HPE 5920 & 5900 Switch Series
Layer 2—LAN Switching Command Reference
Part number: 5998-6639s
Software version: Release 2422P01
Document version: 6W101-20171030
© Copyright 2016, 2017 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
Contents
Ethernet interface commands ·····························································1 Common Ethernet interface commands ·························································································· 1 bandwidth ·························································································································· 1 broadcast-suppression ········································································································· 1 default······························································································································· 3 description ························································································································· 3 display counters ·················································································································· 4 display counters rate ············································································································ 5 display ethernet statistics ······································································································ 6 display interface ·················································································································· 8 display packet-drop············································································································ 18 display priority-flow-control ·································································································· 19 duplex ····························································································································· 20 eee enable ······················································································································· 21 flow-control ······················································································································ 22 flow-control receive enable ·································································································· 23 flow-interval······················································································································ 23 interface ·························································································································· 24 jumboframe enable ············································································································ 24 link-delay ························································································································· 25 loopback·························································································································· 26 multicast-suppression ········································································································· 27 port auto-power-down ········································································································ 28 port link-mode··················································································································· 29 port up-mode ···················································································································· 30 priority-flow-control ············································································································ 30 priority-flow-control no-drop dot1p ························································································· 31 reset counters interface ······································································································ 33 reset ethernet statistics ······································································································· 33 reset packet-drop interface ·································································································· 34 shutdown ························································································································· 34 speed ····························································································································· 35 unicast-suppression ··········································································································· 36 using fortygige ·················································································································· 37 using tengige ···················································································································· 38 Layer 2 Ethernet interface commands ·························································································· 38 display storm-constrain ······································································································· 38 mdix-mode ······················································································································· 40 port bridge enable ············································································································· 40 port connection-distance ····································································································· 41 port-type ·························································································································· 42 storm-constrain ················································································································· 43 storm-constrain control ······································································································· 44 storm-constrain enable log ·································································································· 45 storm-constrain enable trap ································································································· 45 storm-constrain interval ······································································································ 46 virtual-cable-test················································································································ 47 Layer 3 Ethernet interface and subinterface commands ··································································· 48 mtu································································································································· 48 Loopback, null, and inloopback interface commands······························ 49 bandwidth ························································································································ 49 default····························································································································· 49 description ······················································································································· 50 display interface inloopback ································································································· 51 display interface loopback ··································································································· 53 display interface null ·········································································································· 56 i
interface loopback ············································································································· 57 interface null····················································································································· 58 reset counters interface loopback ························································································· 58 reset counters interface null ································································································· 59 shutdown ························································································································· 60 Bulk interface configuration commands ··············································· 61 display interface range ······································································································· 61 interface range·················································································································· 61 interface range name ········································································································· 63 MAC address table commands ························································· 65 display mac-address ·········································································································· 65 display mac-address nickname ···························································································· 66 display mac-address aging-time ··························································································· 67 display mac-address mac-learning ························································································ 67 display mac-address mac-move ··························································································· 68 display mac-address statistics ······························································································ 69 mac-address (interface view) ······························································································· 70 mac-address (system view) ································································································· 72 mac-address mac-learning enable ························································································ 74 mac-address mac-learning priority ························································································ 75 mac-address mac-roaming enable ························································································ 76 mac-address max-mac-count ······························································································· 77 mac-address max-mac-count enable-forwarding ······································································ 77 mac-address mac-move fast-update ······················································································ 78 mac-address notification mac-move ······················································································ 79 mac-address notification mac-move suppression ····································································· 80 mac-address notification mac-move suppression interval ··························································· 80 mac-address notification mac-move suppression threshold ························································ 81 mac-address static source-check enable ················································································ 82 mac-address timer ············································································································· 82 snmp-agent trap enable mac-address ···················································································· 83 MAC Information commands ···························································· 85 mac-address information enable (interface view) ······································································ 85 mac-address information enable (system view) ········································································ 86 mac-address information interval ·························································································· 86 mac-address information mode ···························································································· 87 mac-address information queue-length ·················································································· 87 Ethernet link aggregation commands ·················································· 89 bandwidth ························································································································ 89 default····························································································································· 89 description ······················································································································· 90 display interface ················································································································ 91 display lacp system-id ········································································································ 94 display link-aggregation load-sharing mode············································································· 95 display link-aggregation load-sharing path ·············································································· 97 display link-aggregation member-port ···················································································· 99 display link-aggregation summary ······················································································· 101 display link-aggregation verbose ························································································· 102 interface bridge-aggregation ······························································································ 105 interface route-aggregation ································································································ 105 lacp edge-port ················································································································ 106 lacp mode ······················································································································ 107 lacp period short ············································································································· 107 lacp system-priority ·········································································································· 108 link-aggregation bfd ipv4 ··································································································· 109 link-aggregation global load-sharing algorithm ······································································· 110 link-aggregation global load-sharing minm ············································································ 110 link-aggregation global load-sharing mode ············································································ 111 ii
link-aggregation global load-sharing seed ············································································· 113 link-aggregation ignore vlan ······························································································· 113 link-aggregation lacp traffic-redirect-notification enable ···························································· 114 link-aggregation load-sharing mode ····················································································· 115 link-aggregation load-sharing mode local-first ········································································ 116 link-aggregation management-port ······················································································ 117 link-aggregation management-vlan ····················································································· 117 link-aggregation mode ······································································································ 118 link-aggregation port-priority ······························································································ 118 link-aggregation selected-port maximum ·············································································· 119 link-aggregation selected-port minimum ··············································································· 120 mtu······························································································································· 121 port link-aggregation group ································································································ 121 reset counters interface ···································································································· 122 reset lacp statistics ·········································································································· 123 shutdown ······················································································································· 123 Port isolation commands ································································ 125 display port-isolate group ·································································································· 125 port-isolate enable ··········································································································· 126 port-isolate group ············································································································ 126 Spanning tree commands ······························································ 128 active region-configuration ································································································ 128 bpdu-drop any ················································································································ 128 check region-configuration ································································································ 129 display stp ····················································································································· 130 display stp abnormal-port ·································································································· 137 display stp bpdu-statistics ································································································· 138 display stp down-port ······································································································· 140 display stp history ············································································································ 141 display stp region-configuration ·························································································· 142 display stp root ··············································································································· 143 display stp tc ·················································································································· 144 instance ························································································································ 145 region-name ··················································································································· 146 reset stp ························································································································ 147 revision-level ·················································································································· 147 snmp-agent trap enable stp ······························································································· 148 stp bpdu-protection ·········································································································· 149 stp bridge-diameter ·········································································································· 149 stp compliance················································································································ 150 stp config-digest-snooping ································································································· 151 stp cost ························································································································· 152 stp edged-port ················································································································ 153 stp enable ······················································································································ 154 stp global config-digest-snooping ························································································ 155 stp global enable ············································································································· 156 stp global mcheck············································································································ 157 stp log enable tc ·············································································································· 157 stp loop-protection ··········································································································· 158 stp max-hops·················································································································· 159 stp mcheck ···················································································································· 159 stp mode ······················································································································· 160 stp no-agreement-check ··································································································· 161 stp pathcost-standard ······································································································· 162 stp point-to-point ············································································································· 162 stp port bpdu-protection ···································································································· 163 stp port priority ················································································································ 164 stp port shutdown permanent ····························································································· 165 stp port-log····················································································································· 166 stp priority ······················································································································ 167 iii
stp region-configuration ···································································································· 168 stp role-restriction ············································································································ 168 stp root primary ··············································································································· 169 stp root secondary ··········································································································· 170 stp root-protection ··········································································································· 171 stp tc-protection ·············································································································· 171 stp tc-protection threshold ································································································· 172 stp tc-restriction ·············································································································· 173 stp tc-snooping ··············································································································· 173 stp timer forward-delay ····································································································· 174 stp timer hello ················································································································· 175 stp timer max-age············································································································ 176 stp timer-factor················································································································ 177 stp transmit-limit ·············································································································· 177 stp vlan enable ··············································································································· 178 vlan-mapping modulo ······································································································· 179 Loop detection commands ····························································· 181 display loopback-detection ································································································ 181 loopback-detection action ·································································································· 181 loopback-detection enable ································································································· 182 loopback-detection global action ························································································· 183 loopback-detection global enable ························································································ 184 loopback-detection interval-time ························································································· 185 VLAN commands ········································································· 186 Basic VLAN commands ··········································································································· 186 bandwidth ······················································································································ 186 default··························································································································· 186 description ····················································································································· 187 display interface vlan-interface ··························································································· 188 display vlan ···················································································································· 191 display vlan brief ············································································································· 193 interface vlan-interface ····································································································· 194 mtu······························································································································· 194 name ···························································································································· 195 service ·························································································································· 196 shutdown ······················································································································· 197 vlan ······························································································································ 197 Port-based VLAN commands ··································································································· 198 display port ···················································································································· 198 port ······························································································································ 199 port access vlan ·············································································································· 200 port hybrid pvid ··············································································································· 201 port hybrid vlan ··············································································································· 202 port link-type ·················································································································· 203 port trunk permit vlan ······································································································· 204 port trunk pvid················································································································· 205 MAC-based VLAN commands ·································································································· 206 display mac-vlan ············································································································· 206 display mac-vlan interface ································································································· 207 mac-vlan enable·············································································································· 208 mac-vlan mac-address ····································································································· 208 mac-vlan trigger enable ···································································································· 209 port pvid forbidden ··········································································································· 210 vlan precedence·············································································································· 211 IP subnet-based VLAN commands ···························································································· 211 display ip-subnet-vlan interface ·························································································· 211 display ip-subnet-vlan vlan ································································································ 212 ip-subnet-vlan ················································································································· 213 port hybrid ip-subnet-vlan ·································································································· 214 Protocol-based VLAN commands ······························································································ 215 iv
display protocol-vlan interface ···························································································· 215 display protocol-vlan vlan ·································································································· 216 port hybrid protocol-vlan ··································································································· 217 protocol-vlan ·················································································································· 218 VLAN group commands ·········································································································· 220 display vlan-group ··········································································································· 220 vlan-group ····················································································································· 221 vlan-list ························································································································· 221 Super VLAN commands ································································ 223 display supervlan ············································································································ 223 subvlan ························································································································· 225 supervlan······················································································································· 226 Private VLAN commands ······························································· 227 display private-vlan ·········································································································· 227 port private-vlan host ········································································································ 229 port private-vlan promiscuous ···························································································· 230 port private-vlan trunk promiscuous ····················································································· 233 port private-vlan trunk secondary ························································································ 235 private-vlan (VLAN interface view) ······················································································ 238 private-vlan (VLAN view) ··································································································· 240 private-vlan community ····································································································· 241 private-vlan isolated ········································································································· 242 private-vlan primary ········································································································· 243 Voice VLAN commands ································································· 245 cdp voice-vlan ················································································································ 245 display voice-vlan mac-address ·························································································· 245 display voice-vlan state ····································································································· 246 voice-vlan aging ·············································································································· 247 voice-vlan enable ············································································································ 248 voice-vlan mac-address ···································································································· 248 voice-vlan mode auto ······································································································· 250 voice-vlan qos ················································································································ 250 voice-vlan qos trust ·········································································································· 251 voice-vlan security enable ································································································· 252 voice-vlan track lldp ········································································································· 252 MVRP commands ········································································ 254 display mvrp running-status ······························································································· 254 display mvrp state ··········································································································· 256 display mvrp statistics ······································································································ 257 mrp timer join ················································································································· 259 mrp timer leave ··············································································································· 259 mrp timer leaveall ············································································································ 260 mrp timer periodic ············································································································ 261 mvrp enable ··················································································································· 262 mvrp global enable ·········································································································· 262 mvrp gvrp-compliance enable ···························································································· 263 mvrp registration ············································································································· 263 reset mvrp statistics ········································································································· 264 QinQ commands ·········································································· 266 display qinq ···················································································································· 266 qinq enable ···················································································································· 267 qinq ethernet-type customer-tag ························································································· 267 qinq ethernet-type service-tag ···························································································· 268 qinq transparent-vlan ······································································································· 269 VLAN mapping commands ····························································· 271 display vlan mapping ········································································································ 271 v
vlan mapping ·················································································································· 272 PBB commands ··········································································· 275 bvlan ···························································································································· 275 display l2vpn minm connection ··························································································· 275 display l2vpn minm forwarding ··························································································· 276 display l2vpn vsi ·············································································································· 277 display pbb connection ····································································································· 279 encapsulation ················································································································· 280 pbb i-sid ························································································································ 281 pbb uplink ······················································································································ 282 reset pbb connection ········································································································ 283 LLDP commands ········································································· 284 dcbx version ··················································································································· 284 display lldp local-information ······························································································ 284 display lldp neighbor-information ························································································ 289 display lldp statistics ········································································································ 298 display lldp status ············································································································ 300 display lldp tlv-config ········································································································ 302 lldp admin-status ············································································································· 305 lldp check-change-interval ································································································· 306 lldp compliance admin-status cdp ······················································································· 307 lldp compliance cdp ········································································································· 308 lldp enable ····················································································································· 309 lldp encapsulation snap ···································································································· 309 lldp fast-count ················································································································· 310 lldp global enable ············································································································ 311 lldp hold-multiplier ··········································································································· 311 lldp ignore-pvid-inconsistency ···························································································· 312 lldp management-address-format string ··············································································· 313 lldp max-credit ················································································································ 313 lldp mode······················································································································· 314 lldp notification med-topology-change enable ········································································ 315 lldp notification remote-change enable ················································································· 315 lldp timer fast-interval ······································································································· 316 lldp timer notification-interval ······························································································ 317 lldp timer reinit-delay ········································································································ 317 lldp timer tx-interval ·········································································································· 318 lldp tlv-enable ················································································································· 318 Service loopback group commands ·················································· 324 display service-loopback group ·························································································· 324 port service-loopback group ······························································································· 324 service-loopback group ····································································································· 325 Cut-through forwarding commands ·················································· 327 cut-through enable··········································································································· 327 Document conventions and icons ···················································· 328 Conventions ························································································································· 328 Network topology icons ··········································································································· 329 Support and other resources ·························································· 330 Accessing Hewlett Packard Enterprise Support ············································································ 330 Accessing updates ················································································································· 330 Websites ······················································································································· 331 Customer self repair········································································································· 331 Remote support ·············································································································· 331 Documentation feedback ·································································································· 331 vi
Index ························································································· 333 vii
Ethernet interface commands
Common Ethernet interface commands
bandwidth
Use bandwidth to configure the expected bandwidth of an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Views
Ethernet interface view
Ethernet subinterface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth of an interface affects the following items:
•
Bandwidth assignment with CBQ. For more information, see ACL and QoS Configuration
Guide.
•
Link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing
Configuration Guide.
Examples
# Set the expected bandwidth of Ten-GigabitEthernet 1/0/1 to 1000 kbps.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] bandwidth 1000
Related commands
speed
broadcast-suppression
Use broadcast-suppression to enable broadcast suppression and set the broadcast suppression
threshold.
Use undo broadcast-suppression to restore the default.
1
Syntax
broadcast-suppression { ratio | pps max-pps | kbps max-kbps }
undo broadcast-suppression
Default
Ethernet interfaces do not suppress broadcast traffic.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
ratio: Sets the broadcast suppression threshold as a percentage of the interface bandwidth. The
value range for this argument is 0 to 100. A smaller value means that less broadcast traffic is allowed
to pass through.
pps max-pps: Specifies the maximum number of broadcast packets that the interface can forward
per second. The value range for the max-pps argument (in pps) is 0 to 1.4881 × the interface
bandwidth. For example, the value range of the max-pps argument for a 40-GE interface is 0 to
59524000.
kbps max-kbps: Specifies the maximum number of kilobits of broadcast traffic that the Ethernet
interface can forward per second. The value range for this argument (in kbps) is 0 to the interface
bandwidth.
Usage guidelines
The broadcast storm suppression feature limits the size of broadcast traffic to a threshold on an
interface. When the broadcast traffic on the interface exceeds this threshold, the system drops
packets until the traffic drops below this threshold.
Both storm-constrain and broadcast-suppression can suppress broadcast storm on a port. The
broadcast-suppression command uses the chip to physically suppress broadcast traffic. It has less
influence on the device performance than the storm-constrain command, which uses software to
suppress broadcast traffic.
For the traffic suppression result to be determined, do not configure both the storm constrain
broadcast command and the broadcast-suppression command on an interface.
When you configure the suppression threshold in kbps, the actual suppression threshold might be
different from the configured one as follows:
•
If the configured value is smaller than 64, the value of 64 takes effect.
•
If the configured value is greater than 64 but not an integer multiple of 64, the integer multiple of
64 that is greater than and closest to the configured value takes effect.
For the suppression threshold that takes effect, see the prompt on the device.
Examples
# Set the broadcast suppression threshold to 10000 kbps on Ten-GigabitEthernet1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] broadcast-suppression kbps 10000
The actual value is 10048 on port Ten-GigabitEthernet1/0/1 currently.
Related commands
multicast-suppression
unicast-suppression
2
default
Use default to restore the default settings for an Ethernet interface.
Syntax
default
Views
Ethernet interface view
Ethernet subinterface view
Predefined user roles
network-admin
Usage guidelines
CAUTION:
The default command might interrupt ongoing network services. Make sure you are fully aware of
the impacts of this command when you use it in a live network.
This command might fail to restore the default settings for some commands for reasons such as
command dependencies or system restrictions. Use the display this command in interface view to
identify these commands, and then use their undo forms or follow the command reference to restore
their default settings. If your restoration attempt still fails, follow the error message instructions to
resolve the problem.
Examples
# Restore the default settings for Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] default
description
Use description to change the description of an interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of an interface is the interface name plus Interface (for example,
Ten-GigabitEthernet1/0/1 Interface).
Views
Ethernet interface view
Ethernet subinterface view
Predefined user roles
network-admin
Parameters
text: Specifies the interface description, a case-sensitive string of 1 to 255 characters.
3
Examples
# Change the description of Ten-GigabitEthernet 1/0/1 to lanswitch-interface.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] description lanswitch-interface
display counters
Use display counters to display interface traffic statistics.
Syntax
display counters { inbound | outbound } interface [ interface-type [ interface-number |
interface-number.subnumber ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
inbound: Displays inbound traffic statistics.
outbound: Displays outbound traffic statistics.
interface-type: Specifies an interface type.
interface-number: Specifies an interface number.
interface-number.subnumber: Specifies a subinterface number, where interface-number is an
interface number, and subnumber is the number of a subinterface created under the interface. The
value range for the subnumber argument is 1 to 4094.
Usage guidelines
This command displays traffic statistics within a statistics polling interval specified by the
flow-interval command.
To clear the Ethernet interface traffic statistics, use the reset counters interface command. For
more information, see "reset counters interface."
If you do not specify an interface type, this command displays traffic statistics for all interfaces that
have traffic counters.
If you specify an interface type but do not specify an interface number, this command displays traffic
statistics for all interfaces of the specified type.
If you specify an interface type and an interface number, this command displays traffic statistics of
the specified interface.
Examples
# Display inbound traffic statistics for all Ten-GigabitEthernet interfaces.
<Sysname> display counters inbound interface ten-gigabitethernet
Interface
Total (pkts)
Broadcast (pkts)
Multicast (pkts)
Err (pkts)
XGE1/0/1
100
100
0
0
XGE1/0/2
0
0
0
0
XGE1/0/3
Overflow
Overflow
Overflow
Overflow
XGE1/0/4
0
0
0
0
4
Overflow: More than 14 digits (7 digits for column "Err").
--: Not supported.
Table 1 Command output
Field
Description
Interface
Abbreviated interface name.
Total (pkts)
Total number of packets received or sent through the interface.
Broadcast (pkts)
Total number of broadcast packets received or sent through the interface.
Multicast (pkts)
Total number of multicast packets received or sent through the interface.
Err (pkts)
Total number of error packets received or sent through the interface.
Overflow: More than 14
digits (7 digits for column
"Err")
The command displays Overflow if any of the following cases applies:
•
The data length of an Err field value is greater than 7 decimal digits.
•
The data length of a non-Err field value is greater than 14 decimal digits.
--: Not supported
The statistical item is not supported.
Related commands
flow-interval
reset counters interface
display counters rate
Use display counters rate to display traffic rate statistics of interfaces in up state for the most recent
statistics polling interval.
Syntax
display counters rate { inbound | outbound } interface [ interface-type [ interface-number |
interface-number.subnumber ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
inbound: Displays inbound traffic rate statistics.
outbound: Displays outbound traffic rate statistics.
interface-type: Specifies an interface type.
interface-number: Specifies an interface number.
interface-number.subnumber: Specifies a subinterface number, where interface-number is an
interface number, and subnumber is the number of a subinterface created under the interface. The
value range for the subnumber argument is 1 to 4094.
Usage guidelines
The statistics cover only interfaces in up state.
5
If you specify an interface type, this command displays traffic rate statistics for all up interfaces of the
specified type.
If you do not specify an interface type, this command displays traffic rate statistics for all up
interfaces that have traffic counters.
If an interface that you specify is always down for the most recent statistics polling interval, the
system prompts that the interface does not support the command.
You can use the flow-interval command to set the statistics polling interval.
Examples
# Display the inbound traffic rate statistics for all Ten-GigabitEthernet interfaces.
<Sysname> display counters rate inbound interface ten-gigabitethernet
Interface
Total (pps)
Broadcast (pps)
Multicast (pps)
XGE1/0/1
200
--
--
XGE1/0/2
300
--
--
XGE1/0/3
300
--
--
Overflow: More than 14 digits.
--: Not supported.
Table 2 Command output
Field
Description
Interface
Abbreviated interface name.
Total (pkts/sec)
Average rate (in pps) of receiving or sending packets during the statistics
polling interval.
Broadcast (pkts/sec)
Average rate (in pps) of receiving or sending broadcast packets during the
statistics polling interval.
Multicast (pkts/sec)
Average rate (in pps) of receiving or sending multicast packets during the
statistics polling interval.
Overflow: more than 14
decimal digits
The command displays Overflow if the data length of a statistical item is
greater than 14 decimal digits.
--: not supported
The statistical item is not supported.
Related commands
flow-interval
reset counters interface
display ethernet statistics
Use display ethernet statistics to display the Ethernet module statistics.
Syntax
display ethernet statistics slot slot-number
Views
User view
Predefined user roles
network-admin
network-operator
6
Parameters
slot slot-number: Displays the Ethernet module statistics on the specified device. The slot-number
argument specifies the IRF member device by its member ID.
Examples
# Display the Ethernet module statistics on IRF member 1.
<Sysname>display ethernet statistics slot 1
ETH receive packet statistics:
Totalnum
: 28259
ETHIINum
: 22328
SNAPNum
: 0
RAWNum
: 0
LLCNum
: 5931
UnknownNum
: 0
ForwardNum
: 22922
ARP
: 0
MPLS
: 0
ISIS
: 0
ISIS2
: 0
IP
: 0
IPV6
: 0
ETH receive error statistics:
NullPoint
: 0
ErrIfindex
: 0
ErrIfcb
: 0
IfShut
: 0
ErrAnalyse
: 0
ErrSrcMAC
: 0
ErrHdrLen
: 0
ETH send packet statistics:
L3OutNum
: 412
VLANOutNum
: 0
FastOutNum
: 181
L2OutNum
: 6351
ETH send error statistics:
MbufRelayNum
: 0
NullMbuf
: 0
ErrAdjFwd
: 0
ErrPrepend
: 0
ErrHdrLen
: 0
ErrPad
: 0
ErrQosTrs
: 0
ErrVLANTrs
: 0
ErrEncap
: 0
ErrTagVLAN
: 0
IfShut
: 0
IfErr
: 0
Table 3 Command output
Field
Description
ETH receive packet
statistics
Statistics about the Ethernet packets received on the Ethernet module.
Totalnum
Total number of received packets:
•
ETHIINum—Number of packets encapsulated by using Ethernet-II.
•
SNAPNum—Number of packets encapsulated by using SNAP.
•
RAWNum—Number of packets encapsulated by using RAW.
•
ISIS—Number of packets encapsulated by using IS-IS.
•
LLCNum—Number of packets encapsulated by using LLC.
•
UnknownNum—Number of packets encapsulated by using unknown
methods.
•
ForwardNum—Number of packets forwarded at Layer 2 or sent to the
CPU.
•
ARP—Number of ARP packets.
•
MPLS—Number of MPLS packets.
•
ISIS—Number of IS-IS packets.
•
ISIS2—Number of large 802.3/802.2 frames encapsulated by using
7
Field
Description
•
•
IS-IS.
IP—Number of IP packets.
IPv6—Number of IPv6 packets.
ETH receive error statistics
Statistics about the error Ethernet packets in the outbound direction on the
Ethernet module. Errors might be included in packets or occur during the
receiving process. The items include:
•
NullPoint—Number of packets that include null pointers.
•
ErrIfindex—Number of packets that include incorrect interface indexes.
•
ErrIfcb—Number of packets that include incorrect interface control
blocks.
•
IfShut—Number of packets that are being received when the interface is
shut down.
•
ErrAnalyse—Number of packets that include packet parsing errors.
•
ErrSrcMAC—Number of packets that include incorrect source MAC
addresses.
•
ErrHdrLen—Number of packets that include header length errors.
ETH send packet statistics
Statistics about the Ethernet packets sent by the Ethernet module:
•
L3OutNum—Number of packets sent out of Layer 3 Ethernet interfaces.
•
VLANOutNum—Number of packets sent out of VLAN interfaces.
•
FastOutNum—Number of packets fast forwarded.
•
L2OutNum—Number of packets sent out of Layer 2 Ethernet interfaces.
•
MbufRelayNum—Number of packets transparently sent.
ETH send error statistics
Statistics about the error Ethernet packets in the outbound direction on the
Ethernet module:
•
NullMbuf—Number of packets with null pointers.
•
ErrAdjFwd—Number of packets with adjacency table errors.
•
ErrPrepend—Number of packets with extension errors.
•
ErrHdrLen—Number of packets with header length errors.
•
ErrPad—Number of packets with padding errors.
•
ErrQosTrs—Number of packets that failed to be sent by QoS.
•
ErrVLANTrs—Number of packets that failed to be sent in VLANs.
•
ErrEncap—Number of packets that failed to be sent due to link header
encapsulation failures.
•
ErrTagVLAN—Number of packets that failed to be sent due to VLAN tag
encapsulation failures.
•
IfShut—Number of packets that are being sent when the interface is shut
down.
•
IfErr—Number of packets with incorrect outgoing interfaces.
Related commands
reset ethernet statistics
display interface
Use display interface to display Ethernet interface information.
Syntax
display interface [ interface-type ] [ brief [ down ] ]
display interface [ interface-type [ interface-number | interface-number.subnumber ] ] [ brief
[ description ] ]
8
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type: Specifies an interface type.
interface-number: Specifies an interface number.
interface-number.subnumber: Specifies a subinterface number, where interface-number is an
interface number, and subnumber is the number of a subinterface created under the interface. The
value range for the subnumber argument is 1 to 4094.
brief: Displays brief interface information. If you do not specify this keyword, the command displays
detailed interface information.
down: Displays information about interfaces in the down state and the causes. If you do not specify
this keyword, the command displays information about interfaces in all states.
description: Displays complete interface descriptions. If you do not specify this keyword, the
command displays only the first 27 characters of interface descriptions.
Usage guidelines
If you do not specify an interface type, this command displays information about all interfaces.
If you specify an interface type but do not specify an interface number, this command displays
information about all interfaces of that type.
If you specify both the interface type and interface number, this command displays information about
the specified interface.
Examples
# Display information about Layer 3 interface Ten-GigabitEthernet 1/0/1.
<Sysname> display interface ten-gigabitethernet 1/0/1
Ten-GigabitEthernet1/0/1
Current state: DOWN
Line protocol state: DOWN
Description: Ten-GigabitEthernet1/0/1 Interface
Bandwidth: 10000000kbps
Maximum transmission unit: 1500
Allow jumbo frames to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
Internet protocol processing: Disabled
IP packet frame type: Ethernet II, hardware address: 00e0-fc00-5928
IPv6 packet frame type: Ethernet II, hardware address: 00e0-fc00-5928
Loopback is not set
Media type is not sure, Port hardware type is no connector
Port priority: 0
Unknown-speed mode, unknown-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
9
The maximum frame length is 10000
Last clearing of counters: Never
Peak input rate: 0 bytes/sec, at 2011-01-01 03:35:48
Peak output rate: 0 bytes/sec, at 2011-01-01 03:35:48
Last 300 second input:
0 packets/sec 0 bytes/sec
Last 300 second output:
Input (total):
0 packets/sec 0 bytes/sec
0 packets, 0 bytes
0 unicasts, 0 broadcasts,
Input (normal):
0 multicasts, 0 pauses
0 packets, - bytes
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses
Input:
0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC,
0 frame, - overruns, 0 aborts
- ignored, - parity errors
Output (total):
0 packets, 0 bytes
0 unicasts, 0 broadcasts,
Output (normal):
0 multicasts, 0 pauses
0 packets, - bytes
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors,
0 aborts,
- underruns, - buffer failures
0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrier
Table 4 Command output
Field
Description
Current state
State of the interface:
•
Administratively DOWN—The interface has been shut down
by using the shutdown command.
•
DOWN—The interface is administratively up, but its physical
state is down (possibly because no physical link exists or the
link has failed).
•
UP—The Ethernet interface is both administratively and
physically up.
Line protocol state
Data link layer state of the interface. The state is determined
through automatic parameter negotiation at the data link layer.
•
UP—The data link layer protocol is up.
•
UP (spoofing)—The data link layer protocol is up, but the link
is an on-demand link or does not exist. This attribute is typical
of null interfaces and loopback interfaces.
•
DOWN—The data link layer protocol is down.
•
DOWN (DLDP DOWN)—The data link layer protocol of the
interface is down because DLDP detected that the link was
unidirectional.
•
DOWN (LAGG DOWN)—The data link layer protocol of the
interface is down because the aggregate interface does not
have Selected ports.
•
DOWN (OAM DOWN)—The data link layer protocol of the
interface is down because OAM detected remote link failures.
•
DOWN (DLDP and LAGG DOWN)—The data link layer
protocol of the interface is shut down by DLDP and LAGG.
•
DOWN (DLDP and OAM DOWN)—The data link layer
protocol of the interface is shut down by DLDP and OAM.
•
DOWN (OAM and LAGG DOWN)—The data link layer
protocol of the interface is shut down by OAM and LAGG.
•
DOWN (DLDP, OAM and LAGG DOWN)—The data link layer
10
Field
Description
protocol of the interface is shut down by DLDP, OAM, and
LAGG.
Hold timer is
Link-up or link-down event suppression interval.
Bandwidth
Expected bandwidth of the interface.
Maximum transmission unit
MTU of the interface.
Internet protocol processing: Disabled
Indicates that the interface cannot process IP packets.
Internet address: 192.168.1.200/24
(primary)
IP address of the interface. The primary attribute indicates that the
address is the primary IP address.
IP packet frame type
IPv4 packet framing format.
hardware address
MAC address of the interface.
IPv6 packet frame type
IPv6 packet framing format.
Last clearing of counters
Time when the reset counters interface command was last used
to clear the interface statistics. Never indicates the reset counters
interface command has never been used on the interface since the
device's startup.
Last 300 second input rate
Average input rate over the last 300 seconds in Bps, bps, and pps.
Last 300 second output rate
Average output rate over the last 300 seconds in Bps, bps, and pps.
# Display detailed information about Layer 2 interface Ten-GigabitEthernet 1/0/1.
<Sysname> display interface ten-gigabitethernet 1/0/1
Ten-GigabitEthernet1/0/1
Current state: UP
Line protocol state: UP
IP packet frame type: Ethernet II, hardware address: 00e0-fc00-5932
Description: Ten-GigabitEthernet1/0/1 Interface
Bandwidth: 10000000kbps
Loopback is not set
Media type is stack wire, port hardware type is STACK_SFP_PLUS
10Gbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Maximum frame length: 10000
Allow jumbo frame to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
PVID: 1
MDI type: Automdix
Port link-type: Access
Tagged VLANs:
None
Untagged VLANs: 1
Port priority: 0
Last clearing of counters: Never
Peak input rate: 0 bytes/sec, at 2011-01-01 04:43:29
Peak output rate: 0 bytes/sec, at 2011-01-01 04:43:29
11
Last 300 second input:
Last 300 second output:
Input (total):
0 packets/sec 0 bytes/sec 0%
0 packets/sec 0 bytes/sec 0%
1 packets, 336 bytes
0 unicasts, 0 broadcasts, 1 multicasts, 0 pauses
Input (normal):
1 packets, - bytes
0 unicasts, 0 broadcasts, 1 multicasts, 0 pauses
Input:
0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, - overruns, 0 aborts
- ignored, - parity errors
Output (total): 2 packets, 664 bytes
0 unicasts, 0 broadcasts, 2 multicasts, 0 pauses
Output (normal): 2 packets, - bytes
0 unicasts, 0 broadcasts, 2 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrier
Table 5 Command output
Field
Description
Current state
Physical link state of the Ethernet interface:
•
Administratively DOWN—The interface has been shut down by using
the shutdown command.
•
DOWN—The interface is administratively up, but its physical state is
down (possibly because no physical link exists or the link has failed).
•
UP—The Ethernet interface is both administratively and physically up.
Line protocol state
Data link layer state of the interface. The state is determined through
parameter negotiation on the link layer.
•
UP—The data link layer protocol is up.
•
UP (spoofing)—The data link layer protocol is up, but the link is an
on-demand link or does not exist. This attribute is typical of null interfaces
and loopback interfaces.
•
DOWN—The data link layer protocol is down.
•
DOWN (DLDP DOWN)—The data link layer protocol of the interface is
down because DLDP detected that the link was unidirectional.
•
DOWN (LAGG DOWN)—The data link layer protocol of the interface is
down because the aggregate interface does not have Selected ports.
•
DOWN (OAM DOWN)—The data link layer protocol of the interface is
down because OAM detected remote link failures.
•
DOWN (DLDP and LAGG DOWN)—The data link layer protocol of the
interface is shut down by DLDP and LAGG.
•
DOWN (DLDP and OAM DOWN)—The data link layer protocol of the
interface is shut down by DLDP and OAM.
•
DOWN (OAM and LAGG DOWN)—The data link layer protocol of the
interface is shut down by OAM and LAGG.
•
DOWN (DLDP, OAM and LAGG DOWN)—The data link layer protocol of
the interface is shut down by DLDP, OAM, and LAGG.
IP packet frame type
Ethernet framing format. PKTFMT_ETHNT_2 indicates that the frames are
encapsulated in Ethernet II framing format.
hardware address
MAC address of the interface.
Bandwidth
Expected bandwidth of the interface.
Loopback is set internal
An internal loopback test is running on the Ethernet interface.
12
Field
Description
Loopback is set external
An external loopback test is running on the Ethernet interface.
Loopback is not set
No loopback test is running on the Ethernet interface.
10Mbps-speed mode
The interface is operating at 10 Mbps.
100Mbps-speed mode
The interface is operating at 100 Mbps.
1000Mbps-speed mode
The interface is operating at 1000 Mbps.
10Gbps-speed mode
The interface is operating at 10 Gbps.
40Gbps-speed mode
The interface is operating at 40 Gbps.
Unknown-speed mode
The speed of the interface is unknown because the speed negotiation fails or
the interface is physically disconnected.
half-duplex mode
The interface is operating in half duplex mode.
full-duplex mode
The interface is operating in full duplex mode.
unknown-duplex mode
The duplex mode of the interface is unknown because the duplex mode
negotiation fails or the interface is physically disconnected.
Link speed type is
autonegotiation
The interface is configured with the speed auto command.
Link speed type is force link
The interface is configured with a speed by using the speed command.
link duplex type is
autonegotiation
The interface is configured with the duplex auto command.
link duplex type is force link
The interface is configured with a duplex mode by using the duplex command.
Maximum frame length
Maximum Ethernet frame length allowed on the interface.
Allow jumbo frame to pass
The interface allows jumbo frames to pass through.
Broadcast max-
Broadcast storm suppression threshold in ratio, pps, or kbps. The unit of the
threshold depends on your configuration.
Multicast max-
Multicast storm suppression threshold in ratio, pps, or kbps. The unit of the
threshold depends on your configuration.
Unicast max-
Unicast storm suppression threshold in ratio, pps, or kbps. The unit of the
threshold depends on your configuration.
PVID
Port VLAN ID (PVID) of the Ethernet interface.
MDI type
Cable type (depending on your configuration):
•
automdix.
•
mdi.
•
mdix.
Port link-type
Link type of the interface (depending on your configuration):
•
access.
•
trunk.
•
hybrid.
Tagged VLANs
VLANs for which the interface sends packets without removing VLAN tags.
Untagged VLANs
VLANs for which the interface sends packets after removing VLAN tags.
Port priority
Priority of the interface.
Last clearing of counters:
Never
Time when the reset counters interface command was last used to clear
statistics on the interface. Never indicates that the reset counters interface
command was never used since the device was started.
13
Field
Description
Peak input rate
Peak rate of inbound traffic in Bps, and the time when the peak inbound traffic
rate occurred.
Peak output rate
Peak rate of outbound traffic in Bps, and the time when the peak outbound
traffic rate occurred.
Last 300 second input
Average rate of inbound traffic in the last 300 seconds, in pps and Bps, and the
ratio of the actual rate to the maximum interface rate.
A hyphen (-) indicates that the statistical item is not supported.
Last 300 second output
Average rate of outbound traffic in the last 300 seconds, in pps and Bps, and
the ratio of the actual rate to the maximum interface rate.
A hyphen (-) indicates that the statistical item is not supported.
Inbound traffic statistics (in packets and bytes) for the interface. All inbound
normal and abnormal packets and normal pause frames were counted.
Input(total)
Number of inbound unicast packets, number of inbound broadcasts, number
of inbound multicasts, and number of inbound pause frames.
A hyphen (-) indicates that the statistical item is not supported.
Inbound normal traffic and pause frame statistics (in packets and bytes) for the
interface.
Input(normal)
Number of inbound normal unicast packets, number of inbound normal
broadcasts, number of inbound normal multicasts, and number of inbound
normal pause frames.
A hyphen (-) indicates that the statistical item is not supported.
input errors
Statistics of incoming error packets.
runts
Number of inbound frames shorter than 64 bytes, in correct format, and
containing valid CRCs.
giants
Number of inbound frames larger than the maximum frame length supported
on the interface.
•
For an Ethernet interface that does not permit jumbo frames, giants refer
to frames larger than 1536 bytes (without VLAN tags) or 1540 bytes (with
VLAN tags).
•
For an Ethernet interface that permits jumbo frames, giants refer to
frames larger than the maximum length of Ethernet frames that are
allowed to pass through, which is configured when you configure jumbo
frame support on the interface.
throttles
Number of inbound frames that had a non-integer number of bytes.
CRC
Total number of inbound frames that had a normal length, but contained CRC
errors.
frame
Total number of inbound frames that contained CRC errors and a non-integer
number of bytes.
overruns
Number of packets dropped because the input rate of the port exceeded the
queuing capability.
aborts
Total number of illegal inbound packets:
•
Fragment frames—CRC error frames shorter than 64 bytes. The length
can be an integral or non-integral value.
•
Jabber frames—CRC error frames greater than the maximum frame
length supported on the Ethernet interface (with an integral or
non-integral length).
{
For an Ethernet interface that does not permit jumbo frames, jabber
frames refer to CRC error frames greater than 1536 bytes (without
VLAN tags) or 1540 bytes (with VLAN tags).
{
For an Ethernet interface that permits jumbo frames, jabber frames
14
Field
Description
•
•
•
refer to CRC error frames greater than the maximum length of
Ethernet frames that are allowed to pass through the interface.
Symbol error frames—Frames that contained at least one undefined
symbol.
Unknown operation code frames—Non-pause MAC control frames.
Length error frames—Frames whose 802.3 length fields did not match
the actual frame length (46 to 1500 bytes).
ignored
Number of inbound frames dropped because the receive buffer of the port ran
low.
parity errors
Total number of frames with parity errors.
Outbound traffic statistics (in packets and bytes) for the interface. All outbound
normal and abnormal packets and normal pause frames were counted.
Number of outbound unicast packets, number of outbound broadcasts,
number of outbound multicasts, and number of outbound pause frames.
Output(total)
A hyphen (-) indicates that the statistical item is not supported.
Outbound normal traffic and pause frame statistics (in packets and bytes) for
the interface.
Number of outbound normal unicast packets, number of outbound normal
broadcasts, number of outbound normal multicasts, and number of outbound
normal pause frames.
Output(normal)
A hyphen (-) indicates that the statistical item is not supported.
output errors
Number of outbound packets with errors.
underruns
Number of packets dropped because the output rate of the interface exceeded
the output queuing capability. This is a low-probability hardware anomaly.
buffer failures
Number of packets dropped because the transmit buffer of the interface ran
low.
aborts
Number of packets that failed to be transmitted, for example, because of
Ethernet collisions.
deferred
Number of frames that the interface deferred to transmit because of detected
collisions.
collisions
Number of frames that the interface stopped transmitting because Ethernet
collisions were detected during transmission.
late collisions
Number of frames that the interface deferred to transmit after transmitting their
first 512 bits because of detected collisions.
lost carrier
Number of carrier losses during transmission. This counter increases by one
when a carrier is lost, and applies to serial WAN interfaces.
no carrier
Number of times that the port failed to detect the carrier when attempting to
send frames. This counter increases by one when a port failed to detect the
carrier, and applies to serial WAN interfaces.
# Display brief information about all interfaces.
<Sysname> display interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) – spoofing
Interface
Link Protocol Primary IP
InLoop0
UP
UP(s)
--
Loop0
UP
UP(s)
--
15
Description
M-GE0/0/0
UP
UP
192.168.0.65
NULL0
UP
UP(s)
--
REG0
DOWN --
--
XGE1/0/1
DOWN DOWN
--
Vlan1
UP
DOWN
--
Vlan999
UP
UP
192.168.1.42
The brief information of interfaces in bridge mode:
Link: ADM - administratively down
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface
Link Speed
Duplex Type PVID Description
XGE1/0/2
DOWN auto
A
A
1
XGE1/0/3
UP
F(a)
A
1
XGE1/0/4
DOWN auto
A
A
1
XGE1/0/5
DOWN auto
A
A
1
XGE1/0/6
UP
F(a)
A
1
XGE1/0/7
DOWN auto
A
A
1
XGE1/0/8
UP
10G(a)
F(a)
A
1
XGE1/0/9
UP
10G(a)
F(a)
A
999
10G(a)
10G(a)
aaaaaaaaaaaaaaaaaaaaaaaaaaa
# Display brief information about Ten-GigabitEthernet 1/0/3, including the complete interface
description.
<Sysname> display interface ten-gigabitethernet 1/0/3 brief description
The brief information of interfaces in bridge mode:
Link: ADM - administratively down
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface
Link Speed
Duplex Type PVID Description
XGE1/0/3
UP
F(a)
10G(a)
A
1
aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
# Display information about interfaces in DOWN state and the causes.
<Sysname> display interface brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface
Link Cause
REG0
DOWN Not connected
XGE1/0/1
DOWN Not connected
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Interface
Link Cause
XGE1/0/2
DOWN Not connected
XGE1/0/4
DOWN Not connected
XGE1/0/5
DOWN Not connected
XGE1/0/7
DOWN Not connected
16
Table 6 Command output
Field
Description
Brief information of interfaces in
route mode:
Brief information about Layer 3 interfaces.
•
Link: ADM - administratively down;
Stby - standby
•
ADM—The interface has been shut down by the network
administrator. To recover its physical layer state, run the undo
shutdown command.
Stby—The interface is a standby interface.
Protocol: (s) – spoofing
If the data link layer protocol of an interface is up, but its link is an
on-demand link or not present at all, this field displays UP (s), where s
represents the spoofing flag. This attribute is typical of interface Null 0
and loopback interfaces.
Interface
Interface name.
Link
Physical link state of the interface:
•
UP—The link is up.
•
DOWN—The link is physically down.
•
ADM—The link has been administratively shut down. To recover
its physical state, run the undo shutdown command.
•
Stby—The interface is a standby interface.
Protocol
Link layer protocol state of the interface:
•
UP.
•
DOWN.
•
UP(s)—The link of the interface is an on-demand link or not
present at all.
Primary IP
Primary IP address of the interface. A hyphen (-) indicates that the
interface is not configured with an IP address.
Description
Partial or complete interface description configured by using the
description command:
•
If you do not specify the description keyword for the display
interface brief command, the Description field displays only the
first 27 characters of the interface description.
•
If you specify the description keyword for the display interface
brief command, the field displays the complete interface
description.
The brief information of interfaces
in bridge mode:
Brief information about Layer 2 interfaces.
If the speed of an interface is automatically negotiated, its speed
attribute includes the autonegotiation flag, indicated by the letter a in
parentheses.
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F full
If the duplex mode of an interface is automatically negotiated, its
duplex mode attribute includes the following options:
•
(a)/A—Autonegotiation.
•
H—Half negotiation.
•
F—Full negotiation.
Type: A - access; T - trunk; H –
hybrid
Link type options for Ethernet interfaces.
Speed
Interface rate, in bps.
Duplex
Duplex mode of the interface:
•
A—Autonegotiation.
•
F—Full duplex.
17
Field
Description
•
•
•
F(a)—Autonegotiated full duplex.
H—Half duplex.
H(a)—Autonegotiated half duplex.
Type
Link type of the interface:
•
A—Access.
•
H—Hybrid.
•
T—Trunk.
PVID
Port VLAN ID.
Cause
Cause for the physical link state of an interface to be DOWN:
•
Administratively—The port is manually shut down by using the
shutdown command. To restore the physical state of the
interface, use the undo shutdown command.
•
DOWN ( Link-Aggregation interface down )—When an
aggregate interface is shut down, the physical state of all member
ports of the aggregate interface becomes DOWN.
•
DOWN (Loopback detection down)—The port is shut down
because the loopback detection module has detected loops.
•
DOWN ( Monitor-Link uplink down )—The port is shut down
because the monitor link module has detected that the uplink is
down.
•
MAD ShutDown—After an IRF split, the state of all interfaces
except the excluded ports in the IRF in recovery state is set to
DOWN.
•
Not connected—No physical connection exists (possibly
because the network cable is disconnected or faulty).
•
Storm-Constrain—The port is shut down because the unknown
unicast traffic, multicast traffic, or broadcast traffic exceeds the
upper limit.
•
STP DOWN—The port is shut down by the STP BPDU guard
function.
•
Port Security Disabled—The port is shut down by the intrusion
detection mechanism because the port receives illegal packets.
•
Standby—The interface is in the Standby state.
Related commands
reset counters interface
display packet-drop
Use display packet-drop to display information about packets dropped on an interface or multiple
interfaces.
Syntax
display packet-drop { interface [ interface-type [ interface-number ] ] | summary }
Views
Any view
Predefined user roles
network-admin
network-operator
18
Parameters
interface-type: Specifies an interface type. If you do not specify an interface type, this command
displays information about dropped packets on all the interfaces on the device.
interface-number: Specifies an interface number. If you specify an interface type only, this command
displays information about dropped packets on the specified type of interfaces.
summary: Displays the summary of dropped packets on all interfaces.
Examples
# Display information about dropped packets on Ten-GigabitEthernet 1/0/1.
<Sysname> display packet-drop interface ten-gigabitethernet 1/0/1
Ten-GigabitEthernet1/0/1:
Packets dropped due to full GBP or insufficient bandwidth: 301
Packets dropped due to Fast Filter Processor (FFP): 261
Packets dropped due to STP non-forwarding state: 321
Packets dropped due to insufficient data buffer. Input dropped: 0 Output dropped: 0
# Display the summary of dropped packets on all interfaces.
<Sysname> display packet-drop summary
All interfaces:
Packets dropped due to full GBP or insufficient bandwidth: 301
Packets dropped due to Fast Filter Processor (FFP): 261
Packets dropped due to STP non-forwarding state: 321
Packets dropped due to insufficient data buffer. Input dropped: 0 Output dropped: 0
Table 7 Command output
Field
Description
Packets dropped due to full GBP or insufficient
bandwidth
Packets that are dropped because the buffer is
used up or the bandwidth is insufficient.
Packets dropped due to Fast Filter Processor (FFP)
Packets that are filtered out.
Packets dropped due to STP non-forwarding state
Packets that are dropped because STP is in the
non-forwarding state.
Packets dropped due to insufficient data buffer. Input
dropped: 0 Output dropped: 0
Packets that are dropped because of insufficient
data buffer.
NOTE:
Statistics about the outgoing packets dropped due to FFP or STP are not collected.
display priority-flow-control
Use display priority-flow-control to display the PFC information and frame statistics for an
interface.
Syntax
display priority-flow-control interface [ interface-type [ interface-number ] ]
Views
Any view
Predefined user roles
network-admin
19
network-operator
Parameters
interface-type: Specifies an interface type. If you do not specify an interface type, the command
displays the PFC information and frame statistics for all Ethernet interfaces.
interface-number: Specifies an interface number. If you do not specify an interface number, the
command displays the PFC information and frame statistics for all Ethernet interfaces of the
specified type.
Examples
# Display the PFC information and frame statistics for all Ethernet interfaces.
<Sysname> display priority-flow-control interface
Interface
AdminMode
OperMode
Dot1pList
Prio
Recv
Send
-------------------------------------------------------------------------------XGE1/0/1
Disabled
Disabled
0,2-3,5-6
XGE1/0/2
Auto
Enabled
0-1,3-4,6-7 0
XGE1/0/3
XGE1/0/4
Enabled
Auto
Enabled
Disabled
0-2,4-5,7
4294967295 4294967295
5
23
0
7
5
0
0
178
43
1
234
112
4
13
0
5
1572
0
7
110
0
1-2,4-5,7
Table 8 Command output
Field
Description
Interface
Abbreviated name of the interface.
AdminMode
Administrative PFC status:
•
Disabled—PFC is disabled for the interface.
•
Auto—The interface is configured to autonegotiate the PFC status with the
remote end.
•
Enabled—PFC is enabled for the interface.
OperMode
Operative PFC status:
•
Disabled—PFC is disabled.
•
Enabled—PFC is enabled.
Dot1pList
802.1p priorities that are enabled with PFC. 802.1p priority values 0 through 7 are
available.
Prio
An 802.1p priority is displayed only when the 802.1p priority is enabled with PFC
and the interface has received or sent packets with the 802.1p priority.
Recv
Number of received frames.
Send
Number of sent frames.
duplex
Use duplex to set the duplex mode for an Ethernet interface.
Use undo duplex to restore the default duplex mode of the Ethernet interface.
20
Syntax
duplex { auto | full | half }
undo duplex
Default
Ethernet interfaces autonegotiate the duplex mode.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
auto: Configures the interface to autonegotiate the duplex mode with the peer.
full: Configures the interface to operate in full duplex mode, so that the interface can receive and
transmit packets at the same time.
half: Configures the interface to operate in half duplex mode, so that the interface can only receive or
transmit packets at a given time. Copper ports operating at 1000 Mbps or 10 Gbps and fiber ports do
not support this keyword.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to operate in full duplex mode.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] duplex full
eee enable
IMPORTANT:
Fiber ports do not support this command.
Use eee enable to enable EEE.
Use undo eee enable to restore the default.
Syntax
eee enable
undo eee enable
Default
EEE is disabled.
Views
Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
With the EEE function, a link-up port enters the low power state if it has not received any packet for a
certain period of time. The time period depends on the chip specifications and is not configurable.
When a packet arrives later, the port enters the normal state.
21
For the 10-GE copper ports of HPE 5900AF-48XGT-4QSFP+ Switch (JH037A) and HPE
5900AF-48XGT-4QSFP+ TAA-compliant Switch (JH037A), this command is available only when the
ports operate at 10 Gbps.
Examples
# Enable EEE on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] eee enable
flow-control
CAUTION:
Configuring generic flow control on an Ethernet interface will cause link-up and link-down events
before the interface finally stays up.
Use flow-control to enable TxRx mode generic flow control on an Ethernet interface.
Use undo flow-control to disable generic flow control on the Ethernet interface.
Syntax
flow-control
undo flow-control
Default
Generic flow control is disabled on an Ethernet interface.
Views
Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
To implement flow control on a link, enable the generic flow control function at both ends of the link.
TxRx mode generic flow control enables an Ethernet interface to perform the following actions:
•
Receive common pause frames from its peer.
•
Send common pause frames to notify its peer of congestions.
With the flow-control command configured, an interface can both send and receive flow control
frames:
•
When congested, the interface sends a flow control frame to its peer.
•
Upon receiving a flow control frame from the peer, the interface suspends sending packets.
Examples
# Enable TxRx mode generic flow control on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] flow-control
22
flow-control receive enable
CAUTION:
Configuring generic flow control on an Ethernet interface will cause link-up and link-down events
before the interface finally stays up.
Use flow-control receive enable to enable Rx mode generic flow control on an Ethernet port.
Use undo flow-control to disable generic flow control on an Ethernet interface.
Syntax
flow-control receive enable
undo flow-control
Default
Rx flow control is disabled on Ethernet interfaces.
Views
Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
With the flow-control receive enable command configured, an interface can receive, but not send,
flow control frames. When the interface receives a flow control frame from its peer, it suspends
sending packets to the peer. When traffic congestion occurs on the interface, it cannot send flow
control frames to the peer.
To handle unidirectional traffic congestion on a link, configure the flow-control receive enable
command at one end, and the flow-control command at the other. To enable both ends of the link to
handle traffic congestion, configure the flow-control command at both ends.
Examples
# Enable Rx mode generic flow control on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] flow-control receive enable
Related commands
flow-control
flow-interval
Use flow-interval to set the interface statistics polling interval.
Use undo flow-interval to restore the default interval.
Syntax
flow-interval interval
undo flow-interval
Default
The interface statistics polling interval is 300 seconds.
23
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
interval: Sets the statistics polling interval, in seconds. The interval is in the range of 5 to 300 and
must be a multiple of 5.
Examples
# Set the statistics polling interval to 100 seconds on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] flow-interval 100
interface
Use interface to enter interface or subinterface view. If the subinterface does not exist, the
command creates the subinterface and leads you to its view.
Syntax
interface interface-type { interface-number | interface-number.subnumber }
Views
System view
Predefined user roles
network-admin
Parameters
interface-type: Specifies an interface type.
interface-number: Specifies an interface number.
interface-number.subnumber: Specifies a subinterface number, where interface-number is an
interface number, and subnumber is the number of a subinterface created under the interface. The
value range for the subnumber argument is 1 to 4094.
Examples
# Enter Ten-GigabitEthernet 1/0/1 interface view.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1]
# Create Ethernet subinterface Ten-GigabitEthernet 1/0/1.1 and enter its view.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1.1
[Sysname-Ten-GigabitEthernet1/0/1.1]
jumboframe enable
Use jumboframe enable to allow jumbo frames within the specified length to pass through.
Use undo jumboframe enable to prevent jumbo frames from passing through.
24
Syntax
jumboframe enable [ value ]
undo jumboframe enable
Default
The device allows jumbo frames within 10000 bytes to pass through.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
value: Sets the maximum length of Ethernet frames that are allowed to pass through. The value
range is 1536 to 10000 bytes.
Usage guidelines
If you set the value argument multiple times, the most recent configuration takes effect.
Examples
# Enable jumbo frames to pass through Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] jumboframe enable
link-delay
Use link-delay to set the physical state change suppression interval on an Ethernet interface.
Use undo link-delay to restore the default.
Syntax
link-delay [ msec ] delay-time [ mode { up | updown } ]
undo link-delay
Default
Each time the physical link of a port goes up or comes down, the interface immediately reports the
change to the CPU.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
msec: Enables the physical state change suppression interval to be accurate to milliseconds. If you
do not specify this keyword, the suppression interval is accurate to seconds.
delay-time: Sets the physical state change suppression interval on the Ethernet interface. A value of
0 indicates that physical state changes are immediately reported to the CPU and are not
suppressed.
•
If you do not specify the msec keyword, the value range for this argument is 0 to 30 seconds.
25
•
If you specify the msec keyword, the value range for this argument is 0 to 10000 milliseconds,
and the value must be a multiple of 100.
mode up: Suppresses the link-up events.
mode updown: Suppresses both the link-up and link-down events.
Usage guidelines
When the link-delay delay-time command is configured:
•
The link-down event is not reported to the CPU unless the interface is still down when the
suppression interval (delay-time) expires.
•
The link-up event is immediately reported.
When the link-delay delay-time mode up command is configured:
•
The link-up event is not reported to the CPU unless the interface is still up when the
suppression interval (delay-time) expires.
•
The link-down event is immediately reported.
When the link-delay delay-time mode updown command is configured:
•
The link-down event is not reported to the CPU unless the interface is still down when the
suppression interval (delay-time) expires.
•
The link-up event is not reported to the CPU unless the interface is still up when the
suppression interval (delay-time) expires.
On a port, if you configure the link-delay command multiple times, the most recent configuration
takes effect.
Do not configure this command on a port with RRPP, spanning tree protocols, or Smart Link enabled.
Examples
# Set the link-down event suppression interval to 8 seconds on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] link-delay 8
# Set the link-up event suppression interval to 800 milliseconds on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] link-delay msec 800 mode up
loopback
Use loopback to perform a loopback test on an Ethernet interface.
Syntax
loopback { external | internal }
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
external: Performs an external loopback test on the Ethernet interface.
internal: Performs an internal loopback test on the Ethernet interface.
26
Usage guidelines
If an Ethernet interface does not work correctly, you can perform a loopback test on it to identify the
problem.
An Ethernet interface in a loopback test does not forward data traffic.
On an administratively shut down Ethernet interface (displayed as in ADM or Administratively
DOWN state), you cannot perform an internal or external loopback test.
The speed, duplex, mdix-mode, and shutdown commands are not available during a loopback
test.
During a loopback test, the Ethernet interface operates in full duplex mode. When the loopback test
is complete, the port returns to its duplex setting.
Examples
# Perform an internal loopback test on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] loopback internal
Loop internal succeeded!
multicast-suppression
Use multicast-suppression to enable multicast storm suppression and set the multicast storm
suppression threshold.
Use undo multicast-suppression to restore the default.
Syntax
multicast-suppression { ratio | pps max-pps | kbps max-kbps } [ unknown ]
undo multicast-suppression
Default
Ethernet interfaces do not suppress multicast traffic.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
ratio: Sets the multicast suppression threshold as a percentage of the interface bandwidth. The value
range for this argument (in percentage) is 0 to 100. A smaller value means that less multicast traffic is
allowed to pass through.
pps max-pps: Specifies the maximum number of multicast packets that the interface can forward per
second. The value range for the max-pps argument (in pps) is 0 to 1.4881 × the interface bandwidth.
For example, the value range of the max-pps argument for a 40-GE interface is 0 to 59524000.
kbps max-kbps: Specifies the maximum number of kilobits of multicast traffic that the Ethernet
interface can forward per second. The value range for this argument (in kbps) is 0 to the interface
bandwidth.
unknown: Suppresses only the unknown multicast traffic.
27
Usage guidelines
The multicast storm suppression feature limits the size of multicast traffic (including known and
unknown multicast) to a threshold on an interface. When the multicast traffic on the interface
exceeds this threshold, the system drops packets until the traffic drops below this threshold.
Both storm-constrain and multicast-suppression can suppress multicast storm on a port. The
multicast-suppression command uses the chip to physically suppress multicast traffic. It has less
influence on the device performance than the storm-constrain command, which uses software to
suppress multicast traffic.
For the traffic suppression result to be determined, do not configure both the storm constrain
multicast command and the multicast-suppression command on an interface.
When you configure the suppression threshold in kbps, the actual suppression threshold might be
different from the configured one as follows:
•
If the configured value is smaller than 64, the value of 64 takes effect.
•
If the configured value is greater than 64 but not an integer multiple of 64, the integer multiple of
64 that is greater than and closest to the configured value takes effect.
For the suppression threshold that takes effect, see the prompt on the device.
Examples
# Set the multicast storm suppression threshold to 10000 kbps on Ten-GigabitEthernet1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] multicast-suppression kbps 10000
The actual value is 10048 on port Ten-GigabitEthernet1/0/1 currently.
Related commands
broadcast-suppression
unicast-suppression
port auto-power-down
IMPORTANT:
Fiber ports do not support this command.
Use port auto-power-down to enable auto power-down on an Ethernet interface.
Use undo port auto-power-down to restore the default.
Syntax
port auto-power-down
undo port auto-power-down
Default
Auto power-down is disabled on Ethernet interfaces.
Views
Ethernet interface view
Predefined user roles
network-admin
28
Usage guidelines
When the auto power-down function is enabled on an interface and the interface has been down for
a certain period of time, both of the following events occur:
•
The switch automatically stops supplying power to the interface.
•
The interface enters the power save mode.
The time period depends on the chip specifications and is not configurable.
When the interface comes up, both of the following events occur:
•
The switch automatically restores the power supply to the interface.
•
The interface enters its normal state.
This command is applicable only to HPE 5900AF-48G-4XG-2QSFP+ Switch (JG510A) and HPE
5900AF-48G-4XG-2QSFP+ TAA-compliant Switch (JH038A).
Examples
# Enable auto power-down on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port auto-power-down
port link-mode
Use port link-mode to change the link mode of an Ethernet interface.
Use undo port link-mode to restore the default.
Syntax
port link-mode { bridge | route }
undo port link-mode
Default
Ethernet interfaces operate in bridge mode.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
bridge: Specifies the Layer 2 mode.
route: Specifies the Layer 3 mode.
Usage guidelines
Interfaces on the device can operate either as Layer 2 or Layer 3 Ethernet interfaces.
You can use commands to set the link mode to bridge or route.
After you change the link mode of an Ethernet interface, all the commands (except the shutdown
command) on the Ethernet interface are restored to their defaults in the new link mode.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to operate in bridge mode.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
29
[Sysname-Ten-GigabitEthernet1/0/1] port link-mode bridge
port up-mode
Use port up-mode to forcibly bring up a fiber port.
Use undo port up-mode to restore the default.
Syntax
port up-mode
undo port up-mode
Default
Fiber ports are not forcibly brought up. The physical state of the fiber port is determined by the
physical state of the optical fibers.
Views
Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
CAUTION:
The following operations on a fiber port will cause link updown events before the port finally stays up:
• Configure the port up-mode command and the speed or duplex command at the same time.
• Install or remove fiber links or transceiver modules after you forcibly bring up the fiber port.
You can use this command to forcibly bring up a fiber Ethernet port, and enable the port to forward
packets unidirectionally over a single link. In this way, transmission links are well utilized.
After you forcibly bring up an Ethernet fiber port, the fiber port stays physically up whether or not a
transceiver module or fiber connections are present for the port.
Copper ports do not support this command.
The port up-mode command is mutually exclusive with either of the shutdown and loopback
commands.
Examples
# Forcibly bring up fiber port Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port up-mode
priority-flow-control
Use priority-flow-control to enable PFC on an Ethernet interface through automatic negotiation or
forcibly.
Use undo priority-flow-control to disable PFC on the interface.
Syntax
priority-flow-control { auto | enable }
undo priority-flow-control
30
Default
PFC is disabled on Ethernet interfaces.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
auto: Specifies PFC in auto mode. In this mode, the Ethernet interface automatically negotiates the
PFC status with its peer.
enable: Forcibly enables PFC.
Usage guidelines
If you enable PFC and configure the priority-flow-control no-drop dot1p dot1p-list command on
both ends, the local port processes a received packet as follows when network congestion occurs:
•
•
If PFC is enabled for the 802.1p priority carried in the packet, the local port perform the following
tasks:
{
Accepts the packet.
{
Notifies the peer to stop sending packets carrying the 802.1p priority until the congestion is
removed.
If PFC is disabled for the 802.1p priority carried in the packet, the local port drops the packet.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to automatically negotiate with its peer to enable PFC.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] priority-flow-control auto
Related commands
priority-flow-control no-drop dot1p
priority-flow-control no-drop dot1p
Use priority-flow-control no-drop dot1p to enable PFC for 802.1p priorities on an Ethernet
interface.
Use undo priority-flow-control no-drop dot1p to restore the default.
Syntax
priority-flow-control no-drop dot1p dot1p-list
undo priority-flow-control no-drop dot1p
Default
PFC is disabled for all 802.1p priorities.
Views
Ethernet interface view
Predefined user roles
network-admin
31
Parameters
dot1p-list: Specifies an 802.1p priority (or dot1p priority) list to identify flows that are subject to
PFC(for example: 1,3-5). A hyphen (-) connects two numeric values, which together indicate a
continuous value range. Different values or value ranges are separated with commas (,). You can
configure up to 16 characters for this argument.
Usage guidelines
You can enable PFC for certain 802.1p priorities at the two ends of a link. When network congestion
occurs, the local device checks the PFC status for the 802.1p priority carried in each arriving packet.
The device processes the packet depending on the PFC status as follows:
•
If PFC is enabled for the 802.1p priority, the local device accepts the packet and sends a PFC
pause frame to the peer. The peer stops sending packets carrying this 802.1p priority for an
interval as specified in the PFC pause frame. This process is repeated until the congestion is
removed.
•
If PFC is disabled for the 802.1p priority, the local port drops the packet.
The relationship between the PFC function and the generic flow control function is shown in Table 9.
Table 9 The relationship between the PFC function and the generic flow control function
flow-control
Unconfigurable
priority-flow
-control
enable
Configured
priority-flow-co
ntrol no-drop
dot1p
Remarks
Configured
You cannot enable flow control by using the
flow-control command on a port where PFC is
enabled and PFC is enabled for the specified
802.1p priority values.
•
Configured
Configurable
Unconfigurable
•
On a port configured with the flow-control
command, you can enable PFC, but you
cannot enable PFC for specific 802.1p
priorities.
Enabling both generic flow control and PFC
on a port disables the port from sending
common or PFC pause frames to inform the
peer of congestion conditions. However, the
port can still handle common and PFC
pause frames from the peer.
When you configure PFC, follow these guidelines:
•
As a best practice to ensure correct operations of IRF and other protocols, do not enable PFC
for 802.1p priorities 0, 6, and 7.
•
Perform the same PFC configuration on all ports that traffic travels through.
For more information about the 802.1p priority, priority trust mode, and port priority, see ACL and
QoS Configuration Guide.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to automatically negotiate with the peer port to enable PFC,
and enable PFC for 802.1p priority 5.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] priority-flow-control auto
[Sysname-Ten-GigabitEthernet1/0/1] priority-flow-control no-drop dot1p 5
Related commands
priority-flow-control
32
flow-control
flow-control receive enable
reset counters interface
Use reset counters interface to clear the Ethernet interface statistics.
Syntax
reset counters interface [ interface-type [ interface-number | interface-number.subnumber ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface-type: Specifies an interface type.
interface-number: Specifies an interface number.
interface-number.subnumber: Specifies a subinterface number, where interface-number is an
interface number, and subnumber is the number of a subinterface created under the interface. The
value range for the subnumber argument is 1 to 4094.
Usage guidelines
Use this command to clear history statistics if you want to collect traffic statistics for a specific time
period.
If you do not specify an interface type, this command clears statistics for all interfaces.
If you specify only the interface type, this command clears statistics for all interfaces of that type.
If you specify both the interface type and the interface number, this command clears statistics for the
specified interface.
Examples
# Clear the statistics of Ten-GigabitEthernet 1/0/1.
<Sysname> reset counters interface ten-gigabitethernet 1/0/1
Related commands
display interface
display counters interface
display counters rate interface
reset ethernet statistics
Use reset ethernet statistics to clear the Ethernet module statistics.
Syntax
reset ethernet statistics slot slot-number
Views
User view
Predefined user roles
network-admin
33
network-operator
Parameters
slot slot-number: Clears the Ethernet module statistics on the specified device. The slot-number
argument specifies the IRF member device by its member ID.
Examples
# Clear the Ethernet module statistics on IRF member 6.
<Sysname> reset ethernet statistics slot 6
reset packet-drop interface
Use reset packet-drop interface to clear the dropped packet statistics on an interface or multiple
interfaces.
Syntax
reset packet-drop interface [ interface-type [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface-type: Specifies an interface type. If you do not specify an interface type, this command
clears dropped packet statistics on all the interfaces on the device.
interface-number: Specifies an interface number. If you do not specify this argument, the command
clears dropped packet statistics on all interfaces of the specified type.
Examples
# Clear dropped packet statistics on Ten-GigabitEthernet 1/0/1.
<Sysname> reset packet-drop interface ten-gigabitethernet 1/0/1
# Clear dropped packet statistics on all interfaces.
<Sysname> reset packet-drop interface
Related commands
display packet-drop
shutdown
Use shutdown to shut down an Ethernet interface or subinterface.
Use undo shutdown to bring up an Ethernet interface or subinterface.
Syntax
shutdown
undo shutdown
Default
Ethernet interfaces and subinterfaces are in up state.
Views
Ethernet interface view
34
Ethernet subinterface view
Predefined user roles
network-admin
Usage guidelines
You might need to shut down and then bring up an Ethernet interface to make some interface
configurations take effect.
Examples
# Shut down and then bring up Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] shutdown
[Sysname-Ten-GigabitEthernet1/0/1] undo shutdown
speed
Use speed to set the speed of an Ethernet interface.
Use undo speed to restore the default.
Syntax
speed { 1000 | 10000 | 40000 | auto }
undo speed
Default
An Ethernet interface negotiates a speed with its peer.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
1000: Sets the interface speed to 1000 Mbps.
10000: Sets the interface speed to 10000 Mbps.
40000: Sets the interface speed to 40000 Mbps.
auto: Enables the interface to negotiate a speed with its peer.
Usage guidelines
For an Ethernet copper port, use the speed command to set its speed to match the speed of the peer
interface.
For a fiber port, use the speed command to set its speed to match the rate of a transceiver module.
Support of an interface for the keywords depends on the interface type. For more information, use
the speed ? command in interface view.
In auto mode, Ethernet interfaces do not support negotiating a speed of 10 Mbps or 100 Mbps.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to autonegotiate the speed.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
35
[Sysname-Ten-GigabitEthernet1/0/1] speed auto
Related commands
speed auto
unicast-suppression
Use unicast-suppression to enable unknown unicast storm suppression and set the unknown
unicast storm suppression threshold.
Use undo unicast-suppression to restore the default.
Syntax
unicast-suppression { ratio | pps max-pps | kbps max-kbps }
undo unicast-suppression
Default
Ethernet interfaces do not suppress unknown unicast traffic.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
ratio: Sets the unknown unicast suppression threshold as a percentage of the interface bandwidth.
The value range for this argument (in percentage) is 0 to 100. A smaller value means that less
unknown unicast traffic is allowed to pass through.
pps max-pps: Specifies the maximum number of unknown unicast packets that the interface can
forward per second. The value range for the max-pps argument (in pps) is 0 to 1.4881 × the interface
bandwidth. For example, the value range of the max-pps argument for a 40-GE interface is 0 to
59524000.
kbps max-kbps: Specifies the maximum number of kilobits of unknown unicast traffic that the
Ethernet interface can forward per second. The value range for this argument (in kbps) is 0 to the
interface bandwidth.
Usage guidelines
The unknown unicast storm suppression feature limits the size of unknown unicast traffic to a
threshold on an interface. When the unknown unicast traffic on the interface exceeds this threshold,
the system drops packets until the traffic drops below this threshold.
Both storm-constrain and unicast-suppression can suppress unknown unicast storm on a port.
The unicast-suppression command uses the chip to physically suppress unknown unicast traffic. It
has less influence on the device performance than the storm-constrain command, which uses
software to suppress unknown unicast traffic.
For the traffic suppression result to be determined, do not configure both the storm constrain
unicast command and the unicast-suppression command on an interface.
When you configure the suppression threshold in kbps, the actual suppression threshold might be
different from the configured one as follows:
•
If the configured value is smaller than 64, the value of 64 takes effect.
•
If the configured value is greater than 64 but not an integer multiple of 64, the integer multiple of
64 that is greater than and closest to the configured value takes effect.
For the suppression threshold that takes effect, see the prompt on the device.
36
Examples
# Set the unknown unicast storm suppression threshold to 10000 kbps on Ten-GigabitEthernet1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] unicast-suppression kbps 10000
The actual value is 10048 on port Ten-GigabitEthernet1/0/1 currently.
Related commands
broadcast-suppression
multicast-suppression
using fortygige
Use using fortygige to combine four 10-GE breakout interfaces that are split from a 40-GE interface
into a 40-GE interface.
Use undo using fortygige to cancel the configuration.
Syntax
using fortygige
undo using fortygige
Default
A 40-GE interface is not split and operates as a single interface.
Views
10-GE breakout interface view
Predefined user roles
network-admin
Usage guidelines
If you need higher bandwidth, you can combine four 10-GE breakout interfaces that are split from a
40-GE interface into a 40-GE interface. To make this command take effect on the four 10-GE
breakout interfaces, execute this command on only one of the 10-GE breakout interfaces.
After this command is successfully configured, the system prompts you to reboot your device. You
must reboot the device and then the system deletes the four 10-GE breakout interface and creates
the combined 40-GE interface.
Examples
# Combine 10-GE breakout interfaces Ten-GigabitEthernet 1/0/16:1 through Ten-GigabitEthernet
1/0/16:4 into a 40-GE interface.
<System> system-view
[System] interface Ten-GigabitEthernet1/0/16:1
[System-Ten-GigabitEthernet1/0/16:1] using fortygige
The interfaces Ten-GigabitEthernet1/0/16:1 through Ten-GigabitEthernet1/0/16:4 will be
deleted. Continue? [Y/N]:y
Reboot the member device to make the configuration take effect.
Related commands
using tengige
37
using tengige
Use using tengige to split a high-bandwidth interface into multiple 10-GE breakout interfaces.
Use undo using tengige to cancel the configuration.
Syntax
using tengige
undo using tengige
Default
A high-bandwidth interface is not split and operates as a single interface.
Views
40-GE interface view
Predefined user roles
network-admin
Usage guidelines
To improve the port density, reduce the cost, and improve the network flexibility, you can split a
high-bandwidth interface into multiple 10-GE breakout interfaces.
The 10-GE breakout interfaces support the same configuration and attributes as common 10-GE
interfaces, except that they are numbered in a different way.
After this command is successfully configured, the system prompts you to reboot your device. You
must reboot the device and then the system deletes the 40-GE interface and creates four 10-GE
breakout interfaces.
Examples
# Split 40-GE interface FortyGigE 1/0/16 into four 10-GE breakout interfaces.
<System> system-view
[System] interface fortygige 1/0/16
[System-FortyGigE1/0/16] using tengige
The interface FortyGigE1/0/16 will be deleted. Continue? [Y/N]:y
Reboot the member device to make the configuration take effect.
Related commands
using fortygige
Layer 2 Ethernet interface commands
display storm-constrain
Use display storm-constrain to display storm control settings and statistics.
Syntax
display storm-constrain [ broadcast | multicast | unicast ] [ interface interface-type
interface-number ]
Views
Any view
38
Predefined user roles
network-admin
network-operator
Parameters
broadcast: Displays broadcast storm control settings and statistics.
multicast: Displays multicast storm control settings and statistics.
unicast: Displays unknown unicast storm control settings and statistics.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you do not specify any keywords, this command displays all storm control settings on all storm
control-enabled interfaces.
Examples
# Display the storm control settings on all storm control-enabled ports.
<Sysname> display storm-constrain
Abbreviation: BC - broadcast; MC - multicast; UC – unicast
FW - forwarding
Flow Statistic Interval: 5 (in seconds)
Port
Type
Lower
Upper
Unit
CtrlMode
Status
Trap
Log
SwitchNum
------------------------------------------------------------------------------------XGE1/0/1
BC
12345
3456
pps
block
FW
on
off
0
XGE1/0/2
MC
43
100
ratio
block
block
on
off
1
XGE1/0/3
MC
100
200
kbps
shutdown
shutdown
off
on
10
XGE1/0/4
UC
200
300
kbps
shutdown
normal
off
on
33
XGE1/0/5
BC
500
1500
pps
N/A
normal
on
on
0
Table 10 Command output
Field
Description
Flow Statistic Interval
Traffic polling interval (in seconds) of the storm control module.
Port
Abbreviated port name.
Type
Type of traffic subjected to storm control:
•
BC—Broadcast packets.
•
MC—Multicast packets.
•
UC—Unknown unicast packets.
Lower
Lower storm control threshold, in pps, kbps, or percentage.
Upper
Upper storm control threshold, in pps, kbps, or percentage.
Unit
Storm control threshold unit:
•
pps.
•
kbps.
•
percentage.
CtrlMode
Protective action (block or shutdown) taken on the port when the upper
threshold is reached. N/A indicates that no protective action is configured.
Status
Packet forwarding status:
•
FW—The port is forwarding traffic correctly.
•
shutdown—The port has been shut down.
39
Field
Description
•
block—The port drops the type of traffic.
Trap
Status of the storm control threshold event trap switch:
•
on—The port sends threshold event traps.
•
off—The port does not send threshold event traps.
Log
Status of the storm control threshold event log switch:
•
on—The port sends threshold event log messages.
•
off—The port does not send threshold event log messages.
SwitchNum
Number of forwarding state changes of the interface.
When the SwitchNum count reaches 65535, it resets automatically.
mdix-mode
IMPORTANT:
• Fiber ports do not support this command.
• 10-GE copper ports support only the automdix mode.
Use mdix-mode to configure the Medium Dependent Interface Cross-Over (MDIX) mode of an
Ethernet interface.
Use undo mdix-mode to restore the default.
Syntax
mdix-mode { automdix | mdi | mdix }
undo mdix-mode
Default
Ethernet interfaces operate in automdix mode.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
automdix: Specifies that the interface negotiates pin roles with its peer.
mdi: Specifies that pins 1 and 2 are transmit pins and pins 3 and 6 are receive pins.
mdix: Specifies that pins 1 and 2 are receive pins and pins 3 and 6 are transmit pins.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to operate in automdix mode.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mdix-mode automdix
port bridge enable
Use port bridge enable to enable bridging on a Layer 2 Ethernet interface.
40
Use undo port bridge enable to disable bridging on a Layer 2 Ethernet interface.
Syntax
port bridge enable
undo port bridge enable
Default
Bridging is disabled on Layer 2 Ethernet interfaces.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
When a packet arrives at an interface, the device looks up the destination MAC address of the
packet in the MAC address table. If an entry is found and the outgoing interface is the same as the
incoming interface, the device drops the packet.
After you configure this command on the Ethernet interface, the device forwards such packets rather
than drop them.
Examples
# Enable bridging on Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port bridge enable
port connection-distance
Use port connection-distance to set the interface connection distance.
Use undo port connection-distance to restore the default.
Syntax
port connection-distance { 300 | 10000 | 20000 | 40000 }
undo port connection-distance
Default
The interface connection distance is 10000 meters.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
300: Sets the interface connection distance to 300 meters.
10000: Sets the interface connection distance to 10000 meters.
20000: Sets the interface connection distance to 20000 meters.
40000: Sets the interface connection distance to 40000 meters.
41
Usage guidelines
When two directly connected interfaces communicate, they use the buffer area to buffer the received
data. A longer interface connection distance requires a greater buffer area.
Perform this task to modify the buffer area size by setting the interface connection distance.
Configure this command based on the network conditions because the buffer area size is limited.
Examples
# Set the interface connection distance to 20000 meters.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port connection-distance 20000
port-type
IMPORTANT:
This command is applicable only to HPE FlexFabric 5900CP-48XG-4QSFP+ Switch (JG838A), HPE
StoreFabric 5900CP-48XG-4QSFP+8Gb FC B-fan Trays Converged Switch (E7W29A) and HPE
5900CP-48XG-4QSFP+ TAA-compliant Switch (JH036A).
Use port-type to switch the interface type between Layer 2 Ethernet and FC.
Syntax
In Layer 2 Ethernet interface view:
port-type fc
In FC interface view:
port-type ethernet
Default
The interface type is Layer 2 Ethernet.
Views
Layer 2 Ethernet interface view
FC interface view
Predefined user roles
network-admin
Parameters
ethernet: Changes the type of the interface to Layer 2 Ethernet.
fc: Changes the type of the interface to FC.
Usage guidelines
Some Layer 2 Ethernet interfaces can be changed to FC interfaces. To change such a Layer 2
Ethernet interface to an FC interface, enter the Layer 2 Ethernet interface view and execute the
port-type fc command. To change the FC interface to a Layer 2 Ethernet interface, enter the FC
interface view and execute the port-type ethernet command.
After the type of an interface is changed, the system performs the following tasks:
•
Deletes the original interface.
•
Creates a new interface that is numbered the same as the original interface.
42
Examples
# Change Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 into an FC interface.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port-type fc
[Sysname-Fc1/0/1]
storm-constrain
Use storm-constrain to enable broadcast, multicast, or unknown unicast storm control on an
Ethernet port.
Use undo storm-constrain to disable storm control.
Syntax
storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio } upperlimit lowerlimit
undo storm-constrain { all | broadcast | multicast | unicast }
Default
Traffic storm control is disabled.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
all: Disables storm control for all types of packets: broadcast, multicast, and unknown unicast.
broadcast: Enables or disables broadcast storm control.
multicast: Enables or disables multicast storm control.
unicast: Enables or disables unknown unicast storm control.
pps: Sets storm control thresholds in pps.
kbps: Sets storm control thresholds in kbps.
ratio: Sets storm control thresholds as a percentage of the transmission capacity of the interface.
upperlimit: Sets the upper threshold, in pps, kbps, or percentage.
lowerlimit: Sets the lower threshold, in pps, kbps, or percentage.
Usage guidelines
After you configure this command, the device collects the statistics of a particular type of traffic at the
specified interval, which can be configured by using the storm-constrain interval command. When
a particular type of traffic exceeds its upper threshold, the interface takes a certain action, which can
be configured by using the storm-constrain control command.
The
storm-constrain,
broadcast-suppression,
multicast-suppression,
unicast-suppression commands can suppress storm on a port.
and
•
The storm-constrain command uses software to suppress traffic, and affects the device
performance to a certain extent.
•
The broadcast-suppression, multicast-suppression, and unicast-suppression commands
use the chip to physically suppress traffic, and have less influence on the device performance
than the storm-constrain command.
43
On the same type of traffic, do not configure the storm constrain command and either of the
broadcast-suppression, multicast-suppression, and unicast-suppression commands at the
same time. Otherwise, the traffic suppression result is not determined.
When configuring this command, make sure upperlimit is greater than lowerlimit.
Examples
# Enable unknown unicast storm control on Ten-GigabitEthernet 1/0/1, setting the upper and lower
thresholds to 200 pps and 150 pps.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] storm-constrain unicast pps 200 150
# Enable broadcast storm control on Ten-GigabitEthernet 1/0/2, setting the upper and lower
thresholds to 2000 kbps and 1500 kbps.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] storm-constrain broadcast kbps 2000 1500
# Enable multicast storm control on Ten-GigabitEthernet 1/0/3, setting the upper and lower
thresholds to 80% and 15%.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] storm-constrain multicast ratio 80 15
Related commands
storm-constrain control
storm-constrain interval
storm-constrain control
Use storm-constrain control to set the protective action to take on an Ethernet interface when a
type of traffic (unknown unicast, multicast, or broadcast) exceeds the upper storm control threshold.
Use undo storm-constrain control to restore the default.
Syntax
storm-constrain control { block | shutdown }
undo storm-constrain control
Default
No action is taken on an Ethernet interface when a type of traffic exceeds the upper storm control
threshold.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
block: Blocks this type of traffic, while forwarding other types of traffic. Even though the interface
does not forward the blocked traffic, it still counts the traffic. When the blocked traffic is detected
dropping below the lower threshold, the port begins to forward the traffic.
shutdown: Shuts down automatically. The interface shuts down automatically and stops forwarding
any traffic. When the blocked traffic is detected dropping below the lower threshold, the port does not
44
forward the traffic. To bring up the interface, use the undo shutdown command or disable the storm
control function.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to block the traffic detected crossing the upper storm control
threshold.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] storm-constrain control block
Related commands
storm-constrain
storm-constrain control
storm-constrain enable log
Use storm-constrain enable log to enable an Ethernet interface to log storm control threshold
events.
Use undo storm-constrain enable log to disable log sending.
Syntax
storm-constrain enable log
undo storm-constrain enable log
Default
An interface generates logs when monitored traffic exceeds the upper threshold or falls below the
lower threshold.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Examples
# Enable Ten-GigabitEthernet 1/0/1 to generate logs when it detects storm control threshold events.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] storm-constrain enable log
storm-constrain enable trap
Use storm-constrain enable trap to enable an Ethernet interface to send storm control threshold
event traps.
Use undo storm-constrain enable trap to disable trap sending.
Syntax
storm-constrain enable trap
undo storm-constrain enable trap
45
Default
An interface sends out traps when monitored traffic exceeds the upper threshold or falls below the
lower threshold.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Examples
# Enable Ten-GigabitEthernet 1/0/1 to send traps when it detects storm control threshold events.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] storm-constrain enable trap
storm-constrain interval
Use storm-constrain interval to set the traffic polling interval of the storm control module.
Use undo storm-constrain interval to restore the default.
Syntax
storm-constrain interval seconds
undo storm-constrain interval
Default
The storm control module polls traffic statistics every 10 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Sets the traffic polling interval of the storm control module. The value range is 1 to 300
seconds.
Usage guidelines
The interval set by the storm-constrain interval command is specific to storm control. To set the
statistics polling interval of an interface, use the flow-interval command.
For network stability, use the default or a higher polling interval.
Examples
# Set the traffic statistics polling interval of the storm control module to 60 seconds.
<Sysname> system-view
[Sysname] storm-constrain interval 60
Related commands
storm-constrain
storm-constrain control
46
virtual-cable-test
IMPORTANT:
Fiber ports do not support this command.
Use virtual-cable-test to test the cable connection of an Ethernet interface and display the test
results.
Syntax
virtual-cable-test
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
If the link of an Ethernet interface is up, testing its cable connection will cause the link to go down and
then up.
The test result is for reference only. The cable length detection error is up to 5 m (about 16 ft).
If a test item is not available, a hyphen (-) is displayed.
Examples
# Test the cable connection of Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] virtual-cable-test
Cable status: abnormal(open), 140 metre(s)
Pair Impedance mismatch: Pair skew: - ns
Pair swap: Pair polarity: Insertion loss: - db
Return loss: - db
Near-end crosstalk: - db
Table 11 Command output
Field
Description
Cable status
Cable status:
•
Normal—The cable is in good condition.
•
Abnormal—The cable is abnormal.
•
Abnormal (open)—An open circuit is detected.
•
Abnormal (short)—A short circuit is detected.
•
Failure—The test failed.
n metres
If the cable connection is working correctly, this field displays the total length
of the cable.
If the cable connection fails, this field displays the length from the local port to
the faulty point.
47
Layer 3 Ethernet interface and subinterface
commands
mtu
Use mtu to set the MTU for an Ethernet interface or subinterface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU of an Ethernet interface or subinterface is 1500 bytes.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
Parameters
size: Sets the maximum transmission unit (MTU) in bytes, in the range of 128 to 1560.
Usage guidelines
The MTU configured on an interface takes effect only on packets sent to the CPU for software
forwarding (for example, packets sourced from or destined for the interface). Configure the MTU as
appropriate for interfaces in the network to avoid fragmentation.
As the MTU size decreases, the number of fragments grows. When you set the MTU for an interface,
consider QoS queue lengths to prevent a too small MTU from causing packet drops in QoS queuing.
For example, consider that the default FIFO queue length is 75.
Examples
# Set the MTU to 1430 bytes for Layer 3 Ethernet interface Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mtu 1430
48
Loopback, null, and inloopback interface
commands
bandwidth
Use bandwidth to configure the expected bandwidth of an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth of a loopback interface is 0 kbps.
Views
Loopback interface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth of an interface affects the following items:
•
Bandwidth assignment with CBQ. For more information, see ACL and QoS Configuration
Guide.
•
Link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing
Configuration Guide.
Examples
# Set the expected bandwidth of Loopback 1 to 1000 kbps.
<Sysname> system-view
[Sysname] interface loopback 1
[Sysname-LoopBack1] bandwidth 1000
default
Use default to restore the default settings for a loopback or null interface.
Syntax
default
Views
Loopback interface view
Null interface view
Predefined user roles
network-admin
49
Usage guidelines
CAUTION:
The default command might interrupt ongoing network services. Make sure you are fully aware of
the impacts of this command before using it on a live network.
This command might fail to restore the default settings for some commands for reasons such as
command dependencies and system restrictions. Use the display this command in interface view to
identify these commands, and then use their undo forms or follow the command reference to restore
their default settings. If your restoration attempt still fails, follow the error message instructions to
resolve the problem.
Examples
# Restore the default settings for interface loopback 1.
<Sysname> system-view
[Sysname] interface loopback 1
[Sysname-LoopBack1] default
description
Use description to set a description for an interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of a loopback or null interface is the interface name plus Interface (for example,
LoopBack1 Interface).
Views
Loopback interface view
Null interface view
Predefined user roles
network-admin
Parameters
text: Specifies an interface description, a case-sensitive string of 1 to 255 characters.
Usage guidelines
Configure a description for an interface for easy identification and management purposes.
You can use the display interface command to view the configured description.
Examples
# Set the description to for RouterID for interface loopback 1.
<Sysname> system-view
[Sysname] interface loopback 1
[Sysname-LoopBack1] description for RouterID
50
display interface inloopback
Use display interface inloopback to display information about the inloopback interface.
Syntax
display interface [ inloopback [ 0 ] ] [ brief [ description ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
0: Specifies interface Inloopback 0.
brief: Displays brief interface information. If you do not specify this keyword, the command displays
detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the
command displays only the first 27 characters of interface descriptions. The description of an
inloopback interface is always InLoopBack0 Interface and cannot be configured.
Usage guidelines
If the inloopback keyword is not specified, the command displays information about all interfaces of
the device.
If the inloopback keyword is specified but the 0 keyword is not specified, the command displays
information about interface Inloopback 0. This is because the device has only one inloopback
interface Inloopback 0.
Examples
# Display detailed information about interface Inloopback 0.
<Sysname> display interface inloopback 0
InLoopBack0
Current state: UP
Line protocol state: UP (spoofing)
Description: InLoopBack0 Interface
Bandwidth: 0kbps
Maximum transmission unit: 1536
Physical: InLoopBack
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 12 Command output
Field
Description
Current state
Physical layer state of the interface, which is always UP, meaning
that the inloopback interface can receive and transmit packets.
Line protocol state
Data link layer protocol state of the interface, which is always UP
(spoofing). UP (spoofing) means that the data link layer protocol
state of the interface is up, but the link is an on-demand link or is not
51
Field
Description
present.
Description
Description string of the interface, which is always InLoopBack0
Interface and cannot be configured.
Bandwidth
Expected bandwidth of the interface.
Maximum Transmit Unit
MTU of the interface, which is always 1536 and cannot be configured
Physical: InLoopBack
The physical type of the interface is inloopback.
Last 300 seconds input rate: 0
bytes/sec, 0 bits/sec, 0 packets/sec
Average input rate during the last 300 seconds:
•
bytes/sec—Average number of bytes received per second.
•
bits/sec—Average number of bits received per second.
•
packets/sec—Average number of packets received per
second.
Last 300 seconds output rate: 0
bytes/sec, 0 bits/sec, 0 packets/sec
Average output rate over the last 300 seconds:
•
bytes/sec—Average number of bytes sent per second.
•
bits/sec—Average number of bits sent per second.
•
packets/sec—Average number of packets sent per second.
Input: 0 packets, 0 bytes, 0 drops
Total number and size (in bytes) of incoming packets of the interface
and the number of dropped packets.
Output: 0 packets, 0 bytes, 0 drops
Total number and size (in bytes) of outgoing packets of the interface
and the number of dropped packets.
# Display brief information about interface Inloopback 0.
<Sysname> display interface inloopback 0 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Primary IP
InLoop0
UP
UP(s)
Description
--
# Display brief information about interface Inloopback 0, including the complete description of the
inloopback interface.
<Sysname> display interface inloopback 0 brief description
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Primary IP
InLoop0
UP
UP(s)
Description
--
Table 13 Command output
Field
Description
Brief information on interfaces in
route mode
Brief information about the inloopback interface.
Link: ADM - administratively down;
Stby - standby
Explains the Link field values:
•
ADM—The interface has been shut down by the network
administrator. To recover its physical layer state, run the undo
shutdown command.
•
Stby—The interface is a standby interface.
Protocol: (s) - spoofing
Explains the Protocol field value.
52
Field
Description
(s)—Represents spoofing. If the data link layer protocol of an interface
is up, but the link is an on-demand link or is not present, the Protocol
field displays UP(s). This attribute is typical of interface Null 0,
Inloopback 0, and loopback interfaces.
Interface
Interface name.
Link
Physical layer state of the interface, which is always UP, meaning that
the link is physically up.
Protocol
Data link layer protocol state of the interface, which is always UP(s).
IP address of the interface.
Primary IP
Because inloopback interfaces do not support CLI configuration, this
field does not display a value.
Interface description configured by using the description command.
Description
Because inloopback interfaces do not support CLI configuration, this
field does not display a value.
display interface loopback
Use display interface loopback to display information about the specified or all existing loopback
interfaces.
Syntax
display interface [ loopback ] [ brief [ down ] ]
display interface [ loopback [ interface-number ] ] [ brief [ description ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-number: Specifies a loopback interface by its number, which can be the number of any
existing loopback interface. If you do not specify this argument, the command displays information
about all existing loopback interfaces on the device.
brief: Displays brief interface information. If you do not specify this keyword, the command displays
detailed interface information.
down: Displays information about interfaces in down state and the causes. If you do not specify this
keyword, the command displays information about interfaces in all states.
description: Displays complete interface descriptions. If you do not specify this keyword, the
command displays only the first 27 characters of interface descriptions.
Usage guidelines
This command is supported only after a loopback interface is created.
If the loopback keyword is not specified, the command displays information about all interfaces of
the device.
53
If the loopback keyword is specified but the interface-number argument is not specified, the
command displays information about all existing loopback interfaces.
Examples
# Display detailed information about interface loopback 0.
<Sysname> display interface loopback 0
LoopBack0
Current state: UP
Line protocol state: UP (spoofing)
Description: LoopBack0 Interface
Bandwidth: 0kbps
Maximum transmission unit: 1536
Internet protocol processing: Disabled
Physical: Loopback
Last clearing of counters:
Never
Last 300 seconds input rate:
Last 300 seconds output rate:
0 bytes/sec, 0 bits/sec, 0 packets/sec
0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 14 Command output
Field
Description
Current state
Physical layer state of the loopback interface:
•
UP—The loopback interface can receive and transmit packets.
•
Administratively DOWN—The interface was manually shut
down by using the shutdown command.
Line protocol state
Data link layer protocol state of the interface. UP (spoofing) means
that the data link layer protocol state of the interface is up, but the link
is an on-demand link or is not present.
Description
Description string of the interface.
Bandwidth
Expected bandwidth of the interface.
Maximum transmission unit
MTU of the interface.
Internet protocol processing:
Disabled
Indicates that the interface cannot process Layer 3 packets
(displayed when the interface is not configured with an IP address).
Internet address is 1.1.1.1/32
(primary)
Primary IP address of the interface (displayed when the interface is
configured with a primary IP address).
Physical: Loopback
The physical type of the interface is loopback.
Time when statistics on the logical interface were last cleared by
using the reset counters interface command.
Last clearing of counters
If the statistics of the interface have never been cleared by using the
reset counters interface command since the device started, this
field displays Never.
Last 300 seconds input rate: 0
bytes/sec, 0 bits/sec, 0 packets/sec
Average input rate during the last 300 seconds:
•
bytes/sec—Average number of bytes received per second.
•
bits/sec—Average number of bits received per second.
•
packets/sec—Average number of packets received per
second.
Last 300 seconds output rate: 0
bytes/sec, 0 bits/sec, 0 packets/sec
Average output rate over the last 300 seconds:
•
bytes/sec—Average number of bytes sent per second.
54
Field
Description
•
•
bits/sec—Average number of bits sent per second.
packets/sec—Average number of packets sent per second.
Input: 0 packets, 0 bytes, 0 drops
Total number and size (in bytes) of incoming packets of the interface
and the number of dropped packets.
Output: 0 packets, 0 bytes, 0 drops
Total number and size (in bytes) of outgoing packets of the interface
and the number of dropped packets.
# Display brief information about all loopback interfaces.
<Sysname> display interface loopback brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Primary IP
Description
Loop1
UP
aaaaaaaaaaaaaaaaaaaaaaaaaaa
UP(s)
--
# Display brief information about all existing loopback interfaces, including the complete description
of each loopback interface.
<Sysname> display interface loopback brief description
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Primary IP
Description
Loop1
UP
aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
UP(s)
--
Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
# Display information about all loopback interfaces in down state and the causes.
<Sysname> display interface loopback brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface
Link Cause
Loop1
ADM
Administratively
Table 15 Command output
Field
Description
Brief information on interfaces in
route mode
Brief information about loopback interfaces.
Link: ADM - administratively down;
Stby - standby
Explains the Link field values:
•
ADM—The interface has been shut down by the network
administrator. To recover its physical layer state, run the undo
shutdown command.
•
Stby—The interface is a standby interface.
Explains the Protocol field value.
Protocol: (s) - spoofing
(s)—Represents spoofing. If the data link layer protocol of an interface
is up, but the link is an on-demand link or is not present, the Protocol
field displays UP(s). This attribute is typical of interface Null 0,
Inloopback 0, and loopback interfaces.
Interface
Interface name.
Link
Physical layer state of the interface:
•
UP—The interface is up.
55
Field
Description
•
•
•
DOWN—The interface is physically down.
ADM—The interface has been administratively shut down. To
recover its physical state, run the undo shutdown command.
Stby—The interface is a standby interface.
Protocol
Data link layer protocol state of the interface.
Primary IP
IP address of the interface.
Description
Interface description configured by using the description command. If
the description keyword is not specified in the display interface brief
command, the Description field allows a maximum of 27 characters. If
the description keyword is specified in the display interface brief
command, the field displays the complete interface description.
Cause
Cause of the interface down event. If the interface has been shut down
by using the shutdown command, this field displays
Administratively. To restore the physical state of the interface,
execute the undo shutdown command.
Related commands
interface loopback
reset counters interface loopback
display interface null
Use display interface null to display information about the null interface.
Syntax
display interface [ null [ 0 ] ] [ brief [ description ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
0: Specifies interface Null 0.
brief: Displays brief interface information. If you do not specify this keyword, the command displays
detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the
command displays only the first 27 characters of interface descriptions.
Usage guidelines
If the null keyword is not specified, the command displays information about all interfaces of the
device.
If the null keyword is specified but the 0 keyword is not specified, the command displays information
about interface Null 0. This is because the device has only one null interface Null 0.
Examples
# Display detailed information about interface Null 0.
<Sysname> display interface null 0
56
NULL0
Current state: UP
Line protocol state: UP (spoofing)
Description: NULL0 Interface
Bandwidth: 0kbps
Maximum transmission unit: 1500
Internet protocol processing: Disabled
Physical: NULL DEV
Last clearing of counters: Never
Last 300 seconds input rate:
Last 300 seconds output rate:
0 bytes/sec, 0 bits/sec, 0 packets/sec
0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Display brief information about interface Null 0.
<Sysname> display interface null 0 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Primary IP
Description
NULL0
UP
aaaaaaaaaaaaaaaaaaaaaaaaaaa
UP(s)
--
# Display brief information about interface Null 0, including the complete description of the null
interface.
<Sysname> display interface null 0 brief description
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Primary IP
Description
NULL0
UP
aaaaaaaaaaaaaaaaaaaaaaaaaaaaa
UP(s)
--
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
For the command output, see Table 14 and Table 15.
Related commands
interface null
reset counters interface null
interface loopback
Use interface loopback to create a loopback interface and enter loopback interface view.
Use undo interface loopback to remove a loopback interface.
Syntax
interface loopback interface-number
undo interface loopback interface-number
Default
No loopback interface exists.
Views
System view
57
Predefined user roles
network-admin
Parameters
interface-number: Specifies a loopback interface by its number in the range of 0 to 127.
Usage guidelines
The physical layer state and link layer protocols of a loopback interface are always up unless the
loopback interface is manually shut down. You can use a loopback interface to achieve the following
purposes:
•
Prevent the connection from being affected by the physical state of the interface.
•
Improve the reliability of the connection.
For example, you can:
•
Configure a loopback interface as the source interface for establishing an FTP connection.
•
Use the loopback interface address as the Router ID in BGP.
Examples
# Create interface loopback 1.
<Sysname> system-view
[Sysname] interface loopback 1
[Sysname-LoopBack1]
interface null
Use interface null to enter null interface view.
Syntax
interface null 0
Default
A device has only one null interface (Null 0), which cannot be created or deleted.
Views
System view
Predefined user roles
network-admin
Parameters
0: Specifies interface Null 0. The null interface number is always 0.
Examples
# Enter Null 0 interface view.
<Sysname> system-view
[Sysname] interface null 0
[Sysname-NULL0]
reset counters interface loopback
Use reset counters interface loopback to clear the statistics on the specified or all loopback
interfaces.
58
Syntax
reset counters interface loopback [ interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface-number: Specifies a loopback interface by its number, which can be the number of any
existing loopback interface. If you do not specify the interface-number argument, the command
clears the statistics on all loopback interfaces.
Usage guidelines
To determine whether a loopback interface works correctly within a period by collecting the traffic
statistics within that period, first use the reset counters interface [ loopback [ interface-number ] ]
command to clear the statistics. Then have the interface automatically collect the statistics.
This command is available only if at least one loopback interface has been created.
Examples
# Clear the statistics on loopback interface Loopback 1.
<Sysname> reset counters interface loopback 1
Related commands
display interface loopback
reset counters interface null
Use reset counters interface null to clear the statistics on the null interface.
Syntax
reset counters interface [ null [ 0 ] ]
Views
User view
Predefined user roles
network-admin
Parameters
0: Specifies the number of the null interface, which is always 0.
Usage guidelines
To determine whether the null interface works correctly within a period by collecting the traffic
statistics within that period, first use the reset counters interface [ null [ 0 ] ] command to clear the
statistics. Then have the interface automatically collect the statistics.
Examples
# Clear the statistics on interface Null 0.
<Sysname> reset counters interface null 0
Related commands
display interface null
59
shutdown
Use shutdown to shut down a loopback interface.
Use undo shutdown to bring up a loopback interface.
Syntax
shutdown
undo shutdown
Default
A loopback interface is up.
Views
Loopback interface view
Predefined user roles
network-admin
Usage guidelines
Use the shutdown command with caution, because the command disconnects the connection of the
interface and disables the interface from communicating.
Examples
# Shut down interface loopback 1.
<Sysname> system-view
[Sysname] interface loopback 1
[Sysname-LoopBack1] shutdown
60
Bulk interface configuration commands
display interface range
Use display interface range to display information about the interface ranges created by using the
interface range name command.
Syntax
display interface range [ name name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name name: Specifies an interface range by its name, a case-sensitive string of 1 to 32 characters.
If you do not specify an interface range name, the command displays information about the interface
ranges created by using the interface range name command.
Examples
# Display information about all existing interface ranges created by using the interface range name
command.
<Sysname> display interface range
Interface range name t2 Ten-GigabitEthernet1/0/1 Ten-GigabitEthernet1/0/2
Interface range name test Ten-GigabitEthernet1/0/11 Ten-GigabitEthernet1/0/12
The output shows the following:
•
Interfaces Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 are added to interface
range t2.
•
Interfaces Ten-GigabitEthernet 1/0/11 and Ten-GigabitEthernet 1/0/12 are added to interface
range test.
Related commands
interface range name
interface range
Use interface range to create an interface range and enter the interface range view.
Syntax
interface range interface-list
Views
System view
Predefined user roles
network-admin
61
Parameters
interface-list: Specifies a space-separated list of up to 24 interface items. Each item specifies an
interface by its type and number or a range of interfaces in the form of interface-type
interface-number to interface-type interface-number. When you specify the to keyword in
interface-type interface-number1 to interface-type interface-number2, the last-tier value of the
interface number before to must not be greater than the one after to. The values of the other tiers of
the interface number before to must be the same as the one after to.
Usage guidelines
Use the command to enter interface range view to bulk configure multiple interfaces with the same
feature instead of configuring them one by one. For example, run the shutdown command in
interface range view to shut down a range of interfaces.
In interface range view, only the commands supported by the first interface are available. The first
interface is specified with the interface range command. To view these commands in the interface
range, enter the interface range view, and then enter ? at the prompt.
After a command is executed in interface range view, one of the following situations might occur:
•
The system stays in interface range view and does not display an error message. It means that
the execution succeeded on all member interfaces in the interface range.
•
The system displays an error message and stays in interface range view. It means that the
execution failed on member interfaces in the interface range.
•
{
If the execution failed on the first member interface in the interface range, the command is
not executed on any member interfaces.
{
If the execution failed on non-first member interfaces, the command takes effect on the
other member interfaces.
The system returns to system view. It means that:
{
The command is supported in both system view and interface view.
{
The execution failed on a member interface in interface range view and succeeded in
system view.
{
The command is not executed on the subsequent member interfaces.
You can use the display this command to verify the configuration in interface view of each
member interface. In addition, if the configuration in system view is not needed, use the undo
form of the command to remove the configuration.
To verify the configuration of the first interface in the interface range, execute the display this
command in interface range view.
To bulk configure interfaces, follow these guidelines:
•
You cannot enter the view of some interfaces by using the interface interface-type
interface-number command. Do not configure any of these interfaces as the first interface in the
interface range.
•
Do not assign both an aggregate interface and any of its member interfaces to an interface
range. Some commands, after being executed on both an aggregate interface and its member
interfaces, can break up the aggregation.
•
No limit is set on the maximum number of interfaces in an interface range. The more interfaces
in an interface range, the longer the command execution time.
Examples
# Shut down interfaces Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/24, and
VLAN-interface 2.
<Sysname> system-view
[Sysname] interface range ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/24
vlan-interface 2
[Sysname-if-range] shutdown
62
interface range name
Use interface range name name interface interface-list to create an interface range, configure a
name for the interface range, and enter the interface range view.
Use interface range name name without the interface keyword to enter the view of an interface
range with the specified name.
Use undo interface range name to delete the interface range with the specified name.
Syntax
interface range name name [ interface interface-list ]
undo interface range name name
Views
System view
Predefined user roles
network-admin
Parameters
name: Specifies an interface range name, a case-sensitive string of 1 to 32 characters.
interface-list: Specifies a space-separated list of up to 24 interface items. Each item specifies an
interface by its type and number or a range of interfaces in the form of interface-type
interface-number to interface-type interface-number. When you specify the to keyword in
interface-type interface-number1 to interface-type interface-number2, the last-tier value of the
interface number before to must not be greater than the one after to. The values of the other tiers of
the interface number before to must be the same as the one after to.
Usage guidelines
You can use the command to assign a name to an interface range and can specify this name rather
than the interface range to enter the interface range view.
In interface range view, only the commands supported by the first interface are available. The first
interface is specified with the interface range command. To view the commands supported by the
first interface in the interface range, enter the interface range view and enter a question mark (?) at
the command line interface prompt.
After a command is executed in interface range view, one of the following situations might occur:
•
The system stays in interface range view and does not display an error message. It means that
the execution succeeded on all member interfaces in the interface range.
•
The system displays an error message and stays in interface range view. It means that the
execution failed on member interfaces in the interface range.
•
{
If the execution failed on the first member interface in the interface range, the command is
not executed on any member interfaces.
{
If the execution failed on non-first member interfaces, the command takes effect on the
other member interfaces.
The system returns to system view. It means that:
{
The command is supported in both system view and interface view.
{
The execution failed on a member interface in interface range view and succeeded in
system view.
{
The command is not executed on the subsequent member interfaces.
You can use the display this command to verify the configuration in interface view of each
member interface. In addition, if the configuration in system view is not needed, use the undo
form of the command to remove the configuration.
63
To verify the configuration of the first interface in the interface range, execute the display this
command in interface range view.
To view the member interfaces of an interface range, use the display interface range command.
When you bulk configure interfaces, follow these guidelines:
•
You cannot enter the view of some interfaces by using the interface interface-type
interface-number command. Do not configure any of these interfaces as the first interface in the
interface range.
•
Do not assign both an aggregate interface and any of its member interfaces to an interface
range. Some commands, after being executed on both an aggregate interface and its member
interfaces, can break up the aggregation.
•
No limit is set on the maximum number of interfaces in an interface range. The more interfaces
in an interface range, the longer the command execution time.
•
The maximum number of interface range names is limited only by the system resources. As a
best practice to guarantee bulk interface configuration performance, configure fewer than 1000
interface range names.
Examples
# Add Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/12 to interface range myEthPort,
and enter the interface range view.
<Sysname> system-view
[Sysname] interface range name myEthPort interface ten-gigabitethernet 1/0/1 to
ten-gigabitethernet 1/0/12
[Sysname-if-range-myEthPort]
# Enter the view of interface range myEthPort.
<Sysname> system-view
[Sysname] interface range name myEthPort
[Sysname-if-range-myEthPort]
Related commands
display interface range
64
MAC address table commands
This document covers the configuration of unicast MAC address entries, including static, dynamic,
blackhole, and multiport unicast MAC address entries. For more information about configuring static
multicast MAC address entries, see IP Multicast Configuration Guide. For more information about
MAC address table configuration in VPLS, see MPLS Configuration Guide.
display mac-address
Use display mac-address to display MAC address entries.
Syntax
display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static ] [ interface interface-type
interface-number ] | blackhole | multiport ] [ vlan vlan-id ] [ count ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
mac-address: Specifies a MAC address in the format of H-H-H. When entering a MAC address, you
can omit the leading zeros in each H section. For example, enter f-e2-1 for 000f-00e2-0001.
vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
dynamic: Displays dynamic MAC address entries.
static: Displays static MAC address entries.
interface interface-type interface-number: Specifies an interface by its type and number.
blackhole: Displays blackhole MAC address entries.
multiport: Displays multiport unicast MAC address entries.
count: Displays only the number of MAC address entries that match all entry attributes you specify in
the command. Detailed information about MAC address entries is not displayed. For example, you
can use the display mac-address vlan 20 dynamic count command to display the number of
dynamic entries for VLAN 20. If you do not specify an entry attribute, the command displays the
number of entries in the MAC address table. If you do not specify this keyword, the command
displays detailed information about the specified MAC address entries.
Usage guidelines
A MAC address entry includes a destination MAC address, an outgoing interface, and a VLAN ID.
If you do not specify any parameters, the command displays all MAC address entries.
This command displays dynamic MAC address entries for an aggregate interface only when the
aggregate interface has at least one Selected member port.
Examples
# Display MAC address entries for VLAN 100.
<Sysname> display mac-address vlan 100
MAC Address
VLAN ID
State
Port/NickName
0001-0101-0101
100
Multiport
XGE1/0/1
65
Aging
N
XGE1/0/2
0033-0033-0033
100
Blackhole
N/A
N
0000-0000-0002
100
Static
XGE1/0/3
N
00e0-fc00-5829
100
Learned
XGE1/0/4
Y
# Display the number of MAC address entries.
<Sysname> display mac-address count
1 mac address(es) found.
Table 16 Command output
Field
Description
VLAN ID
ID of the VLAN to which the outgoing interface of the MAC address entry
belongs.
State
MAC address entry state:
•
Static—Static MAC address entry.
•
Learned—Dynamic MAC address entry. Dynamic entries can be
learned or manually configured.
•
Blackhole—Blackhole MAC address entry.
•
Multiport—Multiport unicast MAC address entry.
When the field displays an interface name, the field indicates the outgoing
interface for packets that are destined for the MAC address. This field
displays N/A for a blackhole MAC address entry.
Port/NickName
When the field displays a 16-bit number Nickname in hexadecimal format (for
example, 0x12ab), it indicates the RB through which the packets leave the
TRILL network. For information about RBs and TRILL, see TRILL
Configuration Guide.
Aging
Whether the entry can age out:
•
Y—The entry can age out.
•
N—The entry never ages out.
n mac address(es) found
Number of matching MAC address entries.
Related commands
mac-address
mac-address timer
display mac-address nickname
Use display mac-address nickname to display the MAC address information of the egress RB
specified by its nickname.
Syntax
display mac-address nickname nickname
Views
Any view
Predefined user roles
network-admin
network-operator
66
Parameters
nickname nickname: Specifies an egress RB by its nickname. The value range for the nickname
argument is 0x1 to 0xFFFE in hexadecimal format.
Examples
# Display the MAC address entries of the egress RB with the nickname 0x8c81.
<Sysname> display mac-address nickname 8c81
MAC Address
VLAN
IDState
Port/NickName
Aging
0000-3300-0001
10
Learned
0x8c81
Y
0000-3300-0002
10
Learned
0x8c81
Y
0000-3300-0003
10
Learned
0x8c81
Y
0000-3300-0004
10
Learned
0x8c81
Y
display mac-address aging-time
Use display mac-address aging-time to display the aging timer for dynamic MAC address entries.
Syntax
display mac-address aging-time
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the aging timer for dynamic MAC address entries.
<Sysname> display mac-address aging-time
MAC address aging time: 300s.
Related commands
mac-address timer
display mac-address mac-learning
Use display mac-address mac-learning to display the global MAC address learning status and the
MAC learning status of the specified interface or all interfaces.
Syntax
display mac-address mac-learning [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
67
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, the command displays the global MAC address learning status and the MAC
address learning status of all interfaces.
Examples
# Display the global MAC address learning status and the MAC learning status of all interfaces.
<Sysname> display mac-address mac-learning
Global MAC address learning status: Enabled.
Port
Learning Status
XGE1/0/1
Enabled
XGE1/0/2
Enabled
XGE1/0/3
Enabled
XGE1/0/4
Enabled
Table 17 Command output
Field
Description
Global MAC address learning status
Global MAC address learning status:
•
Enabled.
•
Disabled.
Port
Interface name.
Learning Status
MAC address learning status of an interface:
•
Enabled.
•
Disabled.
Related commands
mac-address mac-learning enable
display mac-address mac-move
Use display mac-address mac-move to display the MAC address move records after the device is
started.
Syntax
display mac-address mac-move [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify this option
on an IRF fabric, the command displays MAC address move records on all member devices.
68
Usage guidelines
When MAC address moves for a MAC address always occur between the specified two interfaces,
Layer 2 loops might occur in the network. To discover and locate loops, you can view the MAC
address move records.
•
In the MAC address move records, records with the same MAC address, VLAN, source port,
and current port are considered as to be one record.
•
An IRF member device can save a maximum of 20 MAC address move records. When the
number of MAC address move records exceeds 20, the most recent record will override the
oldest record based on the last MAC address move time.
Examples
# Display the MAC address move records on the IRF member device 2.
<Sysname> display mac-address mac-move slot 2
------------------------MAC address moving information---------------MAC address
VLAN
Current port
Source port
Last time
Times
0000-0001-002c 1
XGE1/0/1
XGE1/0/2
2013-05-20 13:40:52 1
0000-0001-002c 1
XGE1/0/2
XGE1/0/1
2013-05-20 13:41:30 1
---
2 MAC address moving records found
---
Table 18 Command output
Field
Description
MAC address
MAC address.
VLAN
VLAN that the outgoing interface of the MAC address entry belongs.
Current port
Interface to which the MAC address was moved.
Source port
Interface from which the MAC address was moved.
Last time
Last time when the MAC address was moved.
Times
Number of MAC address moves after the device is started. For a MAC
address record, the number of MAC address moves is increased by 1
when a new MAC address move has the same MAC address, VLAN,
Current Port, and Source Port fields as the MAC address record.
Related commands
mac-address notification mac-move
display mac-address statistics
Use display mac-address statistics to display MAC address table statistics.
Syntax
display mac-address statistics
Views
Any view
Predefined user roles
network-admin
network-operator
69
Usage guidelines
This command displays the number of MAC address entries per type and the maximum number of
MAC address entries allowed for each type.
Examples
# Display MAC address table statistics.
<Sysname> display mac-address statistics
MAC Address Count:
Dynamic Unicast Address (Learned) Count:
3
Dynamic Unicast Address (Security-service-defined) Count:
4
Static Unicast Address (User-defined) Count:
0
Static Unicast Address (System-defined) Count:
3
Total Unicast MAC Addresses In Use:
10
Total Unicast MAC Addresses Available:
131072
Multicast and Multiport MAC Address Count:
1
Static Multicast and Multiport MAC Address (User-defined) Count: 1
Total Multicast and Multiport MAC Addresses Available:
256
Table 19 Command output
Field
Description
Dynamic Unicast Address (Learned) Count
Number of dynamic unicast MAC address entries
triggered by packets.
Dynamic Unicast Address (Security-service-defined)
Count
Number of dynamic unicast MAC address entries
triggered by the security service.
Static Unicast Address (User-defined) Count
Number of static unicast MAC address entries added
by users.
Static Unicast Address (System-defined) Count
Number of static unicast MAC address entries added
by the system.
Total Unicast MAC Addresses In Use
Number of unicast MAC address entries.
Total Unicast MAC Addresses Available
Maximum number of unicast MAC address entries
allowed.
Multicast and Multiport MAC Address Count
Number of multicast and multiport unicast MAC
address entries.
Static Multicast and Multiport MAC Address
(User-defined) Count
Number of static multicast and multiport unicast
MAC address entries added by users.
Total Multicast and Multiport MAC Addresses
Available
Maximum number of multicast and multiport unicast
MAC address entries allowed.
mac-address (interface view)
Use mac-address to add or modify a MAC address entry on an interface.
Use undo mac-address to delete a MAC address entry on an interface.
Syntax
Layer 2 Ethernet interface view and Layer 2 aggregate interface view:
mac-address { dynamic | multiport | static } mac-address vlan vlan-id
undo mac-address { dynamic | multiport | static } mac-address vlan vlan-id
70
S-channel interface view and S-channel aggregate interface view:
mac-address { dynamic | static } mac-address vlan vlan-id
undo mac-address { dynamic | static } mac-address vlan vlan-id
Default
An interface is not configured with MAC address entries.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
S-channel interface view
S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
dynamic: Specifies dynamic MAC address entries.
static: Specifies static MAC address entries.
multiport: Specifies multiport unicast MAC address entries. A frame whose destination MAC
address matches a multiport unicast MAC address entry is sent out of multiple ports.
mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast and all-zero
MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section.
For example, enter f-e2-1 for 000f-00e2-0001.
vlan vlan-id: Specifies an existing VLAN to which the specified interface belongs. The value range
for the vlan-id argument is 1 to 4094.
Usage guidelines
Typically, the device automatically builds the MAC address table by learning the source MAC
addresses of incoming frames on each interface. However, you can manually configure static MAC
address entries. For a MAC address, a manually configured static entry takes precedence over a
dynamically learned entry. To improve the security for the user device connected to an interface,
manually configure a static entry to bind the user device to the interface. Then, the frames destined
for the user device (for example, Host A) are always sent out of the interface. Other hosts using the
forged MAC address of Host A cannot obtain the frames destined for Host A.
The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC
address entries, however, are lost upon reboot whether or not you save the configuration.
Examples
# Add a static entry for MAC address 000f-e201-0101 on interface Ten-GigabitEthernet 1/0/1 that
belongs to VLAN 2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-address static 000f-e201-0101 vlan 2
# Add a static entry for MAC address 000f-e201-0101 on Layer 2 aggregate interface
Bridge-Aggregation 1 that belongs to VLAN 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] mac-address static 000f-e201-0102 vlan 1
# Add a static entry for MAC address 000f-e201-0102 on interface S-Channel 1/0/1:10 that belongs
to VLAN 1.
71
<Sysname> system-view
[Sysname] interface s-channel 1/0/1:10
[Sysname-S-Channel1/0/1:10] mac-address static 000f-e201-0102 vlan 1
# Add a static entry for MAC address 000f-e201-0102 on interface Schannel-Aggregation 1:2 that
belongs to VLAN 1.
<Sysname> system-view
[Sysname] interface schannel-aggregation 1:2
[Sysname-Schannel-Aggregation1:2] mac-address static 000f-e201-0102 vlan 1
# Add a multiport unicast MAC address entry for MAC address 0001-0001-0101 on
Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 that belong to VLAN 2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-address multiport 0001-0001-0101 vlan 2
[Sysname-Ten-GigabitEthernet1/0/1] quit
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] mac-address multiport 0001-0001-0101 vlan 2
Related commands
display mac-address
mac-address (system view)
mac-address (system view)
Use mac-address to add or modify a MAC address entry.
Use undo mac-address to delete one or all MAC address entries.
Syntax
mac-address { dynamic | static } mac-address interface interface-type interface-number vlan
vlan-id
mac-address blackhole mac-address vlan vlan-id
mac-address multiport mac-address interface interface-list vlan vlan-id
undo mac-address [ [ dynamic | static ] mac-address interface interface-type interface-number
vlan vlan-id ]
undo mac-address [ blackhole | dynamic | static ] [ mac-address ] vlan vlan-id
undo mac-address [ dynamic | static ] interface interface-type interface-number
undo mac-address multiport mac-address interface interface-list vlan vlan-id
undo mac-address [ multiport ] [ [ mac-address ] vlan vlan-id ]
undo mac-address nickname nickname
undo mac-address mac-address nickname nickname vlan vlan-id
Default
The system is not configured with MAC address entries.
Views
System view
Predefined user roles
network-admin
72
Parameters
dynamic: Specifies dynamic MAC address entries.
static: Specifies static MAC address entries.
blackhole: Specifies blackhole MAC address entries. Packets whose source or destination MAC
addresses match blackhole MAC address entries are dropped.
multiport: Specifies multiport unicast MAC address entries. A frame whose destination MAC
address matches a multiport unicast MAC address entry is sent out of multiple ports.
mac-address: Specifies a MAC address in the format of H-H-H, excluding multicast and all-zero
MAC addresses. When entering a MAC address, you can omit the leading zeros in each H section.
For example, enter f-e2-1 for 000f-00e2-0001.
vlan vlan-id: Specifies an existing VLAN to which the interface belongs. The value range for the
vlan-id argument is 1 to 4094.
interface interface-type interface-number: Specifies an outgoing interface by its type and number.
interface interface-list: Specifies interfaces in the format of { interface-type interface-number [ to
interface-type interface-number ] } &<1-n>. The interface can only be a Layer 2 Ethernet interface or
Layer 2 aggregate interface. &<1-4> specifies that you can configure a maximum of 4 interfaces or
interface ranges.
nickname nickname: Specifies an RB (through which the packets leave the TRILL network) by its
nickname. The nickname is a hexadecimal number in the range of 0x1 to 0xFFFE.
Usage guidelines
Typically, the device automatically builds the MAC address table by learning the source MAC
addresses of incoming frames on each interface. However, you can manually configure static MAC
address entries. For a MAC address, a manually configured static entry takes precedence over a
dynamically learned entry. To improve the security for the user device connected to an interface,
manually configure a static entry to bind the user device to the interface. Then, the frames destined
for the user device (for example, Host A) are always sent out of the interface. Other hosts using the
forged MAC address of Host A cannot obtain the frames destined for Host A.
To drop frames with the specified source MAC addresses or destination MAC addresses, you can
configure blackhole MAC address entries.
To send frames with a specific destination MAC address out of multiple ports, configure a multiport
unicast MAC address entry. When you execute this command for the first time, the command adds a
MAC address entry. When you execute the command again with the same MAC address and VLAN
but with different interfaces, this command adds the specified interfaces for this entry.
A static or blackhole MAC address entry can overwrite a dynamic MAC address entry, but not vice
versa.
If you execute the undo mac-address command without specifying any parameters, this command
deletes all unicast MAC address entries and static multicast MAC address entries.
You can delete all the MAC address entries (including unicast MAC address entries and static
multicast MAC address entries) of a specified VLAN. You can also delete only one type (dynamic,
static, blackhole, or multiport unicast) of MAC address entries. You can single out an interface and
delete the corresponding unicast MAC address entries, but not the corresponding static multicast
MAC address entries. You can single out an RB through which the packets leave the TRILL network
and delete the corresponding unicast MAC address entries.
The MAC address entry configuration cannot survive a reboot unless you save it. The dynamic MAC
address entries, however, are lost upon reboot whether or not you save the configuration.
Examples
# Add a static entry for MAC address 000f-e201-0101. Then, all frames that are destined for this
MAC address are sent out of interface Ten-GigabitEthernet 1/0/1, which belongs to VLAN 2.
<Sysname> system-view
73
[Sysname] mac-address static 000f-e201-0101 interface ten-gigabitethernet 1/0/1 vlan 2
# Add a multiport unicast MAC address entry for MAC address 000f-e201-0101. Then, all frames that
are destined for this MAC address are sent out of Ten-GigabitEthernet 1/0/1 through
Ten-GigabitEthernet 1/0/3, which belong to VLAN 2.
<Sysname> system-view
[Sysname] mac-address multiport 000f-e201-0101 interface ten-gigabitethernet 1/0/1 to
ten-gigabitethernet 1/0/3 vlan 2
Related commands
display mac-address
mac-address (interface view)
mac-address mac-learning enable
Use mac-address mac-learning enable to enable MAC address learning globally, on an interface,
or on a VLAN.
Use undo mac-address mac-learning enable to disable MAC address learning globally, on an
interface, or on a VLAN.
Syntax
mac-address mac-learning enable
undo mac-address mac-learning enable
Default
MAC address learning is enabled.
Views
System view
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
S-channel interface view
S-channel aggregate interface view
VLAN view
Predefined user roles
network-admin
Usage guidelines
To prevent the MAC address table from becoming saturated, you can disable MAC address learning.
For example, a number of packets with different source MAC addresses reaching a device can affect
the MAC address table update. To avoid such attacks, you can disable MAC address learning by
following these guidelines:
•
You can disable MAC address learning on a per-interface basis. If you disable MAC address
learning globally, MAC address learning is disabled for all interfaces. The device then stops
learning MAC addresses and cannot dynamically update the MAC address table.
•
Because disabling MAC address learning can result in broadcast storms, enable broadcast
storm suppression after you disable MAC address learning on an interface. For more
information about broadcast storm suppression, see Layer 2—LAN Switching Configuration
Guide.
•
With MAC address learning enabled globally, you can disable MAC address learning for an
interface or VLAN.
74
This command does not take effect in a TRILL network, in a VPLS VSI, or for an S-channel. For
information about TRILL, see TRILL Configuration Guide. For information about VSIs, see MPLS
Configuration Guide. For information about S-channels, see EVB Configuration Guide.
When MAC address learning is disabled, the device immediately deletes the existing dynamic MAC
address entries.
Examples
# Disable MAC address learning globally.
<Sysname> system-view
[Sysname] undo mac-address mac-learning enable
# Disable MAC address learning for VLAN 10.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] undo mac-address mac-learning enable
# Disable MAC address learning on interface Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address mac-learning enable
# Disable MAC address learning on interface Bridge-Aggregation 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] undo mac-address mac-learning enable
# Disable MAC address learning on interface S-Channel 1/0/1:10.
<Sysname> system-view
[Sysname] interface s-channel 1/0/1:10
[Sysname-S-Channel1/0/1:10] undo mac-address mac-learning enable
# Disable MAC address learning on interface Schannel-Aggregation 1:2.
<Sysname> system-view
[Sysname] interface schannel-aggregation 1:2
[Sysname-Schannel-Aggregation1:2] undo mac-address mac-learning enable
Related commands
display mac-address mac-learning
mac-address mac-learning priority
Use mac-address mac-learning priority to assign MAC learning priority to an interface.
Use undo mac-address mac-learning priority to restore the default.
Syntax
mac-address mac-learning priority { high | low }
undo mac-address mac-learning priority
Default
Low MAC address learning priority is used.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
75
Predefined user roles
network-admin
Parameters
high: Assigns high MAC learning priority.
low: Assigns low MAC learning priority.
Usage guidelines
The MAC address learning priority values can be high and low. An interface with high MAC address
learning priority can learn any MAC address. An interface with low MAC address learning priority can
learn only the MAC addresses that have not been learned by high-priority interfaces.
The MAC learning priority mechanism can help defend your network against MAC address spoofing
attacks. To prevent the downlink interface from learning the MAC address of an upper layer device
(for example, the gateway), you can perform the following tasks:
•
Assign high MAC learning priority to an uplink interface.
•
Assign low MAC learning priority to a downlink interface .
Examples
# Assign high MAC learning priority to interface Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-address mac-learning priority high
# Assign high MAC learning priority to interface Bridge-Aggregation 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] mac-address mac-learning priority high
mac-address mac-roaming enable
Use mac-address mac-roaming enable to enable MAC address synchronization.
Use undo mac-address mac-roaming enable to restore the default.
Syntax
mac-address mac-roaming enable
undo mac-address mac-roaming enable
Default
MAC address synchronization is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If ports on different IRF member devices are Selected ports from the same aggregation group, MAC
address entries are synchronized among these IRF member devices. They are synchronized
whether or not MAC address synchronization is enabled for the IRF fabric. For more information
about aggregation groups, see Layer 2—LAN Switching Configuration Guide.
76
The MAC address table size might vary by IRF member device. With MAC address synchronization
enabled, MAC address entries exceeding the table size of an IRF member device cannot be
synchronized to the MAC address table.
Examples
# Enable MAC address synchronization.
<Sysname> system-view
[Sysname] mac-address mac-roaming enable
mac-address max-mac-count
Use mac-address max-mac-count to set the MAC learning limit on an interface.
Use undo mac-address max-mac-count to restore the default.
Syntax
mac-address max-mac-count count
undo mac-address max-mac-count
Default
The maximum number of MAC addresses that can be learned on an interface is not set.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
count: Sets the maximum number of MAC addresses that can be learned on an interface. The value
range is 0 to 4096. When the argument is set to 0, the interface is not allowed to learn MAC
addresses.
Usage guidelines
When the number of MAC address entries learned by an interface reaches the limit, the interface
stops learning MAC address entries.
Examples
# Configure interface Ten-GigabitEthernet 1/0/1 to learn a maximum of 600 MAC address entries.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-address max-mac-count 600
Related commands
mac-address
mac-address max-mac-count enable-forwarding
mac-address max-mac-count enable-forwarding
Use mac-address max-mac-count enable-forwarding to enable the device to forward unknown
frames received on an interface after the MAC learning limit on the interface is reached.
Use undo mac-address max-mac-count enable-forwarding to disable the device from forwarding
unknown frames received on an interface after the MAC learning limit on the interface is reached.
77
Syntax
mac-address max-mac-count enable-forwarding
undo mac-address max-mac-count enable-forwarding
Default
When the MAC learning limit on an interface is reached, the device can forward unknown frames
received on the interface.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
In this document, unknown frames refer to frames whose source MAC addresses are not in the MAC
address table.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to learn a maximum of 600 MAC address entries.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-address max-mac-count 600
# Disable the device from forwarding unknown frames received on Ten-GigabitEthernet 1/0/1 after
the MAC learning limit on Ten-GigabitEthernet 1/0/1 is reached.
[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address max-mac-count enable-forwarding
Related commands
mac-address
mac-address max-mac-count
mac-address mac-move fast-update
Use mac-address mac-move fast-update to enable ARP fast update for MAC address moves.
Use undo mac-address mac-move fast-update to restore the default.
Syntax
mac-address mac-move fast-update
undo mac-address mac-move fast-update
Default
ARP fast update is disabled for MAC address moves.
Views
System view
Predefined user roles
network-admin
Examples
# Enable ARP fast update for MAC address moves.
78
<Sysname> system-view
[Sysname] mac-address mac-move fast-update
mac-address notification mac-move
Use mac-address notification mac-move to enable MAC address move notifications and
optionally set a MAC move detection interval.
Use undo mac-address notification mac-move to restore the default.
Syntax
mac-address notification mac-move [ interval interval-value ]
undo mac-address notification mac-move
Default
MAC address move notifications are disabled, and the MAC move detection interval for MAC
address moves is 1 minute.
Views
System view
Predefined user roles
network-admin
Parameters
interval interval-value: Sets a detection interval for MAC address moves, in the range of 1 to 60
minutes. If you do not specify this option, the default setting of 1 minute is used.
Usage guidelines
With MAC address move notifications enabled, the system displays the MAC address move logs
when it detects MAC address moves. Each record of the MAC address move logs contains the
following information:
•
MAC address.
•
VLAN ID of the MAC address entry.
•
Current port and source port of the MAC address moves.
•
Number of MAC address moves within a MAC move detection interval.
After you execute this command:
•
If the snmp-agent trap enable mac-address command is also executed, the system sends
SNMP information to the SNMP module of the device.
•
If the snmp-agent trap enable mac-address command is not executed, the system sends
syslog messages to the information center module.
Within a detection interval, an IRF member device can display a maximum of 20 MAC address move
records. The latest record will override the oldest one.
Examples
# Enable MAC address move notifications.
<Sysname> system-view
[Sysname] mac-address notification mac-move
[Sysname]
%May 14 17:16:45:688 2013 HPE MAC/4/MAC_FLAPPING: MAC address 0000-0012-0034 in VLAN 500
has moved from port XGE1/0/1 to port XGE1/0/2 for 1 times
The output shows that:
79
•
The VLAN ID of which MAC address 0000-0012-0034 is VLAN 500.
•
The MAC address moved from port Ten-GigabitEthernet 1/0/1 to port Ten-GigabitEthernet
1/0/2.
•
The MAC address has moved once within the last 1 minute (the default interval).
Related commands
display mac-address mac-move
mac-address notification mac-move suppression
Use mac-address notification mac-move suppression to enable MAC address move
suppression.
Use undo mac-address notification mac-move suppression to restore the default.
Syntax
mac-address notification mac-move suppression
undo mac-address notification mac-move suppression
Default
MAC address moves are not suppressed.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This feature shuts an interface down when a MAC address has been moved from the interface more
than the specified suppression threshold within a MAC move detection interval. You can use the
shutdown command and then the undo shutdown command to bring up the interface. Also, the
interface can automatically come up after a suppression interval.
Examples
# Enable MAC address move suppression on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-address notification mac-move suppression
mac-address notification mac-move suppression interval
Use mac-address notification mac-move suppression interval to set a suppression interval for
MAC address moves.
Use undo mac-address notification mac-move suppression interval to restore the default.
Syntax
mac-address notification mac-move suppression interval interval-value
undo mac-address notification mac-move suppression
Default
The suppression interval for MAC address moves is 30 seconds.
80
Views
System view
Predefined user roles
network-admin
Parameters
interval interval-value: Specifies the MAC address move suppression interval in the range of 30 to
86400 seconds. If you do not specify this option, the default suppression interval of 30 seconds is
used.
Examples
# Set the suppression interval to 100 seconds for MAC address moves.
<Sysname> system-view
[Sysname] mac-address notification mac-move suppression interval 100
mac-address notification mac-move suppression threshold
Use mac-address notification mac-move suppression threshold to set a threshold for MAC
address moves sourced from an interface within a detection interval.
Use undo mac-address notification mac-move suppression threshold to restore the default.
Syntax
mac-address notification mac-move suppression threshold threshold-value
undo mac-address notification mac-move suppression threshold
Default
The threshold is 3.
Views
System view
Predefined user roles
network-admin
Parameters
threshold-value: Sets the threshold for MAC address moves sourced from an interface within a
detection interval. The value range for this argument is 0 to 1024.
Usage guidelines
The system shuts down the interface when the following conditions exist:
•
The interface is enabled with MAC address move suppression.
•
The number of MAC address moves from the interface within a detection interval exceeds the
threshold.
After the suppression interval elapses, the interface comes up automatically. You can also use the
undo shutdown command to manually bring up the interface.
If the threshold is set to 0, the system shuts down an interface if a MAC address moves from the
interface.
Examples
# Set the threshold to 1 for MAC address moves sourced from an interface within a detection interval.
<Sysname> system-view
[Sysname] mac-address notification mac-move suppression threshold 1
81
mac-address static source-check enable
Use mac-address static source-check enable to enable the static source check feature.
Use undo mac-address static source-check enable to disable the static source check feature.
Syntax
mac-address static source-check enable
undo mac-address static source-check enable
Default
The static source check feature is enabled.
Views
Layer 2 Ethernet interface view
Layer 3 Ethernet interface/subinterface view
Layer 2 aggregate interface view
Layer 3 aggregate interface /subinterface view
Predefined user roles
network-admin
Examples
# Disable the static source check feature.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] undo mac-address static source-check enable
mac-address timer
Use mac-address timer to set the aging timer for dynamic MAC address entries.
Use undo mac-address timer to restore the default.
Syntax
mac-address timer { aging seconds | no-aging }
undo mac-address timer
Default
The aging timer for dynamic MAC address entries is 300 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
aging seconds: Sets an aging timer (in seconds) for dynamic MAC address entries, in the range of
10 to 1000000 seconds.
no-aging: Configures dynamic MAC address entries not to age.
82
Usage guidelines
To set the aging timer appropriately, follow these guidelines:
•
A long aging interval causes the MAC address table to retain outdated entries and fail to
accommodate the most recent network changes.
•
A short aging interval results in removal of valid entries. Then, unnecessary broadcasts packets
appear and affect device performance.
Examples
# Set the aging time to 500 seconds for dynamic MAC address entries.
<Sysname> system-view
[Sysname] mac-address timer aging 500
Related commands
display mac-address aging-time
snmp-agent trap enable mac-address
Use snmp-agent trap enable mac-address to enable SNMP notifications for the MAC address
table.
Use undo snmp-agent trap enable mac-address to disable SNMP notifications for the MAC
address table.
Syntax
snmp-agent trap enable mac-address [ mac-move ]
undo snmp-agent trap enable mac-address [ mac-move ]
Default
SNMP notifications for the MAC address table are enabled.
Views
System view
Predefined user roles
network-admin
Parameters
mac-move: Enables SNMP notifications about the MAC address moves for the MAC address table.
If you do not specify this keyword, the command enables all types of SNMP notifications for the MAC
address table.
Usage guidelines
When SNMP notifications are disabled for the MAC address table, MAC address moves are reported
in syslog messages.
The MAC address table supports only SNMP notifications about MAC address moves. When you
enable or disable SNMP notifications about MAC address moves, you enable or disable all types of
SNMP notifications for the MAC address table.
Examples
# Disable SNMP notifications about MAC address moves for the MAC address table.
<Sysname> system-view
[Sysname] undo snmp-agent trap enable mac-address mac-move
83
Related commands
mac-address notification mac-move
84
MAC Information commands
mac-address information enable (interface view)
Use mac-address information enable to enable MAC Information on an interface.
Use undo mac-address information enable to disable MAC Information on an interface.
Syntax
mac-address information enable { added | deleted }
undo mac-address information enable { added | deleted }
Default
MAC Information is disabled on an interface.
Views
Layer 2 Ethernet interface view
S-channel interface view
S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
added: Enables the device to record MAC change information when a new MAC address is learned
on an interface.
deleted: Enables the device to record MAC change information when an existing MAC address is
deleted.
Usage guidelines
Before you enable MAC Information on an interface, enable MAC Information globally.
Examples
# Enable MAC Information on Ten-GigabitEthernet 1/0/1 to enable the interface to record MAC
change information when learning a new MAC address.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-address information enable added
# Enable MAC Information on S-Channel 1/0/1:10 to the interface to record MAC change information
when learning a new MAC address.
<Sysname> system-view
[Sysname] interface s-channel 1/0/1:10
[Sysname-S-Channel1/0/1:10] mac-address information enable added
# Enable MAC Information on Schannel-Aggregation 1:2 to enable the interface to record MAC
change information when learning a new MAC address.
<Sysname> system-view
[Sysname] interface schannel-aggregation 1:2
[Sysname-Schannel-Aggregation1:2] mac-address information enable added
85
Related commands
mac-address information enable (system view)
mac-address information enable (system view)
Use mac-address information enable to enable MAC Information globally.
Use undo mac-address information enable to disable MAC Information globally.
Syntax
mac-address information enable
undo mac-address information enable
Default
MAC Information is disabled globally.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Before you enable MAC Information on an interface, enable MAC Information globally.
Examples
# Enable MAC Information globally.
<Sysname> system-view
[Sysname] mac-address information enable
Related commands
mac-address information enable (interface view)
mac-address information interval
Use mac-address information interval to set the MAC change notification interval.
Use undo mac-address information interval to restore the default.
Syntax
mac-address information interval interval-time
undo mac-address information interval
Default
The MAC change notification interval is 1 second.
Views
System view
Predefined user roles
network-admin
Parameters
interval-time: Sets the MAC change notification interval in the range of 1 to 20000 seconds.
86
Usage guidelines
To prevent syslog messages or SNMP notifications from being sent too frequently, set the MAC
change notification interval to a larger value.
Examples
# Set the MAC change notification interval to 200 seconds.
<Sysname> system-view
[Sysname] mac-address information interval 200
mac-address information mode
Use mac-address information mode to set the MAC Information mode. The MAC Information
mode specifies the type of messages (syslog messages or SNMP notifications) used to notify MAC
changes.
Use undo mac-address information mode to restore the default.
Syntax
mac-address information mode { syslog | trap }
undo mac-address information mode
Default
SNMP notifications are sent to notify MAC changes.
Views
System view
Predefined user roles
network-admin
Parameters
syslog: Specifies that the device sends syslog messages to notify MAC changes.
trap: Specifies that the device sends SNMP notifications to notify MAC changes.
Examples
# Set the MAC Information mode to trap.
<Sysname> system-view
[Sysname] mac-address information mode trap
mac-address information queue-length
Use mac-address information queue-length to set the MAC Information queue length.
Use undo mac-address information queue-length to restore the default.
Syntax
mac-address information queue-length value
undo mac-address information queue-length
Default
The MAC Information queue length is 50.
Views
System view
87
Predefined user roles
network-admin
Parameters
value: Sets the MAC Information queue length in the range of 0 to 1000. The MAC Information queue
length indicates the number of MAC change messages.
Usage guidelines
If the MAC Information queue length is 0, the device sends a syslog message or SNMP notification
immediately after learning or deleting a MAC address.
If the MAC Information queue length is not 0, the device stores MAC changes in the queue:
•
•
The device overwrites the oldest MAC change written into the queue with the most recent MAC
change when the following conditions exist:
{
The MAC change notification interval does not expire.
{
The queue has been exhausted.
The device sends syslog messages or SNMP notifications only if the MAC change notification
interval expires.
Examples
# Set the MAC Information queue length to 600.
<Sysname> system-view
[Sysname] mac-address information queue-length 600
88
Ethernet link aggregation commands
You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3
interface (see Layer 2—LAN Switching Configuration Guide).
bandwidth
Use bandwidth to set the expected bandwidth for an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth of an interface affects the following items:
•
Bandwidth assignment with CBQ. For more information, see ACL and QoS Configuration
Guide.
•
Link costs in OSPF, OSPFv3, and IS-IS. For more information, see Layer 3—IP Routing
Configuration Guide.
Examples
# Set the expected bandwidth to 10000 kbps for Layer 2 aggregate interface Bridge-Aggregation 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] bandwidth 10000
default
Use default to restore the default settings for an aggregate interface.
Syntax
default
Views
Layer 2 aggregate interface view
89
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
Predefined user roles
network-admin
Usage guidelines
CAUTION:
The default command might interrupt ongoing network services. Make sure you are fully aware of
the impacts of this command when you execute it on a live network.
This command might fail to restore the default settings for some commands for reasons such as
command dependencies and system restrictions. Use the display this command in interface view to
identify these commands, and then use their undo forms or follow the command reference to restore
their default settings. If your restoration attempt still fails, follow the error message instructions to
resolve the problem.
Examples
# Restore the default settings for Layer 2 aggregate interface 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] default
description
Use description to set a description for an interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of an interface is the interface-name plus Interface. For example, the default
description of Bridge-Aggregation1 is Bridge-Aggregation1 Interface.
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
Predefined user roles
network-admin
Parameters
text: Specifies the interface description, a string of 1 to 255 characters.
Examples
# Set the description to connect to the lab for Layer 2 aggregate interface Bridge-Aggregation 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] description connect to the lab
90
display interface
Use display interface to display aggregate interface information.
Syntax
display interface [ bridge-aggregation | route-aggregation ] [ brief [ down ] ]
display interface [ { bridge-aggregation | route-aggregation } [ interface-number ] ] [ brief
[ description ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
bridge-aggregation: Specifies Layer 2 aggregate interfaces.
route-aggregation: Specifies Layer 3 aggregate interfaces.
interface-number: Specifies an existing aggregate interface number. The value range for the
interface-number argument is the set of all existing aggregate interface numbers.
brief: Displays brief interface information. If you do not specify this keyword, the command displays
detailed interface information.
down: Displays information about interfaces in the down state and the causes for the down state. If
you do not specify this keyword, the command displays information about interfaces in all states.
description: Displays complete interface descriptions. If you do not specify this keyword, the
command displays only the first 27 characters of each interface description.
Usage guidelines
If you do not specify the bridge-aggregation and route-aggregation keywords, the command
displays information about all interfaces.
If you specify the bridge-aggregation or route-aggregation keyword but do not specify an interface
number, the command displays information about all Layer 2 or Layer 3 aggregate interfaces.
If you specify the bridge-aggregation interface-number or route-aggregation interface-number
option, the command displays information about the specified aggregate interface.
Examples
# Display detailed information about Layer 2 aggregate interface Bridge-Aggregation 1.
<Sysname> display interface bridge-aggregation 1
Bridge-Aggregation1
Current state: UP
IP packet frame type: Ethernet II, hardware address: 00e0-fc00-5900
Description: Bridge-Aggregation1 Interface
Bandwidth: 0kbps
2Gbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
PVID: 1
Port link-type: Access
Tagged VLANs:
None
Untagged VLANs: 1
91
Last clearing of counters:
Last 300 seconds input:
Last 300 seconds output:
Input (total):
Never
6900 packets/sec 885160 bytes/sec
-%
3150 packets/sec 404430 bytes/sec
-%
5364747 packets, 686688416 bytes
2682273 unicasts, 1341137 broadcasts, 1341337 multicasts, 0 pauses
Input (normal):
5364747 packets, 686688416 bytes
2682273 unicasts, 1341137 broadcasts, 1341337 multicasts, 0 pauses
Input:
0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, 0 overruns, 0 aborts
0 ignored, 0 parity errors
Output (total): 1042508 packets, 133441832 bytes
1042306 unicasts, 0 broadcasts, 202 multicasts, 0 pauses
Output (normal): 1042508 packets, 133441832 bytes
1042306 unicasts, 0 broadcasts, 202 multicasts, 0 pauses
Output: 0 output errors, 0 underruns, 0 buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, 0 no carrier
# Display detailed information about Layer 3 aggregate interface Route-Aggregation 1.
<Sysname> display interface route-aggregation 1
Route-Aggregation1
Current state: UP
Line protocol state: UP
Description: Route-Aggregation1 Interface
Bandwidth: 0kbps
Maximum transmission unit: 1500
Internet protocol processing: Disabled
IP packet frame type: Ethernet II, hardware address: 00e0-fc00-5928
IPv6 packet frame type: Ethernet II, hardware address: 00e0-fc00-5928
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 drops
0 packets output, 0 bytes, 0 drops
# Display brief information about Layer 2 aggregate interface Bridge-Aggregation 1.
<Sysname> display interface bridge-aggregation 1 brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface
Link Speed
Duplex Type PVID Description
BAGG1
UP
A
auto
A
1
# Display brief information about Layer 3 aggregate interface Route-Aggregation 1.
<Sysname> display interface route-aggregation 1 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Primary IP
92
Description
RAGG1
UP
UP
--
Table 20 Command output
Field
Description
Bridge-Aggregation1
Layer 2 aggregate interface name.
Route-Aggregation1
Layer 3 aggregate interface name.
Current state
Aggregate interface status:
•
DOWN (Administratively down)—The interface is
administratively shut down with the shutdown command.
•
DOWN—The interface is administratively up but physically down
(possibly because no physical link is present or the link has
failed).
•
UP—The Ethernet interface is both administratively and
physically up.
IP packet frame type
IPv4 packet frame format.
Description
Partial or complete interface description configured by using the
description command.
•
If the description keyword is not specified in the display
interface brief command, this field displays only the first 27
characters of the interface description.
•
If the description keyword is specified in the display interface
brief command, this field displays the complete interface
description.
Bandwidth
Expected bandwidth of the interface.
Unknown-speed mode,
unknown-duplex mode
The interface speed and duplex mode are unknown.
PVID
Port VLAN ID (PVID).
Port link-type
Port link type: access, trunk, or hybrid.
Tagged VLANs
Packets from the specified VLANs are sent out of this interface with a
VLAN tag:
•
Tagged Vlan: none—All packets are sent out of this interface
without a VLAN tag.
•
Tagged Vlan: 1—Packets from VLAN 1 are sent out of this
interface with a VLAN tag.
This field is displayed when the port link type is access or hybrid.
Untagged VLANs
Packets from the specified VLANs are sent out of this interface without
a VLAN tag:
•
Untagged Vlan: none—All packets are sent out of this interface
with a VLAN tag.
•
Untagged Vlan: 1—Packets from VLAN 1 are sent out of this
interface without a VLAN tag.
This field is displayed when the port link type is access or hybrid.
Last clearing of counters
Time when the reset counters interface command was last used to
clear the interface statistics.
Never indicates the reset counters interface command has never
been used on the interface since the device startup.
Last 300 seconds input/output rate
Average input/output rate over the last 300 seconds.
Input/Output (total)
Statistics of all packets received/sent on the interface.
Input/Output (normal)
Statistics of all normal packets received/sent on the interface.
93
Field
Description
Line protocol state
Link layer state of the interface.
IP packet processing.
Internet protocol processing
Disabled indicates that IP packets cannot be processed.
For an interface configured with an IP address, this field changes to
Internet address is.
Brief information on interfaces in
route mode
Brief information about Layer 3 interfaces.
Brief information on interfaces in
bridge mode
Brief information about Layer 2 interfaces.
Link: ADM - administratively down;
Stby - standby
Link status:
•
ADM—The interface has been administratively shut down. To
recover its physical layer state, run the undo shutdown
command.
•
Stby—The interface is operating as a backup interface.
If the speed of an interface is automatically negotiated, the speed
attribute of the interface includes the auto negotiation flag (the letter a
in parentheses).
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F full
If an interface is configured to autonegotiate its speed but the
autonegotiation has not started, its speed attribute is displayed as
auto.
If the duplex mode of an interface is automatically negotiated, the
duplex mode attribute of the interface includes the letter a in
parentheses or a capital A. H indicates the half duplex mode. F
indicates the full duplex mode.
Type: A - access; T - trunk; H hybrid
Port link type options for interfaces.
Protocol: (s) - spoofing
If the data link layer protocol state of an interface is shown as UP, but
its link is an on-demand link or not present, its protocol attribute
includes the spoofing flag (the letter s in parentheses).
Interface
Abbreviated interface name.
Link
Physical link state of the interface.
Speed
Interface speed, in bps.
Cause
Cause of a DOWN physical link.
display lacp system-id
Use display lacp system-id to display the system ID of the local system.
Syntax
display lacp system-id
Views
Any view
Predefined user roles
network-admin
network-operator
94
Usage guidelines
You can use the lacp system-priority command to change the LACP priority of the local system.
The LACP priority value is specified in decimal format in the lacp system-priority command.
However, it is displayed as a hexadecimal value in the output from the display lacp system-id
command.
Examples
# Display the local system ID.
<Sysname> display lacp system-id
Actor System ID: 0x8000, 0000-fc00-6504
Table 21 Command output
Field
Description
Actor System ID: 0x8000, 0000-fc00-6504
Local system ID, which contains the system LACP priority
(0x8000 in this sample output) and the system MAC address
(0000-FC00-6504 in this sample output).
Related commands
lacp system-priority
display link-aggregation load-sharing mode
Use display link-aggregation load-sharing mode to display global or group-specific
link-aggregation load sharing modes.
Syntax
display link-aggregation load-sharing
route-aggregation } interface-number ] ]
mode
[
interface
[
{
bridge-aggregation
|
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
bridge-aggregation: Specifies Layer 2 aggregate interfaces.
route-aggregation: Specifies Layer 3 aggregate interfaces.
interface-number: Specifies an existing aggregate interface number.
Usage guidelines
If you do not specify the interface keyword, the command displays the global link-aggregation load
sharing modes.
If you specify the interface keyword, but do not specify an interface, the command displays all
group-specific load sharing modes.
If you specify the bridge-aggregation interface-number or route-aggregation interface-number
option, the command displays the load sharing mode of the specified aggregation group.
The bridge-aggregation or route-aggregation keyword is available only when Layer 2 or Layer 3
aggregate interfaces exist on the device.
95
Examples
# Display the default global link-aggregation load sharing modes.
<Sysname> display link-aggregation load-sharing mode
MAC-in-MAC traffic load-sharing mode:
Default
Link-Aggregation Load-Sharing Algorithm:
Default
Link-Aggregation Load-Sharing Seed:
Default
Link-Aggregation Load-Sharing Mode:
Layer 2 traffic: packet type-based sharing
Layer 3 traffic: packet type-based sharing
# Display the set global link-aggregation load sharing mode.
<Sysname> display link-aggregation load-sharing mode
MAC-in-MAC traffic load-sharing mode:
inner
Link-Aggregation Load-Sharing Algorithm:
Algorithm 2
Link-Aggregation Load-Sharing Seed:
0x3ff
Link-Aggregation Load-Sharing Mode:
destination-mac address
source-mac address
# Display the default link-aggregation load sharing modes of Layer 2 aggregation group 10.
<Sysname> display link-aggregation load-sharing mode interface bridge-aggregation 10
Bridge-Aggregation10 Load-Sharing Mode:
Layer 2 traffic: packet type-based sharing
Layer 3 traffic: packet type-based sharing
# Display the set link-aggregation load sharing mode of Layer 2 aggregation group 10.
<Sysname> display link-aggregation load-sharing mode interface bridge-aggregation 10
Bridge-Aggregation10 Load-Sharing Mode:
destination-mac address
source-mac address
Table 22 Command output
Field
Description
Global load sharing mode for MAC-in-MAC traffic.
MAC-in-MAC traffic load-sharing mode
By default, this field displays Default. If you have set the global
load sharing mode for MAC-in-MAC traffic, this field displays the
set mode.
Per-flow load sharing algorithm for Ethernet link aggregation.
Link-Aggregation Load-Sharing
Algorithm
By default, this field displays Default. If you have configured the
load sharing algorithm, this field displays the configured
algorithm.
Per-flow load sharing algorithm seed for Ethernet link
aggregation.
Link-Aggregation Load-Sharing Seed
By default, this field displays Default. If you have configured the
load sharing algorithm seed, this field displays the configured
seed.
Link-Aggregation Load-Sharing Mode
Global link-aggregation load sharing mode.
96
Field
Description
•
•
By default, this field displays the link-aggregation load
sharing modes for Layer 2 traffic and Layer 3 traffic.
If you have set the global link-aggregation load sharing
mode, this field displays the set mode.
Bridge-Aggregation10 Load-Sharing
Mode
Link-aggregation load sharing mode of Layer 2 aggregation group
10.
•
By default, this field displays the global link-aggregation load
sharing modes.
•
If you have set a link-aggregation load sharing mode for this
aggregation group, this field displays the set mode.
Route-Aggregation10 Load-Sharing
Mode
Link-aggregation load sharing mode of Layer 3 aggregation group
10.
•
By default, this field displays the global link-aggregation load
sharing modes.
•
If you have set a link-aggregation load sharing mode for this
aggregation group, this field displays the set mode.
Layer 2 traffic: packet type-based
sharing
Default link-aggregation load sharing mode for Layer 2 traffic. In
this sample output, Layer 2 traffic is load shared based on the
packet type.
Layer 3 traffic: packet type-based
sharing
Default link-aggregation load sharing mode for Layer 3 traffic. In
this sample output, Layer 3 traffic is load shared based on the
packet type.
destination-mac address, source-mac
address
User-configured link-aggregation load sharing mode. In this
sample output, traffic is load shared based on source and
destination MAC addresses.
Related commands
link-aggregation global load-sharing algorithm
link-aggregation global load-sharing mode
link-aggregation global load-sharing seed
link-aggregation load-sharing mode
display link-aggregation load-sharing path
Use display link-aggregation load-sharing path to display forwarding information for the specified
traffic flow.
Syntax
display
link-aggregation
load-sharing
path
interface
route-aggregation } interface-number ingress-port interface-type
{ { destination-ip ip-address | destination-ipv6 ipv6-address }
source-ipv6 ipv6-address } | destination-mac mac-address |
ethernet-type type-number | ip-protocol protocol-id | source-mac
port-id | vlan vlan-id }*
Views
Any view
Predefined user roles
network-admin
network-operator
97
{ bridge-aggregation |
interface-number [ route ]
| { source-ip ip-address |
destination-port port-id |
mac-address | source-port
Parameters
bridge-aggregation: Specifies Layer 2 aggregate interfaces.
route-aggregation: Specifies Layer 3 aggregate interfaces.
interface-number: Specifies an existing aggregate interface by its number.
ingress-port interface-type interface-number: Specifies an ingress port by its type and number. The
ingress port must be a physical port.
route: Displays forwarding information for Layer 3 traffic. If you do not specify this keyword, the
command displays forwarding information for Layer 2 traffic.
destination-ip ip-address: Specifies a destination IPv4 address.
destination-ipv6 ipv6-address: Specifies a destination IPv6 address.
source-ip ip-address: Specifies a source IPv4 address.
source-ipv6 ipv6-address: Specifies a source IPv6 address.
destination-mac mac-address: Specifies a destination MAC address in H-H-H format.
destination-port port-id: Specifies a destination port number in the range of 1 to 65535.
ethernet-type type-number: Specifies an Ethernet type code in the range of 1 to 65535.
ip-protocol protocol-id: Specifies an IP protocol by its ID in the range of 0 to 255.
source-mac mac-address: Specifies a source MAC address in H-H-H format.
source-port port-id: Specifies a source port number in the range of 1 to 65535.
vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
A parameter specified in the command might not be used for selecting the egress port. The Load
sharing parameters field displays the parameters that are used in egress port selection. For
example, you can specify both the destination-mac mac-address and destination-ip ip-address
options. If only the destination MAC address is used for selecting the egress port, the Load sharing
parameters field does not display the destination-ip parameter.
If a parameter required for selecting the egress port is not specified, the default value of the
parameter is used. If the parameter does not have any default values, the parameter is set to 0.
Examples
# Display forwarding information for the specified traffic flow to be sent out of Layer 2 aggregate
interface Bridge-Aggregation 1.
<Sysname> display link-aggregation load-sharing path interface bridge-aggregation 1
ingress-port ten-gigabitethernet 1/0/1 destination-mac 0000-fc00-0001 source-mac
0000-fc00-0002 source-ip 10.100.0.2 destination-ip 10.100.0.1
Load sharing mode: destination-mac, source-mac
Unspecified parameters are set to 0.
Load sharing parameters:
Ingress port: Ten-GigabitEthernet1/0/1
Destination MAC: 0000-fc00-0001
Source MAC: 0000-fc00-0002
Destination IP: 10.100.0.1
Source IP: 10.100.0.2
Egress port: Ten-GigabitEthernet1/0/3
98
Table 23 Command output
Field
Description
Load sharing mode:
Load sharing mode set for the aggregation group:
•
destination-mac—Traffic is load shared based on destination MAC
addresses.
•
source-mac—Traffic is load shared based on source MAC addresses.
•
destination-ip—Traffic is load shared based on destination IP addresses.
•
source-ip—Traffic is load shared based on source IP addresses.
•
destination-port—Traffic is load shared based on destination ports.
•
source-port—Traffic is load shared based on source ports.
•
ingress-port—Traffic is load shared based on ingress ports.
Load sharing parameters
Parameters that are used in egress port selection.
Egress port
Egress port of the specified traffic flow. If no egress port is found, this field
displays N/A.
display link-aggregation member-port
Use display link-aggregation member-port to display detailed link aggregation information for the
specified member ports.
Syntax
display link-aggregation member-port [ interface-list ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-list: Specifies a list of link aggregation member ports, in the format interface-type
interface-number [ to interface-type interface-number ]. interface-type interface-number specifies an
interface by its type and number.
Usage guidelines
A member port in a static aggregation group is unaware of information about the peer group. For
such member ports, the command displays the port number, port priority, and operational key of only
the local end.
Examples
# Display detailed link aggregation information for Ten-GigabitEthernet 1/0/1, which is a member port
of a static aggregation group.
<Sysname> display link-aggregation member-port ten-gigabitethernet 1/0/1
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Ten-GigabitEthernet1/0/1:
Aggregate Interface: Bridge-Aggregation1
99
Port Number: 1
Port Priority: 32768
Oper-Key: 1
# Display detailed link aggregation information for Ten-GigabitEthernet 1/0/2, which is a member port
of a dynamic aggregation group.
<Sysname> display link-aggregation member-port ten-gigabitethernet 1/0/2
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Ten-GigabitEthernet1/0/2:
Aggregate Interface: Bridge-Aggregation10
Local:
Port Number: 2
Port Priority: 32768
Oper-Key: 2
Flag: {ACDEF}
Remote:
System ID: 0x8000, 000f-e267-6c6a
Port Number: 26
Port Priority: 32768
Oper-Key: 2
Flag: {ACDEF}
Received LACP Packets: 5 packet(s)
Illegal: 0 packet(s)
Sent LACP Packets: 7 packet(s)
Table 24 Command output
Field
Description
Flags
LACP state flags. This field is one byte long, represented by ABCDEFGH from
the least significant bit to the most significant bit. The letter is present when its bit
is 1 and absent when its bit is 0.
•
A—Indicates whether LACP is enabled. 1 indicates enabled, and 0 indicates
disabled.
•
B—Indicates the LACP short or long timeout. 1 indicates short timeout, and
0 indicates long timeout.
•
C—Indicates whether the sending system considers that the link is
aggregatable. 1 indicates yes, and 0 indicates no.
•
D—Indicates whether the sending system considers that the link is
synchronized. 1 indicates yes, and 0 indicates no.
•
E—Indicates whether the sending system considers that the incoming
frames are collected. 1 indicates yes, and 0 indicates no.
•
F—Indicates whether the sending system considers that the outgoing
frames are distributed. 1 indicates yes, and 0 indicates no.
•
G—Indicates whether the sending system receives frames in the default
state. 1 indicates yes, and 0 indicates no.
•
H—Indicates whether the sending system receives frames in the expired
state. 1 indicates yes, and 0 indicates no.
Aggregate Interface
Aggregate interface to which the member port belongs.
Local
Information about the local end.
100
Field
Description
Oper-key
Operational key.
Flag
LACP protocol state flag.
Remote
Information about the peer end.
System ID
Peer system ID, containing the system LACP priority and the system MAC
address.
Received LACP
Packets
Total number of LACP packets received.
Illegal
Total number of illegal packets.
Sent LACP Packets
Total number of LACP packets sent.
display link-aggregation summary
Use display link-aggregation summary to display brief information about all aggregation groups.
Syntax
display link-aggregation summary
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Static link aggregation groups are unaware of information about the peer groups. As a result, the
Partner ID field displays None for a static link aggregation group.
Examples
# Display brief information about all aggregation groups.
<Sysname> display link-aggregation summary
Aggregation Interface Type:
BAGG -- Bridge-Aggregation, BLAGG -- Blade-Aggregation, RAGG -- Route-Aggregation
Aggregation Mode: S -- Static, D -- Dynamic
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor System ID: 0x8000, 000f-e267-6c6a
AGG
AGG
Interface
Mode
Partner ID
Selected
Unselected
Individual
Share
Ports
Ports
Ports
Type
-------------------------------------------------------------------------------RAGG10
S
None
1
0
0
NonS
BAGG20
D
0x8000,00e0-fcff-ff01
2
0
0
Shar
Table 25 Command output
Field
Description
Aggregation Interface Type
Aggregate interface type:
•
BAGG—Layer 2.
101
Field
Description
•
RAGG—Layer 3.
Aggregation Mode
Aggregation group type:
•
S—Static.
•
D—Dynamic.
Loadsharing Type
Load sharing type:
•
Shar—Load sharing.
•
NonS—Non-load sharing.
Actor System ID
Local system ID, which contains the local system LACP priority and the local
system MAC address.
AGG Interface
Type and number of the aggregate interface.
AGG Mode
Aggregation group type.
Partner ID
System ID of the peer system, which contains the peer system LACP priority
and the peer system MAC address.
Selected Ports
Total number of Selected ports.
Unselected Ports
Total number of Unselected ports.
Individual Ports
Total number of Individual ports.
Share Type
Load sharing type.
display link-aggregation verbose
Use display link-aggregation verbose to display detailed information about the aggregation
groups that correspond to the specified aggregate interfaces.
Syntax
display link-aggregation
[ interface-number ] ]
verbose
[
{
bridge-aggregation
|
route-aggregation
}
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
bridge-aggregation: Specifies Layer 2 aggregate interfaces.
route-aggregation: Specifies Layer 3 aggregate interfaces.
interface-number: Specifies an existing aggregate interface by its number.
Usage guidelines
If you specify the bridge-aggregation or route-aggregation keyword but do not specify an interface
number, the command displays detailed information about all Layer 2 or Layer 3 aggregation groups.
If you do not specify an aggregate interface type, the command displays detailed information about
all aggregation groups.
The bridge-aggregation or route-aggregation keyword is available only when Layer 2 or Layer 3
aggregate interfaces exist on the device.
102
Examples
# Display detailed information about Layer 2 aggregation group 10, which is a dynamic aggregation
group.
<Sysname> display link-aggregation verbose bridge-aggregation 10
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected
I -- Individual, * -- Management port
Flags:
A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation10
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLAN : None
System ID: 0x8000, 000f-e267-6c6a
Local:
Port
Status
Priority Oper-Key
Flag
-------------------------------------------------------------------------------XGE1/0/1
S
32768
2
{ACDEF}
XGE1/0/2
S
32768
2
{ACDEF}
Remote:
Actor
Partner Priority Oper-Key
SystemID
Flag
-------------------------------------------------------------------------------XGE1/0/1
1
32768
2
0x8000, 000f-e267-57ad {ACDEF}
XGE1/0/2
2
32768
2
0x8000, 000f-e267-57ad {ACDEF}
# Display detailed information about Layer 2 aggregation group 20, which is a static aggregation
group.
<Sysname> display link-aggregation verbose bridge-aggregation 20
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected
I -- Individual, * -- Management port
Flags:
A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation20
Aggregation Mode: Static
Loadsharing Type: Shar
Management VLAN : None
Port
Status
Priority Oper-Key
-------------------------------------------------------------------------------XGE1/0/1
U
32768
1
XGE1/0/2
U
32768
1
XGE1/0/3
U
32768
1
103
Table 26 Command output
Field
Description
Loadsharing Type
Load sharing type:
•
Shar—Load sharing.
•
NonS—Non-load sharing.
Port Status
Port state:
•
Selected.
•
Unselected.
•
Individual.
•
Management port.
Flags
LACP state flags. This field is one byte long, represented by ABCDEFGH from
the least significant bit to the most significant bit. The letter is present when its bit
is 1 and absent when its bit is 0.
•
A—Indicates whether LACP is enabled. 1 indicates enabled, and 0 indicates
disabled.
•
B—Indicates the LACP short or long timeout. 1 indicates short timeout, and
0 indicates long timeout.
•
C—Indicates whether the sending system considers that the link is
aggregatable. 1 indicates yes, and 0 indicates no.
•
D—Indicates whether the sending system considers that the link is
synchronized. 1 indicates yes, and 0 indicates no.
•
E—Indicates whether the sending system considers that the incoming
frames are collected. 1 indicates yes, and 0 indicates no.
•
F—Indicates whether the sending system considers that the outgoing
frames are distributed. 1 indicates yes, and 0 indicates no.
•
G—Indicates whether the sending system receives frames in the default
state. 1 indicates yes, and 0 indicates no.
•
H—Indicates whether the sending system receives frames in the expired
state. 1 indicates yes, and 0 indicates no.
Aggregate Interface
Name of the aggregate interface.
Aggregation Mode
Aggregation group type:
•
S—Static.
•
D—Dynamic.
Management VLAN
Management VLANs. If no management VLANs are specified, this field displays
None.
System ID
Local system ID, containing the local system LACP priority and the local system
MAC address.
Local
Information about the local end:
•
Port—Port type and number.
•
Status—Port state, which can be Selected or Unselected.
•
Priority—Port priority.
•
Oper-Key—Operational key.
•
Flag—LACP state flag.
NOTE:
For static aggregation groups, the Flag field is not displayed.
Remote
Information about the peer end:
•
Actor—Type and number of the local port.
•
Partner—Index of the peer port.
•
Priority—Priority of the peer port.
•
Oper-Key—Operational key of the peer port.
104
Field
Description
•
•
System ID—System ID of the peer end.
Flag—LACP state flag of the peer end.
interface bridge-aggregation
Use interface bridge-aggregation to create a Layer 2 aggregate interface and enter the Layer 2
aggregate interface view.
Use undo interface bridge-aggregation to delete a Layer 2 aggregate interface.
Syntax
interface bridge-aggregation interface-number
undo interface bridge-aggregation interface-number
Default
No Layer 2 aggregate interface is created.
Views
System view
Predefined user roles
network-admin
Parameters
interface-number: Specifies a Layer 2 aggregate interface number in the range of 1 to 1024.
Usage guidelines
When you create a Layer 2 aggregate interface, the system automatically creates a Layer 2
aggregation group with the same number. The aggregation group operates in static aggregation
mode by default.
Deleting a Layer 2 aggregate interface also deletes the Layer 2 aggregation group. At the same time,
the member ports of the aggregation group, if any, leave the aggregation group.
Examples
# Create Layer 2 aggregate interface Bridge-Aggregation 1, and enter its view.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1]
interface route-aggregation
Use interface route-aggregation to create a Layer 3 aggregate interface or subinterface and enter
the Layer 3 aggregate interface or subinterface view.
Use undo interface route-aggregation to delete a Layer 3 aggregate interface or subinterface.
Syntax
interface route-aggregation { interface-number | interface-number.subnumber }
undo interface route-aggregation { interface-number | interface-number.subnumber }
Default
No Layer 3 aggregate interface or subinterface is created.
105
Views
System view
Predefined user roles
network-admin
Parameters
interface-number: Specifies a Layer 3 aggregate interface number in the range of 1 to 1024.
interface-number.subnumber: Specifies a subinterface of a Layer 3 aggregate interface. The
interface-number argument specifies the main interface number. The subnumber argument specifies
the subinterface number and is separated from the main interface number by a dot (.). The value
range for the subnumber argument is 1 to 4094.
Usage guidelines
When you create a Layer 3 aggregate interface, the system automatically creates a Layer 3
aggregation group with the same number. The Layer 3 aggregation group operates in static
aggregation mode by default.
Deleting a Layer 3 aggregate interface also deletes the Layer 3 aggregation group and the
corresponding aggregate subinterfaces. At the same time, the member ports of the aggregation
group, if any, leave the aggregation group.
Deleting a Layer 3 aggregate subinterface does not affect the state of the main interface and the
corresponding aggregation group.
Examples
# Create Layer 3 aggregate interface Route-Aggregation 1 and enter its view.
<Sysname> system-view
[Sysname] interface route-aggregation 1
[Sysname-Route-Aggregation1]
# Create Layer 3 aggregate subinterface Route-Aggregation 1.1 and enter its view.
<Sysname> system-view
[Sysname] interface route-aggregation 1.1
[Sysname-Route-Aggregation1.1]
lacp edge-port
Use lacp edge-port to configure an aggregate interface as an edge aggregate interface.
Use undo lacp edge-port to restore the default.
Syntax
lacp edge-port
undo lacp edge-port
Default
An aggregate interface does not operate as an edge aggregate interface.
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Predefined user roles
network-admin
106
Usage guidelines
Use this command on the aggregate interface that connects the device to a server if dynamic link
aggregation is configured only on the device. This feature enables all member ports of the
aggregation group to forward packets to improve link reliability.
This command takes effect only on an aggregate interface corresponding to a dynamic aggregation
group.
Link-aggregation traffic redirection cannot operate correctly on an edge aggregate interface.
Examples
# Configure Layer 2 aggregate interface Bridge-aggregation 1 as an edge aggregate interface.
<Sysname> System-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] lacp edge-port
lacp mode
Use lacp mode passive to configure LACP to operate in passive mode on a port.
Use undo lacp mode to restore the default.
Syntax
lacp mode passive
undo lacp mode
Default
LACP operates in active mode on a port.
Views
Layer 2 Ethernet interface view
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
When LACP is operating in passive mode on a local member port and its peer port, both ports cannot
send LACPDUs. When LACP is operating in active mode on either end of a link, both ports can send
LACPDUs.
This command takes effect only on member ports of dynamic aggregation groups.
Examples
# Configure LACP to operate in passive mode on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lacp mode passive
lacp period short
Use lacp period short to set the short LACP timeout interval (3 seconds) on an interface.
Use undo lacp period to restore the default.
107
Syntax
lacp period short
undo lacp period
Default
The LACP timeout interval is the long timeout interval (90 seconds) on an interface.
Views
Layer 2 Ethernet interface view
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
Do not set the LACP timeout interval to the short LACP timeout interval before performing an ISSU.
Otherwise, traffic interruption will occur during the ISSU. For more information about ISSU, see
Fundamentals Configuration Guide.
Examples
# Set the short LACP timeout interval (3 seconds) on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lacp period short
lacp system-priority
Use lacp system-priority to set the system LACP priority.
Use undo lacp system-priority to restore the default.
Syntax
lacp system-priority system-priority
undo lacp system-priority
Default
The system LACP priority is 32768.
Views
System view
Predefined user roles
network-admin
Parameters
system-priority: Specifies the system LACP priority in the range of 0 to 65535. The smaller the value,
the higher the system LACP priority.
Examples
# Set the system LACP priority to 64.
<Sysname> system-view
[Sysname] lacp system-priority 64
108
Related commands
link-aggregation port-priority
link-aggregation bfd ipv4
Use link-aggregation bfd ipv4 to enable BFD for an aggregation group.
Use undo link-aggregation bfd to restore the default.
Syntax
link-aggregation bfd ipv4 source ip-address destination ip-address
undo link-aggregation bfd
Default
BFD is disabled for an aggregation group.
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
source ip-address: Specifies the source IP address of BFD sessions.
destination ip-address: Specifies the destination IP address of BFD sessions.
Usage guidelines
This command might cause Selected ports in the aggregation group to change to the Unselected
state.
For BFD to take effect on an aggregation group, configure BFD on both ends of the aggregate link.
To avoid BFD protocol flapping, make sure the BFD-enabled aggregate interface is assigned to its
PVID. For information about the PVID and VLAN, see Layer 2—LAN Switching Configuration Guide.
Make sure the source and destination IP addresses are consistent at the two ends of an aggregate
link. For example, if you execute link-aggregation bfd ipv4 source 1.1.1.1 destination 2.2.2.2 on
the local end, execute link-aggregation bfd ipv4 source 2.2.2.2 destination 1.1.1.1 on the peer
end.
The BFD parameters configured on an aggregate interface take effect on all BFD sessions in the
aggregation group. For more information about configuring BFD parameters, see High Availability
Configuration Guide.
As a best practice, do not configure other protocols to collaborate with BFD on a BFD-enabled
aggregate interface.
Examples
# Enable BFD for Layer 2 aggregation group 1, and specify the source and destination IP addresses
as 1.1.1.1 and 2.2.2.2 for BFD sessions.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] link-aggregation bfd ipv4 source 1.1.1.1 destination
2.2.2.2
109
link-aggregation global load-sharing algorithm
Use link-aggregation global load-sharing algorithm to configure the per-flow load sharing
algorithm for Ethernet link aggregation.
Use undo link-aggregation global load-sharing algorithm to restore the default.
Syntax
link-aggregation global load-sharing algorithm algorithm-number
undo link-aggregation global load-sharing algorithm
Default
Algorithm 0 is used.
Views
System view
Predefined user roles
network-admin
Parameters
algorithm algorithm-number: Specifies an algorithm by its number in the range of 1 to 8.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
You can configure only the algorithm or the algorithm seed, or both. You can combine an algorithm
with different algorithm seeds to obtain different effects.
If the device fails to load share traffic flows across all Selected ports, you can specify algorithm 1 to 8
in sequence until the problem is solved.
Examples
# Specify algorithm 1 as the per-flow load sharing algorithm.
<Sysname> system-view
[Sysname] link-aggregation global load-sharing algorithm 1
Related commands
display link-aggregation load-sharing mode
link-aggregation global load-sharing mode
link-aggregation global load-sharing seed
link-aggregation load-sharing mode
link-aggregation global load-sharing minm
Use link-aggregation global load-sharing minm to set the global load sharing mode for
MAC-in-MAC traffic.
Use undo link-aggregation global load-sharing minm to restore the default.
Syntax
link-aggregation global load-sharing minm { inner | outer }
undo link-aggregation global load-sharing minm
110
Default
MAC-in-MAC traffic is load shared based on the inner frame header, and source and destination
ports.
Views
System view
Predefined user roles
network-admin
Parameters
inner: Specifies the inner frame header, and source and destination ports. The inner frame header
contains the source and destination customer MAC addresses, VLAN ID, and Ethernet type.
outer: Specifies the outer frame header, and source and destination ports. The outer frame header
contains the I-SID, and source and destination backbone MAC addresses.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the global load sharing mode to load share MAC-in-MAC traffic based on the inner frame
header, and source and destination ports.
<Sysname> system-view
[Sysname] link-aggregation global load-sharing minm inner
link-aggregation global load-sharing mode
Use link-aggregation global load-sharing mode to set the global link-aggregation load sharing
mode.
Use undo link-aggregation global load-sharing mode to restore the default.
Syntax
link-aggregation global load-sharing mode { destination-ip |
destination-port | ingress-port | source-ip | source-mac | source-port } *
destination-mac
|
undo link-aggregation global load-sharing mode
Default
The system automatically chooses the global link-aggregation load sharing mode according to the
packet type.
The switches can perform link-aggregation load sharing for only Layer 2 or Layer 3 packets.
•
•
If the incoming frames' Type field is 0x0800 or 0x86DD, the switches load-share these packets
as Layer 3 packets by the combination of the following criteria:
{
Source IP address.
{
Destination IP address.
{
Protocol number.
{
Port number.
If the incoming frames' Type field is not 0x0800 or 0x86DD, the switches load-share these
packets as Layer 2 packets by the combination of the following criteria:
{
Source MAC address.
{
Destination MAC address.
{
Ethernet frame types.
111
{
VLAN tag.
{
MOD ID.
{
Port ID.
Views
System view
Predefined user roles
network-admin
Parameters
destination-ip: Load shares traffic based on destination IP addresses.
destination-mac: Load shares traffic based on destination MAC addresses.
destination-port: Load shares traffic based on destination ports.
ingress-port: Load shares traffic based on ingress ports.
source-ip: Load shares traffic based on source IP addresses.
source-mac: Load shares traffic based on source MAC addresses.
source-port: Load shares traffic based on source ports.
Usage guidelines
The load sharing mode that you configure overwrites the previous mode.
If unsupported load sharing mode is configured, an error prompt appears.
In system view, the switch supports the following load sharing mode and combinations:
•
Load sharing mode automatically determined based on the packet type.
•
Source IP address.
•
Destination IP address.
•
Source MAC address.
NOTE:
Packets cannot be load shared based on source MAC addresses when the destination IP
addresses of the packets match multiport ARP entries. For more information about multiport
ARP entries, see Layer 3—IP Services Configuration Guide.
•
Destination MAC address.
•
Source IP address and destination IP address.
•
Source IP address and source port.
•
Destination IP address and destination port.
•
Source IP address, source port, destination IP address, and destination port.
•
Any combination of ingress port, source MAC address, and destination MAC address.
Examples
# Configure the global load sharing mode to load share packets based on destination MAC
addresses.
<Sysname> system-view
[Sysname] link-aggregation global load-sharing mode destination-mac
Related commands
display link-aggregation load-sharing mode
112
link-aggregation global load-sharing algorithm
link-aggregation global load-sharing seed
link-aggregation load-sharing mode
link-aggregation global load-sharing seed
Use link-aggregation global load-sharing seed to configure the per-flow load sharing algorithm
seed for Ethernet link aggregation.
Use undo link-aggregation global load-sharing seed to restore the default.
Syntax
link-aggregation global load-sharing seed seed-number
undo link-aggregation global load-sharing seed
Default
Algorithm seed 0 is used.
Views
System view
Predefined user roles
network-admin
Parameters
seed seed-number: Specifies a seed in the range of 1 to 7FFFFFFF.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
You can configure only the algorithm or the algorithm seed, or both. You can combine an algorithm
with different algorithm seeds to obtain different effects.
Examples
# Specify 1023 (3FF in hexadecimal format) as the per-flow load sharing algorithm seed.
<Sysname> system-view
[Sysname] link-aggregation global load-sharing seed 3FF
Related commands
display link-aggregation load-sharing mode
link-aggregation global load-sharing algorithm
link-aggregation global load-sharing mode
link-aggregation load-sharing mode
link-aggregation ignore vlan
Use link-aggregation ignore vlan to configure a Layer 2 aggregate interface to ignore the specified
VLANs.
Use undo link-aggregation ignore vlan to restore the default.
Syntax
link-aggregation ignore vlan vlan-id-list
undo link-aggregation ignore vlan vlan-id-list
113
Default
A Layer 2 aggregate interface does not ignore any VLANs.
Views
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID
or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094.
The value for vlan-id2 must be equal to or greater than the value for vlan-id1.
Usage guidelines
With this command configured, a Layer 2 aggregate interface ignores the permitted VLAN and VLAN
tagging mode configuration of the specified VLANs when choosing Selected ports.
Examples
# Configure Layer 2 aggregate interface bridge-aggregation 1 to ignore VLAN 50.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] link-aggregation ignore vlan 50
link-aggregation lacp traffic-redirect-notification enable
Use link-aggregation lacp traffic-redirect-notification enable to enable link-aggregation traffic
redirection.
Use undo link-aggregation lacp traffic-redirect-notification enable to disable link-aggregation
traffic redirection.
Syntax
link-aggregation lacp traffic-redirect-notification enable
undo link-aggregation lacp traffic-redirect-notification enable
Default
Link-aggregation traffic redirection is disabled.
Views
System view
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
When you shut down a Selected port in an aggregation group, this feature redirects traffic of the port
to other Selected ports. Zero packet loss is guaranteed for known unicast traffic, but not for unknown
unicast traffic.
When you restart an IRF member device that contains Selected ports, this feature redirects traffic of
the IRF member device to other IRF member devices. Zero packet loss is guaranteed for known
unicast traffic, but not for unknown unicast traffic.
114
Link-aggregation traffic redirection applies only to dynamic link aggregation groups and takes effect
on only known unicast packets.
To prevent traffic interruption, enable link-aggregation traffic redirection on devices at both ends of
the aggregate link.
Do not enable both spanning tree and link-aggregation traffic redirection on a device. Otherwise,
light packet loss might occur when the device reboots.
Link-aggregation traffic redirection cannot operate correctly on an edge aggregate interface.
Global link-aggregation traffic redirection settings take effect on all aggregation groups. A link
aggregation group preferentially uses the group-specific link-aggregation traffic redirection settings.
If group-specific link-aggregation traffic redirection is not configured, the group uses the global
link-aggregation traffic redirection settings.
As a best practice, enable link-aggregation traffic redirection on aggregate interfaces. If you enable
this feature globally, communication with a third-party peer device might be affected if the peer is not
compatible with this feature.
Examples
# Enable link-aggregation traffic redirection.
<Sysname> system-view
[Sysname] link-aggregation lacp traffic-redirect-notification enable
link-aggregation load-sharing mode
Use link-aggregation load-sharing mode to set the link-aggregation load sharing mode.
Use undo link-aggregation load-sharing mode to restore the default.
Syntax
link-aggregation load-sharing mode { destination-ip | destination-mac | source-ip |
source-mac } *
undo link-aggregation load-sharing mode
Default
The load sharing mode is the same as the global load sharing mode.
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
destination-ip: Load shares traffic based on destination IP addresses.
destination-mac: Load shares traffic based on destination MAC addresses.
source-ip: Load shares traffic based on source IP addresses.
source-mac: Load shares traffic based on source MAC addresses.
Usage guidelines
The load sharing mode that you configure overwrites the previous mode.
If an unsupported load sharing mode is configured, an error prompt appears.
115
In Layer 2 aggregate interface view, the switch supports the following load sharing mode and
combinations:
•
Load sharing mode automatically determined based on the packet type.
•
Source IP address.
•
Destination IP address.
•
Source MAC address.
NOTE:
Packets cannot be load shared based on source MAC addresses when the destination IP
addresses of the packets match multiport ARP entries. For more information about multiport
ARP entries, see Layer 3—IP Services Configuration Guide.
•
Destination MAC address.
•
Destination IP address and source IP address.
•
Destination MAC address and source MAC address.
Examples
# Configure Layer 2 aggregation group 1 to load share packets based on destination MAC
addresses.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] link-aggregation load-sharing mode destination-mac
Related commands
link-aggregation global load-sharing mode
link-aggregation load-sharing mode local-first
Use link-aggregation load-sharing mode local-first to enable local-first load sharing for link
aggregation.
Use undo link-aggregation load-sharing mode local-first to disable local-first load sharing for link
aggregation.
Syntax
link-aggregation load-sharing mode local-first
undo link-aggregation load-sharing mode local-first
Default
Local-first load sharing is enabled for link aggregation.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When you disable local-first load sharing, the packets will be load shared among all Selected ports of
the aggregate interface on all IRF member devices.
Local-first load sharing for link aggregation takes effect on only known unicast packets.
116
Examples
# Disable local-first load sharing for link aggregation.
<Sysname> system-view
[Sysname] undo link-aggregation load-sharing mode local-first
link-aggregation management-port
Use link-aggregation management-port to configure a management port for an aggregation
group.
Use undo link-aggregation management-port to restore the default.
Syntax
link-aggregation management-port
undo link-aggregation management-port
Default
A port does not act as a management port.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only when you configure a Selected port as a management port. You can
configure only one management port for an aggregation group.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as the management port of its aggregation group.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] link-aggregation management-port
link-aggregation management-vlan
Use link-aggregation management-vlan to specify link aggregation management VLANs.
Use undo link-aggregation management-vlan to remove link aggregation management VLANs.
Syntax
link-aggregation management-vlan vlan-id1 [ vlan-id2 ]
undo link-aggregation management-vlan [ vlan-id1 [ vlan-id2 ] ]
Default
No link aggregation management VLANs are specified.
Views
System view
Predefined user roles
network-admin
117
Parameters
vlan-id1: Specifies a management VLAN by its ID in the range of 1 to 4094.
vlan-id2: Specifies another management VLAN by its ID in the range of 1 to 4094.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify VLAN 2 and VLAN 3 as link aggregation management VLANs.
<Sysname> system-view
[Sysname] link-aggregation management-vlan 2 3
link-aggregation mode
Use link-aggregation mode dynamic to configure an aggregation group to operate in dynamic
aggregation mode and enable LACP.
Use undo link-aggregation mode to restore the default.
Syntax
link-aggregation mode dynamic
undo link-aggregation mode
Default
An aggregation group operates in static aggregation mode.
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Predefined user roles
network-admin
Examples
# Configure Layer 2 aggregation group 1 to operate in dynamic aggregation mode.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] link-aggregation mode dynamic
link-aggregation port-priority
Use link-aggregation port-priority to set the port priority of an interface.
Use undo link-aggregation port-priority to restore the default.
Syntax
link-aggregation port-priority port-priority
undo link-aggregation port-priority
Default
The port priority of an interface is 32768.
118
Views
Layer 2 Ethernet interface view
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
port-priority: Specifies the port priority in the range of 0 to 65535. The smaller the value, the higher
the port priority.
Examples
# Set the port priority to 64 for Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] link-aggregation port-priority 64
# Set the port priority to 64 for Layer 3 Ethernet interface Ten-GigabitEthernet 1/0/2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] link-aggregation port-priority 64
Related commands
lacp system-priority
link-aggregation selected-port maximum
Use link-aggregation selected-port maximum to configure the maximum number of Selected
ports allowed in an aggregation group.
Use undo link-aggregation selected-port maximum to restore the default.
Syntax
link-aggregation selected-port maximum number
undo link-aggregation selected-port maximum
Default
The maximum number of Selected ports allowed in an aggregation group is 32.
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of Selected ports allowed in an aggregation group, in the
range of 1 to 32.
Usage guidelines
Executing this command might cause some of the Selected ports in an aggregation group to become
Unselected ports.
119
The maximum number of Selected ports allowed in the aggregation groups of the local and peer
ends must be consistent.
The maximum number of Selected ports allowed in an aggregation group is limited by one of the
following values, whichever is smaller:
•
Maximum number configured by using the link-aggregation selected-port maximum
command.
•
Hardware limitation.
You can configure backup between two ports by performing the following tasks:
•
Assigning two ports to an aggregation group.
•
Setting the maximum number of Selected ports to 1 for the aggregation group.
Then, only one Selected port is allowed in the aggregation group at any point in time, while the
Unselected port acts as a backup port.
Examples
# Set the maximum number of Selected ports to 5 for Layer 2 aggregation group 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] link-aggregation selected-port maximum 5
Related commands
link-aggregation irf-enhanced
link-aggregation selected-port minimum
link-aggregation selected-port minimum
Use link-aggregation selected-port minimum to configure the minimum number of Selected ports
in the aggregation group.
Use undo link-aggregation selected-port minimum to restore the default.
Syntax
link-aggregation selected-port minimum number
undo link-aggregation selected-port minimum
Default
The minimum number of Selected ports in an aggregation group is not specified.
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
number: Specifies the minimum number of Selected ports in an aggregation group required to bring
up the aggregate interface, in the range of 1 to 32.
Usage guidelines
Executing this command might cause all member ports in the aggregation group to become
Unselected ports.
120
The minimum number of Selected ports allowed in the aggregation groups of the local and peer ends
must be consistent.
Examples
# Set the minimum number of Selected ports to 3 for Layer 2 aggregation group 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] link-aggregation selected-port minimum 3
Related commands
link-aggregation selected-port maximum
mtu
Use mtu to set the MTU for a Layer 3 aggregate interface or subinterface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU for Layer 3 aggregate interfaces and subinterfaces is 1500 bytes.
Views
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
Predefined user roles
network-admin
Parameters
size: Specifies the MTU in bytes, in the range of 128 to 1560.
Examples
# Set the MTU to 1430 bytes for Layer 3 aggregate interface Route-Aggregation 1.
<Sysname> system-view
[Sysname] interface route-aggregation 1
[Sysname-Route-Aggregation1] mtu 1430
Related commands
display interface
port link-aggregation group
Use port link-aggregation group to assign an Ethernet interface to an aggregation group.
Use undo port link-aggregation group to remove an Ethernet interface from the aggregation
group to which it belongs.
Syntax
port link-aggregation group number
undo port link-aggregation group
121
Default
An Ethernet interface does not belong to any aggregation group.
Views
Layer 2 Ethernet interface view
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
number: Specifies an aggregation group by its aggregate interface number in the range of 1 to 1024.
Usage guidelines
A Layer 2 Ethernet interface can be assigned to a Layer 2 aggregation group only. A Layer 3 Ethernet
interface can be assigned to a Layer 3 aggregation group only.
An Ethernet interface can belong to only one aggregation group.
Examples
# Assign Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1 to Layer 2 aggregation group 1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-aggregation group 1
# Assign Layer 3 Ethernet interface Ten-GigabitEthernet 1/0/2 to Layer 3 aggregation group 2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port link-aggregation group 2
reset counters interface
Use reset counters interface to clear statistics for the specified aggregate interfaces.
Syntax
reset counters interface [ { bridge-aggregation | route-aggregation } [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
bridge-aggregation: Specifies Layer 2 aggregate interfaces.
route-aggregation: Specifies Layer 3 aggregate interfaces.
interface-number: Specifies an aggregate interface number.
Usage guidelines
Use this command to clear history statistics before you collect traffic statistics for a time period.
If you do not specify any options, the command clears statistics for all interfaces in the system.
If you specify only the bridge-aggregation or route-aggregation keyword, the command clears
statistics for all Layer 2 or Layer 3 aggregate interfaces.
122
If you specify the bridge-aggregation interface-number or route-aggregation interface-number
option, the command clears statistics for the specified Layer 2 or Layer 3 aggregate interface.
The bridge-aggregation or route-aggregation keyword is available only when Layer 2 or Layer 3
aggregate interfaces exist on the device.
Examples
# Clear statistics for Layer 2 aggregate interface Bridge-Aggregation 1.
<Sysname> reset counters interface bridge-aggregation 1
reset lacp statistics
Use reset lacp statistics to clear LACP statistics for the specified link aggregation member ports.
Syntax
reset lacp statistics [ interface interface-list ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-list: Specifies a list of link aggregation member ports, in the format interface-type
interface-number [ to interface-type interface-number ]. interface-type interface-number specifies an
interface by its type and number. If you do not specify any member ports, the command clears LACP
statistics for all member ports.
Examples
# Clear LACP statistics for all link aggregation member ports.
<Sysname> reset lacp statistics
Related commands
display link-aggregation member-port
shutdown
Use shutdown to shut down an aggregate interface.
Use undo shutdown to bring up an aggregate interface.
Syntax
shutdown
undo shutdown
Views
Layer 2 aggregate interface view
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
Predefined user roles
network-admin
123
Usage guidelines
Shutting down or bringing up a Layer 3 aggregate interface shuts down or brings up its subinterfaces.
Shutting down or bringing up a Layer 3 aggregate subinterface does not affect its main interface.
Examples
# Bring up Layer 2 aggregate interface Bridge-Aggregation 1.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] undo shutdown
124
Port isolation commands
display port-isolate group
Use display port-isolate group to display port isolation group information.
Syntax
display port-isolate group [ group-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-number: Specifies an isolation group by its number in the range of 1 to 8.
Examples
# Display all isolation groups.
<Sysname> display port-isolate group
Port isolation group information:
Group ID: 2
Group members:
Ten-GigabitEthernet1/0/1
Group ID: 5
Group members:
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/4
# Display information about isolation group 2.
<Sysname> display port-isolate group 2
Port isolation group information:
Group ID: 2
Group members:
Ten-GigabitEthernet1/0/1
Table 27 Command output
Field
Description
Group ID
Isolation group number.
Group members
Isolated ports in the isolation group. If the isolation group contains no isolated ports, this
field displays No ports.
Related commands
port-isolate enable
125
port-isolate enable
Use port-isolate enable to assign a port to an isolation group.
Use undo port-isolate enable to remove a port from an isolation group.
Syntax
port-isolate enable group group-number
undo port-isolate enable
Default
The port is not assigned to any isolation group.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
group group-number: Specifies an isolation group by its number in the range of 1 to 8.
Usage guidelines
The configuration in Layer 2 Ethernet interface view applies only to the interface.
The configuration in Layer 2 aggregate interface view applies to the Layer 2 aggregate interface and
its aggregation member ports. If the device fails to apply the configuration to the aggregate interface,
it does not assign any aggregation member port to the isolation group. If the failure occurs on an
aggregation member port, the device skips the port and continues to assign other aggregation
member ports to the isolation group.
You cannot assign the member ports of a service loopback group to an isolation group, and vice
versa.
To assign ports to an isolation group, make sure the isolation group already exists.
One port can be assigned to only one isolation group.
Examples
# Assign ports Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 to isolation group 2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port-isolate enable group 2
[Sysname-Ten-GigabitEthernet1/0/1] quit
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port-isolate enable group 2
Related commands
display port-isolate group
port-isolate group
Use port-isolate group to create an isolation group.
Use undo port-isolate group to delete isolation groups.
126
Syntax
port-isolate group group-number
undo port-isolate group { group-number | all }
Default
No isolation group exists.
Views
System view
Predefined user roles
network-admin
Parameters
group-number: Specifies an isolation group by its number in the range of 1 to 8.
all: Deletes all isolation groups.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Create isolation group 2.
<Sysname> system-view
[Sysname] port-isolate group 2
127
Spanning tree commands
active region-configuration
Use active region-configuration to activate your MST region configuration.
Syntax
active region-configuration
Views
MST region view
Predefined user roles
network-admin
Usage guidelines
When you configure MST region parameters, MSTP launches a new spanning tree calculation
process that might cause network topology instability. This is most likely to occur when you configure
the VLAN-to-instance mapping table. The launch occurs after you execute the active
region-configuration command or the stp global enable command.
As a best practice, use the check region-configuration command to determine whether the MST
region configurations to be activated are correct. Run this command only when they are correct.
Examples
# Map VLAN 2 to MSTI 1 and manually activate the MST region configuration.
<Sysname> system-view
[Sysname] stp region-configuration
[Sysname-mst-region] instance 1 vlan 2
[Sysname-mst-region] active region-configuration
Related commands
check region-configuration
instance
region-name
revision-level
stp global enable
vlan-mapping modulo
bpdu-drop any
Use bpdu-drop any to enable BPDU drop on a port.
Use undo bpdu-drop any to disable BPDU drop on a port.
Syntax
bpdu-drop any
undo bpdu-drop any
Default
BPDU drop is disabled on a port.
128
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Examples
# Enable BPDU drop on port Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] bpdu-drop any
check region-configuration
Use check region-configuration to display MST region pre-configuration information, including the
region name, revision level, and VLAN-to-instance mapping settings.
Syntax
check region-configuration
Views
MST region view
Predefined user roles
network-admin
Usage guidelines
Spanning tree devices belong to the same MST region only when they are connected through a
physical link and configured with the same details as follows:
•
Format selector (0 by default and not configurable).
•
MST region name.
•
MST region revision level.
•
VLAN-to-instance mapping entries in the MST region.
As a best practice, use this command to determine whether the MST region configurations to be
activated are correct. Activate them only when they are correct.
Examples
# Display MST region pre-configurations.
<Sysname> system-view
[Sysname] stp region-configuration
[Sysname-mst-region] check region-configuration
Admin Configuration
Format selector
: 0
Region name
: 001122334400
Revision level
: 0
Configuration digest : 0x3ab68794d602fdf43b21c0b37ac3bca8
Instance
VLANs Mapped
0
1, 3 to 4094
15
2
129
Table 28 Command output
Field
Description
Format selector
Format selector of the MST region, which is 0 (not configurable).
Region name
MST region name.
Revision level
Revision level of the MST region.
Instance VLANs Mapped
VLAN-to-instance mappings in the MST region.
Related commands
active region-configuration
instance
region-name
revision-level
vlan-mapping modulo
display stp
Use display stp to display spanning tree status and statistics. Based on the information, you can
analyze and maintain the network topology or determine whether the spanning tree is working
correctly.
Syntax
display stp [ instance instance-list | vlan vlan-id-list ] [ interface interface-list | slot slot-number ]
[ brief ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
interface interface-list: Specifies a space-separated list of up to 10 interface items. Each item
specifies an interface or a range of interfaces in the form of interface-type interface-number 1 [ to
interface-type interface-number 2 ]. The interface number for interface-number 2 must be equal to or
greater than the interface number for interface-number 1.
brief: Displays brief spanning tree status and statistics. If this keyword is not specified, the command
displays the detailed spanning tree status and statistics.
slot slot-number: Specifies an IRF member device by its member ID. If this option is not specified on
an IRF fabric, the command applies to all member devices.
130
Usage guidelines
In STP or RSTP mode, the command output is sorted by port name.
•
If you do not specify a port, this command applies to all ports.
•
If you specify a port list, this command applies to the specified ports.
In PVST mode, the command output is sorted by VLAN ID and by port name in each VLAN.
•
If you do not specify a VLAN or port, this command applies to all ports in all VLANs.
•
If you only specify a VLAN list but not a port, this command applies to all ports in the specified
VLANs.
•
If you only specify a port list but not a VLAN, this command applies to the specified ports in all
VLANs.
•
If you specify both a VLAN list and a port list, this command applies to the ports in the specified
VLANs.
In MSTP mode, the command output is sorted by MSTI ID and by port name in each MSTI.
•
If you do not specify an MSTI or port, this command applies to all MSTIs on all ports.
•
If you specify an MSTI list but not a port, this command applies to all ports in the specified
MSTIs.
•
If you specify a port list but not an MSTI, this command applies to all MSTIs on the specified
ports.
•
If you specify both an MSTI list and a port list, this command applies to the specified ports in the
specified MSTIs.
During network convergence, the most recent spanning tree information is not displayed.
Examples
# In MSTP mode, display the brief spanning tree status and statistics for MSTI 0 on ports
Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/4.
<Sysname> display stp instance 0 interface ten-gigabitethernet 1/0/1 to
ten-gigabitethernet 1/0/4 brief
MST ID
Port
Role
STP State
Protection
0
Ten-GigabitEthernet1/0/1
ALTE
DISCARDING
LOOP
0
Ten-GigabitEthernet1/0/2
DESI
FORWARDING
NONE
0
Ten-GigabitEthernet1/0/3
DESI
FORWARDING
NONE
0
Ten-GigabitEthernet1/0/4
DESI
FORWARDING
NONE
# In PVST mode, display the brief spanning tree status and statistics for VLAN 2 on ports
Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/4.
<Sysname> system-view
[Sysname] stp mode pvst
[Sysname] display stp vlan 2 interface ten-gigabitethernet 1/0/1 to ten-gigabitethernet
1/0/4 brief
VLAN ID
Port
Role
STP State
Protection
2
Ten-GigabitEthernet1/0/1
ALTE
DISCARDING
LOOP
2
Ten-GigabitEthernet1/0/2
DESI
FORWARDING
NONE
2
Ten-GigabitEthernet1/0/3
DESI
FORWARDING
NONE
2
Ten-GigabitEthernet1/0/4
DESI
FORWARDING
NONE
Table 29 Command output
Field
Description
MST ID
MSTI ID in the MST region.
131
Field
Description
Port
Port name, corresponding to each MSTI or VLAN.
Role
Port role:
•
ALTE—The port is an alternate port.
•
BACK—The port is a backup port.
•
ROOT—The port is a root port.
•
DESI—The port is a designated port.
•
MAST—The port is a master port.
•
DISA—The port is disabled.
STP State
Spanning tree status on the port:
•
FORWARDING—The port can receive and send BPDUs and also forward user
traffic.
•
DISCARDING—The port can receive and send BPDUs but cannot forward
user traffic.
•
LEARNING—The port is in a transitional state. It can receive and send BPDUs
but cannot forward user traffic.
Protection
Effective spanning tree protection feature on the port:
•
ROOT—Root guard.
•
LOOP—Loop guard.
•
BPDU—BPDU guard.
•
NONE—No spanning tree protection feature is configured, or the spanning
tree protection is not triggered.
# In MSTP mode, display the detailed spanning tree status and statistics for all MSTIs on all ports.
<Sysname> display stp
-------[CIST Global Info][Mode MSTP]------Bridge ID
: 32768.000f-e200-2200
Bridge times
: Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC
: 0.00e0-fc0e-6554, 200200
RegRoot ID/IRPC
: 32768.000f-e200-2200, 0
RootPort ID
: 128.48
BPDU-Protection
: Disabled
Bridge ConfigDigest-Snooping
: Disabled
TC or TCN received
: 2
Time since last TC
: 0 days 0h:5m:42s
----[Port153(Ten-GigabitEthernet1/0/1)][FORWARDING]---Port protocol
: Enabled
Port role
: Designated Port (Boundary)
Port ID
: 128.153
Port cost(Legacy)
Desg.bridge/port
: Config=auto, Active=200
: 32768.000f-e200-2200, 128.2
Port edged
: Config=disabled, Active=disabled
Point-to-Point
: Config=auto, Active=true
Transmit limit
: 10 packets/hello-time
TC-Restriction
: Disabled
Role-Restriction
: Disabled
Protection type
: Config=none, Active=none
132
MST BPDU format
: Config=auto, Active=legacy
Port ConfigDigest-Snooping
: Disabled
Rapid transition
: False
Num of VLANs mapped : 1
Port times
: Hello 2s MaxAge 20s FwdDelay 15s MsgAge 2s RemHops 20
BPDU sent
: 186
TCN: 0, Config: 0, RST: 0, MST: 186
BPDU received
: 0
TCN: 0, Config: 0, RST: 0, MST: 0
-------[MSTI 1 Global Info]------Bridge ID
: 0.000f-e23e-9ca4
RegRoot ID/IRPC
: 0.000f-e23e-9ca4, 0
RootPort ID
: 0.0
Root type
: Primary root
Master bridge
: 32768.000f-e23e-9ca4
Cost to master
: 0
TC received
: 0
# In PVST mode, display the spanning tree status and statistics for all ports in all VLANs.
<Sysname> system-view
[Sysname] stp mode pvst
[Sysname] display stp
-------[VLAN 1 Global Info]------Protocol status
: Enabled
Bridge ID
: 32768.000f-e200-2200
Bridge times
: Hello 2s MaxAge 20s FwdDelay 15s
VlanRoot ID/RPC
: 0.00e0-fc0e-6554, 200200
RootPort ID
: 128.48
BPDU-Protection
: Disabled
TC or TCN received
: 2
Time since last TC
: 0 days 0h:5m:42s
----[Port1(Ethernet1/1)][FORWARDING]---Port protocol
: Enabled
Port role
: Designated Port
Port ID
: 128.153
Port cost(Legacy)
: Config=auto, Active=200
Desg. bridge/port
: 32768.000f-e200-2200, 128.2
Port edged
: Config=disabled, Active=disabled
Point-to-Point
: Config=auto, Active=true
Transmit limit
: 10 packets/hello-time
Protection type
: Config=none, Active=none
Rapid transition
: False
Port times
: Hello 2s MaxAge 20s FwdDelay 15s MsgAge 2s
-------[VLAN 2 Global Info]------Protocol status
: Enabled
133
Bridge ID
: 32768.000f-e200-2200
Bridge times
: Hello 2s MaxAge 20s FwDly 15s
VlanRoot ID/RPC
: 0.00e0-fc0e-6554, 200200
RootPort ID
: 128.48
BPDU-Protection
: Disabled
TC or TCN received
: 2
Time since last TC
: 0 days 0h:5m:42s
# In MSTP mode, display the spanning tree status and statistics when the spanning tree feature is
disabled.
<Sysname> display stp
Protocol status
: Disabled
Protocol Std.
: IEEE 802.1s
Version
Bridge-Prio.
: 3
: 32768
MAC address
: 000f-e200-8048
Max age(s)
: 20
Forward delay(s)
: 15
Hello time(s)
: 2
Max hops
: 20
TC Snooping
: Disabled
# In PVST mode, display the spanning tree status and statistics when the spanning tree feature is
disabled.
<Sysname> display stp
Protocol status
: Disabled
Protocol Std.
: IEEE 802.1w (pvst)
Version
: 2
Bridge-Prio.
: 32768
MAC address
: 3822-d69f-0800
Max age(s)
: 20
Forward delay(s)
: 15
Hello time(s)
: 2
TC Snooping
: Disabled
Table 30 Command output
Field
Description
Bridge ID
Bridge ID, which contains the device's priority and MAC address. For example, in
output 32768.000f-e200-2200, the value preceding the dot is the device's priority.
The value following the dot is the device's MAC address.
Bridge times
Major parameters for the bridge:
•
Hello—Hello timer.
•
MaxAge—Maximum age timer.
•
FwdDelay—Forward delay timer.
•
MaxHops—Maximum hops within the MST region.
Root ID/ERPC
CIST root ID and external path cost (the path cost from the device to the CIST root).
RegRoot ID/IRPC
CIST regional root ID and internal path cost (the path cost from the device to the
CIST regional root).
VlanRoot ID/RPC
VLAN root ID and root path cost (the path cost from the device to the VLAN root
bridge).
134
Field
Description
RootPort ID
Root port ID. The value 0.0 indicates that the device is the root and there is no root
port.
BPDU-Protection
Global status of the BPDU guard function.
Bridge ConfigDigest-Snooping
Global status of Digest Snooping.
TC or TCN received
Number of TC/TCN BPDUs received in the MSTI or VLAN.
Time since last TC
Time since the latest topology change in the MSTI or VLAN.
[FORWARDING]
The port is in forwarding state.
[DISCARDING]
The port is in discarding state.
[LEARNING]
The port is in learning state.
Port protocol
Status of the spanning tree feature on the port.
Port role
Port role:
•
Alternate.
•
Backup.
•
Root.
•
Designated.
•
Master.
•
Disabled.
(Boundary)
The port is a regional boundary port.
Port cost(Legacy)
Path cost of the port. The field in parentheses indicates the standard (legacy,
dot1d-1998, or dot1t) used for port path cost calculation.
•
Config—Configured value.
•
Active—Actual value.
Desg.bridge/port
Designated bridge ID and port ID of the port.
The port ID displayed is insignificant for a port which does not support port priority.
Port edged
The port is an edge port or non-edge port.
•
Config—Configured value.
•
Active—Actual value.
Point-to-Point
The port is connected to a point-to-point link or not.
•
Config—Configured value.
•
Active—Actual value.
Transmit limit
Number of BPDUs sent within each hello time.
Whether spanning tree protection is configured on the port:
•
Config—Configured spanning tree protection feature.
•
Active—Effective spanning tree protection feature.
Protection type
Spanning tree protection features are as follows:
•
root—Root guard.
•
loop—Loop guard.
•
bpdu—BPDU guard.
•
none—No spanning tree protection feature is configured, or the spanning tree
protection is not triggered.
TC-Restriction
Status of TC transmission restriction on the port.
Role-Restriction
Status of port role restriction on the port.
135
Field
Description
MST BPDU format
Format of the MST BPDUs that the port can send:
•
Config—Configured value (legacy or 802.1s).
•
Active—Actual value (legacy or 802.1s).
Port ConfigDigest-Snooping
Status of Digest Snooping on the port.
Rapid transition
Indicates whether the port rapidly transits to the forwarding state in the MSTI or
VLAN.
Num of VLANs
mapped
Number of VLANs that are mapped to the MSTI.
Port times
Major parameters for the port:
•
Hello—Hello timer.
•
MaxAge—Maximum age timer.
•
FwdDelay—Forward delay timer.
•
MsgAge—Message age timer.
•
RemHops—Remaining hops.
BPDU sent
Statistics on sent BPDUs.
BPDU received
Statistics on received BPDUs.
RegRoot ID/IRPC
MSTI regional root/internal path cost.
Root Type
MSTI root type:
•
Primary root.
•
Secondary root.
Master bridge
MSTI root bridge ID.
Cost to master
Path cost from the MSTI to the master bridge.
TC received
Number of received TC BPDUs.
Protocol status
Spanning tree protocol status.
Protocol Std.
Spanning tree protocol standard.
Version
Spanning tree protocol version.
Bridge-Prio.
•
•
Max age(s)
Aging timer for BPDUs (in seconds, which is the same as the aging timer for VLAN 1
in PVST mode).
Forward delay(s)
Port state transition delay (in seconds, which is the same as the forward delay for
VLAN 1 in PVST mode).
Hello time(s)
Interval for the root bridge to send BPDUs (in seconds, which is the same as the
interval for VLAN 1 in PVST mode).
Max hops
Maximum hops in the MSTI.
TC Snooping
Status of TC Snooping, which can be Enabled or Disabled.
In MSTP mode: Device's priority in the CIST.
In PVST mode: Device's priority in VLAN 1.
Related commands
reset stp
136
display stp abnormal-port
Use display stp abnormal-port to display information about ports that are blocked by spanning tree
protection functions.
Syntax
display stp abnormal-port
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# In MSTP mode, display information about ports that are blocked by spanning tree protection
functions.
<Sysname> display stp abnormal-port
MST ID
Blocked Port
Reason
1
Ten-GigabitEthernet1/0/1
Root-Protected
2
Ten-GigabitEthernet1/0/2
Loop-Protected
12
Ten-GigabitEthernet1/0/3
Loopback-Protected
# In PVST mode, display information about ports that are blocked by spanning tree protection
functions.
<Sysname> system-view
[Sysname] stp mode pvst
[Sysname] display stp abnormal-port
VLAN ID
Blocked Port
Reason
1
Ten-GigabitEthernet1/0/1
Root-Protected
2
Ten-GigabitEthernet1/0/2
Loop-Protected
2
Ten-GigabitEthernet1/0/3
Loopback-Protected
Table 31 Command output
Field
Description
MST ID
MSTI of the blocked port.
VLAN ID
VLAN of the blocked port.
Blocked Port
Name of a blocked port.
Reason
Reason that the port was blocked:
•
Root-Protected—Root guard function.
•
Loop-Protected—Loop guard function.
•
Loopback-Protected—Self-loop protection. A port in the MSTI receives a
BPDU that it sends.
•
Disputed—Dispute protection. A port receives a low-priority BPDU from a
non-blocked designated port.
•
InconsistentPortType-Protected—Inconsistent port type protection.
•
InconsistentPvid-Protected—Inconsistent PVID protection.
137
display stp bpdu-statistics
Use display stp bpdu-statistics to display the BPDU statistics on ports.
Syntax
display stp bpdu-statistics [ interface interface-type interface-number [ instance instance-list ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
Usage guidelines
In MSTP mode, the command output is sorted by port name and by MSTI ID on each port.
•
If you do not specify an MSTI or port, this command applies to all MSTIs on all ports.
•
If you specify a port but not an MSTI, this command applies to all MSTIs on the port.
•
If you specify both an MSTI ID and a port, this command applies to the specified MSTI on the
port.
In STP, RSTP, or PVST mode, the command output is sorted by port name.
•
If you do not specify a port, this command applies to all ports.
•
If you specify a port, this command applies to the port.
Examples
# In MSTP mode, display the BPDU statistics for all MSTIs on Ten-GigabitEthernet 1/0/1.
<Sysname> display stp bpdu-statistics interface ten-gigabitethernet 1/0/1
Port: Ten-GigabitEthernet1/0/1
Instance-Independent:
Type
Count
Last Updated
--------------------------- ---------- ----------------Invalid BPDUs
0
Looped-back BPDUs
0
Max-aged BPDUs
0
TCN sent
0
TCN received
0
TCA sent
0
TCA received
2
Config sent
0
Config received
0
RST sent
0
10:33:12 01/13/2011
138
RST received
0
MST sent
4
10:33:11 01/13/2011
MST received
151
10:37:43 01/13/2011
Count
Last Updated
Instance 0:
Type
--------------------------- ---------- ----------------Timeout BPDUs
0
Max-hoped BPDUs
0
TC detected
1
10:32:40 01/13/2011
TC sent
3
10:33:11 01/13/2011
TC received
0
# In PVST mode, display the BPDU statistics for Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] stp mode pvst
[Sysname] display stp bpdu-statistics interface ten-gigabitethernet 1/0/1
Port: Ten-GigabitEthernet1/0/1
Type
Count
Last Updated
--------------------------- ---------- ----------------Invalid BPDUs
0
Looped-back BPDUs
0
Max-aged BPDUs
0
TCN sent
0
TCN received
0
TCA sent
0
TCA received
2
Config sent
0
Config received
0
RST sent
0
RST received
0
MST sent
4
10:33:11 01/13/2010
MST received
151
10:37:43 01/13/2010
Timeout BPDUs
0
Max-hoped BPDUs
0
TC detected
511
10:32:40 01/13/2010
TC sent
8844
10:33:11 01/13/2010
TC received
1426
10:33:32 01/13/2010
10:33:12 01/13/2010
Table 32 Command output
Field
Description
Port
Port name.
Instance-Independent
Statistics not related to any particular MSTI.
Type
Statistical item.
Looped-back BPDUs
BPDUs sent and then received by the same port.
Max-aged BPDUs
BPDUs whose max age was exceeded.
139
Field
Description
TCN sent
TCN BPDUs sent.
TCN received
TCN BPDUs received.
TCA sent
TCA BPDUs sent.
TCA received
TCA BPDUs received.
Config sent
Configuration BPDUs sent.
Config received
Configuration BPDUs sent.
RST sent
Configuration BPDUs received.
RST received
RSTP BPDUs sent.
MST sent
RSTP BPDUs received.
MST received
MSTP BPDUs sent.
Instance
Statistical information for a particular MSTI.
Timeout BPDUs
Expired BPDUs.
Max-hoped BPDUs
BPDUs whose maximum hops were exceeded.
TC detected
TC BPDUs detected.
TC sent
TC BPDUs sent.
TC received
TC BPDUs received.
display stp down-port
Use display stp down-port to display information about ports that were shut down by spanning tree
protection functions.
Syntax
display stp down-port
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about ports that were shut down by spanning tree protection functions.
<Sysname> display stp down-port
Down Port
Reason
Ten-GigabitEthernet1/0/1
BPDU-Protected
Table 33 Command output
Field
Description
Down Port
Name of a port that was shut down by the spanning tree protection functions.
Reason
Reason that the port was shut down. BPDU-Protected indicates the BPDU guard
function.
140
display stp history
Use display stp history to display port role calculation history.
Syntax
display stp [ instance instance-list | vlan vlan-id-list ] history [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
slot slot-number: Specifies an IRF member device by its member ID. If this option is not specified on
an IRF fabric, the command applies to all member devices.
Usage guidelines
In STP or RSTP mode, the output is sorted by port role calculation time.
In PVST mode, the command output is sorted by VLAN ID and by port role calculation time in each
VLAN.
•
If you do not specify a VLAN, this command applies to all VLANs.
•
If you specify a VLAN list, this command applies to the specified VLANs.
In MSTP mode, the command output is sorted by MSTI ID and by port role calculation time in each
MSTI.
•
If you do not specify an MSTI, this command applies to all MSTIs.
•
If you specify an MSTI list, this command applies to the specified MSTIs.
Examples
# In MSTP mode, display the port role calculation history for IRF member device 1 in MSTI 2.
<Sysname> display stp instance 2 history slot 1
--------------- STP slot 1 history trace ---------------------------------
Instance 2
---------------------
Port Ten-GigabitEthernet1/0/1
Role change
: ROOT->DESI (Aged)
Time
: 2009/02/08 00:22:56
Port priority
: 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1
Designated priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1
Port Ten-GigabitEthernet1/0/2
Role change
: ALTER->ROOT
Time
: 2009/02/08 00:22:56
Port priority
: 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.2
141
128.153
Designated priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.2
128.153
# In PVST mode, display the port role calculation history for IRF member device 1 in VLAN 2.
<Sysname> display stp vlan 2 history slot 1
--------------- STP slot 1 history trace ---------------------------------
VLAN 2
---------------------
Port Ten-GigabitEthernet1/0/1
Role change
: ROOT->DESI (Aged)
Time
: 2009/02/08 00:22:56
Port priority
: 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1
Designated priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.1
Port Ten-GigabitEthernet1/0/2
Role change
: ALTER->ROOT
Time
: 2009/02/08 00:22:56
Port priority
: 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.2
Designated priority : 0.00e0-fc01-6510 0 0.00e0-fc01-6510 128.2
Table 34 Command output
Field
Description
Port
Port name.
Role change
Role change of the port (Aged means that the change was caused by expiration
of the received configuration BPDU).
Time
Time of port role calculation.
display stp region-configuration
Use display stp region-configuration to display effective MST region configuration, including the
following information:
•
Region name.
•
Revision level.
•
User-configured VLAN-to-instance mappings.
Syntax
display stp region-configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# In MSTP mode, display effective MST region configuration.
<Sysname> display stp region-configuration
Oper Configuration
Format selector
: 0
142
Region name
: hello
Revision level
: 0
Configuration digest : 0x5f762d9a46311effb7a488a3267fca9f
Instance
VLANs Mapped
0
21 to 4094
1
1 to 10
2
11 to 20
Table 35 Command output
Field
Description
Format selector
Format selector that is defined by the spanning tree protocol. The default
value is 0, and the selector cannot be configured.
Region name
MST region name.
Revision level
Revision level of the MST region. The default value is 0, and the level can be
configured by using the revision-level command.
VLANs Mapped
VLANs mapped to the MSTI.
Related commands
instance
region-name
revision-level
vlan-mapping modulo
display stp root
Use display stp root to display the root bridge information of spanning trees.
Syntax
display stp root
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# In MSTP mode, display the root bridge information of all spanning trees.
<Sysname> display stp root
MST ID
Root Bridge ID
ExtPathCost IntPathCost Root Port
0
0.00e0-fc0e-6554
200200
0
Ten-GigabitEthernet1/0/1
# In PVST mode, display the root bridge information of all spanning trees.
<Sysname> display stp root
VLAN ID
Root Bridge ID
ExtPathCost IntPathCost Root Port
1
0.00e0-fc0e-6554
200200
143
0
Ten-GigabitEthernet1/0/1
Table 36 Command output
Field
Description
ExtPathCost
External path cost. The device automatically calculates the default path cost of a
port. Or, you can use the stp cost command to configure the path cost of a port.
IntPathCost
Internal path cost. The device automatically calculates the default path cost of a
port. Or, you can use the stp cost command to configure the path cost of a port.
Root Port
Root port name (displayed only if a port of the device is the root port of MSTIs).
display stp tc
Use display stp tc to display the incoming and outgoing TC/TCN BPDU statistics for ports.
Syntax
display stp [ instance instance-list | vlan vlan-id-list ] tc [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
slot slot-number: Specifies an IRF member device by its member ID. If this option is not specified on
an IRF fabric, the command applies to all member devices.
Usage guidelines
In STP or RSTP mode, the output is sorted by port name.
In PVST mode, the command output is sorted by VLAN ID and by port name in each VLAN.
•
If you do not specify a VLAN, this command applies to all VLANs.
•
If you specify a VLAN list, this command applies to the specified VLANs.
In MSTP mode, the command output is sorted by MSTI ID and by port name in each MSTI.
•
If you do not specify an MSTI, this command applies to all MSTIs.
•
If you specify an MSTI list, this command applies to the specified MSTIs.
Examples
# In MSTP mode, display the incoming and outgoing TC/TCN BPDU statistics for all ports on IRF
member device 1 in MSTI 0.
<Sysname> display stp instance 0 tc slot 1
-------------- STP slot 1 TC or TCN count ------------MST ID
0
Port
Receive
Ten-GigabitEthernet1/0/1
6
144
Send
4
0
Ten-GigabitEthernet1/0/2
0
2
# In PVST mode, display the incoming and outgoing TC/TCN BPDU statistics for all ports on IRF
member device 1 in VLAN 2.
<Sysname> display stp vlan 2 tc slot 1
-------------- STP slot 1 TC or TCN count ------------VLAN ID
Port
Receive
Send
2
Ten-GigabitEthernet1/0/1
6
4
2
Ten-GigabitEthernet1/0/2
0
2
Table 37 Command output
Field
Description
Port
Port name.
Receive
Number of TC/TCN BPDUs received on each port.
Send
Number of TC/TCN BPDUs sent by each port.
instance
Use instance to map a list of VLANs to an MSTI.
Use undo instance to remap the specified VLAN or all VLANs to the CIST (MSTI 0).
Syntax
instance instance-id vlan vlan-id-list
undo instance instance-id [ vlan vlan-id-list ]
Default
All VLANs are mapped to the CIST.
Views
MST region view
Predefined user roles
network-admin
Parameters
instance-id: Specifies an MSTI ID in the range of 0 to 4094. A value of 0 represents the CIST. The
value range for the instance-id argument is 1 to 4094 for the undo instance command.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
Usage guidelines
CAUTION:
Use caution with global Digest Snooping in the following situations:
• When you modify the VLAN-to-instance mappings.
• When you restore the default MST region configuration.
If the local device has different VLAN-to-instance mappings than its neighboring devices, loops or
traffic interruption will occur.
145
If you specify no VLAN in the undo instance command, all VLANs mapped to the specified MSTI
are remapped to the CIST.
You cannot map the same VLAN to different MSTIs. If you map a VLAN that has been mapped to an
MSTI to a new MSTI, the old mapping is automatically removed.
You can configure VLAN-to-instance mapping for up to 65 MSTIs.
After configuring this command, run the active region-configuration command to activate the
VLAN-to-instance mapping.
Examples
# Map VLAN 2 to MSTI 1.
<Sysname> system-view
[Sysname] stp region-configuration
[Sysname-mst-region] instance 1 vlan 2
Related commands
active region-configuration
check region-configuration
display stp region-configuration
region-name
Use region-name to configure the MST region name.
Use undo region-name to restore the default MST region name.
Syntax
region-name name
undo region-name
Default
The MST region name of a device is its MAC address.
Views
MST region view
Predefined user roles
network-admin
Parameters
name: Specifies the MST region name, a string of 1 to 32 characters.
Usage guidelines
The MST region name, the VLAN-to-instance mapping table, and the MSTP revision level of a device
determine the device's MST region.
After configuring this command, run the active region-configuration command to activate the
configured MST region name.
Examples
# Set the MST region name of the device to hello.
<Sysname> system-view
[Sysname] stp region-configuration
[Sysname-mst-region] region-name hello
146
Related commands
active region-configuration
check region-configuration
display stp region-configuration
instance
revision-level
vlan-mapping modulo
reset stp
Use reset stp to clear spanning tree statistics. The spanning tree statistics include the numbers of
TCN BPDUs, configuration BPDUs, RST BPDUs, and MST BPDUs that are sent and received
through the specified ports.
Syntax
reset stp [ interface interface-list ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-list: Specifies a space-separated list of up to 10 interface items. Each item
specifies an interface or a range of interfaces in the form of interface-type interface-number 1 [ to
interface-type interface-number 2 ]. The interface number for interface-number 2 must be equal to or
greater than the interface number for interface-number 1. If you don't specify this option, this
command clears the spanning tree-related statistics information on all ports.
Examples
# Clear the spanning tree statistics on ports Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet
1/0/3.
<Sysname> reset stp interface ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/3
Related commands
display stp
revision-level
Use revision-level to configure the MSTP revision level.
Use undo revision-level to restore the default MSTP revision level.
Syntax
revision-level level
undo revision-level
Default
The MSTP revision level is 0.
Views
MST region view
147
Predefined user roles
network-admin
Parameters
level: Specifies an MSTP revision level in the range of 0 to 65535.
Usage guidelines
The MSTP revision level, the MST region name, and the VLAN-to-instance mapping table of a device
determine the device's MST region.
After configuring this command, run the active region-configuration command to activate the
configured MST region level.
Examples
# Set the MSTP revision level of the MST region to 5.
<Sysname> system-view
[Sysname] stp region-configuration
[Sysname-mst-region] revision-level 5
Related commands
active region-configuration
check region-configuration
display stp region-configuration
instance
region-name
vlan-mapping modulo
snmp-agent trap enable stp
Use snmp-agent trap enable stp to enable SNMP notifications for new-root election events or
spanning tree topology changes.
Use undo snmp-agent trap enable stp to disable SNMP notifications for new-root election events
or spanning tree topology changes.
Syntax
snmp-agent trap enable stp [ new-root | tc ]
undo snmp-agent trap enable stp [ new-root | tc ]
Default
SNMP notifications are disabled for new-root election events.
In MSTP mode, SNMP notifications are enabled in MSTI 0 and disabled in other MSTIs for spanning
tree topology changes.
In PVST mode, SNMP notifications are disabled for spanning tree topology changes in all VLANs.
Views
System view
Predefined user roles
network-admin
148
Parameters
new-root: Enables the device to send traps if the device is elected as a new root bridge. This
keyword applies only to STP, MSTP, and RSTP modes.
tc: Enables the device to send traps if the device receives TCN BPDUs. This keyword applies only to
PVST mode.
Usage guidelines
If no keyword is specified, the snmp-agent trap enable stp command applies to SNMP notifications
for different events as follows:
•
In STP, MSTP, and RSTP modes, the command applies to SNMP notifications for new-root
election events.
•
In PVST mode, the command applies to SNMP notifications for spanning tree topology
changes.
Examples
# Enable SNMP notifications for new-root election events.
<Sysname> system-view
[Sysname] snmp-agent trap enable stp new-root
Related commands
stp log enable tc
stp bpdu-protection
Use stp bpdu-protection to enable BPDU guard globally.
Use undo stp bpdu-protection to disable BPDU guard globally.
Syntax
stp bpdu-protection
undo stp bpdu-protection
Default
BPDU guard is disabled globally.
Views
System view
Predefined user roles
network-admin
Examples
# Enable BPDU guard globally.
<Sysname> system-view
[Sysname] stp bpdu-protection
Related commands
stp edged-port
stp port bpdu-protection
stp bridge-diameter
Use stp bridge-diameter to specify the network diameter.
149
Use undo stp bridge-diameter to restore the default.
Syntax
stp [ vlan vlan-id-list ] bridge-diameter diameter
undo stp [ vlan vlan-id-list ] bridge-diameter
Default
The network diameter of the switched network is 7.
Views
System view
Predefined user roles
network-admin
Parameters
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. If you
set the STP, RSTP, or MSTP switched network diameter, do not specify this option.
diameter: Specifies the switched network diameter in the range of 2 to 7.
Usage guidelines
The switched network diameter refers to the maximum number of devices on the path for an edge
device to reach another through the root bridge.
An appropriate setting of hello time, forward delay, and max age can speed up network convergence.
The values of these timers are related to the network size, and you can set the timers by setting the
network diameter. With the network diameter set to 7 (the default), the three timers are also set to
their defaults.
In STP, RSTP, or MSTP mode, each MST region is considered a device, and the configured network
diameter of the switched network takes effect only on the CIST (or the common root bridge).
In PVST mode, the configured network diameter takes effect only on the root bridges of the specified
VLANs.
Examples
# In MSTP mode, set the network diameter of the switched network to 5.
<Sysname> system-view
[Sysname] stp bridge-diameter 5
# In PVST mode, set the network diameter of VLAN 2 in the switched network to 5.
<Sysname> system-view
[Sysname] stp vlan 2 bridge-diameter 5
Related commands
stp timer forward-delay
stp timer hello
stp timer max-age
stp compliance
Use stp compliance to configure the mode that a port uses to recognize and send MSTP BPDUs.
Use undo stp compliance to restore the default.
150
Syntax
stp compliance { auto | dot1s | legacy }
undo stp compliance
Default
A port automatically recognizes the formats of received MSTP packets and determines the formats
of MSTP packets to be sent based on the recognized formats.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
auto: Configures the port to recognize the MSTP BPDU format automatically and determine the
format of MSTP BPDUs to send.
dot1s: Configures the port to receive and send only standard-format (802.1s-compliant) MSTP
BPDUs.
legacy: Configures the port to receive and send only compatible-format MSTP BPDUs.
Usage guidelines
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to send only standard-format (802.1s) MSTP packets.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp compliance dot1s
stp config-digest-snooping
Use stp config-digest-snooping to enable Digest Snooping.
Use undo stp config-digest-snooping to disable Digest Snooping.
Syntax
stp config-digest-snooping
undo stp config-digest-snooping
Default
Digest Snooping is disabled.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
151
Predefined user roles
network-admin
Usage guidelines
Enable this feature both globally and on ports connected to other vendors' devices. To minimize
impact, enable the feature on all associated ports before you enable it globally.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Enable Digest Snooping on Ten-GigabitEthernet 1/0/1 and then globally.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp config-digest-snooping
[Sysname-Ten-GigabitEthernet1/0/1] quit
[Sysname] stp global config-digest-snooping
Related commands
display stp
stp global config-digest-snooping
stp cost
Use stp cost to set the path cost of a port.
Use undo stp cost to restore the default.
Syntax
stp [ instance instance-list | vlan vlan-id-list ] cost cost
undo stp [ instance instance-list | vlan vlan-id-list ] cost
Default
The device automatically calculates the path costs of ports in each spanning tree based on the
corresponding standard.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
152
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
cost: Specifies the path cost of the port, with an effective range that depends on the path cost
calculation standard that is used.
•
When the IEEE 802.1d-1998 standard is selected for path cost calculation, the value range for
the cost argument is 1 to 65535.
•
When the IEEE 802.1t standard is selected for path cost calculation, the value range for the
cost argument is 1 to 200000000.
•
When the private standard is selected for path cost calculation, the value range for the cost
argument is 1 to 200000.
Usage guidelines
Path cost is an important factor in spanning tree calculation. Setting different path costs for a port in
MSTIs allows VLAN traffic flows to be forwarded along different physical links. This results in
VLAN-based load balancing.
The path cost setting of a port can affect the role selection of the port. When the path cost of a port is
changed, the system calculates the role of the port and initiates a state transition.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, is takes effect only
after the port leaves the aggregation group.
If you do not specify an MSTI or VLAN, this command sets the path cost of the ports in the MSTP
CIST or in the STP or RSTP spanning tree.
Examples
# In MSTP mode, set the path cost of port Ten-GigabitEthernet 1/0/3 in MSTI 2 to 200.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] stp instance 2 cost 200
# In PVST mode, set the path cost of port Ten-GigabitEthernet 1/0/3 in VLAN 2 to 200.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] stp vlan 2 cost 200
Related commands
display stp
stp pathcost-standard
stp edged-port
Use stp edged-port to configure a port as an edge port.
Use undo stp edged-port to configure a port as a non-edge port.
Syntax
stp edged-port
undo stp edged-port
153
Default
All ports are non-edge ports.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
A port directly connecting to a user terminal rather than another device or a shared LAN segment can
be configured as an edge port. In case the network topology changes, an edge port does not cause
a temporary loop. You can enable the port to transit to the forwarding state rapidly by configuring it as
an edge port. As a best practice, configure ports that directly connect to user terminals as edge ports.
Typically, configuration BPDUs from other devices cannot reach an edge port, because the edge port
does not connect to any other device. When BPDU guard is disabled on a port configured as an edge
port, the port acts as a non-edge port if it receives configuration BPDUs.
On a port, the loop guard function and the edge port setting are mutually exclusive.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as an edge port.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp edged-port
Related commands
stp bpdu-protection
stp loop-protection
stp port bpdu-protection
stp root-protection
stp enable
Use stp enable to enable the spanning tree feature.
Use undo stp enable to disable the spanning tree feature.
Syntax
stp enable
undo stp enable
Default
The spanning tree feature is enabled on all ports.
154
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
When you enable the spanning tree feature, the device operates in STP, RSTP, PVST, or MSTP
mode, depending on the spanning tree mode setting.
When you enable the spanning tree feature, the device dynamically maintains the spanning tree
status of VLANs, based on received configuration BPDUs.
When you disable the spanning tree feature, the device stops maintaining the spanning tree status.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# In MSTP mode, disable the spanning tree feature on port Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] undo stp enable
Related commands
stp global enable
stp mode
stp vlan enable
stp global config-digest-snooping
Use stp global config-digest-snooping to enable Digest Snooping globally.
Use undo stp global config-digest-snooping to disable Digest Snooping globally.
Syntax
stp global config-digest-snooping
undo stp global config-digest-snooping
Default
Digest Snooping is disabled globally.
Views
System view
Predefined user roles
network-admin
155
Usage guidelines
Enable this feature both globally and on ports connected to other vendors' devices. To minimize
impact, enable the feature on all associated ports before you enable it globally.
Examples
# Enable Digest Snooping on Ten-GigabitEthernet 1/0/1 and then globally.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp config-digest-snooping
[Sysname-Ten-GigabitEthernet1/0/1] quit
[Sysname] stp global config-digest-snooping
Related commands
display stp
stp config-digest-snooping
stp global enable
Use stp global enable to enable the spanning tree feature globally.
Use undo stp global enable to disable the spanning tree feature globally.
Syntax
stp global enable
undo stp global enable
Default
If the device starts up with the initial settings, the spanning tree feature is disabled globally.
If the device starts up with the factory defaults, the spanning tree feature is enabled globally.
For more information about the startup configuration, see Fundamentals Configuration Guide.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When you enable the spanning tree feature, the device operates in STP, RSTP, PVST, or MSTP
mode, depending on the spanning tree mode setting.
When the spanning tree feature is enabled, the device dynamically maintains the spanning tree
status of VLANs based on received configuration BPDUs. When the spanning tree feature is
disabled, the device stops maintaining the spanning tree status.
Examples
# Enable the spanning tree feature globally.
<Sysname> system-view
[Sysname] stp global enable
Related commands
stp enable
stp mode
156
stp global mcheck
Use stp global mcheck to perform the mCheck operation globally.
Syntax
stp global mcheck
Views
System view
Predefined user roles
network-admin
Usage guidelines
When a port on an MSTP, RSTP, or PVST device connects to an STP device and receives STP
BPDUs, the port automatically transits to the STP mode. However, the port cannot automatically
transit back to the original mode when the following conditions exist:
•
The peer STP device is shut down or removed.
•
The port cannot detect the change.
In this case, you can perform an mCheck operation to forcibly transit the port to operate in the
original mode.
The device operates in STP, RSTP, PVST, or MSTP mode, depending on the spanning tree mode
setting.
The stp global mcheck command takes effect only when the device operates in MSTP, RSTP, or
PVST mode.
Examples
# Perform mCheck globally.
<Sysname> system-view
[Sysname] stp global mcheck
Related commands
stp mcheck
stp mode
stp log enable tc
Use stp log enable tc to enable the device to generate a log when it detects or receives a TCN
BPDU in PVST mode.
Use undo stp log enable tc to restore the default.
Syntax
stp log enable tc
undo stp log enable tc
Default
In PVST mode, the device does not generate a log when it detects or receives a TCN BPDU.
Views
System view
157
Predefined user roles
network-admin
Usage guidelines
The command takes effect only in PVST mode.
Examples
# Enable the device to generate a log when it detects or receives a TCN BPDU in PVST mode.
<Sysname> system-view
[Sysname] stp log enable tc
Related commands
snmp-agent trap enable stp
stp loop-protection
Use stp loop-protection to enable loop guard on a port.
Use undo stp loop-protection to disable loop guard on a port.
Syntax
stp loop-protection
undo stp loop-protection
Default
Loop guard is disabled.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
On a port, the loop guard feature is mutually exclusive with the root guard feature or the edge port
setting.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Enable loop guard on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp loop-protection
Related commands
stp edged-port
stp root-protection
158
stp max-hops
Use stp max-hops to set the maximum number of hops for an MST region.
Use undo stp max-hops to restore the default.
Syntax
stp max-hops hops
undo stp max-hops
Default
The maximum number of hops for an MST region is 20.
Views
System view
Predefined user roles
network-admin
Parameters
hops: Sets the maximum hops in the range of 1 to 40.
Examples
# Set the maximum hops of the MST region to 35.
<Sysname> system-view
[Sysname] stp max-hops 35
Related commands
display stp
stp mcheck
Use stp mcheck to perform the mCheck operation on a port.
Syntax
stp mcheck
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
When a port on an MSTP, RSTP, or PVST device connects to an STP device and receives STP
BPDUs, the port automatically transits to the STP mode. However, the port cannot automatically
transit back to the original mode when the following conditions exist:
•
The peer STP device is shut down or removed.
•
The port cannot detect the change.
In this case, you can perform an mCheck operation to forcibly transit the port to operation in the
original mode.
159
For example, Device A, Device B, and Device C are connected in sequence. Device A runs STP,
Device B does not run any spanning tree protocol, and Device C runs RSTP, MSTP, or PVST. When
Device C receives an STP BPDU transparently transmitted by Device B, the receiving port transits to
the STP mode. If you configure Device B to run RSTP, MSTP, or PVST with Device C, perform
mCheck operations on the ports that connect Device B and Device C.
The device operates in STP, RSTP, PVST, or MSTP mode, depending on the spanning tree mode
setting.
The stp mcheck command takes effect only when the device operates in MSTP, RSTP, or PVST
mode.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Perform mCheck on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp mcheck
Related commands
stp global mcheck
stp mode
stp mode
Use stp mode to configure the spanning tree operating mode.
Use undo stp mode to restore the default.
Syntax
stp mode { mstp | pvst | rstp | stp }
undo stp mode
Default
A spanning tree device operates in MSTP mode.
Views
System view
Predefined user roles
network-admin
Parameters
mstp: Configures the spanning tree device to operate in MSTP mode.
pvst: Configures the spanning tree device to operate in PVST mode.
rstp: Configures the spanning tree device to operate in RSTP mode.
stp: Configures the spanning tree device to operate in STP mode.
160
Usage guidelines
The MSTP mode is compatible with the RSTP mode, and the RSTP mode is compatible with the STP
mode.
The PVST mode's compatibility with other modes is as follows:
•
Access port—The PVST mode is compatible with other modes in any VLAN.
•
Trunk or hybrid port—The PVST mode is compatible with other modes only in VLAN 1.
Examples
# Configure the spanning tree device to operate in STP mode.
<Sysname> system-view
[Sysname] stp mode stp
Related commands
stp enable
stp global enable
stp global mcheck
stp mcheck
stp vlan enable
stp no-agreement-check
Use stp no-agreement-check to enable No Agreement Check on a port.
Use undo stp no-agreement-check to disable No Agreement Check on a port.
Syntax
stp no-agreement-check
undo stp no-agreement-check
Default
No Agreement Check is disabled.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only after you enable it on the root port.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Enable No Agreement Check on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
161
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp no-agreement-check
stp pathcost-standard
Use stp pathcost-standard to specify a standard for the device to use when calculating the default
path costs for ports.
Use undo stp pathcost-standard to restore the default.
Syntax
stp pathcost-standard { dot1d-1998 | dot1t | legacy }
undo stp pathcost-standard
Default
The devices uses the legacy standard to calculate the default path costs for ports.
Views
System view
Predefined user roles
network-admin
Parameters
dot1d-1998: Configures the device to calculate the default path cost for ports based on IEEE
802.1d-1998.
dot1t: Configures the device to calculate the default path cost for ports based on IEEE 802.1t.
legacy: Configures the device to calculate the default path cost for ports based on a private
standard.
Usage guidelines
If you change the standard that the device uses in calculating the default path costs, you restore the
path costs to the default.
Examples
# Configure the device to calculate the default path cost for ports based on IEEE 802.1d-1998.
<Sysname> system-view
[Sysname] stp pathcost-standard dot1d-1998
Related commands
display stp
stp cost
stp point-to-point
Use stp point-to-point to configure the link type of a port.
Use undo stp point-to-point to restore the default.
Syntax
stp point-to-point { auto | force-false | force-true }
undo stp point-to-point
162
Default
The default setting is auto, and the spanning tree device automatically detects whether a port
connects to a point-to-point link.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
auto: Specifies automatic detection of the link type.
force-false: Specifies the non-point-to-point link type.
force-true: Specifies the point-to-point link type.
Usage guidelines
When connecting to a non-point-to-point link, a port is incapable of rapid state transition.
You can configure the link type as point-to-point for a Layer 2 aggregate interface or a port that
operates in full duplex mode. As a best practice, use the default setting for the device to
automatically detect the port link type.
The stp point-to-point force-false or stp point-to-point force-true command configured on a port
in MSTP mode takes effect on all MSTIs or VLANs.
If the physical link to which the port connects is not a point-to-point link but you set it to be one, the
configuration might cause a temporary loop.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Configure the link that connects Ten-GigabitEthernet 1/0/3 as a point-to-point link.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] stp point-to-point force-true
Related commands
display stp
stp port bpdu-protection
Use stp port bpdu-protection to configure BPDU guard on an interface.
Use undo stp port bpdu-protection to restore the default.
Syntax
stp port bpdu-protection { enable | disable }
undo stp port bpdu-protection
163
Default
BPDU guard is not configured on a per-edge port basis. The status of BPDU guard on an interface is
the same as the global BPDU guard status.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
enable: Enables BPDU guard.
disable: Disables BPDU guard.
Usage guidelines
When this command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When this command is configured in Layer 2 aggregate interface view, it takes effect only on that
aggregate interface.
When this command is configured on a member port in an aggregation group, it takes effect only
after the port leaves the aggregation group.
Examples
# Enable BPDU guard on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp port bpdu-protection enable
Related commands
stp bpdu-protection
stp edged-port
stp port priority
Use stp port priority to set the priority of a port. The port priority affects the role of a port in a
spanning tree.
Use undo stp port priority to restore the default.
Syntax
stp [ instance instance-list | vlan vlan-id-list ] port priority priority
undo stp [ instance instance-list | vlan vlan-id-list ] port priority
Default
The port priority is 128.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
164
Parameters
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
priority: Specifies the port priority in the range of 0 to 240 in increments of 16 (as in 0, 16, 32).
Usage guidelines
The smaller the value, the higher the port priority. If all ports on your device use the same priority
value, the port priority depends on the port index. The smaller the index, the higher the priority.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
If you do not specify an MSTI or VLAN, this command configures the priority of the ports in the MSTP
CIST or in the STP or RSTP spanning tree.
Examples
# In MSTP mode, set the priority of port Ten-GigabitEthernet 1/0/3 to 16 in MSTI 2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] stp instance 2 port priority 16
# In PVST mode, set the priority of port Ten-GigabitEthernet 1/0/3 to 16 in VLAN 2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] stp vlan 2 port priority 16
Related commands
display stp
stp port shutdown permanent
Use stp port shutdown permanent to disable the device to reactivate the shutdown edge ports.
Use undo stp port shutdown permanent to restore the default.
Syntax
stp port shutdown permanent
undo stp port shutdown permanent
Default
The device reactivates the shutdown edge ports after a port status detection interval.
Views
System view
165
Predefined user roles
network-admin
Usage guidelines
This command applies to edge ports that are shut down by BPDU guard after the command is
executed. To bring up these ports, use the undo shutdown command.
You can use the shutdown-interval time command to set the port status detection interval after
which the device reactivates the shutdown ports. For information about the shutdown-interval time
command, see Fundamentals Command Reference.
Examples
# Disable the device to reactivate shutdown edge ports.
<Sysname> system-view
[Sysname] stp port shutdown permanent
stp port-log
Use stp port-log to enable outputting port state transition information.
Use undo stp port-log to disable outputting port state transition information.
Syntax
stp port-log { all | instance instance-list | vlan vlan-id-list }
undo stp port-log { all | instance instance-list | vlan vlan-id-list }
Default
This feature is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
all: Specifies all MSTIs or VLANs.
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
Examples
# In MSTP mode, enable outputting port state transition information for MSTI 2.
<Sysname> system-view
[Sysname] stp port-log instance 2
%Aug 16 00:49:41:856 2011 Sysname STP/3/STP_DISCARDING: Instance 2's port
Ten-GigabitEthernet1/0/1 has been set to discarding state.
%Aug 16 00:49:41:856 2011 Sysname STP/3/STP_FORWARDING: Instance 2's port
Ten-GigabitEthernet1/0/2 has been set to forwarding state.
166
The output shows that Ten-GigabitEthernet 1/0/1 in MSTI 2 transited to the discarding state and
Ten-GigabitEthernet 1/0/2 in MSTI 2 transited to the forwarding state.
# In PVST mode, enable outputting port state transition information for VLAN 1 through VLAN 4094.
<Sysname> system-view
[Sysname] stp port-log vlan 1 to 4094
%Aug 16 00:49:41:856 2006 Sysname STP/3/STP_DISCARDING: VLAN 2's Ten-GigabitEthernet1/0/1
has been set to discarding state!
%Aug 16 00:49:41:856 2006 Sysname STP/3/STP_FORWARDING: VLAN 2's Ten-GigabitEthernet1/0/2
has been set to forwarding state.
The output shows that Ten-GigabitEthernet 1/0/1 in VLAN 2 transited to the discarding state and
Ten-GigabitEthernet 1/0/2 in VLAN 2 transited to the forwarding state.
stp priority
Use stp priority to set the priority of the device.
Use undo stp priority to restore the default priority.
Syntax
stp [ instance instance-list | vlan vlan-id-list ] priority priority
undo stp [ instance instance-list | vlan vlan-id-list ] priority
Default
The device priority is 32768.
Views
System view
Predefined user roles
network-admin
Parameters
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
priority: Specifies the device priority in the range of 0 to 61440 in increments of 4096 (as in 0, 4096,
8192). You can set up to 16 priority values on the device. The smaller the value, the higher the device
priority.
Usage guidelines
If you do not specify an MSTI or VLAN, this command configures the priority of the device in the
MSTP CIST or in the STP or RSTP spanning tree.
Examples
# In MSTP mode, set the device priority to 4096 in MSTI 1.
<Sysname> system-view
[Sysname] stp instance 1 priority 4096
# In PVST mode, set the device priority to 4096 in VLAN 1.
<Sysname> system-view
167
[Sysname] stp vlan 1 priority 4096
stp region-configuration
Use stp region-configuration to enter MST region view.
Use undo stp region-configuration to restore the default MST region configurations.
Syntax
stp region-configuration
undo stp region-configuration
Default
The default settings for the MST region are as follows:
•
The MST region name of the device is the MAC address of the device.
•
All VLANs are mapped to the CIST.
•
The MSTP revision level is 0.
Views
System view
Predefined user roles
network-admin
Usage guidelines
After you enter MST region view, you can configure the MST region parameters, including the region
name, VLAN-to-instance mappings, and revision level.
Examples
# Enter MST region view.
<Sysname> system-view
[Sysname] stp region-configuration
[Sysname-mst-region]
stp role-restriction
Use stp role-restriction to enable port role restriction.
Use undo stp role-restriction to disable port role restriction.
Syntax
stp role-restriction
undo stp role-restriction
Default
Port role restriction is disabled.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
168
Usage guidelines
When port role restriction is enabled on a port, the port cannot become a root port.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Enable port role restriction on interface Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp role-restriction
stp root primary
Use stp root primary to configure the device as the root bridge.
Use undo stp root to restore the default.
Syntax
stp [ instance instance-list | vlan vlan-id-list ] root primary
undo stp [ instance instance-list | vlan vlan-id-list ] root
Default
A device is not a root bridge.
Views
System view
Predefined user roles
network-admin
Parameters
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
Usage guidelines
Once you specify the device as the root bridge, you cannot change the priority of the device.
If you do not specify an MSTI or VLAN, this command configures the device as the root bridge of the
MSTP CIST or of the STP or RSTP spanning tree.
Examples
# In MSTP mode, specify the device as the root bridge of MSTI 1.
<Sysname> system-view
[Sysname] stp instance 1 root primary
# In PVST mode, specify the device as the root bridge of VLAN 1.
169
<Sysname> system-view
[Sysname] stp vlan 1 root primary
Related commands
stp priority
stp root secondary
stp root secondary
Use stp root secondary to configure the device as a secondary root bridge.
Use undo stp root to restore the default.
Syntax
stp [ instance instance-list | vlan vlan-id-list ] root secondary
undo stp [ instance instance-list | vlan vlan-id-list ] root
Default
A device is not a secondary root bridge.
Views
System view
Predefined user roles
network-admin
Parameters
instance instance-list: Specifies a space-separated list of up to 10 MSTI items. Each item specifies
an MSTI or a range of MSTIs in the form of instance-id1 [ to instance-id2 ]. The value for instance-id2
must be equal to or greater than the value for instance-id1. The value range for the instance-id
argument is 0 to 4094, and the value 0 represents the CIST.
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094.
Usage guidelines
Once you specify the device as a secondary root bridge, you cannot change the priority of the
device.
If you do not specify an MSTI or VLAN, this command configures a secondary root bridge for the
MSTP CIST or of the STP or RSTP spanning tree.
Examples
# In MSTP mode, specify the device as a secondary root bridge in MSTI 1.
<Sysname> system-view
[Sysname] stp instance 1 root secondary
# In PVST mode, specify the device as a secondary root bridge in VLAN 1.
<Sysname> system-view
[Sysname] stp vlan 1 root secondary
Related commands
stp priority
stp root primary
170
stp root-protection
Use stp root-protection to enable root guard on a port.
Use undo stp root-protection to disable root guard on a port.
Syntax
stp root-protection
undo stp root-protection
Default
Root guard is disabled.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
On a port, the loop guard feature and the root guard feature are mutually exclusive.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Enable root guard for Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp root-protection
Related commands
stp edged-port
stp loop-protection
stp tc-protection
Use stp tc-protection to enable TC-BPDU attack guard for the device.
Use undo stp tc-protection to disable TC-BPDU attack guard for the device.
Syntax
stp tc-protection
undo stp tc-protection
Default
TC-BPDU attack guard is enabled.
171
Views
System view
Predefined user roles
network-admin
Usage guidelines
With TC-BPDU guard, you can set the maximum number of immediate forwarding address entry
flushes that the device can perform every 10 seconds. For TC-BPDUs received that exceed the limit,
the device performs a forwarding address entry flush when the interval elapses. This prevents
frequent flushing of forwarding address entries.
Examples
# Disable TC-BPDU attack guard for the device.
<Sysname> system-view
[Sysname] undo stp tc-protection
Related commands
stp tc-protection threshold
stp tc-protection threshold
Use stp tc-protection threshold to configure the maximum number of forwarding address entry
flushes that the device can perform every 10 seconds.
Use undo stp tc-protection threshold to restore the default.
Syntax
stp tc-protection threshold number
undo stp tc-protection threshold
Default
By default, the device can perform a maximum of six forwarding address entry flushes every 10
seconds.
Views
System view
Predefined user roles
network-admin
Parameters
number: Sets the maximum number of immediate forwarding address entry flushes that the device
can perform every 10 seconds. The value is in the range of 1 to 255.
Examples
# Configure the device to perform up to 10 forwarding address entry flushes every 10 seconds.
<Sysname> system-view
[Sysname] stp tc-protection threshold 10
Related commands
stp tc-protection
172
stp tc-restriction
Use stp tc-restriction to enable TC-BPDU transmission restriction.
Use undo stp tc-restriction to disable TC-BPDU transmission restriction.
Syntax
stp tc-restriction
undo stp tc-restriction
Default
TC-BPDU transmission restriction is disabled.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
When TC-BPDU transmission restriction is enabled on a port, the port does not send TC-BPDUs to
the other ports. It also does not delete the MAC address entries.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Enable TC-BPDU transmission restriction on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp tc-restriction
stp tc-snooping
Use stp tc-snooping to enable TC Snooping.
Use undo stp tc-snooping to disable TC Snooping.
Syntax
stp tc-snooping
undo stp tc-snooping
Default
TC Snooping is disabled.
Views
System view
173
Predefined user roles
network-admin
Usage guidelines
TC Snooping and the spanning tree feature are mutually exclusive. You must globally disable the
spanning tree feature before enabling TC Snooping.
Examples
# Globally disable the spanning tree feature and enable TC Snooping.
<Sysname> system-view
[Sysname] undo stp global enable
[Sysname] stp tc-snooping
Related commands
stp global enable
stp timer forward-delay
Use stp timer forward-delay to set the forward delay timer.
Use undo stp timer forward-delay to restore the default.
Syntax
stp [ vlan vlan-id-list ] timer forward-delay time
undo stp [ vlan vlan-id-list ] timer forward-delay
Default
The forward delay timer is 1500 centiseconds.
Views
System view
Predefined user roles
network-admin
Parameters
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. If you
set the STP, RSTP, or MSTP forward delay, do not specify this option.
time: Sets the forward delay in centiseconds, in the range of 400 to 3000 in increments of 100 (as in
400, 500, 600).
Usage guidelines
The forward delay timer determines the time interval of state transition. To prevent temporary loops,
a spanning tree port goes through the learning (intermediate) state before it transits from the
discarding state to the forwarding state. To stay synchronized with the remote device, the port has a
wait period between transition states that is determined by the forward delay timer.
Do not set the forward delay with this command. As a best practice, specify the network diameter of
the switched network by using the stp bridge-diameter command. The stp bridge-diameter
command makes the spanning tree protocols automatically calculate the optimal settings for the
forward delay timer. If the network diameter uses the default value, the forward delay timer also uses
the default value.
174
Examples
# In MSTP mode, set the forward delay timer to 2000 centiseconds.
<Sysname> system-view
[Sysname] stp timer forward-delay 2000
# In PVST mode, set the forward delay timer for VLAN 2 to 2000 centiseconds.
<Sysname> system-view
[Sysname] stp vlan 2 timer forward-delay 2000
Related commands
stp bridge-diameter
stp timer hello
stp timer max-age
stp timer hello
Use stp timer hello to set the hello time.
Use undo stp timer hello to restore the default.
Syntax
stp [ vlan vlan-id-list ] timer hello time
undo stp [ vlan vlan-id-list ] timer hello
Default
The hello time is 200 centiseconds.
Views
System view
Predefined user roles
network-admin
Parameters
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. If you
set the STP, RSTP, or MSTP hello time, do not specify this option.
time: Sets the hello time in centiseconds, in the range of 100 to 1000 in increments of 100 (as in 100,
200, 300).
Usage guidelines
Hello time is the time interval at which spanning tree devices send configuration BPDUs to maintain
the spanning tree. If a device fails to receive configuration BPDUs within the set period of time, a new
spanning tree calculation process is triggered.
Do not set the hello time with this command. As a best practice, specify the network diameter of the
switched network by using the stp bridge-diameter command. The stp bridge-diameter command
makes the spanning tree protocols automatically calculate the optimal settings for the hello timer. If
the network diameter uses the default value, the hello timer also uses the default value.
Examples
# In MSTP mode, set the hello time to 400 centiseconds.
<Sysname> system-view
[Sysname] stp timer hello 400
175
# In PVST mode, set the hello time for VLAN 2 to 400 centiseconds.
<Sysname> system-view
[Sysname] stp vlan 2 timer hello 400
Related commands
stp bridge-diameter
stp timer forward-delay
stp timer max-age
stp timer max-age
Use stp timer max-age to set the max age timer of the device.
Use undo stp timer max-age to restore the default.
Syntax
stp [ vlan vlan-id-list ] timer max-age time
undo stp [ vlan vlan-id-list ] timer max-age
Default
The max age is 2000 centiseconds.
Views
System view
Predefined user roles
network-admin
Parameters
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. If you
set the STP, RSTP, or MSTP max age, do not specify this option.
time: Sets the max age in centiseconds in the range of 600 to 4000 in increments of 100 (as in 600,
700, 800).
Usage guidelines
In the CIST of an MSTP network, the device determines whether a configuration BPDU received on
a port has expired based on the max age timer. If the configuration BPDU has expired, a new
spanning tree calculation process starts. The max age timer takes effect only on the CIST (or MSTI
0).
Do not set the max age timer with this command. As a best practice, specify the network diameter of
the switched network by using the stp bridge-diameter command. The stp bridge-diameter
command makes the spanning tree protocols automatically calculate the optimal settings for the max
age timer. If the network diameter uses the default value, the max age timer also uses the default
value.
Examples
# In MSTP mode, set the max age timer to 1000 centiseconds.
<Sysname> system-view
[Sysname] stp timer max-age 1000
# In PVST mode, set the max age timer for VLAN 2 to 1000 centiseconds.
<Sysname> system-view
176
[Sysname] stp vlan 2 timer max-age 1000
Related commands
stp bridge-diameter
stp timer forward-delay
stp timer hello
stp timer-factor
Use stp timer-factor to configure the timeout period by setting the timeout factor.
Timeout period = timeout factor × 3 × hello time.
Use undo stp timer-factor to restore the default.
Syntax
stp timer-factor factor
undo stp timer-factor
Default
The timeout factor of a device is set to 3.
Views
System view
Predefined user roles
network-admin
Parameters
factor: Sets the timeout factor in the range of 1 to 20.
Usage guidelines
In a stable network, each non-root-bridge forwards configuration BPDUs to surrounding devices at
the interval of hello time to determine whether any link fails. If a device does not receive a BPDU from
the upstream device within nine times of the hello time, it assumes that the upstream device has
failed. Then it will start a new spanning tree calculation process.
As a best practice, set the timeout factor to 5, 6, or 7 in the following situations:
•
To prevent undesired spanning tree calculations. An upstream device might be too busy to
forward configuration BPDUs in time, for example, many Layer 2 interfaces are configured on
the upstream device. In this case, the downstream device fails to receive a BPDU within the
timeout period and then starts an undesired spanning tree calculation.
•
To save network resources on a stable network.
Examples
# Set the timeout factor of the device to 7.
<Sysname> system-view
[Sysname] stp timer-factor 7
Related commands
stp timer hello
stp transmit-limit
Use stp transmit-limit to set the BPDU transmission rate of a port.
177
Use undo stp transmit-limit to restore the default.
Syntax
stp transmit-limit limit
undo stp transmit-limit
Default
The BPDU transmission rate of all ports is 10. Each port can send 10 BPDUs within each hello time.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
limit: Sets the BPDU transmission rate in the range of 1 to 255.
Usage guidelines
The maximum number of BPDUs a port can send within each hello time equals the BPDU
transmission rate plus the hello timer value.
A larger BPDU transmission rate value requires more system resources. An appropriate BPDU
transmission rate setting can prevent spanning tree protocols from using excessive bandwidth
resources during network topology changes. As a best practice, use the default value.
When the command is configured in Layer 2 Ethernet interface view, it takes effect only on that
interface.
When the command is configured in Layer 2 aggregate interface view, it takes effect only on the
aggregate interface.
When the command is configured on a member port in an aggregation group, it takes effect only after
the port leaves the aggregation group.
Examples
# Set the BPDU transmission rate of port Ten-GigabitEthernet 1/0/1 to 5.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] stp transmit-limit 5
stp vlan enable
Use stp vlan enable to enable the spanning tree feature for VLANs.
Use undo stp enable to disable the spanning tree feature for VLANs.
Syntax
stp vlan vlan-id-list enable
undo stp vlan vlan-id-list enable
Default
The spanning tree feature is enabled for all VLANs.
Views
System view
178
Predefined user roles
network-admin
Parameters
vlan vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a
VLAN or a range of VLANs in the form of vlan-id1 [ to vlan-id2 ]. The value for vlan-id2 must be equal
to or greater than the value for vlan-id1. The value range for the vlan-id argument is 1 to 4094. If you
do not specify this option, the command globally enables or disables the spanning tree feature
(VLANs are not included).
Usage guidelines
When you enable the spanning tree feature, the device operates in STP, RSTP, PVST, or MSTP
mode, depending on the spanning tree mode setting.
When you enable the spanning tree feature, the device dynamically maintains the spanning tree
status of VLANs, based on received configuration BPDUs. When you disable the spanning tree
feature, the device stops maintaining the spanning tree status.
Examples
# In PVST mode, globally enable the spanning tree feature, and enable the spanning tree feature in
VLAN 2.
<Sysname> system-view
[Sysname] stp mode pvst
[Sysname] stp global enable
[Sysname] stp vlan 2 enable
Related commands
stp enable
stp global enable
stp mode
vlan-mapping modulo
Use vlan-mapping modulo to map VLANs in the MST region to MSTIs according to the specified
modulo value and quickly create a VLAN-to-instance mapping table.
Syntax
vlan-mapping modulo modulo
Default
All VLANs are mapped to the CIST (MSTI 0).
Views
MST region view
Predefined user roles
network-admin
Parameters
modulo: Sets the modulo value in the range of 1 to 64.
Usage guidelines
You cannot map a VLAN to different MSTIs. If you map a VLAN that has been mapped to an MSTI to
a new MSTI, the old mapping is automatically removed.
179
This command maps each VLAN to the MSTI with ID (VLAN ID – 1) % modulo + 1. (VLAN ID – 1) %
modulo is the modulo operation for (VLAN ID – 1). If the modulo value is 15, then VLAN 1 is mapped
to MSTI 1, VLAN 2 to MSTI 2, …, VLAN 15 to MSTI 15, VLAN 16 to MSTI 16, and so on.
Examples
# Map VLANs to MSTIs as per modulo 8.
<Sysname> system-view
[Sysname] stp region-configuration
[Sysname-mst-region] vlan-mapping modulo 8
Related commands
active region-configuration
check region-configuration
display stp region-configuration
region-name
revision-level
180
Loop detection commands
display loopback-detection
Use display loopback-detection to display the loop detection configuration and status.
Syntax
display loopback-detection
Views
Any view
Predefined user roles
network-admin
network-operator
Example
# Display the loop detection configuration and status.
<Sysname> display loopback-detection
Loopback detection is enabled.
Loopback detection interval is 30 second(s).
Loopback is detected on following interfaces:
Interface
Action mode
Ten-GigabitEthernet1/0/1
Block
Ten-GigabitEthernet1/0/2
Shutdown
Ten-GigabitEthernet1/0/3
None
Ten-GigabitEthernet1/0/4
No-learning
Table 38 Command output
Field
Description
Action mode
Loop protection action:
•
Block—When a loop is detected on a port, the device generates a log, disables the
port from learning MAC addresses, and blocks inbound traffic on the port.
•
None—When a loop is detected on a port, the device generates a log but performs
no action on the port.
•
No-learning—When a loop is detected on a port, the device generates a log and
disables the port from learning MAC addresses.
•
Shutdown—When a loop is detected on a port, the device generates a log and
shuts down the port to disable it from receiving and sending any frames. The device
automatically brings up the port after the detection timer expires. You can use the
shutdown-interval command to set the detection timer. For more information, see
Fundamentals Command Reference.
loopback-detection action
Use loopback-detection action to configure the loop protection action on a port.
Use undo loopback-detection action to restore the default.
Syntax
In Layer 2 Ethernet interface view:
181
loopback-detection action { block | no-learning | shutdown }
undo loopback-detection action
In Layer 2 aggregate interface view:
loopback-detection action shutdown
undo loopback-detection action
Default
When the device detects a loop on a port, it generates a log but performs no action on the port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
block: Enables the block mode. If a loop is detected, the device disables MAC address learning and
blocks inbound traffic on the port, in addition to generating a log. Layer 2 aggregate interfaces do not
support this keyword.
no-learning: Enables the no-learning mode. If a loop is detected, the device generates a log and
disables MAC address learning on the port. Layer 2 aggregate interfaces do not support this
keyword.
shutdown: Enables the shutdown mode. If a loop is detected, the device generates a log and shuts
down the port. The device automatically brings up the port after the detection timer expires. You can
use the shutdown-interval command to set the detection timer. For more information, see
Fundamentals Command Reference.
Usage guidelines
To configure the loop protection action globally, use the loopback-detection global action
command.
The global configuration applies to all ports. The per-port configuration applies to the individual ports.
The per-port configuration takes precedence over the global configuration.
Example
# Set the loop protection action to shutdown on port Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[System-Ten-GigabitEthernet1/0/1] loopback-detection action shutdown
Related commands
display loopback-detection
loopback-detection global action
loopback-detection enable
Use loopback-detection enable to enable loop detection on a port.
Use undo loopback-detection enable to disable loop detection on a port.
Syntax
loopback-detection enable vlan { vlan-list | all }
182
undo loopback-detection enable vlan { vlan-list | all }
Default
The loop detection function is disabled on ports.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-list: Specifies a VLAN list, in the format of { vlan-id [ to vlan-id ] }&<1-10>, where vlan-id
represents the VLAN ID in the range of 1 to 4094, and &<1-10> indicates that you can specify up to
10 vlan-id [ to vlan-id ] parameters.
all: Specifies all existing VLANs.
Usage guidelines
The port-specific loop detection configuration takes effect only after you enable loop detection
globally. To enable loop detection globally, use the loopback-detection global enable command.
The global configuration applies to all ports in the specified VLAN. The per-port configuration applies
to the individual port only when the port belongs to the specified VLAN. The per-port configuration
takes precedence over the global configuration.
Example
# Enable loop detection on port Ten-GigabitEthernet 1/0/1 for VLAN 10 through VLAN 20.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[System-Ten-GigabitEthernet1/0/1] loopback-detection enable vlan 10 to 20
Related commands
display loopback-detection
loopback-detection global enable
loopback-detection global action
Use loopback-detection global action to configure the global loop protection action.
Use undo loopback-detection global action to restore the default.
Syntax
loopback-detection global action shutdown
undo loopback-detection global action
Default
When the device detects a loop on a port, it generates a log but performs no action on the port.
Views
System view
Predefined user roles
network-admin
183
Parameters
shutdown: Enables the shutdown mode. If a loop is detected, the device generates a log and shuts
down the port. The device automatically brings up the port after the detection timer expires. You can
use the shutdown-interval command to set the detection timer. For more information, see
Fundamentals Command Reference.
Usage guidelines
To configure the loop protection action on a per-port basis, use the loopback-detection action
command in interface view.
The global configuration applies to all ports. The per-port configuration applies to the individual ports.
The per-port configuration takes precedence over the global configuration.
Example
# Set the global loop protection action to shutdown.
<Sysname> system-view
[System] loopback-detection global action shutdown
Related commands
display loopback-detection
loopback-detection action
loopback-detection global enable
Use loopback-detection global enable to enable loop detection globally.
Use undo loopback-detection global enable to disable loop detection globally.
Syntax
loopback-detection global enable vlan { vlan-list | all }
undo loopback-detection global enable vlan { vlan-list | all }
Default
The loop detection function is globally disabled.
Views
System view
Predefined user roles
network-admin
Parameters
vlan-list: Specifies a VLAN list, in the format of { vlan-id [ to vlan-id ] }&<1-10>, where vlan-id
represents the VLAN ID in the range of 1 to 4094, and &<1-10> indicates that you can specify up to
10 vlan-id [ to vlan-id ] parameters.
all: Specifies all existing VLANs.
Usage guidelines
To enable loop detection on a per-port basis, use the loopback-detection enable command in
interface view.
The global configuration applies to all ports in the specified VLAN. The per-port configuration applies
to the individual port only when the port belongs to the specified VLAN. The per-port configuration
takes precedence over the global configuration.
184
Example
# Globally enable loop detection for VLAN 10 through VLAN 20.
<Sysname> system-view
[System] loopback-detection global enable vlan 10 to 20
Related commands
display loopback-detection
loopback-detection enable
loopback-detection interval-time
Use loopback-detection interval-time to set the loop detection interval.
Use undo loopback-detection interval-time to restore the default.
Syntax
loopback-detection interval-time interval
undo loopback-detection interval-time
Default
The loop detection interval is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Sets the loop detection interval in the range of 1 to 300 seconds.
Usage guidelines
With loop detection enabled, the device sends loop detection frames at the specified interval. A
shorter interval offers more sensitive detection but consumes more resources. Consider the system
performance and loop detection speed when you set the loop detection interval.
Example
# Set the loop detection interval to 10 seconds.
<Sysname> system-view
[Sysname] loopback-detection interval-time 10
Related commands
display loopback-detection
185
VLAN commands
Basic VLAN commands
bandwidth
Use bandwidth to configure the expected bandwidth of an interface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) is the interface baud rate divided by 1000.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth of an interface affects the link costs in OSPF, OSPFv3, and IS-IS. For more
information, see Layer 3—IP Routing Configuration Guide.
Examples
# Set the expected bandwidth of VLAN-interface 1 to 10000 kbps.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] bandwidth 10000
default
Use default to restore the default settings for a VLAN interface.
Syntax
default
Views
VLAN interface view
Predefined user roles
network-admin
186
Usage guidelines
CAUTION:
The default command might interrupt ongoing network services. Make sure you are fully aware of
the impacts of this command when you use it on a live network.
This command might fail to restore the default settings for some commands for reasons such as
command dependencies or system restrictions. Use the display this command in interface view to
identify these commands, and then use their undo forms or follow the command reference to restore
their default settings. If your restoration attempt still fails, follow the error message instructions to
resolve the problem.
Examples
# Restore the default settings for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] default
description
Use description to configure the description for a VLAN or VLAN interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
For a VLAN, the description is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a
four-digit format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the
default description of VLAN 100 is VLAN 0100.
For a VLAN interface, the description is the name of the interface. For example, Vlan-interface1
Interface.
Views
VLAN view
VLAN interface view
Predefined user roles
network-admin
Parameters
text: Specifies a description for a VLAN or VLAN interface, a string of 1 to 255 characters. The string
can include case-sensitive letters, digits, special symbols (see Table 39), spaces, and other Unicode
characters and symbols.
Table 39 Special symbols
Name
Symbol
Name
Symbol
Tilde
~
Left angle bracket
<
Exclamation point
!
Right angle bracket
>
At sign
@
Hyphen
-
187
Name
Symbol
Name
Symbol
Pound sign
#
Underscore
_
Dollar sign
$
Plus sign
+
Percent sign
%
Equal sign
=
Caret
^
Vertical bar
|
Ampersand sign
&
Back slash
\
Asterisk
*
Colon
:
Left brace
{
Semi-colon
;
Right brace
}
Quotation marks
"
Left parenthesis
(
Apostrophe
'
Right parenthesis
)
Comma
,
Left bracket
[
Dot
.
Right bracket
]
Slash
/
Usage guidelines
You can configure a description to describe the function or connection of a VLAN or VLAN interface.
The descriptions are helpful when a large number of VLANs and VLAN interfaces are created on the
device.
Examples
# Configure the description of VLAN 2 as sales-private.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] description sales-private
# Configure the description of VLAN-interface 2 as linktoPC56.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] description linktoPC56
Related commands
display interface vlan-interface
display vlan
display interface vlan-interface
Use display interface vlan-interface to display VLAN interface information.
Syntax
display interface vlan-interface [ brief [ description | down ] ]
display interface vlan-interface interface-number [ brief [ description ] ]
Views
Any view
188
Predefined user roles
network-admin
network-operator
Parameters
interface-number: Specifies a VLAN interface number. If you do not specify this argument, the
command displays information about all VLAN interfaces.
brief: Displays brief interface information. If you do not specify this keyword, the command displays
detailed interface information.
down: Displays interfaces in a down state and their down causes. If you do not specify this keyword,
the command displays information about VLAN interfaces in all states.
description: Displays complete interface descriptions. If you do not specify this keyword, the
command displays only the first 27 characters of each interface description.
Examples
# Display information for VLAN-interface 10.
<Sysname> display interface vlan-interface 10
Vlan-interface10
Current state: UP
Line protocol state: UP
Description: Vlan-interface10 Interface
Bandwidth: 100000kbps
Maximum transmission unit: 1500
Internet address : 192.168.1.54/24 (primary)
IP packet frame type: Ethernet II,
hardware address: 0023-89b6-d613
IPv6 packet frame type: Ethernet II,
hardware address: 0023-89b6-d613
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# Display brief information for VLAN-interface 2.
<Sysname> display interface vlan-interface 2 brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface
Link Protocol Primary IP
Vlan2
DOWN DOWN
Description
--
Table 40 Command output
Field
Description
Vlan-interface2
VLAN interface name.
Current state
Physical state of a VLAN interface:
•
DOWN (Administratively)—The administrative state of the
VLAN interface is down, because it has been shut down by
using the shutdown command.
•
DOWN—The administrative state of the VLAN interface is
up, but its physical state is down. The VLAN of this VLAN
interface does not contain any physical ports in up state. The
189
Field
Description
•
ports might not be well connected correctly or the lines might
have failed.
UP—Both the administrative state and the physical state of
the VLAN interface are up.
Line protocol state
Link layer protocol state of a VLAN interface:
•
DOWN—The link layer protocol state of the VLAN interface
is down.
•
UP—The link layer protocol state of the VLAN interface is
up.
Description
Partial or complete interface description configured by using the
description command:
•
If you do not specify the description keyword in the display
interface brief command, this field displays only the first 27
characters of the interface description.
•
If you specify the description keyword in the display
interface brief command, this field displays the complete
interface description.
Bandwidth
Expected bandwidth of a VLAN interface.
Maximum transmission unit
MTU of a VLAN interface.
Internet protocol processing : Disabled
The interface cannot process IP packets. This information is
displayed when the interface is not configured with an IP address.
Internet address : 192.168.1.54/24
(primary)
The primary IP address of the interface is 192.168.1.54/24. This
information is displayed only when the primary IP address is
configured for the interface.
IP packet frame type
Framing format of sent IPv4 packets.
hardware address
MAC address of the VLAN interface.
IPv6 packet frame type
Framing format of sent IPv6 packets.
Last clearing of counters
The most recent time that the reset counters interface
vlan-interface command was executed. This field displays Never
if you have not executed this command since the device startup.
Last 300 seconds input rate: 0
bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0
bytes/sec, 0 bits/sec, 0 packets/sec
Average rates of input packets and output packets in the last 300
seconds (in Bps, bps, and pps). This field is displayed only when
the VLAN interface supports interface statistics collection.
Input: 0 packets, 0 bytes, 0 drops
Total number and size (in bytes) of the received packets of the
interface and the number of the dropped packets. This field is
displayed only when the VLAN interface supports interface
statistics collection.
Output: 0 packets, 0 bytes, 0 drops
Total number and size (in bytes) of the sent packets of the
interface and the number of the dropped packets. This field is
displayed only when the VLAN interface supports interface
statistics collection.
Brief information on interfaces in route
mode
Brief information about Layer 3 interfaces.
Link: ADM - administratively down; Stby
– standby
Link layer state of the interface:
•
ADM—The interface has been administratively shut down.
To bring up the interface, use the undo shutdown
command.
•
Stby—The interface is operating as a backup interface.
190
Field
Description
Protocol: (s) - spoofing
The protocol attribute of an interface includes the spoofing flag
(the letter s in parentheses) when the following conditions exist:
•
The data link layer protocol state of an interface is shown as
UP.
•
Its link is an on-demand link or is not present.
Interface
Abbreviated interface name.
Link
Physical link state of the interface:
•
UP—The physical link of the interface is up.
•
DOWN—The physical link of the interface is down.
•
ADM—The interface has been administratively shut down.
To bring up the interface, use the undo shutdown
command.
•
Stby—The interface is operating as a backup interface.
Protocol
Data link layer state of the interface:
•
UP—The data link layer of the interface is up.
•
DOWN—The data link layer of the interface is down.
•
UP(s)—The data link layer of the interface is spoofing up.
This state is available for on-demand link setup applications.
This state enables the device to initiate an on-demand link
setup when a link is not present.
Primary IP
Primary IP address of the interface.
display vlan
Use display vlan to display VLAN information.
Syntax
display vlan [ vlan-id1 [ to vlan-id2 ] | all | dynamic | reserved | static ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan-id1: Specifies a VLAN by its ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in
the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the
value for the vlan-id1 argument.
all: Specifies all VLANs except the reserved VLANs.
dynamic: Specifies dynamic VLANs. If you specify this keyword, the command displays the number
of dynamic VLANs and the ID for each dynamic VLAN. The dynamic VLANs are generated through
MVRP.
reserved: Specifies reserved VLANs. Protocol modules determine which VLANs are reserved
according to function implementation. The reserved VLANs provide services for protocol modules.
You cannot configure reserved VLANs.
191
static: Specifies static VLANs. If you specify this keyword, the command displays the number of
static VLANs and the ID for each static VLAN. The static VLANs are manually created.
Examples
# Display VLAN 2 information.
<Sysname> display vlan 2
VLAN ID: 2
VLAN type: Static
Route interface: Not configured
Description: VLAN 0002
Name: VLAN 0002
Tagged ports:
None
Untagged ports:
Ten-GigabitEthernet1/0/1
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/3
# Display VLAN 3 information.
<Sysname> display vlan 3
VLAN ID: 3
VLAN type: static
Route interface: Configured
IPv4 address: 1.1.1.1
IPv4 subnet mask: 255.255.255.0
Description: VLAN 0003
Name: VLAN 0003
Tagged ports:
None
Untagged ports: None
Table 41 Command output
Field
Description
VLAN type
VLAN type, static or dynamic.
Route interface
Whether the VLAN interface is configured for the VLAN.
•
Not configured.
•
Configured.
Description
Description of the VLAN.
Name
VLAN name.
Primary IPv4 address of the VLAN interface. This field is displayed only when an IPv4
address is configured for the VLAN interface.
IPv4 address
When the VLAN interface is also configured with secondary IPv4 addresses, you can
view them by using one of the following commands:
•
display interface vlan-interface.
•
display this (VLAN interface view).
IPv4 subnet mask
Subnet mask of the primary IP address. This field is available only when an IP
address is configured for the VLAN interface.
Tagged ports
Tagged members of the VLAN.
Untagged ports
Untagged members of the VLAN.
Related commands
vlan
192
display vlan brief
Use display vlan brief to display brief VLAN information.
Syntax
display vlan brief
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display brief VLAN information.
<Sysname> display vlan brief
Brief information about all VLANs:
Supported Minimum VLAN ID: 1
Supported Maximum VLAN ID: 4094
Default VLAN ID: 1
VLAN ID
Name
Port
1
VLAN 0001
XGE1/0/1
XGE1/0/2
XGE1/0/3
XGE1/0/4
XGE1/0/5
XGE1/0/6
XGE1/0/7
XGE1/0/8
XGE1/0/9
XGE1/0/10
XGE1/0/11
XGE1/0/12
XGE1/0/13
XGE1/0/14
XGE1/0/15
XGE1/0/16
XGE1/0/17
XGE1/0/18
XGE1/0/19
XGE1/0/20
XGE1/0/21
XGE1/0/22
XGE1/0/23
XGE1/0/24
XGE1/0/25
XGE1/0/26
XGE1/0/27
XGE1/0/28
XGE1/0/29
XGE1/0/30
XGE1/0/31
XGE1/0/32
XGE1/0/33
XGE1/0/34
XGE1/0/35
XGE1/0/36
XGE1/0/37
XGE1/0/38
XGE1/0/39
XGE1/0/40
XGE1/0/41
XGE1/0/42
XGE1/0/43
XGE1/0/44
XGE1/0/45
XGE1/0/46
XGE1/0/47
XGE1/0/48
2
VLAN 0002
3
VLAN 0003
Table 42 Command output
Field
Description
Default VLAN ID
System default VLAN ID.
Name
VLAN name.
Port
Port that allows packets from the VLAN to pass through.
193
interface vlan-interface
Use interface vlan-interface to create a VLAN interface and enter its view or to enter the view of an
existing VLAN interface.
Use undo interface vlan-interface to delete the specified VLAN interface.
Syntax
interface vlan-interface vlan-interface-id
undo interface vlan-interface vlan-interface-id
Default
No VLAN interface is created.
Views
System view
Predefined user roles
network-admin
Parameters
vlan-interface-id: Specifies a VLAN interface number in the range of 1 to 4094.
Usage guidelines
Create a VLAN before you create the VLAN interface for it.
You cannot create a VLAN interface for a sub-VLAN. For more information about sub-VLANs, see
Layer 2—LAN Switching Configuration Guide.
You cannot create VLAN interfaces for secondary VLANs that meet the following requirements:
•
Associated with the same primary VLAN.
•
Enabled with Layer 3 communication in VLAN interface view of the primary VLAN interface.
For more information about secondary VLANs, Layer 2—LAN Switching Configuration Guide.
Examples
# Create VLAN-interface 2, and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] quit
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2]
Related commands
display interface vlan-interface
mtu
Use mtu to set the MTU for a VLAN interface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
194
Default
The MTU of a VLAN interface is 1500 bytes.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
size: Sets the MTU in bytes, in the range of 128 to 1500.
Usage guidelines
The ip mtu or mtu command configuration on an interface takes effect on only the packets sent to
the CPU for software forwarding, including the packets destined to or sourced from the interface.
Configure the MTU as appropriate to avoid fragmentation.
If you configure both the mtu and ip mtu commands on a VLAN interface, the MTU set by the ip mtu
command is used for fragmentation. For more information about the ip mtu command, see Layer
3—IP Services Command Reference.
Examples
# Set the MTU to 1492 bytes for VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] mtu 1492
Related commands
display interface vlan-interface
name
Use name to configure a name for a VLAN.
Use undo name to restore the default.
Syntax
name text
undo name
Default
The name of a VLAN is VLAN vlan-id. The vlan-id argument specifies the VLAN ID in a four-digit
format. If the VLAN ID has fewer than four digits, leading zeros are added. For example, the name of
VLAN 100 is VLAN 0100.
Views
VLAN view
Predefined user roles
network-admin
Parameters
text: Specifies a VLAN name, a string of 1 to 32 characters. The string can include case-sensitive
letters, digits, special symbols (see Table 39), spaces, and other Unicode characters and symbols.
195
Usage guidelines
You can configure VLAN names for VLAN identification. When 802.1X or MAC authentication is
configured on a device, you can specify VLANs by name on the RADIUS server for authorization
VLAN assignment.
Examples
# Configure the name of VLAN 2 as test vlan.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] name test vlan
Related commands
display vlan
service
Use service to specify an IRF member device for forwarding the traffic on the current VLAN
interface.
Use undo service to restore the default.
Syntax
service slot slot-number
undo service slot
Default
No IRF member devices are specified for forwarding the traffic on the VLAN interface.
Views
VLAN interface view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
If no IRF member devices are specified for forwarding the traffic on the current VLAN interface, the
traffic is processed on the IRF member device that receives the traffic.
Some features, such as IPsec anti-replay, require that traffic for the same VLAN interface be
processed on the same IRF member device. If such a feature is configured, you must use this
command to specify an IRF member device for forwarding the traffic on a VLAN interface.
If the specified IRF member device is removed from the IRF fabric, traffic on the VLAN interface
cannot be forwarded even if the VLAN interface is up. After the specified IRF member device rejoins
the IRF fabric, traffic forwarding recovers.
Examples
# Specify IRF member device 2 for forwarding traffic on VLAN-interface 200.
<Sysname> system-view
[Sysname] interface vlan-interface 200
[Sysname-Vlan-interface200] service slot 2
196
shutdown
Use shutdown to shut down a VLAN interface.
Use undo shutdown to bring up a VLAN interface.
Syntax
shutdown
undo shutdown
Default
A VLAN interface is not manually shut down. The VLAN interface is up if one or more ports in the
VLAN is up, and it goes down if all ports in the VLAN go down.
Views
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
When a VLAN interface is not manually shut down, the following guidelines apply to the interface
state:
•
The VLAN interface is down if all ports in the VLAN are down.
•
The VLAN interface is up if one or more ports in the VLAN are up.
When you use this command to shut down a VLAN interface, the VLAN interface remains in DOWN
(Administratively) state. In this case, the VLAN interface state is not affected by the state of the ports
in the VLAN.
Before you configure parameters for a VLAN interface, use this command to shut it down to prevent
the configuration from affecting the network. After you complete the VLAN interface configuration,
use the undo shutdown command to make the settings take effect.
To troubleshoot a failed interface, you can use the shutdown command and then the undo
shutdown command on the interface to see whether it recovers.
In a VLAN, the state of any Ethernet port is independent of the state of the VLAN interface.
Examples
# Shut down VLAN-interface 2, and then bring it up.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] shutdown
[Sysname-Vlan-interface2] undo shutdown
vlan
Use vlan vlan-id to create a VLAN and enter its view or to enter the view of an existing VLAN.
Use vlan vlan-id1 to vlan-id2 to create VLANs vlan-id1 through vlan-id2, except reserved VLANs.
Use vlan all to create VLANs 1 through 4094.
Use undo vlan to delete the specified VLANs.
Syntax
vlan { vlan-id1 [ to vlan-id2 ] | all }
197
undo vlan { vlan-id1 [ to vlan-id2 ] | all }
Default
VLAN 1 (system default VLAN) exists.
Views
System view
Predefined user roles
network-admin
Parameters
vlan-id1, vlan-id2: Specifies a VLAN ID. The value range is 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN range. The vlan-id1 and vlan-id2 arguments specify VLAN IDs.
The value range for each of the two arguments is 1 to 4094. The value for the vlan-id2 argument
must be equal to or greater than the value for the vlan-id1 argument.
all: Creates or deletes all VLANs except reserved VLANs.
Usage guidelines
You cannot create or delete the system default VLAN (VLAN 1).
You cannot create or delete reserved VLANs.
Before you delete a dynamic VLAN, a VLAN with a QoS policy applied, or a VLAN locked by an
application, you must first remove the configuration from the VLAN.
Examples
# Create VLAN 2 and enter its view.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2]
# Create VLAN 4 through VLAN 100.
<Sysname> system-view
[Sysname] vlan 4 to 100
Related commands
display vlan
Port-based VLAN commands
display port
Use display port to display information about hybrid or trunk ports.
Syntax
display port { hybrid | trunk }
Views
Any view
Predefined user roles
network-admin
network-operator
198
Parameters
hybrid: Specifies hybrid ports.
trunk: Specifies trunk ports.
Examples
# Display information about hybrid ports.
<Sysname> display port hybrid
Interface
PVID
VLAN Passing
XGE1/0/4
100
Tagged:
1000, 1002, 1500, 1600-1611, 2000,
2555-2558, 3000, 4000
Untagged:1, 10, 15, 18, 20-30, 44, 55, 67, 100,
150-160, 200, 255, 286, 300-302
# Display information about trunk ports.
<Sysname> display port trunk
Interface
PVID
VLAN Passing
XGE1/0/8
2
1-4, 6-100, 145, 177, 189-200, 244, 289, 400,
555, 600-611, 1000, 2006-2008
Table 43 Command output
Field
Description
Interface
Interface name.
PVID
Port VLAN ID.
VLAN Passing
Existing VLANs allowed on the port.
Tagged
VLANs from which the port sends packets without removing VLAN tags.
Untagged
VLANs from which the port sends packets after removing VLAN tags.
port
Use port to assign the specified access ports to a VLAN.
Use undo port to remove the specified access ports from a VLAN.
Syntax
port interface-list
undo port interface-list
Default
All ports are in VLAN 1.
Views
VLAN view
Predefined user roles
network-admin
Parameters
interface-list: Specifies a space-separated list of up to 10 Ethernet interface items. Each item
specifies an Ethernet interface or a range of Ethernet interfaces in the form of interface-type
199
interface-number1 to interface-type interface-number2. The value for the interface-number2
argument must be equal to or greater than the value for the interface-number1 argument.
Usage guidelines
This command is applicable only to access ports.
By default, all ports are access ports. You can manually configure the port type. For more information,
see "port link-type."
Examples
# Assign Ten-GigabitEthernet 1/0/1 through Ten-GigabitEthernet 1/0/3 to VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] port ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/3
Related commands
display vlan
port access vlan
Use port access vlan to assign the access ports to the specified VLAN.
Use undo port access vlan to restore the default.
Syntax
port access vlan vlan-id
undo port access vlan
Default
All access ports belong to VLAN 1.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
S-channel interface view
S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
Before assigning an access port to a VLAN, make sure the VLAN has been created.
•
The configuration made in Layer 2 Ethernet interface view applies only to the port.
•
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface
and its aggregation member ports.
{
If the system fails to apply the configuration to the aggregate interface, it stops applying the
configuration to aggregation member ports.
{
If the system fails to apply the configuration to an aggregation member port, it skips the port
and moves to the next member port.
200
•
The configuration made in S-channel interface view or S-channel aggregate interface view
applies only to the interface. For information about S-channel interfaces, see EVB
Configuration Guide.
Examples
# Assign Ten-GigabitEthernet 1/0/1 to VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port access vlan 3
port hybrid pvid
Use port hybrid pvid to configure the PVID of a hybrid port.
Use undo port hybrid pvid to configure the PVID of a hybrid port as 1.
Syntax
port hybrid pvid vlan vlan-id
undo port hybrid pvid
Default
The PVID of a hybrid port is the ID of the VLAN to which the port belongs when its link type is
access.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
S-channel interface view
S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can configure a nonexistent VLAN as the PVID of a hybrid port. When you delete the PVID of a
hybrid port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, configure the same PVID for a local hybrid port and its peer.
To enable a hybrid port to transmit packets from its PVID, you must assign the hybrid port to the PVID
by using the port hybrid vlan command.
•
The configuration made in Layer 2 Ethernet interface view applies only to the port.
•
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface
and its aggregation member ports.
{
If the system fails to apply the configuration to the aggregate interface, it stops applying the
configuration to aggregation member ports.
{
If the system fails to apply the configuration to an aggregation member port, it skips the port
and moves to the next member port.
201
•
The configuration made in S-channel interface view or S-channel aggregate interface view
applies only to the interface.
Examples
# Configure VLAN 100 as the PVID of the hybrid port Ten-GigabitEthernet 1/0/1, and assign
Ten-GigabitEthernet 1/0/1 to VLAN 100 as an untagged member.
<Sysname> system-view
[Sysname] vlan 100
[Sysname-vlan100] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid pvid vlan 100
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 100 untagged
Related commands
port hybrid vlan
port link-type
port hybrid vlan
Use port hybrid vlan to assign a hybrid port to the specified VLANs.
Use undo port hybrid vlan to remove a hybrid port from the specified VLANs.
Syntax
port hybrid vlan vlan-id-list { tagged | untagged }
undo port hybrid vlan vlan-id-list
Default
A hybrid port is an untagged member of the VLAN to which the port belongs when its link type is
access.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
S-channel interface view
S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID
or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094.
The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1
argument.
tagged: Configures the port as a tagged member of the specified VLANs. A tagged member of a
VLAN sends packets from the VLAN without removing VLAN tags.
untagged: Configures the port as an untagged member of the specified VLANs. An untagged
member of a VLAN sends packets from the VLAN after removing VLAN tags.
202
Usage guidelines
A hybrid port can allow multiple VLANs. If you execute this command multiple times on a hybrid port,
the hybrid port allows the VLANs specified by the vlan-id-list argument in each execution.
•
The configuration made in Layer 2 Ethernet interface view applies only to the port.
•
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface
and its aggregation member ports.
•
{
If the system fails to apply the configuration to the aggregate interface, it stops applying the
configuration to aggregation member ports.
{
If the system fails to apply the configuration to an aggregation member port, it skips the port
and moves to the next member port.
The configuration made in S-channel interface view or S-channel aggregate interface view
applies only to the interface.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a hybrid port, and assign it to VLAN 2, VLAN 4, and VLANs
50 through 100 as a tagged member.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged
Related commands
port link-type
port link-type
Use port link-type to configure the link type of a port.
Use undo port link-type to restore the default link type of a port.
Syntax
port link-type { access | hybrid | trunk }
undo port link-type
Default
Any port is an access port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
S-channel interface view
S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
access: Configures the link type of a port as access.
hybrid: Configures the link type of a port as hybrid.
trunk: Configures the link type of a port as trunk.
203
Usage guidelines
To change the link type of a port from trunk to hybrid or vice versa, first set the link type to access.
•
The configuration made in Layer 2 Ethernet interface view applies only to the port.
•
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface
and its aggregation member ports.
•
{
If the system fails to apply the configuration to the aggregate interface, it stops applying the
configuration to aggregation member ports.
{
If the system fails to apply the configuration to an aggregation member port, it skips the port
and moves to the next member port.
The configuration made in S-channel interface view or S-channel aggregate interface view
applies only to the interface.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk
port trunk permit vlan
Use port trunk permit vlan to assign a trunk port to the specified VLANs.
Use undo port trunk permit vlan to remove the trunk port from the specified VLANs.
Syntax
port trunk permit vlan { vlan-id-list | all }
undo port trunk permit vlan { vlan-id-list | all }
Default
A trunk port allows packets only from VLAN 1 to pass through.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
S-channel interface view
S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID
or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094.
The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1
argument.
all: Specifies all VLANs. To prevent unauthorized VLAN users from accessing restricted resources
through a port, use the port trunk permit vlan all command with caution.
Usage guidelines
A trunk port can carry multiple VLANs. If you execute the port trunk permit vlan command multiple
times on a trunk port, the trunk port allows the VLANs specified by the vlan-id-list argument in each
execution.
204
On a trunk port, only packets from the PVID can pass through untagged.
•
The configuration made in Layer 2 Ethernet interface view applies only to the port.
•
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface
and its aggregation member ports.
•
{
If the system fails to apply the configuration to the aggregate interface, it stops applying the
configuration to aggregation member ports.
{
If the system fails to apply the configuration to an aggregation member port, it skips the port
and moves to the next member port.
The configuration made in S-channel interface view or S-channel aggregate interface view
applies only to the interface.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign it to VLAN 2, VLAN 4, and VLANs
50 through 100.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk
[Sysname-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 4 50 to 100
Related commands
port link-type
port trunk pvid
Use port trunk pvid to configure the PVID for a trunk port.
Use undo port trunk pvid to restore the default.
Syntax
port trunk pvid vlan vlan-id
undo port trunk pvid
Default
The PVID of a trunk port is VLAN 1.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
S-channel interface view
S-channel aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
Usage guidelines
You can configure a nonexistent VLAN as the PVID of a trunk port. When you delete the PVID of a
trunk port by using the undo vlan command, the PVID setting of the port does not change.
For correct packet transmission, configure the same PVID for a local trunk port and its peer.
205
To enable a trunk port to transmit packets from its PVID, you must assign the trunk port to the PVID
by using the port trunk permit vlan command.
•
The configuration made in Layer 2 Ethernet interface view applies only to the port.
•
The configuration made in Layer 2 aggregate interface view applies to the aggregate interface
and its aggregation member ports.
•
{
If the system fails to apply the configuration to the aggregate interface, it stops applying the
configuration to aggregation member ports.
{
If the system fails to apply the configuration to an aggregation member port, it skips the port
and moves to the next member port.
The configuration made in S-channel interface view or S-channel aggregate interface view
applies only to the interface.
Examples
# Configure VLAN 100 as the PVID of the trunk port Ten-GigabitEthernet 1/0/1, and assign
Ten-GigabitEthernet 1/0/1 to VLAN 100.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk
[Sysname-Ten-GigabitEthernet1/0/1] port trunk pvid vlan 100
[Sysname-Ten-GigabitEthernet1/0/1] port trunk permit vlan 100
Related commands
port link-type
port trunk permit vlan
MAC-based VLAN commands
display mac-vlan
Use display mac-vlan to display MAC-to-VLAN entries.
Syntax
display mac-vlan { all | dynamic | mac-address mac-address [ mask mac-mask ] | static | vlan
vlan-id }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all MAC-to-VLAN entries.
dynamic: Specifies dynamically configured MAC-to-VLAN entries.
mac-address mac-address: Specifies the MAC address in the MAC-to-VLAN entry.
mask mac-mask: Specifies the mask for matching MAC addresses in MAC-to-VLAN entries.
static: Specifies statically configured MAC-to-VLAN entries.
vlan vlan-id: Specifies the VLAN in MAC-to-VLAN entries. The value range for the vlan-id argument
is 1 to 4094.
206
Examples
# Display all MAC-to-VLAN entries.
<Sysname> display mac-vlan all
The following MAC VLAN entries exist:
State: S - Static, D - Dynamic
MAC address
Mask
VLAN ID
Dot1q
State
0008-0001-0000
FFFF-FF00-0000
5
3
S
0002-0001-0000
FFFF-FFFF-FFFF
5
3
S&D
Total MAC VLAN entries count: 2
Table 44 Command output
Field
Description
S - Static
Statically configured MAC-to-VLAN entries.
D - Dynamic
Dynamically configured MAC-to-VLAN entries.
MAC address
MAC address of the MAC-to-VLAN entry.
Mask
MAC address mask of the MAC-to-VLAN entry.
VLAN ID
VLAN ID of the MAC-to-VLAN entry.
Dot1q
802.1p priority of the VLAN in the MAC-to-VLAN entry.
State
State of a MAC-to-VLAN entry:
•
S—The MAC-to-VLAN entry is configured statically.
•
D—The MAC-to-VLAN entry is dynamically generated in cooperation
with the authentication feature.
•
S&D—The MAC-to-VLAN entry is configured both statically and
dynamically.
Related commands
mac-vlan mac-address
display mac-vlan interface
Use display mac-vlan interface to display all ports that are enabled with the MAC-based VLAN
feature.
Syntax
display mac-vlan interface
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display all ports that are enabled with the MAC-based VLAN feature.
<Sysname> display mac-vlan interface
MAC VLAN is enabled on following ports:
207
Ten-GigabitEthernet1/0/1
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/3
Related commands
mac-vlan enable
mac-vlan enable
Use mac-vlan enable to enable the MAC-based VLAN feature on a port.
Use undo mac-vlan enable to restore the default.
Syntax
mac-vlan enable
undo mac-vlan enable
Default
The MAC-based VLAN feature is disabled on a port.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
Execute this command only on hybrid ports.
Examples
# Enable the MAC-based VLAN feature on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname–Ten-GigabitEthernet1/0/1] mac-vlan enable
Related commands
display mac-vlan interface
mac-vlan mac-address
Use mac-vlan mac-address to configure a MAC-to-VLAN entry.
Use undo mac-vlan to delete the specified MAC-to-VLAN entries.
Syntax
mac-vlan mac-address mac-address [ mask mac-mask ] vlan vlan-id [ dot1q pri ]
undo mac-vlan { all | mac-address mac-address [ mask mac-mask ] | vlan vlan-id }
Default
No MAC-to-VLAN entries are configured.
Views
System view
Predefined user roles
network-admin
208
Parameters
mac-address mac-address: Specifies a MAC address.
mask mac-mask: Specifies the MAC address mask. For the mac-mask argument, the high-order bits
must be consecutive 1s in binary notation or consecutive Fs in hexadecimal notation. The default
value is all Fs in hexadecimal notation.
vlan vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
dot1q pri: Specifies the 802.1p priority of the VLAN specific to the MAC-to-VLAN entry. The value
range for the pri argument is 0 to 7, and the default value is 0.
all: Deletes all static MAC-to-VLAN entries.
Usage guidelines
For successful dynamic MAC-based VLAN assignment, use static VLANs when you create
MAC-to-VLAN entries.
Different types of MAC-to-VLAN entries are created depending on whether you specify the mask
keyword.
•
When you specify this keyword, the created MAC-to-VLAN entry describes the relationship
among a group of MAC addresses, a VLAN, and the 802.1p priority for the VLAN.
•
When you do not specify this keyword, the created MAC-to-VLAN entry describes the
relationship among a MAC address, a VLAN, and the 802.1p priority for the VLAN.
These different types of MAC-to-VLAN entries are stored separately in two tables. The system
updates the two tables according to the configuration.
Examples
# Associate the MAC address 0-1-1 with VLAN 100, and specify the 802.1p priority as 7 for VLAN
100 in this entry.
<Sysname> system-view
[Sysname] mac-vlan mac-address 0-1-1 vlan 100 dot1q 7
# Associate VLAN 100 with MAC addresses whose six high-order bits are 121122, and specify the
802.1p priority as 4 for VLAN 100 in this entry.
<Sysname> system-view
[Sysname] mac-vlan mac-address 1211-2222-3333 mask ffff-ff00-0000 vlan 100 dot1q 4
Related commands
display mac-vlan
mac-vlan trigger enable
Use mac-vlan trigger enable to enable dynamic MAC-based VLAN assignment.
Use undo mac-vlan trigger enable to restore the default.
Syntax
mac-vlan trigger enable
undo mac-vlan trigger enable
Default
Dynamic MAC-based VLAN assignment is not enabled.
Views
Layer 2 Ethernet interface view
209
Predefined user roles
network-admin
Usage guidelines
After receiving a packet, the port reports the source MAC address of the packet to the CPU.
•
If the source MAC address matches a MAC-to-VLAN entry whose mask is all Fs, the device
dynamically learns the source MAC address and assigns the receiving port to the VLAN specific
to the entry.
Subsequent packets with this source MAC address can be directly forwarded through the port.
•
If the MAC address does not match any MAC-to-VLAN entries or matches only a MAC-to-VLAN
entry whose mask is not all Fs, the device does not dynamically learn the MAC address or
assign the receiving port to the VLAN.
Examples
# Enable dynamic MAC-based VLAN assignment on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mac-vlan trigger enable
Related commands
port pvid forbidden
port pvid forbidden
Use port pvid forbidden to disable a port from forwarding packets that fail the exact MAC address
match in its PVID.
Use undo port pvid forbidden to restore the default.
Syntax
port pvid forbidden
undo port pvid forbidden
Default
When a port receives packets whose source MAC addresses fail the exact MAC address match, the
port forwards them in its PVID.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
Use this feature only with dynamic MAC-based VLAN assignment.
Examples
# Disable Ten-GigabitEthernet 1/0/1 from forwarding packets that fail the exact MAC address match
in its PVID.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port pvid forbidden
210
Related commands
mac-vlan trigger enable
vlan precedence
Use vlan precedence to set the VLAN matching order when both the MAC-based VLAN and IP
subnet-based VLAN are configured on a port.
Use undo vlan precedence to restore the default.
Syntax
vlan precedence { mac-vlan | ip-subnet-vlan }
undo vlan precedence
Default
A port matches VLANs based on MAC addresses preferentially.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
mac-vlan: Matches VLANs based on MAC addresses preferentially.
ip-subnet-vlan: Matches VLANs based on IP subnets preferentially.
Usage guidelines
This command takes effect only on MAC-based VLANs and IP subnet-based VLANs.
As a best practice to ensure the priority of MAC-based VLAN matching, configure the vlan
precedence mac-vlan command when you enable dynamic MAC-based VLAN assignment. If you
execute the vlan precedence ip-subnet-vlan command, the command will not take effect.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to match VLANs based on MAC addresses preferentially.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] vlan precedence mac-vlan
IP subnet-based VLAN commands
display ip-subnet-vlan interface
Use display ip-subnet-vlan interface to display IP subnet-based VLANs that are associated with
the specified ports.
Syntax
display ip-subnet-vlan interface { interface-type interface-number1 [ to interface-type
interface-number2 ] | all }
Views
Any view
211
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number1: Specifies an interface by its type and number.
interface-type interface-number1 to interface-type interface-number2: Specifies an interface range.
all: Displays information about IP subnet-based VLANs that are associated with all ports.
Examples
# Display IP subnet-based VLANs on Ten-GigabitEthernet 1/0/1.
<Sysname> display ip-subnet-vlan interface ten-gigabitethernet1/0/1
Interface: Ten-GigabitEthernet1/0/1
VLAN ID
Subnet index
IP address
Subnet mask
Status
3
0
192.168.1.0
255.255.255.0
Active
4
N/A
N/A
N/A
Inactive
4094
65535
172.16.1.1
255.255.0.0
Inactive
Table 45 Command output
Field
Description
VLAN ID
ID of the IP subnet-based VLAN.
Subnet index
IP address
Subnet mask
Status
Index of the IP subnet.
If no IP subnet-based VLAN is configured, this field displays N/A.
IP address of the subnet. It can be an IP address or a subnet address.
If no IP subnet address is configured for the VLAN, this field displays N/A.
Mask of the IP subnet.
If no subnet mask is configured for the VLAN, this field displays N/A.
Whether the IP subnet-based VLAN has taken effect on the port:
•
Active—The IP subnet-based VLAN has taken effect.
•
Inactive—The IP subnet-based VLAN has not taken effect. For example, this
field displays Inactive in one of the following conditions:
{
The configuration of the IP subnet-based VLAN is not complete.
{
The port does not allow the IP subnet-based VLAN.
Related commands
display ip-subnet-vlan vlan
ip-subnet-vlan
port hybrid ip-subnet-vlan
display ip-subnet-vlan vlan
Use display ip-subnet-vlan vlan to display information about IP subnet-based VLANs.
Syntax
display ip-subnet-vlan vlan { vlan-id1 [ to vlan-id2 ] | all }
Views
Any view
212
Predefined user roles
network-admin
network-operator
Parameters
vlan-id1: Specifies an IP subnet-based VLAN by its VLAN ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in
the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the
value for the vlan-id1 argument.
all: Specifies all IP subnet-based VLANs.
Examples
# Display information about all IP subnet-based VLANs.
<Sysname> display ip-subnet-vlan vlan all
VLAN ID: 3
Subnet index
IP address
Subnet mask
0
192.168.1.0
255.255.255.0
Table 46 Command output
Field
Description
VLAN ID
ID of the IP subnet-based VLAN.
Subnet index
Index of the IP subnet.
IP address
IP address of the subnet. It can be an IP address or a subnet address.
Subnet mask
Mask of the IP subnet.
Related commands
display ip-subnet-vlan interface
ip-subnet-vlan
port hybrid ip-subnet-vlan
ip-subnet-vlan
Use ip-subnet-vlan to associate a VLAN with the specified IP subnet or IP address.
Use undo ip-subnet-vlan to remove the association.
Syntax
ip-subnet-vlan [ ip-subnet-index ] ip ip-address [ mask ]
undo ip-subnet-vlan { ip-subnet-index [ to ip-subnet-end ] | all }
Default
A VLAN is not associated with any IP subnets or IP addresses.
Views
VLAN view
Predefined user roles
network-admin
213
Parameters
ip-subnet-index: Specifies a beginning IP subnet index in the range of 0 to 65535. The value can be
configured by users. It can also be automatically numbered by the system based on the order in
which the IP subnets or IP addresses are associated with the VLAN.
ip ip-address [ mask ]: Specifies the source IP address or network address based on which the
subnet-based VLANs are classified in dotted decimal notation. The mask argument is the subnet
mask of the source IP address or network address, in dotted decimal notation with a default value of
255.255.255.0.
to ip-subnet-end: Specifies an end IP subnet index of an IP subnet index range, in the range of 0 to
65535. The value for the ip-subnet-end argument must be greater than or equal to the beginning IP
subnet index.
all: Removes all associations between the VLAN and IP subnets or IP addresses.
Usage guidelines
The IP subnet or IP address cannot be a multicast network segment or a multicast address.
Examples
# Configure VLAN 3 as an IP subnet-based VLAN and associate it with the 192.168.1.0/24 network
segment.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0
Related commands
display protocol-vlan interface
display protocol-vlan vlan
port hybrid protocol-vlan
port hybrid ip-subnet-vlan
Use port hybrid ip-subnet-vlan to associate a port with an IP subnet-based VLAN.
Use undo port hybrid ip-subnet-vlan to remove the association.
Syntax
port hybrid ip-subnet-vlan vlan vlan-id
undo port hybrid ip-subnet-vlan { vlan vlan-id | all }
Default
A port is not associated with any IP subnet-based VLANs.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
all: Specifies all VLANs.
214
Usage guidelines
Only hybrid ports support this feature. Before you use this command, assign the port to the correct IP
subnet-based VLAN.
Examples
# Associate Ten-GigabitEthernet 1/0/1 with IP subnet-based VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0
[Sysname-vlan3] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 3 untagged
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid ip-subnet-vlan vlan 3
# Associate the Layer 2 aggregate interface Bridge-Aggregation 1 with the IP subnet-based VLAN 3.
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] ip-subnet-vlan ip 192.168.1.0 255.255.255.0
[Sysname-vlan3] quit
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] port link-type hybrid
[Sysname-Bridge-Aggregation1] port hybrid vlan 3 untagged
[Sysname-Bridge-Aggregation1] port hybrid ip-subnet-vlan vlan 3
Related commands
display ip-subnet-vlan interface
display ip-subnet-vlan vlan
ip-subnet-vlan
Protocol-based VLAN commands
display protocol-vlan interface
Use display protocol-vlan interface to display information about protocol-based VLANs for the
specified ports.
Syntax
display protocol-vlan interface { interface-type interface-number1 [ to interface-type
interface-number2 ] | all }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number1: Specifies an interface by its type and number.
interface-type interface-number1 to interface-type interface-number2: Specifies an interface range.
215
all: Displays information about protocol-based VLANs on all ports.
Examples
# Display protocol-based VLAN information on Ten-GigabitEthernet 1/0/1.
<Sysname> display protocol-vlan interface ten-gigabitethernet 1/0/1
Interface: Ten-GigabitEthernet1/0/1
VLAN ID
Protocol index
Protocol type
Status
2
0
IPv6
Active
2
1
N/A
Inactive
4094
65535
IPv4
Inactive
Table 47 Command output
Field
Description
VLAN ID
ID of the protocol-based VLAN.
Protocol index
Protocol template index.
Protocol type
Status
Protocol type specified by the protocol template.
If you do not specify the protocol type, this field displays N/A.
Whether the protocol-based VLAN has taken effect:
•
Active—The protocol-based VLAN has taken effect.
•
Inactive—The protocol-based VLAN has not taken effect.
Related commands
display protocol-vlan vlan
port hybrid protocol-vlan
protocol-vlan
display protocol-vlan vlan
Use display protocol-vlan vlan to display information about protocol-based VLANs.
Syntax
display protocol-vlan vlan { vlan-id1 [ to vlan-id2 ] | all }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan-id1: Specifies a protocol-based VLAN ID in the range of 1 to 4094.
vlan-id1 to vlan-id2: Specifies a VLAN ID range. Both the vlan-id1 and the vlan-id2 arguments are in
the range of 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the
value for the vlan-id1 argument.
all: Specifies all protocol-based VLANs.
Examples
# Displays information about all protocol-based VLANs.
216
<Sysname> display protocol-vlan vlan all
VLAN ID: 2
Protocol index
Protocol type
0
IPv4
65535
IPv6
VLAN ID: 3
Protocol index
Protocol type
0
IPv4
65535
LLC DSAP 0x11 SSAP 0x22
Table 48 Command output
Field
Description
VLAN ID
ID of the protocol-based VLAN.
Protocol index
Protocol template index.
Protocol type
Protocol type or encapsulation format specified by the protocol
template.
Related commands
display protocol-vlan interface
port hybrid protocol-vlan
protocol-vlan
port hybrid protocol-vlan
Use port hybrid protocol-vlan to associate a hybrid port with the specified protocols in a VLAN.
Use undo port hybrid protocol-vlan to remove the association.
Syntax
port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }
undo hybrid protocol-vlan { vlan vlan-id { protocol-index [ to protocol-end ] | all } | all }
Default
A port is not associated with any protocol-based VLANs.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094.
protocol-index: Specifies a beginning protocol template index in the range of 0 to 65535.
to protocol-end: Specifies an end protocol template index of a protocol template range, in the range
of 0 to 65535. The value for the protocol-end argument must be greater than or equal to the
beginning protocol template index.
217
all: Specifies all protocol templates.
Usage guidelines
Before you use this command, perform the following tasks:
•
Create a VLAN and associate it with specified protocols.
•
Configure the port link type as hybrid.
•
Configure the port to allow the protocol-based VLAN to pass through.
When you execute the undo port hybrid protocol-vlan command on a port, follow these
guidelines:
•
If you specify both the vlan-id argument and the all keyword, this command disassociates the
port from all protocol templates of the specified VLAN.
•
If you specify only the all keyword, this command disassociates the port from all protocol
templates of all VLANs.
Examples
# Associate the hybrid port Ten-GigabitEthernet 1/0/1 with protocol template 1 (IPv4) in VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] protocol-vlan 1 ipv4
[Sysname-vlan2] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type hybrid
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid vlan 2 untagged
[Sysname-Ten-GigabitEthernet1/0/1] port hybrid protocol-vlan vlan 2 1
# Associate the hybrid Layer 2 aggregate interface Bridge-Aggregation 1 with protocol template 1
(IPv4) in VLAN 2.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] protocol-vlan 1 ipv4
[Sysname-vlan2] quit
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] port link-type hybrid
[Sysname-Bridge-Aggregation1] port hybrid vlan 2 untagged
[Sysname-Bridge-Aggregation1] port hybrid protocol-vlan vlan 2 1
protocol-vlan
Use protocol-vlan to configure a VLAN as a protocol-based VLAN and configure the protocol
template for the VLAN.
Use undo protocol-vlan to remove the protocol templates configured for the VLAN.
Syntax
protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc | snap } | mode { ethernetii
etype etype-id | llc { dsap dsap-id [ ssap ssap-id ] | ssap ssap-id } | snap etype etype-id } }
undo protocol-vlan { protocol-index [ to protocol-end ] | all }
Default
A VLAN is not associated with any protocol templates.
218
Views
VLAN view
Predefined user roles
network-admin
Parameters
at: Specifies the AppleTalk-based VLAN.
ipv4: Specifies the IPv4-based VLAN.
ipv6: Specifies the IPv6-based VLAN.
ipx: Specifies the IPX-based VLAN. The keywords ethernetii, llc, and snap specify IPX
encapsulation formats.
mode: Configures a user-defined protocol template for the VLAN. The keywords ethernetii, llc, and
snap specify the available encapsulation formats.
ethernetii etype etype-id: Matches the Ethernet II encapsulation format and the specified protocol
type ID. The etype-id argument specifies the protocol type ID of inbound packets, in the range of
0x0600 to 0xFFFF, excluding 0x0800, 0x809B, 0x8137, and 0x86DD.
llc: Matches the LLC encapsulation format.
dsap dsap-id: Specifies the destination service access point in the range of 0x00 to 0xFF.
ssap ssap-id: Specifies the source service access point in the range of 0x00 to 0xFF.
snap etype etype-id: Matches the SNAP encapsulation format and the specified protocol type value.
The etype-id argument specifies the Ethernet type of inbound packets, in the range of 0x0600 to
0xFFFF, excluding 0x8137.
protocol-index: Specifies a protocol template index in the range of 0 to 65535. The system will
automatically assign an index if you do not specify this argument.
to protocol-end: Specifies an end protocol template index of a protocol template range, in the range
of 0 to 65535. The value of the protocol-end argument must be greater than or equal to the value of
protocol-index argument.
all: Removes all the protocols associated with the VLAN.
Usage guidelines
CAUTION:
IP uses ARP for address resolution in Ethernet. To prevent communication failures, configure the IP
and ARP templates in the same VLAN and associate them with the same port.
When you use the mode keyword to configure a protocol template, follow these restrictions and
guidelines:
•
Do not configure the following values for the etype-id argument in the ethernetii etype etype-id
option:
{
0x0800—Specifies the IPv4 protocol in Ethernet II encapsulation.
{
0x809B—Specifies the AppleTalk protocol in Ethernet II encapsulation.
{
0x8137—Specifies the IPX protocol in Ethernet II encapsulation.
{
0x86DD—Specifies the IPv6 protocol in Ethernet II encapsulation.
These values conflict with the ipv4, at, ipx, and ipv6 keywords of the command, respectively.
•
Do not configure any of the following values for both the dsap-id and ssap-id arguments when
you specify the llc keyword:
{
0xE0—Specifies the 802.2 LLC encapsulation format for IPX packets.
{
0xFF—Specifies the 802.3 raw encapsulation format for IPX packets.
219
{
0xAA—Specifies the 802.2 SNAP encapsulation format.
When either of the dsap-id and ssap-id arguments is configured, the system assigns 0xAA to
the other argument.
•
Do not set the etype-id argument in the snap etype etype-id option to 0x8137. You can set the
etype-id argument to 0x0800, 0x809B, or 0x86DD, which are corresponding to IPv4, AppleTalk,
and IPv6, respectively.
Examples
# Assign ARP packets in Ethernet II encapsulation and IPv4 packets to VLAN 3 for transmission.
(The protocol type ID for ARP is 0x0806.)
<Sysname> system-view
[Sysname] vlan 3
[Sysname-vlan3] protocol-vlan 2 mode ethernetii etype 0806
[Sysname-vlan3] protocol-vlan 1 ipv4
Related commands
display protocol-vlan interface
display protocol-vlan vlan
port protocol-vlan
VLAN group commands
display vlan-group
Use display vlan-group to display VLAN group information.
Syntax
display vlan-group [ group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The
first character must be an alphabetical character. If you do not specify this argument, the command
displays information about all VLAN groups.
Examples
# Display information about the VLAN group test001.
<Sysname> display vlan-group test001
VLAN group: test001
VLAN list: 2-4 100 200
# Display information about all VLAN groups.
<Sysname> display vlan-group
VLAN group: test001
VLAN list: 2-4 100 200
VLAN group: rnd
220
VLAN list: Null
Table 49 Command output
Field
Description
VLAN group
Name of the VLAN group.
VLAN list
VLAN list in the VLAN group.
Related commands
vlan-group
vlan-list
vlan-group
Use vlan-group to create a VLAN group and enter VLAN group view.
Use undo vlan-group to delete a VLAN group.
Syntax
vlan-group group-name
undo vlan-group group-name
Default
No VLAN group exists.
Views
System view
Predefined user roles
network-admin
Parameters
group-name: Specifies a VLAN group by its name, a case-sensitive string of 1 to 31 characters. The
first character must be an alphabetical character.
Usage guidelines
After you configure a VLAN group on the device, the authentication sever can assign the VLAN
group name to the 802.1X user that passes authentication. The VLAN group name identifies this
group of VLANs. For more information about 802.1X authentication, see Security Configuration
Guide.
Examples
# Create a VLAN group named test001 and enter VLAN group view.
<Sysname> system-view
[Sysname] vlan-group test001
[Sysname-vlan-group-test001]
Related commands
vlan-list
vlan-list
Use vlan-list to add VLANs to a VLAN group.
221
Use undo vlan-list to remove VLANs from a VLAN group.
Syntax
vlan-list vlan-id-list
undo vlan-list vlan-id-list
Default
No VLAN exists in a VLAN group.
Views
VLAN group view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID
or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094.
The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1
argument.
Examples
# Add VLAN 2 through VLAN 4, VLAN 100, and VLAN 200 to the VLAN group test001.
<Sysname> system-view
[Sysname] vlan-group test001
[Sysname-vlan-group-test001] vlan-list 2 to 4 100 200
Related commands
vlan-group
222
Super VLAN commands
display supervlan
Use display supervlan to display information about super VLANs and their associated sub-VLANs.
Syntax
display supervlan [ supervlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
supervlan-id: Specifies a super VLAN ID in the range of 1 to 4094. If you do not specify a super VLAN
ID, this command displays information about all super VLANs and their associated sub-VLANs.
Examples
# Display information about super VLAN 2 and its associated sub-VLANs.
<Sysname> display supervlan 2
Super VLAN ID: 2
Sub-VLAN ID: 3-5
VLAN ID: 2
VLAN type: Static
It is a super VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0002
Name: VLAN 0002
Tagged ports:
None
Untagged ports: None
VLAN ID: 3
VLAN type: Static
It is a sub VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0003
Name: VLAN 0003
223
Tagged
ports: None
Untagged ports:
Ten-GigabitEthernet1/0/3
VLAN ID: 4
VLAN type: Static
It is a sub VLAN.
Route interface: Configured
IPv4 address: 10.153.17.41
IPv4 subnet mask: 255.255.252.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0004
Name: VLAN 0004
Tagged ports: None
Untagged ports:
Ten-GigabitEthernet1/0/4
Table 50 Command output
Field
Description
VLAN type
VLAN type: Dynamic or Static.
Route interface
Whether a VLAN interface is configured for the VLAN.
Primary IPv4 address of the VLAN interface. This field is displayed only
when an IPv4 address is configured for the VLAN interface.
IPv4 address
IPv4 subnet mask
When the VLAN interface is also configured with secondary IPv4
addresses, you can view them by using one of the following commands:
•
display interface vlan-interface.
•
display this (VLAN interface view).
Subnet mask for the primary IPv4 address of the VLAN interface. This
field is displayed only when an IPv4 address is configured for the VLAN
interface.
Global unicast IPv6 address of the VLAN interface. This field is not
displayed when no IPv6 address is configured for the VLAN interface.
IPv6 global unicast addresses
The IPv6 address states are as follows:
•
TENTATIVE—Initial state. DAD is being performed or is to be
performed on the address. An address in this state cannot be used
as the source address or destination address of packets.
•
DUPLICATE—DAD has been completed for the address. The
address is not unique on the link and cannot be used.
•
PREFERRED—The address is preferred and can be used as the
source or destination address of a packet. If an address is in this
state, the command does not display the address state.
•
DEPRECATED—The address is beyond the preferred lifetime but
within the valid lifetime. It is valid, but it cannot be used as the
source address for a new connection. Packets destined to the
address are processed correctly.
Description
VLAN description.
Name
VLAN name.
Tagged ports
Tagged members of the VLAN.
Untagged ports
Untagged members of the VLAN.
224
Related commands
subvlan
supervlan
subvlan
Use subvlan to associate a super VLAN with the specified sub-VLANs.
Use undo subvlan to dissociate sub-VLANs from a super VLAN.
Syntax
subvlan vlan-id-list
undo subvlan [ vlan-id-list ]
Default
A super VLAN is not associated with any sub-VLANs.
Views
VLAN view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 sub-VLAN items. Each item specifies a
sub-VLAN ID or a range of sub-VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for
sub-VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the
value for the vlan-id1 argument.
Usage guidelines
Make sure sub-VLANs already exist before associating them with a super VLAN.
You can add ports to and remove ports from a sub-VLAN that is already associated with a super
VLAN.
When you use the undo subvlan command, follow these guidelines:
•
If you do not specify the vlan-id-list argument, this command dissociates all sub-VLANs from
the current super VLAN.
•
If you specify the vlan-id-list argument, this command dissociates the specified sub-VLANs
from the current super VLAN.
Examples
# Associate super VLAN 10 with sub-VLANs 3, 4, 5, and 9.
<Sysname> system-view
[Sysname] vlan 10
[Sysname-vlan10] supervlan
[Sysname-vlan10] subvlan 3 to 5 9
Related commands
display supervlan
supervlan
225
supervlan
Use supervlan to configure a VLAN as a super VLAN.
Use undo supervlan to restore the default.
Syntax
supervlan
undo supervlan
Default
A VLAN is not a super VLAN.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
You cannot configure a super VLAN as the guest VLAN, Auth-Fail VLAN, or critical VLAN for a port,
and vice versa. For more information about guest VLANs, Auth-Fail VLANs, and critical VLANs, see
Security Configuration Guide.
You can configure Layer 2 multicast for super VLANs. However, the configuration does not take
effect because super VLANs do not have physical ports.
As a best practice, do not configure VRRP for the VLAN interface of a super VLAN, because the
configuration affects network performance.
Examples
# Configure VLAN 2 as a super VLAN.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] supervlan
Related commands
display supervlan
subvlan
226
Private VLAN commands
display private-vlan
Use display private-vlan to display information about primary VLANs and their associated
secondary VLANs.
Syntax
display private-vlan [ primary-vlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
primary-vlan-id: Specifies a primary VLAN ID in the range of 1 to 4094. If you do not specify a primary
VLAN ID, this command displays all primary VLANs and their associated secondary VLANs.
Examples
# Display information about primary VLANs and their associated secondary VLANs.
<Sysname> display private-vlan
Primary VLAN ID: 2
Secondary VLAN ID: 3-4
VLAN ID: 2
VLAN type: Static
Private VLAN type: Primary
Route interface: Configured
IPv4 address: 1.1.1.1
IPv4 subnet mask: 255.255.255.0
IPv6 global unicast addresses:
2001::1, subnet is 2001::/64 [TENTATIVE]
Description: VLAN 0002
Name: VLAN 0002
Tagged
ports: None
Untagged ports:
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/4
Ten-GigabitEthernet1/0/3
VLAN ID: 3
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0003
Name: VLAN 0003
Tagged
ports: None
227
Untagged ports:
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/3
VLAN ID: 4
VLAN type: Static
Private VLAN type: Secondary
Route interface: Not configured
Description: VLAN 0004
Name: VLAN 0004
Tagged
ports: None
Untagged ports:
Ten-GigabitEthernet1/0/2
Ten-GigabitEthernet1/0/4
Table 51 Command output
Field
Description
VLAN type
VLAN type: Dynamic or Static.
Private VLAN type
Private VLAN type:
•
Primary—Primary VLAN.
•
Secondary—Secondary VLAN.
•
Isolated secondary—Secondary VLAN configured with port
isolation at Layer 2.
Route interface
Whether the VLAN interface is configured for the VLAN:
•
Configured.
•
Not configured.
Primary IPv4 address of the VLAN interface. This field is displayed only
when an IPv4 address is configured for the VLAN interface.
IPv4 address
IPv4 subnet mask
When the VLAN interface is also configured with secondary IPv4
addresses, you can view them by using one of the following commands:
•
display interface vlan-interface.
•
display this (VLAN interface view).
Subnet mask for the primary IPv4 address of the VLAN interface. This
field is displayed only when an IPv4 address is configured for the VLAN
interface.
Global unicast IPv6 address of the VLAN interface. This field is not
displayed when no IPv6 address is configured for the VLAN interface.
IPv6 global unicast addresses
The IPv6 address states are as follows:
•
TENTATIVE—Initial state. DAD is being performed or is to be
performed on the address. An address in this state cannot be used
as the source address or destination address of packets.
•
DUPLICATE—DAD has been completed for the address. The
address is not unique on the link and cannot be used.
•
PREFERRED—The address is preferred and can be used as the
source or destination address of a packet. If an address is in this
state, the command does not display the address state.
•
DEPRECATED—The address is beyond the preferred lifetime but
within the valid lifetime. It is valid, but it cannot be used as the
source address for a new connection. Packets destined to the
address are processed correctly.
Description
VLAN description.
Name
VLAN name.
228
Field
Description
Tagged ports
Tagged members of the VLAN.
Untagged ports
Untagged members of the VLAN.
Related commands
private-vlan (VLAN view)
private-vlan primary
port private-vlan host
Use port private-vlan host to configure a port as a host port.
Use undo port private-vlan to restore the default.
Syntax
port private-vlan host
undo port private-vlan
Default
A port is not a host port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
If the port has been assigned to a secondary VLAN, the command assigns the port to the primary
VLAN associated with the secondary VLAN. Also, the following events occur:
•
For an access port, the device performs the following tasks:
{
Changes the port link type to hybrid.
{
Configures the secondary VLAN as the PVID.
{
Assigns the port to the primary VLAN as an untagged member.
•
For a trunk port, the device does not change the port link type or PVID.
•
For a hybrid port, the device does not change the port link type or PVID.
{
If the hybrid port has been a tagged or untagged member of the primary VLAN, this member
attribute remains in the primary VLAN.
{
If the hybrid port does not allow the primary VLAN, the device assigns the port to the primary
VLAN as an untagged member.
The undo port private-vlan command does not change the VLAN attributes (allowed VLANs, port
link type, and PVID) of the port.
You can assign the port to a secondary VLAN before or after you execute the port private-vlan host
command.
The port private-vlan host command is mutually exclusive with the port private-vlan trunk
promiscuous and port private-vlan trunk secondary commands.
229
Examples
In this example, VLAN 20 is a secondary VLAN associated with primary VLAN 2.
# Configure Ten-GigabitEthernet 1/0/1 as a host port, and then verify the configuration.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port private-vlan host
#
return
The output show that Ten-GigabitEthernet 1/0/1 is operating in bridge mode and is a host port.
# Assign Ten-GigabitEthernet 1/0/1 to VLAN 20, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port access vlan 20
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port private-vlan host
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 20 untagged
port hybrid pvid vlan 20
#
return
The output shows that:
•
The port link type of Ten-GigabitEthernet 1/0/1 is hybrid and its PVID is VLAN 20.
•
Ten-GigabitEthernet 1/0/1 is an untagged member of secondary VLAN 20 and primary VLAN 2.
Related commands
port private-vlan promiscuous
port private-vlan trunk promiscuous
port private-vlan trunk secondary
private-vlan (VLAN view)
private-vlan primary
port private-vlan promiscuous
Use port private-vlan promiscuous to configure a port as a promiscuous port of the specified
VLAN and assign the port to the VLAN.
Use undo port private-vlan to restore the default.
Syntax
port private-vlan vlan-id promiscuous
230
undo port private-vlan
Default
A port is not a promiscuous port of any VLAN.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN ID in the range of 1 to 4094. Though VLAN 1 is in the valid value range, it
cannot be configured in the command.
Usage guidelines
If the specified VLAN is a primary VLAN that has been associated with secondary VLANs, the
command assigns the port to the associated secondary VLANs. Also, the following events occur:
•
For an access port, the device performs the following tasks:
{
Changes the port link type to hybrid.
{
Configures the primary VLAN as the PVID.
{
Assign the port to the primary VLAN and its associated secondary VLANs as an untagged
member.
•
For a trunk port, the device does not change the port link type or PVID.
•
For a hybrid port, the device does not change the port link type or PVID.
{
If the hybrid port has been a tagged or untagged member of the primary VLAN and part of its
associated secondary VLANs, this member attribute remains in these VLANs. The device
assigns the hybrid port to the rest of the associated secondary VLANs as an untagged
member.
{
If the hybrid port does not allow any of the primary VLAN and its associated secondary
VLANs, the command assigns the port to these VLANs as an untagged member.
If you execute this command on a promiscuous port, the system automatically executes the undo
port private-vlan command and then the port private-vlan promiscuous command.
The undo port private-vlan command does not change the VLAN attributes (allowed secondary
VLANs, link type, and PVID) of the port.
When you execute the undo port private-vlan command on a promiscuous port of a VLAN, the
command removes the port from the VLAN.
You can configure the VLAN as a primary VLAN before or after you execute the port private-vlan
vlan-id promiscuous command.
The port private-vlan promiscuous command is mutually exclusive with the port private-vlan
trunk promiscuous and port private-vlan trunk secondary commands.
Examples
In this example, VLAN 2 is a primary VLAN, and it is associated with secondary VLAN 20.
# Display information about Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
231
port link-mode bridge
#
return
# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of primary VLAN 2, and then verify the
configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port private-vlan 2 promiscuous
undo port hybrid vlan 1
port hybrid vlan 2 20 untagged
port hybrid pvid vlan 2
#
return
The output shows that:
•
Ten-GigabitEthernet 1/0/1 is a promiscuous port.
•
The port link type of Ten-GigabitEthernet 1/0/1 is hybrid and its PVID is VLAN 2.
•
Ten-GigabitEthernet 1/0/1 is an untagged member of primary VLAN 2 and secondary VLAN 20.
# Execute the undo port private-vlan command on Ten-GigabitEthernet 1/0/1, and then verify the
configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 20 untagged
port hybrid pvid vlan 2
#
return
The output shows that:
•
The link type and PVID of Ten-GigabitEthernet 1/0/1 do not change.
•
Ten-GigabitEthernet 1/0/1 is an untagged member of VLAN 20.
•
Ten-GigabitEthernet 1/0/1 is removed from primary VLAN 2.
Related commands
port private-vlan host
port private-vlan trunk promiscuous
port private-vlan trunk secondary
private-vlan (VLAN view)
private-vlan primary
232
port private-vlan trunk promiscuous
Use port private-vlan trunk promiscuous to configure a port as a trunk promiscuous port of the
specified VLANs and assign the port to these VLANs.
Use undo port private-vlan trunk promiscuous to cancel the trunk promiscuous attribute of a port
in the specified VLANs.
Syntax
port private-vlan vlan-id-list trunk promiscuous
undo port private-vlan vlan-id-list trunk promiscuous
Default
A port is not a trunk promiscuous port of any VLAN.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 primary VLAN items. Each item specifies a
primary VLAN ID or a range of primary VLAN IDs in the form of vlan-id1 to vlan-id2. The value range
for primary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater
than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the valid
value range, it cannot be configured in the command.
Usage guidelines
If the specified VLANs are primary VLANs that have been associated with secondary VLANs, the
command assigns the port to the associated secondary VLANs. Also, the following events occur:
•
For an access port, the device performs the following tasks:
{
Changes the port link type to hybrid. The PVID of the port does not change.
{
Assigns the port to the primary VLANs and the associated secondary VLANs as a tagged
member.
•
For a trunk port, the device does not change the port link type or PVID.
•
For a hybrid port, the device does not change the port link type or PVID.
{
If the hybrid port has been a tagged or untagged member of part of the primary VLANs and
their associated secondary VLANs, this member attribute remains in these VLANs. The
device assigns the hybrid port to the rest of the primary VLANs and their associated
secondary VLANs as a tagged member.
{
If the hybrid port does not allow any of the primary VLANs and their associated secondary
VLANs, the device assigns the port to these VLANs as a tagged member.
The undo form of this command does not change the VLAN attributes (allowed secondary VLANs,
port link type, and PVID) of the port.
If you execute the undo form of this command on a trunk promiscuous port, the command removes
the port from the VLANs specified by the vlan-id-list argument.
You can configure the VLAN as a primary VLAN before or after you execute the port private-vlan
vlan-id-list trunk promiscuous command.
233
The port private-vlan trunk promiscuous command is mutually exclusive with the port
private-vlan host, port private-vlan promiscuous, and port private-vlan trunk secondary
commands.
If multiple primary VLANs need to pass through the uplink port, use the port private-vlan trunk
promiscuous command to assign the port to these VLANs. The port can then transmit packets from
these primary VLANs with VLAN tags.
If only one primary VLAN needs to pass through the uplink port, use the port private-vlan
promiscuous command to assign the port to the VLAN. The port can then transmit packets from the
primary VLAN without VLAN tags.
Examples
In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary VLAN 20.
VLAN 3 is associated with secondary VLAN 30.
# Display information about Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
return
# Configure Ten-GigabitEthernet 1/0/1 as a trunk promiscuous port of VLANs 2 and 3, and then verify
the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 3 trunk promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port private-vlan 2 3 trunk promiscuous
port hybrid vlan 2 3 20 30 tagged
port hybrid vlan 1 untagged
#
return
The output shows that:
•
Ten-GigabitEthernet 1/0/1 is a trunk promiscuous port of VLANs 2 and 3.
•
The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.
•
Ten-GigabitEthernet1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.
# Execute the undo port private-vlan trunk promiscuous command on Ten-GigabitEthernet 1/0/1,
and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 2 3 trunk promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 20 30 tagged
port hybrid vlan 1 untagged
234
#
return
The output shows that:
•
The port link type of Ten-GigabitEthernet 1/0/1 does not change.
•
Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 20 and 30.
•
Ten-GigabitEthernet 1/0/1 is removed from VLANs 2 and 3.
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk secondary
private-vlan (VLAN view)
private-vlan primary
port private-vlan trunk secondary
Use port private-vlan trunk secondary to configure a port as a trunk secondary port of the
specified VLANs and assign the port to these VLANs.
Use undo port private-vlan trunk secondary to cancel the trunk secondary attribute of a port in the
specified VLANs.
Syntax
port private-vlan vlan-id-list trunk secondary
undo port private-vlan vlan-id-list trunk secondary
Default
A port is not a trunk secondary port of any VLAN.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a
secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value
range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or
greater than the value for the vlan-id1 argument. Though the system default VLAN (VLAN 1) is in the
valid value range, it cannot be configured in the command.
Usage guidelines
If the specified VLANs are secondary VLANs that have been associated with primary VLANs, the
command also assigns the port to the associated primary VLANs. Also, the following events occur:
•
•
For an access port, the device performs the following tasks:
{
Changes the port link type to hybrid. The PVID of the port does not change.
{
Assigns the port to the secondary VLANs and the associated primary VLANs as a tagged
member.
For a trunk port, the device does not change the port link type.
235
•
For a hybrid port, the device does not change the port link type.
{
If the port has been an untagged or tagged member of part of the secondary VLANs and
their associated primary VLANs, this member attribute remains in these VLANs. The device
assigns the port to the rest of the secondary VLANs and their associated primary VLANs as
a tagged member.
{
If the hybrid port does not allow any of the secondary VLANs and their associated primary
VLANs, the device assigns the port to these VLANs as a tagged member.
A trunk secondary port can join only one secondary VLAN among all secondary VLANs associated
with a primary VLAN. However, it can join multiple secondary VLANs separately associated with
multiple primary VLANs.
The undo form of this command does not change the VLAN attributes (allowed primary VLANs, port
link type, and PVID) of the port.
When you execute the undo form of this command on a trunk secondary port of the VLANs specified
by the vlan-id-list argument, one of the following events occurs:
•
If the port is an access port, the device does not change the VLAN configuration of the port.
•
If the port is a trunk or hybrid port, the device removes the port from the VLAN.
You can configure the specified VLANs as secondary VLANs before or after you execute the port
private-vlan trunk secondary command.
This command does not take effect on the specified VLAN if any of the following conditions applies:
•
The specified VLAN does not exist.
•
The specified VLAN is not a secondary VLAN and is used for other purposes.
•
The specified VLAN shares the same primary VLAN with other secondary VLANs, and the
current port has been configured as a trunk secondary port in one of the other secondary
VLANs.
The port private-vlan trunk secondary command is mutually exclusive with the port private-vlan
host, port private-vlan promiscuous, and port private-vlan trunk promiscuous commands.
If multiple secondary VLANs associated with different primary VLANs need to pass through the
downlink port, use the port private-vlan trunk secondary command to assign the port to these
secondary VLANs. The port can then transmit packets from these secondary VLANs with VLAN
tags.
If only one secondary VLAN needs to pass through the downlink port, use the port private-vlan
host command to assign the port to the secondary VLAN. The port can then transmit packets from
the secondary VLAN without VLAN tags.
Examples
•
In this example, VLANs 2 and 3 are primary VLANs. VLAN 2 is associated with secondary
VLAN 20. VLAN 3 is associated with secondary VLAN 30.
# Display information about Ten-GigabitEthernet 1/0/1.
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
return
# Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLANs 20 and 30, and then
verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 20 30 trunk secondary
[Sysname-Ten-GigabitEthernet1/0/1] display this
236
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 2 3 20 30 tagged
port hybrid vlan 1 untagged
port private-vlan 20 30 trunk secondary
#
return
The output shows that:
{
The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.
{
Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 2, 3, 20, and 30.
{
Ten-GigabitEthernet 1/0/1 is a trunk secondary port of VLANs 20 and 30.
# Execute the undo port private-vlan trunk secondary command on Ten-GigabitEthernet
1/0/1, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 20 30 trunk secondary
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 2 3 tagged
port hybrid vlan 1 untagged
#
return
The output shows that:
•
{
The port link type of Ten-GigabitEthernet 1/0/1 does not change.
{
Ten-GigabitEthernet 1/0/1 is a tagged member of VLANs 2 and 3.
{
Ten-GigabitEthernet 1/0/1 is removed from VLANs 20 and 30.
In this example, VLAN 10 is not a secondary VLAN.
# Display information about Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
return
# Configure Ten-GigabitEthernet 1/0/1 as a trunk secondary port of VLAN 10, and then verify
the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 10 trunk secondary
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
237
port hybrid vlan 10 tagged
port hybrid vlan 1 untagged
port private-vlan 10 trunk secondary
#
return
The output shows that:
{
The port link type of Ten-GigabitEthernet 1/0/1 is hybrid.
{
Ten-GigabitEthernet 1/0/1 is a tagged member of VLAN 10.
{
Ten-GigabitEthernet 1/0/1 is a trunk secondary port of VLAN 10.
# Execute the undo port private-vlan trunk secondary command on
Ten-GigabitEthernet1/0/1, and then verify the configuration.
[Sysname-Ten-GigabitEthernet1/0/1] undo port private-vlan 10 trunk secondary
[Sysname-Ten-GigabitEthernet1/0/1] display this
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type hybrid
port hybrid vlan 1 untagged
#
Return
The output shows that:
{
The port link type of Ten-GigabitEthernet 1/0/1 does not change.
{
Ten-GigabitEthernet 1/0/1 is removed from VLAN 10.
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk promiscuous
private-vlan (VLAN view)
private-vlan isolated
private-vlan primary
private-vlan (VLAN interface view)
Use private-vlan secondary to enable Layer 3 communication between secondary VLANs that are
associated with a primary VLAN.
Use undo private-vlan to cancel the Layer 3 communication configuration for secondary VLANs
that are associated with a primary VLAN.
Syntax
private-vlan secondary vlan-id-list
undo private-vlan [ secondary vlan-id-list ]
Default
Secondary VLANs are isolated at Layer 3.
Views
VLAN interface view
238
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each item specifies a
secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to vlan-id2. The value
range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or
greater than the value for the vlan-id1 argument.
Usage guidelines
This command takes effect only when the following conditions exist:
•
This command is executed in primary VLAN interface view.
•
Secondary VLANs are associated with the primary VLAN.
•
No VLAN interfaces are created for secondary VLANs.
•
An IP address is assigned to the primary VLAN interface.
•
Local proxy ARP or ND is enabled on the primary VLAN interface.
You can create VLAN interfaces for secondary VLANs that are not enabled with Layer 3
communication. If secondary VLANs are enabled with Layer 3 communication, do not create VLAN
interfaces for them.
When you execute this command in the same primary VLAN interface view multiple times, all the
specified secondary VLANs are interoperable at Layer 3.
When you execute the undo private-vlan command, follow these guidelines:
•
If you specify the secondary vlan-id-list option, this command cancels the Layer 3
communication configuration only for the specified secondary VLANs.
•
If you do not specify the secondary vlan-id-list option, this command cancels the Layer 3
communication configuration for all secondary VLANs of the primary VLAN.
Examples
This example shows how to meet the following requirements:
•
VLANs 3 and 4 are secondary VLANs that are associated with primary VLAN 2.
•
The uplink port Ten-GigabitEthernet 1/0/2 is a promiscuous port of VLAN 2.
•
The downlink ports Ten-GigabitEthernet 1/0/3 and Ten-GigabitEthernet 1/0/4 are host ports of
VLANs 3 and 4, respectively.
•
Secondary VLANs 3 and 4 can communicate at Layer 3.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLANs 3 and 4.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 3 to 4
[Sysname-vlan2] quit
# Configure the uplink port Ten-GigabitEthernet 1/0/2 as a promiscuous port of VLAN 2.
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan 2 promiscuous
[Sysname-Ten-GigabitEthernet1/0/2] quit
# Assign the downlink port Ten-GigabitEthernet 1/0/3 to VLAN 3 and configure the port as a host
port.
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 3
239
[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/3] quit
# Assign the downlink port Ten-GigabitEthernet 1/0/4 to VLAN 4 and configure the port as a host
port.
[Sysname] interface ten-gigabitethernet 1/0/4
[Sysname-Ten-GigabitEthernet1/0/4] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/4] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/4] quit
# Create VLAN-interface 2 and enable Layer 3 communication between secondary VLANs 3 and 4.
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] private-vlan secondary 3 to 4
# Assign an IP address to VLAN-interface 2.
[Sysname-Vlan-interface2] ip address 192.168.1.1 255.255.255.0
# Enable local proxy ARP on VLAN-interface 2.
[Sysname-Vlan-interface2] local-proxy-arp enable
Related commands
private-vlan (VLAN view)
private-vlan primary
private-vlan (VLAN view)
Use private-vlan to associate a primary VLAN with the specified secondary VLANs.
Use undo private-vlan to dissociate the specified secondary VLANs from a primary VLAN.
Syntax
private-vlan secondary vlan-id-list
undo private-vlan [ secondary vlan-id-list ]
Default
A primary VLAN is not associated with any secondary VLANs.
Views
VLAN view
Predefined user roles
network-admin
Parameters
secondary vlan-id-list: Specifies a space-separated list of up to 10 secondary VLAN items. Each
item specifies a secondary VLAN ID or a range of secondary VLAN IDs in the form of vlan-id1 to
vlan-id2. The value range for secondary VLAN IDs is 1 to 4094. The value for the vlan-id2 argument
must be equal to or greater than the value for the vlan-id1 argument. Though the system default
VLAN (VLAN 1) is in the valid value range, it cannot be configured in the command.
Usage guidelines
A primary VLAN can be associated with multiple secondary VLANs. When you execute this
command in the same VLAN view multiple times, all the specified secondary VLANs are associated
with the primary VLAN.
The configuration synchronization is triggered based on the interface configuration when the
following conditions exist:
240
•
This command is configured for a primary VLAN.
•
Ports on the device are promiscuous, trunk promiscuous, or host ports.
For more information, see the port private-vlan host, port private-vlan promiscuous, or port
private-vlan trunk promiscuous command.
When you execute the undo private-vlan command, follow these guidelines:
•
If you specify the secondary vlan-id-list option, this command dissociates the specified
secondary VLANs from the current primary VLAN.
•
If you do not specify the secondary vlan-id-list option, this command dissociates all secondary
VLANs from the current primary VLAN.
Examples
# Associate primary VLAN 2 with secondary VLANs 3 and 4.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 3 to 4
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk promiscuous
port private-vlan trunk secondary
primary-vlan primary
private-vlan community
Use private-vlan community to enable Layer 2 communication between ports in a secondary
VLAN.
Syntax
private-vlan community
Default
Ports in the same secondary VLAN can communicate with each other at Layer 2.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
The private-vlan community command and the undo private-vlan isolated command have the
same function. When you use the save command to save the configuration, the private-vlan
community command is not saved into the configuration file.
Examples
This example shows how to meet the following requirements:
•
VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.
•
Ten-GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.
•
Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are host ports of VLAN 4.
241
•
Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 can communicate at Layer 2 in
secondary VLAN 4.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLAN 4.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2] private-vlan secondary 4
[Sysname-vlan2] quit
# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2.
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] quit
# Assign Ten-GigabitEthernet 1/0/2 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/2] quit
# Assign Ten-GigabitEthernet 1/0/3 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/3] quit
# Enable Layer 2 communication in secondary VLAN 4.
[Sysname] vlan 4
[Sysname-vlan4] private-vlan community
Related commands
private-vlan isolated
private-vlan isolated
Use private-vlan isolated to isolate ports in a secondary VLAN at Layer 2.
Use undo private-vlan isolated to restore the default.
Syntax
private-vlan isolated
undo private-vlan isolated
Default
Ports in the same secondary VLAN can communicate with each other at Layer 2.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
The private-vlan isolated command takes effect when the following conditions exist:
242
•
The secondary VLAN is associated with a primary VLAN.
•
The ports are configured as host or trunk secondary ports of the secondary VLAN.
If you assign the downlink ports to a secondary VLAN configured with this command, the downlink
ports are isolated from each other at Layer 2.
The private-vlan isolated command is mutually exclusive with the primary VLAN, super VLAN, and
sub-VLAN configurations.
Examples
This example shows how to meet the following requirements:
•
VLAN 4 is a secondary VLAN, and it is associated with primary VLAN 2.
•
Ten-GigabitEthernet 1/0/1 is a promiscuous port of VLAN 2.
•
Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are host ports of VLAN 4.
•
Ten-GigabitEthernet 1/0/2 and Ten-GigabitEthernet 1/0/3 are isolated at Layer 2 in secondary
VLAN 4.
# Configure VLAN 2 as a primary VLAN and associate it with secondary VLAN 4.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] private-vlan primary
[Sysname-vlan2]private-vlan secondary 4
[Sysname-vlan4] quit
# Configure Ten-GigabitEthernet 1/0/1 as a promiscuous port of VLAN 2.
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port private-vlan 2 promiscuous
[Sysname-Ten-GigabitEthernet1/0/1] quit
# Assign Ten-GigabitEthernet 1/0/2 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/2] port private-vlan host
[Sysname-Ten-GigabitEthernet1/0/2] quit
# Assign Ten-GigabitEthernet 1/0/3 to VLAN 4 and configure the port as a host port.
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] port access vlan 4
[Sysname-Ten-GigabitEthernet1/0/3] port private-vlan host
# Configure port isolation at Layer 2 in secondary VLAN 4.
[Sysname] vlan 4
[Sysname-vlan4] private-vlan isolated
Related commands
private-vlan (VLAN view)
private-vlan community
private-vlan primary
private-vlan primary
Use private-vlan primary to configure a VLAN as a primary VLAN.
Use undo private-vlan primary to restore the default.
243
Syntax
private-vlan primary
undo private-vlan primary
Default
A VLAN is not a primary VLAN.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
The configuration synchronization is triggered based on the interface configuration when the
following conditions exist:
•
This command is configured for a VLAN that has been associated with secondary VLANs.
•
Ports on the device are promiscuous, trunk promiscuous, host, or trunk secondary ports.
For more information, see the port private-vlan host, port private-vlan promiscuous, or port
private-vlan trunk promiscuous, or port private-vlan trunk secondary command.
Examples
# Configure VLAN 5 as a primary VLAN.
<Sysname> system-view
[Sysname] vlan 5
[Sysname-vlan5] private-vlan primary
Related commands
port private-vlan host
port private-vlan promiscuous
port private-vlan trunk promiscuous
port private-vlan trunk secondary
private-vlan primary
244
Voice VLAN commands
cdp voice-vlan
Use cdp voice-vlan to configure a port to advertise the specified voice VLAN in CDP packets.
Use undo cdp voice-vlan to restore the default.
Syntax
cdp voice-vlan vlan-id
undo cdp voice-vlan
Default
When CDP compatibility is enabled, the port advertises the voice VLAN configured on the port to its
connected IP phone through CDP packets.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a voice VLAN ID in the range of 1 to 4094.
Usage guidelines
You must use this command with CDP compatibility.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to advertise VLAN 4094 in CDP packets.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] cdp voice-vlan 4094
display voice-vlan mac-address
Use display voice-vlan mac-address to display OUI addresses and their masks and descriptions.
Syntax
display voice-vlan mac-address
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display OUI addresses and their masks and descriptions.
<Sysname> display voice-vlan mac-address
OUI Address
Mask
Description
245
0001-e300-0000
ffff-ff00-0000
Siemens phone
0003-6b00-0000
ffff-ff00-0000
Cisco phone
0004-0d00-0000
ffff-ff00-0000
Avaya phone
000f-e200-0000
ffff-ff00-0000
H3C Aolynk phone
0060-b900-0000
ffff-ff00-0000
Philips/NEC phone
00d0-1e00-0000
ffff-ff00-0000
Pingtel phone
00e0-7500-0000
ffff-ff00-0000
Polycom phone
00e0-bb00-0000
ffff-ff00-0000
3Com phone
Table 52 Command output
Field
Description
OUI address
OUI address allowed on the device.
Mask
Mask of the OUI address.
Description
Description of the OUI address.
Related commands
voice-vlan mac-address
display voice-vlan state
Use display voice-vlan state to display voice VLAN information.
Syntax
display voice-vlan state
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display voice VLAN information.
<Sysname> display voice-vlan state
Current voice VLANs: 1
Voice VLAN security mode: Security
Voice VLAN aging time: 1440 minutes
Voice VLAN enabled ports and their modes:
Port
VLAN
Mode
CoS
DSCP
XGE1/0/1
111
Auto
6
46
Table 53 Command output
Field
Description
Current Voice VLANs
Number of existing voice VLANs.
Voice VLAN security mode
Voice VLAN mode:
•
Security.
•
Normal.
246
Field
Description
Voice VLAN enabled ports and their modes
Voice VLAN-enabled port and its voice VLAN assignment
mode.
Port
Name of the voice VLAN-enabled port.
VLAN
ID of the voice VLAN enabled on the port.
Mode
Voice VLAN assignment mode of the port:
•
Manual.
•
Automatic.
Related commands
voice-vlan aging
voice-vlan enable
voice-vlan mode auto
voice-vlan security enable
voice-vlan aging
Use voice-vlan aging to set the voice VLAN aging timer.
Use undo voice-vlan aging to restore the default.
Syntax
voice-vlan aging minutes
undo voice-vlan aging
Default
The voice VLAN aging timer is 1440 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Sets the voice VLAN aging timer in the range of 5 to 43200 minutes.
Usage guidelines
In automatic voice VLAN assignment mode, the system starts an aging timer for a voice VLAN when
assigning the port to the voice VLAN. If no voice packets are received on the port before the timer
expires, the system removes the port from the voice VLAN.
Set the voice VLAN aging timer only in automatic voice VLAN assignment mode.
Examples
# Set the voice VLAN aging timer to 100 minutes.
<Sysname> system-view
[Sysname] voice-vlan aging 100
Related commands
display voice-vlan state
247
voice-vlan enable
Use voice-vlan enable to enable the voice VLAN feature and configure a VLAN as the voice VLAN
for a port.
Use undo voice-vlan enable to disable the voice VLAN feature on a port.
Syntax
voice-vlan vlan-id enable
undo voice-vlan [ vlan-id ] enable
Default
The voice VLAN feature is disabled on ports.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a voice VLAN ID in the range of 2 to 4094.
Usage guidelines
Use this command only on a hybrid or trunk port operating in automatic voice VLAN assignment
mode.
Examples
# Enable the voice VLAN feature and configure VLAN 2 as the voice VLAN on Ten-GigabitEthernet
1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan 2 enable
Related commands
display voice-vlan state
voice-vlan mode auto
voice-vlan mac-address
Use voice-vlan mac-address to configure the OUI address information for voice packet
identification.
Use undo voice-vlan mac-address to delete an OUI address.
Syntax
voice-vlan mac-address mac-address mask oui-mask [ description text ]
undo voice-vlan mac-address oui
Default
System default OUI addresses exist.
248
Table 54 System default OUI addresses
Number
OUI address
Vendor
1
0001-E300-0000
Siemens phone
2
0003-6B00-0000
Cisco phone
3
0004-0D00-0000
Avaya phone
4
000F-E200-0000
H3C Aolynk phone
5
0060-B900-0000
Philips/NEC phone
6
00D0-1E00-0000
Pingtel phone
7
00E0-7500-0000
Polycom phone
8
00E0-BB00-0000
3Com phone
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a source MAC address of voice traffic, in the format of H-H-H. For example,
1234-1234-1234.
mask oui-mask: Specifies the valid length of the OUI address by a mask in the format of H-H-H. The
mask contains consecutive 1s and 0s. For example, FFFF-0000-0000. To filter the voice devices of a
vendor, set the mask to FFFF-FF00-0000.
description text: Specifies the OUI address description, a case-sensitive string of 1 to 30
characters.
oui: Specifies an OUI address to delete, in the format of H-H-H. For example, 1234-1200-0000. An
OUI address is the logical AND result of the mac-address and oui-mask arguments. It cannot be a
broadcast address, a multicast address, or an all-zero address.
Usage guidelines
Typically, an OUI address refers to the first 24 bits of a MAC address (in binary notation) and is a
globally unique identifier that IEEE assigns to a vendor. However, OUI addresses in this chapter are
addresses that the system uses to determine whether a received packet is a voice packet. They are
the logical AND results of the mac-address and oui-mask arguments in this command.
You can manually delete or add the system default OUI addresses.
The system supports up to 128 OUI addresses, including system default OUI addresses. To display
the supported OUI address, use the display voice-vlan mac-address command.
Examples
# Add an OUI address 1234-1200-0000 by specifying the MAC address as 1234-1234-1234 and the
mask as fff-ff00-0000. Configure the OUI address description as PhoneA.
<Sysname> system-view
[Sysname] voice-vlan mac-address 1234-1234-1234 mask ffff-ff00-0000 description PhoneA
Related commands
display voice-vlan mac-address
249
voice-vlan mode auto
Use voice-vlan mode auto to configure a port to operate in automatic voice VLAN assignment
mode.
Use undo voice-vlan mode auto to configure a port to operate in manual voice VLAN assignment
mode.
Syntax
voice-vlan mode auto
undo voice-vlan mode auto
Default
A port operates in automatic voice VLAN assignment mode.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
To make a voice VLAN take effect on a port operating in manual mode, you must manually assign the
port to the voice VLAN.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to operate in manual voice VLAN assignment mode.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] undo voice-vlan mode auto
Related commands
display voice-vlan state
voice-vlan qos
Use voice-vlan qos to configure a port to modify the CoS and DSCP values for incoming voice
VLAN packets.
Use undo voice-vlan qos to restore the default.
Syntax
voice-vlan qos cos-value dscp-value
undo voice-vlan qos
Default
A port modifies the CoS and DSCP values for incoming voice VLAN packets to 6 and 46,
respectively.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
250
Parameters
cos-value: Specifies a CoS value in the range of 0 to 7. The default value is 6.
dscp-value: Specifies a DSCP value in the range of 0 to 63. The default value is 46.
Usage guidelines
Before you execute this command on a port, make sure the voice VLAN feature is disabled on it.
If you execute both the voice-vlan qos and voice-vlan qos trust commands multiple times, the
most recent configuration takes effect.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to modify the CoS and DSCP values for voice VLAN packets
to 5 and 45, respectively.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan qos 5 45
Related commands
voice-vlan qos trust
voice-vlan qos trust
Use voice-vlan qos trust to configure a port to trust the priority settings in incoming voice VLAN
packets.
Use undo voice-vlan qos to restore the default.
Syntax
voice-vlan qos trust
undo voice-vlan qos
Default
A port modifies the CoS and DSCP values for incoming voice VLAN packets to 6 and 46,
respectively.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Usage guidelines
When a port trusts the QoS priority settings in incoming voice VLAN packets, the port does not
modify their CoS and DSCP values.
Before you execute this command on a port, make sure the voice VLAN feature is disabled on it.
If you execute both the voice-vlan qos and voice-vlan qos trust commands multiple times, the
most recent configuration takes effect.
Examples
# Configure Ten-GigabitEthernet 1/0/1 to trust the priority settings in incoming voice VLAN traffic.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] voice-vlan qos trust
251
Related commands
voice-vlan qos
voice-vlan security enable
Use voice-vlan security enable to enable the voice VLAN security mode.
Use undo voice-vlan security enable to disable the voice VLAN security mode.
Syntax
voice-vlan security enable
undo voice-vlan security enable
Default
The voice VLAN security mode is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
In security mode, a voice VLAN transmits only voice packets whose source MAC addresses match
the OUI addresses of the device.
In normal mode, a voice VLAN transmits voice packets and non-voice packets.
Examples
# Disable the voice VLAN security mode.
<Sysname> system-view
[Sysname] undo voice-vlan security enable
Related commands
display voice-vlan state
voice-vlan track lldp
Use voice-vlan track lldp to enable LLDP for automatic IP phone discovery.
Use undo voice-vlan track lldp to disable LLDP for automatic IP phone discovery.
Syntax
voice-vlan track lldp
undo voice-vlan track lldp
Views
System view
Default
This feature is disabled.
Predefined user roles
network-admin
252
Examples
# Enable LLDP for automatic IP phone discovery.
<Sysname> system-view
[Sysname] voice-vlan track lldp
253
MVRP commands
display mvrp running-status
Use display mvrp running-status to display MVRP running status.
Syntax
display mvrp running-status [ interface interface-list ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-list: Specifies a range of Ethernet interfaces in the form of interface-type
interface-number [ to interface-type interface-number ]. The interface-type interface-number
argument represents the interface type and interface number. If you do not specify this option, the
command displays global MVRP information and MVRP running status for all MVRP-enabled ports.
Examples
# Display global MVRP information and MVRP running status for all MVRP-enabled ports.
<Sysname> display mvrp running-status
-------[MVRP Global Info]------Global Status
: Enabled
Compliance-GVRP
: False
----[Ten-GigabitEthernet1/0/1]---Config Status
: Enabled
Running Status
: Enabled
Join Timer
: 20 (centiseconds)
Leave Timer
: 60 (centiseconds)
Periodic Timer
: 100 (centiseconds)
LeaveAll Timer
: 1000 (centiseconds)
Registration Type
: Normal
Registered VLANs :
1(default), 2-10
Declared VLANs :
1(default), 2-10
Propagated VLANs :
1(default), 2-10
----[Ten-GigabitEthernet1/0/2]---Config Status
: Enabled
Running Status
: Disabled
Join Timer
: 20 (centiseconds)
Leave Timer
: 60 (centiseconds)
254
Periodic Timer
: 100 (centiseconds)
LeaveAll Timer
: 1000 (centiseconds)
Registration Type
: Normal
Registered VLANs :
None
Declared
VLANs :
None
Propagated VLANs :
None
Table 55 Command output
Field
Description
MVRP Global Info
Global MVRP information.
Global Status
Global MVRP status:
•
Enabled.
•
Disabled.
Compliance-GVRP
GVRP compatibility status:
•
True—Compatible.
•
False—Incompatible.
----[Ten-GigabitEthernet1/0/1] ----
Interface prompt.
Config Status
Whether MVRP is enabled on the port:
•
Enabled.
•
Disabled.
Whether MVRP takes effect on the port:
•
Enabled.
•
Disabled.
Running Status
The running status of MVRP is determined by the following
factors:
•
Link state.
•
Link type.
•
Whether the port is a member of an aggregate interface.
•
MVRP enabling status of the port.
Join Timer
Join timer, in centiseconds.
Leave Timer
Leave timer, in centiseconds.
Periodic Timer
Periodic timer, in centiseconds.
LeaveAll Timer
LeaveAll timer, in centiseconds.
Registration Type
MVRP registration mode:
•
Normal.
•
Fixed.
•
Forbidden.
Registered VLANs
VLANs that the port has registered.
Declared VLANs
VLANs that the port has declared to its peer participant.
Propagated VLANs
VLANs that the port has learned and notified other participants on
the same device to declare to their respective peer participants.
255
display mvrp state
Use display mvrp state to display the MVRP state of a port in a VLAN.
Syntax
display mvrp state interface interface-type interface-number vlan vlan-id
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies a port by its type and number.
vlan vlan-id: Specifies a VLAN by its VLAN ID in the range of 1 to 4094.
Examples
# Display the MVRP state of Ten-GigabitEthernet 1/0/1 in VLAN 2.
<Sysname> display mvrp state interface ten-gigabitethernet 1/0/1 vlan 2
MVRP state of VLAN 2 on port XGE1/0/1:
Port
VLAN
App-state
Reg-state
------------------------ ------ ----------- ----------XGE1/0/1
2
VP
IN
Table 56 Command output
Field
Description
MVRP state of VLAN 2
on port XGE1/0/1
MVRP state of Ten-GigabitEthernet 1/0/1 in VLAN 2.
App-state
State of the attribute that the local participant declares to its peer participant:
•
VO—Very anxious observer.
•
VP—Very anxious passive.
•
VN—Very anxious new.
•
AN—Anxious new.
•
AA—Anxious active.
•
QA—Quiet active.
•
LA—Leaving active.
•
AO—Anxious observer.
•
QO—Quiet observer.
•
AP—Anxious passive.
•
QP—Quiet passive.
•
LO—Leaving observer.
Reg-state
Registration state of the attribute declared by the peer participant on the local
participant:
•
IN—Registered.
•
LV—Previously registered, but now being unregistered.
•
MT—Not registered.
256
display mvrp statistics
Use display mvrp statistics to display MVRP statistics.
Syntax
display mvrp statistics [ interface interface-list ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-list: Specifies a range of Ethernet interfaces in the form of interface-type
interface-number [ to interface-type interface-number ]. The interface-type interface-number
argument represents the interface type and interface number. If you do not specify this option, the
command displays MVRP statistics of all MVRP-enabled ports.
Usage guidelines
If MVRP is disabled on the specified ports, this command does not provide any output.
Examples
# Display MVRP statistics of all ports.
<Sysname> display mvrp statistics
----[Ten-GigabitEthernet1/0/1]---Failed Registrations
: 1
Last PDU Origin
: 000f-e200-0010
Frames Received
: 201
New Event Received
: 0
JoinIn Event Received
: 1167
In Event Received
: 0
JoinMt Event Received
: 22387
Mt Event Received
: 31
Leave Event Received
: 210
LeaveAll Event Received
: 63
Frames Transmitted
: 120
New Event Transmitted
: 0
JoinIn Event Transmitted
: 311
In Event Transmitted
: 0
JoinMt Event Transmitted
: 873
Mt Event Transmitted
: 11065
Leave Event Transmitted
: 167
LeaveAll Event Transmitted
: 4
Frames Discarded
: 0
----[Ten-GigabitEthernet1/0/2]---Failed Registrations
: 0
Last PDU Origin
: 0000-0000-0000
257
Frames Received
: 0
New Event Received
: 0
JoinIn Event Received
: 0
In Event Received
: 0
JoinMt Event Received
: 0
Mt Event Received
: 0
Leave Event Received
: 0
LeaveAll Event Received
: 0
Frames Transmitted
: 0
New Event Transmitted
: 0
JoinIn Event Transmitted
: 0
In Event Transmitted
: 0
JoinMt Event Transmitted
: 0
Mt Event Transmitted
: 0
Leave Event Transmitted
: 0
LeaveAll Event Transmitted
: 0
Frames Discarded
: 0
Table 57 Command output
Field
Description
----[Ten-GigabitEthernet1/0/1]----
Interface prompt. The statistics between the current interface
prompt and the next interface prompt are statistics of the current
interface.
Failed Registrations
Number of VLAN registration failures through MVRP on the local
participant.
Last PDU Origin
Source MAC address of the last MVRPDU.
Frames Received
Number of MVRP frames received.
New Event Received
Number of New events received.
JoinIn Event Received
Number of JoinIn vents received.
In Event Received
Number of In events received.
JoinMt Event Received
Number of JoinMt events received.
Mt Event Received
Number of Mt events received.
Leave Event Received
Number of Leave events received.
LeaveAll Event Received
Number of LeaveAll events received.
Frames Transmitted
Number of MVRP frames sent.
New Event Transmitted
Number of New events sent.
JoinIn Event Transmitted
Number of JoinIn events sent.
In Event Transmitted
Number of In events sent.
JoinMt Event Transmitted
Number of JoinMt events sent.
Mt Event Transmitted
Number of Mt events sent.
Leave Event Transmitted
Number of Leave events sent.
LeaveAll Event Transmitted
Number of LeaveAll events sent.
Frames Discarded
Number of MVRP frames dropped.
258
mrp timer join
Use mrp timer join to set the Join timer.
Use undo mrp timer join to restore the default.
Syntax
mrp timer join timer-value
undo mrp timer join
Default
The Join timer is 20 centiseconds.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
timer-value: Specifies the Join timer value (in centiseconds). The Join timer must meet the following
requirements:
•
Not less than 20.
•
Less than half the Leave timer.
•
Divisible by 20.
Examples
# Set the Join timer to 40 centiseconds. (In this example, the Leave timer is 100 centiseconds.)
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mrp timer join 40
Related commands
display mvrp running-status
mrp timer leave
mrp timer leave
Use mrp timer leave to set the Leave timer.
Use undo mrp timer leave to restore the default.
Syntax
mrp timer leave timer-value
undo mrp timer leave
Default
The Leave timer is 60 centiseconds.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
259
Predefined user roles
network-admin
Parameters
timer-value: Specifies the Leave timer value (in centiseconds). The Leave timer must meet the
following requirements:
•
Greater than two times the Join timer.
•
Less than the LeaveAll timer.
•
Divisible by 20.
Examples
# Set the Leave timer to 100 centiseconds. (In this example, the Join and LeaveAll timer use their
default settings.)
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mrp timer leave 100
Related commands
display mvrp running-status
mrp timer join
mrp timer leaveall
mrp timer leaveall
Use mrp timer leaveall to set the LeaveAll timer.
Use undo mrp timer leaveall to restore the default.
Syntax
mrp timer leaveall timer-value
undo mrp timer leaveall
Default
The LeaveAll timer is 1000 centiseconds.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameter
timer-value: Specifies the LeaveAll timer value (in centiseconds). The LeaveAll timer must meet the
following requirements:
•
Greater than any Leave timer on each port.
•
Not greater than 32760.
•
Divisible by 20.
260
Usage guidelines
Each time the LeaveAll timer of a port expires, all attributes of the MSTIs on the port are deregistered
throughout the network. To prevent this type of deregistration from affecting the network, do not set
the LeaveAll timer to less than its default value.
To keep the dynamic VLANs learned through MVRP stable, do not set the LeaveAll timer to less than
its default value.
The device randomly changes the LeaveAll timer within a certain range when the MRP participant
restarts its LeaveAll timer. This prevents the LeaveAll timer of a particular participant from always
expiring first.
Examples
# Set the LeaveAll timer to 1500 centiseconds. (In this example, the Leave timer has been restored
to the default.)
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mrp timer leaveall 1500
Related commands
display mvrp running-status
mrp timer leave
mrp timer periodic
Use mrp timer periodic to set the Periodic timer.
Use undo mrp timer periodic to restore the default.
Syntax
mrp timer periodic timer-value
undo mrp timer periodic
Default
The Periodic timer is 100 centiseconds.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
timer-value: Specifies the Periodic timer (in centiseconds), which can be 0 or 100.
Usage guidelines
Setting the Periodic timer to 0 disables the Periodic timer.
Setting the Periodic timer to 100 enables the Periodic timer. The participant then sends MRP frames
per 100 centiseconds.
Examples
# Disable the periodic timer.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
261
[Sysname-Ten-GigabitEthernet1/0/1] mrp timer periodic 0
Related commands
display mvrp running-status
mvrp enable
Use mvrp enable to enable MVRP on a port.
Use undo mvrp enable to restore the default.
Syntax
mvrp enable
undo mvrp enable
Default
MVRP is disabled on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Usage guidelines
For MVRP to take effect on a port, make sure the following requirements are met:
•
MVRP is enabled both globally and on the port.
•
The port is in up state.
•
The link type of the port is trunk.
•
The port is not a member of an aggregation group.
Examples
# Enable MVRP on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] mvrp global enable
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk
[Sysname-Ten-GigabitEthernet1/0/1] mvrp enable
Related commands
display mvrp running-status
mvrp global enable
Use mvrp global enable to enable MVRP globally.
Use undo mvrp global enable to restore the default.
Syntax
mvrp global enable
undo mvrp global enable
262
Default
MVRP is disabled globally.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To make MVRP take effect on a port, enable MVRP both on the port and globally.
Examples
# Enable MVRP globally.
<Sysname> system-view
[Sysname] mvrp global enable
Related commands
display mvrp running-status
mvrp gvrp-compliance enable
Use mvrp gvrp-compliance enable to enable GVRP compatibility.
Use undo mvrp gvrp-compliance enable to restore the default.
Syntax
mvrp gvrp-compliance enable
undo mvrp gvrp-compliance enable
Default
GVRP compatibility is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When you enable GVRP compatibility, the device can receive and send both MVRP and GVRP
frames.
Examples
# Enable GVRP compatibility.
<Sysname> system-view
[Sysname] mvrp gvrp-compliance enable
Related commands
display mvrp running-status
mvrp registration
Use mvrp registration to set the MVRP registration mode on a port.
263
Use undo mvrp registration to restore the default.
Syntax
mvrp registration { fixed | forbidden | normal }
undo mvrp registration
Default
The MVRP registration mode is normal.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
fixed: Specifies the fixed registration mode.
forbidden: Specifies the forbidden registration mode.
normal: Specifies the normal registration mode.
Examples
# Set the MVRP registration mode to fixed on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] mvrp registration fixed
Related commands
display mvrp running-status
reset mvrp statistics
Use reset mvrp statistics to clear MVRP statistics of ports.
Syntax
reset mvrp statistics [ interface interface-list ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-list: Specifies a range of Ethernet interfaces in the form of interface-type
interface-number [ to interface-type interface-number ]. The interface-type interface-number
argument represents the interface type and interface number. If you do not specify this option, the
command clears MVRP statistics of all ports.
Examples
# Clear MVRP statistics of all ports.
<Sysname> reset mvrp statistics
264
Related commands
display mvrp statistics
265
QinQ commands
This document uses the following terms:
•
CVLAN—Customer network VLANs, also called inner VLANs, refer to VLANs that a customer
uses on the private network.
•
SVLAN—Service provider network VLANs, also called outer VLANs, refer to VLANs that a
service provider uses to transmit VLAN tagged traffic for customers.
display qinq
Use display qinq to display the QinQ-enabled interfaces.
Syntax
display qinq [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, this command displays all QinQ-enabled interfaces.
Usage guidelines
If QinQ is not enabled on any interfaces, this command does not provide any output.
Examples
# Enable QinQ on Ten-GigabitEthernet 1/0/1. Then, verify that QinQ is enabled on the interface.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qinq enable
[Sysname-Ten-GigabitEthernet1/0/1] display qinq interface ten-gigabitethernet 1/0/1
Interface
Ten-GigabitEthernet1/0/1
# Enable QinQ on Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/3. Then, verify that QinQ
is enabled on the interfaces.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qinq enable
[Sysname-Ten-GigabitEthernet1/0/1] quit
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] qinq enable
[Sysname-Ten-GigabitEthernet1/0/3] display qinq
Interface
Ten-GigabitEthernet1/0/1
Ten-GigabitEthernet1/0/3
266
Table 58 Command output
Field
Description
Interface
Interface name.
Ten-GigabitEthernet1/0/1
QinQ-enabled interface.
Related commands
qinq enable
qinq enable
Use qinq enable to enable QinQ on an Ethernet interface.
Use undo qinq enable to restore the default.
Syntax
qinq enable
undo qinq enable
Default
QinQ is disabled on Ethernet interfaces.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Examples
# Enable QinQ on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qinq enable
Related commands
display qinq
qinq ethernet-type customer-tag
Use qinq ethernet-type customer-tag to configure the CVLAN TPID.
Use undo qinq ethernet-type customer-tag to restore the default CVLAN TPID.
Syntax
qinq ethernet-type customer-tag hex-value
undo qinq ethernet-type customer-tag
Default
The CVLAN TPID is 0x8100.
Views
System view
267
Predefined user roles
network-admin
Parameters
hex-value: Sets a hexadecimal TPID value in the range of 0x0001 to 0xFFFF, excluding the reserved
EtherType values listed in Table 59.
Table 59 Reserved EtherType values
Protocol type
Value
ARP
0x0806
PUP
0x0200
RARP
0x8035
IP
0x0800
IPv6
0x86DD
PPPoE
0x8863/0x8864
MPLS
0x8847/0x8848
IPX/SPX
0x8137
IS-IS
0x8000
LACP
0x8809
802.1X
0x888E
LLDP
0x88CC
802.1ag
0x8902
Cluster
0x88A7
Reserved
0xFFFD/0xFFFE/0xFFFF
Usage guidelines
A QinQ-enabled port uses the CLAN TPID to match incoming tagged frames. An incoming frame is
handled as an untagged frame if its TPID is different from the CVLAN TPID.
Examples
# Set the TPID value in CVLAN tags to 0x8200.
<Sysname> system-view
[Sysname] qinq ethernet-type customer-tag 8200
qinq ethernet-type service-tag
Use qinq ethernet-type service-tag to configure the SVLAN TPID.
Use undo qinq ethernet-type service-tag to restore the default SVLAN TPID.
Syntax
qinq ethernet-type service-tag hex-value
undo qinq ethernet-type service-tag
Default
The SVLAN TPID is 0x8100.
268
Views
Ethernet interface view
Aggregate interface view
Predefined user roles
network-admin
Parameters
hex-value: Sets a hexadecimal TPID value in the range of 0x0001 to 0xFFFF, excluding the reserved
EtherType values listed in Table 59.
Usage guidelines
A service provider-side port uses the SVLAN TPID to replace the TPID in outgoing frames' SVLAN
tags, in addition to matching incoming tagged frames.
Examples
# Set the SVLAN TPID to 0x9100 on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] qinq ethernet-type service-tag 9100
qinq transparent-vlan
Use qinq transparent-vlan to enable transparent transmission for a list of VLANs on a port.
Use undo qinq transparent-vlan to disable transparent transmission for a list of VLANs on a port.
Syntax
qinq transparent-vlan vlan-id-list
undo qinq transparent-vlan { vlan-id-list | all }
Default
Transparent transmission is disabled for all VLANs on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a single
VLAN ID or a VLAN ID range in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to
4094. The end VLAN ID must be equal to or greater than the start VLAN ID.
all: Specifies all existing VLANs.
Usage guidelines
By default, QinQ tags all incoming frames with the PVID on a port. This command disables QinQ to
tag incoming traffic from a list of VLANs. These VLANs are called transparent VLANs.
To ensure successful transmission for a transparent VLAN, follow these configuration guidelines:
•
Set the link type of the port to trunk or hybrid, and assign the port to its PVID and the transparent
VLAN.
269
•
Do not configure any other VLAN manipulation actions for the transparent VLAN on the port.
•
Make sure all ports on the traffic path permit the transparent VLAN to pass through.
Examples
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port, and assign the port to VLAN 2, VLAN 3, and
VLANs 50 through 100. Enable QinQ on Ten-GigabitEthernet 1/0/1, and configure the port to
transparently transmit frames from VLAN 2.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port link-type trunk
[Sysname-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3 50 to 100
[Sysname-Ten-GigabitEthernet1/0/1] qinq enable
[Sysname-Ten-GigabitEthernet1/0/1] qinq transparent-vlan 2
270
VLAN mapping commands
display vlan mapping
Use display vlan mapping to display VLAN mappings.
Syntax
display vlan mapping [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, the command displays VLAN mappings on all interfaces.
Examples
# Display VLAN mappings on all interfaces.
<Sysname> display vlan mapping
Interface Ten-GigabitEthernet1/0/1:
Outer VLAN
Inner VLAN
Translated Outer VLAN
Translated Inner VLAN
10
N/A
120
N/A
Interface Ten-GigabitEthernet1/0/2:
Outer VLAN
Inner VLAN
Translated Outer VLAN
Translated Inner VLAN
4-4094
N/A
100
N/A
Interface Ten-GigabitEthernet1/0/3:
Outer VLAN
Inner VLAN
Translated Outer VLAN
Translated Inner VLAN
12
N/A
110
12
Interface Ten-GigabitEthernet1/0/4:
Outer VLAN
Inner VLAN
Translated Outer VLAN
Translated Inner VLAN
11
30
130
40
Table 60 Command output
Field
Description
Interface
Interface information.
Original outer VLAN.
Outer VLAN
This field indicates the original VLAN when the Inner VLAN field
displays N/A.
Original inner VLAN.
Inner VLAN
This field displays N/A for the following VLAN mapping types:
•
One-to-one VLAN mapping
271
Field
Description
•
•
Many-to-one VLAN mapping
One-to-two VLAN mapping
Translated outer VLAN.
Translated Outer VLAN
This field indicates the translated VLAN when the Translated Inner
VLAN field displays N/A.
Translated inner VLAN.
Translated Inner VLAN
This field displays N/A for the following VLAN mapping types:
•
One-to-one VLAN mapping
•
Many-to-one VLAN mapping
Related commands
vlan mapping
vlan mapping
Use vlan mapping to configure VLAN mapping on an interface.
Use undo vlan mapping to cancel the VLAN mapping configuration.
Syntax
vlan mapping { vlan-id translated-vlan vlan-id | nest { range vlan-range-list | single vlan-id-list }
nested-vlan vlan-id | nni | tunnel outer-vlan-id inner-vlan-id translated-vlan outer-vlan-id
inner-vlan-id | uni { range vlan-range-list | single vlan-id-list } translated-vlan vlan-id }
undo vlan mapping { vlan-id translated-vlan vlan-id | all | nest { range vlan-range-list | single
vlan-id-list } nested-vlan vlan-id | nni | tunnel outer-vlan-id inner-vlan-id translated-vlan
outer-vlan-id inner-vlan-id | uni { range vlan-range-list | single vlan-id-list } translated-vlan vlan-id }
Default
VLAN mapping is not configured on an interface.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
vlan-id translated-vlan vlan-id: Specifies the original VLAN and translated VLAN for a one-to-one
VLAN mapping. The value range for the vlan-id argument is 1 to 4094. The original VLAN and the
translated VLAN cannot be the same.
uni range vlan-range-list translated-vlan vlan-id: Specifies the original VLAN ranges and the
translated VLAN for a many-to-one VLAN mapping on the customer-side port. The vlan-range-list
argument specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or
a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094.
The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1
argument. Different VLAN ranges cannot overlap. Any of the original VLANs cannot be the same as
the translated VLAN.
uni single vlan-id-list translated-vlan vlan-id: Specifies the original VLANs and the translated VLAN
for a many-to-one VLAN mapping on the customer-side port. The vlan-id-list argument specifies a
space-separated list of up to 10 VLAN IDs, each of which is in the range of 1 to 4094. The value
272
range for the vlan-id argument is 1 to 4094. Any of the original VLANs cannot be the same as the
translated VLAN.
nni: Configures the network-side port to use the original VLAN tags of the many-to-one mapping to
replace the VLAN tags of the packets destined for the user network.
nest range vlan-range-list nested-vlan vlan-id: Specifies the CVLAN ranges and the SVLAN for a
one-to-two VLAN mapping. The vlan-range-list argument specifies a space-separated list of up to 10
CVLAN items. Each item specifies a CVLAN ID or a range of CVLAN IDs in the form of vlan-id1 to
vlan-id2. The value range for CVLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be
equal to or greater than the value for the vlan-id1 argument. Different CVLAN ranges cannot overlap.
The vlan-id argument specifies the SVLAN ID in the range of 1 to 4094.
nest single vlan-id-list nested-vlan vlan-id: Specifies the CVLANs and the SVLAN for a one-to-two
VLAN mapping. The vlan-id-list argument specifies a space-separated list of up to 10 VLAN IDs,
each of which is in the range of 1 to 4094. The value range for the vlan-id argument is 1 to 4094.
tunnel outer-vlan-id inner-vlan-id translated-vlan outer-vlan-id inner-vlan-id: Specifies the original
SVLAN ID and CVLAN ID and the translated SVLAN ID and CVLAN ID for a two-to-two VLAN
mapping. The value ranges for the outer-vlan-id argument and the inner-vlan-id argument are both 1
to 4094.
all: Deletes all VLAN mapping configurations from the interface.
Usage guidelines
For different types of VLAN mapping entries on an interface, both the original VLANs and the
translated VLANs cannot overlap. For one-to-one VLAN mapping entries or two-to-two VLAN
mapping entries, the translated VLANs cannot overlap. When the original VLANs of one-to-one or
two-to-two VLAN mapping entries overlap, the most recent configuration takes effect.
On an interface, a transparent VLAN cannot be configured as an original VLAN or translated VLAN.
For packets that have two layers of VLAN tags, both of the translated VLANs and original VLANs
refer to only the outer VLANs. For more information about transparent VLANs, see Layer 2—LAN
Switching Configuration Guide.
To make many-to-one VLAN mapping take effect, configure many-to-one VLAN mapping in pairs on
both the customer side and the network side. An interface cannot be configured as the
customer-side port and network-side port of many-to-one VLAN mapping at the same time. After you
configure an interface as the network-side interface of many-to-one VLAN mapping, do not configure
the other types of VLAN mapping on the interface.
Customer-side many-to-one VLAN mapping is not supported in Layer 2 aggregate interface view.
Before enabling or disabling QinQ, first clear the existing VLAN mapping entries. You cannot
configure two-to-two VLAN mapping on a QinQ-enabled port.
To ensure correct traffic forwarding from the service provider network to the customer network, do
not configure many-to-one VLAN mapping together with uRPF. For more information about uRPF,
see Security Configuration Guide.
The MTU of an interface is 1500 bytes by default. After a VLAN tag is added to a packet, the packet
length is added by 4 bytes. As a best practice, set the MTU to a minimum of 1504 bytes for ports on
the forwarding path of the packet in the service provider network.
VLAN mapping takes effect only on VLAN-tagged packets received on an interface.
VLAN mapping is mutually exclusive with EVB. Do not configure both features on a port.
Examples
# Configure a one-to-one VLAN mapping on Ten-GigabitEthernet 1/0/1 to map VLAN 1 to VLAN 101.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] vlan mapping 1 translated-vlan 101
273
# Configure many-to-one VLAN mappings on the customer-side port Ten-GigabitEthernet 1/0/2 to
map VLANs 1 through 50 and VLAN 80 to VLAN 101. Configure the network-side port
Ten-GigabitEthernet 1/0/3 to use the original VLAN tags of the many-to-one mappings to replace the
VLAN tags of the packets destined for the user network.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/2
[Sysname-Ten-GigabitEthernet1/0/2] vlan mapping uni range 1 to 50 translated-vlan 101
[Sysname-Ten-GigabitEthernet1/0/2] vlan mapping uni single 80 translated-vlan 101
[Sysname-Ten-GigabitEthernet1/0/2] quit
[Sysname] interface ten-gigabitethernet 1/0/3
[Sysname-Ten-GigabitEthernet1/0/3] vlan mapping nni
# Configure one-to-two VLAN mappings on Ten-GigabitEthernet 1/0/4 to add SVLAN tag 101 to
packets carrying VLAN tags 1 through 10 and 80.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/4
[Sysname-Ten-GigabitEthernet1/0/4] vlan mapping nest range 1 to 10 nested-vlan 101
[Sysname-Ten-GigabitEthernet1/0/4] vlan mapping nest single 80 nested-vlan 101
# Configure a two-to-two VLAN mapping on Ten-GigabitEthernet 1/0/5 to map SVLAN 101 and
CVLAN 1 to SVLAN 201 and CVLAN 10, respectively.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/5
[Sysname-Ten-GigabitEthernet1/0/5] vlan mapping tunnel 101 1 translated-vlan 201 10
Related commands
display vlan mapping
274
PBB commands
bvlan
Use bvlan to specify a B-VLAN for a PBB VSI.
Use undo bvlan to remove the B-VLAN of a PBB VSI.
Syntax
bvlan vlan-id
undo bvlan
Default
No B-VLAN is specified for a PBB VSI.
Views
PBB VSI view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a B-VLAN ID in the range of 1 to 4094.
Usage guidelines
You can assign only one B-VLAN to a PBB VSI, but different PBB VSIs can use the same B-VLAN.
For a PBB VSI, you must specify the same I-SID and B-VLAN across all BEBs.
Examples
# Create PBB VSI web with I-SID 100. Specify B-VLAN 100 for the PBB VSI.
<Sysname> system-view
[Sysname] l2vpn enable
[Sysname] vsi web
[Sysname-vsi-web] pbb i-sid 100
[Sysname-vsi-web-100] bvlan 100
Related commands
vsi (MPLS Command Reference)
display l2vpn minm connection
Use display l2vpn minm connection to display MAC-in-MAC connections.
Syntax
display l2vpn minm connection [ vsi vsi-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
275
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not
specify a VSI, the command displays MAC-in-MAC connections for all VSIs.
Examples
# Display MAC-in-MAC connections for all VSIs.
<Sysname> display l2vpn minm connection
Total number of MinM connections: 4
Types: MC - multicast, UC - unicast
Link ID
BMAC
BVLAN
Owner
Type
Interface
1024
0cda-41ba-1f81
20
PBB
UC
XGE1/0/18
1025
0cda-41ba-1f81
21
PBB
UC
XGE1/0/18
VSI name: aaa
Link ID
I-SID
BMAC
BVLAN
Owner
Type
Interface
-
1
011e-8300-0001
20
PBB
MC
XGE1/0/18
VSI name: aab
Link ID
I-SID
BMAC
BVLAN
Owner
Type
Interface
-
2
011e-8300-0002
21
PBB
MC
XGE1/0/18
Table 61 Command output
Field
Description
Link ID
Link ID of the MAC-in-MAC connection.
I-SID
Backbone service instance identifier.
BMAC
Backbone MAC address.
BVLAN
Backbone VLAN.
Owner
Entry source: PBB or SPB.
Type
Type of the MAC-in-MAC connection:
•
MC—The connection is for multicast.
•
UC—The connection is for unicast.
Interface
Outgoing interface.
display l2vpn minm forwarding
Use display l2vpn minm forwarding to display MAC-in-MAC forwarding entries.
Syntax
display l2vpn minm forwarding [ vsi vsi-name ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
276
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not
specify a VSI, the command displays MAC-in-MAC forwarding entries for all VSIs.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify this option,
the command displays the MAC-in-MAC forwarding entries on the master device.
Examples
# Display all MAC-in-MAC forwarding entries.
<Sysname> display l2vpn minm forwarding
Total number of MinM connections: 4
Types: MC - multicast, UC - unicast
Status Flag: * - inactive
Link ID BMAC
BVLAN Owner Type Interface
1024
0cda-41ba-1f81
20
PBB
UC
XGE1/0/18
1025
0cda-41ba-1f81
21
PBB
UC
XGE1/0/18
VSI name: aaa
Link ID I-SID
BMAC
BVLAN Owner Type Interface
-
011e-8300-0001
20
Link ID I-SID
BMAC
BVLAN Owner Type Interface
-
011e-8300-0002
21
1
PBB
MC
XGE1/0/18
VSI name: aab
2
PBB
MC
XGE1/0/18
Table 62 Command output
Field
Description
Link ID
Link ID of the MAC-in-MAC connection.
I-SID
Backbone service instance identifier.
BMAC
Backbone MAC address.
BVLAN
Backbone VLAN.
Owner
Entry source: PBB or SPB.
Type
Type of the MAC-in-MAC connection:
•
MC—The connection is for multicast.
•
UC—The connection is for unicast.
Interface
Outgoing interface.
An asterisk (*) indicates that the MAC-in-MAC forwarding entry is ineffective.
display l2vpn vsi
Use display l2vpn vsi to display VSI information.
Syntax
display l2vpn vsi [ name vsi-name ] [ verbose ]
Views
Any view
277
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do
not specify a VSI, the command displays information for all VSIs.
verbose: Displays detailed VSI information. If you do not specify this keyword, the command
displays brief VSI information.
Examples
# Display detailed information for all VSIs.
<Sysname> display l2vpn vsi verbose
VSI Name: aaa
VSI Index
: 0
VSI State
: Up
MTU
: 1500
Bandwidth
: -
Broadcast Restrain
: -
Multicast Restrain
: -
Unknown Unicast Restrain: MAC Learning
: Enabled
MAC Table Limit
: -
Drop Unknown
: -
Flooding
: Enabled
VXLAN ID
: -
PBB I-SID
: 1
PBB Connections:
BMAC
BVLAN
Link ID
Type
011e-8300-0001
20
-
Multicast
Link ID
State
ACs:
AC
XGE1/0/33 srv1
0
VSI Name: aab
VSI Index
: 1
VSI State
: Up
MTU
: 1500
Bandwidth
: -
Broadcast Restrain
: -
Multicast Restrain
: -
Unknown Unicast Restrain: MAC Learning
: Enabled
MAC Table Limit
: -
Drop Unknown
: -
Flooding
: Enabled
VXLAN ID
: -
PBB I-SID
: 2
PBB Connections:
278
Up
BMAC
BVLAN
Link ID
Type
011e-8300-0002
21
-
Multicast
Link ID
State
ACs:
AC
XGE1/0/33 srv2
0
Up
Table 63 Command output
Field
Description
VSI Description
VSI description. This field appears only when you have configured a
description for the VSI.
VSI State
VSI state:
•
Up.
•
Down.
•
Administratively down—The VSI has been manually shut
down by using the shutdown command.
MTU
MTU for the VSI.
Bandwidth
Maximum bandwidth in kbps for the VSI.
Broadcast Restrain
Broadcast suppression ratio for the VSI.
Multicast Restrain
Multicast suppression ratio for the VSI.
Unknown Unicast Restrain
Unknown unicast suppression ratio for the VSI.
MAC Learning
MAC learning state: Enabled or Disabled.
Maximum number of MAC address entries on the VSI.
MAC Table Limit
Drop Unknown
If the value is set to Unlimited, the number of MAC address entries is
not limited.
Whether the VSI drops packets with unknown source MAC addresses
after the maximum number of MAC entries is reached:
•
Enabled—Drops these packets.
•
Disabled—Forwards these packets.
Flooding
State of the VSI's flooding function. This field is ignored in PBB.
VXLAN ID
VXLAN ID. This field is ignored in PBB.
BMAC
Backbone MAC address.
BVLAN
Backbone VLAN.
Type
Entry type. The value is Multicast, indicating that the entry is used for
multicast forwarding.
ACs
Attachment circuits (ACs) that are bound to the VSI.
AC
AC type. The value is Layer 2 interface and Ethernet service instance,
such as XGE1/0/33 srv2.
Link ID
Link ID in the VSI for the AC.
State
AC state: Up or Down.
display pbb connection
Use display pbb connection to display PBB VSI uplink connection information.
279
Syntax
display pbb connection
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
The device does not generate a multicast type connection when you configure a member of an
aggregation group as an uplink port.
Examples
# Display PBB VSI uplink connection information.
<Sysname> display pbb connection
BMAC
BVLAN
Port
Type
Aging
011e-8300-0001
4001
XGE1/0/1
MC
N
00e0-3948-0100
4001
XGE1/0/1
UC
Y
011e-8300-0002
4002
XGE1/0/2
MC
N
UC
Y
XGE1/0/3
XGE1/0/4
00e0-3948-0300
4002
XGE1/0/2
Table 64 Command output
Field
Description
BMAC
Backbone MAC address.
BVLAN
Backbone VLAN ID.
Port
Outgoing interface.
Type
Entry type:
•
UC—The connection is for unicast.
•
MC—The connection is for multicast.
Aging
Support for aging:
•
Y—The entry supports aging.
•
N—The entry does not age.
Related commands
reset pbb connection
encapsulation
Use encapsulation to specify a data encapsulation type for a PBB VSI.
Use undo encapsulation to restore the default.
Syntax
encapsulation { ethernet | vlan }
undo encapsulation
280
Default
The data encapsulation type is VLAN.
Views
PBB VSI view
Predefined user roles
network-admin
Parameters
ethernet: Specifies Ethernet encapsulation.
vlan: Specifies VLAN encapsulation.
Examples
# Configure the Ethernet encapsulation type.
<Sysname> system-view
[Sysname] l2vpn enable
[Sysname] vsi web
[Sysname-vsi-web] pbb i-sid 100
[Sysname-vsi-web-100] encapsulation ethernet
Related commands
pbb i-sid
vsi (MPLS Command Reference)
pbb i-sid
Use pbb i-sid to configure a VSI as a PBB VSI, specify a PBB I-SID for the PBB VSI, and enter PBB
VSI view.
Use undo pbb i-sid to restore the default.
Syntax
pbb i-sid i-sid
undo pbb i-sid
Default
No PBB VSI exists.
Views
VSI view
Predefined user roles
network-admin
Parameters
i-sid: Specifies a PBB I-SID for the VSI, in the range of 1 to 16777215.
Usage guidelines
For a VSI, the PBB I-SID cannot be the same as the SPB I-SID. For more information about SPB,
see SPB Configuration Guide.
Examples
# Specify PBB I-SID 100 for VSI vpn1 and enter PBB VSI view.
281
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] pbb i-sid 100
[Sysname-vsi-vpn1-100]
Related commands
display l2vpn minm connection
display l2vpn minm forwarding
pbb uplink
Use pbb uplink to configure an interface as an uplink port for PBB VSIs.
Use undo pbb uplink to remove an uplink port of PBB VSIs.
Syntax
pbb uplink { all | vsi vsi-name-list }
undo pbb uplink { all | vsi vsi-name-list }
Default
An interface is not configured as the uplink port of any PBB VSI.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
all: Specifies all VSIs.
vsi vsi-name-list: Specifies a space-separated list of up to 10 VSI names. A VSI name is a
case-sensitive string of 1 to 31 characters.
Usage guidelines
For a PBB VSI to operate correctly, you must specify a minimum of one uplink port for it.
The pbb uplink all command can override the pbb uplink vsi command on an interface. However,
the pbb uplink vsi command cannot override the pbb uplink all command.
•
If an interface has been an uplink port for a list of PBB VSIs, you can use the pbb uplink all
command to specify it for all PBB VSIs.
•
If an interface has been an uplink port for all PBB VSIs, the pbb uplink vsi command cannot
take effect. To specify the interface as an uplink port only for a list of PBB VSIs, you must first
execute the undo pbb uplink all command.
You can create VSIs before or after you configure the pbb uplink command. The uplink port
configuration takes effect after you create the VSIs.
To configure the pbb uplink command successfully on an aggregate interface, you must make sure
all its member ports support PBB.
After the command is configured on an aggregate interface, you can add PBB-incapable ports to the
aggregate interface. The system will generate a log message that the member port does not support
PBB. This situation does not affect the operations of the aggregate interface or PBB.
282
Examples
# Specify Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 as the uplink ports of the web
and mail PBB VSIs.
<Sysname> system-view
[Sysname] l2vpn enable
[Sysname] vsi web
[Sysname-vsi-web] pbb i-sid 100
[Sysname-vsi-web-100] bvlan 100
[Sysname-vsi-web-100] quit
[Sysname-vsi-web] quit
[Sysname] vsi mail
[Sysname-vsi-mail] pbb i-sid 200
[Sysname-vsi-mail-200] bvlan 200
[Sysname-vsi-mail-200] quit
[Sysname-vsi-mail] quit
[Sysname] interface range ten-gigabitethernet1/0/1 to ten-gigabitethernet1/0/2
[Sysname-if-range] pbb uplink vsi web mail
Related commands
vsi (MPLS Command Reference)
reset pbb connection
Use reset pbb connection to clear PBB VSI uplink connection information.
Syntax
reset pbb connection [ bvlan vlan-id | interface interface-type interface-number ] *
Views
User view
Predefined user roles
network-admin
Parameters
bvlan vlan-id: Specifies a B-VLAN by its ID in the range of 1 to 4094. If you do not specify a B-VLAN,
the command clears PBB VSI uplink connection information for all B-VLANs.
interface interface-type interface-number: Specifies an interface by its type and number. If you do
not specify an interface, the command clears PBB VSI uplink connection information for all
interfaces.
Usage guidelines
The command clears only connection information dynamically learned by PBB.
Examples
# Clear PBB VSI uplink connection information.
<Sysname> reset pbb connection
Related commands
display pbb connection
283
LLDP commands
You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command
(see Layer 2—LAN Switching Configuration Guide).
dcbx version
Use dcbx version to configure the DCBX version.
Use undo dcbx version to restore the default.
Syntax
dcbx version { rev100 | rev101 | standard }
undo dcbx version
Default
The DCBX version is autonegotiated by two interfaces, with the standard version as the initial
version for negotiation at the local end.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
rev100: Specifies DCBX Rev 1.00.
rev101: Specifies DCBX Rev 1.01.
standard: Specifies the IEEE Std 802.1Qaz-2011.
Usage guidelines
For DCBX to work correctly, configure the same DCBX version that is supported on both ends. As a
best practice, configure the highest version supported on both ends. IEEE Std 802.1Qaz-2011,
DCBX Rev 1.01, and DCBX Rev 1.00 are in descending order.
After this command is configured, an interface includes the configured DCBX version in its outgoing
LLDP frames and does not negotiate the DCBX version with the peer interface.
Examples
# Configure the DCBX version as DCBX Rev 1.01 on interface Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dcbx version rev101
display lldp local-information
Use display lldp local-information to display local LLDP information, which will be contained in the
advertisable LLDP TLVs and sent to neighboring devices.
Syntax
display lldp local-information [ global | interface interface-type interface-number ]
284
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
global: Displays the global local LLDP information.
interface interface-type interface-number: Specifies a port by its type and number.
Usage guidelines
If no keyword or argument is specified, this command displays all local LLDP information, which
includes the following:
•
The global LLDP information.
•
The LLDP information about the LLDP-enabled ports in up state.
Examples
# Display all local LLDP information. (In this example, the DCBX version is IEEE Std
802.1Qaz-2011.)
<Sysname> display lldp local-information
Global LLDP local-information:
Chassis ID
: 0cda-415e-232e
System name
: Sysname
System description
: HPE Comware Platform Software, Software Version 7.1.046,
Release 2422P01
HPE 5900AF-48XG-4QSFP+ Switch
Copyright (c) 2010-2015 Hewlett Packard Enterprise Develo
pment LP
System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge
System capabilities enabled
: Bridge, Router, Customer Bridge
MED information:
Device class
: Connectivity device
MED inventory information of master board:
HardwareRev
: Ver.B
FirmwareRev
: 125
SoftwareRev
: 7.1.046 Release 2422P01
SerialNum
: 210235A0U0H12A000065
Manufacturer name
: HPE
Model name
: HPE 5900AF-48XG-4QSFP+ Switch
Asset tracking identifier
: Unknown
LLDP local-information of port 1[Ten-GigabitEthernet1/0/1]:
Port ID type
: Interface name
Port ID
: Ten-GigabitEthernet1/0/1
Port description
: Ten-GigabitEthernet1/0/1 Interface
LLDP agent nearest-bridge management address:
Management address type
: All802
Management address
: 0cda-415e-2357
Management address interface type : IfIndex
Management address interface ID
: Unknown
285
Management address OID
: 0
LLDP agent nearest-nontpmr management address:
Management address type
: All802
Management address
: 0cda-415e-2357
Management address interface type : IfIndex
Management address interface ID
: Unknown
Management address OID
: 0
LLDP agent nearest-customer management address:
Management address type
: All802
Management address
: 0cda-415e-2357
Management address interface type : IfIndex
Management address interface ID
: Unknown
Management address OID
: 0
DCBX Control info:
Oper version
: Ver 1.00
Sequence number
: 6
Acknowledge number : 0
DCBX ETS info:
CoS
Local Priority
Percentage
0
2
6
1
0
2
2
1
4
3
5
19
4
4
11
5
5
19
6
6
27
7
7
31
DCBX PFC info:
P0-0
P1-0
P2-0
P3-0
P4-0
P5-1
DCBX APP info:
CoS map: 0x8
Port VLAN ID(PVID)
: 1
Port and protocol VLAN ID(PPVID)
: 0
Port and protocol VLAN supported
: No
Port and protocol VLAN enabled
: No
VLAN name of VLAN 1
Management VLAN ID
: VLAN 0001
: 0
Link aggregation supported : Yes
Link aggregation enabled
: No
Aggregation port ID
: 0
Auto-negotiation supported : Yes
Auto-negotiation enabled
: Yes
OperMau
: Speed(10000)/Duplex(Full)
Power port class
: PSE
PSE power supported
: No
PSE power enabled
: No
PSE pairs control ability
: No
Power pairs
: Signal
286
P6-0
P7-0
Port power classification
: Class 0
Maximum frame size
: 10000
Table 65 Command output
Field
Description
Chassis ID
Bridge MAC address of the device.
System capabilities supported
Supported capabilities:
•
Bridge—Switching is supported.
•
Router—Routing is supported.
•
DocsisCableDevice—The local device can serve as a
DOCSIS-compliant cable device.
•
StationOnly—The local device can serve as a station only.
•
Customer Bridge—The customer bridge function is supported.
•
Service Bridge—The service bridge function is supported.
•
TPMR—The two-port MAC relay (TPMR) function is supported.
•
Other—Functions other than those listed above are supported.
System capabilities enabled
Enabled capabilities:
•
Bridge—Switching is enabled.
•
Router—Routing is enabled.
•
DocsisCableDevice—The local device is serving as a
DOCSIS-compliant cable device.
•
StationOnly—The local device is serving as a station only.
•
Customer Bridge—The customer bridge function is enabled.
•
Service Bridge—The service bridge function is enabled.
•
TPMR—The TPMR function is enabled.
•
Other—Functions other than those listed above are enabled.
Device class
MED device class:
•
Connectivity device—Network device.
•
Class I—Normal terminal device. It requires the basic LLDP
discovery services.
•
Class II—Media terminal device. It supports media streams, and
can also function as a normal terminal device.
•
Class III—Communication terminal device. It supports the IP
communication systems of end users, and can also function as a
normal terminal device or media terminal device.
MED inventory information of
master board
MED inventory information of the master board on the IRF device.
HardwareRev
Hardware version.
FirmwareRev
Firmware version.
SoftwareRev
Software version.
SerialNum
Serial number.
Manufacturer name
Device manufacturer.
Model name
Device model.
Port ID type
Port ID type:
•
MAC address.
•
Interface name.
Port ID
Port ID, the value of which varies with port ID type.
Management address interface
Numbering type of the interface identified by the management address.
287
Field
Description
type
Management address interface
ID
Index of the interface identified by the management address.
Management address OID
Management address object ID.
DCBX control info
Displayed as version information in IEEE Std 802.1Qaz-2011.
Oper version
DCBX version number.
Sequence number
Number of DCBX TLV content changes.
Acknowledge number
Times of synchronizing configurations by the peer device.
DCBX ETS info
CoS-to-local priority mapping and bandwidth allocation.
Percentage
Percentage of bandwidth allocated.
P0- P1- P2- P3- P4- P5P6- P7-
Number of supported priorities configured by using the
priority-flow-control no-drop dot1p dot1p-list command at the local
end.
Number of traffic classes
supported
Capability set supported by PFC (displayed only in Rev 1.01).
Priority
802.1p priority.
Protocol ID
Application protocol number.
CoS map
Application protocol-to-CoS mapping.
CBS
Indicates whether the token bucket mechanism is supported on the port:
False—The token bucket mechanism is not supported.
•
•
True—The token bucket mechanism is supported.
Max TCs
Maximum number of priorities supported.
TSA
Transmission selection algorithm.
Value of MBC
MBC indicates the ability of packets to bypass MACsec. It is 1-bit long.
•
0—Packets can bypass MACsec when MACsec is disabled.
•
1—Packets cannot bypass MACsec when MACsec is disabled.
Link aggregation supported
Indicates whether link aggregation is supported on the port.
Link aggregation enabled
Indicates whether link aggregation is enabled on the port.
Aggregation port ID
Member port ID, which is 0 when link aggregation is disabled.
Auto-negotiation supported
Indicates whether autonegotiation is supported on the port.
Auto-negotiation enabled
Indicates whether autonegotiation is enabled on the port.
OperMau
Speed and duplex state of the port.
Power port class
PoE port class:
•
PSE—Power sourcing equipment.
•
PD—Powered device.
PSE power supported
Indicates whether the device can operate as a PSE.
PSE power enabled
Indicates whether the device is operating as a PSE.
PSE pairs control ability
Indicates whether the PSE-PD pair control is available.
Power pairs
Power supply mode:
•
Signal—Uses data pairs to supply power.
•
Spare—Uses spare pairs to supply power.
288
Field
Description
Port power classification
Port power classification of the PD:
•
Class 0.
•
Class 1.
•
Class 2.
•
Class 3.
•
Class 4.
Media policy type
Media policy type:
•
unknown.
•
voice.
•
voiceSignaling.
•
guestVoice.
•
guestVoiceSignaling.
•
softPhoneVoice.
•
videoconferencing.
•
streamingVideo.
•
videoSignaling.
Unknown policy
Indicates whether the media policy is unknown.
VLAN tagged
Indicates whether packets of the media VLAN are tagged.
Media policy VLAN ID
ID of the media VLAN.
Media policy L2 priority
Layer 2 priority.
Media policy DSCP
DSCP value.
display lldp neighbor-information
Use display lldp neighbor-information to display the LLDP information carried in LLDP TLVs that
the local device receives from the neighboring devices.
Syntax
display lldp neighbor-information [ [ [ interface interface-type interface-number ] [ agent
{ nearest-bridge | nearest-customer | nearest-nontpmr } ] [ verbose ] ] | list [ system-name
system-name ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies a port by its type and number. If this option is
not specified, this command displays the LLDP information that all ports receive from the
neighboring devices.
agent: Specifies an agent by its type and number. If no agent type is specified, the command
displays the LLDP information that all LLDP agents receive from the neighboring devices.
nearest-bridge: Specifies nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
289
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
verbose: Displays the detailed LLDP information that the local device receives from the neighboring
devices. If this keyword is not specified, this command displays the brief LLDP information that the
local device receives from the neighboring devices.
list: Displays the LLDP information that the local device receives from the neighboring devices in the
form of a list.
system-name system-name: Displays the LLDP information that the local device receives from a
neighboring device specified by its system name. The system-name argument is a string of 1 to 255
characters. If this option is not specified, this command displays the LLDP information that the local
device receives from all neighboring devices in a list.
Examples
# Display the detailed LLDP information that the nearest bridge agents on all ports received from the
neighboring devices. (DCBX is IEEE Std 802.1Qaz-2011.)
<Sysname> display lldp neighbor-information agent nearest-bridge verbose
LLDP neighbor-information of port 1[Ten-GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
LLDP Neighbor index : 1
Update time
: 0 days, 0 hours, 1 minutes, 1 seconds
Chassis type
: MAC address
Chassis ID
: 000f-0055-0002
Port ID type
: Interface name
Port ID
: Ten-GigabitEthernet1/0/1
Time to live
: 120
Port description
: Ten-GigabitEthernet1/0/1 Interface
System name
: Sysname
System description
: HPE Comware Platform Software
System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge
System capabilities enabled
: Bridge, Router, Customer Bridge
Management address type
: IPv4
Management address
: 192.168.1.55
Management address interface type : IfIndex
Management address interface ID
: Unknown
Management address OID
: 0
DCBX Control info:
Oper version
: Standard
DCBX ETS configuration info:
CBS
: False
Max TCs
: 8
CoS
Local priority
Percentage
TSA
0
0
15
ETS
1
1
0
SP
2
2
15
ETS
3
3
14
ETS
4
4
14
ETS
5
5
14
ETS
6
6
14
ETS
7
7
14
ETS
DCBX ETS recommendation info:
290
CoS
Local priority
Percentage
TSA
0
0
15
ETS
1
1
0
SP
2
2
15
ETS
3
3
14
ETS
4
4
14
ETS
5
5
14
ETS
6
6
14
ETS
7
7
14
ETS
DCBX PFC info:
P0-0
P1-1
P2-1
P3-1
P4-0
P5-0
P6-0
P7-0
Number of traffic classes supported: 8
Value of MBC: 0
DCBX APP info:
Selected Field
Protocol ID Priority
UDP/DCCP
100
0x3
TCP/SCTP
200
0x3
Ethertype
0x1234
0x3
Ethertype
0x8906
0x3
Port VLAN ID(PVID): 1
Port and protocol VLAN ID(PPVID) : 0
Port and protocol VLAN supported : No
Port and protocol VLAN enabled
: No
VLAN name of VLAN 12: VLAN 0012
Management VLAN ID
: 5
Auto-negotiation supported : Yes
Auto-negotiation enabled
: Yes
OperMau
: Speed(1000)/Duplex(Full)
Power port class
: PD
PSE power supported
: Yes
PSE power enabled
: Yes
PSE pairs control ability
: Yes
Power pairs
: Signal
Port power classification
: Class 0
Link aggregation supported : Yes
Link aggregation enabled
: Yes
Aggregation port ID
: 52
Maximum frame size
: 1500
# Display the detailed LLDP information that all LLDP agents on all ports received from the
neighboring devices. (DCBX is IEEE Std 802.1Qaz-2011.)
<Sysname> display lldp neighbor-information verbose
LLDP neighbor-information of port 1[Ten-GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
LLDP Neighbor index : 1
Update time
: 0 days, 0 hours, 1 minutes, 1 seconds
Chassis type
: MAC address
Chassis ID
: 000f-0055-0002
Port ID type
: Interface name
291
Port ID
: Ten-GigabitEthernet1/0/1
Time to live
: 121
Port description
: Ten-GigabitEthernet1/0/1 Interface
System name
: Sysname
System description
: HPE Comware Platform Software
System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge
System capabilities enabled
: Bridge, Router, Customer Bridge
Management address type
: IPv4
Management address
: 192.168.1.55
Management address interface type : IfIndex
Management address interface ID
: Unknown
Management address OID
: 0
DCBX control info:
Oper version
: Standard
DCBX ETS configuration info:
CBS
: False
Max TCs
: 8
CoS
Local Priority
Percentage
TSA
0
0
15
ETS
1
1
0
SP
2
2
15
ETS
3
3
14
ETS
4
4
14
ETS
5
5
14
ETS
6
6
14
ETS
7
7
14
ETS
DCBX ETS recommendation info:
CoS
Local Priority
Percentage
TSA
0
0
15
ETS
1
1
0
SP
2
2
15
ETS
3
3
14
ETS
4
4
14
ETS
5
5
14
ETS
6
6
14
ETS
7
7
14
ETS
DCBX PFC info:
P0-0
P1-1
P2-1
P3-1
P4-0
Number of traffic classes supported: 8
Value of MBC: 0
DCBX APP info:
Selected Field
Protocol ID
Priority
UDP/DCCP
100
0x3
TCP/SCTP
200
0x3
Ethertype
0x1234
0x3
Ethertype
0x8906
0x3
Port VLAN ID(PVID): 1
Port and protocol VLAN ID(PPVID) : 0
292
P5-0
P6-0
P7-0
Port and protocol VLAN supported : No
Port and protocol VLAN enabled
: No
VLAN name of VLAN 12: VLAN 0012
Management VLAN ID
: 5
Auto-negotiation supported : Yes
Auto-negotiation enabled
: Yes
OperMau
: Speed(1000)/Duplex(Full)
Power port class
: PD
PSE power supported
: Yes
PSE power enabled
: Yes
PSE pairs control ability
: Yes
Power pairs
: Signal
Port power classification
: Class 0
Link aggregation supported : Yes
Link aggregation enabled
: Yes
Aggregation port ID
: 52
Maximum frame size
: 1500
LLDP neighbor-information of port 1[Ten-GigabitEthernet1/0/1]:
LLDP agent nearest-nontpmr:
LLDP Neighbor index : 1
Update time
: 0 days, 0 hours, 1 minutes, 1 seconds
Chassis type
: MAC address
Chassis ID
: 000f-0055-0002
Port ID type
: Interface name
Port ID
: Ten-GigabitEthernet1/0/1
Time to live
: 121
Port description
: Ten-GigabitEthernet1/0/1 Interface
System name
: Sysname
System description
: HPE Comware Platform Software
System capabilities supported : Bridge, Router, Customer Bridge, Service Bridge
System capabilities enabled
: Bridge, Router, Customer Bridge
Management address type
: IPv4
Management address
: 192.168.1.55
Management address interface type : IfIndex
Management address interface ID
: Unknown
Management address OID
: 0
Port VLAN ID(PVID): 1
Port and protocol VLAN ID(PPVID) : 12
Port and protocol VLAN supported : Yes
Port and protocol VLAN enabled
: Yes
VLAN name of VLAN 12: VLAN 0012
Auto-negotiation supported : Yes
Auto-negotiation enabled
: Yes
OperMau
: Speed(1000)/Duplex(Full)
Power port class
: PD
PSE power supported
: Yes
PSE power enabled
: Yes
PSE pairs control ability
: Yes
293
Power pairs
: Signal
Port power classification
: Class 0
Link aggregation supported : Yes
Link aggregation enabled
: Yes
Aggregation port ID
: 52
Maximum frame size
: 1500
# Display the brief LLDP information that all LLDP agents on all ports received from the neighboring
devices.
<Sysname> display lldp neighbor-information
LLDP neighbor-information of port 52[Ten-GigabitEthernet1/0/3]:
LLDP agent nearest-bridge:
LLDP neighbor index : 3
ChassisID/subtype
: 0011-2233-4400/MAC address
PortID/subtype
: 000c-29f5-c71f/MAC address
Capabilities
: Bridge, Router, Customer Bridge
LLDP neighbor index : 6
ChassisID/subtype
: 0011-2233-4400/MAC address
PortID/subtype
: 000c-29f5-c715/MAC address
Capabilities
: None
CDP neighbor-information of port 52[Ten-GigabitEthernet1/0/3]:
LLDP agent nearest-bridge:
CDP neighbor index
: 4
Chassis ID
: SEP00260B5C0548
Port ID
: Port 1
CDP neighbor index
: 5
Chassis ID
: 0011-2233-4400
Port ID
: Ten-GigabitEthernet1/0/4
LLDP neighbor-information of port 52[Ten-GigabitEthernet1/0/3]:
LLDP agent nearest-nontpmr:
LLDP neighbor index : 6
ChassisID/subtype
: 0011-2233-4400/MAC address
PortID/subtype
: 000c-29f5-c715/MAC address
Capabilities
: None
# Display the brief LLDP information that all LLDP agents received from all neighboring devices in a
list.
<Sysname> display lldp neighbor-information list
Chassis ID : * -- --Nearest nontpmr bridge neighbor
# -- --Nearest customer bridge neighbor
Default -- -- Nearest bridge neighbor
System Name
Local Interface
Chassis ID
Port ID
System1
XGE1/0/1
000f-e25d-ee91
Ten-GigabitEthernet1/0/5
System2
XGE1/0/2
000f-e25d-ee92*
Ten-GigabitEthernet1/0/6
System3
XGE1/0/3
000f-e25d-ee93#
Ten-GigabitEthernet1/0/7
294
Table 66 Command output
Field
Description
LLDP neighbor-information of port 1
LLDP information received through port 1.
Update time
Time when LLDP information about a neighboring device was last
updated.
Chassis type
Chassis ID type:
•
Chassis component.
•
Interface alias.
•
Port component.
•
MAC address.
•
Network address (ipv4).
•
Interface name.
•
Locally assigned—Locally-defined chassis type other than
those listed above.
Chassis ID
ID that identifies the LLDP sending device, which can be a MAC
address, a network address, an interface, or some other value,
depending on the chassis type of the neighboring device.
Port ID type
Port ID type:
•
Interface alias.
•
Port component.
•
MAC address.
•
Network address (ipv4).
•
Interface name.
•
Agent circuit ID.
•
Locally assigned—Locally-defined port ID type other than
those listed above.
Port ID
Value of the type of the port ID.
System name
System name of the neighboring device.
System description
System description of the neighboring device.
System capabilities supported
Capabilities supported on the neighboring device:
•
Repeater—Signal repeating is supported.
•
Bridge—Switching is supported.
•
WlanAccessPoint—The neighboring device can serve as a
wireless AP.
•
Router—Routing is supported.
•
Telephone—The neighboring device can serve as a
telephone.
•
DocsisCableDevice—The neighboring device can serve as a
DOCSIS-compliant cable device.
•
StationOnly—The neighboring device can serve as a station
only.
•
Customer Bridge—The customer bridge function is enabled.
•
Service Bridge—The service bridge function is enabled.
•
TPMR—The TPMR function is enabled.
•
Other—Functions other than those listed above are
supported.
System capabilities enabled
Capabilities enabled on the neighboring device:
•
Repeater—Signal repeating is enabled.
•
Bridge—Switching is enabled.
•
WlanAccessPoint—The neighboring device is serving as a
295
Field
Description
•
•
•
•
•
•
•
•
wireless AP.
Router—Routing is enabled.
Telephone—The neighboring device is serving as a
telephone.
DocsisCableDevice—The neighboring device is serving as a
DOCSIS-compliant cable device.
StationOnly—The neighboring device is serving as a station
only.
Customer Bridge—The customer bridge function is enabled.
Service Bridge—The service bridge function is enabled.
TPMR—The TPMR function is enabled.
Other—Functions other than those listed above are
supported.
Management address OID
Management address object ID.
DCBX control info
Displayed as version information in IEEE Std 802.1Qaz-2011.
Oper version
DCBX version number.
Sequence number
Number of DCBX TLV content changes.
Acknowledge number
Times of synchronizing configurations by the peer device.
DCBX ETS info
CoS-to-local priority mapping and bandwidth allocation.
Percentage
Percentage of bandwidth allocated.
P0- P1- P2- P3- P4- P5- P6P7-
Number of supported priorities configured by using the
priority-flow-control no-drop dot1p dot1p-list command on the
neighbor.
Number of traffic classes supported
Capability set supported by PFC (displayed only in Rev 1.01 and
IEEE Std 802.1Qaz-2011).
CoS map
Application protocol-to-CoS mapping.
CBS
Indicates whether the token bucket mechanism is supported on the
port:
•
False—The token bucket mechanism is not supported.
•
True—The token bucket mechanism is supported.
Max TCs
Maximum number of priorities supported.
TSA
Transmission selection algorithm.
Value of MBC
MBC indicates the ability of packets to bypass MACsec. It is 1-bit
long.
•
0—Packets can bypass MACsec when MACsec is disabled.
•
1—Packets cannot bypass MACsec when MACsec is
disabled.
Port and protocol VLAN ID(PPVID)
Port protocol VLAN ID.
Port and protocol VLAN supported
Indicates whether protocol VLAN is supported on the port.
Port and protocol VLAN enabled
Indicates whether protocol VLAN is enabled on the port.
VLAN name of VLAN 12
Name of VLAN 12.
Auto-negotiation supported
Indicates whether autonegotiation is supported on the port.
Auto-negotiation enabled
Indicates whether autonegotiation is enabled on the port.
OperMau
Speed and duplex state on the port.
296
Field
Description
Power port class
PoE port class:
•
PSE—Power sourcing equipment.
•
PD—Powered device.
PSE power supported
Indicates whether the device can operate as a PSE.
PSE power enabled
Indicates whether the device is operating as a PSE.
PSE pairs control ability
Indicates whether the pair selection ability is available.
Power pairs
Power supply mode:
•
Signal—Uses data pairs to supply power.
•
Spare—Uses spare pairs to supply power.
Port power classification
Power class of the PD:
•
Class 0.
•
Class 1.
•
Class 2.
•
Class 3.
•
Class 4.
Link aggregation supported
Indicates whether link aggregation is supported.
Link aggregation enabled
Indicates whether link aggregation is enabled.
TLV type
Unknown basic TLV type.
TLV information
Information contained in the unknown basic TLV type.
Unknown organizationally-defined
TLV
Unknown organizationally specific TLV.
TLV OUI
OUI of the unknown organizationally specific TLV.
TLV subtype
Unknown organizationally specific TLV subtype.
Index
Unknown organization index.
Capabilities
Capabilities enabled on the neighboring device:
•
Repeater—Signal repeating is enabled.
•
Bridge—Switching is enabled.
•
WlanAccessPoint—The neighboring device is serving as a
wireless AP.
•
Router—Routing is enabled.
•
Telephone—The neighboring device is serving as a
telephone.
•
DocsisCableDevice—The neighboring device is serving as a
DOCSIS-compliant cable device.
•
StationOnly—The neighboring device is serving as a station
only.
•
Other—Functions other than those listed above are
supported.
•
None—The neighboring device does not advertise this TLV.
Local Interface
Local port that receives the LLDP information.
Chassis ID : * -- -- Nearest nontpmr
bridge neighbor
#-- -- Nearest customer
bridge neighbor
Chassis ID flag:
•
An asterisk (*) indicates the nearest non-TPMR bridge
neighbor.
•
A pound sign (#) indicates the nearest customer bridge
neighbor.
297
display lldp statistics
Use display lldp statistics to display the global LLDP statistics or the LLDP statistics of a port.
Syntax
display lldp statistics [ global | [ interface interface-type interface-number ] [ agent
{ nearest-bridge | nearest-customer | nearest-nontpmr } ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
global: Displays the global LLDP statistics.
interface interface-type interface-number: Specifies a port by its type and number.
agent: Specifies an LLDP agent type. If no agent type is specified, the command displays the
statistics for all LLDP agents.
nearest-bridge: Specifies nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
Usage guidelines
If no keyword or argument is specified, this command displays the global LLDP statistics and the
LLDP statistics of all ports.
Examples
# Display the global LLDP statistics and the LLDP statistics of all ports.
<Sysname> display lldp statistics
LLDP statistics global information:
LLDP neighbor information last change time:0 days, 0 hours, 4 minutes, 40 seconds
The number of LLDP neighbor information inserted : 1
The number of LLDP neighbor information deleted
: 1
The number of LLDP neighbor information dropped
: 0
The number of LLDP neighbor information aged out : 1
LLDP statistics information of port 1 [Ten-GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
The number of LLDP frames transmitted
: 0
The number of LLDP frames received
: 0
The number of LLDP frames discarded
: 0
The number of LLDP error frames
: 0
The number of LLDP TLVs discarded
: 0
The number of LLDP TLVs unrecognized
: 0
The number of LLDP neighbor information aged out : 0
The number of CDP frames transmitted
: 0
The number of CDP frames received
: 0
The number of CDP frames discarded
: 0
298
The number of CDP error frames
: 0
LLDP agent nearest-nontpmr:
The number of LLDP frames transmitted
: 0
The number of LLDP frames received
: 0
The number of LLDP frames discarded
: 0
The number of LLDP error frames
: 0
The number of LLDP TLVs discarded
: 0
The number of LLDP TLVs unrecognized
: 0
The number of LLDP neighbor information aged out : 0
The number of CDP frames transmitted
: 0
The number of CDP frames received
: 0
The number of CDP frames discarded
: 0
The number of CDP error frames
: 0
LLDP agent nearest-customer:
The number of LLDP frames transmitted
: 0
The number of LLDP frames received
: 0
The number of LLDP frames discarded
: 0
The number of LLDP error frames
: 0
The number of LLDP TLVs discarded
: 0
The number of LLDP TLVs unrecognized
: 0
The number of LLDP neighbor information aged out : 0
The number of CDP frames transmitted
: 0
The number of CDP frames received
: 0
The number of CDP frames discarded
: 0
The number of CDP error frames
: 0
# Display the LLDP statistics for the nearest customer bridge agents on Ten-GigabitEthernet 1/0/1.
<Sysname> display lldp statistics interface Ten-GigabitEthernet1/0/1 agent
nearest-customer
LLDP statistics information of port 1 [Ten-GigabitEthernet1/0/1]:
LLDP agent nearest-customer:
The number of LLDP frames transmitted
: 0
The number of LLDP frames received
: 0
The number of LLDP frames discarded
: 0
The number of LLDP error frames
: 0
The number of LLDP TLVs discarded
: 0
The number of LLDP TLVs unrecognized
: 0
The number of LLDP neighbor information aged out : 0
The number of CDP frames transmitted
: 0
The number of CDP frames received
: 0
The number of CDP frames discarded
: 0
The number of CDP error frames
: 0
Table 67 Command output
Field
Description
LLDP statistics global information
Global LLDP statistics.
LLDP neighbor information last change time
Time when the neighbor information was last
299
Field
Description
updated.
The number of LLDP neighbor information inserted
Number of times neighbor information was added.
The number of LLDP neighbor information deleted
Number of times neighbor information was removed.
The number of LLDP neighbor information dropped
Number of times neighbor information was dropped
due to lack of available memory space.
display lldp status
Use display lldp status to display LLDP status.
Syntax
display lldp status [ interface interface-type interface-number ] [ agent { nearest-bridge |
nearest-customer | nearest-nontpmr } ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies a port by its type and number.
agent: Specifies an LLDP agent type. If no agent type is specified, the command displays the status
information for all LLDP agents.
nearest-bridge: Specifies nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
Usage guidelines
If no port is specified, this command displays the global LLDP status and the LLDP status of each
port.
Examples
# Display the global LLDP status and the LLDP status of each port.
<Sysname> display lldp status
Global status of LLDP: Enable
Bridge mode of LLDP: customer-bridge
The current number of LLDP neighbors: 0
The current number of CDP neighbors: 0
LLDP neighbor information last changed time: 0 days, 0 hours, 4 minutes, 40 seconds
Transmit interval
: 30s
Fast transmit interval
: 1s
Transmit max credit
: 5
Hold multiplier
: 4
Reinit delay
: 2s
Trap interval
: 5s
Fast start times
: 3
300
LLDP status information of port 1 [Ten-GigabitEthernet1/0/1]:
LLDP agent
nearest-bridge:
Port status of LLDP
: Enable
Admin status
: Tx_Rx
Trap flag
: No
MED trap flag
: No
Polling interval
: 0s
Number of LLDP neighbors
: 5
Number of MED neighbors
: 2
Number of CDP neighbors
: 0
Number of sent optional TLV
: 12
Number of received unknown TLV : 5
LLDP agent nearest-nontpmr:
Port status of LLDP
: Enable
Admin status
: Tx_Rx
Trap flag
: No
Polling interval
: 0s
Number of LLDP neighbors
: 5
Number of MED neighbors
: 2
Number of CDP neighbors
: 0
Number of sent optional TLV
: 12
Number of received unknown TLV : 5
LLDP agent nearest-customer:
Port status of LLDP
: Enable
Admin status
: Tx_Rx
Trap flag
: No
Polling interval
: 0s
Number of LLDP neighbors
: 5
Number of MED neighbors
: 2
Number of CDP neighbors
: 0
Number of sent optional TLV
: 12
Number of received unknown TLV : 5
Table 68 Command output
Field
Description
Bridge mode of LLDP
LLDP bridge mode: service-bridge or customer-bridge.
Global status of LLDP
Indicates whether LLDP is globally enabled.
LLDP neighbor information last
changed time
Time when the neighbor information was last updated.
Transmit interval
LLDP frame transmission interval.
Hold multiplier
TTL multiplier.
Reinit delay
LLDP reinitialization delay.
Transmit max credit
Token bucket size for sending LLDP frames.
Trap interval
Trap transmission interval.
301
Field
Description
Fast start times
Number of LLDP frames sent each time fast LLDP frame transmission
is triggered.
Port 1
LLDP status of port 1.
Port status of LLDP
Indicates whether LLDP is enabled on the port.
Admin status
LLDP operating mode of the port:
•
Tx_Rx—The port can send and receive LLDP frames.
•
Rx_Only—The port can only receive LLDP frames.
•
Tx_Only—The port can only send LLDP frames.
•
Disable—The port cannot send or receive LLDP frames.
Trap Flag
Indicates whether trapping is enabled.
Polling interval
LLDP polling interval, which is 0 when LLDP polling is disabled.
Number of neighbors
Number of LLDP neighbors connecting to the port.
Number of MED neighbors
Number of MED neighbors connecting to the port.
Number of CDP neighbors
Number of CDP neighbors connecting to the port.
Number of sent optional TLV
Number of optional TLVs contained in an LLDP frame sent through the
port.
Number of received unknown TLV
Number of unknown TLVs contained in a received LLDP frame.
display lldp tlv-config
Use display lldp tlv-config to display the types of advertisable optional LLDP TLVs of a port.
Syntax
display lldp tlv-config [ interface interface-type interface-number ] [ agent { nearest-bridge |
nearest-customer | nearest-nontpmr } ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies a port by its type and number.
agent: Specifies an LLDP agent type. If no agent type is specified, the command displays the types
of advertisable optional LLDP TLVs for all LLDP agents.
nearest-bridge: Specifies nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
Usage guidelines
If no port is specified, this command displays the types of advertisable optional TLVs of all ports.
Examples
# Display the types of advertisable optional LLDP TLVs of interface Ten-GigabitEthernet 1/0/1.
302
<Sysname> display lldp tlv-config interface ten-gigabitethernet 1/0/1
LLDP tlv-config of port 1[Ten-GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
NAME
STATUS
DEFAULT
Port Description TLV
YES
YES
System Name TLV
YES
YES
System Description TLV
YES
YES
System Capabilities TLV
YES
YES
Management Address TLV
YES
YES
Port VLAN ID TLV
YES
YES
Port And Protocol VLAN ID TLV
YES
YES
VLAN Name TLV
YES
YES
DCBX TLV
NO
NO
EVB TLV
NO
NO
Link Aggregation TLV
YES
YES
Management VID TLV
YES
YES
Congestion notification TLV
NO
NO
MAC-Physic TLV
YES
YES
Power via MDI TLV
YES
YES
Maximum Frame Size TLV
YES
YES
Basic optional TLV:
IEEE 802.1 extend TLV:
IEEE 802.3 extend TLV:
LLDP-MED extend TLV:
Capabilities TLV
YES
YES
Network Policy TLV
YES
YES
Location Identification TLV
NO
NO
Extended Power via MDI TLV
YES
YES
Inventory TLV
YES
YES
LLDP agent nearest-nontpmr:
NAME
STATUS
DEFAULT
Port Description TLV
YES
NO
System Name TLV
YES
NO
System Description TLV
YES
NO
System Capabilities TLV
YES
NO
Management Address TLV
YES
NO
Port VLAN ID TLV
YES
NO
Port And Protocol VLAN ID TLV
YES
NO
VLAN Name TLV
YES
NO
DCBX TLV
NO
NO
EVB TLV
YES
YES
Link Aggregation TLV
YES
NO
Management VID TLV
NO
NO
Congestion notification TLV
NO
NO
YES
NO
Basic optional TLV:
IEEE 802.1 extend TLV:
IEEE 802.3 extend TLV:
MAC-Physic TLV
303
Power via MDI TLV
YES
NO
Maximum Frame Size TLV
YES
NO
LLDP-MED extend TLV:
Capabilities TLV
YES
NO
Network Policy TLV
YES
NO
Location Identification TLV
NO
NO
Extended Power via MDI TLV
YES
NO
Inventory TLV
YES
NO
LLDP agent nearest-customer:
NAME
STATUS
DEFAULT
Port Description TLV
YES
YES
System Name TLV
YES
YES
System Description TLV
YES
YES
System Capabilities TLV
YES
YES
Management Address TLV
YES
YES
Port VLAN ID TLV
YES
YES
Port And Protocol VLAN ID TLV
YES
YES
VLAN Name TLV
YES
YES
DCBX TLV
NO
NO
EVB TLV
NO
NO
Link Aggregation TLV
YES
NO
Management VID TLV
YES
YES
Congestion notification TLV
NO
NO
MAC-Physic TLV
YES
NO
Power via MDI TLV
YES
NO
Maximum Frame Size TLV
YES
NO
Basic optional TLV:
IEEE 802.1 extend TLV:
IEEE 802.3 extend TLV:
LLDP-MED extend TLV:
Capabilities TLV
YES
YES
Network Policy TLV
YES
YES
Location Identification TLV
NO
NO
Extended Power via MDI TLV
YES
NO
Inventory TLV
YES
YES
Table 69 Command output
Field
Description
LLDP tlv-config of port 1
Advertisable optional TLVs of port 1.
NAME
TLV type.
STATUS
Indicates whether the type of TLV is sent through a port.
DEFAULT
Indicates whether the type of TLV is sent through a port by default.
Basic optional TLV
Basic optional TLVs:
•
Port description TLV.
•
System name TLV.
•
System description TLV.
304
Field
Description
•
•
System capabilities TLV.
Management address TLV.
IEEE 802.1 extended TLV
IEEE 802.1 organizationally specific TLVs:
•
Port VLAN ID TLV.
•
Port and protocol VLAN ID TLV.
•
VLAN name TLV.
•
DCBX TLV..
•
EVB TLV.
•
Management VID TLV.
•
Congestion notification TLV.
IEEE 802.3 extended TLV
IEEE 802.3 organizationally specific TLVs:
•
MAC-Physic TLV.
•
Power via MDI TLV.
•
Link aggregation TLV.
•
Maximum frame size TLV.
LLDP-MED extend TLV
LLDP-MED TLVs:
•
Capabilities TLV.
•
Network Policy TLV.
•
Extended Power-via-MDI TLV.
•
Location Identification TLV.
•
Inventory TLV.
Inventory TLV
Inventory TLVs:
•
Hardware Revision TLV.
•
Firmware Revision TLV.
•
Software Revision TLV.
•
Serial Number TLV.
•
Manufacturer Name TLV.
•
Model name TLV.
•
Asset ID TLV.
lldp admin-status
Use lldp admin-status to specify the LLDP operating mode.
Use undo lldp admin-status to restore the default.
Syntax
In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view:
lldp [ agent { nearest-customer | nearest-nontpmr } ] admin-status { disable | rx | tx | txrx }
undo lldp [ agent { nearest-customer | nearest-nontpmr } ] admin-status
In Layer 2/Layer 3 aggregate interface view:
lldp agent { nearest-customer | nearest-nontpmr } admin-status { disable | rx | tx | txrx }
undo lldp agent { nearest-customer | nearest-nontpmr } admin-status
In IRF physical interface view:
lldp admin-status { disable | rx | tx | txrx }
undo lldp admin-status
305
Default
The nearest bridge agent operates in txrx mode, and the nearest customer bridge agent and nearest
non-TPMR bridge agent operate in disable mode.
Views
Layer 2/Layer 3 aggregate interface view
Layer 2/Layer 3 Ethernet interface view
Management Ethernet interface view
IRF physical interface view
Predefined user roles
network-admin
Parameters
agent: Specifies an LLDP agent type. If no agent type is specified in Ethernet interface view, the
command configures the operating mode for nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
disable: Specifies the Disable mode. A port in this mode cannot send or receive LLDP frames.
rx: Specifies the Rx mode. A port in this mode can only receive LLDP frames.
tx: Specifies the Tx mode. A port in this mode can only send LLDP frames.
txrx: Specifies the TxRx mode. A port in this mode can send and receive LLDP frames.
Examples
# Configure the LLDP operating mode as Rx for the nearest customer bridge agents on
Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lldp agent nearest-customer admin-status rx
lldp check-change-interval
Use lldp check-change-interval to enable LLDP polling and set the polling interval.
Use undo lldp check-change-interval to restore the default.
Syntax
In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view:
lldp [ agent { nearest-customer | nearest-nontpmr } ] check-change-interval interval
undo lldp [ agent { nearest-customer | nearest-nontpmr } ] check-change-interval
In Layer 2/Layer 3 aggregate interface view:
lldp agent { nearest-customer | nearest-nontpmr } check-change-interval interval
undo lldp agent { nearest-customer | nearest-nontpmr } check-change-interval
In IRF physical interface view:
lldp check-change-interval interval
undo lldp check-change-interval
306
Default
LLDP polling is disabled.
Views
Layer 2/Layer 3 aggregate interface view
Layer 2/Layer 3 Ethernet interface view
Management Ethernet interface view
IRF physical interface view
Predefined user roles
network-admin
Parameters
agent: Specifies an LLDP agent type. If no agent type is specified in Ethernet interface view, the
command enables LLDP polling and sets the polling interval for nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
interval: Sets the LLDP polling interval in the range of 1 to 30 seconds.
Examples
# Enable LLDP polling and set the polling interval to 30 seconds for the nearest customer bridge
agents on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lldp agent nearest-customer check-change-interval 30
lldp compliance admin-status cdp
Use lldp compliance admin-status cdp to configure the operating mode of CDP-compatible LLDP.
Use undo lldp compliance admin-status cdp to restore the default.
Syntax
lldp compliance admin-status cdp { disable | txrx }
undo lldp compliance admin-status cdp
Default
CDP-compatible LLDP operates in disable mode.
Views
Layer 2 Ethernet interface view
Layer 3 Ethernet interface view
Management Ethernet interface view
Predefined user roles
network-admin
Parameters
disable: Specifies the disable mode. CDP-compatible LLDP in this mode cannot receive or transmit
CDP packets.
307
txrx: Specifies the TxRx mode. CDP-compatible LLDP in this mode can send and receive CDP
packets.
Usage guidelines
For your device to work with Cisco IP phones, you must perform the following tasks:
•
Enable CDP-compatible LLDP globally.
•
Configure CDP-compatible LLDP to operate in TxRx mode on the specified ports.
Examples
# Enable CDP-compatible LLDP globally and configure CDP-compatible LLDP to operate in TxRx
mode on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] lldp compliance cdp
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lldp compliance admin-status cdp txrx
Related commands
lldp compliance cdp
lldp compliance cdp
Use lldp compliance cdp to enable CDP compatibility globally.
Use undo lldp compliance cdp to restore the default.
Syntax
lldp compliance cdp
undo lldp compliance cdp
Default
CDP compatibility is globally disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The maximum TTL that CDP allows is 255 seconds. To make CDP-compatible LLDP work correctly
with Cisco IP phones, configure the LLDP frame transmission interval to be no more than 1/3 of the
TTL value.
Examples
# Enable CDP compatibility globally.
<Sysname> system-view
[Sysname] lldp compliance cdp
Related commands
lldp hold-multiplier
lldp timer tx-interval
308
lldp enable
Use lldp enable to enable LLDP on a port.
Use undo lldp enable to disable LLDP on a port.
Syntax
lldp enable
undo lldp enable
Default
LLDP is enabled on a port.
Views
Layer 2/Layer 3 aggregate interface view
Layer 2/Layer 3 Ethernet interface view
Management Ethernet interface view
IRF physical interface view
Predefined user roles
network-admin
Usage guidelines
LLDP takes effect on a port only when LLDP is enabled both globally and on the port.
Examples
# Disable LLDP on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] undo lldp enable
Related commands
lldp global enable
lldp encapsulation snap
Use lldp encapsulation snap to configure the encapsulation format for LLDP frames as SNAP.
Use undo lldp encapsulation to restore the default.
Syntax
In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view:
lldp [ agent { nearest-customer | nearest-nontpmr } ] encapsulation snap
undo lldp [ agent { nearest-customer | nearest-nontpmr } ] encapsulation
In Layer 2/Layer 3 aggregate interface view:
lldp agent { nearest-customer | nearest-nontpmr } encapsulation snap
undo lldp agent { nearest-customer | nearest-nontpmr } encapsulation
In IRF physical interface view:
lldp encapsulation snap
undo lldp encapsulation
309
Default
The encapsulation format for LLDP frames is Ethernet II.
Views
Layer 2/Layer 3 aggregate interface view
Layer 2/Layer 3 Ethernet interface view
Management Ethernet interface view
IRF physical interface view
Predefined user roles
network-admin
Parameters
agent: Specifies an LLDP agent type. If no agent type is specified in Ethernet interface view, the
command configures the LLDP frame encapsulation format for nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
Usage guidelines
LLDP-CDP packets use only SNAP encapsulation.
LLDP frames carrying the EVB module TLVs cannot be encapsulated in SNAP format.
Examples
# Configure the encapsulation format for LLDP frames as SNAP on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lldp encapsulation snap
lldp fast-count
Use lldp fast-count to set the number of LLDP frames sent each time fast LLDP frame transmission
is triggered.
Use undo lldp fast-count to restore the default.
Syntax
lldp fast-count count
undo lldp fast-count
Default
The number is 4.
Views
System view
Predefined user roles
network-admin
Parameters
count: Sets the number of LLDP frames sent each time fast LLDP frame transmission is triggered.
The value range is 1 to 8.
310
Examples
# Configure the device to send five LLDP frames each time fast LLDP frame transmission is
triggered.
<Sysname> system-view
[Sysname] lldp fast-count 5
lldp global enable
Use lldp global enable to enable LLDP globally.
Use undo lldp global enable to disable LLDP globally.
Syntax
lldp global enable
undo lldp global enable
Default
If the switch starts up with empty configuration, LLDP is disabled globally (initial setting).
If the switch starts up with the default configuration file, LLDP is enabled globally (factory default).
For more information about empty configuration and the default configuration file, see Fundamentals
Configuration Guide.
Views
System view
Predefined user roles
network-admin
Usage guidelines
LLDP takes effect on a port only when LLDP is enabled both globally and on the port.
Examples
# Disable LLDP globally.
<Sysname> system-view
[Sysname] undo lldp global enable
Related commands
lldp enable
lldp hold-multiplier
Use lldp hold-multiplier to set the TTL multiplier.
Use undo lldp hold-multiplier to restore the default.
Syntax
lldp hold-multiplier value
undo lldp hold-multiplier
Default
The TTL multiplier is 4.
Views
System view
311
Predefined user roles
network-admin
Parameters
value: Sets the TTL multiplier in the range of 2 to 10.
Usage guidelines
The TTL TLV carried in an LLDPDU determines how long the device information carried in the
LLDPDU can be saved on a recipient device.
By setting the TTL multiplier, you can configure the TTL of locally sent LLDPDUs, which determines
how long information about the local device can be saved on a neighboring device. The TTL is
expressed by using the following formula:
TTL = Min (65535, (TTL multiplier × LLDP frame transmission interval + 1))
As the expression shows, the TTL can be up to 65535 seconds.
Examples
# Set the TTL multiplier to 6.
<Sysname> system-view
[Sysname] lldp hold-multiplier 6
Related commands
lldp timer tx-interval
lldp ignore-pvid-inconsistency
Use lldp ignore-pvid-inconsistency to disable LLDP PVID inconsistency check.
Use undo lldp ignore-pvid-inconsistency to enable LLDP PVID inconsistency check.
Syntax
lldp ignore-pvid-inconsistency
undo lldp ignore-pvid-inconsistency
Default
LLDP PVID inconsistency check is enabled.
Views
System view
Default command level
network-admin
Usage guidelines
By default, when the system receives an LLDP packet, it compares the PVID value contained in the
packet with the PVID configured on the receiving interface. If the two PVIDs do not match, a log
message will be printed to notify the user.
You can disable PVID inconsistency check if different PVIDs are required on a link.
Examples
# Disable LLDP PVID inconsistency check.
<Sysname> system-view
[Sysname] lldp ignore-pvid-inconsistency
312
lldp management-address-format string
Use lldp management-address-format string to configure the encoding format of the
management address as string.
Use undo lldp management-address-format to restore the default.
Syntax
In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view:
lldp [ agent { nearest-customer | nearest-nontpmr } ] management-address-format string
undo lldp [ agent { nearest-customer | nearest-nontpmr } ] management-address-format
In Layer 2/Layer 3 aggregate interface view:
lldp agent { nearest-customer | nearest-nontpmr } management-address-format string
undo lldp agent { nearest-customer | nearest-nontpmr } management-address-format
Default
The encoding format of the management address is numeric.
Views
Layer 2/Layer 3 aggregate interface view
Layer 2/Layer 3 Ethernet interface view
Management Ethernet interface view
Predefined user roles
network-admin
Parameters
agent: Specifies an LLDP agent type. If no agent type is specified in Ethernet interface view, the
command configures the encoding format of the management address for nearest bridge agents.
nearest-bridge: Specifies nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
Usage guidelines
LLDP neighbors must use the same encoding format for the management address.
Examples
# Configure the encoding format of the management address as string for the nearest customer
bridge agents on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lldp agent nearest-customer
management-address-format string
lldp max-credit
Use lldp max-credit to set the token bucket size for sending LLDP frames.
Use undo lldp max-credit to restore the default.
Syntax
lldp max-credit credit-value
313
undo lldp max-credit
Default
The token bucket size for sending LLDP frames is 5.
Views
System view
Predefined user roles
network-admin
Parameters
credit-value: Specifies the token bucket size for sending LLDP frames, in the range of 1 to 100.
Examples
# Set the token bucket size for sending LLDP frames to 10.
<Sysname> system-view
[Sysname] lldp max-credit 10
lldp mode
Use lldp mode to configure LLDP to operate in service bridge mode.
Use undo lldp mode to restore the default.
Syntax
lldp mode service-bridge
undo lldp mode
Default
LLDP operates in customer bridge mode.
Views
System view
Predefined user roles
network-admin
Parameters
service-bridge: Specifies the service bridge mode.
Usage guidelines
The LLDP agent types supported by LLDP depend on the LLDP bridge mode:
•
Service bridge mode—LLDP supports nearest bridge agents and nearest non-TPMR bridge
agents. LLDP processes the LLDP frames with destination MAC addresses for these agents
and transparently transmits the LLDP frames with other destination MAC addresses in the
VLAN.
•
Customer bridge mode—LLDP supports nearest bridge agents, nearest non-TPMR bridge
agents, and nearest customer bridge agents. LLDP processes the LLDP frames with
destination MAC addresses for these agents and transparently transmits the LLDP frames with
other destination MAC addresses in the VLAN.
The bridge mode configuration takes effect only when LLDP is enabled globally. If LLDP is disabled
globally, LLDP can only operate in customer bridge mode.
314
Examples
# Configure LLDP to operate in service bridge mode.
<Sysname> system-view
[Sysname] lldp mode service-bridge
Related commands
lldp global enable
lldp notification med-topology-change enable
Use lldp notification med-topology-change enable to enable LLDP-MED trapping.
Use undo lldp notification med-topology-change enable to disable LLDP-MED trapping.
Syntax
lldp notification med-topology-change enable
undo lldp notification med-topology-change enable
Default
LLDP-MED trapping is disabled on ports.
Views
Layer 2 Ethernet interface view
Layer 3 Ethernet interface view
Management Ethernet interface view
Predefined user roles
network-admin
Examples
# Enable LLDP-MED trapping for Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lldp notification med-topology-change enable
lldp notification remote-change enable
Use lldp notification remote-change enable to enable LLDP trapping.
Use undo lldp notification remote-change enable to disable LLDP trapping.
Syntax
In Layer 2/Layer 3 Ethernet interface view or management Ethernet interface view:
lldp [ agent { nearest-customer | nearest-nontpmr } ] notification remote-change enable
undo lldp [ agent { nearest-customer | nearest-nontpmr } ] notification remote-change enable
In Layer 2/Layer 3 aggregate interface view:
lldp agent { nearest-customer | nearest-nontpmr } notification remote-change enable
undo lldp agent { nearest-customer | nearest-nontpmr } notification remote-change enable
In IRF physical interface view:
lldp notification remote-change enable
315
undo lldp notification remote-change enable
Default
LLDP trapping is disabled on ports.
Views
Layer 2/Layer 3 aggregate interface view
Layer 2/Layer 3 Ethernet interface view
Management Ethernet interface view
IRF physical interface view
Predefined user roles
network-admin
Parameters
agent: Specifies an LLDP agent type. If no agent type is specified in Ethernet interface view, the
command enables LLDP trapping for nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
Examples
# Enable LLDP trapping for the nearest customer bridge agents on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] lldp agent nearest-customer notification
remote-change enable
lldp timer fast-interval
Use lldp timer fast-interval to set the interval for fast LLDP frame transmission.
Use undo lldp timer fast-interval to restore the default.
Syntax
lldp timer fast-interval interval
undo lldp timer fast-interval
Default
The interval for fast LLDP frame transmission is 1 second.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Sets an interval for fast LLDP frame transmission, in the range of 1 to 3600 seconds.
Examples
# Set the interval for fast LLDP frame transmission to 2 seconds.
<Sysname> system-view
[Sysname] lldp timer fast-interval 2
316
lldp timer notification-interval
Use lldp timer notification-interval to set the LLDP trap and LLDP-MED trap transmission interval.
Use undo lldp timer notification-interval to restore the default.
Syntax
lldp timer notification-interval interval
undo lldp timer notification-interval
Default
The LLDP trap and LLDP-MED trap transmission interval is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Sets the LLDP trap and LLDP-MED trap transmission interval in the range of 5 to 3600
seconds.
Examples
# Set both the LLDP trap and LLDP-MED trap transmission interval to 8 seconds.
<Sysname> system-view
[Sysname] lldp timer notification-interval 8
lldp timer reinit-delay
Use lldp timer reinit-delay to set the LLDP reinitialization delay.
Use undo lldp timer reinit-delay to restore the default.
Syntax
lldp timer reinit-delay delay
undo lldp timer reinit-delay
Default
The LLDP reinitialization delay is 2 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
delay: Sets the LLDP reinitialization delay in the range of 1 to 10 seconds.
Examples
# Set the LLDP reinitialization delay to 4 seconds.
<Sysname> system-view
[Sysname] lldp timer reinit-delay 4
317
lldp timer tx-interval
Use lldp timer tx-interval to set the LLDP frame transmission interval.
Use undo lldp timer tx-interval to restore the default.
Syntax
lldp timer tx-interval interval
undo lldp timer tx-interval
Default
The LLDP frame transmission interval is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Sets the LLDP frame transmission interval in the range of 5 to 32768 seconds.
Examples
# Set the LLDP frame transmission interval to 20 seconds.
<Sysname> system-view
[Sysname] lldp timer tx-interval 20
lldp tlv-enable
Use lldp tlv-enable to configure the types of advertisable TLVs.
Use undo lldp tlv-enable to disable the advertising of the specified types of TLVs.
Syntax
In Layer 2 Ethernet interface view:
•
For nearest bridge agents:
lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description |
system-name | management-address-tlv [ ip-address ] } | dot1-tlv { all |
congestion-notification | port-vlan-id | link-aggregation | dcbx | protocol-vlan-id [ vlan-id ]
| vlan-name [ vlan-id ] | management-vid [ mvlan-id ] } | dot3-tlv { all | mac-physic |
max-frame-size | power } | med-tlv { all | capability | inventory | network-policy [ vlan-id ] |
power-over-ethernet | location-id { civic-address device-type country-code { ca-type
ca-value }&<1-10> | elin-address tel-number } } }
undo lldp tlv-enable { basic-tlv { all | port-description | system-capability |
system-description | system-name | management-address-tlv [ ip-address ] } | dot1-tlv { all
| congestion-notification | port-vlan-id | link-aggregation | dcbx | protocol-vlan-id |
vlan-name | management-vid } | dot3-tlv { all | mac-physic | max-frame-size | power } |
med-tlv { all | capability | inventory | network-policy | power-over-ethernet | location-id } }
•
For nearest non-TPMR bridge agents:
lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | port-description |
system-capability | system-description | system-name | management-address-tlv
[ ip-address ] } | dot1-tlv { all | congestion-notification | evb | port-vlan-id |
link-aggregation } }
318
undo lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | port-description |
system-capability | system-description | system-name | management-address-tlv
[ ip-address ] } | dot1-tlv { all | congestion-notification | evb | port-vlan-id |
link-aggregation } }
•
For nearest customer bridge agents:
lldp agent nearest-customer tlv-enable { basic-tlv { all | port-description |
system-capability | system-description | system-name | management-address-tlv
[ ip-address ] } | dot1-tlv { all | congestion-notification | port-vlan-id | link-aggregation } }
undo lldp agent nearest-customer tlv-enable { basic-tlv { all | port-description |
system-capability | system-description | system-name | management-address-tlv
[ ip-address ] } | dot1-tlv { all | congestion-notification | port-vlan-id | link-aggregation } }
In Layer 3 Ethernet interface view or management Ethernet interface view:
•
lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description |
system-name | management-address-tlv [ ip-address ] } | dot1-tlv { all | link-aggregation } |
dot3-tlv { all | mac-physic | max-frame-size | power } | med-tlv { all | capability | inventory |
power-over-ethernet | location-id { civic-address device-type country-code { ca-type
ca-value }&<1-10> | elin-address tel-number } } }
•
lldp agent { nearest-nontpmr | nearest-customer } tlv-enable { basic-tlv { all |
port-description | system-capability | system-description | system-name |
management-address-tlv [ ip-address ] } | dot1-tlv { all | link-aggregation } }
•
undo lldp tlv-enable { basic-tlv { all | port-description | system-capability |
system-description | system-name | management-address-tlv [ ip-address ] } | dot1-tlv { all
| link-aggregation } | dot3-tlv { all | mac-physic | max-frame-size | power } | med-tlv { all |
capability | inventory | power-over-ethernet | location-id } }
•
undo lldp agent { nearest-nontpmr | nearest-customer } tlv-enable { basic-tlv { all |
port-description | system-capability | system-description | system-name |
management-address-tlv [ ip-address ] } | dot1-tlv { all | link-aggregation } }
In Layer 2 aggregate interface view:
•
lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | management-address-tlv
[ ip-address ] | port-description | system-capability | system-description | system-name } |
dot1-tlv { all | evb | port-vlan-id } }
•
lldp agent nearest-customer tlv-enable { basic-tlv { all | management-address-tlv
[ ip-address ] | port-description | system-capability | system-description | system-name } |
dot1-tlv { all | port-vlan-id } }
•
lldp tlv-enable dot1-tlv { protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] | management-vid
[ mvlan-id ] }
•
undo lldp agent nearest-nontpmr tlv-enable { basic-tlv { all | management-address-tlv
[ ip-address ] | port-description | system-capability | system-description | system-name } |
dot1-tlv { all | evb | port-vlan-id } }
•
undo lldp agent nearest-customer tlv-enable { basic-tlv { all | management-address-tlv
[ ip-address ] | port-description | system-capability | system-description | system-name } |
dot1-tlv { all | port-vlan-id } }
•
undo lldp tlv-enable dot1-tlv { protocol-vlan-id | vlan-name | management-vid }
In Layer 3 aggregate interface view:
•
lldp agent { nearest-nontpmr | nearest-customer } tlv-enable basic-tlv { all |
management-address-tlv [ ip-address ] | port-description | system-capability |
system-description | system-name }
•
undo lldp agent { nearest-nontpmr | nearest-customer } tlv-enable basic-tlv { all |
management-address-tlv [ ip-address ] | port-description | system-capability |
system-description | system-name }
In IRF physical interface view:
319
•
lldp tlv-enable basic-tlv { port-description | system-capability | system-description |
system-name }
•
undo lldp tlv-enable basic-tlv { port-description | system-capability | system-description |
system-name }
Default
On Layer 2 Ethernet interfaces:
•
Nearest bridge agents can advertise all types of LLDP TLVs except the following types:
{
DCBX TLVs.
{
Location identification TLVs.
{
Port and protocol VLAN ID TLVs.
{
VLAN name TLVs.
{
Management VLAN ID TLVs.
•
Nearest non-TPMR bridge agents can advertise only EVB TLVs.
•
Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally
specific TLVs.
On Layer 3 Ethernet interfaces or the management Ethernet interface:
•
Nearest bridge agents can advertise all types of LLDP TLVs (only link aggregation TLV in 802.1
organizationally specific TLVs) except network policy TLVs.
•
Nearest non-TPMR bridge agents advertise no TLVs.
•
Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally
specific TLVs (only link aggregation TLV).
On Layer 2 aggregate interfaces:
•
Nearest non-TPMR bridge agents can advertise only EVB TLVs.
•
Nearest customer bridge agents can advertise basic TLVs and IEEE 802.1 organizationally
specific TLVs (only port and protocol VLAN ID TLV, VLAN name TLV, and management VLAN
ID TLV).
On Layer 3 aggregate interfaces:
•
Nearest non-TPMR bridge agents advertise no TLVs.
•
Nearest customer bridge agents can advertise only basic TLVs.
IRF physical interfaces advertise all supported types of TLVs.
Views
Layer 2/Layer 3 aggregate interface view
Layer 2/Layer 3 Ethernet interface view
Management Ethernet interface view
IRF physical interface view
Predefined user roles
network-admin
Parameters
agent: Specifies an LLDP agent type. If no agent type is specified in Ethernet interface view, the
command configures the types of advertisable TLVs for nearest bridge agents.
nearest-customer: Specifies nearest customer bridge agents.
nearest-nontpmr: Specifies nearest non-TPMR bridge agents.
all: Advertises all TLVs of the specified type.
320
•
•
Enables the interface to advertise the following TLVs:
{
All basic LLDP TLVs if the all keyword is specified for basic-tlv.
{
All IEEE 802.1 organizationally specific LLDP TLVs if the all keyword is specified for
dot1-tlv.
{
All IEEE 802.3 organizationally specific LLDP TLVs if the all keyword is specified for
dot3-tlv.
Enables the interface to advertise all LLDP-MED TLVs except location identification TLVs if the
all keyword is specified for med-tlv.
basic-tlv: Advertises basic LLDP TLVs.
management-address-tlv [ ip-address ]: Advertises management address TLVs. ip-address
specifies the management address to be advertised. By default:
•
For a Layer 2 Ethernet or aggregate interface, the management address is the primary IP
address of the VLAN interface meeting the following requirements:
{
In up state.
{
The corresponding VLAN ID is the lowest among the VLANs permitted on the port.
If none of the VLAN interfaces of the permitted VLANs is assigned an IP address or all VLAN
interfaces are down, the MAC address of the port will be advertised.
•
For a Layer 3 Ethernet interface, management Ethernet interface, or Layer 3 aggregate
interface, the management address is its own IP address. If no IP address is configured for the
Layer 3 Ethernet interface, management Ethernet interface, or Layer 3 aggregate interface, the
MAC address of the port will be advertised.
When you execute the undo command:
•
If you specify the ip-address argument, the command disable the advertisement of the specified
IP addresses.
•
If you do not specify the ip-address argument, the command disable the advertisement of
management address TLVs.
port-description: Advertises port description TLVs.
system-capability: Advertises system capabilities TLVs.
system-description: Advertises system description TLVs.
system-name: Advertises system name TLVs.
dot1-tlv: Advertises IEEE 802.1 organizationally specific LLDP TLVs.
congestion-notification: Advertises the QCN module TLV. The QCN module supports only the
nearest bridge agent.
dcbx: Advertises the DCBX TLV.
evb: Advertises the EVB module TLVs.
port-vlan-id: Advertises port VLAN ID TLVs.
protocol-vlan-id [ vlan-id ]: Advertises port and protocol VLAN ID TLVs. The vlan-id argument
specifies a VLAN ID in the TLVs to be advertised. The VLAN ID is in the range of 1 to 4094, and the
default is the lowest VLAN ID on the port.
vlan-name [ vlan-id ]: Advertises VLAN name TLVs. The vlan-id argument specifies a VLAN ID in the
TLVs to be advertised. The VLAN ID is in the range of 1 to 4094, and the default is the lowest VLAN
ID on the port.
management-vid [ mvlan-id ]: Advertises the management VLAN ID TLV. The mvlan-id argument
specifies a management VLAN ID in the TLVs to be advertised. The management VLAN ID is in the
range of 1 to 4094. If no management VLAN ID is specified, the value 0 is advertised, which means
that the LLDP agent is not configured with a management VLAN ID.
321
dot3-tlv: Advertises IEEE 802.3 organizationally specific LLDP TLVs.
link-aggregation: Advertises link aggregation TLVs.
mac-physic: Advertises MAC/PHY configuration/status TLVs.
max-frame-size: Advertises maximum frame size TLVs.
power: Advertises power in MDI TLVs and power stateful control TLVs.
med-tlv: Advertises LLDP-MED TLVs.
capability: Advertises LLDP-MED capabilities TLVs.
inventory: Advertises the following TLVs: hardware revision, firmware revision, software revision,
serial number, manufacturer name, model name, and asset ID.
location-id: Advertises location identification TLVs.
civic-address: Inserts the typical address information about the network device in location
identification TLVs .
device-type: Sets a device type value in the range of 0 to 2:
•
Value 0 specifies a DHCP server.
•
Value 1 specifies a switch.
•
Value 2 specifies an LLDP-MED endpoint.
country-code: Sets a country code defined in ISO 3166.
{ ca-type ca-value }&<1-10>: Configures address information. ca-type represents the address
information type in the range of 0 to 255. ca-value represents address information, a string of 1 to
250 characters. &<1-10> indicates that you can specify up to 10 ca-type ca-value pairs.
elin-address: Inserts telephone numbers for emergencies in location identification TLVs.
tel-number: Sets the telephone number for emergencies, a string of 10 to 25 characters.
network-policy [ vlan-id ]: Advertises network policy TLVs. The vlan-id argument specifies the voice
VLAN ID sent to voice terminals, in the range of 1 to 4094. If you do not specify this argument, the
command advertises information about the VLAN assigned by the authentication server or the voice
VLAN ID configured on the interface. For more information, see Layer 2 —LAN Switching
Configuration Guide.
power-over-ethernet: Advertises extended power-via-MDI TLVs.
Usage guidelines
Nearest bridge agents are not supported on aggregate interfaces.
You can enable the device to advertise multiple types of TLVs by using this command without the all
keyword specified.
If the MAC/PHY configuration/status TLV is not advertisable, none of the LLDP-MED TLVs will be
advertised whether they are advertisable. If the LLDP-MED capabilities TLV is not advertisable, the
other LLDP-MED TLVs will not be advertised regardless of whether they are advertisable.
The port and protocol VLAN ID TLV, VLAN name TLV, and management VLAN ID TLV in IEEE 802.1
organizationally specific LLDP TLVs can be configured only for nearest bridge agents. The
configuration can be inherited by nearest customer bridge agents and nearest non-TPMR bridge
agents.
Examples
# Enable the nearest customer bridge agents on Ten-GigabitEthernet 1/0/1 to advertise link
aggregation TLVs of the IEEE 802.1 organizationally specific TLVs on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
322
[Sysname-Ten-GigabitEthernet1/0/1] lldp agent nearest-customer tlv-enable dot1-tlv
link-aggregation
323
Service loopback group commands
display service-loopback group
Use display service-loopback group to display information about the service loopback group.
Syntax
display service-loopback group [ number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
number: Specifies a service loopback group ID. The value range for the number argument is 1 to
1024. If you do not specify a service loopback group, this command displays information about all
service loopback groups.
Examples
# Display information about service loopback group 5.
<Sysname> display service-loopback group 5
Service Group ID: 5
Service Type: Tunnel
Member:
Ten-GigabitEthernet1/0/1
Ten-GigabitEthernet1/0/2
Table 70 Command output
Field
Description
Service Group ID
Service loopback group ID.
Service Type
Service type of the service loopback group:
•
Multicast-tunnel—Supports multicast tunnel traffic.
•
Tunnel—Supports unicast tunnel traffic.
•
Multiport—Supports multiport ARP traffic.
Member
Member ports of the service loopback group.
port service-loopback group
Use port service-loopback group to assign a port to a service loopback group.
Use undo port service-loopback group to remove a port from a service loopback group.
Syntax
port service-loopback group number
undo port service-loopback group
324
Default
The service loopback group does not contain ports.
Views
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
number: Specifies a service loopback group ID. The value range for the number argument is 1 to
1024.
Usage guidelines
Before assigning a port to the service loopback group, make sure the port supports the service type
of the group.
You can assign a maximum of 32 ports to the service loopback group. A port can belong to only one
service loopback group.
When you assign a port to the service loopback group, the system removes the configuration on the
port. For correct traffic processing, make sure the service loopback group has a minimum of one
member port when it is being used by a feature.
Examples
# Assign Ten-GigabitEthernet 1/0/1 to service loopback group 5.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] port service-loopback group 5
service-loopback group
Use service-loopback group to create a service loopback group and specify its service type.
Use undo service-loopback group to delete a service loopback group.
Syntax
service-loopback group number type { { multicast-tunnel | tunnel } *| multiport }
undo service-loopback group number
Views
System view
Predefined user roles
network-admin
Parameters
number: Specifies a service loopback group ID in the range of 1 to 1024.
type: Specifies the service type of the service loopback group.
multicast-tunnel: Specifies the multicast tunnel service.
tunnel: Specifies the unicast tunnel service.
multiport: Specifies the multiport ARP service.
325
Usage guidelines
Service loopback groups must work with other features, such as GRE. A service loopback group can
be used by multiple features.
You must create the service loopback group before you can use it with a feature.
You can configure only one service loopback group for a service type. You cannot change the service
type of the service loopback group.
For correct traffic processing, do not delete a service loopback group that is being used by a feature.
Examples
# Create service loopback group 5 and specify the unicast tunnel service for the group.
<Sysname> system-view
[Sysname] service-loopback group 5 type tunnel
326
Cut-through forwarding commands
cut-through enable
Use cut-through enable to enable cut-through forwarding.
Use undo cut-through enable to restore the default.
Syntax
cut-through enable
undo cut-through enable
Default
Cut-through forwarding is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
A cut-through forwarding-enabled switch forwards a frame after it receives the first 64 bytes of the
frame. This feature reduces the transmission time of a frame within the switch and enhances
forwarding performance.
Examples
# Enable cut-through forwarding on the switch.
<Sysname> system-view
[Sysname] cut-through enable
327
Document conventions and icons
Conventions
This section describes the conventions used in the documentation.
Port numbering in examples
The port numbers in this document are for illustration only and might be unavailable on your device.
Command conventions
Convention
Description
Boldface
Bold text represents commands and keywords that you enter literally as shown.
Italic
Italic text represents arguments that you replace with actual values.
[]
Square brackets enclose syntax choices (keywords or arguments) that are optional.
{ x | y | ... }
Braces enclose a set of required syntax choices separated by vertical bars, from which
you select one.
[ x | y | ... ]
Square brackets enclose a set of optional syntax choices separated by vertical bars,
from which you select one or none.
{ x | y | ... } *
Asterisk marked braces enclose a set of required syntax choices separated by vertical
bars, from which you select at least one.
[ x | y | ... ] *
Asterisk marked square brackets enclose optional syntax choices separated by vertical
bars, from which you select one choice, multiple choices, or none.
&<1-n>
The argument or keyword and argument combination before the ampersand (&) sign
can be entered 1 to n times.
#
A line that starts with a pound (#) sign is comments.
GUI conventions
Convention
Description
Boldface
Window names, button names, field names, and menu items are in Boldface. For
example, the New User window appears; click OK.
>
Multi-level menus are separated by angle brackets. For example, File > Create >
Folder.
Convention
Description
Symbols
WARNING!
An alert that calls attention to important information that if not understood or followed
can result in personal injury.
CAUTION:
An alert that calls attention to important information that if not understood or followed
can result in data loss, data corruption, or damage to hardware or software.
IMPORTANT:
An alert that calls attention to essential information.
NOTE:
TIP:
An alert that contains additional or supplementary information.
An alert that provides helpful information.
328
Network topology icons
Convention
Description
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that
supports Layer 2 forwarding and other Layer 2 features.
Represents an access controller, a unified wired-WLAN module, or the access
controller engine on a unified wired-WLAN switch.
Represents an access point.
T
Represents a wireless terminator unit.
T
Represents a wireless terminator.
Represents a mesh access point.
Represents omnidirectional signals.
Represents directional signals.
Represents a security product, such as a firewall, UTM, multiservice security
gateway, or load balancing device.
Represents a security card, such as a firewall, load balancing, NetStream, SSL VPN,
IPS, or ACG card.
329
Support and other resources
Accessing Hewlett Packard Enterprise Support
•
For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website:
www.hpe.com/assistance
•
To access documentation and support services, go to the Hewlett Packard Enterprise Support
Center website:
www.hpe.com/support/hpesc
Information to collect
•
Technical support registration number (if applicable)
•
Product name, model or version, and serial number
•
Operating system name and version
•
Firmware version
•
Error messages
•
Product-specific reports and logs
•
Add-on products or components
•
Third-party products or components
Accessing updates
•
Some software products provide a mechanism for accessing software updates through the
product interface. Review your product documentation to identify the recommended software
update method.
•
To download product updates, go to either of the following:
{
Hewlett Packard Enterprise Support Center Get connected with updates page:
www.hpe.com/support/e-updates
{
Software Depot website:
www.hpe.com/support/softwaredepot
•
To view and update your entitlements, and to link your contracts, Care Packs, and warranties
with your profile, go to the Hewlett Packard Enterprise Support Center More Information on
Access to Support Materials page:
www.hpe.com/support/AccessToSupportMaterials
IMPORTANT:
Access to some updates might require product entitlement when accessed through the Hewlett
Packard Enterprise Support Center. You must have an HP Passport set up with relevant
entitlements.
330
Websites
Website
Link
Networking websites
Hewlett Packard Enterprise Information Library for
Networking
www.hpe.com/networking/resourcefinder
Hewlett Packard Enterprise Networking website
www.hpe.com/info/networking
Hewlett Packard Enterprise My Networking website
www.hpe.com/networking/support
Hewlett Packard Enterprise My Networking Portal
www.hpe.com/networking/mynetworking
Hewlett Packard Enterprise Networking Warranty
www.hpe.com/networking/warranty
General websites
Hewlett Packard Enterprise Information Library
www.hpe.com/info/enterprise/docs
Hewlett Packard Enterprise Support Center
www.hpe.com/support/hpesc
Hewlett Packard Enterprise Support Services Central
ssc.hpe.com/portal/site/ssc/
Contact Hewlett Packard Enterprise Worldwide
www.hpe.com/assistance
Subscription Service/Support Alerts
www.hpe.com/support/e-updates
Software Depot
www.hpe.com/support/softwaredepot
Customer Self Repair (not applicable to all devices)
www.hpe.com/support/selfrepair
Insight Remote Support (not applicable to all devices)
www.hpe.com/info/insightremotesupport/docs
Customer self repair
Hewlett Packard Enterprise customer self repair (CSR) programs allow you to repair your product. If
a CSR part needs to be replaced, it will be shipped directly to you so that you can install it at your
convenience. Some parts do not qualify for CSR. Your Hewlett Packard Enterprise authorized
service provider will determine whether a repair can be accomplished by CSR.
For more information about CSR, contact your local service provider or go to the CSR website:
www.hpe.com/support/selfrepair
Remote support
Remote support is available with supported devices as part of your warranty, Care Pack Service, or
contractual support agreement. It provides intelligent event diagnosis, and automatic, secure
submission of hardware event notifications to Hewlett Packard Enterprise, which will initiate a fast
and accurate resolution based on your product’s service level. Hewlett Packard Enterprise strongly
recommends that you register your device for remote support.
For more information and device support details, go to the following website:
www.hpe.com/info/insightremotesupport/docs
Documentation feedback
Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help
us improve the documentation, send any errors, suggestions, or comments to Documentation
Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,
331
part number, edition, and publication date located on the front cover of the document. For online help
content, include the product name, product version, help edition, and publication date located on the
legal notices page.
332
Index
ABCDEFIJLMNPQRSUVW
display link-aggregation load-sharing path,97
display link-aggregation member-port,99
display link-aggregation summary,101
display link-aggregation verbose,102
display lldp local-information,284
display lldp neighbor-information,289
display lldp statistics,298
display lldp status,300
display lldp tlv-config,302
display loopback-detection,181
display mac-address,65
display mac-address aging-time,67
display mac-address mac-learning,67
display mac-address mac-move,68
display mac-address nickname,66
display mac-address statistics,69
display mac-vlan,206
display mac-vlan interface,207
display mvrp running-status,254
display mvrp state,256
display mvrp statistics,257
display packet-drop,18
display pbb connection,279
display port,198
display port-isolate group,125
display priority-flow-control,19
display private-vlan,227
display protocol-vlan interface,215
display protocol-vlan vlan,216
display qinq,266
display service-loopback group,324
display storm-constrain,38
display stp,130
display stp abnormal-port,137
display stp bpdu-statistics,138
display stp down-port,140
display stp history,141
display stp region-configuration,142
display stp root,143
display stp tc,144
display supervlan,223
display vlan,191
display vlan brief,193
display vlan mapping,271
display vlan-group,220
A
active region-configuration,128
B
bandwidth,89
bandwidth,186
bandwidth,49
bandwidth,1
bpdu-drop any,128
broadcast-suppression,1
bvlan,275
C
cdp voice-vlan,245
check region-configuration,129
Customer self repair,331
cut-through enable,327
D
dcbx version,284
default,3
default,49
default,89
default,186
description,3
description,50
description,90
description,187
display counters,4
display counters rate,5
display ethernet statistics,6
display interface,91
display interface,8
display interface inloopback,51
display interface loopback,53
display interface null,56
display interface range,61
display interface vlan-interface,188
display ip-subnet-vlan interface,211
display ip-subnet-vlan vlan,212
display l2vpn minm connection,275
display l2vpn minm forwarding,276
display l2vpn vsi,277
display lacp system-id,94
display link-aggregation load-sharing mode,95
333
display voice-vlan mac-address,245
display voice-vlan state,246
Documentation feedback,331
duplex,20
J
lldp check-change-interval,306
lldp compliance admin-status cdp,307
lldp compliance cdp,308
lldp enable,309
lldp encapsulation snap,309
lldp fast-count,310
lldp global enable,311
lldp hold-multiplier,311
lldp ignore-pvid-inconsistency,312
lldp management-address-format string,313
lldp max-credit,313
lldp mode,314
lldp notification med-topology-change enable,315
lldp notification remote-change enable,315
lldp timer fast-interval,316
lldp timer notification-interval,317
lldp timer reinit-delay,317
lldp timer tx-interval,318
lldp tlv-enable,318
loopback,26
loopback-detection action,181
loopback-detection enable,182
loopback-detection global action,183
loopback-detection global enable,184
loopback-detection interval-time,185
jumboframe enable,24
M
L
mac-address (interface view),70
mac-address (system view),72
mac-address information enable (interface view),85
mac-address information enable (system view),86
mac-address information interval,86
mac-address information mode,87
mac-address information queue-length,87
mac-address mac-learning enable,74
mac-address mac-learning priority,75
mac-address mac-move fast-update,78
mac-address mac-roaming enable,76
mac-address max-mac-count,77
mac-address max-mac-count enable-forwarding,77
mac-address notification mac-move,79
mac-address notification mac-move suppression,80
mac-address notification mac-move suppression
interval,80
mac-address notification mac-move suppression
threshold,81
mac-address static source-check enable,82
mac-address timer,82
mac-vlan enable,208
mac-vlan mac-address,208
mac-vlan trigger enable,209
E
eee enable,21
encapsulation,280
F
flow-control,22
flow-control receive enable,23
flow-interval,23
I
instance,145
interface,24
interface bridge-aggregation,105
interface loopback,57
interface null,58
interface range,61
interface range name,63
interface route-aggregation,105
interface vlan-interface,194
ip-subnet-vlan,213
lacp edge-port,106
lacp mode,107
lacp period short,107
lacp system-priority,108
link-aggregation bfd ipv4,109
link-aggregation global load-sharing algorithm,110
link-aggregation global load-sharing minm,110
link-aggregation global load-sharing mode,111
link-aggregation global load-sharing seed,113
link-aggregation ignore vlan,113
link-aggregation lacp traffic-redirect-notification
enable,114
link-aggregation load-sharing mode,115
link-aggregation load-sharing mode local-first,116
link-aggregation management-port,117
link-aggregation management-vlan,117
link-aggregation mode,118
link-aggregation port-priority,118
link-aggregation selected-port maximum,119
link-aggregation selected-port minimum,120
link-delay,25
lldp admin-status,305
334
mdix-mode,40
mrp timer join,259
mrp timer leave,259
mrp timer leaveall,260
mrp timer periodic,261
mtu,121
mtu,48
mtu,194
multicast-suppression,27
mvrp enable,262
mvrp global enable,262
mvrp gvrp-compliance enable,263
mvrp registration,263
protocol-vlan,218
Q
qinq enable,267
qinq ethernet-type customer-tag,267
qinq ethernet-type service-tag,268
qinq transparent-vlan,269
R
region-name,146
Remote support,331
reset counters interface,33
reset counters interface,122
reset counters interface loopback,58
reset counters interface null,59
reset ethernet statistics,33
reset lacp statistics,123
reset mvrp statistics,264
reset packet-drop interface,34
reset pbb connection,283
reset stp,147
revision-level,147
N
name,195
P
pbb i-sid,281
pbb uplink,282
port,199
port access vlan,200
port auto-power-down,28
port bridge enable,40
port connection-distance,41
port hybrid ip-subnet-vlan,214
port hybrid protocol-vlan,217
port hybrid pvid,201
port hybrid vlan,202
port link-aggregation group,121
port link-mode,29
port link-type,203
port private-vlan host,229
port private-vlan promiscuous,230
port private-vlan trunk promiscuous,233
port private-vlan trunk secondary,235
port pvid forbidden,210
port service-loopback group,324
port trunk permit vlan,204
port trunk pvid,205
port up-mode,30
port-isolate enable,126
port-isolate group,126
port-type,42
priority-flow-control,30
priority-flow-control no-drop dot1p,31
private-vlan (VLAN interface view),238
private-vlan (VLAN view),240
private-vlan community,241
private-vlan isolated,242
private-vlan primary,243
S
service,196
service-loopback group,325
shutdown,34
shutdown,60
shutdown,197
shutdown,123
snmp-agent trap enable mac-address,83
snmp-agent trap enable stp,148
speed,35
storm-constrain,43
storm-constrain control,44
storm-constrain enable log,45
storm-constrain enable trap,45
storm-constrain interval,46
stp bpdu-protection,149
stp bridge-diameter,149
stp compliance,150
stp config-digest-snooping,151
stp cost,152
stp edged-port,153
stp enable,154
stp global config-digest-snooping,155
stp global enable,156
stp global mcheck,157
stp log enable tc,157
stp loop-protection,158
stp max-hops,159
335
supervlan,226
stp mcheck,159
stp mode,160
stp no-agreement-check,161
stp pathcost-standard,162
stp point-to-point,162
stp port bpdu-protection,163
stp port priority,164
stp port shutdown permanent,165
stp port-log,166
stp priority,167
stp region-configuration,168
stp role-restriction,168
stp root primary,169
stp root secondary,170
stp root-protection,171
stp tc-protection,171
stp tc-protection threshold,172
stp tc-restriction,173
stp tc-snooping,173
stp timer forward-delay,174
stp timer hello,175
stp timer max-age,176
stp timer-factor,177
stp transmit-limit,177
stp vlan enable,178
subvlan,225
U
unicast-suppression,36
using fortygige,37
using tengige,38
V
virtual-cable-test,47
vlan,197
vlan mapping,272
vlan precedence,211
vlan-group,221
vlan-list,221
vlan-mapping modulo,179
voice-vlan aging,247
voice-vlan enable,248
voice-vlan mac-address,248
voice-vlan mode auto,250
voice-vlan qos,250
voice-vlan qos trust,251
voice-vlan security enable,252
voice-vlan track lldp,252
W
Websites,331
336