet-too-big

parameter-problem

port-unreachable

precedence-unreachable

protocol-unreachable

redirect

device-advertisement

device-solicitation

source-quench

source-route-failed

time-exceeded

timestamp-reply
Command Reference
ACL Commands

timestamp-request

ttl-exceeded

unreachable
The TCP ports are as follows. A port can be specified by port name and port number:

bgp

chargen

cmd

daytime

discard

domain

echo

exec

finger

ftp

ftp-data

gopher

hostname

ident

irc

klogin

kshell

ldp

login

nntp

pim-auto-rp

pop2

pop3

smtp

sunrpc

syslog

tacacs

talk

telnet

time

uucp

whois

www
The UDP ports are as follows. A UDP port can be specified by port name and port number.

biff

bootpc

bootps

discard
Command Reference
ACL Commands

dnsix

domain

echo

isakmp

mobile-ip

nameserver

netbios-dgm

netbios-ns

netbios-ss

ntp

pim-auto-rp

rip

snmp

snmptrap

sunrpc

syslog

tacacs

talk

tftp

time

who

xdmcp
The Ethernet types are as below:

aarp

appletalk

decnet-iv

diagnostic

etype-6000

etype-8042

lat

lavc-sca

mop-console

mop-dump

mumps

netbios

vines-echo

xns-idp
Configuration
1. Example of the standard IP ACL
Examples
The following basic IP ACL allows the packets whose source IP addresses are 192.168.1.64 192.168.1.127 to pass:
Ruijie (config)#access-list 1 permit 192.168.1.64 0.0.0.63
2. Example of the extended IP ACL
Command Reference
ACL Commands
The following extended IP ACL allows the DNS messages and ICMP messages to pass:
Ruijie(config)#access-list 102 permit tcp any any eq domain log
Ruijie(config)#access-list 102 permit udp any any eq domain log
Ruijie(config)#access-list 102 permit icmp any any echo log
Ruijie(config)#access-list 102 permit icmp any any echo-reply
3. Example of the extended MAC ACL
This example shows how to deny the host with the MAC address 00d0f8000c0c to provide service
with the protocol type 100 on gigabit Ethernet port 1/1. The configuration procedure is as below:
Ruijie(config)#access-list 702 deny host 00d0f8000c0c any aarp
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# mac access-group 702 in
4. Example of the extended expert ACL
The following example shows how to create and display an extended expert ACL. This expert ACL
denies all the TCP packets with the source IP address 192.168.12.3 and the source MAC address
00d0.f800.0044.
Ruijie(config)#access-list 2702 deny tcp host 192.168.12.3 mac 00d0.f800.0044
any any
Ruijie(config)# access-list 2702 permit any any any any
Ruijie(config)# show access-lists
expert access-list extended 2702
10 deny tcp host 192.168.12.3 mac 00d0.f800.0044 any any
10 permit any any any any
Related
Commands
Platform
Command
Description
show access-lists
Show all the ACLs.
mac access-group
Apply the extended MAC ACL on the interface.
N/A
Description
deny
One or multiple deny conditions are used to determine whether to forward or discard the packet. In
ACL configuration mode, you can modify the existent ACL or configure according to the protocol
details.
Standard IP ACL
[sn] deny {source source-wildcard | host source | any| interface idx } [ time-range tm-range-name ]
[ log ]
Extended IP ACL
[sn] deny protocol source source-wildcard destination destination-wildcard [precedence
precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [ log ]
Extended IP ACLs of some important protocols:

Internet Control Message Prot (ICMP)
Command Reference
ACL Commands
[sn] deny icmp {source source-wildcard | host source | any} {destination destination-wildcard |
host destination | any} [icmp-type] [[icmp-type [icmp-code]] | [icmp-message]] [precedence
precedence] [tos tos] [fragment] [time-range time-range-name]

Transmission Control Protocol (TCP)
[sn] deny udp {source source –wildcard | host source | any} [ operator port [port]] {destination
destination-wildcard | host destination | any} [operator port [port]] [precedence precedence] [tos
tos] [fragment] [range lower upper] [time-range time-range-name]

User Datagram Protocol (UDP)
[sn] deny udp {source source –wildcard | host source | any} [ operator port [port]] {destination
destination-wildcard | host destination | any} [operator port [port]] [precedence precedence] [tos
tos] [fragment] [range lower upper] [time-range time-range-name]
Extended MAC ACL
[sn] deny {any | host source-mac-address}{any | host destination-mac-address} [ethernet-type][cos
[out] [inner in]]
Extended expert ACL
[sn] deny[protocol | [ethernet-type][ cos [out] [inner in]]] [[VID [out][inner in]]] {source
source-wildcard
|
host
source
|
any}{host
destination-wildcard | host destination | any} {host
source-mac-address
|
any
}
{destination
destination-mac-address | any} [precedence
precedence] [tos tos][fragment] [range lower upper] [ time-range time-range-name ]

When you select the ethernet-type field or cos field:
[sn] deny {[ethernet-type}[cos [out] [inner in]]} [[VID [out][inner in]]] {source source-wildcard | host
source | any} {host source-mac-address | any } {destination destination-wildcard | host destination |
any} {host destination-mac-address | any} [time-range time-range-name]

When you select the protocol field:
[sn] deny protocol [[VID [out][inner in]]] {source source-wildcard | host source | any} {host
source-mac-address | any } {destinationdestination-wildcard | host destination | any} {host
destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper]
[time-range time-range-name]

Extended expert ACLs of some important protocols
Internet Control Message Protocol (ICMP)
[sn] deny icmp [[VID [out][inner in]]] {source source-wildcard | host source | any} {host
source-mac-address | any} {destination destination-wildcard | host destination | any} {host
destination-mac-address | any} [icmp-type] [[icmp-type [icmp-code ]] | [icmp-message]] [precedence
precedence] [tos tos] [fragment] [time-range time-range-name]
Transmission Control Protocol (TCP)
[sn] deny tcp [[VID [out][inner in]]]{source source-wildcard | host Source | any} {host
source-mac-address | any } [operator port [port]] {destination destination-wildcard | host destination |
any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name] [match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] deny udp [[VID [out][inner in]]]{source source –wildcard | host source | any} {host
source-mac-address | any } [ operator port [port]] {destination destination-wildcard | host destination
| any}{host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name]
Command Reference
ACL Commands
Address Resolution Protocol (ARP)
[sn] deny arp {vid vlan-id}[ source-mac-address source-wildcard |host source-mac-address | any]
[host destination –mac-address | any] {sender-ip sender-ip–wildcard | host sender-ip | any}
{sender-mac sender-mac-wildcard | host sender-mac | any} {target-ip target-ip–wildcard | host
target-ip | any}
5. Extended IPv6 ACL
[sn]
deny
protocol{source-ipv6-prefix/prefix-length
|
any
|
host
source-ipv6-address
}
{destination-ipv6-prefix / prefix-length | any| hostdestination-ipv6-address} [dscp dscp] [flow-label
flow-label] [fragment] [range lower upper] [time-range time-range-name]
Extended ipv6 ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[sn]deny
icmp
{source-ipv6-prefix
/
prefix-length
|
any
source-ipv6-address
|
host}
{destination-ipv6-prefix / prefix-length| host destination-ipv6-address | any} [icmp-type] [[icmp-type
[icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label] [fragment] [time-range
time-range-name]
Transmission Control Protocol (TCP)
[sn] deny tcp {source-ipv6-prefix / prefix-length | hostsource-ipv6-address | any}[operator port[port]]
{destination-ipv6-prefix /prefix-length | host destination-ipv6-address | any} [operator port [port]]
[dscp dscp] [flow-label flow-label] [fragment] [range lower upper] [time-range time-range-name]
[match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] deny udp {source-ipv6-prefix/prefix-length | host source-ipv6-address | any} [operator port
[port]] {destination-ipv6-prefix /prefix-length | host destination-ipv6-address | any}[operator port
[port]]
[dscp
dscp]
[flow-label
flow-label]
[fragment]
[range
lower
upper]
[time-range
time-range-name]
Parameter
Description
Parameter
Description
sn
ACL entry sequence number
source-ipv6-prefix
Source IPv6 network address or network type
destination-ipv6-prefix
Destination IPv6 network address or network type
prefix-length
Prefix mask length
source-ipv6-address
Source IPv6 address
destination-ipv6-address
Destination IPv6 address
dscp
Differential Service Code Point
dscp
Code value, within the range of 0 to 63
flow-label
Flow label
flow-label
Flow label value, within the range of 0 to 1048575.
protocol
Defaults
For the IPv6, the field can be ipv6 | icmp | tcp | udp and number in the
range 0 to 255
time-range
Time range of the packet filtering
time-range-name
Time range name of the packet filtering
No entry
Command Reference
Command
ACL Commands
ACL configuration mode.
mode
Usage Guide
Use this command to configure the filtering entry of ACLs in ACL configuration mode.
Configuration
The following example shows how to create and display an extended expert ACL. This expert ACL
Examples
denies all the TCP packets with the source IP address 192.168.4.12 and the source MAC address
001300498272.
Ruijie(config)#expert access-list extended 2702
Ruijie(config-exp-nacl)#deny tcp host
192.168.4.12 host 0013.0049.8272 any any
Ruijie(config-exp-nacl)#permit any any any any
Ruijie(config-exp-nacl)#show access-lists
expert access-list extended 2702
10 deny tcp host 192.168.4.12 host 0013.0049.8272 any any
20 permit any any any any
Ruijie(config-exp-nacl)#
This example shows how to use the extended IP ACL. The purpose is to deny the host with the IP
address 192.168.4.12 to provide services through the TCP port 100 and apply the ACL to Interface
gigabitethernet 1/1. The configuration procedure is as below:
Ruijie(config)# ip access-list extended ip-ext-acl
Ruijie(config-ext-nacl)# deny tcp host 192.168.4.12 eq 100 any
Ruijie(config-ext-nacl)# show access-lists
ip access-list extended ip-ext-acl
10 deny tcp host 192.168.4.12 eq 100 any
Ruijie(config-ext-nacl)#exit
Ruijie(config)#interface gigabitethernet 1/1
Ruijie(config-if)#ip access-group ip-ext-acl in
Ruijie(config-if)#
This example shows how to use the extended MAC ACL. The purpose is to deny the host with the
MAC address 0013.0049.8272 to send Ethernet frames of the type 100 and apply the rule to Interface
gigabitethernet 1/1. The configuration procedure is as below:
Ruijie(config)#mac access-list extended mac1
Ruijie(config-mac-nacl)#deny host 0013.0049.8272 any aarp
Ruijie(config-mac-nacl)# show access-lists
mac access-list extended mac1
10 deny host 0013.0049.8272 any aarp
Ruijie(config-mac-nacl)#exit
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# mac access-group mac1 in
This example shows how to use the standard IP ACL. The purpose is to deny the host with the IP
address 192.168.4.12 and apply the rule to Interface gigabitethernet 1/1. The configuration procedure
is as below:
Command Reference
ACL Commands
Ruijie(config)#ip access-list standard 34
Ruijie(config-ext-nacl)# deny host 192.168.4.12
Ruijie(config-ext-nacl)#show access-lists
ip access-list standard 34
10 deny host 192.168.4.12
Ruijie(config-ext-nacl)#exit
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# ip access-group 34 in
This example shows how to use the extended IPV6 ACL. The purpose is to deny the host with the IP
address 192.168.4.12 and apply the rule to Interface gigabitethernet 1/1. The configuration procedure
is as below:
Ruijie(config)#ipv6 access-list extended v6-acl
Ruijie(config-ipv6-nacl)#11 deny ipv6 host 192.168.4.12 any
Ruijie(config-ipv6-nacl)#show access-lists
ipv6 access-list extended v6-acl
11 deny ipv6 host 192.168.4.12 any
Ruijie(config-ipv6-nacl)# exit
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# ipv6 traffic-filter v6-acl in
Related
Commands
Platform
Command
Description
show access-lists
Show all the ACLs.
ipv6 traffic-filter
Apply the extended ipv6 ACL on the interface.
ip access-group
Apply the IP ACL on the interface.
mac access-group
Apply the extended MAC ACL on the interface.
ip access-list
Define the IP ACL.
mac access-list
Define the extended MAC ACL.
expert access-list
Define the extended expert ACL.
ipv6 access-list
Define the extended IPv6 ACL.
permit
Permit the access.
N/A
Description
expert access-group
Use this command to apply the specified expert ACL on the specified interface. Use the no form of
the command to remove the application.
expert access-group {id| name } { in | out }
no expert access-group {id|name} {in|out}
Parameter
Parameter
Description
Command Reference
ACL Commands
Description
id
ID of the expert ACL (2700 to 2899)
name
Name of the expert ACL
in
Filter the inputting packets of the interface
out
Filter the outputting packets of the interface
Defaults
No Expert ACL is applied on the interface.
Command
Interface configuration mode.
mode
Usage Guide
This command is used to apply the specified ACL on the interface to control the input and output data
streams on the interface. Use the show access-group command to view the setting.
Configuration
The following example shows how to apply the access-list accept_00d0f8xxxxxx only to Gigabit
Examples
interface 0/1:
Ruijie(config)# interface GigaEthernet 0/1
Ruijie(config-if)# expert access-group
accept_00d0f8xxxxxx_only in
Related
Commands
Platform
Command
Description
show access-group
Show the ACL configuration.
The expert ACL is not supported by routers.
Description
expert access-list
Use this command to create an extended expert ACL. Use the no form of the command to remove
the ACL.
expert access-list extended {id | name}
no expert access-list extended {id | name}
Parameter
Description
Parameter
Description
id
ID of the extended expert ACL (2700 to 2899)
name
Name of the extended expert ACL
Defaults
No Expert ACL
Command
Global configuration mode.
mode
Command Reference
ACL Commands
Usage Guide
Use show access-lists to display the ACL configurations.
Configuration
Create an extended expert ACL:
Examples
Ruijie(config)# expert access-list extended exp-acl
Ruijie(config-exp-nacl)#
show
access-lists
expert
access-list
extended
exp-acl
Ruijie(config-exp-nacl)#
Create an extended expert ACL:
Ruijie(config)# expert access-list extended 2704
Ruijie(config-exp-nacl)# show access-lists access-list extended 2704
Ruijie(config-exp-nacl)#
Related
Commands
Platform
Command
Description
show access-lists
Show the extended expert ACLs
The expert ACL is not supported by routers.
Description
ip access-group
Use this command to apply a specific ACL to an interface. The no form of this command cancels the
application.
ip access-group {id | name} {in | out} [unreflect | reflect]
no ip access-group { id | name} {in | out}
Parameter
Description
Parameter
Description
id
ID of the IP ACL (1 to 199, 1300 to 2699)
name
Name of the IP ACL
in
Filter the incoming packets of the interface.
out
Filter the outgoing packets of the interface.
Disable the Reflexive-ACL. (Working principle of the reflexive ACL: a.
A router generates a temporary access list automatically based on
layer-3 and layer-4 information of original traffic of the intranet. The
temporary access list is created based on the following rules:
Protocol unchanged, source-IP and destination-IP are strictly
unreflect
exchanged with each other, and source-port and destination-port are
strictly exchanged with each other. b. Only when the layer-3 and
layer-4 information of the returned flow strictly matches with the
previous layer-3 and layer-4 information of the temporary access list
created based on outbound traffic, the router will permit the flow to
enter the intranet.)
Command Reference
reflect
ACL Commands
Enable the Reflexive-ACL.
Defaults
No ACL is applied on the interface.
Command
Interface configuration mode.
mode
Usage Guide
Use the ip access-group command to apply the specified ACL to the interface, when the firewall is
enabled.
Configuration
The following example applies the ACL 120 on the fastEthernet0/0 to filter the incoming packets:
Examples
Ruijie(config)# interface fastEthernet 0/0
Ruijie(config-if)# ip access-group 120 in
Related
Commands
Platform
Command
Description
access-list
Define the ACL.
show access-lists
Show all the ACLs.
N/A
Description
ip access-list
Use this command to create a standard IP ACL or extended IP ACL. Use the no form of the
command to remove the ACL.
ip access-list {extended | standard} {id | name}
no ip access-list {extended | standard} {id | name}
Parameter
Description
Parameter
id
name
Defaults
None
Command
Global configuration mode.
Description
ID of the ACL 1 to 99 and 1300 to 1999 for standard ACL) or 100 to
199 and 2000 to 2699 for extended ACL
Name of the ACL
mode
Usage Guide
There are differences between a standard ACL and an extended ACL. The extended ACL is more
precise. Refer to deny or permit in the two modes. Use show access-lists to display the ACL
configurations.
Command Reference
ACL Commands
Configuration
Create a standard ACL:
Examples
Ruijie(config)# ip access-list extended 123
Ruijie(config-ext-nacl)# show access-lists
ip access-list extended 123
Ruijie(config-ext-nacl)#
Create an extended ACL:
Ruijie(config)# ip access-list standard std-acl
Ruijie(config-std-nacl)# show access-lists
ip access-list standard std-acl
Ruijieconfig-std-nacl)#
Related
Commands
Platform
Command
Description
show access-lists
Show the ACLs.
N/A
Description
ip access-list resequence
Use this command to rearrange entries of an IP ACL and enter the configuration mode. Use the no
form of this command to restore the default setting.
ip access-list resequence {id | name} start-sn inc-sn
no ip access-list resequence {id | name}
Parameter
Description
Parameter
Description
id
It indicates the number of the ACL.
name
It indicates the name of the ACL.
start-sn
inc-sn
Defaults
It indicates the start value of the sequence number, from 1 to
2147483647.
It indicates the increment of the sequence number, from 1 to
2147483647.
start-sn: 10
inc-sn: 10
Command
Global configuration mode
mode
Usage Guide
Use the show access-lists command to view the configuration of this command.
Configuration
The following example rearranges the ACL entries:
Examples
Ruijie# show access-lists
Command Reference
ACL Commands
ip access-list standard 1
10 permit host 192.168.4.12
20 deny any any
Ruijie# config
Ruijie(config)# ip access-list resequence 1 21 43
Ruijie(config)# exit
Ruijie# show access-lists
ip access-list standard 1
21 permit host 192.168.4.12
64 deny any any
Related
Commands
Platform
Command
Description
show access-lists
It is used to view the ACL.
N/A
Description
list-remark text
Use this command to add remarks for the specified ACL. The no form deletes the remarks.
list-remark text
Parameter
Description
Parameter
Description
text
Remark information
Defaults
N/A
Command
ACL configuration mode
mode
Usage Guide
Add remarks for the specified ACL.
Note: The remarks include 100 characters at most and two same remarks are not allowed in one
ACL.
When an ACE is deleted, the remarks between this ACE and the preceding one are deleted.
Configuration
Ruijie# ip access-list extended 102
Examples
Ruijie(config-ext-nacl)#
list-remark
this
192.168.4.12
Ruijie(config-ext-nacl)# show access-lists
ip access-list extended 102
deny ip host 192.168.4.12 any
1000 hits
acl
is
to
filter
the
host
Command Reference
ACL Commands
this acl is to filter the host 192.168.4.12
Ruijie(config-ext-nacl)#
Related
Commands
Platform
Command
Description
show access-lists
Show the ACLs.
ip access-list
Define the IP ACL.
N/A
Description
mac access-group
Use this command to apply the specified MAC ACL on the specified interface. Use the no form of the
command to remove the application.
mac access-group {id | name}{in | out}
no mac access-group {id | name} {in | out}
Parameter
Description
Parameter
Description
id
ID of the MAC ACL (700 to 799)
name
Name of the MAC ACL
in
Filter the incoming packets of the interface
out
Filter the outgoing packets of the interface
Defaults
No ACL is applied on the interface.
Command
Interface configuration mode.
mode
Usage Guide
You can use the show running-config command to show the configuration result.
Configuration
The following example shows how to apply the access-list accept_00d0f8xxxxxx only to Gigabit
Examples
interface 1:
Ruijie(config)#interface GigaEthernet 1/1
Ruijie(config-if)#mac access-group
accept__00d0f8xxxxxx_only in
Related
Commands
Platform
Command
Description
show access-group
Show the ACL configuration.
The mac ACL is not supported by routers.
Command Reference
ACL Commands
Description
mac access-list
Use this command to create an extended MAC ACL. Use the no form of the command to remove the
ACL.
mac access-list extended {id | name}
no mac access-list extended {id | name}
Parameter
Description
Parameter
id
name
Defaults
N/A
Command
Global configuration mode.
Description
ID of the extended MAC ACL (700 to 799)
Name of the extended MAC ACL
mode
Usage Guide
Use the show access-lists command to display the ACL configurations.
Configuration
Create an extended MAC ACL:
Examples
Ruijie(config)# mac access-list extended mac-acl
Ruijie(config-mac-nacl)# show access-lists mac access-list extended mac-acl
Create an extended ACL:
Ruijie(config)# mac access-list extended 704
Ruijie(config-mac-nacl)# show access-lists mac access-list extended 704
Related
Commands
Platform
Command
Description
show access-lists
Show the ACLs
The mac ACL is not supported by routers.
Description
no sn
Use this command to delete an entry of the ACL.
no sn
Parameter
Description
Parameter
Description
Command Reference
sn
Defaults
N/A
Command
ACL configuration mode.
ACL Commands
Sequence number of the ACL entry
mode
Usage Guide
Use this command to delete an ACL entry in ACL configuration mode.
Configuration
Ruijie(config)# ipv6 access-list extended v6-acl
Examples
Ruijie(config-ipv6-nacl)# permit ipv6 host ::192.168.4.12 any
Ruijie(config-ipv6-nacl)#12 deny ipv6 host any any
Ruijie(config-ipv6-nacl)# show access-lists
ipv6 access-list extended v6-acl
10 permit ipv6 host ::192.168.4.12 any
12 deny ipv6 any any
Ruijie(config-ipv6-nacl)# no 12
Ruijie(config-ipv6-nacl)# show access-lists
ipv6 access-list extended v6-acl
10 permit ipv6 host ::192.168.4.12 any
Ruijie(config-ipv6-nacl)#
Related
Commands
Platform
Command
Description
show access-lists
Show all the ACLs.
ip access-list
Define the IP ACL.
ipv6 access-list
Define the extended IPV6 ACL.
deny
Define the deny rule.
permit
Define the permit rule.
N/A
Description
permit
One or multiple permit conditions are used to determine whether to forward or discard the packet. In
ACL configuration mode, you can modify the existent ACL or configure according to the protocol
details.
Standard IP ACL
[ sn ] permit {source source-wildcard | host source | any | interface idx } [ time-range
tm-range-name] [ log ]
Extended IP ACL
[ sn ] permit protocol source source-wildcard destination destination-wildcard [ precedence
precedence ] [ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ log ]
Command Reference
ACL Commands
Extended IP ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[ sn ] permit icmp {source source-wildcard | host source | any } { destination destination-wildcard |
host destination | any } [ icmp-type ] [ [ icmp-type [icmp-code ] ] | [ icmp-message ] ] [ precedence
precedence ] [ tos tos ] [ fragment ] [ time-range time-range-name ]
Transmission Control Protocol (TCP)
[ sn ] permit tcp { source source-wildcard | host source | any } [ operator port [ port ] ] { destination
destination-wildcard | host destination | any } [ operator
port [ port ] ] [ precedence precedence ]
[ tos tos ] [ fragment ] [ range lower upper ] [ time-range time-range-name ] [ match-all tcp-flag |
established ]
User Datagram Protocol (UDP)
[sn] permit udp {source source -wildcard|host source |any} [ operator port [port]] {destination
destination-wildcard |host destination | any} [operator port [port]] [precedence precedence] [tos
tos] [fragment] [range lower upper] [time-range time-range-name]
Extended MAC ACL
[sn]
permit
{any
|
host
source-mac-address}
{any
|
host
destination-mac-address}
[ethernet-type][ cos [out] [inner in]]
Extended expert ACL
[sn] permit [protocol | [ethernet-type][ cos [out] [inner in]]] [VID [out][inner in]] {source
source-wildcard | host source | any} {host source-mac-address | any } {destination
destination-wildcard
| host destination | any} {host destination-mac-address | any} [precedence
precedence] [tos tos][fragment] [range lower upper] [time-range time-range-name]
When you select the Ethernet-type field or cos field:
[sn] permit {ethernet-type| cos [out] [inner in]} [VID [out][inner in]] {source source-wildcard | host
source | any} {host source-mac-address | any } {destination
destination-wildcard | host destination
| any} {host destination-mac-address | any} [time-range time-range-name]
When you select the protocol field:
[sn] permit protocol [VID [out][inner in]] {source source-wildcard | host Source | any} {host
source-mac-address | any } {destination
destination-wildcard
| host destination | any} {host
destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper]
[time-range time-range-name]
Extended expert ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[sn] permit icmp [VID [out][inner in]] {source source-wildcard | host source | any} {host
source-mac-address | any } {destination destination-wildcard
| host destination | any} {host
destination-mac-address | any}[ icmp-type ] [[icmp-type [icmp-code ]] | [ icmp-message ]]
[precedence precedence] [tos tos] [fragment] [time-range time-range-name]
Transmission Control Protocol (TCP)
[sn] permit tcp [VID [out][inner in]]{source source-wildcard | host Source | any} {host
source-mac-address | any } [operator port [port]] {destination destination-wildcard | host destination |
any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name] [match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] permit udp [VID [out][inner in]]{source source –wildcard | host source | any} {host
Command Reference
ACL Commands
source-mac-address | any } [ operator port [port]] {destination destination-wildcard | host destination
| any} {host destination-mac-address | any} [operator port [port]] [precedence precedence] [tos tos]
[fragment] [range lower upper] [time-range time-range-name]
Address Resolution Protocol (ARP)
[sn] permit arp {vid vlan-id} [host source-mac-address | any] [host destination –mac-address | any]
{sender-ip sender-ip–wildcard | host sender-ip | any} {sender-mac sender-mac-wildcard | host
sender-mac | any} {target-ip target-ip–wildcard | host target-ip | any}
6)
Extended IPv6 ACL
[sn] permit protocol {source-ipv6-prefix / prefix-length | any | host source-ipv6-address}
{destination-ipv6-prefix / prefix-length | any| hostdestination-ipv6-address} [dscp dscp] [flow-label
flow-label] [fragment] [range lower upper] [time-range time-range-name]
Extended IPv6 ACLs of some important protocols:
Internet Control Message Protocol (ICMP)
[sn] permit icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address | host}
{destination-ipv6-prefix / prefix-length| host destination-ipv6-address | any} [icmp-type] [[icmp-type
[icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label][fragment] [time-range
time-range-name]
Transmission Control Protocol (TCP)
[sn] permit tcp {source-ipv6-prefix / prefix-length | host source-ipv6-address | any} [operator port
[port] ] {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [operator port
[port]]
[dscp
dscp]
[flow-label
flow-label]
[fragment]
[range
lower
upper]
[time-range
time-range-name] [match-all tcp-flag | established]
User Datagram Protocol (UDP)
[sn] permit udp {source-ipv6-prefix / prefix-length | host source-ipv6-address | any} [operator port
[port] ] {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [operator port
[port]]
[dscp
dscp]
[flow-label
flow-label]
[fragment]
[range
lower
upper]
[time-range
time-range-name]
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
None
Command
ACL configuration mode.
mode
Usage Guide
Use this command to configure the permit conditions for the ACL in ACL configuration mode.
Configuration
The following example shows how to create and display an Expert Extended ACL. This expert ACL
Examples
permits all the TCP packets with the source IP address 192.168.4.12 and the source MAC address
001300498272.
Ruijie(config)#expert access-list extended exp-acl
Ruijie(config-exp-nacl)#permit tcp
host
192.168.4.12 host 0013.0049.8272
Command Reference
ACL Commands
any any
Ruijie(config-exp-nacl)#deny any any any any
Ruijie(config-exp-nacl)#show access-lists
expert access-list extended exp-acl
10 permit tcp host 192.168.4.12 host 0013.0049.8272 any any
20 deny any any any any
Ruijie(config-exp-nacl)#
This example shows how to use the extended IP ACL. The purpose is to permit the host with the IP
address 192.168.4.12 to provide services through the TCP port 100 and apply the ACL to interface
gigabitethernet 1/1. The configuration procedure is as below:
Ruijie(config)# ip access-list extended 102
Ruijie(config-ext-nacl)# permit tcp host 192.168.4.12 eq 100 any
Ruijie(config-ext-nacl)# show access-lists
ip access-list extended 102
10 permit tcp host 192.168.4.12 eq 100 any
Ruijie(config-ext-nacl)#exit
Ruijie(config)#interface gigabitethernet 1/1
Ruijie(config-if)#ip access-group 102 in
Ruijie(config-if)#
This example shows how to use the extended MAC ACL. The purpose is to permit the host with the
MAC address 0013.0049.8272 to send Ethernet frames through the type 100 and apply the ACL to
interface gigabitethernet 1/1. The configuration procedure is as below:
Ruijie(config)#mac access-list extended 702
Ruijie(config-mac-nacl)#permit host 0013.0049.8272 any aarp
Ruijie(config-mac-nacl)#show access-lists
mac access-list extended 702
10 permit host 0013.0049.8272 any aarp 702
Ruijie(config-mac-nacl)#exit
Ruijie(config)#interface gigabitethernet 1/1
Ruijie(config-if)#mac access-group 702 in
This example shows how to use the standard IP ACL. The purpose is to permit the host with the IP
address 192.168.4.12 and apply the ACL to interface gigabitethernet 1/1. The configuration
procedure is as below:
Ruijie(config)#ip access-list standard std-acl
Ruijie(config-std-nacl)#permit host 192.168.4.12
Ruijie(config-std-nacl)#show access-lists
ip access-list standard std-acl
10 permit host 192.168.4.12
Ruijie(config-std-nacl)#exit
Ruijie(config)# interface gigabitethernet 1/1
Ruijie(config-if)# ip access-group std-acl in
This example shows how to use the extended IPV6 ACL. The purpose is to permit the host with the IP
address 192.168.4.12 and apply the ACL to interface gigabitethernet 1/1. The configuration
procedure is as below:
Command Reference
ACL Commands
Ruijie(config)#ipv6 access-list extended v6-acl
Ruijie(config-ipv6-nacl)#11 permit ipv6 host ::192.168.4.12 any
Ruijie(config-ipv6-nacl)# show access-lists
ipv6 access-list extended v6-acl
11 permit ipv6 host ::192.168.4.12 any
Ruijie(config-ipv6-nacl)# exit
Ruijie(config)#interface gigabitethernet 1/1
Ruijie(config-if)#ipv6 traffic-filter v6-acl in
Related
Commands
Platform
Command
Description
show access-lists
Show all the ACLs.
ipv6 traffic-filter
Apply the extended ipv6 ACL on the interface.
ip access-group
Apply the IP ACL on the interface.
mac access-group
Apply the extended MAC ACL on the interface.
ip access-list
Define the IP ACL.
mac access-list
Define the extended MAC ACL.
expert access-list
Define the extended expert ACL.
ipv6 access-list
Define the extended IPv6 ACL.
deny
Deny the access.
N/A
Description
security access-group
Use this command to configure the secure interface channel.
security access-group {id|name}
no security access-group
Parameter
Description
Parameter
Description
id
It indicates the ID of the ACL.
name
It indicates the name of the ACL.
Defaults
N/A
Command
Interface configuration mode
mode
Usage Guide
This command is used to configure the secure interface channel.
Configuration
Ruijie(config-if)#security access-group 1
Command Reference
ACL Commands
Examples
Related
Commands
Platform
Command
Description
show running
It shows the current configuration information.
This command is not supported by routers.
Description
security global access-group
Use this command to configure the global security channel.
security global access-group { id | name }
no security global access-group
Parameter
Description
Parameter
Description
id
ACL ID
name
ACL name
Defaults
N/A
Command
Global configuration mode
mode
Usage Guide
Use this command to configure the global security channel.
Configuration
Examples
Related
Commands
Platform
Ruijie# security global access-group 1
Command
Description
show running
Show configuration of current system.
This command is not supported by routers.
Description
security uplink enable
Use this command to configure the uplink port of the security channel on the interface.
security uplink enable
no security uplink enable
Command Reference
Parameter
Description
ACL Commands
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Interface configuration mode.
mode
Usage Guide
Use this command to configure the uplink port of the security channel on the interface.
Configuration
Examples
Related
Commands
Platform
Ruijie(config-if)#security uplink enable
Command
Description
show running
Show configuration of current system.
This command is not supported by routers.
Description
show access-group
Use this command to show the ACL configured on the interface.
show access-group [ interface interface ]
Parameter
Description
Parameter
Description
interface
Interface ID
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Show the ACL configured of the interface. If no interface is specified, the associated ACLs of all the
interfaces will be shown.
Configuration
Ruijie# show access-group
Examples
ip access-list standard ipstd3
Applied On interface GigabitEthernet 0/1.
ip access-list standard ipstd4
Applied On interface GigabitEthernet 0/2.
ip access-list extended 101
Command Reference
ACL Commands
Applied On interface GigabitEthernet 0/3.
ip access-list extended 102
Applied On interface GigabitEthernet 0/8.
Related
Commands
Platform
Command
Description
ip access-group
Apply the IP ACL to the interface.
mac access-group
Apply the mac ACL to the interface.
expert access-group
Apply the expert ACL to the interface.
ipv6 traffic-filter
Apply the IPv6 ACL to the interface.
N/A
Description
show access-lists
Use this command to show all ACLs or the specified ACL.
show access-lists [ id | name ]
Parameter
Description
Parameter
Description
id
ID of the IP ACL
name
Name of the IP ACL
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Use this command to show the specified ACL. If no ID or name is specified, all the ACLs will be shown.
Configuration
Ruijie# show access-lists n_acl
Examples
ip access-list standard n_acl
Ruijie# show access-lists 102
ip access-list extended 102
Ruijie# show access-lists
ip access-list standard n_acl
ip access-list extended 101
permit icmp host 192.168.1.1 any log (1080 matches)
permit tcp host 1.1.1.1 any established
deny ip any any (80021 matches)
mac access-list extended mac-acl
expert access-list extended exp-acl
ipv6 access-list extended v6-acl
Command Reference
ACL Commands
petmit ipv6 ::192.168.4.12 any (100 matches)
deny any any (9 matches)
Related
Commands
Platform
Command
Description
ip access-list
Define the IP ACL.
mac access-list
Define the extended MAC ACL.
expert access-list
Define the extended expert ACL.
ipv6 access-list
Define the extended IPv6 ACL.
N/A
Description
show expert access-group
Use this command to show the configured expert ACL of the interface.
show expert access-group [ interface interface ]
Parameter
Description
Parameter
Description
interface
Interface ID
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Show the expert ACL configured on the interface. If no interface is specified, the associated expert
ACLs of all the interfaces will be shown.
Configuration
Ruijie# show expert access-group interface gigabitethernet 0/2
Examples
expert access-group ee in
Applied On interface GigabitEthernet 0/2.
Related
Commands
Platform
Description
Command
Description
expert access-list
Define the extended expert ACL.
N/A
Command Reference
ACL Commands
show ip access-group
Use this command to show the configured expert ACL of the interface.
show ip access-group[ interface interface ]
Parameter
Description
Parameter
Description
interface
Interface ID
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Show the IP ACL configured of the interface. If no interface is specified, the associated IP ACLs of all
the interfaces will be shown.
Configuration
Ruijie# show ip access-group interface gigabitethernet 0/1
Examples
ip access-group aaa in
Applied On interface GigabitEthernet 0/1.
Related
Commands
Platform
Command
Description
ip access-list
Define the IP ACL.
N/A
Description
show mac access-group
Use this command to show the configured MAC ACL of the interface.
show mac access-group[ interface interface ]
Parameter
Description
Parameter
Description
interface
Interface ID
Defaults
N/A
Command
Privileged EXEC mode
mode
Usage Guide
Show the MAC ACL associated with the interface. If no interface is specified, the associated MAC
Command Reference
ACL Commands
ACLs of all associated interfaces will be shown.
Configuration
Ruijie# show mac access-group interface gigabitethernet 0/3
Examples
mac access-group mm in
Applied On interface GigabitEthernet 0/3.
Related
Commands
Platform
Description
Command
Description
mac access-list
Define the extended MAC ACL.
N/A
Command Reference
File System Commands
File System Commands
cd
Use this command to set the present directory for the file system.
cd [ filesystem: ] [ directory ]
Parameter
Parameter
Description
Description
filesystem:
Specified file system. This parameter must be carried with “:”.
directory
Specified directory
Defaults
The default directory is the flash root directory.
Command
Privileged EXEC mode.
Mode
Usage Guide
Change the above parameter to the directory you want to enter. Use the pwd command to view the
present directory.
Configuration
Example 1: The following example sets usb0 root directory as the present directory:
Examples
Ruijie# cd usb0:/Example 1: The following example sets sd root directory as the present directory:
Ruijie# cd sd0:/
Related
Command
Description
Commands
pwd
Show the present word directory.
Platform
N/A.
Description
copy
Use this command to copy a file from the specified source directory to the specified destination
directory.
copy source-url destination-url
Parameter
Parameter
Description
Description
source-url
Source file URL, which can be local or remote.
destination-url
Destination file URL, which can be local or remote.
Defaults
N/A.
Command Reference
Command
File System Commands
Privileged EXEC mode.
Mode
Usage Guide
This command is used to copy the files among various storage media in the local and to transmit the
files between the network servers:
The following table lists the URL prefix for the specified file system:
Prefix
Description
Flash storage media. This prefix can be used in all devices. The default is
flash:
flash if the prefix is not used for the URL. In general, the bootstrap main
program is stored in the flash.
tftp:
TFTP network server
xmodem:
Use the xmodem protocol to transmit the file to the network device.
slave:
Flash on the slave board from the chassis device.
usb0:
The first USB device.
usb1:
The second USB device.
sd0:
The first SD card.
sw1-m1-disk0:
Flash memory of the management board in the M1 slot of the chassis with
switch id 1, in VSU mode.
sw1-m2-disk0:
Flash memory of the management board in the M2 slot of the chassis with
switch id 1, in VSU mode.
sw2-m1-disk0:
Flash memory of the management board in the M1 slot of the chassis with
switch id 2, in VSU mode.
sw2-m2-disk0:
Flash memory of the management board in the M1 slot of the chassis with
switch id 2, in VSU mode.
This command does not support the wildcard.
Without the specified URL prefix configured, the current file system is used by default.
Configuration
Example 1: Download the file from the TFTP server:
Examples
Ruijie# copy tftp://192.168.201.54/rgos.bin flash:/
Example 2: Upload the file to the TFTP server:
Ruijie# copy flash:/rgos.bin tftp://192.168.201.54/rgos.bin
Example 3: Use the xmodem to download the file:
Ruijie# copy xmodem: flash:/config.text
Example 4: Copy the file to the U disk:
Ruijie#copy flash:/config.text usb0:/config.text
Example 5: Copy the file to the slave management board:
Ruijie#copy flash:/config.text slave:/config.text
Command Reference
File System Commands
Example 6: Copy the file from the flash to the SD card:
Ruijie#copy flash:/rgos.bin sd0:/rgos.bin
Example 7: Copy the file from the U disk to the SD card:
Ruijie#copy usb0:/config.text sd0:/config.text
Example 8: Copy the file from the SD card to the U disk:
Ruijie#copy sd0:/config.text usb0:/config.text
Related
Command
Description
Commands
delete
Delete the file.
rename
Rename the file.
dir
Show the file list of the specified directory.
Platform
N/A.
Description
mkdir
Use this command to create a directory.
mkdir directory
Parameter
Parameter
Description
Description
directory
Name of the directory to be created.
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Usage Guide
Simply enter the name of the directory you want to create (including the path).
If the created file has been existed, the creation will fail. If the upper-level for the
directory to be created is inexistent, it fails to create the specified directory. For example,
if the directory of flash:/backup is inexistent, the creation of the directory of
flash:/backup/temp will fail. The solution is that the directory of flash:/backup shall be
created before the creation of the directory of flash:/backup/temp.
Configuration
Example 1: Create the test directory at the root directory:
Examples
Ruijie# mkdir test
Example 2: Create the test2 directory at the root directory of the SD card:
Ruijie# mkdir sd0:/test2
Command Reference
File System Commands
Related
Command
Description
Commands
rmdir
Delete the directory.
pwd
Show the present directory.
Platform
N/A.
Description
pwd
Use this command to show the working path.
pwd
Parameter
Parameter
Description
Description
N/A.
N/A.
Defaults
N/A.
Usage Guide
This command shows the present working path
Configuration
The following example shows the present working path.
Examples
Ruijie# pwd
Flash:/
Related
Command
Description
Commands
cd
Change the file system in the present directory.
Platform
N/A.
Description
rmdir
Use this command to delete an empty directory.
rmdir directory
Parameter
Parameter
Description
Description
directory
Name of the directory to be deleted, which must be empty
Defaults
N/A.
Command
Privileged EXEC mode.
Mode
Usage Guide
This command does not support the wildcards, and the directory to be deleted must be empty.
Command Reference
File System Commands
Configuration
If there is tmp directory in the current directory and the directory does not contain any files:
Examples
Ruijie# rmdir tmp
Ruijie# ls
Related
Command
Description
Commands
mkdir
Create a directory
Platform
N/A
Description
Command Reference
CPU-LOG Commands
CPU-LOG Commands
cpu-log
Use this command to manually configure the low and high threshold of triggering the cpu utilization
log.
cpu-log log-limit low_num high_num
Parameter
Description
Parameter
Description
log-limit
The command descriptor prompting the limit range.
low_num
Sets the low threshold of triggering the cpu utilization log.
high_num
Sets the high threshold of triggering the cpu utilization log.
Defaults
By default, the high and low threshold of triggering the cpu utilization log are 100% and 90%.
Command
Global configuration mode.
Mode
Usage Guide
Use this command to manually configure the low and high threshold of triggering the cpu utilization
log. When the CPU utilization exceeds the high threshold, the system prompts the log message for
one time. When the CPU utilization is less than the low threshold, the system prompts the log
message and advertises that the current CPU utilization has been decreased. This message is sent
only when the CPU high and low threshold switches over.
Configuration
#Show how to set the low and high threshold of triggering the cpu utilization log to 70% and 80%
Examples
respectively.
Ruijie(config)# cpu-log log-limit 70 80
#The console prompts the following message when the CPU utilization is higher 80%:
Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: CPU utilization in one minute: 95%,
Using most cpu's task is ktimer : 94%
#The console prompts the following message when the CPU utilization is less than 70%:
Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: CPU
utilization in one minute :68%,Using most cpu's task
is ktimer : 60%
Oct 20 15:47:01 %SYSCHECK-5-CPU_USING_RATE: The CPU
using rate has down!
Related
Commands
Command
Description
N/A
N/A
Command Reference
Platform
CPU-LOG Commands
N/A
Description
show cpu
Use this command to show the CPU utilization information.
show cpu
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
Mode
Usage Guide
Use this command to show the system CPU utilization information in five seconds, one minute and
five minutes, and the CPU utilization of every task in five seconds, one minute and five minutes.
Configuration
Ruijie# show cpu
Examples
=======================================
CPU Using Rate Information
CPU utilization in five seconds: 25%
CPU utilization in one minute : 20%
CPU utilization in five minutes: 10%
NO
5Sec
1Min
5Min
0
Process
0%
0%
0%
LISR INT
1
7%
2%
1%
HISR INT
2
0%
0%
0%
ktimer
3
0%
0%
0%
atimer
4
0%
0%
0%
printk_task
5
0%
0%
0%
waitqueue_process
6
0%
0%
0%
tasklet_task
7
0%
0%
0%
kevents
8
0%
0%
0%
snmpd
9
0%
0%
0%
snmp_trapd
10
0%
0%
0%
mtdblock
11
0%
0%
0%
gc_task
12
0%
0%
0%
Context
13
0%
0%
0%
kswapd
14
0%
0%
0%
bdflush
15
0%
0%
0%
kupdate
Command Reference
CPU-LOG Commands
16
0%
3%
1%
ll_mt
17
0%
0%
0%
ll main process
18
0%
0%
0%
bridge_relay
19
0%
0%
0%
d1x_task
20
0%
0%
0%
secu_policy_task
21
0%
0%
0%
dhcpa_task
22
0%
0%
0%
dhcpsnp_task
23
0%
0%
0%
igmp_snp
24
0%
0%
0%
mstp_event
25
0%
0%
0%
GVRP_EVENT
26
0%
0%
0%
rldp_task
27
0%
2%
1%
rerp_task
28
0%
0%
0%
reup_event_handler
29
0%
0%
0%
tpp_task
30
0%
0%
0%
ip6timer
31
0%
0%
0%
rtadvd
32
0%
0%
0%
tnet6
33
2%
0%
0%
tnet
34
0%
0%
0%
Tarptime
35
0%
0%
0%
gra_arp
36
0%
0%
0%
Ttcptimer
37
8%
1%
0%
ef_res
38
0%
0%
0%
ef_rcv_msg
39
0%
0%
0%
ef_inconsistent_daemon
40
0%
0%
0%
ip6_tunnel_rcv_pkt
41
0%
0%
0%
res6t
42
0%
0%
0%
tunrt6
43
0%
0%
0%
ef6_rcv_msg
44
0%
0%
0%
ef6_inconsistent_daemon
45
0%
0%
0%
imid
46
0%
0%
0%
nsmd
47
0%
0%
0%
ripd
48
0%
0%
0%
ripngd
49
0%
0%
0%
ospfd
50
0%
0%
0%
ospf6d
51
0%
0%
0%
bgpd
52
0%
0%
0%
pimd
53
0%
0%
0%
pim6d
54
0%
0%
0%
pdmd
55
0%
0%
0%
dvmrpd
56
0%
0%
0%
vty_connect
57
0%
0%
0%
aaa_task
58
0%
0%
0%
Tlogtrap
59
0%
0%
0%
dhcp6c
Command Reference
CPU-LOG Commands
60
0%
0%
0%
sntp_recv_task
61
0%
0%
0%
ntp_task
62
0%
0%
0%
sla_deamon
63
0%
3%
1%
track_daemon
64
0%
0%
0%
pbr_guard
65
0%
0%
0%
vrrpd
66
0%
0%
0%
psnpd
67
0%
0%
0%
igsnpd
68
0%
0%
0%
coa_recv
69
0%
0%
0%
co_oper
70
0%
0%
0%
co_mac
71
0%
0%
0%
radius_task
72
0%
0%
0%
tac+_acct_task
73
0%
0%
0%
tac+_task
74
0%
0%
0%
dhcpd_task
75
0%
0%
0%
dhcps_task
76
0%
0%
0%
dhcpping_task
77
0%
0%
0%
dhcpc_task
78
0%
0%
0%
uart_debug_file_task
79
0%
0%
0%
ssp_init_task
80
0%
0%
0%
rl_listen
81
0%
0%
0%
ikl_msg_operate_thread
82
0%
0%
0%
bcmDPC
83
0%
0%
0%
bcmL2X.0
84
3%
3%
3%
bcmL2X.0
85
0%
0%
0%
bcmCNTR.0
86
0%
0%
0%
bcmTX
87
0%
0%
0%
bcmXGS3AsyncTX
88
0%
2%
1%
bcmLINK.0
89
0%
0%
0%
bcmRX
90
0%
0%
0%
mngpkt_rcv_thread
91
0%
0%
0%
mngpkt_recycle_thread
92
0%
0%
0%
stack_task
93
0%
0%
0%
stack_disc_task
94
0%
0%
0%
redun_sync_task
95
0%
0%
0%
conf_dispatch_task
96
0%
0%
0%
devprob_task
97
0%
0%
0%
rdp_snd_thread
98
0%
0%
0%
rdp_rcv_thread
99
0%
0%
0%
rdp_slot_change_thread
100
4%
2%
1%
datapkt_rcv_thread
101
0%
0%
0%
keepalive_link_notify
102
0%
0%
0%
rerp_msg_recv_thread
103
0%
0%
0%
ip_scan_guard_task
Command Reference
CPU-LOG Commands
104
0%
0%
0%
ssp_ipmc_hit_task
105
0%
0%
0%
ssp_ipmc_trap_task
106
0%
0%
0%
hw_err_snd_task
107
0%
0%
0%
rerp_packet_send_task
108
0%
0%
0%
idle_vlan_proc_thread
109
0%
0%
0%
cmic_pause_detect
110
1%
1%
1%
stat_get_and_send
111
0%
1%
0%
rl_con
112
75%
80%
90%
idle
In the list above, the first three lines indicate the system CPU utilization in five seconds, one minute
and five minutes, including LISR, HISR and tasks. Then, it describes the detailed CPU utilization
distribution:
No: Serial number
5Sec: CPU utilization of the tasks in five seconds.
1Min: CPU utilization of the tasks in one minute.
5Min: CPU utilization of the tasks in five minutes.
The first two lines in the list above indicate the CPU utilization of all LISRs and HISRs. From the third
line, it begins to indicate the CPU utilization of the tasks. The last line indicates the CPU utilization of
the idle task, which is the same as the “System Idle Process” in the Windows. In the example above,
CPU utilization of idle task within five seconds is 75%, indicating that 75% CPU is idle.
Related
Commands
Platform
Description
Command
Description
N/A
N/A
N/A
Command Reference
Memory Commands
Memory Commands
show memory
Use this command to show the current memory usage information.
show memory
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged EXEC mode.
mode
Usage Guide
Use this command to view the current system memory state and usage information, including the
system physical memory amount, the number of free pages in the current system, the free memory
statistics.
Configuration
This example shows the running result of the command show memory.
Examples
Ruijie#show memory
System Memory Statistic:
Free pages: 1079
watermarks : min 379, lower 758, low 1137, high 1516
System Total Memory : 128MB, Current Free Memory : 5283KB
Used Rate : 96%
The above information includes the following parts:

Free pages: the memory size of one free page is about 4k;

Watermarks(see the following table)
Watermarks
Description
The memory resources are extremely insufficient. It can only
min
keep the kernel running. All application modules fails to run if
the minimum watermark has been reached.
The memory resources are severely insufficient. One routing
lower
protocol will auto-exit and release the memory if the lower
watermark has been reached. For the details, see the
memory-lack exit-policy command.
Command Reference
Memory Commands
The memory resources are insufficient. The routing protocol
will be in OVERFLOW state if the low watermark has been
reached. In the overflow state, the routers do not learn new
low
routes any more. The commands are not allowed to be
executed when the memory lacks.
high

Related
Commands
Platform
Description
The memory resources are sufficient. Each routing protocol
attempts to restore the state from OVERFLOW to normal.
The overall system memory, the current available memory and memory used rate.
Command
Description
N/A
N/A
N/A
Command Reference
Syslog Commands
Syslog Commands
clear logging
Use this command to clear the logs from the buffer in privileged user mode.
clear logging
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
N/A
N/A
N/A
Privileged user mode
This command clears the log packets from the memory buffer. You cannot clear the statistics of the
log packets.
Configuration
The following example clears the log packets from the memory buffer.
Examples
Ruijie# clear logging
Related
Commands
Platform
Command
Description
logging on
Turns on the log switch.
show logging
Shows the logs in the buffer.
logging buffered
Records the logs in the memory buffer.
N/A
Description
more flash
Use this command to show the contents of the logs stored in the extended FLASH in privileged user
mode.
more flash: filename
Parameter
Description
Parameter
Description
filename
Log file name.
Command Reference
Defaults
Command
Mode
Usage Guide
Syslog Commands
N/A
Privileged user mode
In the extended FLASH, the log file indicates the files with the prefix “//f2/”, “//f3/’. This command only
allows you to view the log files. You cannot use this command to view other non-log files.
Configuration
The following example shows the results of the log files in the extended FLASH:
Examples
Ruijie# more flash://f2/log.txt
look up file in the extended flash://f2/log.txt
00004 2004-11-17 4:1:32 Ruijie: %5:Reload requested by Administrator. Reload
Reason :Reload command
Related
Commands
Platform
Command
Description
logging file flash
Records the logs to the extended FLASH.
N/A
Description
logging buffered
Use this command to set the memory buffer parameters (log severity, buffer size) for logs at global
configuration layer. Use the no form of the command to disable recording logs in the memory buffer.
Use the default form of this command to restore the memory buffer size to the default value.
logging buffered [buffer-size | level]
no logging buffered
default logging buffered
Parameter
Description
Parameter
Description
Size of the buffer is related to the specific device type:
bufferN/Asize
1. For the kernel / aggregation switches, 4 K to 10 M bytes.
2. For the access switches, 4 K to 1 M.
3. For other devices, 4 K to 128 K Bytes.
level
Defaults
Severity of logs, from 0 to 7. The name of the severity or the numeral
can be used.
The buffer size is related to the specific device type.
1. kernel switches: 1 M Bytes;
2. aggregation switches: 256 K Bytes;
Command Reference
Syslog Commands
3. access switches: 128 K Bytes;
4. other devices: 4 K Bytes
The log severity is 7.
Command
Mode
Global configuration mode
Usage Guide
The memory buffer for log is used in recycled manner. That is, when the memory buffer with the
specified size is full, the oldest information will be overwritten. To show the log information in the
memory buffer, run the show logging command in privileged user mode.
The logs in the memory buffer are temporary, and will be cleared in case of device restart or the
execution of the clear logging command in privileged user mode. To trace a problem, it is required to
record logs in flash or send them to Syslog Server.
The log information is classified into the following 8 levels (Table 1):
Table-1
Keyword
Level
Description
Emergencies
0
Emergency case, system cannot run normally
Alerts
1
Problems that need immediate remedy
Critical
2
Critical conditions
Errors
3
Error message
warnings
4
Alarm information
Notifications
5
Information that is normal but needs attention
informational
6
Descriptive information
Debugging
7
Debugging messages
Lower value indicates higher level. That is, level 0 indicates the information of the highest level.
When the level of log information to be displayed on devices is specified, the log information at or
below the set level will be allowed to be displayed.
After running the system for a long time, modifying the log buffer size especially in
condition of large buffer may fails due to the insufficent availble continuous memory.
The failure message will be shown. It is recommended to modify the log buffer size as
soon as the system starts.
Configuration
The following example allows logs at and below severity 6 to be recorded in the memory buffer sized
Examples
10,000 bytes.
Ruijie(config)# logging buffered 10000 6
Related
Commands
Command
Description
Command Reference
Platform
Syslog Commands
logging on
Turns on the log switch.
show logging
Shows the logs in the buffer.
clear logging
Clears the logs in the log buffer.
N/A
Description
logging console
Use this command to set the severity of logs that are allowed to be displayed on the console in global
configuration mode. Use the no form of this command to prohibit printing log messages on the
console.
logging console [ level ]
no logging console
Parameter
Description
Parameter
level
Defaults
Command
Mode
Usage Guide
Description
Severity of log messages, 0 to 7. The name of the severity or the
numeral can be used. For the details of log severity, see table 1.
Debugging (7).
Global configuration mode
When a log severity is set, the log messages at or below that severity will be displayed on the
console.
The show logging command displays the related setting parameters and statistics of the log.
Configuration
The following example sets the severity of log that is allowed to be displayed on the console as 6:
Examples
Ruijie(config)# logging console informational
Related
Commands
Command
Description
logging on
Turns on the log switch.
show logging
Platform
Description
N/A
Shows the logs and related log configuration
parameters in the buffer.
Command Reference
Syslog Commands
logging count
Use this command to enable the log statistics function in global configuration mode. Use the no form
of the command to delete the log statistics and disable the statistics function.
logging count
no logging count
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
The log statistics function is disabled by default.
Command
Global configuration mode
Mode
Usage Guide
This command enables the log statistics function. The statistics begins when the function is enabled.
If you run the no logging count command, the statistics function is disabled and the statistics data is
deleted.
Configuration
The following example enables the log statistics function:
Examples
Ruijie(config)# logging count
Related
Commands
Command
Description
Views log information about modules of the
show logging count
system.
Views basic configuration of log modules and
show logging
Platform
log information in the buffer.
N/A
Description
logging facility
Use this command to configure the device value of the log information in global configuration mode.
Use the no form of the command to restore it to the default device value (23).
logging facility facility-type
no logging facility
Parameter
Description
Parameter
Description
facility-type
Syslog device value. For specific settings, refer to the usage guide.
Command Reference
Defaults
Command
Mode
Usage Guide
Syslog Commands
Local7(23)
Global configuration mode
The following table (Table-2) is the possible device values of Syslog:
Numerical Code
Facility
0 (kern)
Kernel messages
1 (user)
User-level messages
2 (mail)
Mail system
3 (daemon)
System daemons
4 (auth1)
security/authorization messages
5 (syslog)
Messages generated internally by syslogd
6 (lpr)
Line printer subsystem
7 (news)
USENET news
8 (uucp)
Unix-to-Unix copy system
9 (clock1)
Clock daemon
10 (auth2)
security/authorization messages
11 (ftp)
FTP daemon
12 (ntp)
NTP subsystem
13 (logaudit)
log audit
14 (logalert)
log alert
15 (clock2)
clock daemon
16 (local0)
Local use
17 (local1)
Local use
18 (local2)
Local use
19 (local3)
Local use
20 (local4)
Local use
21 (local5)
Local use
22 (local6)
Local use
23 (local7)
Local use
The default device value of RGOS is 23 (local 7).
Configuration
The following example sets the device value of Syslog as kernel:
Examples
Ruijie(config)# logging facility kern
Related
Command
Description
Command Reference
Syslog Commands
Commands
Sets the severity of logs that are allowed to be
logging console
Platform
displayed on the console.
N/A
Description
logging file flash
Use this command to record logs in the extended flash in global configuration mode. Use the no form
of the command to disable the function.
logging file flash: filename [ max-file-size ] [ level ] xx
no logging file
Parameter
Description
Parameter
Description
filename
Name of the log file of txt type
Maximal size of the log file in the range from 128 K to 6 M bytes, the
max-file-size
default value is 128K bytes.
The severity of logs recorded in the log files. The name of the severity
or the numeral can be used. By default, the severity of logs recorded
level
in the FLASH is 6. For the details of log severity, see Table-1.
Defaults
Command
Mode
Usage Guide
Logs cannot be recorded in the extended FLASH.
Global configuration mode
If no Syslog Server is specified or it is not desired to transfer logs on the network due to the
consideration of security purpose, it is possible to save the logs directly in extended flash.
The extension of the log file is fixed as txt. Any configuration of extension for the filename will be
refused.
You must purchase an additional extended FLASH to record logs on it. If there is no
extended FLASH, the logging file flash command will automatically be hidden, not
allowing you to configure it.
Configuration
The following example records the logs in the extended flash, with the name trace.txt, file size 128 K
Examples
and log severity 6.
Ruijie(config)# logging file flash:trace
Command Reference
Related
Commands
Syslog Commands
Command
Description
logging on
Turns on the log switch.
Shows the log messages and related log
show logging
configuration parameters in the buffer.
Views the logs in the extended flash.
more flash
Platform
N/A
Description
logging monitor
Use this command to set the severity of logs that are allowed to be displayed on the VTY window
(telnet window, SSH window, etc.) in global configuration mode. Use the no form of this command to
prohibit printing log messages on the VTY window.
logging monitor [ level ]
no logging monitor
Parameter
Description
Parameter
level
Defaults
Command
Mode
Usage Guide
Description
Severity of the log message. The name of the severity or the numeral
can be used. For the details of log severity, see Table-1.
Debugging (7).
Global configuration mode
To print log information on the VTY window, run the
terminal monitor command in privileged user
mode. The level of logs to be displayed is defined by logging monitor.
The log level defined with "Logging monitor" is for all VTY windows.
Configuration
The following example sets the severity of log that is allowed to be printed on the VTY window as 6:
Examples
Ruijie(config)# logging monitor informational
Related
Commands
Platform
Description
Command
Description
logging on
Turns on the log switch.
N/A
Command Reference
Syslog Commands
logging on
Use this command globally to allow logs to be displayed on different devices. Use the no form of this
command to disable the fucntion.
logging on
no logging on
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
N/A
N/A
Logs are allowed to be displayed on different devices.
Global configuration mode
Log information can not only be shown in the Console window and VTY window, but also be recorded
in different equipments such as the memory buffer, the extended FLASH and Syslog Server. This
command is the total log switch. If this switch is turned off, no log will be displayed or recorded unless
the severity level is greater than 1.
Configuration
The following example disables the log switch on the device.
Examples
Ruijie(config)# no logging on
Related
Commands
Command
Description
logging buffered
Records the logs to a memory buffer.
logging
Sends logs to the Syslog server.
logging file flash:
Records logs on the extended FLASH.
logging console
logging monitor
logging trap
Platform
Allows the log level to be displayed on the
console.
Allows the log level to be displayed on the VTY
window (such as telnet window) .
Sets the log level to be sent to the Syslog
server.
N/A
Description
logging rate-limit
Use this command to enable log rate limit function to limit the output logs in a second in the global
Command Reference
Syslog Commands
configuration mode. The no form of this command disables log rate limit function.
logging rate-limit { number | all number | console {number | all number } } [ except severity ]
no logging rate-limit
Parameter
Description
Parameter
number
all
console
except
severity
Defaults
Command
Mode
Description
The number of logs that can be processed in a second in the range
from 1 to 10000.
Sets rate limit to all the logs with severity level 0 to 7.
Sets the amount of logs that can be shown in the console in a
second.
By default, the severity level is error (3). The rate of the log whose
severity level is less than or equal to error (3) is not controlled.
Log severity level in the range from 0 to 7. The lower the level is, the
higher the severity is.
The log rate limit function is disabled by default.
Global configuration mode
Usage Guide
Use this command to control the syslog outpt to prevent the massive log output.
Configuration
The following example sets the number of the logs (including debug) that can be processed in a
Examples
second as 10. However, the logs with warning or higher severity level are not controlled:
Ruijie(config)#logging rate-limit all 10 except warnings
Related
Commands
Command
show logging count
show logging
Platform
Description
Views log information about modules of the
system.
Views basic configuration of log modules and
log information in the buffer.
N/A
Description
logging server
Use this command to record the logs in the specified Syslog Sever in global configuration mode. Use
the no form of the command to disable the function.
logging server { ip-address [ vrf vrf-name ] | ipv6 ipv6-address }
Command Reference
Syslog Commands
no logging server { ip-address [ vrf vrf-name] | ipv6 ipv6-address }
Parameter
Description
Parameter
Description
ip-address
IP address of the host that receives log information.
vrf-name
ipv6-address
Defaults
Command
Mode
Usage Guide
Specifies the VRF instance (VPN device forwarding table) connecting
to the log host.
Specifies IPV6 address for the host receiving the logs.
No log is sent to any syslog server by default.
Global configuration mode
This command specifies a Syslog server to receive the logs of the device. Users are allowed to
configure up to 5 Syslog Servers. The log information will be sent to all the configured Syslog Servers
at the same time.
Configuration
The following example specifies a syslog server of the address 202.101.11.1:
Examples
Ruijie(config)# logging server 202.101.11.1
The following example specifies an ipv6 address as AAAA:BBBB:FFFF:
Ruijie(config)# logging server ipv6 AAAA:BBBB:FFFF
Related
Commands
Command
Description
logging on
Turns on the log switch.
Views
show logging
messages
and
related
log
configuration parameters in the buffer.
Sets the level of logs allowed to be sent to
logging trap
Platform
log
Syslog server.
N/A
Description
logging source ip| ipv6
Use this command to configure the source IP address of logs in global configuration mode. Use the
no form of this command to remove the settings.
logging source { ip ip-address | ipv6 ipv6-address }
no logging source { ip | ipv6 }
Parameter
Description
Parameter
Description
Command Reference
ip-address
ipv6-address
Defaults
Command
Mode
Usage Guide
Syslog Commands
Specifies the source IPV4 address sending the logs to IPV4 log
server.
Specifies the source IPV6 address sending the logs to IPV6 log
server.
N/A
Global configuration mode
By default, the source address of the log messages sent to the syslog server is the address of the
sending interface. For easy tracing and management, this command can be used to fix the source
address of all log messages as an address, so that the administrator can identify which device is
sending the message through the unique addresses. If this IP address is not configured on the
device, the source address of the log messages is the address of the sending interface.
Configuration
The following example specifies 192.168.1.1 as the source address of the syslog messages:
Examples
Ruijie(config)# logging source ip 192.168.1.1
Related
Commands
Platform
Command
Description
logging
Sends the logs to the Syslog server.
N/A
Description
logging source interface
Use this command to configure the source interface of logs in global configuration mode. Use the no
form of this command to remove the settings.
logging source interface interface-type interface-number
no logging source interface
Parameter
Description
Defaults
Command
Mode
Parameter
Description
interface-type
Interface type.
interface-number
Interface number.
N/A
Global configuration mode
Command Reference
Usage Guide
Syslog Commands
By default, the source address of the log messages sent to the syslog server is the address of the
sending interface. For easy tracing and management, this command can be used to fix the source
address of all log messages as an interface address, so that the administrator can identify which
device is sending the message through the unique addresses. If the source interface is not configured
on the device, or no IP address is configured for the source interface, the source address of the log
messages is the address of the sending interface.
Configuration
The following example specifies loopback 0 as the source address of the syslog messages:
Examples
Ruijie(config)# logging source interface loopback 0
Related
Commands
Platform
Command
Description
logging
Sends logs to the Syslog server.
N/A
Description
logging synchronous
Use this command to enable synchronization function between user input and log output in line
configuration mode to prevent interruption when the user is keying in characters. Use the no form of
this command to disable this function.
logging synchronous
no logging synchronous
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
N/A
N/A
The synchronization function between user input and log output is disabled by default.
Line configuration mode
This command enables synchronization function between user input and log output, preventing the
user from interrupting when keying in the characters.
Configuration
Ruijie(config)#line console 0
Examples
Ruijie(config-line)#logging synchronous
Print UP-DOWN logs on the port when keying in the command, the input command will be output
again:
Ruijie# configure terminal
Oct 9 23:40:55 %LINK-5-CHANGED: Interface GigabitEthernet 0/1, changed state
Command Reference
Syslog Commands
to down
Oct
9
23:40:55
%LINEPROTO-5-UPDOWN:
Line
protocol
on
Interface
GigabitEthernet 0/1, changed state to DOWN
Ruijie# configure terminal//----the input command by the user is output
again rather than being intererupted.
Related
Commands
Platform
Command
Description
show running-config
Views the configuration.
N/A
Description
logging trap
Use this command to set the severity of logs that are allowed to be sent to the syslog server in global
configuration mode. Use the no form of this command to prohibit sending log messages to the Syslog
server.
logging trap [ level ]
no logging trap
Parameter
Description
Parameter
level
Defaults
Command
Mode
Usage Guide
Description
Severity of the log message. The name of the severity or the numeral
can be used. For the details of log severity, see Table 1.
Informational(6)
Global configuration mode
To send logs to the Syslog Server, run the logging command in global configuration mode to
configure the Syslog Server. Then, run the logging trap command to specify the severity level of
logs to be sent.
The show logging command displays the configured related parameters and statistics of the log.
Configuration
The following example enables logs at severity 6 to be sent to the Syslog Server with the address of
Examples
202.101.11.22:
Ruijie(config)# logging 202.101.11.22
Ruijie(config)# logging trap informational
Related
Commands
Command
Description
Command Reference
Syslog Commands
logging on
Turns on the log switch.
logging
Sends logs to the Syslog server.
Shows the log messages and related log
show logging
Platform
configuration parameters in the buffer.
N/A
Description
service sequence-numbers
Use this command to attach serial numbers into the logs in global configuration mode. Use the no
form of the command to remove the serial numbers in the logs.
service sequence-numbers
no service sequence-numbers
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
N/A
N/A
No serial number is carried in the logs by default.
Global configuration mode
In addition to the timestamp, you can add serial numbers to the logs, numbering from 1. Then, it is
clearly known whether the logs are lost or not and their sequence.
Configuration
The following example adds serial numbers to the logs.
Examples
Ruijie(config)# service sequence-numbers
Related
Commands
Platform
Command
Description
logging on
Turns on the log switch.
service timestamps
Attaches timestamps to the logs.
N/A
Description
service sysname
Use this command to attach system name to logs in global configuration mode. Use the no form of
the command to remove the system name from the logs.
Command Reference
Syslog Commands
service sysname
no service sysname
Parameter
Description
Defaults
Command
Mode
Parameter
Description
N/A
N/A
No system name is attached to logs by default.
Global configuration mode
Usage Guide
This command allows you to decide whether to add system name in the log information.
Configuration
The following example adds a system name in the log information:
Examples
Mar 22 15:28:02 %SYS-5-CONFIG: Configured from console by console
Ruijie #config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie (config)#service sysname
Ruijie (config)#end
Ruijie #
Mar 22 15:35:57 S3250 %SYS-5-CONFIG: Configured from console by console
Related
Commands
Command
Description
Shows basic configuration of log modules and
show logging
Platform
log information in the buffer.
N/A
Description
service timestamps
Use this command to attach timestamp into logs in global configuration mode. Use the no form of this
command to remove the timestamp from the logs. Use the default form of this command to restore
the timestamps of logs to the default values.
service timestamps [ message-type [ uptime | datetime [ msec | year ] ] ]
no service timestamps [ message-type ]
default service timestamps [ message-type ]
Parameter
Description
Parameter
Description
message-type
The log type, including Log and Debug. The log type indicates the
Command Reference
Syslog Commands
log information with severity levels of 0 to 6. The debug type
indicates that with severity level 7.
uptime
datetime
Device start time in the format of *Day*Hour*Minute*Second, for
example, 07:00:10:41.
Current
of
the
device
in
the
format
of
Month*Date*Hour*Minute*Second, for example, Jul 27 16:53:07.
Current
msec
time
time
of
the
device
in
the
format
of
Month*Date*Hour*Minute*Second*milisecond, for example, Jul 27
16:53:07.299
Current
year
time
of
the
device
in
the
format
of
Year*Month*Date*Hour*Minute*Second, for example, 2007 Jul 27
16:53:07
Defaults
The time stamp in the log information is the current time of the device. If the device has no RTC, the
time stamp is automatically set to the device start time.
Command
Mode
Usage Guide
Global configuration mode
When the uptime option is used, the time format is the running period from the last start of the device
to the present time, in seconds. When the datetime option is used, the time format is the date of the
current device, in the format of YY-MM-DD, HH:MM:SS.
Configuration
The following example enables the timestamp for log and debug information, in format of Datetime,
Examples
supporting milisecond display.
Ruijie(config)# service timestamps debug datetime msec
Ruijie(config)# service timestamps log datetime msec
Ruijie(config)# end
Ruijie(config)# Oct 8 23:04:58.301 %SYS-5-CONFIG I: configured from console
by console
Related
Commands
Platform
Command
Description
logging on
Turns on the log switch.
service sequence-numbers
Enables serial numbers of logs.
N/A
Description
terminal monitor
Use this command to show logs on the current VTY window. Use the no form of this command to
disable the function.
Command Reference
Syslog Commands
terminal monitor
terminal no monitor
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
N/A
N/A
Log information is not allowed to be displayed on the VTY window by default.
Privileged user mode
This command only sets the temporary attributes of the current VTY. As the temporary attribute, it is
not stored permanently. At the end of the VTY terminal session, the system will use the default
setting, and the temporary setting is invalid. This command can be also executed on the console, but
it does not take effect.
Configuration
The following example allows log information to be printed on the current VTY window:
Examples
Ruijie# terminal monitor
Related
Commands
Platform
Command
Description
N/A
N/A
N/A
Description
show logging
Use this command to show configured parameters and statistics of logs and log messages in the
memory buffer at privileged user layer.
show logging
Parameter
Description
Parameter
Description
N/A
N/A
Defaults
N/A
Command
Privileged user mode
Mode
Usage Guide
N/A
Command Reference
Syslog Commands
Configuration
The following command shows the result of the show logging command:
Examples
Ruijie# show logging
Syslog logging: enabled
Console logging: level debugging, 15495 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 15496 messages logged
Standard format: false
Timestamp debug messages: datetime
Timestamp log messages: datetime
Sequence-number log messages: enable
Sysname log messages: enable
Count log messages: enable
Trap logging: level informational, 15242 message lines logged,0 fail
logging to 202.101.11.22
logging to 192.168.200.112
Log Buffer (Total 131072 Bytes): have written 1336,
015487: *Sep 19 02:46:13: Ruijie %LINK-3-UPDOWN: Interface FastEthernet 0/24,
changed state to up.
015488: *Sep 19 02:46:13: Ruijie %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet 0/24, changed state to up.
015489: *Sep 19 02:46:26: Ruijie %LINK-3-UPDOWN: Interface FastEthernet 0/24,
changed state to down.
015490: *Sep 19 02:46:26: Ruijie %LINEPROTON/A5N/AUPDOWN: Line protocol on
Interface FastEthernet 0/24, changed state to down.
015491: *Sep 19 02:46:28: Ruijie %LINKN/A3N/AUPDOWN: Interface FastEthernet
0/24, changed state to up.
015492: *Sep 19 02:46:28: Ruijie %LINEPROTO-5-UPDOWN: Line protocol on
Interface FastEthernet 0/24, changed state to up.
Log information description:
Field
Description
Syslog logging
Logging flag: enabled or disabled
Console logging
Level of the logs printed on the console, and statistics
Monitor logging
Buffer logging
Level of the logs printed on the VTY window, and
statistics
Level of the logs recorded in the memory buffer, and
statistics.
Standard format
Standard log format.
Timestamp debug messages
Timestamp format of the Debug messages
Timestamp log messages
Timestamp format of the Log messages
Sequence-number log messages
Serial number switch
Command Reference
Syslog Commands
Sequence log messages
Attaches system names to the logs.
Count log messages
Log statistics function
Level of the logs sent to the syslog server, and
Trap logging
statistics
Log Buffer
Related
Commands
Platform
Log files recorded in the memory buffer
Command
Description
logging on
Turns on the log switch.
clear logging
Clears the log messages in the buffer.
N/A
Description
show logging count
Use this command to show the statistics about occurrence times, and the last occurrence time of
each module log in the system in privileged mode.
show logging count
Parameter
Description
Defaults
Command
Mode
Usage Guide
Parameter
Description
N/A
N/A
N/A
Privileged mode
To use the log packet statistics function, run the logging count command in global configuration
mode. The show logging count command can show the information of a specific log, occurrence
times, and the last occurrence time.
You can use the show logging command to check whether the log statistics function is enabled.
Configuration
Examples
The following is the execution result of the show logging count command:
Ruijie# show logging count
Module Name
SYS
SYS TOTAL
Related
Command
Message Name Sev Occur
CONFIG_I
5
1
Last Time
Jul 6 10:29:57
1
Description
Command Reference
Syslog Commands
Commands
logging count
show logging
clear logging
Platform
Description
N/A
Enables the log statistics function.
Shows basic configuration of log modules and
log information in the buffer.
Clears the logs in the buffer.
Download PDF
Similar pages