Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
HUAWEI
1. Getting Started
2. Port
3. VLAN
4. Network Protocol
5. Routing Protocol
6. Multicast
7. QoS/ACL
8. Integrated Management
9. STP
10. Security
11. Reliability
12. System Management
13. Auto Detecting
14. Appendix
BOM 31190185
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support
and service. If you purchase the products from the sales agent of Huawei Technologies Co.,
Ltd., please contact our sales agent. If you purchase the products from Huawei
Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care
center or company headquarters.
Website: http://www.huawei.com
Trademarks
All other trademarks and trade names mentioned in this manual are the property of
their respective holders.
Notice
The information in this manual is subject to change without notice. Every effort has
been made in the preparation of this manual to ensure accuracy of the contents,
but all statements, information, and recommendations in this manual do not
constitute the warranty of any kind, express or implied.
Release Notes
Related Manuals
Manual Content
Quidway S3528 Series Ethernet
It provides information for the system installation.
Switches Installation Manual
Quidway S3552F Ethernet
It provides information for the system installation.
Switch Installation Manual
Quidway S3526 Ethernet
It provides information for the system installation.
Switch Installation Manual
Quidway S3526E Ethernet
It provides information for the system installation.
Switch Installation Manual
Quidway S3526 FM/FS
Ethernet Switches Installation It provides information for the system installation.
Manual
Quidway S3526C/S3526E
FM/S3526E FS Ethernet It provides information for the system installation.
Switches Installation Manual
Quidway S3500 Series Ethernet It is used for assisting the users in data
Switches Operation Manual configurations and typical applications.
Organization
z Getting Started
This module introduces the commands used for accessing the Ethernet Switch.
z Port
z VLAN
z Network Protocol
This module introduces the commands used for configuring network protocols.
z Routing Protocol
This module introduces the commands used for configuring routing protocols.
z Multicast
This module introduces the commands used for configuring multicast protocols.
z QoS/ACL
z Integrated Management
z STP
z Security
This module introduces the commands used for configuring 802.1X, AAA & RADIUS,
HABP and system-guard.
z Reliability
z System Management
This module introduces the commands used for system management and
maintenance.
z Auto Detecting
This module introduces the commands used for auto-detecting configuration.
z Appendix
This module includes all the commands in this command manual, which are arranged
alphabetically.
Intended Audience
Conventions
I. General conventions
Convention Description
Arial Normal paragraphs are in Arial.
Convention Description
Convention Description
Button names are inside angle brackets. For example, click
<>
the <OK> button.
Format Description
Press the key with the key name inside angle brackets. For
<Key>
example, <Enter>, <Tab>, <Backspace>, or <A>.
Press the keys concurrently. For example, <Ctrl+Alt+A>
<Key1+Key2>
means the three keys should be pressed concurrently.
Press the keys in turn. For example, <Alt, A> means the
<Key1, Key2>
two keys should be pressed in turn.
V. Mouse operation
Action Description
VI. Symbols
Eye-catching symbols are also used in the manual to highlight the points worthy of
special attention during the operation. They are defined as follows:
Getting Started
Table of Contents
i
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Syntax
View
Parameter
Description
Example
Syntax
1-1
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
View
Parameter
Description
Caution:
z If you execute this command, the user-interface can no longer be used to perform
routine configurations on the local system. Therefore use caution when using this
command.
z Ensure that you will be able to log into the system in some other way to cancel the
configuration, before you configure the auto-execute command command and
save the configuration.
Example
# Configure to automatically telnet 10.110.100.1 after the user logs in via VTY 0.
[Quidway-ui-vty0] auto-execute command telnet 10.110.100.1
Syntax
View
System view
1-2
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Parameter
Description
Using command-privilege level command, you can configure the priority of the
specifically command of the specifically view. Using undo command-privilege view
command, you can restore the default command priority.
The command levels include visit, monitoring, system, and management, which are
identified as 0 through 3 respectively. The network administrator can customize the
command levels as needed.
When users log into the switch, the commands they can use depend jointly on the user
level settings and the command level settings on the user interface. If the two types of
settings differ,
z For the users using AAA/RADIUS authentication, the commands they can use are
determined by the user level settings. For example, if a use is set to level 3 and the
command level on the VTY 0 user interface is level 1, he or she can only use the
commands of level 3 or lower when logging into the switch from the VTY 0 user
interface.
z For the users using RSA public key authentication, the commands they can use
are determined by the command level settings on the user interface.
By default, ping, tracert, and telnet are at visit level (0); display and debugging are at
monitoring level (1); all configuration commands are at system level (2); and FTP,
XMODEM, TFTP and commands for file system operations are at management level
(3).
Example
1.1.4 databits
Syntax
databits { 7 | 8 }
undo databits
View
1-3
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Parameter
Description
Using databits command, you can configure the data bits for AUX (Console) port.
Using undo databits command, you can restore the default bits of the AUX (Console).
This command can only be performed in AUX user interface view.
By default, the value is 8.
Example
Syntax
display history-command
View
Any view
Parameter
None
Description
Using display history-command command, you can view the saved history
commands.
For the related command, see history-command max-size.
Example
1-4
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Syntax
View
Any view
Parameter
Description
Using display user-interface command, you can view the relational information of the
user interface. The displayed information includes user interface type, absolute/relative
index, transmission speed, priority, and authentication methods.
Example
Field Description
+ Current user interface is in use
F Current user interface is in use and work in asynchronous mode
Idx Absolute index of user interface
Type Type and relative index of user interface
Tx/Rx User interface speed
1-5
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Field Description
Modem Modem operation mode
Which levels of commands can be used after logging in from
Privi
the user interface
Syntax
View
Any view
Parameter
Description
Using display users command, you can view the information of the user interface.
Example
Field Description
F Current user interface is in use and work in asynchronous mode.
Number of the first list is the absolute number of user interface.
UI
Number of the second list is the relative number of user interface.
Delay Indicates the interval from the latest input till now in seconds.
Type User type
Displays initial connection location, namely the host IP address of
IPaddress
the incoming connection.
Display the name of the user using this user interface, namely the
Username
login username of the user.
1-6
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
1.1.8 flow-control
Syntax
View
Parameter
Description
Using flow-control command, you can configure the flow control mode on AUX
(Console) port. Using undo flow-control command, you can restore the default flow
control mode.
By default, the value is none. That is, no flow control will be performed.
This command can only be performed in AUX user interface view.
Example
Syntax
View
User view
Parameter
1-7
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Description
Using free user-interface command, you can clear a user of a specified user interface.
The user interface will be disconnected after the command is executed.
Note that the user of the current user interface cannot be cleared.
Example
# Clear the user of the user interface 1 after logging in to the switch via user interface 0.
<Quidway> free user-interface 1
After the command is executed, user interface 1 will be disconnected. It will not be
connected to the switch until you log in via the user interface 1 for the next time.
1.1.10 header
Syntax
View
System view
Parameter
Description
Using header command, you can configure to display header when user login. Using
undo header command, you can configure not to display the header.
1-8
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
When the users log in the switch, if a connection is activated, the login header will be
displayed. After the user successfully logs in the switch, the shell header will be
displayed.
Note that if you press <Enter> after typing any of the three keywords shell, login and
incoming in the command, then what you type after the word header is the contents of
the login information, instead of identifying header type.
You can judge whether the initial character can be used as the header contents this
way:
1) If there is only one character in the first line and it is used as the identifier, this
initial character pairs with the ending character and is not the header contents.
2) If there are many characters in the first line but the initial and ending characters
are different, this initial character pairs with the ending character and is the header
contents.
3) There are many characters in the first line and the initial character is identical with
the ending character, this initial character is not the header contents.
Example
When you log on the switch again, the terminal displays the configured session
establishment title.
[Quidway] quit
<Quidway> quit
Please press ENTER
SHELL: Hello! Welcome (The initial character “%” is not the header contents)
<Quidway>
Go on inputting the rest text and end your input with the first letter:
Hello! Welcome % (Press the <Enter> key)
[Quidway]
When you log on the switch again, the terminal displays the configured session
establishment title.
[Quidway] quit
<Quidway> quit
1-9
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Syntax
View
Parameter
value: Defines the size of the history buffer, ranging from 0 to 256. By default, the size is
10, that is, 10 history commands can be saved.
Description
Using history-command max-size command, you can configure the size of the history
command buffer. Using undo history-command max-size command, you can restore
default size of the history command buffer.
Example
1.1.12 idle-timeout
Syntax
View
Parameter
1-10
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Description
Using idle-timeout command, you can configure the timeout function. If there is no
user operation performed before idle-timeout expires, the user interface will be
disconnected. Using undo idle-timeout command, you can restore the default
idle-timeout.
idle-timeout 0 means disabling idle-timeout.
By default, idle-timeout is set to 10 minutes.
Example
1.1.13 language-mode
Syntax
View
User view
Parameter
Description
Example
1.1.14 lock
Syntax
lock
View
User view
1-11
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Parameter
None
Description
Using lock command, you can lock the user interface to prevent unauthorized user
from operating it.
Example
1.1.15 parity
Syntax
View
Parameter
Description
Using parity command, you can configure the parity mode on AUX (Console) port.
Using undo parity command, you can restore the default parity mode.
This command can only be performed in AUX user interface view.
By default, the mode is set to none.
Example
1-12
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Syntax
View
Parameter
Description
Using the protocol inbound command, you can configure the protocols supported by
a designated user interface.
By default, the user interface supports Telnet and SSH protocols.
For the related commands, see user-interface vty.
Example
1.1.17 quit
Syntax
quit
View
Any view
Parameter
None
Description
Using quit command, you can return to the lower level view from the current view. If the
current view is user view, you can quit the system.
There are three levels of views, which are listed from low to high as follows:
z User view
1-13
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
z System view
z VLAN view, Ethernet port view, and so on.
For the related commands, see return, system-view.
Example
1.1.18 return
Syntax
return
View
Parameter
None
Description
Using return command, you can return to user view from a view other than user view.
Combination key <Ctrl+Z> performs the same function with the return command.
For the related command, see quit.
Example
1.1.19 screen-length
Syntax
screen-length screen-length
undo screen-length
View
1-14
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Parameter
screen-length: Specifies how many lines can be displayed on a screen, ranging from 0
to 512. The default value is 24.
Description
Using screen-length command, you can configure how many lines that can be
displayed on a screen of the terminal. Using undo screen-length command, you can
restore the default number of terminal information lines displayed on the terminal
screen.
The screen-length 0 command is used to disable this function.
Example
1.1.20 send
Syntax
View
User view
Parameter
Description
Using send command, you can send messages between different user interfaces.
Example
1.1.21 service-type
Syntax
1-15
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
View
Local-user view
Parameter
Description
Using service-type command, you can configure which level of command a user can
use after logon. Using undo service-type command, you can restore the default level
of command a user can use after logon.
Commands are classified into four levels, namely visit level, monitoring level, system
level and management level. They are introduced as follows:
z Visit level: Commands of this level involve command of network diagnosis tool
(such as ping and tracert), command of switch between different language
environments of user interface (language-mode), and telnet command etc. The
operation of saving configuration file is not allowed on this level of commands.
z Monitoring level: Commands of this level, including the display command and the
debugging command, are used for system maintenance, service fault diagnosis,
etc. The operation of saving the configuration file is not allowed on this level of
commands.
z System level: Service configuration commands, including routing command and
commands on each network layer, are used to provide direct network service to
the user.
z Management level: These are commands that influence the basic operation of the
system and system support module, which plays a supporting role on service.
1-16
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Commands of this level involve file system commands, FTP commands, TFTP
commands, XModem downloading commands, user management commands,
and level setting commands.
Example
# Quit the system and logs on with username “zbr” again. Now only the commands at
level 0 are listed on the terminal.
[Quidway] quit
<Quidway> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Privilege specified user priority level
telnet Establish one TELNET connection
tracert Trace route function
Syntax
View
Parameter
1-17
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Description
Using set authentication password command, you can configure the password for
local authentication. Using undo set authentication password command, you can
cancel local authentication password.
The password in plain text is required when performing authentication, regardless
whether the configuration is plain text or encrypted text.
Note:
By default, password is required to be set for authenticating the users connecting via
Modem or Telnet. If no password has been set, the following prompt will be displayed
“Login password has not been set !”
Example
1.1.23 shell
Syntax
shell
undo shell
View
Parameter
None
Description
Using shell command, you can enable terminal service of a user interface. Using undo
shell command, you can disable the terminal service of a user interface.
By default, terminal service is enabled.
When using the undo shell command, note the following points.
z For the sake of security, the undo shell command can only be used on the user
interfaces other than the AUX user interface.
z You cannot use this command on the user interface via which you log in.
1-18
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
z You will be asked to confirm before executing this command on any legal user
interface.
Example
# Disable terminal service on the vty user interface 0 to 4 after logging in to the switch
via user interface 0.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] undo shell
# The following message will be displayed on the Telnet terminal after logon.
Connection to host lost.
1.1.24 speed
Syntax
speed speed-value
undo speed
View
Parameter
speed-value: Specifies the transmission rate on the AUX (Console) port in bit/s, which
can be 300, 600, 1200, 4800, 9600, 19200, 38400, 57600, or 115200. The default rate
is 9600bit/s.
Description
Using speed command, you can configure the transmission rate on the AUX (Console)
port. Using undo speed command, you can restore the default rate.
This command can only be performed in AUX user interface view.
Example
1.1.25 stopbits
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
1-19
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
View
Parameter
Description
Using stopbits command, you can configure the stop bits on the AUX (Console) port.
Using undo stopbits command, you can restore the default stop bits.
This command can only be performed in AUX user interface view.
By default, the value is 1.
Example
1.1.26 super
Syntax
super [ level ]
View
User view
Parameter
Description
Using super command, you can enable the user to change to user level from the
current user level. If the user has set the super password [ level level ] { simple |
cipher } password, then user password of the higher level is needed, or the former user
level will not change.
Login users are classified into four levels that correspond to the four command levels
respectively. After users of different levels log in, they can only use commands at the
levels that are equal to or lower than its own level.
For the related commands, see super password, quit.
1-20
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Example
Syntax
View
System view
Parameter
level: User level, ranging from 1 to 3. The default value is 3, i.e. do not specify user level.
It means the password to be set is used for entering level 3.
simple: Configure to display the password in plain text.
cipher: Configure to display the password in encrypted text.
password: If the authentication is in the simple mode, the password must be in plain
text. If the authentication is in the cipher mode, the password can either be in
encrypted text or in plain text. The result is determined by the input. A plain text
password is a sequential character string of no more than 16 digits, for example,
huawei918. The length of an encrypted password must be 24 digits and in encrypted
text, for example, (TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Using super password command, you can configure the password for changing the
user from a lower level to a higher level. In order to prevent unauthorized users from
illegal intrusion, user ID authentication is performed when users switch from a lower
level to a higher level. For the sake of confidentiality, on the screen the user cannot see
the password that he entered. Only when correct password is input for three times, can
the user switch to the higher level. Otherwise, the original user level will remain
unchanged. Using undo super password command, you can cancel the current
settings.
The password in plain text is required when performing authentication, regardless
whether the configuration is plain text or encrypted text.
Example
# Configure the password to zbr for changing the user from the current level to level 3.
1-21
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
1.1.28 sysname
Syntax
sysname text
undo sysname
View
System view
Parameter
text: Specifies the hostname with a character string, ranging from 1 to 30 characters.
The default name is Quidway.
Description
Using sysname command, you can configure the hostname of the switch. Using undo
sysname command, you can restore the default hostname.
Changing the hostname of the switch will affect the prompt of command line interface.
For example, if the hostname of the switch is Quidway, the prompt in user view will be
<Quidway>.
Example
1.1.29 system-view
Syntax
system-view
View
User view
Parameter
None
Description
Using system-view command, you can enter system view from user view.
For the related commands, see quit, return.
1-22
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Example
1.1.30 telnet
Syntax
View
User view
Parameter
hostname: Specifies the host name of the remote switch. It is configured using the ip
host command.
ip-address: Specifies the IP address of the remote switch.
service-port: Designates the TCP port on the remote switch providing Telnet service,
ranging from 0 to 65535.
Description
Using telnet command, you can log in to another switch from the current one via telnet
for remote management. To terminate the Telnet logon, press <Ctrl+]>.
By default, when the service-port is not specified, the default telnet port number is 23.
For the related command, see display tcp status.
Example
1.1.31 user-interface
Syntax
View
System view
1-23
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Parameter
type: Specifies the user interface type, which can be aux or vty.
first-number: Specifies the number of the first user interface to be configured.
last-number: Specifies the number of the last user interface to be configured.
Description
Using user-interface command, you can enter single user interface view or multiple
user interface views to configure the corresponding user interfaces.
Example
# Enter user interface view 0 through 5, that is, 1 AUX (Console) port user interface
view and 5 VTY user interface views.
[Quidway] user-interface 0 5
[Quidway-ui0-5]
Syntax
View
Parameter
level: Specifies which level of command a user can use after logon from the specifically
user interface, ranging from 0 to 3.
Description
Using user privilege level command, you can configure which level of command a
user can use after logon from the specifically user interface, so that a user can use all
the available commands at this level. Using undo user privilege level command, you
can restore the default level of command a user can use after logon from the
specifically user interface.
By default, a user can access the commands at Level 3 after logging in through the
AUX user interface, and the commands at Level 0 after logging in through the VTY user
interface.
Example
# Configure to use commands level 0 after logging in from VTY 0 user interface.
1-24
Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
# After you telnet from VTY 0 user interface to the switch, you will view the terminal only
displays commands at level 0.
<Quidway> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Privilege specified user priority level
telnet Establish one TELNET connection
tracert Trace route function
1-25
HUAWEI
Port
Table of Contents
i
Command Manual - Port
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Syntax
View
Parameter
ratio: Specifies the maximum bandwidth ratio of the broadcast traffic allowed on
Ethernet port, ranging form 1 to 100. By default, the value is 100. The smaller the ratio
is, the smaller the broadcast traffic is permitted.
bandwidth: Specifies the maximum bandwidth of the broadcast traffic on Ethernet port.
It ranges from 1 to 100 for 100Mbit/s port in Mbit/s.
Description
Using broadcast-suppression command, you can configure the broadcast traffic size
enabled on port. Once the broadcast traffic exceeds the value set by the user, the
system will discard some broadcast to ensure network service so that the traffic ratio of
broadcast is maintained in a proper range. Using undo broadcast-suppression
command, you can restore the default broadcast traffic enabled on port as 100. i.e.,
100% broadcast traffic is allowed to pass through.
Example
# Enable 20% broadcast cast to pass, i.e. 80% broadcast storm suppression is made
on broadcast traffic of port.
[Quidway-Ethernet0/1] broadcast-suppression 20
1.1.2 description
Syntax
description text
undo description
1-1
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
View
Parameter
Description
Using description command, you can configure the description character string for
Ethernet port. Using undo description command, you can cancel the port description
character string.
By default, the port description character string is null.
Example
Syntax
View
Any view
Parameter
Description
Using display interface command, you can view the configuration information on the
port.
If the port type and number are not specified when displaying the port information, the
information of all the ports will be displayed. If only the port type is specified, all the
information of the ports of this type will be displayed. If both port type and port number
are specified, the information of the designated port will be displayed.
1-2
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Example
Field Description
The current state of Ethernet port (enabled or
Ethernet0/1 current state
disabled)
1-3
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Field Description
Hardware address Port hardware address
Description Port description character string
The Maximum Transmit Unit Maximum transmit unit
Media type Type of media
loopback not set Port loopback test state
Port hardware type Port hardware type
100Mbps-speed mode,
full-duplex mode Both the duplex mode and the rate are set to
auto-negotiation. The rate of 100Mbps and the
Link speed type is mode of full-duplex are adopted after negotiating
autonegotiation, link duplex type with its peer
is autonegotiation
1-4
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Field Description
input(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts
input(normal): - packets, - bytes
- broadcasts, - multicasts
input: 0 input errors, 0 runts, 0
giants, - throttles, 0 CRC
0 frame, - overruns, 0
aborts, 0 ignored, - parity errors
Output(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, The statistics information of input/output packets
0 pauses and errors on this port
Output(normal): - packets, -
bytes
- broadcasts, - multicasts, -
pauses
Output: 0 output errors, 0
underruns, - buffer failures
- aborts, 0 deferred, 0
collisions, 0 late collisions
- lost carrier, - no carrier
Syntax
display loopback-detection
View
Any view
Parameter
None
Description
Using display loopback-detection command, you can view whether the port loopback
detection has been enabled. If it has been enabled, then the time interval of the
detection and the current port loopback information will also be displayed.
Note that S3526/S3526 FS/S3526 FM/S3526E/S3526C Ethernet Switches support this
command in S3500 series switches.
Example
1-5
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Field Description
Loopback-detection is running The loopback detection is enabled
Detection interval time is 30 seconds The detection interval is 30 seconds
There is no port existing loopback link No port is in the loopback state
Syntax
View
Any view
Parameter
Description
Using display port command, you can view the ports in the current system, whose link
type is Hybrid or Trunk. If there is any such port, display the corresponding port name.
Example
The above information displays that the current system has two Hybrid ports,
Ethernet0/1 and Ethernet0/2.
1.1.6 duplex
Syntax
1-6
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
undo duplex
View
Parameter
Description
Using duplex command, you can configure the full-duplex/half-duplex attribute of the
Ethernet port. Using undo duplex command, you can restore the duplex attribute of
the port to default auto-negotiation mode.
By default, the duplex attribute is auto.
For the related command, see speed.
Example
1.1.7 flow-constrain
Syntax
View
Parameter
time-value: Time interval to detect traffic on the port, ranging from 5 to 300 (seconds)
and in steps of 5.
flow-value: Traffic threshold on the port, in the range of 0 to 4294967295. It defaults to
0.
bps: Bytes per second.
pps: Packets per second.
Description
1-7
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Use the undo flow-constrain command to remove the traffic threshold configuration
on the port.
By default, no traffic threshold is defined on the port.
After you define traffic threshold and handling pattern on the port, the system detects
and counts the traffic in a specified interval. If the actual traffic exceeds the threshold,
the system handles the port based on the defined pattern.
Example
# Configure the traffic threshold on the Ethernet0/1 port as 5000pps and detection
interval as 10 seconds.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway] interface ethernet0/1
[Quidway-Ethernet0/1] flow-constrain 10 5000 pps
Syntax
View
Parameter
Description
Use the flow-constrain method command to define handling pattern when actual
traffic on the port exceeds the threshold.
Use the undo flow-constrain command to restore the default handling pattern.
By default, only trap messages are sent when actual traffic on the port exceeds the
threshold.
Example
# Configure the system to disable the port and send trap messages when actual traffic
on the port exceeds the threshold.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
1-8
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
1.1.9 flow-control
Syntax
flow-control
undo flow-control
View
Parameter
None
Description
Using flow-control command, you can enable flow control feature on the Ethernet port
to avoid discarding data packets due to congestion. Using undo flow-control
command, you can disable flow control feature.
By default, flow control on the Ethernet port is disabled.
Example
1.1.10 flow-interval
Syntax
flow-interval interval
undo flow-interval
View
Parameter
interval: Specifies time interval, ranging from 5 to 300 in seconds. The step is 5. The
default value is 300.
1-9
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Description
Using the flow-interval command, you can configure a time interval. When calculating
port statistics information, the switch calculates the average port speed during the time
interval. Using the undo flow-interval command, you can restore the default value.
For the related command, see display interface.
Example
1.1.11 interface
Syntax
View
System view
Parameter
1-10
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Slot 7 represents the 1000M Ethernet ports provided by the four GBIC modules on rear
panel respectively and the port number range from 1 to 4.
interface_name: Specifies the port name in the interface_name= interface_type
interface_num format.
Description
Using interface command, you can enter the Ethernet port view.
If the user wants to configure the related parameters of the Ethernet port, he must first
use this command to enter the Ethernet port view.
Example
1.1.12 loopback
Syntax
View
Parameter
Description
Using loopback command, you can configure the Ethernet port to perform the
loopback test to check whether the Ethernet port works normally and the loop test will
finish automatically after being performed for a while.
By default, the port will not perform the loopback test.
Example
Syntax
1-11
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Parameter
None
Description
Using the command, you can enable loopback detection controlled function on Trunk
and Hybrid port, that is, when the system finds out that ports on a certain VLAN on
Trunk or Hybrid port is looped back, it then makes the Trunk and Hybrid port operate
under control, meantime, deletes the port corresponding MAC address entry. Using the
undo loopback-detection control enable command, you can disable this function,
that is, when the system finds out that port on a certain VLAN on Trunk or Hybrid port is
looped back, it only reports the Trap information. The Trunk or Hybrid port is still
operates in the normal state.
By default, loopback detection controlled function on Trunk or Hybrid port is enabled.
Note that, this command has no effect on Access ports.
Example
Syntax
loopback-detection enable
undo loopback-detection enable
View
Parameter
None
Description
Using loopback-detection enable command, you can enable the port loopback
detection. If there is a loopback port found, the switch will put it under control. Using
undo loopback-detection enable command, you can disable the port loopback
detection.
1-12
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Using this command in the system, you can enable/disable the port loopback detection
function of the entire device; using this command in Ethernet port view, you can
enable/disable the port loopback detection function of the current port.
By default, port loopback detection is enabled.
For the related command, see display loopback-detection.
Example
Syntax
View
System view
Parameter
time: Specifies the interval of monitoring external loopback conditions of the port. It
ranges from 5 to 300, measured in seconds. By default, the interval is 30 seconds.
Description
Example
# Configure the detection interval for the external loopback condition of each port to 10
seconds.
[Quidway] loopback-detection interval-time 10
Syntax
1-13
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
View
Parameter
None
Description
Using the loopback-detection per-vlan enable command, you can configure that the
system performs loopback detection to all VLANs on Trunk and Hybrid ports. Using the
undo loopback-detection per-vlan enable command, you can configure that the
system only performs loopback detection to the default VLANs on the port.
By default, the system performs loopback detection to all VLANs on Trunk and Hybrid
ports.
Example
# Configure the detection interval for the external loopback condition of each port to 10
seconds.
[Quidway-Ethernet0/1] loopback-detection per-vlan enable
1.1.17 mdi
Syntax
View
Parameter
Description
Using mdi command, you can configure the network cable type of the Ethernet ports.
Using undo mdi command, you can restore the default type.
By default, the network cable type will be recognized automatically.
Note that this command only has effect 10/100Base-TX and 1000Base-T ports.
1-14
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Example
Syntax
View
Parameter
Description
Using port access vlan command, you can join the access port to a specified VLAN.
Using undo port access vlan command, you can cancel the access port from the
VLAN.
The use condition of this command is the VLAN indicated in vlan_id must exist.
Example
Syntax
View
Parameter
vlan_id: VLAN ID defined in IEEE802.1Q, ranging from1 to 4094 and the default
vlan_id is 1.
1-15
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Description
Using port hybrid pvid vlan command, you can configure the default VLAN ID of the
hybrid port. Using undo port hybrid pvid command, you can restore the default VLAN
ID of the hybrid port.
Hybrid port can be configured together with the isolate-user-vlan. But if the default
VLAN has set mapping in the isolate-user-vlan, the default VLAN ID cannot be modified.
If you want to modify it, cancel the mapping first.
The default VLAN ID of local hybrid port shall be consistent with that of the peer one,
otherwise, the packet cannot be properly transmitted.
For the related command, see port link-type.
Example
Syntax
View
Parameter
Description
Using port hybrid vlan command, you can join the hybrid port to specified existing
VLAN. Using undo port hybrid vlan command, you can cancel the hybrid port from
the specified VLAN.
Hybrid port can belong to multiple VLANs. If the port hybrid vlan vlan_id_list { tagged
| untagged } command is used for many times, the VLANs carried by the hybrid port is
the set of vlan_id_list.
1-16
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
This command can be used on condition that the VLAN specified with vlan_id must
have been existed.
For the related command, see port link-type.
Example
# Join hybrid port Ethernet0/1 to VLAN of 2, 4 and 50-100, and these VLAN will have
tags.
[Quidway-Ethernet0/1] port hybrid vlan 2 4 50 to 100 tagged
Syntax
View
Parameter
Description
Using port link-type command, you can configure the link type of Ethernet port. Using
undo port link-type command, you can restore the port as default status, i.e. access
port.
You can configure three types of ports concurrently on the same switch, but you cannot
switch between trunk port and hybrid port. You must turn it first into access port and
then set it as other type. For example, you cannot configure a trunk port directly as
hybrid port, but first set it as access port and then as hybrid port.
By default, the port is access port.
Example
1-17
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Syntax
View
Parameter
Description
Using port trunk permit vlan command, you can join trunk port to specified VLAN.
Using undo port trunk permit vlan command, you can cancel trunk port from
specified VLAN.
Trunk port can belong to multiple VLANs. If the port trunk permit vlan command is
used many times, then the VLAN enabled to pass on trunk port is the set of these
vlan_id_list.
This command can be used on condition that the VLAN specified with vlan_id is not the
default one.
For the related command, see port link-type.
Example
Syntax
View
1-18
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Parameter
vlan_id: VLAN ID defined in IEEE802.1Q, ranging from1 to 4094 and the default
vlan_id is 1.
Description
Using port trunk pvid vlan command, you can configure the default VLAN ID of trunk
port. Using undo port trunk pvid command, you can restore the default VLAN ID of
the port.
Trunk port and isolate-user-vlan cannot be configured simultaneously.
The default VLAN ID of local trunk port should be consistent with that of the peer one,
otherwise, the packet cannot be properly transmitted.
For the related command, see port link-type.
Example
Syntax
View
User view
Parameter
Description
Using reset counters interface command, you can reset the statistical information on
the port. and count the related information again on the port for the user.
If the port type and number are not specified when clearing the port information,
information of all ports on the switch will be cleared. If only the port type is specified, all
the information on the ports of this type will be cleared. If both port type and port
number are specified, the information on the designated port will be cleared.
1-19
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Example
1.1.25 shutdown
Syntax
shutdown
undo shutdown
View
Parameter
None
Description
Using shutdown command, you can disable the Ethernet port. Using undo shutdown
command, you can enable the Ethernet port.
By default, the Ethernet port is enabled.
Example
1.1.26 speed
Syntax
View
1-20
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Parameter
Description
Using speed command, you can configure the port speed. Using undo speed
command, you can restore the default speed.
By default, the speed is auto.
For the related command, see duplex.
Example
1.1.27 virtual-cable-test
Syntax
virtual-cable-test
View
Parameter
None
Description
Using virtual-cable-test command, you can get the information of the cable test in 5
seconds. The test information includes the condition of the cable ( open or short ) , and
the distance between the ethernet port and the cable with fault.
Note that S3552G/S3552P/S3528G/S3528P/S3552F Ethernet Switches support this
configuration in S3500 series switches.
Example
1-21
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Syntax
vlan-vpn enable
undo vlan-vpn
View
Parameter
None
Description
Using vlan-vpn enable command, you can enable port VLAN VPN. Using undo
vlan-vpn command, you can disable port VLAN VPN.
By default, the port VLAN VPN is disabled.
Note that if anyone of GVRP, GMRP, STP, 802.1x, NTDP and NDP has been enabled
on a port, VLAN VPN cannot be enabled on it.
S3552G/S3552P/S3528G/S3528P/S3552F Ethernet Switches support this
configuration in S3500 series switches.
Example
1-22
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 2 Ethernet Port Link Aggregation Commands
Syntax
View
Any view
Parameter
Description
Using display link-aggregation command, you can view the related information on
aggregation port.
If the master port number of an aggregation is specified, information on this link
aggregation will be displayed. If the master port number is not specified, information of
all link aggregations will be displayed.
For the related command, see link-aggregation.
Example
# Display the related information of the aggregation group with the master port number
as Ethernet0/1.
<Quidway> display link-aggregation ethernet0/1
Master port: Ethernet0/1
Other sub-ports:
Ethernet0/2
Mode: both
2-1
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 2 Ethernet Port Link Aggregation Commands
Field Description
Master port Master port
Other sub-ports Other member ports
Mode Aggregation mode
2.1.2 link-aggregation
Syntax
View
System view
Parameter
port_num1: Starting range value of Ethernet port joined the Ethernet link aggregation.
port_num2: Last range value of Ethernet port joined the Ethernet link aggregation.
both: Configures that the sub-ports in the link aggregation share outgoing load on the
port depending on the source address and destination MAC address.
ingress: Configures that the sub-ports in the link aggregation share outgoing load on
the port depending on the source MAC addresses.
master_port_num: Master port number in link aggregation.
all: all aggregated ports.
Description
2-2
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 2 Ethernet Port Link Aggregation Commands
Example
# Configure outgoing load balance on the port depending on the source and destination
MAC addresses.
[Quidway] link-aggregation ethernet0/1 to ethernet0/2 both
2-3
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 3 Port Isolation Configuration Commands
Note:
Quidway S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E
FS/S3526C Ethernet switches support the port isolation configuration.
Syntax
port-isolate enable
undo port-isolate enable
View
VLAN view
Parameter
None
Description
Using port-isolate enable command, you can enable port L2 isolation in a VLAN.
Using undo port-isolate enable command, you can disable port L2 isolation.
By default, port L2 isolation is not enabled in a VLAN, that is, L2 forwarding is available
between the ports in a VLAN.
Example
Syntax
3-1
Command Manual - Port
Quidway S3500 Series Ethernet Switches Chapter 3 Port Isolation Configuration Commands
View
Parameter
vlan-id: VLAN the uplink port belong to, in the range of 1 to 4094.
Description
Using port-isolate uplink-port vlan command, you can configure an isolated port as
uplink port. Using undo port-isolate uplink-port vlan command, you can restore the
uplink port to common isolated port.
By default, no uplink port is configured.
Note that:
z After port L2 isolation is enabled in a VLAN, then you are allowed to configure a
port as uplink port. You can only configure one uplink port in a VLAN.
z You must first restore the uplink port to common isolated port before deleting it
from the VLAN.
z If a Trunk port is set as uplink port, then you are recommended to set that all VLAN
are allowed to pass through the Trunk port and that it is the only uplink port in that
VLAN.
z You cannot enable port isolation and link aggregation concurrently on a port.
Example
3-2
HUAWEI
VLAN
Table of Contents
i
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
Syntax
description string
undo description
View
Parameter
string: description character string of current VLAN or VLAN interface, with a length
ranging from 1 to 32 characters. The default description character string of current
VLAN is VLAN ID of the VLAN, e.g. VLAN 0001. The default description character
string of VLAN interface is the interface name, e.g. Vlan-interface1 Interface.
Description
Using description command, you can configure a description for the current VLAN or
VLAN interface. Using undo description command, you can restore the default
description of current VLAN or VLAN interface.
For the related command, see display vlan, display interface vlan-interface.
Example
Syntax
View
Any view
Parameter
1-1
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
Description
Using display interface vlan-interface command, you can view the related
information about specified or all VLAN interfaces such as physical status and link
status of VLAN interface, Ethernet frame format, MAC address, IP address and sub-net
mask, description character string and MTU, etc.
With vlan_id specified, only the information about the specified VLAN interface will be
displayed. If no vlan_id is specified, the information about all the existing VLAN
interfaces will be displayed.
For the related command, see interface vlan-interface.
Example
Syntax
View
Any view
Parameter
Description
Using display vlan command, you can view related information about the specified or
all VLANs.
If vlan_id or all is specified, information of specified VLAN or all VLANs is displayed. It
includes: VLAN ID, VLAN state, whether the routing function has been enable on this
1-2
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
VLAN (i.e. whether the route interface exists. If it exists, display primary IP address and
mask), VLAN description, and the ports VLAN contains.
If parameter is not specified, information of the VLAN that has been created is
displayed. If the parameter dynamic or static is selected, information of VLAN created
dynamically or statically by the system is displayed.
For the related command, see vlan.
Example
Syntax
View
System view
Parameter
Description
Using interface vlan-interface command, you can configure VLAN interface or enter
VLAN interface view. Using undo interface vlan-interface command, you can cancel
one VLAN interface.
For the related command, see display interface vlan-interface.
Example
1-3
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
1.1.5 ip address
Syntax
View
Parameter
Description
Using ip address command, you can configure the IP address and the mask for VLAN
interface. Using undo ip address command, you can cancel the IP address and the
mask of one VLAN interface.
Generally, it is enough to configure one IP address for an VLAN interface. You can also
configure 10 IP addresses for an VLAN interface, so that it can be connected to several
subnets. Among these IP addresses, one is the primary IP address and all others are
secondary. The relationship between primary and secondary addresses is:
z When you configure a primary IP address for an interface, which already has a
primary IP address, the newly configured one will replace the old one.
z If you input undo ip address command without any parameter, the switch will
delete both primary and secondary IP address of an interface. undo ip address
ip-address net-mask command can be used to delete the primary IP address,
while undo ip address ip-address net-mask sub command can be used to delete
the secondary IP address.
For the related command, see display vlan, display interface vlan-interface.
Example
1.1.6 name
Syntax
name string
undo name
1-4
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
View
VLAN view
Parameter
string: The name of the current VLAN, which consists of 1 to 32 characters. By default,
it is the VLAN ID of the current VLAN, e.g. VLAN 0001.
Description
Using name command, you can name the current VLAN. Using undo name command,
you can restore the default name of the current VLAN.
By default, the name is the VLAN ID of the current VLAN.
Note that: S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E
FS/S3526C support the command.
Example
1.1.7 port
Syntax
port interface_list
undo port interface_list
View
VLAN view
Parameter
Description
Using port command, you can add one port or one group of ports to VLAN. Using undo
port command, you can cancel one port or one group of ports from VLAN.
1-5
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
Note that you can add/delete trunk port and hybrid port to/from VLAN by port and undo
port commands in Ethernet port view, but not in VLAN view.
For the related command, see display vlan.
Example
1.1.8 shutdown
Syntax
shutdown
undo shutdown
View
Parameter
None
Description
Using shutdown command, you can disable the VLAN interface. Using undo
shutdown command, you can enable the VLAN interface.
By default, when all Ethernet ports are in DOWN status in VLAN interface, the VLAN
interface is in DOWN status, i.e. disabled status. When there is one or more Ethernet
ports in VLAN interface are in UP status, the VLAN interface is UP.
This command can be used to start interface after the related parameters and protocols
of VLAN interface are set well. Or when the VLAN interface fails, the interface can be
shut down first and then restarted, in this way, the interface may be restored to normal
status. Shutting down or starting VLAN interface will not take any effect on any Ethernet
port of this VLAN.
Example
1-6
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
1.1.9 vlan
Syntax
vlan vlan_id
undo vlan { vlan_id [ to vlan_id ] | all }
View
System view
Parameter
Description
Using vlan command, you can enter VLAN view. If the specified VLAN is not created,
create it first. Using undo vlan command, you can cancel the specified VLAN.
VLAN 1 is default VLAN and cannot be deleted.
For the related commands, see display vlan.
Example
Syntax
View
System view
Parameter
Description
Using vlan { enable | disable } command, you can enable/disable the VLAN features
of equipment.
1-7
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
After the VLAN is disabled, the switch will not use VLAN ID during the packet exchange,
thereby losing the isolation function of VLAN domain.
Note that S3526E/S3526C switches support the command in S3500 series switches.
For the related commands, see display vlan.
Example
Note:
Currently, only Quidway S3552G/S3552P/S3528G/S3528P/S3552F Ethernet
Switches support the protocol-based VLAN configuration.
Syntax
View
Any view
Parameter
Description
Using the display protocol-vlan interface command, you can view the protocol
information and protocol index configured on the specific port, to which you can refer
when you use the protocol-based VLAN and add/delete a protocol.
For the related commands, see display interface.
1-8
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
Example
# Display the protocol information and protocol index configured on Ethernet0/1 and
Ethernet0/2.
[Quidway] display protocol-vlan interface ethernet0/1 to ethernet0/2
Interface: Ethernet0/1
VLAN ID Protocol-Index Protocol-type
50 1 ip 192.168.10.1 255.255.255.0
80 2 ip 101.120.34.0 255.255.0.0
100 1 ip 104.232.43.0 255.255.255.0
100 2 ipx ethernetii
Interface: Ethernet0/2
VLAN ID Protocol-Index Protocol-type
50 5 ipx raw
80 1 at
100 3 mode snap etype 0x0abc
100 5 mode llc dsap 0xac ssap 0xbd
Syntax
View
Any view
Parameter
vlan-id: Displays the protocol information of the specific VLAN, ranging from 1 to 4094.
all: Displays the protocol information of all VLANs.
Description
Using the display protocol-vlan vlan command, you can view the protocol
information and protocol index configured on a VLAN, to which you can refer when you
use the protocol-based VLAN and add/delete a protocol.
For the related commands, see display vlan.
Example
# Display the protocol information and protocol index configured on the VLANs from
VLAN10 to VLAN20
[Quidway] display protocol-vlan vlan 10 to 20
VLAN ID: 10
VLAN Type: Protocol-based VLAN
1-9
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
Protocol-Index Protocol-Type
1 IP 101.120.34.0/24
2 IP 104.232.43.0/24
3 IPX ETH II
4 AT
VLAN ID: 15
VLAN Type: Protocol-based VLAN
Protocol-Index Protocol-Type
1 ip 192.168.10.1 255.255.255.0
2 mode snap etype 0x0abc
……..
Syntax
View
Parameter
Description
Using the port hybrid protocol-vlan vlan command, you can associate a
protocol-based VLAN with the specified port. Using the undo port hybrid
protocol-vlan vlan command, you can delete the association between the port and the
protocol-based VLAN.
Note that only the Hybrid port supports this feature at present. The port must belong to
the VLAN before you associate it with the protocol-based VLAN. Otherwise, it cannot
be associated with the VLAN.
For the related commands, see display protocol-vlan interface.
Example
1-10
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
1.2.4 protocol-vlan
Syntax
View
VLAN view
Parameter
Description
Using the protocol-vlan command, you can configure a certain protocol type for the
specified VLAN. Using the undo protocol-vlan command, you can cancel this
configuration.
Note that the format of mode llc dsap ff ssap ff is the same as that of ipx raw, and the
system first matches ipx raw, so the configuration of vlan-type protocol mode llc
dsap ff ssap ff does not function.
For the related commands, see display protocol-vlan vlan.
1-11
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
Example
1-12
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display isolate-user-vlan command, you can view the mapping relationship
and the ports identifying the mapping relationship between isolate-user-vlan and
Secondary VLAN.
For the related command, see isolate-user-vlan enable, isolate-user-vlan.
Example
Vlan ID: 3
Vlan Type: static
Isolate-user-VLAN Type : Isolate-user-VLAN
Route Interface: not configured
Description: VLAN 0003
Tagged Ports: none
Untagged Ports:
Ethernet0/4 Ethernet0/8 Ethernet0/18
Vlan ID: 4
2-1
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Commands
Vlan ID: 5
Vlan Type: static
Private-vlan Type : Secondary
Route Interface: not configured
Description: VLAN 0005
Tagged Ports: none
Untagged Ports:
Ethernet0/4 Ethernet0/18
2.1.2 isolate-user-vlan
Syntax
View
System view
Parameter
Description
2-2
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Commands
Secondary VLAN is established. The actual operation include: add the ports of
isolate-user-vlan to every Secondary VLAN and add the ports of all Secondary VLANs
to isolate-user-vlan.
After undo command is run, the mapping relationship between isolate-user-vlan and
Secondary VLAN will be canceled. The actual operation include: delete the ports
included in isolate-user-vlan from Secondary VLAN and delete the ports included in
Secondary VLAN from isolate-user-vlan.
For the related command, see display isolate-user-vlan.
Example
Syntax
isolate-user-vlan enable
undo isolate-user-vlan enable
View
VLAN view
Parameter
None
Description
Using isolate-user-vlan enable command, you can configure the type of one VLAN as
isolate-user-vlan. Using undo isolate-user-vlan enable command, you can cancel the
isolate-user-vlan type of one VLAN.
By default, the type of the VLAN created by the user has not been specified.
isolate-user-vlan can contain many ports, including the uplink ports connected to other
switches. isolate-user-vlan and Trunk ports cannot be configured simultaneously, i.e., if
isolate-user-vlan is configured to the Ethernet switch, the Trunk port cannot be
configured. If the Trunk port is configured, then the isolate-user-vlan cannot be
configured.
For the related commands, see display isolate-user-vlan.
Example
2-3
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display garp statistics command, you can view the GARP statistics information,
including the number of received/sent packet and the number of discarded packet by
GVRP/GMRP etc.
Example
3-1
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display garp timer command, you can view the value of GARP timer, including
Hold timer, Join timer, Leave timer and LeaveAll timer.
For the related command, see garp timer, garp timer leaveall.
Example
Syntax
View
3-2
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Commands
Parameter
hold: GARP Hold timer. After received certain registration information, the GARP
application entity will not send Join Message at once, instead, it starts the Hold timer.
All the registration information received within duration of the Hold timer will be
transmitted in the same frame after the Hold timer times out, thereby saving the
bandwidth resource.
join: GARP Join timer. GARP application entity will send out Join message after the
Join timer goes timeout to make other GARP application entity register its own
information.
leave: GARP Leave timer . When a GARP application entity wants to deregister certain
attribute information, it sends Leave message. The GARP application entity received
the message will starts Leave timer. If the entity receives no Join message before the
timer goes timeout, it will deregister the attribute information.
timer_value: Value of GARP hold timer, join timer and leave timer in centisecond. The
step is 5 centiseconds. The range is according to the following rule: the value of Join
timer should be no less than the doubled value of Hold timer, and the value of Leave
timer should be greater than the doubled value of Join timer and smaller than the
Leaveall timer value, and the minimal value of Join timer is 10 centiseconds. By default,
Hold timer is 10 centiseconds, Join timer is 20 centiseconds, Leave timer is 60
centiseconds.
Description
Using garp timer command, you can configure GARP timer value. Using undo garp
timer command, you can restore the default value of GARP timer.
For the related command, see display garp timer.
Example
Syntax
View
System view
3-3
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Commands
Parameter
Description
Using garp timer leaveall command, you can configure GARP leaveall timer. Using
undo garp timer leaveall command, you can restore the default value.
After every GARP application entity is started, the LeaveAll timer will be started
simultaneously. The GARP application entity will send LeaveAll message after the
timer times out to make other application entities re-register all attribute information on
themselves. Then, the LeaveAll timer is started and the new cycle begins.
For the related command, see display garp timer.
Example
Syntax
View
User view
Parameter
Description
Using reset garp statistics command, you can reset the GARP statistics information
(such as the received/sent packets or discarded packets by GVRP/GMRP). If the
command has no parameter, it will clear the GARP statistics information of all the ports.
3-4
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Commands
Example
Syntax
View
Any view
Parameter
Description
Using display gvrp statistics command, you can view the GVRP statistics information
of all the Trunk ports, including the list of ports enabled with GVRP, GVRP status
information, failed GVRP registration entries and the last GVRP data unit origin etc.
Example
3-5
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display gvrp status command, you can view the global status information about
GVRP.
Example
3.2.3 gvrp
Syntax
gvrp
undo gvrp
View
Parameter
None
Description
Using gvrp command, you can enable GVRP. Using undo gvrp command, you can
restore the GVRP to default mode, i.e. disable GVRP.
By default, GVRP is disabled.
This command can be used to enable/disable global GVRP in System view or
enable/disable port GVRP in Ethernet port view.
Before enabling port GVRP, the user must enable global GVRP first and port GVRP
must be enabled/disabled on Trunk port.
3-6
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Commands
Example
Syntax
View
Parameter
fixed: Enable to create or register VLAN on the port manually and disable to register or
deregister VLAN dynamically.
forbidden: Deregisters all VLANs except VLAN 1 and disables to create or register any
other VLAN on the port.
normal: Enable to create, register and deregister VLAN on the port manually or
dynamically.
Description
Using gvrp registration command, you can configure GVRP registration type. Using
undo gvrp registration command, you can restore the default type.
By default, the registration type is normal.
This command can be only used on Trunk port.
For the related commands, see display gvrp statistics.
Example
3-7
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN Configuration Commands
Note:
Quidway S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E
FS/S3526C Ethernet switches support the super VLAN feature.
Syntax
View
Any view
Parameter
Description
Using display supervlan command, you can view the mapping relationship between
Super VLAN and Sub VLAN, and the ports identified mapping relationship super VLAN
and sub VLAN.
For the related commands, see supervlan, subvlan.
Example
# view the mapping relationship between Super VLAN and Sub VLAN.
[Quidway] display supervlan 2
Supervlan ID : 2
ARP proxy: enabled
Subvlan ID : 3-5
VLAN ID: 2
VLAN Type: static
It is a Super VLAN.
ARP proxy enabled.
4-1
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN Configuration Commands
VLAN ID: 3
VLAN Type: static
It is a Sub VLAN.
Route Interface: not configured
Description: VLAN 0003
Name: VLAN 0003
Broadcast MAX-ratio: 100%
Tagged Ports: none
Untagged Ports:
Ethernet0/3
VLAN ID: 4
VLAN Type: static
It is a Sub VLAN.
Route Interface: not configured
Description: VLAN 0004
Name: VLAN 0004
Broadcast MAX-ratio: 100%
Tagged Ports: none
Untagged Ports:
Ethernet0/4
VLAN ID: 5
VLAN Type: static
It is a Sub VLAN.
Route Interface: not configured
Description: VLAN 0005
Name: VLAN 0005
Broadcast MAX-ratio: 100%
Tagged Ports: none
Untagged Ports:
Ethernet0/5
4-2
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN Configuration Commands
4.1.2 subvlan
Syntax
subvlan sub-vlan-list
undo subvlan [sub-vlan-list ]
View
VLAN view
Parameter
vlan-list: vlan-list = { vlan-id1 [ to vlan-id2 ] } &<1-10> is the VLAN range joined by the
trunk port. It can be discrete. The vlan-id ranges from 1 to 4094. &<1-10> indicates that
the former parameter can be input 10 times repeatedly at most.
Description
Using subvlan commmand, you can establish the mapping relationship between sub
VLAN and super VLAN. Using undo subvlan commmand, you can cancel the mapping
relationship between sub VLAN and super VLAN.
Note that:
z The sub VLAN must exist before you creat mapping between the sub VLAN and
the super VLAN.
z After creating mapping between the sub VLAN and the super VLAN, you can still
add (or delete) Ethernet ports to (from) the sub VLAN.
z When using the undo subvlan command without parameter, you can remove the
mapping between the specific super VLAN and all sub VLANs associated to it. If
choosing the parameter, you can remove the mapping between the specific super
VLAN and the specific sub VLAN.
For the related commands, see display supervlan.
Example
# Establish the mapping relationship between sub VLAN 3, 4, 5, 9 and super VLAN 10.
[Quidway-vlan10] subvlan 3 to 5 9
4.1.3 supervlan
Syntax
supervlan
undo supervlan
4-3
Command Manual - VLAN
Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN Configuration Commands
View
VLAN view
Parameter
None
Description
Using supervlan commmand, you can set current VLAN to super VLAN. Using undo
supervlan commmand, you can cancel the super VLAN type of current VLAN.
For the related commands, see display supervlan.
Example
4-4
HUAWEI
Network Protocol
Table of Contents
i
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Table of Contents
iii
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Table of Contents
iv
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Commands
Syntax
display ip host
View
Any view
Parameter
None
Description
Using display ip host command, you can view all the host names and the
corresponding IP addresses.
Example
Syntax
View
Any view
Parameter
interface-type: Port type. Interface-number: Port number. See the description of the
interface command for details.
1-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Commands
Description
Using display ip interface command, you can view the information of an IP interface.
By default, the information about all the IP interfaces will be displayed if undo interface
is specified. This command outputs all the information related to IP on the interface,
which is useful for troubleshooting.
Example
1.1.3 ip address
Syntax
View
Parameter
Description
Using ip address command, you can configure an IP address for VLAN or LookBack
interface. Using undo ip address command, you can cancel an IP address of the
VLAN or LookBack interface
By default, all interfaces’ IP addresses are null.
Generally, it is enough to configure one IP address for an interface. You can also
configure 10 IP addresses for an interface at most, so that it can be connected to
1-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Commands
several subnets. Among these IP addresses, one is the primary IP address and all
others are secondary. The relationship between primary and secondary addresses is:
z When you configure a primary IP address for an interface, which already has a
primary IP address, the newly configured one will replace the old one.
z If you input undo ip address command without any parameter, the switch will
delete both primary and secondary IP address of an interface. undo ip address
[ ip-address { mask | mask-length } command can be used to delete the primary IP
address, while undo ip address [ ip-address { mask | mask-length } sub
command can be used to delete the secondary IP address.
Note that the VLAN interface cannot be configured with the secondary IP address if its
IP address is set to be allocated by BOOTP or DHCP.
For the related command, see display ip interface.
Example
1.1.4 ip host
Syntax
View
System view
Parameter
Description
Using ip host command, you can configure the host name and the host IP address.
Using undo ip host command, you can cancel the host name and the host IP address.
By default, Host name and corresponding IP address are null.
For the related command, see display ip host.
1-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Commands
Example
1-4
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Syntax
View
System view
Parameter
None
Description
Using arp check enable command, you can enable the checking of ARP entry, that is,
the device does not learn the ARP entry where the MAC address is multicast MAC
address. Using undo arp check enable command, you can disable the checking of
ARP entry, that is, the device learns the ARP entry where the MAC address is multicast
MAC address.
By default, the checking of ARP entry is enabled, that is, the device does not learn the
ARP entry where the MAC address is multicast MAC address.
Example
# Configure that the device learns the ARP entry where the MAC address is multicast
MAC address.
[Quidway] undo arp check enable
Syntax
View
2-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Parameter
Description
Using arp probe ip command, you can configure the IP address requiring ARP timed
probing. Using undo arp probe ip command, you can delete the IP address requiring
ARP timed probing.
By default, IP address requiring ARP timed probing is null.
In S3500 Series Ethernet Switches, only S3526, S3526 FM, S3526 FS supports this
command.
For the related command, see display arp probe.
Example
# Configure the IP address 202.38.10.2 requiring ARP timed probing on VLAN interface
1.
[Quidway-Vlan-interface1] arp probe ip 202.38.10.2
Syntax
View
System view
Parameter
Description
Using arp source-suppression cache command, you can configure the number of
source IP addresses to be suppressed. Using undo arp source-suppression cache
command, you can restore the number of source IP addresses to default.
For the related command, see display arp source-suppression.
In S3500 Series Ethernet Switches, only S3552G, S3552P, S3528G, S3528P and
S3552F supports this command.
Example
2-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Syntax
View
System view
Parameter
None
Description
Using arp source-suppression enable command, you can enable ARP source
address suppression. Using undo arp source-suppression enable command, you
can disable ARP source address suppression.
After ARP source address suppression is enabled, the system drops the packets with
the same source IP address on the port if a host on the network continuously sends the
IP packets whose destination IP address cannot be resolved and the traffic within five
seconds exceeds the predefined threshold. When the time interval (5 seconds) is
reached, the system resumes processing of IP packets. This feature can effectively
prevent malicious attacks.
By default, ARP source address suppression is not enabled.
In S3500 Series Ethernet Switches, only S3552G, S3552P, S3528G, S3528P and
S3552F supports this command.
For the related command, see display arp source-suppression.
Example
Syntax
2-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
View
System view
Parameter
limit-value: the maximum number of ARP requests within 5-second interval, ranging
from 2 to 1024. The default value is 10.
Description
Using arp source-suppression limit command, you can configure the maximum
number of ARP requests within 5-second interval. Using undo arp
source-suppression limit command, you can restore the maximum number of ARP
requests within 5 seconds to default.
For the related command, see display arp source-suppression.
In S3500 Series Ethernet Switches, only S3552G, S3552P, S3528G, S3528P and
S3552F supports this command.
Example
# Configure the maximum number of ARP requests within 5-second interval is 100.
[Quidway] arp source-suppression limit 100
Syntax
View
Parameter
time: Interval of ARP timed probing, which is in the range of 5 to 1200 seconds. By
default, the interval is 5 seconds.
Description
Using arp timer probe command, you can configure the ARP probing interval. Using
undo arp timer probe command, you can restore the default ARP probing interval.
In S3500 Series Ethernet Switches, only S3526, S3526 FM, S3526 FS supports this
command.
For the related command, see display arp probe.
2-4
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Example
Syntax
View
System view
Parameter
Description
Using arp static command, you can configure the static ARP mapping entries in an
ARP mapping table. Using undo arp static command, you can cancel a static ARP
mapping entry from the ARP table
By default, the mapping table of the system ARP is empty and the switch can maintain
its address mapping by means of dynamic ARP.
Note that:
z Static ARP map entry will be always valid as long as Ethernet switch works
normally. But if the VLAN corresponding ARP mapping entry is deleted, the ARP
mapping entry will be also deleted. The valid period of dynamic ARP map entries
will last only 20 minutes by default.
z The parameter vlan-id must be the ID of a VLAN that has been created by the user,
and the Ethernet port specified behind this parameter must belong to the VLAN.
For the related command, see reset arp, display arp, debugging arp.
2-5
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Example
# Associate the IP address 202.38.10.2 with the MAC address 00e0-fc01-0000, and the
ARP mapping entry belongs to the Ethernet port Ethernet0/1 on VLAN1.
[Quidway] arp static 202.38.0.10 00e0-fc01-0000 1 ethernet0/1
Syntax
View
System view
Parameter
aging-time: Aging time of dynamic ARP aging timer, which is in the range of 1 to 1440
minutes. By default, the aging time is 20 minutes.
Description
Using arp timer aging command, you can configure the dynamic ARP aging timer.
Using undo arp timer aging command, you can restore the default dynamic ARP
aging time.
For the related command, see display arp timer aging.
Example
Syntax
View
User view
Parameter
None
2-6
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Description
Using debugging arp packet command, you can enable ARP debugging. Using undo
debugging arp packet command, you can disable the corresponding ARP debugging.
By default, undo ARP debugging is enabled.
For the related command, see arp static, display arp.
Example
Field Description
Kind of ARP packets: 1 ARP request packet; 2 ARP reply
operation
packet
sender_eth_addr Ethernet address of the sender
Syntax
View
Any view
2-7
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Parameter
Description
Using display arp command, you can view the ARP mapping table.
For the related command, see arp static, reset arp, debugging arp.
Example
Field Description
IP Address IP address of the ARP mapping entry
MAC Address MAC address of the ARP mapping entry
VLAN ID VLAN to which the static ARP entry belongs
Syntax
View
Any view
Parameter
2-8
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Description
Using display arp probe command, you can view the ARP timed probing information,
including IP addresses requiring ARP probing and the probing interval.
In S3500 Series Ethernet Switches, only S3526, S3526 FM, S3526 FS supports this
command.
For the related commands, see arp probe ip, arp timer probe.
Example
Field Description
Interface Vlan-interface1 VLAN interface
Syntax
View
Any view
Parameter
None
Description
Using display arp source-suppression command, you can view ARP source
suppression information.
Example
2-9
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display arp timer aging command, you can view the current setting of the
dynamic ARP map aging timer.
For the related command, see arp timer aging.
Example
Syntax
View
User view
Parameter
2-10
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Description
Using reset arp command, you can reset the ARP mapping entries.
For the related command, see arp static, display arp.
Example
Note:
This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E,
S3526E FM, S3526E FS and S3526C in S3500 series switches.
Syntax
View
System view
Parameter
None
Description
Use the arp send-gratuitous enable command to enable gratuitous ARP packet
sending, thus checking for the IP address conflict.
Use the undo arp send-gratuitous enable command to disable this function.
By default, the gratuitous ARP packet sending is enabled.
Gratuitous ARP function is to implement the following functions by sending out
gratuitous ARP packets:
2-11
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
z By sending gratuitous ARP packets, network devices can figure out whether the IP
addresses of other devices conflict with its own.
z If the device which sends the gratuitous ARP packet changed its hardware
address (probably, it turns off, has its interface card changed, and then reboots),
this packet can make old hardware address in the cache of other devices update
accordingly.
Related command: gratuitous-arp-learning enable.
Example
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
View
System view
Parameter
None
Description
Example
2-12
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 ARP Proxy Configuration Commands
Syntax
View
Any view
Parameter
Description
Use the display arp proxy command to view the ARP proxy status: enabled or
disabled.
See arp proxy enable for related configuration.
Example
Syntax
View
Parameter
None
3-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 ARP Proxy Configuration Commands
Description
Use the arp proxy enable command to enable ARP proxy. Use the undo arp proxy
enable command to disable ARP proxy.
See display arp proxy for related configuration.
Example
3-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Client Configuration Commands
Note:
This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E,
S3526E FM, S3526E FS and S3526C in S3500 series switches.
Syntax
View
User view
Parameter
Description
Using the debugging dhcp client command, you can enable DHCP client debugging.
Using the undo debugging dhcp client command, you can disable DHCP client
debugging.
By default, all DHCP client debugging is disabled.
Example
4-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Client Configuration Commands
Syntax
View
Any view
Parameter
Description
Using the display dhcp client command, you can view detailed information about
address allocation at DHCP client.
Example
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
View
4-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Client Configuration Commands
Parameter
None
Description
Using the ip address dhcp-alloc command, you can configure VLAN interface to
obtain IP address using DHCP. Using the undo ip address dhcp-alloc command, you
can remove the configuration.
By default, the VLAN interface doest not obtain IP address using DHCP.
Example
4-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
Note:
This chapter only applies to S3526/S3526 FM/S3526 FS in S3500 series switches.
Syntax
address-check enable
address-check disable
View
Parameter
None
Description
Using address-check enable command, you can enable the security features of
DHCP relay and enable the user address validity check on VLAN interface. Using
address-check disable command, you can disable the security features of DHCP
relay and disable the user address validity check on VLAN interface.
By default, the switch disables DHCP security features function.
Example
Syntax
debugging dhcp-relay
undo debugging dhcp-relay
5-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
View
User view
Parameter
None
Description
Using debugging dhcp-relay command, you can enable DHCP relay debugging.
Using undo debugging dhcp-relay command, you can disable the DHCP relay
debugging.
By default, DHCP relay debugging is disabled.
For the related command, see dhcp-server ip, dhcp-server, display dhcp-server,
display dhcp-server interface vlan-interface.
Example
*0.7200230-DHCP-8-dhcp_debug:
From DHCP Server to client:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-ack
ClientHardAddress: 0010-dc19-695d
AllocatedIpAddress: 10.1.1.1
*0.7200580-DHCP-8-largehop:
Discard DHCP request packet because of too large hop count!
*0.7200725-DHCP-8-invalidpkt:
Wrong DHCP packet!
5-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
Field Description
Interface Virtual interface of VLAN performing DHCP Relay
ServerGroupNo DHCP Server group number for Relay
Type DHCP packet type for Relay
ClientHardAddress Hardware address of Client
ServerIpAddress IP address of DHCP Server
AllocatedIpAddress IP address allocated to Client
Syntax
View
System view
Parameter
Description
Using dhcp-security static command, you can configure a user IP address for DHCP
Server group. Using undo dhcp-security command, you can cancel a user IP address
of DHCP Server group.
You can use the display dhcp-security command to view the user configuration of
DHCP Server group before you change corresponding IP address of the DHCP Server
group.
For the related command, see display dhcp-security.
Example
# Configure the user IP address and MAC address of DHCP Server group as 1.1.1.1
and 0005-5D02-F2B3 respectively.
[Quidway] dhcp-security static 1.1.1.1 0005-5D02-F2B3
5-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
5.1.4 dhcp-server
Syntax
dhcp-server groupNo
undo dhcp-server
View
Parameter
Description
Using dhcp-server command, you can configure the native DHCP Server group of
VLAN interface. Using undo dhcp-server command, you can cancel the VLAN
interface from its native DHCP Server group.
For the related command, see dhcp-server ip, display dhcp-server, display
dhcp-server interface vlan-interface, debugging dhcp-relay.
Example
Syntax
dhcp-server detect
undo dhcp-server detect
View
System view
Parameter
None
Description
Using dhcp-server detect command, you can enable DHCP pseudo-server detection.
Using undo dhcp-server detect command, you can disable DHCP pseudo-server
detection.
5-4
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
Example
5.1.6 dhcp-server ip
Syntax
View
System view
Parameter
groupNo: DHCP Server group number; the valid groupNo ranges from 0 to 19.
ipaddress1: IP address of the master DHCP Server in the group.
ipaddress2: IP address of the slave DHCP Server in the group.
Description
Using dhcp-server ip command, you can configure the IP address of DHCP Server
adopted by the DHCP Server group. Using undo dhcp-server ip command, you can
cancel the IP addresses all the DHCP Servers in DHCP Server group.
For the related command, see dhcp-server, display dhcp-server, debugging
dhcp-relay.
Example
# Delete the IP addresses of the master/slave DHCP Server in DHCP Server group1.
[Quidway] undo dhcp-server 1
Syntax
View
Any view
5-5
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
Parameter
Description
Using display dhcp-security command, you can view all the IP addresses in valid
user address table of DHCP Server group.
Example
# Display all the IP addresses in valid user address table of DHCP Server group.
<Quidway>display dhcp-security
IP Address MAC Address IP Address Type
2.2.2.2 0005-5d02-f2b2 Static
3.3.3.3 0005-5d02-f2b3 Dynamic
--- 2 dhcp-security item(s) found ---
Field Description
IP Address IP address of the DHCP Server group
MAC Address User MAC address of DHCP Server group
Type of user address table entry, including dynamic address
IP Address Type
entry and static address entry
Syntax
View
Any view
Parameter
Description
Using display dhcp-server command, you can view the related information of DHCP
Server group.
For the related command, see dhcp-server ip, dhcp-server, display dhcp-server
interface vlan-interface, debugging dhcp-relay.
5-6
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
Example
Field Description
The first IP address of DHCP IP address of the master DHCP Server in DHCP
Server group 0 Server group 0
The second IP address of DHCP IP address of the slave DHCP Server in DHCP
Server group 0 Server group0
Number of packets that DHCP relay received
Messages from this server group
from this DHCP Server group
Number of packets that DHCP relay sends to
Messages to this server group
this DHCP Server group
Messages from clients to this Number of packets that DHCP relay receives
server group from client.
Messages from this server group Number of packets that DHCP relay sends to
to clients client
Number of OFFER packets received by DHCP
DHCP_OFFER messages
relay
Number of ACK packets received by DHCP
DHCP_ACK messages
relay
Number of NAK packets received by DHCP
DHCP_NAK messages
relay
Number of DECLINE packets received by
DHCP_DECLINE messages
DHCP relay
5-7
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
Field Description
Number of DISCOVER packets received by
DHCP_DISCOVER messages
DHCP relay.
Number of REQUEST packets received by
DHCP_REQUEST messages
DHCP relay
Number of INFORM packets received by DHCP
DHCP_INFORM messages
relay
Number of RELEASE packets received by
DHCP_RELEASE messages
DHCP relay
Syntax
View
Any view
Parameter
Description
Using display dhcp-server interface vlan-interface command, you can view the
information of the DHCP Server group corresponding to VLAN interface.
For the related command, see dhcp-server, display dhcp-server, debugging
dhcp-relay.
Example
The information shown above indicates that vlan-interface 2 is configured with a DHCP
Server group with ID as 0.
5-8
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Note:
This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E,
S3526E FM, S3526E FS and S3526C in S3500 series switches.
Syntax
dhcp enable
undo dhcp enable
View
System view
Parameter
None
Description
Using the dhcp enable command, you can enable the DHCP service. Using the undo
dhcp enable command, you can disable the DHCP service.
By default, the DHCP service is enabled.
Only after the DHCP service is enabled can other DHCP configurations take effect. This
configuration is essential to both DHCP server and DHCP relay.
Example
6-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Syntax
Following is the command for configuring in VLAN interface view how DHCP messages
are handled on the current VLAN interface:
dhcp select { global | interface | relay }
undo dhcp select
Following is the command for configuring in system view how DHCP messages are
handled on multiple VLAN interfaces:
dhcp select { global | interface | relay } { interface vlan-interface vlan_id [ to
vlan-interface vlan_id ] | all }
undo dhcp select { interface vlan-interface vlan_id [ to vlan-interface vlan_id ] | all }
View
Parameter
global: Configured to send DHCP messages to the local DHCP server where
addresses are to be allocated from a global address pool.
interface: Configured to send DHCP messages to the local DHCP server where
addresses are to be allocated from the appropriate VLAN interface address pool.
relay: Configured to relay DHCP messages to an external DHCP server where
addresses are to be allocated.
interface vlan-interface vlan_id [ to vlan-interface vlan_id ]: Specifies VLAN
interfaces.
all: All VLAN interfaces.
Description
Using the dhcp select command, you can configure how DHCP messages destined to
the current device are handled. Using the undo dhcp select command, you can
restore the default DHCP message handling method.
By default, DHCP message handling method is global, that is, DHCP messages
destined to the current device are sent to the local DHCP server where addresses are
to be allocated from a global address pool.
Example
# Allocate addresses selected from a global address pool on the local DHCP server to
the clients sending DHCP messages destined to the current device.
[Quidway-Vlan-interface1] dhcp select global
6-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Syntax
View
System view
Parameter
None
Description
Using the dhcp server detect command, you can enable pseudo-DHCP server
detection. Using the undo dhcp server detect command, you can disable the
function.
By default, pseudo-DHCP server detection is disabled.
Example
Syntax
View
User view
Parameter
6-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
packet: Debugging on the messages received and transmitted by the DHCP server as
well as the transmitted ping packets and the response status.
Description
Using the debugging dhcp server command, you can enable DHCP server
debugging. Using the undo debugging dhcp server command, you can disable
DHCP server debugging.
By default, DHCP server debugging is disabled.
Example
Syntax
Following is the command for configuring in VLAN interface view a DNS server address
list in the DHCP address pool on the current VLAN interface:
dhcp server dns-list ip-address [ ip-address ]
undo dhcp server dns-list { ip-address | all }
Following is the command for configuring in system view a DNS server address list in
DHCP address pools on multiple VLAN interfaces:
dhcp server dns-list ip-address [ ip-address ] { interface vlan-interface vlan_id [ to
vlan-interface vlan_id ] | all }
undo dhcp server dns-list { ip-address | all } { interface vlan-interface vlan_id [ to
vlan-interface vlan_id ] | all }
View
Parameter
Description
Using the dhcp server dns-list command, you can define a list of DNS server
addresses in one or multiple DHCP address pools on the specified VLAN interface(s).
6-4
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Using the undo dhcp server dns-list command, you can remove one or all DNS
server addresses from the DHCP address pool(s) on the current or multiple VLAN
interfaces.
By default, no DNS server address is configured.
If you configure DNS server list for multiple times, the latest DNS server list replaces
the previous one.
For the related command, see dns-list.
Example
# Assign the DNS server address 1.1.1.254 into the DHCP address pool on VLAN
interface 1.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] dhcp server dns-list 1.1.1.254
Syntax
Following is the command for configuring in VLAN interface view the domain name to
be allocated to the DHCP clients using the DHCP address pool on the current VLAN
interface:
dhcp server domain-name domain-name
undo dhcp server domain-name
Following is the command for configuring in system view the domain name to be
allocated to the DHCP clients using the DHCP address pools on multiple VLAN
interfaces:
dhcp server domain-name domain-name { interface vlan-interface vlan_id [ to
vlan-interface vlan_id ] | all }
undo dhcp server domain-name domain-name { interface vlan-interface vlan_id
[ to vlan-interface vlan_id ] | all }
View
Parameter
domain-name: Domain name to be allocated to the clients using the DHCP address
pool on the VLAN interface, which is a string of 3 to 50 characters.
interface vlan-interface vlan_id [ to vlan-interface vlan_id ]: Specifies VLAN
interfaces.
all: All VLAN interfaces.
6-5
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Description
Using the dhcp server domain-name command, you can specify the domain name to
be allocated to the clients using the DHCP address pool(s) on the specified VLAN
interface(s). Using the undo dhcp server domain-name command, you can delete
the domain name configuration of the DHCP address pool(s) on the specified VLAN
interface(s).
By default, no domain name of clients is configured.
For the related command, see domain-name.
Example
Syntax
Following is the command for configuring in VLAN interface view the address lease
duration to be adopted by the DHCP address pool on the current VLAN interface:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo dhcp server expired
Following is the command for configuring in system view the address lease duration to
be adopted by the DHCP address pools on multiple VLAN interfaces:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } { interface
vlan-interface vlan_id [ to vlan-interface vlan_id ] | all }
undo dhcp server expired { interface vlan-interface vlan_id [ to vlan-interface
vlan_id ] | all }
View
Parameter
6-6
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Description
Using the dhcp server expired command, you can specify the duration that addresses
in the specified VLAN interface DHCP address pool(s) can be leased. Using the undo
dhcp server expired command, you can restore the default duration that addresses in
the specified VLAN interface DHCP address pool(s) can be leased.
By default, address lease duration is one day.
For the related command, see expired.
Example
# IP addresses from the DHCP address pool on VLAN interface 1 can be leased for an
unlimited period.
[Quidway] interface vlan-interface 1
[Quidway-Vlan-interface1] dhcp server expired unlimited
Syntax
View
System view
Parameter
Description
Using the dhcp server forbidden-ip command, you can configure IP addresses
forbidden in automatic address allocation. Using the undo dhcp server forbidden-ip
command, you can cancel the configuration of addresses forbidden in automatic
address allocation.
By default, all IP addresses in address pools participate in automatic address
allocation.
For the related commands, see dhcp server ip-pool, network, static-bind
ip-address, and dhcp server static-bind.
6-7
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Example
Syntax
View
System view
Parameter
Description
Using the dhcp server ip-pool command, you can create a DHCP address pool and
access the DHCP address pool view. Using the undo dhcp server ip-pool command,
you can delete the specified address pool.
By default, no DHCP global address pool is created.
For the related command, see dhcp enable.
Example
Syntax
Following is the command for configuring in VLAN interface view a NetBIOS server
address list in the DHCP address pool on the current VLAN interface:
dhcp server nbns-list ip-address [ ip-address ]
undo dhcp server nbns-list { ip-address | all }
Following is the command for configuring in system view a NetBIOS server address list
in DHCP address pools on multiple VLAN interfaces:
6-8
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
View
Parameter
Description
Using the dhcp server nbns-list command, you can define a list of NetBIOS server
addresses in one or multiple VLAN interface DHCP address pools. Using the dhcp
server nbns-list command, you can remove one or all NetBIOS server addresses from
the VLAN interface DHCP address pool(s).
By default, no NetBIOS server address is configured.
If you configure NetBIOS server list for multiple times, the latest NetBIOS server list will
replace the previous one.
For the related commands, see nbns-list and dhcp server netbios-type.
Example
# Assign the NetBIOS server with the IP address 10.12.1.99 to the DHCP address pool
on VLAN interface 1.
[Quidway] interface vlan-interface 1
[Quidway-Vlan-interface1] dhcp server nbns-list 10.12.1.99
Syntax
Following is the command for configuring in VLAN interface view the NetBIOS node
type of the clients using the DHCP address pool on the current VLAN interface:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
undo dhcp server netbios-type
Following is the command for configuring in system view the NetBIOS node type of the
clients using the DHCP address pools on multiple VLAN interfaces:
6-9
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
View
Parameter
b-node: Broadcast mode where NetBIOS nodes get their hostname-IP maps through
broadcast.
p-node: Peer-to-peer mode, where NetBIOS nodes get their hostname-IP maps by
communicating with the NetBIOS server.
m-node: Mixed (m) mode, where NetBIOS nodes are p-nodes with the broadcast
feature.
h-node: Hybrid (h) mode, where NetBIOS nodes are b-nodes with the peer-to-peer
communications mechanism.
Description
Using the dhcp server netbios-type command, you can configure NetBIOS node type
of the clients using the specified VLAN interface DHCP address pool(s). Using the
undo dhcp server netbios-type command, you can delete the configuration of
NetBIOS node type in the specified VLAN interface DHCP address pool(s).
By default, clients are h-nodes.
For the related commands, see netbios-type and dhcp server nbns-list.
Example
# Specify clients using the DHCP address pool on VLAN interface 1 to be p-nodes.
[Quidway] interface vlan-interface 1
[Quidway-Vlan-interface1] dhcp server netbios-type p-node
Syntax
Following is the command for configuring in VLAN interface view a DHCP option for the
DHCP address pool on the current VLAN interface:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address
[ ip-address ] }
undo dhcp server option code
6-10
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Following is the command for configuring in system view a DHCP option for the DHCP
address pools on multiple VLAN interfaces:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address
[ ip-address ] } { interface vlan-interface vlan_id [ to vlan-interface vlan_id ] | all }
undo dhcp server option code { interface vlan-interface vlan_id [ to vlan-interface
vlan_id ] | all }
View
Parameter
Description
Using the dhcp server option command, you can configure a DHCP option for the
specified VLAN interface DHCP address pool(s). Using the undo dhcp server option
command, you can delete the DHCP option configured for the VLAN interface DHCP
address pool(s).
If you configure a DHCP option for multiple times, the latest one replaces the previous
one.
For the related command, see option.
Example
# Define the hexadecimal strings 0x11 and 0x22 with the code 100 in the DHCP
address pool on VLAN interface 1.
[Quidway] interface vlan-interface 1
[Quidway-Vlan-interface1] dhcp server option 100 hex 11 22
Syntax
6-11
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
View
System view
Parameter
packets number: The maximum number of ping packets allowed to be sent, which is in
the range of 0 (no ping attempt) to 10 and defaults to 2.
timeout milliseconds: The longest time period that the DHCP server waits for the
response to each ping packet, which is in the range of 0 to 10000 milliseconds and
defaults to 500 milliseconds.
Description
Using the dhcp server ping command, you can configure the maximum number of
ping packets that the DHCP server is allowed to send and the longest time period that it
waits for the response to each ping. Using the undo dhcp server ping command, you
can restore the default settings.
Example
# Allow the DHCP server to send up to ten ping packets and wait 500 milliseconds
(default) for the response to each ping.
[Quidway] dhcp server ping packets 10
Syntax
View
Parameter
ip-address: IP address in a static binding, a valid IP address selected from the address
pool on the current VLAN interface.
mac-address: MAC address in a static binding.
Description
Using the dhcp server static-bind command, you can configure a static address
binding in the DHCP address pool on the current VLAN interface. Using the undo dhcp
server static-bind command, you can remove the binding.
By default, no static address binding is configured in any VLAN interface address pool.
6-12
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
IP addresses and MAC addresses in all the static bindings on a VLAN interface must be
unique.
Example
# Statically bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1.
[Quidway-Vlan-interface1] dhcp server static-bind 10.1.1.1 0000-e03f-0305
Syntax
View
Any view
Parameter
Description
Using the display dhcp server conflict command, you can view the statistics
information about DHCP address conflict.
For the related command, see reset dhcp server conflict.
Example
Table 6-1 Description of the output information of display dhcp server conflict
Field Description
Address Conflicted IP address
Discover Time Time when the conflict is discovered
6-13
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using the display dhcp server expired command, you can view information of
expired leases in DHCP address pools. After all the available addresses in a DHCP
address pool are allocated, the DHCP server allocates addresses in the expired leases
to clients.
Example
Field Description
Global pool Information of expired address leases in global address pools
Information of expired address leases in VLAN interface
Interface pool
address pools
IP address IP address in a binding
Hardware address MAC address in a binding
Lease expiration Lease expiration time
6-14
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Field Description
Type Address binding type
Syntax
View
Any view
Parameter
None
Description
Using the display dhcp server free-ip command, you can view the ranges of available
addresses in DHCP address pools, that is, information of unallocated IP addresses.
Example
Syntax
View
Any view
Parameter
6-15
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Description
Using the display dhcp server ip-in-use command, you can view address bindings in
DHCP address pools.
For the related command, see reset dhcp server ip-in-use.
Example
Interface pool:
IP address Hardware address VlanId Lease expiration Type
6.6.6.1 00e0-fc00-1501 1 Feb 4 2005 07:00:49 AM Auto:COMMITTED
Field Description
Global pool Information of address bindings in global address pools
Information of address bindings in VLAN interface
Interface pool
address pools
Syntax
View
Any view
6-16
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Parameter
None
Description
Using the display dhcp server statistics command, you can view the statistics
information about the DHCP server.
For the related command, see reset dhcp server statistics.
Example
Field Description
Global Pool Statistics information about global address pools
Statistics information about VLAN interface address
Interface Pool
pools
6-17
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Field Description
Auto Number of automatic address bindings
Manual Number of manual address bindings
Expire Number of expired IP address leases
Boot Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Messages sent by the DHCP clients to server
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Boot Reply: 4
Dhcp Offer: 1
Messages sent by the DHCP server to clients
Dhcp Ack: 3
Dhcp Nak: 0
Syntax
View
Any view
Parameter
pool [ pool-name ]: Name of a global address pool. If no address pool is specified, all
the global address pools apply.
interface [ vlan-interface vlan_id ]: Specifies a per-interface DHCP address pool by
specifying VLAN interface. If no interface is specified, address pools on all VLAN
interfaces apply.
all: All DHCP address pools.
Description
Using the display dhcp server tree command, you can view the tree of DHCP address
pools.
Example
6-18
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Pool name: 6
static-bind ip-address 10.10.1.2 mask 255.0.0.0
static-bind mac-address 00e0-00fc-0001
Parent node:5
option 1 ip-address 255.255.0.
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 7
network 10.10.1.64 mask 255.255.255.192
PrevSibling node:5
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Field Description
Global pool Information about global address pools
6-19
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Field Description
static-bind ip-address
10.10.1.2 mask 255.0.0.0
Static IP-MAC address bindings
static-bind mac-address
00e0-00fc-0001
The child node of the current node is address pool
6.
The node in this position can be:
Child node, which is the child node (subnet) of the
current address pool
Parent node, which is the father node (natural
child node:6 network segment) of the current node
Sibling node, which is the next sibling node
(another subnet on the same natural network
segment). The order of sibling nodes depends on
the order in which they are configured.
PrevSibling node, which is the previous sibling
node of the current node
6.2.18 dns-list
Syntax
View
Parameter
6-20
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Description
Using the dns-list command, you can configure a list of DNS servers in a global DHCP
address pool. Using the undo dns-list command, you can remove one or all DNS
server addresses from the global address pool.
By default, no DNS server address is configured.
If you configure DNS server list for multiple times, the latest DNS server list replaces
the previous one.
For the related commands, see dhcp server dns-list and dhcp server ip-pool.
Example
# Assign the DNS server address 1.1.1.254 to global DHCP address pool 0.
[Quidway] dhcp server ip-pool 0
[Quidway-dhcp-0] dns-list 1.1.1.254
6.2.19 domain-name
Syntax
domain-name domain-name
undo domain-name
View
Parameter
domain-name: Domain name to be assigned to DHCP clients using the global DHCP
address pool, which is a string of 3 to 50 characters.
Description
Using the domain-name command, you can specify the domain name to be assigned
to clients using the DHCP address pool. Using the undo domain-name command, you
can delete the domain name configuration of the global DHCP address pool.
By default, no domain name is configured for clients.
For the related commands, see dhcp server ip-pool and dhcp server domain-name.
Example
6-21
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
6.2.20 expired
Syntax
View
Parameter
Description
Using the expired command, you can specify the duration that addresses in the global
DHCP address pool can be leased. Using the undo expired command, you can
restore the default address lease duration used by the DHCP address pools.
By default, address lease duration is one day.
The lease duration can be extended up to the year 2106.
For the related commands, see dhcp server ip-pool and dhcp server expired.
Example
# IP addresses from DHCP address pool 0 can be leased for 1 day, 2 hours, and 3
minutes.
[Quidway] dhcp server ip-pool 0
[Quidway-dhcp-0] expired day 1 hour 2 minute 3
6.2.21 gateway-list
Syntax
View
6-22
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Parameter
Description
Using the gateway-list command, you can configure a list of egress gateways for
DHCP clients by specifying their IP addresses. Using the undo gateway-list command,
you can delete one or all egress gateways for DHCP clients.
By default, no IP address of egress gateway is configured for clients.
If egress gateway list is configured for multiple times, the latest one will replace the
previous one.
Example
# Assign the egress gateway with the IP address 10.110.1.99 to global DHCP address
pool 0.
[Quidway] dhcp server ip-pool 0
[Quidway-dhcp-0] gateway-list 10.110.1.99
6.2.22 nbns-list
Syntax
View
Parameter
Description
Using the nbns-list command, you can configure a list of NetBIOS servers in a global
DHCP address pool. Using the undo nbns-list command, you can remove one or all
NetBIOS server addresses from the global address pool.
By default, no NetBIOS server address is configured.
If you configure NetBIOS server list for multiple times, the latest NetBIOS server list will
replace the previous one.
6-23
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
For the related commands, see dhcp server ip-pool, dhcp server nbns-list, and
netbios-type.
Example
# Assign the NetBIOS server address 10.12.1.99 to global DHCP address pool 0.
[Quidway] dhcp server ip-pool 0
[Quidway-dhcp-0] nbns-list 10.12.1.99
6.2.23 netbios-type
Syntax
View
Parameter
b-node: Broadcast mode where NetBIOS nodes get their hostname-IP maps through
broadcast.
p-node: Peer-to-peer mode, where NetBIOS nodes get their hostname-IP maps by
communicating with the NetBIOS server.
m-node: Mixed (m) mode, where NetBIOS nodes are p-nodes with the broadcast
feature.
h-node: Hybrid (h) mode, where NetBIOS nodes are b-nodes with the peer-to-peer
communications mechanism.
Description
Using the netbios-type command, you can configure NetBIOS node type of the clients
using the global DHCP address pool. Using the undo netbios-type command, you can
delete the configuration of NetBIOS node type in the global DHCP address pool.
By default, clients are h-nodes.
For the related commands, see dhcp server ip-pool, dhcp server netbios-byte, and
nbns-list.
Example
6-24
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
6.2.24 network
Syntax
View
Parameter
ip-address: IP address range used for dynamic allocation in the address pool.
mask netmask: Network mask of the IP address pool. If this parameter is not specified,
natural mask applies.
Description
Using the network command, you can configure an IP address range for dynamic
allocation. Using the undo network command, you can delete the configured IP
address range for dynamic allocation.
By default, no IP address range is configured for dynamic allocation.
Each DHCP address pool can have only one network segment. If the network
command is configured for multiple times, the latest configuration replaces the previous
one.
For the related commands, see dhcp server ip-pool and dhcp server forbidden-ip.
Example
6.2.25 option
Syntax
View
Parameter
6-25
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Description
Using the option command, you can define a DHCP option in the global DHCP
address pool. Using the undo option command, you can delete the DHCP option
configured in the DHCP address pool.
If you configure a DHCP option for multiple times, the latest one replaces the previous
one.
For the related commands, see dhcp server ip-pool and dhcp server option.
Example
# Define the hexadecimal strings 0x11 and 0x22 with the code 100 in the global DHCP
address pool.
[Quidway] dhcp server ip-pool 0
[Quidway-dhcp-0] option 100 hex 11 22
Syntax
View
User view
Parameter
ip-address: Clears the statistics information about address conflicts of the specified IP
address.
all: Clears statistics information of all address conflicts.
Description
Using the reset dhcp server conflict command, you can clear the statistics
information about DHCP address conflict.
For the related command, see display dhcp server conflict.
Example
6-26
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Syntax
View
User view
Parameter
Description
Using the reset dhcp server ip-in-use command, you can clear DHCP dynamic
address bindings information.
For the related command, see display dhcp server ip-in-use.
Example
Syntax
View
User view
Parameter
None
Description
Using the reset dhcp server statistics command, you can clear statistic information
about the DHCP server, including such information as the number of DHCP address
pools, automatic and manual address bindings and expired ones, and the number of
unknown messages, DHCP requests, and responses.
6-27
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Example
Syntax
View
Parameter
Description
Using the static-bind ip-address command, you can configure the IP address to be
used in a static binding. Using the undo static-bind ip-address command, you can
delete the IP address in a binding.
By default, no IP address is bound statically.
The commands static-bind ip-address and static-bind mac-address must be used
in pairs to statically bind an IP address with a MAC address.
For the related commands, see dhcp server ip-pool and static-bind mac-address.
Example
# Bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1 using the mask
255.255.255.0.
[Quidway-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[Quidway-dhcp-0] static-bind mac-address 0000-e03f-0305
Syntax
6-28
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
View
Parameter
Description
Using the static-bind mac-address command, you can configure the MAC address to
be used in a static binding. Using the undo static-bind mac-address command, you
can delete the MAC address in a binding.
By default, no MAC address is bound statically.
The commands static-bind mac-address and static-bind ip-address must be used
in pairs to statically bind a MAC address with an IP address.
For the related commands, see dhcp server ip-pool and static-bind ip-address.
Example
# Bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1 using the mask
255.255.255.0.
[Quidway-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[Quidway-dhcp-0] static-bind mac-address 0000-e03f-0305
Syntax
View
Parameter
None
Description
Use the address-check dhcp-relay enable command to activate the dynamic entries
generated by the DHCP relay.
Use the address-check dhcp-relay disable command to deactivate the dynamic
entries generated by the DHCP relay
6-29
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
By default, the dynamic entries generated by the DHCP relay are activated.
Only when the dynamic entries are activated, the corresponding devices can pass the
DHCP security check.
This configuration takes effect only when the DHCP security feature is enabled on the
VLAN interface.
Example
Syntax
View
Parameter
None
Description
6-30
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Example
# Inhibit unknown machines from passing through the DHCP security check on a VLAN
interface.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway] interface vlan-interface 1
[Quidway-Vlan-interface1] dhcp relay security address-check enable
[Quidway-Vlan-interface1] address-check no-matched enable
Syntax
View
User view
Parameter
Description
Using the debugging dhcp relay command, you can enable DHCP relay debugging.
Using the undo debugging dhcp relay command, you can disable DHCP relay
debugging.
By default, DHCP relay debugging is disabled.
Example
Syntax
6-31
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
View
Parameter
Description
Using the dhcp relay release command, you can send an IP address release request
to a DHCP server by using DHCP relay.
When no DHCP server is specified, the DHCP relay in system view sends release
requests to all the DHCP servers but in VLAN interface view only to the DHCP servers
on the VLAN interface.
After receiving an IP address release request from the DHCP relay, the DHCP server
releases the IP address from the IP-in-use address pool and moves it to the
lease-expired queue. Normally, this address will experience some time before
participating in allocation again. For the client, however, this address is not released
and will be used until its lease really expires.
Example
Syntax
View
Parameter
None
Description
Using the dhcp relay security address-check enable command, you can enable the
security feature of DHCP relay to check the validity of user addresses on the VLAN
6-32
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
interface. Using the dhcp relay security address-check disable command, you can
disable the security feature of DHCP relay and thus disable check on the validity of user
addresses on the VLAN interface.
By default, the security feature of DHCP relay is disabled on VLAN interfaces.
Example
Syntax
View
System view
Parameter
ip_address: IP address in an IP-MAC map entry for security check in DHCP relay.
mac_address: MAC address in the IP-MAC map entry for security check in DHCP relay.
Description
Using the dhcp relay security command, you can configure an IP-MAC map entry for
security check in DHCP relay. Using the undo dhcp relay security command, you can
delete an IP-MAC map entry for security check in DHCP relay.
For the related command, see display dhcprelay-security.
Example
# Map the IP address 1.1.1.1 to the MAC address 0005-5D02-F2B3 for security check
in DHCP relay.
[Quidway] dhcp relay security 1.1.1.1 0005-5D02-F2B3 static
Syntax
View
Any view
6-33
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Parameter
Description
Using the display dhcp relay address command, you can view the DHCP relay
address configuration on one or all VLAN interfaces.
For the related command, see ip relay address.
Example
# Display the DHCP relay address configurations of all the VLAN interfaces.
<Quidway> display dhcp relay address all
** Vlan-interface1 DHCP Relay Address **
Relay Address [0] : 10.1.1.1
Syntax
View
Any view
Parameter
None
Description
Using the display dhcp relay statistics command, you can view the statistics
information about DHCP relay.
Example
6-34
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using the display dhcprelay-security command, you can view information of address
map used for security check by DHCP relay.
Example
# Display information of the address map used for security check by DHCP relay.
<Quidway> display dhcprelay-security
IP Address MAC Address IP Address Type
1.1.1.1 00e0-0000-0000 Static
Syntax
Following is the command for configuring in VLAN interface view the DHCP server
address to which the current VLAN interface relays packets:
ip relay address ip-address
undo ip relay address { ip-address | all }
Following is the command for configuring in system view DHCP server address to
which multiple VLAN interfaces relay packets:
ip relay address ip-address { interface vlan-interface vlan_id [ to vlan-interface
vlan_id ] | all }
6-35
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
View
Parameter
Description
Using the ip relay address command, you can specify the DHCP server address to
which the specified VLAN interface(s) relay packets. Using the undo ip relay address
command, you can delete the configured DHCP server address to which the specified
VLAN interface(s) relay packets.
Example
# Configure the DHCP server address 202.38.1.2, to which VLAN interface 1 relays
packets.
[Quidway-Vlan-interface1] ip relay address 202.38.1.2
Syntax
View
System view
Parameter
None
Description
Using the ip relay address cycle command, you can enable DHCP servers to share
the load. Using the undo ip relay address cycle command, you can disable DHCP
servers to share the load.
By default, DHCP servers do not share the load and requests from DHCP clients are
only sent to the DHCP server configured first.
6-36
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Example
Syntax
View
User view
Parameter
None
Description
Using the reset dhcp relay statistics command, you can clear the statistics
information about DHCP relay.
For the related command, see display dhcp relay statistics.
Example
6-37
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 7 DHCP Snooping Configuration Commands
Note:
This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E,
S3526E FM, S3526E FS and S3526C in S3500 series switches.
Syntax
dhcp-snooping
undo dhcp-snooping
View
System view
Parameter
None
Description
Use the dhcp-snooping command to enable DHCP snooping function on the switch.
Use the undo dhcp-snooping command to disable this function.
By default, DHCP snooping function is not enabled.
Related command: display dhcp-snooping.
Note that:
You must first disable DHCP relay (no DHCP server is configured on any Layer 3 port)
before enabling DHCP snooping on the switch.
Example
7-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 7 DHCP Snooping Configuration Commands
Syntax
dhcp-snooping trust
undo dhcp-snooping trust
View
Parameter
None
Description
Using dhcp-snooping trust command, you can configure a trusted port. Using undo
dhcp-snooping trust command, you can restore the trusted port as distrusted.
By default, the switch ports are set as distrusted.
For the related command, see display dhcp-snooping trust.
Example
Syntax
display dhcp-snooping
View
Any view
Parameter
None.
Description
Use the display dhcp-snooping command to view the association table recorded by
DHCP snooping, including the user IP address allocated by the DHCP server, MAC
address, lease time of the IP address, VLAN where the switch port for the user belong.
7-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 7 DHCP Snooping Configuration Commands
Example
Field Description
Type Binding type
IP Address User IP address allocated by the DHCP server
MAC Address MAC address
Syntax
View
Any view
Parameter
None
Description
Using display dhcp-snooping trust command, you can view the status of the
DHCP-Snooping function and the information about the trusted ports.
For the related command, see dhcp-snooping trust.
Example
# Display the status of the DHCP-Snooping function and the information about the
trusted ports.
<Quidway> display dhcp-snooping trust
dhcp-snooping is enabled
7-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 7 DHCP Snooping Configuration Commands
Interface Trusted
=================================
Ethernet0/1 Trusted
7-4
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 8 BOOTP Client Configuration Commands
Note:
This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E,
S3526E FM, S3526E FS and S3526C in S3500 series switches.
Syntax
View
User view
Parameter
None
Description
Using the debugging bootp client command, you can enable BOOTP client
debugging. Using the undo debugging bootp client command, you can disable
BOOTP client debugging.
By default, BOOTP client debugging is disabled.
Example
Syntax
View
Any view
8-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 8 BOOTP Client Configuration Commands
Parameter
Description
Using the display bootp client command, you can view the information about BOOTP
client, including its MAC address and the applied IP address etc.
Example
Field Description
Vlan-interface1 Configure VLAN interface 1 to obtain IP address using BOOTP
Syntax
ip address bootp-alloc
undo ip address bootp-alloc
View
Parameter
None
Description
Using the ip address bootp-alloc command, you can configure VLAN interface to
obtain IP address using BOOTP. Using the undo ip address bootp-alloc command,
you can remove the configuration.
By default, the VLAN interface does not obtain IP address using BOOTP.
For the related command, see display bootp client.
8-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 8 BOOTP Client Configuration Commands
Example
8-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
Syntax
am enable
undo am enable
View
System view
Parameter
None
Description
Using am enable command, you can enable the access management function. Using
undo am enable command, you can disable the function.
By default, Access management function disabled.
When using the access management function, It is recommended to cancel the static
ARP configuration to ensure that the binding of IP address and Ethernet switch take
effect. If you have configured the static ARP for an IP address in the current port IP
address pool from some other port, the system will prompt to cancel the static ARP
setting.
Example
9.1.2 am ip-pool
Syntax
am ip-pool address-list
undo am ip-pool { all | address-list }
9-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
View
Parameter
Description
Using am ip-pool command, you can configure the IP address pool for access
management on a port. The packet whose source IP address is in the specified pool is
allowed to be forwarded on Layer 3 via the port of the switch. Using undo am ip-pool
command, you can cancel the access management IP pool of the port.
By default, All the IP address pools for access control on the port are null and all the
packets are permitted through.
Note that if the IP address pool to be configured contains the IP addresses configured
in the static ARP at other ports, then the system prompts you to delete the static ARP to
make the later binding effective.
Example
# Configure the access management IP address pool on Ethernet0/1 and permits the
addresses from 202.112.66.2 through 202.112.66.20 and the specified 202.112.65.1 to
access the port.
[Quidway-Ethernet0/1] am ip-pool 202.112.66.2 19 202.112.65.1
9.1.3 am isolate
Syntax
am isolate interface-list
undo am isolate interface-list
View
Parameter
interface-list: Specifies a list of ports isolated from the specified port in the
{ { interface-type interface-number | interface-name } [ to { interface-type
9-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
Description
Example
Syntax
am trap enable
undo am trap enable
View
System view
Parameter
None
Description
Using am trap enable command, you can enable the access management trap
function. Using undo am trap enable command, you can disable the access
management trap function.
By default, The access management trap disabled.
Example
9-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
9.1.5 am user-bind
Syntax
View
System view
Parameter
Description
Using am user-bind command, you can bind port, IP address and MAC address.
Using undo am user-bind command, you can remove the binding of port, IP address
and MAC address binding.
Note that:
z One MAC address or one IP address cannot be bound more than once.
z The maximum binding number is 128.
z Do not perform “Port+IP+MAC” and “Port+IP” on the same port.
z S3526E/S3526C switches support this command.
Example
9.1.6 display am
Syntax
display am [ interface-list ]
9-4
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
View
Any view
Parameter
interface-list: Specifies a list of ports isolated from the specified port in the
{ { interface-type interface-number | interface-name } [ to { interface-type
interface-number | interface-name } ] } &<1-10> format. interface-name: Specified the
port name, represented with interface-name= interface-type interface-number.
interface-type is port type and interface-number is port number. For details about
interface-type, interface-number and interface-name, refer to the Port Command
Manual. &<1-10> indicates the preceding parameter can be input up to 10 times.
Description
Using display am command, you can view the current access management
configurations on part or all of the ports.
Example
Field Description
Ethernet Port to be displayed
Status AM state on the port: enabled or disabled
IP pools. NULL represents no configuration. Each IP address
section is represented in X.X.X.X (number), of these, “X.X.X.X”
IP Pools represents the first address, and “number” represents that
“number” consecutive IP addresses from the beginning of this
address are within the IP pools
9-5
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display am user-bind command, you can view Port, IP address and MAC
address binding information.
Note that S3526E/S3526C switches support this command.
Example
Syntax
port-isolate enable
undo port-isolate enable
View
VLAN view
Parameter
None
9-6
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
Description
Using the port-isolate enable command, you can enable the Layer 2 isolation
between ports in the same VLAN.
Using the undo port-isolate enable command, you can to disable the Layer 2
isolation.
By default, the Layer 2 isolation between ports in the same VLAN is disabled, that is,
the Layer 2 forwarding is enabled between ports.
Note that the S3552G, S3552P, S3528G, S3528P, an S3552F support this command.
Example
Syntax
View
Parameter
vlan-id: ID of the VLAN to which the uplink port belongs, ranging from 1 to 4094.
Description
Using the port-isolate uplink-port vlan command, you can configure the port as an
uplink port.
Using the undo port-isolate uplink-port vlan command, you can cancel the
configuration.
By default, no uplink port is configured.
Note that:
z The S3552G, S3552P, S3528G, S3528P, and S3552F support this command.
z You can configure an uplink port only after you enable the Layer 2 isolation
between ports in the same VLAN.
z If the uplink port is the kind of trunk port, it is recommended configure the trunk
port to allow all the VLAN traffic to pass through and configure it to be the only
uplink port in the VLAN where the port isolation is enabled.
9-7
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
Example
9-8
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Syntax
display fib
View
Any view
Parameter
None
Description
Using display fib command, you can view the summary of the forwarding information
base. The information includes: destination address/mask length, next hop, current flag,
timestamp and outbound interface.
Example
Table 10-1 Description of the output information of the display fib command
Field Description
The flag options include:
B – Blackhole route
D – Dynamic route
G – Gateway route
Flag H – Local host route
S – Static route
U – Route in UP status
R – Unreachable route
L – Route generated by ARP or ESIS
10-1
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display icmp statistics command, you can view the statistics information about
ICMP packets.
For the related command, see display ip interface, reset ip statistics.
Example
Table 10-2 Description of the output information of the display icmp statistics
command
Field Description
bad formats Number of input packets in bad format
bad checksum Number of input packets with wrong checksum
echo Number of input/output echo request packets
10-2
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Field Description
Number of input/output packets with unreachable
destination unreachable
destination
source quench Number of input/output source quench packets
redirects Number of input/output redirected packets
echo reply Number of input/output echo reply packets
Number of input/output packets with parameter
parameter problem
problem
timestamp Number of input/output timestamp packets
information request Number of input information request packets
mask requests Number of input/output mask request packets
mask replies Number of input/output mask reply packets
information reply Number of output information reply packets
time exceeded Number of time exceeded packets
Syntax
View
Any view
Parameter
Description
Using the display ip socket command, you can display the information about the
sockets in the current system.
Example
10-3
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_PRIV SS_ASYNC
Field Description
SOCK_STREAM The socket type
Syntax
display ip statistics
View
Any view
10-4
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Parameter
None
Description
Using display ip statistics command, you can view the statistics information about IP
packets.
For the related command, see display ip interface, reset ip statistics.
Example
Table 10-4 Description of the output information of the display ip statistics command
Field Description
sum Sum of input packets
Number of received packets whose destination is
local
the local device
10-5
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Field Description
input Number of input fragments
output Number of output fragments
dropped Number of dropped fragments
Fragment:
fragmented Number of packets that are fragmented
couldn't
Number of packets that cannot be fragmented
fragment
Syntax
View
Any view
Parameter
None
Description
Using display tcp statistics command, you can view the statistics information about
TCP packets.
The statistics information about TCP packets are divided into two major kinds which are
Received packets and Sent packets. And each kind of packets are further divided into
different kinds such as window probe packets, window update packets, duplicate
packets, and out-of-order packets. Some statistics information that is closely related to
TCP connection, such as window probe packets, window update packets, and data
packets retransmitted is also displayed. All these displayed information are measured
in packet.
For the related commands, see display tcp status, reset tcp statistics.
Example
10-6
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Sent packets:
Total: 665
urgent packets: 0
control packets: 5 (including 1 RST)
window probe packets: 0, window update packets: 2
data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes)
ACK-only packets: 40 (28 delayed)
Syntax
View
Any view
Parameter
None
Description
Using display tcp status command, you can view the TCP connection state.
Example
10-7
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Field Description
Local Add: port Local IP address: local port
Foreign Add: port Remote IP address; remote port
State State of the TCP link
Syntax
reset ip statistics
View
User view
Parameter
None
Description
Using reset ip statistics command, you can reset the IP statistics information.
For the related commands, see display ip interface, display ip statistics.
Example
Syntax
View
User view
Parameter
None
10-8
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Description
Using reset tcp statistics command, you can reset the TCP statistics information.
For the related command, see display tcp statistics.
Example
Syntax
View
System view
Parameter
time-value: TCP finwait timer value in second, with the value ranging from 76 to 3600;
By default, 675 seconds.
Description
Using tcp timer fin-timeout command, you can configure the TCP finwait timer. Using
undo tcp timer fin-timeout command, you can restore the default value of the TCP
finwait timer.
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the
finwait timer is enabled. If the switch does not receive FIN packet before finwait timer
timeouts, the TCP connection will be terminated.
For the related command, see tcp timer syn-timeout, tcp window.
Example
Syntax
10-9
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
View
System view
Parameter
time-value: TCP synwait timer value measured in second, whose value ranges from 2
to 600. The default time-value is75 seconds.
Description
Using tcp timer syn-timeout command, you can configure the TCP synwait timer.
Using undo tcp timer syn-timeout command, you can restore the default value of the
timer.
TCP will enable the synwait timer, if a SYN packet is sent. The TCP connection will be
terminated If the response packet is not received.
For the related command, see tcp timer fin-timeout, tcp window.
Example
Syntax
View
System view
Parameter
window-size: The size of the transmission and receiving buffers measured in kilobytes
(KB), whose value ranges from 1 to 32. By default, the window-size is 8KB.
Description
Using tcp window command, you can configure the size of the transmission and
receiving buffers of the connection-oriented Socket. Using undo tcp window
command, you can restore the default size of the buffer.
For the related command, see tcp timer fin-timeout, tcp timer syn-timeout.
Example
10-10
Command Manual - Network Protocol
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
10-11
HUAWEI
Routing Protocol
Table of Contents
i
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Table of Contents
iii
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Table of Contents
iv
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Table of Contents
v
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Note:
When an Ethernet switch runs a routing protocol, it can perform the router functions.
Router that is referred to in the following and its icon represent a generalized router or
an Ethernet switch running routing protocols. To improve readability, this will not be
described in the other parts of the manual.
Syntax
display ip routing-table
View
Any view
Parameter
None
Description
Using display ip routing-table command, you can view the routing table summary.
This command displays routing table information in summary form. Each line
represents one route. The contents include destination address/mask length, protocol,
preference, metric, next hop and output interface.
Only current used route, i.e., best route, is displayed using display ip routing-table
command.
Example
1-1
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Field Description
Destination/Mask Destination address/Mask length
Protocol Routing protocol
Pre Routing preference
Cost Cost
Nexthop Next hop address
Output interface, through which the data packet destined for
Interface
the destination network segment is sent
Syntax
View
Any view
Parameter
Description
Using display ip routing-table acl command, you can view the route filtered through
specified basic access control list (ACL).
This command is used in track display of route policy to display the route that passed
the filtering rule according the input basic ACL number or name.
The command is only applicable to display the route that passed basic ACL filtering
rules.
1-2
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Example
# Display the summary of active routes that are filtered through basic acl 2000.
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[Quidway-acl-basic-2000] rule deny source any
[Quidway-acl-basic-2000] display ip routing-table acl 2000
Routes matched by access-list 2000:
Summary count: 4
Destination/Mask Protocol Pre Cost Nexthop Interface
10.1.1.0/24 DIRECT 0 0 10.1.1.2 Vlan-interface1
10.1.1.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0
Summary count: 2
Field Description
Destination Destination address
Mask Mask
1-3
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Field Description
Protocol Routing protocol
Preference Routing preference
Nexthop Next hop address
Output interface, through which the data packet destined for the
Interface
destination network segment is sent
Vlinkindex Virtual link index
1-4
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Field Description
Route state description:
ActiveU The route is selected and is optimum
Blackhole route is similar to Reject route, but it will not
Blackhole
send the ICMP unreachable message to the source end
Delete The route is deleted
Gateway Identifies that the route is not an interface route
The route exists, but it is unavailable temporarily for
some reasons (e.g., configured policy or interface is
Hidden
Down). Moreover, you do not wish to delete it. Therefore,
you need to hide it, so as to restore it again later
When the routes from the routing table are deleted, the
routes with Retain flag will not be deleted. Using this
Retain
function you can set Retain flag for some static routes, so
that they can exist in the core routing table.
The route with Static flag will not be cleared from the
routing table after you save it and reboot the router.
Static
Generally, the static route configured manually in the
router belongs to a Static route.
1-5
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display ip routing-table ip_address command, you can view the routing
information of the specified destination address.
With different parameters, the output of command is different. The following is the
output description for different forms of this command:
z display ip routing-table ip_address
If destination address, ip_address, has corresponding route in natural mask range, this
command will display all subnet routes or only the route best matching the destination
address, ip_address, is displayed. And only the active matching route is displayed.
z display ip routing-table ip_address mask,
This command only displays the route fully matching with specified destination address
and mask.
z display ip routing-table ip_address longer-match
This command displays all destination address route matching with destination
address in natural mask range.
Example
1-6
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
# There are corresponding routes in the natural mask range. Display the detailed
information.
<Quidway> display ip routing-table 169.0.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, # = Both * = Next hop in use
Summary count:2
**Destination: 169.0.0.0 Mask: 255.0.0.0
Protocol: #Static Preference: 60
*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Cost: 0/0
**Destination: 169.0.0.0 Mask: 255.254.0.0
Protocol: #Static Preference: 60
*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Cost: 0/0
# There are no corresponding routes in the natural mask range (only displaying the
longest matched route). Display the detailed information.
<Quidway> display ip routing-table 169.253.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, # = Both * = Next hop in use
Summary count:2
**Destination: 169.0.0.0 Mask: 255.0.0.0
Protocol: #Static Preference: 60
*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Cost: 0/0
**Destination: 169.0.0.0 Mask: 255.254.0.0
Protocol: #Static Preference: 60
*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
1-7
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Syntax
View
Any view
Parameter
Description
Example
1-8
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display ip routing-table ip-prefix command, you can view the route information
that passed the filtering rule according the input ip prefix list name.
If there is no specified address prefix list, this command will display the verbose
information of all active and inactive routes with the parameter verbose and it will
display the summary of all active routes without the parameter verbose.
Example
# Display the summary of the active route that is filtered ip prefix list abc2.
[Quidway] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32
[Quidway] display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 2
Destination/Mask Protocol Pre Cost Nexthop Interface
10.1.1.0/24 DIRECT 0 0 10.1.1.2 Vlan-interface1
10.1.1.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0
Summary count: 2
1-9
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Syntax
View
Any view
Parameter
inactive: With the parameter, this command displays the inactive route information.
Without the parameter, this command displays the active and inactive route
information.
verbose: With the verbose parameter, this command displays the verbose route
information. Without the parameter, this command displays the route summary.
protocol: the parameter has multiple selectable values:
z direct: Display direct connection route information
z static: Display the static route information.
z bgp: Display BGP route information.
z ospf: Display OSPF route information.
z ospf-ase: Display OSPF ASE route information.
z ospf-nssa: Display OSPF NSSA route information.
z rip: Display RIP route information.
Description
Using display ip routing-table protocol command, you can view the route information
of specified protocol.
1-10
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Example
Syntax
View
Any view
Parameter
None
1-11
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Description
Using display ip routing-table radix command, you can view the route information in
a tree structure.
Example
Field Description
INET Address suite
Syntax
View
Any view
Parameter
None
Description
Using display ip routing-table statistics command, you can view the statistics of
routing information.
The statistics of routing information includes total route amount, the route amount
added or deleted by protocol, amount of the routes that are labeled deleted but not
deleted, the active route amount and inactive route amount.
1-12
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Example
Field Description
Proto Routing protocol
Syntax
View
Any view
Parameter
None
1-13
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Description
Using display ip routing-table verbose command, you can view the verbose routing
table information.
With the verbose parameter, this command displays the verbose routing table
information. The descriptor describing the route state will be displayed first, then the
statistics of the entire routing table will be output and finally the verbose description of
each route will be output.
All current routes, including inactive route and invalid route, can be displayed using
display ip routing-table verbose command.
Example
Destinations: 4 Routes: 4
Holddown: 0 Delete: 0 Hidden: 0
1-14
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
First, display statistics of the whole routing table and then output detailed information of
every route entry in turn. The meaning of route status is shown in Table 1-2, and the
statistics of routing table is shown in the following table.
Field Description
Holddown Number of held-down routes
Delete Number of deleted routes
Hidden Number of hidden routes
Syntax
View
system view
Parameter
1-15
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Description
Using ip route-static command, you can configure a static route. Using undo ip
route-static command, you can delete the configured static route.
By default, the system can obtain the sub-net route directly connected with the router.
When configuring a static route, the default preference is 60. You can change the
default preference value of the static routes to be configured by using the command ip
route-static default-preference. If it is not specified as reject or blackhole, the route
will be reachable by default.
A static route is a special route. You can set up an interconnecting network with the
static route configuration. The problem for such configuration is when a fault occurs to
the network, the static route cannot change automatically to steer away from the node
causing the fault, if without the help of an administrator.
In a relatively simple network, you only need to configure the static routes to make the
router work normally. The proper configuration and usage of the static route can
improve the network performance and ensure the bandwidth of the important
applications.
All the following routes are static routes:
z Reachable route: A normal route is of this type. That is, the IP packet is sent to the
next hop via the route marked by the destination. It is a common type of static
routes.
z Unreachable route: When a static route to a destination has the "reject" attribute,
all the IP packets to this destination will be discarded, and the originating host will
be informed destination unreachable.
z Blackhole route: If a static route to a destination has the "blackhole" attribute, the
outgoing interface of this route is the Null 0 interface regardless of the next hop
address, and any IP packets addressed to this destination are dropped without
notifying the source host.
The attributes "reject" and "blackhole" are usually used to control the range of
reachable destinations of this router, and help troubleshooting the network.
Precautions when configuring static route:
z You cannot specify an interface address of the local switch as the next hop
address of an static route.
z In addition, when the destination IP address and the mask are both 0.0.0.0, it is the
configured default route. If it is failed to detect the routing table, a packet will be
forwarded along the default route.
z For different configuration of preference level, flexible routing management policy
can be adopted.
For the related commands, see display ip routing-table, delete static-routes all and
ip route-static default-preference.
1-16
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Example
Syntax
View
System view
Parameter
Description
Example
1-17
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Note:
When an Ethernet switch runs a routing protocol, it can perform the router functions.
Router that is referred to in the following and its icon represent a generalized router or
an Ethernet switch running routing protocols. To improve readability, this will not be
described in the other parts of the manual.
Syntax
checkzero
undo checkzero
View
RIP view
Parameter
None
Description
Using checkzero command, you can check the zero field of RIP-1 packet. Using undo
checkzero command, you can disable the checking of the zero fields.
By default, RIP-1 performs the zero field checking.
According to the protocol (RFC1058) specifications, some fields in RIP-1 packets must
be zero, called zero fields. With the checkzero command, the zero check operation of
RIP-1 can be enabled or disabled. During the zero check operation, if the RIP-1 packet
in which the zero fields are not zeros is received, it will be rejected.
This command is ineffective to RIP-2 since RIP-2 packets have no zero fields.
Example
2-1
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Syntax
View
RIP view
Parameter
value: the default routing cost to be set, ranging from 1 to 16. The default value is 1.
Description
Using default cost command, you can set the default routing cost of an imported route.
Using undo default cost command, you can restore the default value.
If no specific routing cost is specified when importing the route of another routing
protocol with the import-route command, the importing will be performed with the
default routing cost specified with the default cost command.
For the related commands, see import-route.
Example
# Set the default routing cost of the imported route of another routing protocol to 3.
[Quidway-rip] default cost 3
Syntax
display rip
View
Any view
Parameter
None
Description
Using display rip command, you can view the current RIP running state and its
configuration information.
Example
# Display the current running state and configuration information of the RIP.
2-2
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Field Description
RIP is turned on RIP is active
Checkzero is on Enable zero field checking
Default cost : 1 The default route cost is 1
Summary is on Routes are summarized automatically
Syntax
View
RIP view
Parameter
acl-number: Access control list number used for filtering the destination addresses of
the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination addresses
of the routing information.
route-policy-name: Route policy name that filters routing information. After enabling
RIP protocol, you can determine which routes are to be sent/received based on
acl/cost/interface/ip/ip-prefix/tag fields.
2-3
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Description
Using filter-policy export command, you can configure to filter the advertised routing
information by RIP. Using undo filter-policy export command, you can configure not
to filter the advertised routing information.
By default, RIP does not filter the advertised routing information.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be advertised. Only the routing
information passing the filtration can be advertised.
For the related commands, see acl, filter-policy import, ip ip-prefix.
Example
Syntax
View
RIP view
Parameter
acl-number: Access control list number used for filtering the destination addresses of
the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination addresses
of the routing information.
gateway ip-prefix-name: Name of address prefix list used for filtering the addresses of
the neighboring routers advertising the routing information.
2-4
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
route-policy-name: Route policy name that filters routing information. After enabling
RIP protocol, you can determine which routes are to be sent/received based on
acl/cost/interface/ip/ip-prefix/tag fields.
Description
Using filter-policy gateway import command, you can configure to filter the received
routing information distributed from the specified address. Using undo filter-policy
gateway import command, you can configure not to filter the received routing
information distributed from the specified address.
Using filter-policy import command, you can configure the filtering to the received
global routing information. Using undo filter-policy import command, you can disable
filtering to the received global routing information
By default, RIP does not filter the received routing information.
For the related commands, see acl, filter-policy export, ip ip-prefix.
Example
# Configure the filtering of the global routing information according to acl 2000.
[Quidway-rip] filter-policy 2000 import
2.1.6 host-route
Syntax
host-route
undo host-route
View
RIP view
Parameter
None
Description
Using host-route command, you can control the RIP to accept the host route. Using
undo host-route command, you can reject the host route.
By default, RIP accepts the host route.
In some special cases, RIP receives a great number of host routes in the same network
segment. These routes cannot help the path searching much but occupy a lot of
resources. In this case, the undo host-route command can be used to reject a host
route.
2-5
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Example
2.1.7 import-route
Syntax
View
RIP view
Parameter
protocol: Specify the source routing protocol to be imported by RIP. At present, RIP can
import the following routes: direct, bgp, ospf, ospf-ase, ospf-nssa and static.
value: Cost value of the route to be imported.
route-policy route-policy-name: Configure to import the route matching the condition
of the specified Route-policy only.
Description
Using import-route command, you can import the routes of other protocols into RIP.
Using undo import-route command, you can cancel the routes imported from other
protocols.
By default, RIP does not import any other route.
The import-route command is used to import the route of another protocol by using a
certain cost value. RIP regards the imported route as its own route and transmits it with
the specified cost value. This command can greatly enhance the RIP capability of
obtaining routes, thus increases the RIP performance.
If the cost value is not specified, routes will be imported according to the default cost
ranging from 1 to 16. If the imported route cost value is 16, then RIP continues to
announce this cost to other routers running RIP, and marks this route with HOLDDOWN.
However, this router can still forward packets until the Garbage Collection timer times
out (defaults to 120 seconds).
For the related commands, see default cost.
Example
2-6
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
# Set the default cost and import an OSPF route with the default cost.
[Quidway-rip] default cost 3
[Quidway-rip] import-route ospf
2.1.8 network
Syntax
network network-address
undo network network-address
View
RIP view
Parameter
Description
Using network command, you can enable Routing Information Protocol (RIP) for the
specified network connected to the router. Using undo network command, you can
disable the RIP on the interface.
By default, RIP is disabled on any interface.
After enabling RIP, RIP at a certain interface must be enabled with the network
command, since RIP works only on the interface of specified network segment. RIP
won’t receive or forward route on interfaces of non-specified network segments.
The undo network command is similar to the undo rip work command in terms of
function. But they are not identical. Their similarity is that the interface using either
command will not receive/transmit RIP routes. The difference between them is that, in
the case of undo rip work , other interfaces will still forward the routes of the interface
using the undo rip work command. In the case of undo network, other interfaces will
not forward the routes of the interface using this command and it seems that the
interface disappeared.
When the network command is used on an address, the effect is that the interface on
the network segment at this address is enabled. For example, the results of viewing the
network 129.102.1.1 with both the display current-configuration command and the
display rip command are shown as the network 129.102.0.0.
For the related commands, see rip work .
Example
# Enable the RIP on the interface with the network address as 129.102.0.0.
2-7
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
2.1.9 peer
Syntax
peer ip-address
undo peer ip-address
View
RIP view
Parameter
ip-address: The interface IP address of the peer router, represented in the format of
dotted decimal.
Description
Using peer command, you can configure the sending destination address of the peer
device. Using undo peer command, you can cancel the set destination address.
By default, do not send RIP packet to any destination.
RIP exchanges routing information with non-broadcasting networks in unicast view.
This command specifies the sending destination address to fit some non-broadcast
networks. Usually, it is not recommended to use this command.
Example
2.1.10 preference
Syntax
preference value
undo preference
View
RIP view
Parameter
value: Preference level, ranging from 1 to 255. By default, the value is 100.
2-8
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Description
Using preference command, you can configure the route preference of RIP. Using
undo preference command, you can restore the default preference.
Every routing protocol has its own preference. Its default value is determined by the
specific routing policy. The preference will finally determine the routing algorithm to
obtain the optimal route in the IP routing table. This command can be used to modify
the RIP preference manually.
Example
2.1.11 reset
Syntax
reset
View
RIP view
Parameter
None
Description
Using reset command, you can reset the system configuration parameters of RIP.
When you need to re-configure parameters of RIP, this command can be used to
restore to the default setting.
Example
2.1.12 rip
Syntax
rip
undo rip
View
system view
2-9
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Parameter
None
Description
Using rip command, you can enable the RIP and enter the RIP view. Using undo rip
command, you can disable RIP.
By default, the system does not run RIP.
To enter the RIP view to configure various RIP global parameters, RIP should be
enabled first. Whereas the configuration of parameters related to the interfaces is not
restricted by enabling/disabling RIP.
Note:
Note that the interface parameters configured previously would be invalid when RIP is
disabled.
Example
Syntax
View
Interface view
Parameter
2-10
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
nonstandard: Specify the MD5 cipher text authentication packet to use a nonstandard
packet format described in RFC2082.
key-id: MD5 cipher text authentication identifier, ranging from 1 to 255.
key-string: MD5 authentication key. If it is input in a plain text form, MD5 key is a
character string not exceeding 16 characters. And it will be displayed in a cipher text
form in a length of 24 characters when display current-configuration command is
executed. Inputting the MD5 key in a cipher text form with 24 characters long is also
supported.
Description
Example
# Specify Interface Vlan-interface 1 to use the simple authentication with the key as
aaa.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] rip version 2
[Quidway-Vlan-interface1] rip authentication-mode simple aaa
# Set MD5 authentication at Vlan-interface 1 with the key string as aaa and the packet
type as usual.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] rip version 2
[Quidway-Vlan-interface1] rip authentication-mode md5 usual aaa
Syntax
rip input
undo rip input
2-11
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
View
Interface view
Parameter
None
Description
Using rip input command, you can allow an interface to receive RIP packets. Using
undo rip input command, you can disable an interface to receive RIP packets.
By default, all interfaces except loopback interfaces are enabled to receive RIP
packets.
This command is used in cooperation with the other two commands: rip output and rip
work . Functionally, rip work is equivalent to rip input & rip output. The latter two
control the receipt and the transmission of RIP packets respectively on an interface.
The former command equals the functional combination of the latter two commands.
For the related commands, see rip output, rip work .
Example
Syntax
View
Interface view
Parameter
value: Additional route metric added when receiving a packet, ranging from 0 to 16. By
default, the value is 0.
Description
Using rip metricin command, you can configure the additional route metric added to
the route when an interface receives RIP packets. Using undo rip metricin command,
you can restore the default value of this additional route metric.
For the related commands, see rip metricout.
2-12
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Example
# Specify the additional route metric to 2 when the interface Vlan-interface 1 receives
RIP packets.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] rip metricin 2
Syntax
View
Interface view
Parameter
value: Additional route metric added when transmitting a packet, ranging from 1 to 16.
By default, the value is 1.
Description
Using rip metricout command, you can configure the additional route metric to the
route when an interface transmits RIP packets. Using undo rip metricout command,
you can restore the default value of this additional route metric.
For the related commands, see rip metricin.
Example
# Set the additional route metric to 2 when the interface Vlan-interface 1 transmits RIP
packets.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] rip metricout 2
Syntax
rip output
undo rip output
View
Interface view
2-13
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Parameter
None
Description
Using rip output command, you can allow an interface to transmit RIP packets to the
external. Using undo rip output command, you can disable an interface to transmit
RIP packets to the external.
By default, all interfaces except loopback interfaces are enabled to transmit RIP
packets to the external.
This command is used in cooperation with the other two commands: rip input and rip
work . Functionally, rip work is equivalent to rip input & rip output. The latter two
control the receipt and the transmission of RIP packets respectively on an interface.
The former command equals the functional combination of the latter two commands.
For the related commands, see rip input, rip work .
Example
Syntax
rip split-horizon
undo rip split-horizon
View
Interface view
Parameter
None
Description
Using rip split-horizon command, you can configure an interface to use split horizon
when transmitting RIP packets. Using undo rip split-horizon command, you can
configure an interface not to use split horizon when transmitting RIP packets.
By default, an interface is enabled to use split horizon when transmitting RIP packets.
Normally, split horizon is necessary for reducing route loop. Only in some special cases,
split horizon should be disabled to ensure the correct execution of protocols.
2-14
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Example
# Specify the interface Vlan-interface 1 not to use split horizon when processing RIP
packets.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] undo rip split-horizon
Syntax
rip version 1
rip version 2 [ broadcast | multicast ]
undo rip version
View
Interface view
Parameter
Description
Using rip version command, you can configure the version of RIP packets on an
interface. Using undo rip version command, you can restore the default value of RIP
packet version on the interface.
By default, the interface RIP version is RIP-1. RIP-1 transmits packets in broadcast
mode, while RIP-2 transmits packets in multicast mode by default.
When running RIP-1, the interface only receives and transmits RIP-1 broadcast
packets, and receives RIP-2 broadcast packets, but does not receive RIP-2 multicast
packets. When running RIP-2 in broadcast mode, the interface only receives and
transmits RIP-2 broadcast packets, receives RIP-1 packets and RIP-2 multicast
packets. When running RIP-2 in multicast mode, the interface only receives and
transmits RIP-2 multicast packets, receives RIP-2 broadcast packets, but does not
receive RIP-1 packets.
Example
2-15
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Syntax
rip work
undo rip work
View
Interface view
Parameter
None
Description
Using rip work command, you can enable the running of RIP on an interface. Using
undo rip work command, you can disable the running of RIP on an interface.
By default, RIP is run on an interface.
This command is used in cooperation with rip input, rip output and network
commands. Refer to the usage guideline of the related commands.
For the related commands, see network, rip input, rip output.
Example
2.1.21 summary
Syntax
summary
undo summary
View
RIP view
Parameter
None
2-16
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Description
Using summary command, you can configure to activate RIP-2 automatic route
summarization. Using undo summary command, you can disable RIP-2 automatic
route summarization.
By default, RIP-2 route summarization is used.
Route aggregation can be performed to reduce the routing traffic on the network as well
as to reduce the size of the routing table. RIP-1 does not support subnet mask.
Forwarding subnet route may cause ambiguity. Therefore, RIP-1 uses route
summarization all the time. If RIP-2 is used, route summarization function can be
disabled with the undo summary command, when it is necessary to broadcast the
subnet route.
For the related commands, see rip version.
Example
# Set RIP version on the interface Vlan-interface 1 as RIP-2 and disable the route
aggregation.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] rip version 2
[Quidway-Vlan-interface1] quit
[Quidway] rip
[Quidway-rip] undo summary
2-17
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Note:
When an Ethernet switch runs a routing protocol, it can perform the router functions.
Router that is referred to in the following and its icon represent a generalized router or
an Ethernet switch running routing protocols. To improve readability, this will not be
described in the other parts of the manual.
Syntax
View
Parameter
Description
Using abr-summary command, you can configure the route aggregation on the area
border router. Using undo abr-summary command, you can disable the function of
route aggregation on the area border router.
By default, the area border router doesn’t aggregate routes.
This command is applicable only to the area border router (ABR) and is used for the
route aggregation in an area. The ABR only transmits an aggregated route to other
areas. Route aggregation refers to that the routing information is processed in the ABR
and for each network segment configured with route aggregation, there is only one
route transmitted to other areas.
3-1
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Example
# Aggregate the two network segments, 66.48.10.0 and 66.48.120.0, in OSPF area 1
into one summary route 66.48.0.0 and transmit it to other areas.
[Quidway-ospf] area 1
[Quidway-ospf-area-0.0.0.1] network 66.48.10.0 0.0.0.255
[Quidway-ospf-area-0.0.0.1] network 66.48.120.0 0.0.0.255
[Quidway-ospf-area-0.0.0.1] abr-summary 66.48.0.0 255.255.0.0
3.1.2 area
Syntax
area area-id
undo area area-id
View
OSPF view
Parameter
area-id: ID of the OSPF area, which can be a decimal integer or in IP address format.
Description
Using area command, you can enter OSPF Area view. Using undo area command,
you can cancel the designated area.
Example
3.1.3 asbr-summary
Syntax
View
OSPF view
Parameter
3-2
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Example
3.1.4 authentication-mode
Syntax
View
Parameter
Description
3-3
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Example
Syntax
View
OSPF view
Parameter
value: Default routing cost of external route imported by OSPF, ranging from 0 to
16777214. By default, its value is 1.
Description
Using default cost command, you can configure the default cost for OSPF to import
external routes. Using undo default cost command, you can restore the default value
of the default routing cost configured for OSPF to import external routes.
Since OSPF can import external routing information, whose routing cost can influence
routing selection and calculation, and propagate it to the entire autonomous system, it
is necessary to specify the default routing cost for the protocol to import external routes.
Example
# Specify the default routing cost for OSPF to import external routes as 10.
[Quidway-ospf] default cost 10
3-4
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Syntax
View
OSPF view
Parameter
seconds: Default interval for redistributing external routes. Its unit is second and the
value ranges from 1 to 2147483647. By default, the interval for OSPF to import external
routes is 1 second.
Description
Using default interval command, you can configure the default interval for OSPF to
import external routes. Using undo default interval command, you can restore the
default value of the default interval of redistributing external routes.
Because OSPF can import the external routing information and broadcast it to the
entire autonomous system, and importing routes too often will greatly affect the
performances of the device, it is necessary to specify the default interval for the
protocol to import external routes.
Example
# Specify the default interval for OSPF to import external routes as 10 seconds.
[Quidway-ospf] default interval 10
Syntax
View
OSPF view
Parameter
routes: Default value to the imported external routes in a unit time, ranging from 200 to
2147483647. By default, the value is 1000.
3-5
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Using default limit command, you can configure the default value of maximum number
of imported routes. Using undo default limit command, you can restore the default
value.
OSPF can import external routing information and advertise them to the whole AS.
Importing too much external routes once will greatly affect the performances of the
device.
For the related commands, see default interval.
Example
Syntax
View
OSPF view
Parameter
Description
Using default tag command, you can configure the default tag of OSPF when it
redistributes an external route. Using undo default tag command, you can restore the
default tag of OSPF when it redistributes the external route.
When OSPF imports a route found by other routing protocols in the router and uses it
as the external routing information of its own autonomous system, some additional
parameters are required, including the default cost and the default tag of the route.
For the related commands, see default type.
Example
# Set the default tag of OSPF imported external route of the autonomous system as 10.
[Quidway-ospf] default tag 10
3-6
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Syntax
default type { 1 | 2 }
undo default type
View
OSPF view
Parameter
Description
Using default type command, you can configure the default type when OSPF
redistributes external routes. Using undo default type command, you can restore the
default type when OSPF redistributes external routes.
By default, the external routes of type 2 are imported.
OSPF specifies the two types of external routing information. The command described
in this section can be used to specify the default type when external routes are
imported.
For the related commands, see default tag.
Example
# Specify the default type as type 1 when OSPF imports an external route.
[Quidway-ospf] default type 1
3.1.10 default-cost
Syntax
default-cost value
undo default-cost
View
Parameter
value: Specify the cost value of the default route transmitted by OSPF to the STUB or
NSSA area, ranging from 0 to 16777214. The default value is 1.
3-7
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Using default-cost command, you can configure the cost of the default route
transmitted by OSPF to the STUB or NSSA area. Using undo default-cost command,
you can restore the cost of the default route transmitted by OSPF to the STUB or NSSA
area to the default value.
For the related commands, see stub, nssa.
Example
# Set the area 1 as the STUB area and the cost of the default route transmitted to this
STUB area to 60.
[Quidway-ospf] area 1
[Quidway-ospf-area-0.0.0.1] network 20.0.0.0 0.255.255.255
[Quidway-ospf-area-0.0.0.1] stub
[Quidway-ospf-area-0.0.0.1] default-cost 60
3.1.11 default-route-advertise
Syntax
View
OSPF view
Parameter
always: The parameter will generate an ase lsa which describes the default route and
advertise it if the local router is not configured with the default route. If this parameter is
not set, the local router cannot import the ase lsa, which generates the default route
only when it is configured with the default route.
cost value: the cost value of this ase lsa. The metric-value ranges from 0 to 16777214.
If the parameter is not configured, the default value is 1.
type value: cost type of this ase lsa. It ranges from 1 to 2. If the parameter is not
configured, the default value is 2.
route-policy route-policy-name: if the default route match the route-policy specified by
route-policy-name, route-policy will affect the value in ase lsa. The length of
route-policy-name parameter ranges from 1 to 16 character string.
3-8
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Using default-route-advertise command, you can import default route to OSPF route
area. Using undo default-route-advertise command, you can cancel the import of
default route.
By default, OSPF does not import default route.
The import-route command cannot import the default route. To import the default route
to the route area, this command must be used. When local router is not configured with
default route, the keyword always should be used by ase lsa to generate default route.
For the related commands, see import-route.
Example
# If local route has no default route, the ase lsa of default route will be generated,
otherwise it won’t be generated.
[Quidway-ospf] default-route-advertise
# The ase lsa of default route will be generated and advertised to OSPF route area
even the local router has no default route.
[Quidway-ospf] default-route-advertise always
Syntax
View
Any view
Description
Using the display debugging ospf command, you can view the debugging states of
global OSPF and all processes.
For related commands, see debugging ospf.
Example
Syntax
3-9
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
View
Any view
Parameter
None
Description
Using display ospf abr-asbr command, you can view the information about the ABR
and ASBR of OSPF.
Example
# Display the information of the OSPF area border routers and autonomous system
border routers.
<Quidway> display ospf abr-asbr
Routing Table to ABR and ASBR
I = Intra i = Inter A = ASBR B = ABR S = SumASBR
Destination Area Cost Nexthop Interface
IA 2.2.2.2 0.0.0.0 10 10.153.17.89 Vlan-interface1
Field Description
Destination Router ID of the ABR or ASBR
Syntax
View
Any view
Parameter
3-10
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Using display ospf asbr-summary command, you can view the summary information
of OSPF imported route.
If the parameters are not set, the summary information of all OSPF imported routes will
be displayed.
For the related commands, see asbr-summary .
Example
Summary Address
net : 168.10.0.0
mask : 255.254.0.0
tag : 1
status : Advertise
The Count of Route is 0
Summary Address
net : 1.1.0.0
mask : 255.255.0.0
tag : 100
status : DoNotAdvertise
The Count of Route is 0
Field Description
net Destination network segment
mask Mask
tag Tag
Status information, including two values:
The summary routing information to the network
DoNotAdvertise
status segment will not be advertised
3-11
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display ospf brief command, you can view the main summary of OSPF.
Example
Area 0.0.0.0:
Authtype: none Flags: <>
SPF scheduled: <>
Interface: 201.1.1.4 (Vlan-interface1)
Cost: 1 State: DR Type: Broadcast
Priority: 1
Designated Router: 201.1.1.4
Backup Designated Router: 201.1.1.3
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Table 3-3 Description of information generated by the command display ospf brief
Field Description
RouterID Router ID of the router
Border routers for connection to the area, including
Border Router autonomous system border router (ASBR) and area
border router (ABR)
3-12
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
Authtype Authentication type of OSPF
Routing preference of OSPF. The internal route of OSPF
includes intra/inter area route, and its default routing
Routing preference
preference is 10. While that of the external route of OSPF
is 150 by default
SPF computation
SPF computation count since OSPF is enabled
count
Syntax
View
Any view
3-13
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Parameter
None
Description
Using display ospf cumulative command, you can view the OSPF cumulative
information.
Example
Area 0.0.0.0:
Neighbors: 1 Interfaces: 1
Spf: 4 Checksum Sum 19260
rtr: 2 net: 1 sumasb: 0 sumnet: 1
Area 0.0.0.1:
Neighbors: 0 Interfaces: 1
Spf: 4 Checksum Sum DFC0
rtr: 1 net: 0 sumasb: 1 sumnet: 1
Routing Table:
Intra Area: 2 Inter Area: 0 ASE: 0
Field Description
Type Type of input/output OSPF packet
IO Statistics Input Number of received packets
Output Number of transmitted packets
3-14
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
ASE Number of all ASE LSAs
checksum sum Checksum of ASE LSA
originated Number of originated LSAs
LSAs Number of received LSAs generated by other
received
routers
Router Number of all Router LSAs
SumNet Number of all Sumnet LSAs
SumASB Number of all SumASB LSAs
Neighbors Number of neighbors in this area
Interfaces Number of interfaces in this area
Area Spf Number of SPF computation count in this area
rtr, net, sumasb,
Number of all LSAs in this area
sumnet
Intra Area Number of intra-area routes
Routing Table Inter Area Number of inter-area routes
ASE Number of external routes
Syntax
View
Any view
Parameter
None
Description
Using display ospf error command, you can view the OSPF error information.
Example
3-15
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Table 3-5 Description of information generated by the command display ospf error
Field Description
IP: received my own packet Received my own packet
3-16
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
HELLO: hello timer mismatch Interval of HELLO packet is mismatched
HELLO: dead timer mismatch Interval of dead neighbor packet is mismatched
HELLO: extern option
Extern option of Hello packet is mismatched
mismatch
LS REQ: neighbor state low Link state request (LS REQ) packet
LS REQ: empty request Link state request packet: empty request
LS UPD: LSA checksum bad Link state update packet: LSA checksum error
LS UPD:received less recent
Link state update packet: received less recent LSA
LSA
LS UPD: unknown LSA type Link state update packet: unknown LSA type
OSPF routing: next hop not
Next hop of OSPF routing does not exist
exist
3-17
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display ospf interface command, you can view the OSPF interface information.
Example
Field Description
Cost Cost of the interface
State State of the interface state machine
Type Network type of OSPF
Priority Priority of DR for interface election
Designated Router DR on the network in which the interface resides
Backup Designated Router BDR on the network in which the interface resides
OSPF timers, defining as follows:
Hello Interval of hello packet
Timers Dead Interval of dead neighbors
Poll Interval of poll
Retransmit Interval of retransmitting LSA
3-18
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
Transmit Delay Delay time of transmitting LSA
Syntax
display ospf [ area-id ] lsdb [ brief | [ asbr | ase | network | nssa | router | summary ]
[ ip-address ] [ originate-router ip-address | self-originate ] ]
View
Any view
Parameter
area-id: ID of the OSPF area, which can be a decimal integer or in IP address format.
brief: View brief database information.
asbr: View the database information of summary-Asbr-LSA.
ase: View the database information of AS-external-LSA.
network: View the database information of Network-LSA
nssa: View the database information of NSSA-external-LSA
router: View the database information of Router-LSA
summary: View the database information of Summary-Net-LSA
ip-address: Link state ID in IP address format.
originate-router ip-address: View the database information of the LSA generator.
self-originate: View the database information of self-originated LSA.
Description
Using display ospf lsdb command, you can view the database information about
OSPF connecting state.
Example
3-19
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Table 3-7 Description of information generated by the command display ospf lsdb
Field Description
Type Type of the LSA
3-20
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Tag: 1
Table 3-8 Description of information generated by the command display ospf lsdb
ase
Field Description
type Type of the LSA
ls id Link state ID of the LSA
adv rtr Router ID of the router originating the LSA
ls age Age of the LSA
len Length of the LSA
seq# Sequence number of the LSA
chksum Checksum of the LSA
Syntax
View
Any view
Parameter
None
Description
Using display ospf nexthop command, you can view the information about the
next-hop
Example
3-21
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
Address Address of next hop
Type Type of next hop
Reference count of the next hop, i.g., number of routes using the
Refcount
next hop
Syntax
View
Any view
Parameter
None
Description
Using display ospf peer command, you can view the information about OSPF peer.
Using display ospf peer brief command, you can view the brief information of every
peer in OSPF, mainly the peer number at all states in every area.
Example
3-22
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Table 3-10 Description of information generated by the command display ospf peer
Field Description
RouterID Router ID of neighbor router
Address of the interface, through which neighbor router
Address
communicates with the router
Table 3-11 Description of information generated by the command display ospf peer
brief
Field Description
Area ID Area ID
Initial state for OSPF to establish neighbor relation, which indicates that
Down OSPF router does not receive the message from a certain neighbor
router within a period of time
3-23
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
It indicates that OSPF router has received Hello packet from a neighbor
router, but its IP address is not contained in the Hello packet.
Init
Therefore, a two-way communication between them has not been
established.
Syntax
View
Any view
Parameter
None
Description
Using display ospf request-queue command, you can view the information about the
OSPF request-queue.
Example
3-24
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
RouterID Router ID of neighbor router
Address of the interface, through which neighbor routers
Address
communicate with the router
Interface Address of the interface on the network segment
Area Area number of OSPF
LSID:1.1.1.3 Link State ID of the LSA
AdvRouter Router ID of the router originating the LSA
Syntax
View
Any view
Parameter
None
Description
Using display ospf retrans-queue command, you can view the information about the
OSPF retransmission queue.
Example
3-25
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
RouterID Router ID of neighbor router
Address of the interface, through which neighbor routers
Address
communicate with the router
Syntax
View
Any view
Parameter
None
Description
Using display ospf routing command, you can view the information about OSPF
routing table.
Example
3-26
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Field Description
Destination Destination network segment
Cost Cost of route
Type Type of route
NextHop Next hop of route
AdvRouter Router ID of the router advertising the route
Area Area ID
Intra Area Number of intra-area routes
Inter Area Number of inter-area routes
ASE Number of external routes
NSSA Number of NSSA routes
Syntax
View
Any view
Parameter
None
Description
Using display ospf vlink command, you can view the information about OSPF virtual
links.
Example
3-27
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Table 3-15 Description of information generated by the command display ospf vlink
Field Description
Virtual-link
Router ID of virtual-link neighbor router
Neighbor-id
State State
Interface IP address the interface on the virtual link
Cost Route cost of the interface
Type Type: virtual link
ID of transit area that the virtual link passes, and it cannot be
Transit Area
backbone area, STUB area and NSSA area
OSPF timers, defining as follows:
Hello Interval of hello packet
Timers Dead Interval of dead neighbors
Poll Interval of poll
Syntax
View
OSPF view
Parameter
Description
Using filter-policy export command, you can configure the rule of OSPF filtering the
advertised routing information. Using undo filter-policy export command, you can
cancel the filtering rules that have been set.
By default, no filtering of the distributed routing information is performed.
3-28
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be advertised. Only the routing
information passing the filtration can be advertised.
For the related commands, see acl, ip ip-prefix.
Example
# Configure ospf only advertises the routing information permitted by acl 2000.
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule permit source 11.0.0.0 0.255.255.255
[Quidway-acl-basic-2000] rule deny source any
[Quidway-ospf] filter-policy 2000 export
Syntax
View
OSPF view
Parameter
acl-number: Access control list number used for filtering the destination addresses of
the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination addresses
of the routing information.
gateway ip-prefix-name: Name of address prefix list used for filtering the addresses of
the neighboring routers advertising the routing information.
Description
Using filter-policy import command, you can configure the OSPF rules of filtering the
routing information received. Using undo filter-policy import command, you can
cancel the filtering of the routing information received.
By default, no filtering of the received routing information is performed.
In some cases, it may be required that only the routing information meeting some
conditions can be received. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be received. Only the routing
information passing the filtration can be received.
3-29
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Example
# Filter the received routing information according to the rule defined by the access
control list 2000.
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule permit source 20.0.0.0 0.255.255.255
[Quidway-acl-basic-2000] rule deny source any
[Quidway-ospf] filter-policy 2000 import
3.1.28 import-route
Syntax
View
OSPF view
Parameter
protocol: Specify the source routing protocol that can be imported. At present, it
includes direct, rip, bgp and static.
cost value: Specify the cost of imported route.
type value: Specify the cost type of imported external routes. The value ranges from 1
to 2. The default value is 2.
tag value: Specify the value of tag for imported external routes.
route-policy route-policy-name: Configure only to import the routes matching the
specified Route-policy.
Description
Using import-route command, you can import the information of another routing
protocol. Using undo import-route command, you can cancel the imported external
routing information.
By default, the routing information of other protocols is not imported.
Note:
You are recommended to configure the route type, cost and tag together in one
command; otherwise, the new configuration overwrites the old one.
3-30
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Example
# Specify an imported RIP route as the route of type 2, with the route tag as 33 and the
route cost as 50.
[Quidway-ospf] import-route rip type 2 tag 33 cost 50
3.1.29 network
Syntax
View
Parameter
Description
Using network command, you can configure the interface running OSPF protocol to
which the interface belongs. Using undo network command, you can cancel the
interface running OSPF.
By default, the interface does not belong to any area.
With the two parameters, ip-address and ip-mask, one or more interfaces can be
configured as an area. To run the OSPF protocol on one interface, the master IP
address of this interface must be in the range of the network segment specified by this
command. If only the slave IP address of the interface is in the range of the network
segment specified by this command, this interface will not run OSPF protocol.
For the related commands, see ospf.
Example
# Specify the interfaces whose master IP addresses are in the segment range of
10.110.36.0 to run the OSPF protocol and specify the number of the OSPF area (where
these interfaces are located) as 6.
[Quidway-ospf] area 6
[Quidway-ospf-area-0.0.0.6] network 10.110.36.0.0 0.0.0.255
3-31
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
3.1.30 nssa
Syntax
View
Parameter
Description
Using nssa command, you can configure the type of an OSPF area as NSSA area.
Using undo nssa command, you can cancel the function.
By default, NSSA area is not configured.
For all the routers connected to the NSSA area, the command nssa must be used to
configure the area as the NSSA attribute.
The default-route-advertise parameter is used to generate default type-7 LSA. No
matter whether there is route 0.0.0.0 in routing table on ABR, type-7 LSA default route
will be generated always. Only when there is route 0.0.0.0 in routing table on ASBR, will
type-7 LSA default route be generated.
On ASBR, the no-import-route parameter enables the external route imported by
OSPF through import-route command not to be advertised to NSSA area.
Example
3.1.31 ospf
Syntax
ospf
undo ospf
3-32
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
View
System view
Parameter
None
Description
Using ospf command, you can enable the OSPF protocol. Using undo ospf command,
you can disable the OSPF protocol.
After starting OSPF protocol, the user can make the corresponding configuration under
the OSPF protocol view.
By default, the system does not run the OSPF protocol.
For the related commands, see network.
Example
Syntax
View
Interface view
Parameter
simple password: Character string not exceeding 8 characters using plain text
authentication.
key-id: ID of the authentication key in MD5 authentication mode in the range from 1 to
255.
key: MD5 authentication key. If it is input in a plain text form, MD5 key is a character
string not exceeding 16 characters. And it will be displayed in a cipher text form in a
length of 24 characters when display current-configuration command is executed.
Inputting the MD5 key in a cipher text form with 24 characters is also supported.
3-33
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Example
# Set the area 1 where the network segment 131.119.0.0 of Interface Vlan-interface 1 is
located to support MD5 cipher text authentication. The authentication key identifier is
set to 15 and the authentication key is Huawei.
[Quidway-ospf] area 1
[Quidway-ospf-area-0.0.0.1] network 131.119.0.0 0.0.255.255
[Quidway-ospf-area-0.0.0.1] authentication-mode md5
[Quidway-Vlan-interface1] ospf authentication-mode md5 15 Huawei
Syntax
View
Interface view
Parameter
Description
Using ospf cost command, you can configure different message sending costs so as
to send messages from different interfaces. Using undo ospf cost command, you can
restore the default costs.
For S3500 series switches,the default cost for running OSPF protocol of on the VLAN
interface is 10.
Example
3-34
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Syntax
View
Interface view
Parameter
value: Interface priority for electing the "designated router", ranging from 0 to 255. The
default value is 1.
Description
Using ospf dr-priority command, you can configure the priority for electing the
"designated router" on an interface. Using undo ospf dr-priority command, you can
restore the default value.
The priority of the interface determines the qualification of the interface when the
"designated router" is elected. The interface with higher priority will be considered first
when the vote collision occurs.
Example
# Set the priority of the interface Vlan-interface 1 to 8, when electing the DR.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] ospf dr-priority 8
Syntax
ospf mtu-enable
undo ospf mtu-enable
View
Interface view
Parameter
None.
3-35
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Using ospf mtu-enable command, you can enable the interface to write MTU value
when sending DD packets. Using undo ospf mtu-enable command, you can restore
the default settings.
By default, The MTU value is 0 when sending DD packets, i.e. the actual MTU value of
the interface is not written.
Database Description (DD) packets are used to describe its own LSDB when the router
running OSPF protocol is synchronizing the database.
The default MTU value of DD packet is 0. With this command, the specified interface
can be set manually to write the MTU value area in DD packets when sending DD
packets, i.e. the actual MTU value of the interface is written in.
Example
# Set interface Vlan-interface 3 to write MTU value area when sending DD packets.
[Quidway] interface Vlan-interface 3
[Quidway-Vlan-interface3] ospf mtu-enable
Syntax
View
Interface view
Parameter
Description
Using ospf network-type command, you can configure the network type of OSPF
interface. Using undo ospf network-type command, you can restore the default
network type of the OSPF interface.
OSPF divides networks into four types by link layer protocol:
z Broadcast: If Ethernet or FDDI is adopted, OSPF defaults the network type to
broadcast.
3-36
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Example
Syntax
View
Interface view
Parameter
seconds: Dead interval of the OSPF neighbor. It is in second and ranges from 1 to
65535.
3-37
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Using ospf timer dead command, you can configure the dead interval of the OSPF
peer. Using undo ospf timer dead command, you can restore the default value of the
dead interval of the peer.
By default, the dead interval for the OSPF peers of p2p and broadcast interfaces are
40 seconds, and for those of p2mp and nbma interfaces is 120 seconds.
The dead of OSPF peers means that within this interval, if no Hello message is
received from the peer, the peer will be considered to be invalid. The value of dead
seconds should be at least 4 times of that of the Hello seconds. The dead seconds for
the routers on the same network segment must be identical.
For the related commands, see ospf timer hello.
Example
Syntax
View
Interface view
Parameter
seconds: Interval in seconds for an interface to transmit hello packet. It ranges from 1 to
255.
Description
Using ospf timer hello command, you can configure the interval for transmitting Hello
messages on an interface. Using undo ospf timer hello command, you can restore
the interval to the default value.
By default, the interval is 10 seconds for an interface of p2p or broadcast type to
transmit Hello messages, and 30 seconds for an interface of nbma or p2mp type.
For the related commands, see ospf timer dead.
3-38
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Example
Syntax
View
Interface view
Parameter
seconds: Specifies the poll Hello interval, ranging from 1 to 65535 and measured in
seconds. The default value is 40 seconds.
Description
Using ospf timer poll command, you can configure the poll Hello packet interval on
NBMA and p2mp network. Using undo ospf timer poll command, you can restore the
default poll interval.
On the NBMA and p2mp network, if a neighbor is invalid, the Hello packet will be
transmitted regularly according to the poll seconds. You can configure the poll
seconds to specify how often the interface transmits Hello packet before it establishes
adjacency with the adjacent router. Poll seconds should be no less than 3 times of
Hello.
Example
# Configure to transmit poll Hello packet from interface Vlan-interface 2 every 120
seconds.
[Quidway-Vlan-interface2] ospf timer poll 120
Syntax
3-39
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
View
Interface view
Parameter
Description
Using ospf timer retransmit command, you can configure the interval for LSA
re-transmitting on an interface. Using undo ospf timer retransmit command, you can
restore the default interval value for LSA re-transmitting on the interface.
If a router running OSPF transmits a "link state advertisement" (LSA) to the peer, it
needs to wait for the acknowledgement packet from the peer. If no acknowledgement is
received from the peer within the LSA retransmit, this LSA will be re-transmitted. This
command can change the interval of re-transmitting LSA. However, according to
RFC2328, the LSA retransmit between adjacent routers should not be set too short.
Otherwise, unexpected re-transmission will be caused.
Example
# Specify the retransmit for LSA transmitting between the interface Vlan-interface 1 and
the adjacent routers to 12 seconds.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] ospf timer retransmit 12
Syntax
View
Interface view
Parameter
Description
Using ospf trans-delay command, you can configure the LSA transmitting delay on an
interface. Using undo ospf trans-delay command, you can restore the default value of
the LSA transmitting delay on an interface.
3-40
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
LSA will age in the "link state database" (LSDB) of the router as time goes by (add 1 for
every second), but it will not age during network transmission. Therefore, it is
necessary to add a period of time set by this command to the aging time of LSA before
transmitting it.
Example
3.1.42 peer
Syntax
View
OSPF view
Parameter
Description
Using peer command, you can configure the neighboring point if a router is connected
to a network of NBMA type. Using undo peer command, you can cancel the configured
neighboring point.
Example
3.1.43 preference
Syntax
3-41
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
View
OSPF view
Parameter
Description
Using preference command, you can configure the preference of an OSPF protocol
route. Using undo preference command, you can restore the default value of the
OSPF protocol route.
By default, the preference of an OSPF protocol internal route is 10 and the preference
of an external route is 150.
Because multiple dynamic routing protocols could be running on a router, there is the
problem of routing information sharing among routing protocols and selection.
Therefore, a default preference is specified for each routing protocol. When a route is
identified by different protocols, the protocol with a high preference will play a decisive
role.
Example
Syntax
View
User view
Parameter
Description
Using reset ospf all command, you can reset all the OSPF process.
The reset ospf all command can be used to reset the OSPF process and the following
results are expected:
z Clear invalid LSA immediately without waiting for LSA timeout.
3-42
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
z If the Router ID changes, a new Router ID will take effect by executing the
command.
z Re-elect DR and BDR conveniently.
z OSPF configuration before the restart will not lose.
The system will require the user to confirm whether to re-enable the OSPF protocol
after execution of the command.
Example
3.1.45 router id
Syntax
router id router-id
undo router id
View
System view
Parameter
Description
Using router id command, you can configure the ID of a router running the OSPF
protocol. Using undo router id command, you can cancel the router ID that has been
set.
By default, if the LoopBack interface address exists, the system chooses the LoopBack
address with the greatest IP address value as the router ID; if no LoopBack interface
configured, then the address of the physical interface with the greatest IP address
value will be the router ID.
Router ID is a 32-bit unsigned integer that uniquely identifies a router in an OSPF
autonomous system. The user can specify the ID for a router. If the user doesn’t specify
router ID, the router will automatically select one from configured IP address as the ID
of this router. If no IP address is configured for any interface of the router, the router ID
must be configured in OSPF view. Otherwise, OSPF protocol cannot be enabled.
When the router ID is configured manually, the IDs of any two routers cannot be same
in the autonomous system. So, the IP address of certain interface might as well be
selected as the ID of this router.
3-43
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Note:
The modified router ID will not be valid unless OSPF is re-enabled.
Example
3.1.46 silent-interface
Syntax
View
OSPF view
Parameter
Description
Example
3-44
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Syntax
View
System view
Parameter
Description
Using the snmp-agent trap enable ospf command, you can enable the OSPF TRAP
function. Using the undo snmp-agent trap enable ospf command, you can disable
the OSPF TRAP function.
This command cannot be applied to the OSPF processes that are started after the
command is executed.
By default, the switch does not send TRAP packets in case of OSPF anomalies.
For detailed configuration of SNMP TRAP, refer to the module “System Management"
in this manual.
Example
3-45
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
3.1.48 spf-schedule-interval
Syntax
spf-schedule-interval interval
undo spf-schedule-interval
View
OSPF view
Parameter
interval: SPF calculation interval of OSPF, which is in second in the range of 1 to 10.
The default value is 5 seconds.
Description
Example
3.1.49 stub
Syntax
stub [ no-summary ]
undo stub
View
Parameter
3-46
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Description
Using stub command, you can configure the type of an OSPF area as “stub”. Using
undo stub command, you can cancel the settings.
By default, no area is set to be the STUB area.
If the router is an ABR, it will send a default route to the connected stub area . Using
default-cost command, you can configure the default route cost.
For the related commands, see default-cost.
Example
3.1.50 vlink-peer
Syntax
View
Parameter
3-47
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
keyid: Specify the MD5 authentication key ID. Its value ranges from 1 to 255. It must be
equal to the authentication key ID of the virtually linked peer.
key: Specify the MD5 authentication key. If it is input in a plain text form, the key is a
character string not exceeding 16 characters. And it will be displayed in a cipher text
form in a length of 24 characters when display current-configuration command is
executed. Inputting the MD5 key in a cipher text form with 24 characters is also
supported.
Description
Using vlink-peer command, you can create and configure a virtual link. Using undo
vlink-peer command, you can cancel an existing virtual link.
According to RFC2328, the OSPF area should be connected with the backbone
network. You can use vlink-peer command to keep the connectivity. Virtual link can be
regarded as a common interface that uses OSPF so that you can easily understand
why to configure the parameters such as hello, retransmit, and trans-delay on it.
One thing should be mentioned. When configuring virtual link authentication,
authentication-mode command is used to set the authentication mode as MD5 cipher
text or simple text on the backbone network.
For the related commands, see authentication-mode, display ospf.
Example
# Create a virtual link to 10.110.0.3 and use the MD5 cipher authentication mode.
[Quidway-ospf] area 10.0.0.0
[Quidway-ospf-area-10.0.0.0] vlink-peer 10.110.0.3 md5 3 345
3-48
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Note:
When an Ethernet switch runs a routing protocol, it can perform the router functions.
Router that is referred to in the following and its icon represent a generalized router or
an Ethernet switch running routing protocols. To improve readability, this will not be
described in the other parts of the manual.
Note:
For the commands defining routing policies in BGP, refer to the “Routing Policy" of the
next chapter.
4.1.1 aggregate
Syntax
View
BGP view
Parameter
4-1
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using aggregate command, you can establish an aggregated record in the BGP
routing table. Using undo aggregate command, you can disable the function.
By default, there is no route aggregation.
The keywords is explained as follows:
keywords use
Used to produce an aggregated route whose AS path
information includes detailed routes. Use this keyword
as-set
carefully when many AS paths need to be aggregated, for the
frequent change of routes may lead to route vibration.
Example
4.1.2 bgp
Syntax
bgp as-number
undo bgp [as-number ]
4-2
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
View
system view
Parameter
Description
Using bgp command, you can enable BGP and enter the BGP view. Using undo bgp
command, you can disable BGP.
By default, the system does not run BGP.
This command is used to enable and disable BGP as well as to specify the local AS
number of BGP.
Example
# Enable BGP.
[Quidway] bgp 100
[Quidway-bgp]
4.1.3 compare-different-as-med
Syntax
compare-different-as-med
undo compare-different-as-med
View
BGP view
Parameter
None
Description
4-3
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
[Quidway-bgp] compare-different-as-med
4.1.4 confederation id
Syntax
confederation id as-number
undo confederation id
View
BGP view
Parameter
Description
Example
# Confederation 9 consists of four sub-ASs, namely, 38, 39, 40 and 41. Here, the peer
10.1.1.1 is an internal member of the AS confederation while the peer 200.1.1.1 is an
external member of the AS confederation. For external members, Confederation 9 is a
unified AS domain.
[Quidway] bgp 41
[Quidway-bgp] confederation id 9
[Quidway-bgp] confederation peer-as 38 39 40
[Quidway-bgp] group Confed38 external
[Quidway-bgp] peer Confed38 as-number 38
4-4
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Syntax
confederation nonstandard
undo confederation nonstandard
View
BGP view.
Parameter
None
Description
Example
Syntax
View
BGP view
4-5
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Parameter
Description
Example
4.1.7 dampening
Syntax
View
BGP view
Parameter
4-6
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
ceiling: The upper threshold of the penalty. The range is 1001 to 20000. By default, the
value is 16000.
policy-name: Configure route policy name.
If the parameters are not set, the BGP route attenuation is valid and each parameter is
taken as the default value. The parameters are mutually dependent. Once configure
any parameter, all other parameters should also be specified.
Description
Using dampening command, you can make BGP route attenuation valid or modify
various BGP route attenuation parameters. Using undo dampening command, you
can make the characteristics invalid.
By default, no route attenuation is configured.
For the related commands, see reset bgp dampening, reset bgp flap-info, display
bgp routing-table dampened, display bgp routing-table flap-info.
Example
Syntax
View
User view
Parameter
4-7
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using debugging bgp all command, you can enable all the information debugging of
BGP packet and events.
Using debugging bgp event command, you can enable the information debugging of
BGP events
Using debugging bgp keepalive command, you can enable the information
debugging of BGP Keepalive packets.
Using debugging bgp packet command, you can enable the information debugging of
BGP packets.
Using undo debugging bgp command, you can disable the debugging functions.
Example
Syntax
View
BGP view
Parameter
Description
Using default local-preference command, you can configure the default local
preference. Using undo default local-preference command, you can restore the
default value.
Configuring different local preferences will affect BGP routing selection. When a router
running BGP gets routes with the same destination address but different next hops
through different internal peers, it will select the route of highest local preference to this
destination.
4-8
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
# The two routers RTA and RTB in the same autonomous area use X.25 and Frame
Relay protocols separately to connect with external autonomous areas. The command
can be used to configure the default local preference of RTB as 180 so that the route
via RTB is selected first when the same route goes through RTA and RTB at the same
time.
[Quidway-bgp]default local-preference 180
Syntax
View
BGP view.
Parameter
Description
Using default med command, you can configure the default system metric. Using
undo default med command, you can restore the default metric of the system.
In the case that all other conditions are the same, the system first selects the route with
the smaller MED value as the external route of the autonomous system.
Example
# Routers RTA and RTB belong to AS100 and router RTC belongs to AS200. RTC is
the peer of RTA and RTB. The network between RTA and RTC is X.25 network and the
network between RTB and RTC is Ethernet. So the MED of RTA can be configured as
25 to allow RTC to select the route transmitted by RTB first.
[Quidway-bgp] default med 25
Syntax
View
Any view
4-9
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Parameter
Description
Using display bgp group command, you can view the information of peer groups.
Example
Table 4-2 Description of information generated by the command display bgp group
Field Description
Group Name of peer group
type Type of peer group: IBGP or EBGP
as-number AS number of peer group
members in this group Members in this peer group
route-policy Name of configured route policy
filter-policy Configured export and import route filter for BGP
acl Configured access control list
ip-prefix Configured IP address prefix list
Syntax
4-10
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
View
Any view
Parameter
None
Description
Using display bgp network command, you can view the routing information that has
been configured.
Example
Table 4-3 Description of information generated by the command display bgp network
Field Description
Network Network address
Mask Mask
Route-policy Configured route policy
Syntax
View
Any view
Parameter
Description
Using display bgp paths command, you can view the information about AS paths
4-11
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
Table 4-4 Description of information generated by the command display bgp paths
Field Description
Id Value of sequence number
Hash-Index Value of Hash-index
References Number of routes with reference
Aggregator Mask length of aggregate route
Origin attribute of route, which indicates that the route updates its
origin relative to the route originating it from AS. It has three
optional values:
The route belongs to inside of AS. BGP treats
IGP aggregate route and the route defined by the command
network as inside of AS, and origin type as IGP.
Origin
The route is learned from exterior gateway protocol
EGP
(EGP).
Short for INCOMPLETE: indicates that the original
source of the route information is unknown (learned by
INC
other methods). BGP sets the origin of the route
imported through other IGP protocols as INCOMPLETE
AS-path attribute of route, which records all AS areas that the
As-path
route passes. With it, route loop can be avoided
Syntax
View
Any view
Parameter
4-12
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using display bgp peer command, you can view the information about BGP peers.
Example
Table 4-5 Description of information generated by the command display bgp peer
verbose
Field Description
IP address of peer and port number used by the peer to establish TCP
Peer
connection
Type Type of peer: Internal for IBGP, and External for EBGP
State State of peer
4-13
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display bgp routing-table command, you can view all the BGP routing
information.
Example
4-14
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Field Description
State flags:
# - valid (valid)
^ - best (selected)
Flags D – damped (discarded)
H – history (history)
I – internal (interior gateway protocol)
S - aggregate suppressed (suppressed)
Dest/Mask Destination address/Mask
Next Hop IP address of next hop
MULTI_EXIT_DISC attribute value, which ranges from 0 to
Med
4294967295
Local-Pref Local preference, which ranges from 0 to 4294967295
Origin attribute of route, which indicates that the route updates its
origin relative to the route originating it from AS. It has three
optional values:
Syntax
View
Any view
Parameter
4-15
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using display bgp routing-table as-path-acl command, you can view routes that
match an as-path acl.
Example
Field Description
Dest/Mask Destination address/Mask
Pref Preference
4-16
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Field Description
Origin attribute of route, which indicates that the route updates its
origin relative to the route originating it from AS. It has three optional
values:
Syntax
View
Any view
Parameter
None
Description
Using display bgp routing-table cidr command, you can view the routing information
about the non-natural mask (namely the classless interdomain routing, CIDR).
Example
4-17
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display bgp routing-table community command, you can view the routing
information related to the specified BGP community number in the routing table.
Example
Syntax
4-18
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
View
Any view
Parameter
Description
Using display bgp routing-table community-list command, you can view the routing
information matching the specified BGP community list.
Example
Syntax
View
Any view
Parameter
None
4-19
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using display bgp routing-table dampened command, you can view BGP dampened
routes.
Example
Item Description
State flags:
# - valid (valid)
^ - best (selected)
Flags D – damped (discarded)
H – history (history)
I – internal (interior gateway protocol)
S - aggregate suppressed (suppressed)
#D The valid and damped route
Dest/Mask The dampened route to the destination network 11.1.0.0
Source The nexthop of the route
Damping-li The time before dampening turns invalid and the route can be
mit reused.
Origin attribute of route, which indicates that the route updates its
origin relative to the route originating it from AS. It has three optional
values:
4-20
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Item Description
AS-path attribute of route, which records all AS areas that the route
As-path
passes. With it, route loop can be avoided
Syntax
View
Any view
Parameter
None
Description
Using display bgp routing-table different-origin-as command, you can view routes
that have different source autonomous systems
Example
Syntax
View
Any view
4-21
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Parameter
Description
Using display bgp routing-table flap-info command, you can view BGP flap-info.
Example
Item Description
State flags:
# - valid (valid)
^ - best (selected)
Flags D – damped (discarded)
H – history (history)
I – internal (interior gateway protocol)
S - aggregate suppressed (suppressed)
4-22
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Item Description
Origin attribute of route, which indicates that the route updates its
origin relative to the route originating it from AS. It has three optional
values:
Syntax
View
Any view
Parameter
Description
Using display bgp routing-table peer command, you can view the routing information
the specified BGP peer advertised or received.
Example
4-23
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display bgp routing-table regular-expression command, you can view the
routing information matching the specified AS regular expression
Example
4-24
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Syntax
View
BGP view
Parameter
Description
Using filter-policy export command, you can filter the advertised routes and only the
routes passing the filter can be advertised by BGP. Using undo filter-policy export
command, you can cancel the filtration to the advertised routes.
By default, filtration to the received routing information is not configured.
If the parameter protocol is specified, only the imported route generated by the
specified protocol is filtered and the imported routes generated by other protocols are
not affected. If the parameter protocol is not specified, the imported route generated by
any protocol will be filtered.
Example
Syntax
View
BGP view
4-25
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Parameter
Description
Using filter-policy gateway import command, you can filter the learned routing
information advertised by the peer with the specified address. Using undo filter-policy
gateway import command, you can cancel the filtration to the routing information
advertised by the peer with specified address.
Using filter-policy import command, you can filter the received global routing
information. Using undo filter-policy import command, you can remove the filtration
to the received global routing information.
By default, filtration to the received routing information is not configured.
This command can be used to filter the routes received by BGP and determines
whether to add the routes to the BGP routing table.
Example
4.1.27 group
Syntax
group group-name
undo group group-name
View
BGP view
Parameter
group-name: Specify the name of the peer group. group-name is locally significant.
Description
Using group group-name command, you can establish a peer group. Using undo
group group-name command, you can cancel the configured peer group.
The use of BGP peer group is for the convenience of the user’s configuration. When the
user starts several peers with the same configuration, a peer group can be established
first and be configured. Then add all the peers to the peer group so that they have the
same configuration as this peer group.
4-26
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
4.1.28 import-route
Syntax
View
BGP view
Parameter
protocol: Specify source routing protocols which can be imported, which include direct,
ospf, ospf-nssa , ospf-ase, rip and static at present.
med med-value: Specify the MED value loaded by a redistributes route, ranging from 0
to 4294967295.
route-policy route-policy-name: Specify a route-policy.
Description
Using import-route command, you can import routes of other protocols. Using undo
import-route command, you can cancel redistributing routes of other protocols.
By default, BGP does not import routes of other protocols.
Example
4.1.29 ip as-path-acl
Syntax
View
System view
Parameter
4-27
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using ip as-path-acl command, you can configure an AS path regular express. Using
undo ip as-path-acl command, you can disable the defined regular expression.
The configured AS path list can be used in BGP policy.
For the related commands, see peer as-path-acl, display bgp routing-table
as-path-acl.
Example
4.1.30 ip community-list
Syntax
View
System view
Parameter
4-28
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using ip community-list command, you can configure a BGP community list. Using
undo ip community-list command, you can cancel the configured BGP community
list.
The configured community list can be used in BGP policy.
For the related commands, see apply community, display bgp routing-table
community-list.
Example
# Define a community attribute list which does not advertise routes with the community
attribute beyond the confederation.
[Quidway] ip community-list 6 permit no-export-subconfed
4.1.31 network
Syntax
View
BGP view
Parameter
Description
Using network command, you can configure the network routes advertised by the local
BGP. Using undo network command, you can cancel the existing configuration.
By default, there is no networks sent through BGP
Example
Syntax
4-29
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
View
BGP view
Parameter
Description
Using peer advertise-community command, you can enable the transmission of the
community attribute to a peer/peer group. Using undo peer advertise-community
command, you can cancel the existing configuration.
By default, the community attribute is not transmitted to any peer/peer group.
For the related commands, see if-match community-list, apply community.
Example
Syntax
View
BGP view
Parameter
Description
Using peer allow-as-loop command, you can configure the repeating time of local AS.
Using undo peer allow-as-loop command, you can remove the repeating time of local
AS.
For the related commands, see display current-configuration, display bgp
routing-table peer, display bgp routing-table group
4-30
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
Syntax
View
BGP view
Parameter
Description
Using peer as-number command, you can configure the AS number of peer
group/peer. Using undo peer as-number command, you can delete the AS number of
peer group/peer.
By default, no peer group, peer and AS number are configured.
Example
Syntax
View
BGP view
Parameter
4-31
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
acl-number: Specify the filter list number of an AS regular expression. The range is 1 to
199.
import: For the received routes.
export: For the advertised routes.
Description
Using peer as-path-acl command, you can configure BGP route filtering Policy based
on AS path list. Using undo peer as-path-acl command, you can cancel the existing
configuration.
By default, the peer/peer group has no AS path list.
For the related commands, see as-path-acl.
Example
Syntax
View
BGP view
Parameter
Description
Using peer connect-interface command, you can specify the source interface of a
route update packet. Using undo peer connect-interface command, you can restore
the best source interface.
By default, BGP uses the best source interface.
Usually, BGP uses the optimal route to update the source interface of the packets.
However, you can set the mode of the interface to Loopback in order to send route
updates even if the interface is not work normally.
4-32
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
Syntax
View
BGP view
Parameter
Description
Example
Syntax
View
BGP view
4-33
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Parameter
Description
Using peer description command, you can configure the description information of the
peer/peer group. Using undo peer description command, you can cancel the
description information of the peer/peer group.
By default, description information of peers/peer group is not configured.
For the related commands, see display current-configuration, display bgp
routing-table peer, display bgp routing-table group.
Example
# Configure the description information of the peer whose name is group1 as beijing1.
[Quidway-bgp] peer group1 description beijing1
Syntax
View
BGP view
Parameter
Description
Using peer ebgp-max-hop command, you can allow to establishing EBGP connection
with the peer on indirectly connected network. Using undo peer ebgp-max-hop
command, you can cancel the existing configuration.
By default, this feature is disabled.
4-34
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
# Allow to establishing EBGP connection with the peer group named test indirectly
connected.
[Quidway-bgp] peer test ebgp-max-hop
Syntax
View
BGP view
Parameter
group-name: Specify the name of the peer group which specifies the entire peer group.
peer-address: IP address of a peer, which specifies a certain peer.
Description
Using peer enable command, you can enable the specified peer/peer group and
disable it by using undo peer enable command.
By default, BGP peer/peer group is enabled.
If the specified peer/peer group is disabled, the router will not exchange routing
information with the specified peer/peer group.
Example
Syntax
View
BGP view
4-35
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Parameter
Description
Using peer filter-policy command, you can configure the filter-policy list of a peer/peer
group. Using undo peer filter-policy command, you can cancel the existing
configuration.
By default, a peer/peer group has no access control list (ACL).
For the related commands, see acl.
Example
Syntax
View
BGP view
Parameter
Description
Using peer group command, you can add a peer to the peer group. Using undo peer
group command, you can delete the specified peer in the peer group.
The use of BGP peer group is for the convenience of the user’s configuration. When the
user starts several peers with the same configuration, a peer group can be established
first and be configured. Then add all the peers to the peer group so that they have the
same configuration as this peer group.
4-36
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
Syntax
View
BGP view
Parameter
Description
Using peer ip-prefix command, you can configure the route filtering policy of the
peer/peer group based on the ip-prefix. Using undo peer ip-prefix command, you can
cancel the route filtering policy of the peer/peer group based on the ip-prefix.
By default, the route filtering policy of the peer/peer group is not specified.
For the related commands, see ip ip-prefix.
Example
# Configure the route filtering policy of the peer group based on the ip-prefix 1.
[Quidway-bgp] peer group1 ip-prefix list1 export
Syntax
4-37
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
View
BGP view
Parameter
Description
Using peer next-hop-local command, you can configure to perform the process of the
next hop in the route to be advertised to the peer/peer group and take the address of
itself as the next hop. Using undo peer next-hop-local command, you can cancel the
existing configuration.
Example
# When BGP distributes the routes to the peer group “test”, it will take its own address
as the next hop.
[Quidway-bgp] peer test next-hop-local
Syntax
View
BGP view
Parameter
4-38
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using the peer password command, you can configure MD5 authentication for BGP
during TCP connection setup. Using the undo peer password command, you can
cancel the configuration.
By default, BGP does not perform MD5 authentication when TCP connection is set up.
Once MD5 authentication is enabled, both parties involved in the authentication must
be configured with identical authentication modes and passwords. Otherwise, TCP
connection will not be set up because of the failed authentication.
This command is used to configure MD5 authentication for the specific peer only when
the peer group to which the peer belongs is not configured with MD5 authentication.
Otherwise, the peer should be consistent with the peer group.
Example
# Adopt MD5 authentication on the TCP connection set up between the local router at
10.1.100.1 and the peer router at 10.1.100.2.
[Quidway-bgp] peer 10.1.100.2 password simple huawei
Syntax
View
BGP view
Parameter
Description
Using peer public-as-only command, you can configure not to carry the AS number
when transmitting BGP update packets. Using undo peer public-as-only command,
you can configure to carry the AS number when transmitting BGP update packets.
By default, private AS number is carried when transmitting BGP update packets.
Generally, BGP transmits BGP update packets with the AS number (either public AS
number or private AS number). To enable some outbound routers to ignore the AS
4-39
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
number when transmitting update packets, you can configure not to carry the AS
number when transmitting BGP update packets.
Example
# Configure not to carry the private AS number when transmitting BGP update packets
to the peer named test.
[Quidway-bgp] peer test public-as-only
Syntax
View
BGP view
Parameter
Description
Using peer reflect-client command, you can configure a peer/peer group as the route
reflector client. Using undo peer reflect-client command, you can cancel the existing
configuration.
For the related commands, see reflect between-clients, reflector cluster-id.
Example
Syntax
View
BGP view
4-40
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Parameter
Description
Using peer route-policy command, you can assign the Route-policy to the route
coming from the peer/peer group or the route advertised to the peer/peer group. Using
undo peer route-policy command, you can delete the specified Route-policy.
By default, the peer/peer group has no Route-policy association.
Example
# Apply the Route-policy named test-policy to the route coming from the peer/peer
group test.
[Quidway-bgp] peer test route-policy test-policy export
Syntax
View
BGP view
Parameter
Description
Using peer route-update-interval command, you can configure the interval for the
transmission route of a peer/peer group. Using undo peer route-update-interval
command, you can restore the interval to the default value.
4-41
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Example
# Configure the interval of the BGP peer group “test” sending the route update packet
as 10 seconds.
[Quidway-bgp] peer test as-number 100
[Quidway-bgp] peer test route-update-interval 10
Syntax
View
BGP view
Parameter
Description
Using peer timer command, you can configure the timers for a peer/peer group. Using
undo peer timer command, you can restore the timer to the default value.
The timer configured by using this command has a higher priority than the one
configured by using the timer command.
Example
Syntax
reflect between-clients
undo reflect between-clients
4-42
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
View
BGP view
Parameter
None
Description
Example
Syntax
View
BGP view
Parameter
cluster-id: Specify the cluster ID of the route reflector with the range from 1 to
4294967295.
address: Used as the interface address of the route reflector’s cluster ID.
Description
Using reflector cluster-id command, you can configure the cluster ID of the route
reflector. Using undo reflector cluster-id command, you can delete the cluster ID of
the route reflector.
By default, each route reflector uses its Router ID as the cluster ID.
For the related commands, see reflect between-clients, peer reflect-client.
Example
4-43
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Syntax
View
User view
Parameter
Description
Using refresh bgp peer-address command, you can refresh general BGP routes.
When BGP routing policy changes, it is required to re-compute associated route
information. This command can refresh general BGP routes.
Example
Syntax
View
User view
Parameter
4-44
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Description
Using reset bgp peer-address command, you can reset the connection of BGP with a
specified BGP peer.
Using reset bgp all command, you can reset all the connections with BGP.
Example
# Reset all the BGP connections to enable the new configuration (after configuring the
new Keepalive interval and Holdtime interval using the timer command).
<Quidway>reset bgp all
Syntax
View
User view
Parameter
Description
Using reset bgp dampening command, you can reset the attenuation information of a
route and release the suppression of a suppressed route.
For the related commands, see dampening, display bgp routing-table dampened.
Example
Syntax
View
User view
4-45
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Parameter
Description
Using reset bgp flap-info command, you can reset the flap-info of a route.
For the related commands, see dampening.
Example
# Reset the flap-info of all the routes that go through filter list 10.
<Quidway> reset bgp flap-info as-path-acl 10
Syntax
View
User view
Parameter
Description
Using reset bgp group command, you can reset the connections between the BGP
and all the members of a group.
For the related commands, see peer group.
Example
Syntax
summary automatic
4-46
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
View
BGP view
Parameter
None
Description
Example
4.1.59 timer
Syntax
View
BGP view
Parameter
keepalive-interval: Set the interval time value for keepalive time. The range is 1 to
65535. By default, its value is 60 seconds.
holdtime-interval: Set the interval time value for hold time. The range is 3 to 65535. By
default, its value is 180 seconds.
Description
Using timer command, you can configure the Keep-alive and Hold-time timer of BGP.
Using undo timer command, you can restore the default value of the Keep-alive and
Hold-time of the timer.
Example
4-47
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Syntax
undo synchronization
View
BGP view
Parameter
None
Description
Using undo synchronization command, you can cancel the synchronization of BGP
and IGP.
By default, BGP doesn’t synchronize with IGP.
If the local BGP is not set synchronous with the IGP and the next hop of the learned
BGP route is reachable, the local BGP will add this BGP route into its routing table
immediately after it learns the route, rather than waiting till the IGP also learns the
route.
This command means BGP does not synchronize with IGP in current system. You need
not configure it for S3500 Series Ethernet Switches don’t support synchronization of
BGP and IGP at present.
Example
4-48
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Note:
When an Ethernet switch runs a routing protocol, it can perform the router functions.
Router that is referred to in the following and its icon represent a generalized router or
an Ethernet switch running routing protocols. To improve readability, this will not be
described in the other parts of the manual.
Syntax
View
Parameter
Description
Using apply as-path command, you can configure AS number to be added in front of
the original AS path in Route-policy. Using undo apply as-path command, you can
cancel the AS sequence number added in front of the original AS path.
By default, no AS number is set.
If the match condition of Route-policy is matched, the AS attribute of the transmitting
route will be changed.
5-1
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Example
Syntax
View
Parameter
Description
Using apply community command, you can configure the set BGP community
attribute of Route-policy. Using undo apply community command, you can cancel the
set BGP community attribute.
By default, BGP community attribute is not set.
For the related commands, see ip community-list, if-match community-list,
route-policy, display bgp routing-table community.
Example
5-2
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Syntax
View
Parameter
Description
Using apply cost command, you can configure the route cost value of route
information. This command is one attribute apply sub-statements of Route-policy.
Using undo apply cost command, you can cancel the apply sub-statement.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop,
apply local-preference, apply origin and apply tag.
Example
# Define one apply sub-statement. When it is used for setting route information attribute,
it sets the route metric value of route information as 120.
[Quidway-route-policy] apply cost 120
Syntax
View
Parameter
internal: Use the cost type of IGP as MED value of BGP to advertise route to EBGP
peer.
external: external cost type of IS-IS. S3500 series don’t support this parameter at
present.
5-3
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Description
Using apply cost-type command, you can configure the route cost type of route
information. This command is one attribute apply sub-statements of Route-policy.
Using undo apply cost-type command, you can cancel the apply sub-statement.
By default, route cost type is not set.
Example
# Set the cost type of IGP as MED value of BGP to advertise route to EBGP peer.
[Quidway-route-policy] apply cost-type internal
Syntax
View
Parameter
Description
Using apply ip next-hop command, you can configure the next hop address of route
information. This command is one attribute apply sub-statements of Route-policy.
Using undo apply ip next-hop command, you can cancel the apply sub-statement.
By default, no apply sub-statement is defined.
When it is used for setting route information attribute, it sets the next hop address area
of route information passing filtration.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match cost, if-match tag, route-policy, apply
local-preference, apply cost, apply origin and apply tag.
Example
# Set the next hop address of route information as 193.1.1.8 when it is used for setting
route information attribute.
[Quidway-route-policy] apply ip next-hop 193.1.1.8
5-4
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Syntax
View
Parameter
Description
Using apply local-preference command, you can configure to apply the local
preference of route information. This command is one apply sub-statements of
Route-policy attribute set. Using undo apply local-preference command, you can
cancel the apply sub-statement.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop,
apply local-preference, apply origin and apply tag.
Example
# Apply the local preference level of route information as 130 when this apply
sub-statement is used for setting route information attribute. .
[Quidway-route-policy] apply local-preference 130
Syntax
View
Parameter
5-5
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Description
Example
# Define one apply sub-statement. When it is used for setting route information attribute,
it sets the route source of BGP route information as igp.
[Quidway-route-policy] apply origin igp
Syntax
View
Parameter
Description
Using apply tag command, you can configure to set the tag area of OSPF route
information. This command is one of attribute apply sub-statements of Route-policy.
Using undo apply tag command, you can cancel the apply sub-statement.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop,
apply local-preference, apply cost and apply origin.
Example
# Define one apply sub-statement. When it is used for setting route information attribute,
it sets the tag area of route information as 100.
[Quidway-route-policy] apply tag 100
5-6
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display ip ip-prefix command, you can view the address prefix list.
For the related commands, see ip ip-prefix.
Example
Field Description
name Name of ip-prefix
index Internal sequence number of ip-prefix
conditions Mode: permit or deny
ip-prefix / mask Address and network segment length of ip-prefix
GE Greater-equal value of ip-prefix network segment length
LE Less-equal value of ip-prefix network segment length
Syntax
View
Any view
5-7
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Parameter
Description
Using display route-policy command, you can view the configured Route-policy
For the related commands, see route-policy.
Example
Field Description
Route-policy Name of ip-prefix
if-match
The configured if-match clause
(prefixlist) p1
Apply routing cost 100 to the routes matching
Permit 10 apply cost 100
the conditions defined by if-match clause
Syntax
View
5-8
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Parameter
acl-number: Number of the access control list used for matching the destination
address field of the routing information.
ip-prefix-name: Address prefix list used for matching the routing information destination
address field.
protocol: The routing information of which kind of route protocol to be filtered.
Description
Using filter-policy export command, you can configure to set the filtering conditions of
the routing information advertised by a certain type of routing protocols. Using undo
filter-policy export command, you can cancel the filtering conditions set.
By default, the advertised routing information is not filtered.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be advertised. Only the routing
information passing the filtration can be advertised.
For the related commands, see filter-policy import.
Example
# Define the filtering rules for advertising the routing information of RIP. Only the routing
information passing the filtering of address prefix list p1 will be advertised by RIP.
[Quidway-rip] filter-policy ip-prefix p1 export
Syntax
View
Parameter
acl-number: The access control list number used for matching the destination address
field of the routing information.
ip-prefix ip-prefix-name: The prefix address list name. Its matching object is the
destination address field of the routing information.
5-9
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
gateway ip-prefix-name: The prefix address list name of the neighbor router address.
Its matching object is the routing information advertised by the specified neighbor
router.
Description
Using filter-policy gateway import command, you can filter the received routing
information advertised by a specified router. Using undo filter-policy gateway import
command, you can cancel the setting of the filtering condition.
Using filter-policy import command, you can set the condition for filtering the routing
information. Using undo filter-policy import command, you can cancel the setting of
filter condition
By default, the received routing information is not filtered.
In some cases, it may be required that only the routing information meeting some
conditions can be received. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be advertised. Only the routing
information passing the filtration can be received.
For the related commands, see filter-policy export.
Example
# Define the filtering rule for receiving routing information of RIP. Only the routing
information filtered through the address prefix list p1 can be received by RIP.
[Quidway-rip] filter-policy ip-prefix p1 import
Syntax
View
Parameter
acl-number: Specify the number of the access control list used for filtration
ip-prefix-name: Specify the prefix address list used for filtration
Description
Using if-match { acl | ip-prefix } command, you can configure the IP address range to
match the Route-policy. Using undo if-match { acl | ip-prefix } command, you can
cancel the setting of the match rule.
5-10
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Example
# Define one if-match sub-statement. When the sub-statement is used for filtering route
information, the route information filtered by route destination address through address
prefix list p1 is enable to pass the if-match sub-statement.
[Quidway-route-policy] if-match ip-prefix p1
Syntax
View
Parameter
acl-number: AS path based access control list number, ranging from 1 to 199.
Description
Using the if-match as-path command, you can match the AS path domain of the BGP
routing information; using the undo if-match as-path command, you can cancel the
match of AS path domain.
By default, AS path list number is not matched.
Example
5-11
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Syntax
View
Parameter
Description
Using if-match community command, you can match the community attribute of the
BGP information. Using undo if-match community command, you can cancel the
match of the community attribute.
This if-match sub-statement of route-policy is used to filter BGP routing information.
The match condition is specified according to the community attributes of the routing
information.
For the related commands, see route-policy, ip community-list.
Example
Syntax
5-12
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
View
Parameter
value: Specify the required route metric value, ranging from 0 to 4294967295.
Description
Using if-match cost command, you can configure one of the match rules of
route-policy to match the cost of the routing information. Using undo if-match cost
command, you can cancel the configuration of the match rule.
By default, no if-match sub-statement is defined.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match tag, route-policy, apply ip next-hop, apply
local-preference, apply cost, apply origin, apply tag.
Example
# A if-match sub-statement is defined, which allows the routing information with routing
cost 8 to pass this if-match sub-statement.
[Quidway-route-policy] if-match cost 8
Syntax
View
Parameter
Description
Using if-match interface command, you can configure to match the route whose next
hop is designated interface. Using undo if-match interface command, you can cancel
the setting of matching condition.
By default, no if-match sub-statement is defined.
It matches the corresponding interface of route next hop when filtering route.
5-13
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
For the related commands, see if-match acl, if-match ip-prefix, if-match ip next-hop,
if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply
local-preference, apply origin and apply tag.
Example
# Define one if-match sub-statement to match the route whose next hop interface is
Vlan-interface 1
[Quidway-route-policy] if-match interface Vlan-interface 1
Syntax
View
Parameter
acl-number: Specify the number of the access control list used for filtration. The range
is 2000 to 2999.
ip-prefix-name: Specify the name of the prefix address list used for filtration.
Description
Using if-match ip next-hop command, you can configure one of the match rules of
route-policy on the next hop address of the routing information. Using undo if-match ip
next-hop command, you can cancel the setting of ACL matching condition. Using
undo if-match ip next-hop ip-prefix command, you can cancel the setting of address
prefix list matching condition.
Filtration is performed by quoting an ACL or a address prefix list.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply
local-preference, apply origin and apply tag.
Example
# Define a if-match sub-statement. It permits the routing information, whose route next
hop address passes the filtration of the prefix address list p1, to pass this if-match
sub-statement.
[Quidway-route-policy] if-match ip next-hop ip-prefix p1
5-14
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Syntax
View
Parameter
Description
Using if-match tag command, you can configure to match the tag field of OSPF route
information. Using undo if-match tag command, you can cancel the existing matching
rules.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match cost, route-policy, apply ip next-hop, apply cost,
apply local-preference, apply origin and apply tag.
Example
# Define one if-match sub-statement and enable the OSPF route information whose
value of tag is 8 to pass the if-match sub-statement.
[Quidway-route-policy] if-match tag 8
5.1.20 ip ip-prefix
Syntax
View
System view
Parameter
ip-prefix-name: The specified address prefix list name. It identifies one address prefix
list uniquely.
index-number: Identify an item in the prefix address list. The item with smaller
index-number will be tested first.
5-15
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
permit: Specify the match mode of the defined address prefix list items as permit
mode.
deny: Specify the match mode of the defined address prefix list items as deny mode.
network: The IP address prefix range (IP address). If it is 0.0.0.0 0, all the IP addresses
are matched.
len: The IP address prefix range (mask length). If it is 0.0.0.0 0, all the IP addresses are
matched.
greater-equal, less-equal: The address prefix range [greater-equal, less-equal] to be
matched after the address prefix network len has been matched. The meaning of
greater-equal is "larger than or equal to" , and the meaning of less-equal is "less than
or equal to". The range is len <= greater-equal <= less-equal <= 32. When only
greater-equal is used, it denotes the prefix range [greater-equal, 32]. When only
less-equal is used, it denotes the prefix range [len, less-equal].
Description
Using ip ip-prefix command, you can configure an address prefix list or one of its items,
which can also be deleted with undo ip ip-prefix command.
By default, there’s no address prefix list.
The address prefix list is used for IP address filtering. An address prefix list may contain
several items, and each item specifies one address prefix range. The inter-item filtering
relation is "OR", i.e. passing an item means passing the filtering of this address prefix
list. Not passing the filtering of any item means not passing the filtration of this prefix
address list.
The address prefix range may contain two parts, which are determined by len and
[greater-equal, less-equal] respectively. If the prefix ranges of these two parts are both
specified, the IP to be filtered must match the prefix ranges of these two parts.
If you specify network len as 0.0.0.0 0, it only matches the default route.
Example
# The prefix address list of this address indicates to match the bits 1 to 8 and the bits 17
to 18 for filtering the IP address with the bits 1 to 8 and the bits 17 to 18 of the specified
IP network segment 10.0.192.0.
[Quidway] ip ip-prefix p1 permit 10.0.192.0 8 greater-equal 17 less-equal 18
5.1.21 route-policy
Syntax
5-16
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
View
System view
Parameter
Description
Using route-policy command, you can create and enter the Route-policy view. Using
undo route-policy command, you can delete the established Route-policy.
By default, no Route-policy is defined.
Route-policy is used for route information filtration or route policy. One Route-policy
comprises of some nodes and each node comprises of some match and apply
sub-statements. The if-match sub-statement defines the match rules of this node and
the apply sub-statement defines the actions after passing the filtration of this node. The
filtering relationship between the if-match sub-statements of the node is “and”, i.e., all
if-match sub-statements that meet the node. The filtering relation between Route-policy
nodes is "OR", i.e. passing the filtering of one node means passing the filtering of this
Route-policy. If the information doesn’t pass the filtration of any nodes, it cannot pass
the filtration of this Route-policy.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match cost, if-match tag, apply ip next-hop, apply
local-preference, apply cost, apply origin and apply tag.
Example
# Configured one Route-policy policy1, whose node number is 10 and if-match mode is
permit, and enter Route policy view.
[Quidway] route-policy policy1 permit node 10
[Quidway-route-policy]
5-17
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 Route Capacity Configuration Commands
Syntax
display memory
Mode
Any view
Parameter
None
Description
Using display memory command, you can view the memory setting.
Example
Table 6-1 The description for the information displayed by the display memory
command
Item Description
System Total
The total number of the Ethernet switch memory in byte.
Memory(bytes)
Total Used
The total number of the used Ethernet switch memory in byte.
Memory(bytes)
6-1
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 Route Capacity Configuration Commands
Syntax
Mode
Any view
Parameter
None
Description
Using display memory limit command, you can view the memory setting and state
information related to the Ethernet switch capacity, including available memory and
state information about connections such as times for disconnecting connections,
times for reestablishing connections and whether or not the current system is in the
emergent state.
Example
The information displayed by this command includes the Ethernet switch memory limit,
the size of the idle memory, the times of the connection disconnecting, the times of the
connection reestablishment and the current state.
The displayed information is described specifically in the following table:
6-2
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 Route Capacity Configuration Commands
Table 6-2 The description for the information displayed by the display memory limit
command
Item Description
system memory
The safety value of the Ethernet switch memory.
safety
system memory limit The lower limit of the Ethernet switch memory.
The system allows recovering the connection
auto-establish
automatically. (If the automatic recover is disabled, the
enabled
"auto-establish disabled" will be displayed.)
Syntax
View
System view
Parameter
None
Description
Using memory auto-establish disable command, you can disable the routing protocol
connection that is forcibly disconnected to recover automatically when the idle memory
of the Ethernet switch reaches this value. Thus, connections of all the routing protocols
will not recover when the idle memory of the Ethernet switch recovers to a safety value.
In this case, you need to restart the routing protocol to recover the connections.
By default, when the idle memory of the Ethernet switch recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory of
the Ethernet switch reduces to a lower limit, the connection will be disconnected
forcibly).
You shall use the command cautiously.
6-3
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 Route Capacity Configuration Commands
For the related commands, see memory auto-establish enable, memory { safety |
limit }, display memory limit.
Example
# Disable memory resume of the current Ethernet switch and recover connections of all
the protocols automatically.
[Quidway] memory auto-establish disable
Syntax
View
System view
Parameter
None
Description
Using memory auto-establish enable command, the routing protocol connection that
is forcibly disconnected to recover automatically when the idle memory of the Ethernet
switch reaches this value.
By default, when the idle memory of the Ethernet switch recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory of
the Ethernet switch reduces to a lower limit, the connection will be disconnected
forcibly).
For the related commands, see memory auto-establish disable, memory { safety |
limit }, display memory limit.
Example
# Enable memory resume of the current Ethernet switch and recover connections of all
the protocols automatically.
[Quidway] memory auto-establish enable
Syntax
6-4
Command Manual - Routing Protocol
Quidway S3500 Series Ethernet Switches Chapter 6 Route Capacity Configuration Commands
View
System view
Parameter
safety safety-value: The safety value of the Ethernet switch idle memory, in the unit of
Mbytes. Its value range depends on the idle memory of the active Ethernet switch.
limit limit-value: The lower limit of the Ethernet switch idle memory, in the unit of
Mbytes. Its value range depends on the idle memory of the active Ethernet switch.
Description
Using memory limit limit-value command, you can configure the lower limit of the
Ethernet switch idle memory. When the idle memory of the Ethernet switch is less than
this limit, all the routing protocol connections will be disconnected forcibly. The
limit-value in the command must be less than the current idle memory safety value, and
otherwise the configuration will fail.
Using memory safety safety-value command, you can configure the safety value of
the Ethernet switch idle memory. If you use the memory auto-establish enable
command (the default configuration), the routing protocol connection that is forcibly
disconnected will automatically recover when the idle memory of the Ethernet switch
reaches this value. The safety-value in the command must be more than the current
idle memory lower limit, and otherwise the configuration will fail.
Using memory safety safety-value limit limit-value command, you can change both of
the safety value and lower limit of the Ethernet switch idle memory. The safety-value
must be more than the limit-value, otherwise the configuration will fail.
Using undo memory command, you can configure the safety value and the lower limit
of the Ethernet switch idle memory to the default configuration.
For the related commands, see memory auto-establish disable, memory
auto-establish enable and display memory limit.
Example
# Set the lower limit of the Ethernet switch idle memory to 1Mbytes and the safety value
to 3Mbytes.
[Quidway] memory safety 3 limit 1
6-5
HUAWEI
Multicast
Table of Contents
i
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 1 GMRP Configuration Commands
Syntax
View
User view
Parameter
Description
Using debugging gmrp command, you can enable GMRP debugging. Using undo
debugging gmrp you can disable GMRP debugging.
Example
Field Description
GMRP: Max number of GMRP Maximum number of entries reached for GMRP
entries reached local database
Syntax
1-1
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 1 GMRP Configuration Commands
View
Any view
Parameter
Description
Using display gmrp statistics command, you can view the statistics information about
GMRP.
This command is used for displaying the statistics information about GMRP, including
the list of ports with GMRP enabled, GMRP status information, GMRP failed
registrations and last origin of GMRP packet data unit (PDU).
Example
Syntax
View
Any view
Parameter
None
Description
Using display gmrp status command, you can view the status of global GMRP.
This command can be used for displaying the enabled/disabled status of global GMRP.
1-2
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 1 GMRP Configuration Commands
Example
Field Description
GMRP is enabled GMRP is enabled globally.
1.1.4 gmrp
Syntax
gmrp
undo gmrp
View
Parameter
None
Description
Using gmrp command, you can enable global GMRP or enable GMRP on a port. Using
undo gmrp command, you can configure the GMRP back to the default setting,
namely disabled.
By default, GMRP is disabled
Executed in system view, this command will enable the global GMRP. After performing
this command in Ethernet port view, GMRP will be enabled on a port.
Before enabling GMRP on a port, you shall enable GMRP globally.
For the related command, see display gmrp status, display gmrp statistics.
Example
1-3
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
Note:
S3552G/S3552P/S3552F/S3528G/S3528P support IGMP Snooping.
Syntax
View
Any view
Parameter
None
Description
Using display igmp-snooping configuration command, you can view the IGMP
Snooping configuration information.
This command is used to display the IGMP Snooping configuration information of the
switch. The information displayed includes whether IGMP Snooping is enabled, router
port timeout, maximum response timeout of a query and the member port timeout.
For the related command, see igmp-snooping.
Example
2-1
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
The information above tells us that: IGMP Snooping is enabled; the router port timer is
set to be 300 seconds; the max response timer is set to be 50 seconds; the aging timer
of multicast group member is set to be 500 seconds.
Syntax
View
Any view
Parameter
vlan vlanid: Specifies the VLAN where the multicast group to be viewed is located.
When the parameter is omitted, the command will display the information about all the
multicast groups on the VLAN.
Description
Using display igmp-snooping group command, you can view the IP multicast groups
and MAC multicast groups under VLAN.
This command displays the IP multicast group and MAC multicast group information of
a VLAN or all the VLAN where the Ethernet switch is located. It displays the information
such as VLAN ID, router port, IP multicast group address, member ports in the IP
multicast group, MAC multicast group, MAC multicast group address, and the member
ports in the MAC multicast group.
Example
2-2
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display igmp-snooping statistics command, you can view the statistics
information on IGMP Snooping.
This command displays the statistics information about IGMP Snooping of Ethernet
switch. It displays the information such as number of received general IGMP query
packets, received IGMP specific query packets, received IGMP Version 1 and Version 2
report packets, received IGMP leave packets and error packets, and sent IGMP
specific query packets.
For the related command, see igmp-snooping.
Example
2.1.4 igmp-snooping
Syntax
2-3
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
undo igmp-snooping
View
System view
Parameter
Description
Example
Syntax
igmp-snooping fast-leave
undo igmp-snooping fast-leave
View
Parameter
None
Description
Using the igmp-snooping fast-leave command, you can enable the function of fast
removing a port from a multicast group. Using the undo igmp-snooping fast-leave
command, you can cancel this configuration.
By default, the fast remove function is disabled.
Normally, at the receiving of the IGMP Leave packet, igmp-snooping sends out
group-specific query packet instead of directly removing a port from a multicast group.
After waiting for a period of time, if it receives no respond, igmp-snooping then
removes the port form the group. By configuring this command, igmp-snooping
2-4
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
removes the port from the multicast group directly at receiving the IGMP Leave packet.
The fast remove function saves bandwidth when only one user remaining at the port.
Note that, this function takes effect on condition that the client supports IGMP V2. After
configuring this command, when there are multiple users at one port, the leaving of one
user may cause the loss of multicast service of other users in this group.
Example
Syntax
View
Parameter
limit: The maximum number of multicast groups on a port, in the range of 0 to 1000. The
default value is 1000.
Description
Using igmp-snooping group-limit command, you can set the maximum number of
multicast groups permited on a port. Using undo igmp-snooping group-limit
command, you can restore the default value.
By default, the maximum number of multicast groups permited on a port is unlimited.
Example
Syntax
View
2-5
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
Parameter
acl_number: Number of basic access control list, in the range of 2000 to 2999.
vlanid: ID of VLAN to which the ethernet port belongs, ranging from 1 to 4094.
Description
Using igmp-snooping group-policy command, you can set the filtering of IGMP
Snooping to control the accessing to the multicast group. Using undo igmp-snooping
group-policy command, you can cancel the configured filtering.
By default, no filtering is configured on the switch.
IGMP snooping filter function can limit the programs that users can order, by
configuring some multicast filtering ACLs for users on the different switch ports, so that
different users can order different program sets.
In practice, when ordering a multicast program set, the user originates an IGMP report
packet. Upon receiving the packet, the switch first compares it against the multicast
ACLs configured on the inbound port. If allowed, the switch then adds the port to the
forward port list of the multicast group; otherwise, it drops the IGMP report packet and
no data flow then will be sent to this port. Thus the switch can control users’ multicast
program ordering.
User-defined ACL rule is a multicast address or multicast address range (224.0.0.1 to
239.255.255.255)
z If the rule is set as permit, the port can be added to the groups contained in the
permitted ACL range, but not to the groups outside the permitted ACL range.
z If the rule is set as deny and no other ACL is set as permit, the port cannot be
added to the groups within the denied ACL range, nor to the groups outside the
denied ACL range.
Note:
z Each VLAN of each port can only be configured with one ACL rule.
z If no ACL rule is configured or the configured port doesn’t belong to the specified
VLAN, the filtering configured by this command will not take effect.
z Most devices just broadcast unknown multicast packets, s o to prevent the case
where multicast data flow is sent as unknown multicast packets to the filtered ports,
this function is generally configured in combination with the unknown multicast
dropping function.
2-6
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
Example
Syntax
View
System view
Parameter
seconds: Specifies the port aging time of the multicast group member, ranging from 200
to 1000 and measured in seconds; By default, 260.
2-7
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
Description
Using igmp-snooping host-aging-time command, you can configure the port aging
time of the multicast group members. Using undo igmp-snooping host-aging-time
command, you can restore the default value.
This command is used to set the aging time of the multicast group member so that the
refresh frequency can be controlled. When the group members change frequently, the
aging time should be comparatively short, and vice versa.
For the related command, see igmp-snooping.
Example
Syntax
View
System view
Parameter
seconds: Maximum response time for a query ranging from 1 to 100 and measured in
seconds; By default, 10.
Description
Example
2-8
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
Syntax
View
System view
Parameter
seconds: Specifies the router port aging time, ranging from 130 to 1000 measured in
seconds; By default, 260.
Description
Using igmp-snooping router-aging-time command, you can configure the router port
aging time of IGMP Snooping. Using undo igmp-snooping router-aging-time
command, you can restore the default value.
The port here refers to the Ethernet switch port connected to the router. The Layer-2
Ethernet switch receives general query packets from the router via this port. The timer
should be set to about 2.5 times of the general query period of the router.
For the related command, see igmp-snooping, igmp-snooping
max-response-time.
Example
# Set the aging time of the IGMP Snooping router port to 500 seconds.
[Quidway] igmp-snooping router-aging-time 500
Syntax
View
User view
Parameter
None
Description
Using reset igmp-snooping statistics command, you can reset the IGMP Snooping
statistics information.
2-9
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
Example
2-10
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 3 Multicast Common Configuration Commands
Syntax
View
User view
Parameter
None
Description
Using debugging multicast forwarding command, you can enable multicast packet
forwarding debugging functions. Using undo debugging multicast forwarding
command, you can disable the debugging functions.
By default, the debugging function is disabled.
Example
Syntax
View
User view
Parameter
None
3-1
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 3 Multicast Common Configuration Commands
Description
Example
Syntax
View
User view
Parameter
None
Description
Example
Syntax
View
Any view
3-2
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 3 Multicast Common Configuration Commands
Parameter
Description
Using display multicast forwarding-table command, you can view the information of
IP multicast forwarding table.
For the related command, see display multicast routing-table.
Example
Matched 2 entries
Field Description
Multicast Forwarding Cache Table Multicast forwarding cache table
Total 2 entries Total number of entries
00002 Sequence number of entries
(4.4.4.4, 224.2.149.17) (s,g)
3-3
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 3 Multicast Common Configuration Commands
Field Description
Multicast forwarding cache table has an
iif Vlan-interface1, 1 oifs incoming interface Vlan-interface 1 and one
outgoing interface
Syntax
View
Any view
Parameter
group-address: Multicast group address, used to specify a multicast group and display
the corresponding routing table information of the group. The value ranges from
224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
incoming-interface: Incoming interface of the multicast route entry.
interface-type interface-number: Specifies the interface.
register: Register interface of PIM-SM.
Description
Using display multicast routing-table command, you can view the information of IP
multicast routing table.
This command displays the multicast routing table information, while the display
multicast forwarding-table command displays the multicast forwarding table
information.
3-4
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 3 Multicast Common Configuration Commands
Example
(4.4.4.4, 224.2.149.17)
Uptime: 00:15:16, Timeout in 272 sec
Upstream interface: Vlan-interface1(4.4.4.6)
Downstream interface list:
Vlan-interface2(2.2.2.4), Protocol 0x1: IGMP
(4.4.4.4, 224.2.254.84)
Uptime: 00:15:16, Timeout in 272 sec
Upstream interface: Vlan-interface1(4.4.4.6)
Downstream interface list: NULL
(4.4.4.4, 239.255.2.2)
Uptime: 00:02:57, Timeout in 123 sec
Upstream interface: Vlan-interface1(4.4.4.6)
Downstream interface list: NULL
Matched 3 entries
Field Description
Multicast Routing Table Multicast routing table
Total 3 entries 3 entries in total
(4.4.4.4, 224.2.149.17) (s, g)
Multicast routing table lasts 15’16” and
Uptime: 00:15:16, Timeout in 272 sec times out in 272 seconds.
Upstream interface: Upstream interface vlan-interface 1 (its
Vlan-interface1(4.4.4.6) IP address is 4.4.4.6).
Downstream interface list: Downstream interface list: has an
Vlan-interface2(2.2.2.4), Protocol interface Vlan-interface 2 (its IP address
0x1: IGMP is 2.2.2.4). The downstream interface is
configured with IGMP groups.
3-5
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 3 Multicast Common Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display multicast vif command, you can view the virtual interface information
for multicast.
Example
Table 3-3 Description of information generated by the command display multicast vif
Field Description
Interface:Vlan-interface1, TTL:1, Multicast virtual interface Vlan-interface 1,
LclAddr:4.4.4.6, RmtAddr:0.0.0.0 (IP address 4.4.4.6)
Syntax
multicast routing-enable
undo multicast routing-enable
3-6
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 3 Multicast Common Configuration Commands
View
System view
Parameter
None
Description
Using multicast routing-enable command, you can enable IP multicast routing. Using
undo multicast routing-enable command, you can disable IP multicast routing.
By default, IP multicast routing is disabled.
For the related commands, see pim dm and pim sm.
Example
3-7
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Syntax
View
User view
Parameter
Description
Using debugging igmp command, you can enable IGMP debugging functions. Using
undo debugging igmp command, you can disable the debugging functions.
By default, IGMP debugging functions are disabled.
Example
Syntax
View
Any view
4-1
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Parameter
Description
Using display igmp group command, you can view the member information of the
IGMP multicast group.
You can specify to show the information of a group or the member information of the
multicast group on an interface. The information displayed contains the multicast
groups which are joined by the downstream hosts through IGMP or through command
line.
For the related command, see igmp host-join.
Example
Field Description
Group address Multicast group address
Last Reporter The last host reporting to join in the multicast group
Uptime Time passed since multicast group is discovered (hh: mm: ss).
Syntax
View
Any view
4-2
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Parameter
Description
Using display igmp interface command, you can view the IGMP configuration and
running information on an interface.
Example
Syntax
View
Any view
Parameter
Description
Using display igmp port command, you can view the configuration information about
the multicast on the port.
If no parameter is specified, this command displays the information of all the ports. The
IGMP configuration information of all the ports will be displayed.
For the related command, see igmp host-join, igmp group-policy.
4-3
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Example
Table 4-2 Description of information generated by the command display igmp port
Field Description
Ethernet0/1: Port number: Ethernet0/1
Vlan-interface2: The port uses the virtual interface Vlan-interface2
IGMP groups joined: The port with an address 224.2.149.17 reports joining
224.2.149.17 IGMP group
Syntax
View
Interface View
Parameter
acl-number: Number of the basic IP access control list number, defining a multicast
group range. The value ranges from 2000 to 2999.
1: IGMP version 1.
2: IGMP version 2. If IGMP version is not specified, version 2 will be used as default.
port: Packets received and sent by the port(s) and applied to the conditions set by the
ACL will be filtered. And the port(s) must belong to the VLAN interface being configured
by this command.
Description
Using igmp group-policy command, you can set the filter of multicast groups on an
interface to control the accessing to the IP multicast groups. Using undo igmp
group-policy command, you can remove the filter configured.
4-4
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
By default, no filter is configured, that is, a host can join any multicast group.
If you do not want the hosts on the network that the interface is on to join some
multicast groups and receive the packets from the multicast groups, you can use this
command to limit the range of the multicast groups serviced by the interface.
For the related command, see igmp host-join.
Example
# Configure that only the hosts contained in the access-list 2000 connected to the
VLAN-interface10 can be added to the multicast group, which is configured to use
IGMP version 2.
[Quidway-Vlan-interface10] igmp group-policy 2000 2
Syntax
View
Parameter
acl-number: Number of the basic IP access control list number, defining a multicast
group range. The value ranges from 2000 to 2999.
vlanid: Specify the ID for the VLAN to which the port belongs.
Description
Using igmp group-policy vlan command, you can set the filter of multicast groups on
an port to control the accessing to the IP multicast groups. Using undo igmp
group-policy vlan command, you can remove the configured filter.
By default, no filter is configured, that is, a host can join any multicast group.
This command has the same function with the igmp group-policy command. Note that
the configured port must belong to the specified VLAN, and the IGMP protocol must be
enabled on this port; otherwise, the configuration does not function.
For the related command, see igmp host-join, igmp host-join vlan, igmp host-join
port.
4-5
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Example
# Configure that only the hosts contained in the access-list 2000 connected to the port
Ethernet0/1 in VLAN-interface10 can be added to the multicast group, which is
configured to use IGMP version 2.
[Quidway-Ethernet0/1] igmp group-policy 2000 vlan 10
Syntax
View
Parameter
group-address: Multicast address of the multicast group that an interface will join.
port: Specify the port in the VLAN interface.
Description
Using igmp host-join command, you can enable an port in the VLAN interface of an
ethernet switch to join a multicast group. Using undo igmp host-join command, you
can disable the configuration.
By default, an interface does not join any multicast group.
On an ethernet switch, up to 64 interfaces can be configured with igmp host-join
command at best.
For the related command, see igmp group-policy.
Example
Syntax
4-6
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
View
Parameter
group-address: Multicast address of the multicast group that an interface will join.
vlanid: Specifies the ID for the VLAN to which the port belongs.
Description
Using igmp host-join vlan command, you can enable an port in the VLAN interface of
an ethernet switch to join a multicast group. Using undo igmp host-join vlan
command, you can disable the configuration.
By default, a port does not join any multicast group.
This command has the same function with the igmp host-join port command. Note
that the configured port must belong to the specified VLAN, and the IGMP protocol
must be enabled on this VLAN interface; otherwise, the configuration does not function.
For the related command, see igmp host-join port, igmp host-join, igmp
group-policy.
Example
Syntax
View
Interface view
Parameter
seconds: Maximum response time in the IGMP query messages in second in the range
from 1 to 25. By default, the value is 10 seconds.
4-7
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Description
Using igmp max-response-time command, you can configure the maximum response
time contained in the IGMP query messages. Using undo igmp max-response-time
command, you can restore the default value.
The maximum query response time determines the period for a router to quickly detect
that there are no more directly connected group members in a LAN.
For the related command, see display igmp group.
Example
Syntax
View
Interface view
Parameter
seconds: IGMP querier present timer value in second ranging from 60 to 300. By
default, the value is twice the value of IGMP query message interval, i.e., 120 seconds.
Description
Using igmp timer other-querier-present command, you can configure the timer of
presence of the IGMP querier. Using undo igmp timer other-querier-present
command, you can restore the default value.
On a shared network, i.e., there are multiple multicast routers on the same network
segment, the query router (querier for short) takes charge of sending query messages
periodically on the interface. If other non-queriers receive no query messages within
the valid period, the router will consider the previous query to be invalid and the router
itself becomes a querier.
In IGMP version 1, the selection of a query is determined by the multicast routing
protocol. In IGMP version 2, the router with the lowest IP address on the shared
network segment acts as the querier.
For the related commands, see igmp timer query and display igmp interface.
4-8
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Example
Syntax
View
Interface view
Parameter
seconds: Interval at which a router transmits IGMP query messages in second in the
range from 1 to 65535. By default, the value is 60 seconds.
Description
Using igmp timer query command, you can configure the interval at which a router
interface sends IGMP query messages. Using undo igmp timer query command, you
can restore the default value.
A multicast router periodically sends out IGMP query messages to attached segments
to find hosts that belong to different multicast groups. The query interval can be
modified according to the practical conditions of the network.
For the related command, see igmp timer other-querier-present.
Example
Syntax
igmp version { 1 | 2 }
undo igmp version
View
Interface view
4-9
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Parameter
1: IGMP Version 1.
2: IGMP Version 2. By default, IGMP Version 2 is used.
Description
Using igmp version command, you can specify the version of IGMP that a router uses.
Using undo igmp version command, you can restore the default value.
All routers on a subnet must support the same version of IGMP. After detecting the
presence of IGMP Version 1 system, a router cannot automatically switch to Version 1.
Example
4-10
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Syntax
View
PIM view
Parameter
Description
Using c-bsr command, you can configure a candidate BSR. Using undo c-bsr
command, you can remove the candidate BSR configured.
By default, no candidate BSR is set.
When configure the candidate BSR, the larger bandwidth should be guaranteed since a
great amount of information will be exchanged between BSR and other devices in the
PIM domain.
For the related command, see pim sm.
Example
# Configure the Ethernet switch as C-BSR with priority 2 (and the C-BSR address is
designated as the IP address of VLAN-interface10).
[Quidway] pim
[Quidway-pim] c-bsr vlan-interface 10 24 2
5-1
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
5.1.2 c-rp
Syntax
View
PIM view
Parameter
Description
Using c-rp command, you can configure the router to advertise itself as a candidate RP.
Using undo c-rp command, you can remove the configuration.
By default, no candidate RP is configured.
When configuring the candidate RP, a relatively large bandwidth should be reserved for
the router and other devices in the PIM domain.
For the related command, see c-bsr.
Example
# Configure the Ethernet switch to advertise the BSR that he is the C-RP in the PIM.
The standard access list 2000 defines the groups related to the RP. The address of
C-RP is designated as the IP address of VLAN-interface10.
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[Quidway] pim
[Quidway-pim] c-rp vlan-interface 10 group-policy 2000
Syntax
View
User view
5-2
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Parameter
Description
Using debugging pim common command, you can enable common PIM debugging
functions. Using undo debugging pim common command, you can disable the
debugging functions.
By default, common PIM debugging functions are disabled.
Example
Syntax
debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert |
graft | graft-ack | join | prune } }
undo debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all |
assert | graft | graft-ack | join | prune } }
View
User view
Parameter
5-3
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Description
Using debugging pim dm command, you can enable PIM-DM debugging functions.
Using undo debugging pim dm command, you can disable the debugging functions.
By default, PIM-DM debugging functions are disabled.
Example
Syntax
debugging pim sm { all | mbr | verbose | mrt | timer | warning | { recv | send }
{ assert | bootstrap | crpadv | jp | reg | regstop } }
undo debugging pim sm { all | mbr | verbose | mrt | timer | warning | { recv | send }
{ assert | bootstrap | crpadv | jp | reg | regstop } }
View
User view
Parameter
Description
Using debugging pim sm command, you can enable PIM-SM debugging functions.
Using undo debugging pim sm command, you can disable the debugging functions.
By default, PIM-SM debugging functions are disabled.
Example
5-4
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display pim bsr-info command, you can view the BSR information.
For the related commands, see c-bsr and c-rp.
Example
Field Description
BSR Boot trap router
Priority Priority of BSR
Syntax
View
Any view
5-5
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Parameter
Description
Using display pim interface command, you can view the PIM interface configuration
information.
Example
Field Description
PIM version Version of PIM
PIM mode PIM mode enabled on the interface (DM or SM)
Syntax
View
Any view
Parameter
5-6
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Description
Using display pim neighbor command, you can view the PIM neighbor information.
Example
Field Description
Neighbor Address Neighbor address
Interface Interface where the neighbor has been discovered
Uptime Time passed since the multicast group has been discovered
Expires Specifies when the member will be removed from the group
Syntax
View
Any view
Parameter
5-7
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Description
Using display pim routing-table command, you can view the contents of the PIM
multicast routing table.
For the related command, see display multicast routing-table.
Example
# View the contents of the PIM multicast routing table on the router.
<Quidway> display pim routing-table
PIM-SM Routing Table
Total 0 (*,*,RP)entry, 0 (*,G)entry, 2 (S,G)entries
(192.168.1.2, 224.2.178.130),
Protocol 0x20: PIMSM, Flag 0x4: SPT
UpTime: 23:59, Timeout after 196 seconds
Upstream interface: VLAN-interface2, RPF neighbor: NULL
Downstream interface list: NULL
(192.168.1.2, 224.2.181.90),
Protocol 0x20: PIMSM, Flag 0x4: SPT
UpTime: 23:59, Timeout after 196 seconds
Upstream interface: VLAN-interface2, RPF neighbor: NULL
Downstream interface list: NULL
Field Description
RP Rendezvous Point
(S,G) (source address, multicast group)
PIM-SM PIM Sparse Mode
Syntax
5-8
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
View
Any view
Parameter
Description
Using display pim rp-info command, you can view the RP information of multicast
group.
In addition, this command can also display the BSR and static RP information.
Example
Group/MaskLen: 224.0.0.0/4
RP 4.4.4.6
Version: 2
Priority: 0
Uptime: 00:39:50
Expires: 00:01:40
5.1.11 pim
Syntax
pim
undo pim
View
System view
Parameter
None
Description
Using pim command, you can enter the PIM view. Using undo pim command, you can
clear the configurations in PIM view.
5-9
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Example
Syntax
pim bsr-boundary
undo pim bsr-boundary
View
Interface view
Parameter
None
Description
Using pim bsr-boundary command, you can configure an interface to be the PIM
domain border. Using undo pim bsr-boundary command, you can remove the border.
You can use this command to set border of bootstraps messages, that is to say,
bootstrap messages cannot pass interfaces that are configured with pim
bsr-boundary command while other PIM messages can. In this way, the network is
divided into different BSR domains.
By default, no domain border is set.
For the related command, see c-bsr.
Example
5.1.13 pim dm
Syntax
pim dm
undo pim dm
5-10
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
View
Interface view
Parameter
None
Description
Using pim dm command, you can enable PIM-DM. Using undo pim dm command,
you can disable PIM-DM.
By default, PIM-DM is disabled.
Once enabled PIM-DM on an interface, PIM-SM cannot be enabled on the same
interface and vice versa.
Example
5.1.14 pim sm
Syntax
pim sm
undo pim sm
View
Interface view
Parameter
None
Description
Using pim sm command, you can enable the PIM-SM protocol on an interface. Using
undo pim sm command, you can disable the PIM-SM protocol.
By default, PIM-SM is disabled.
Once enabled PIM-SM on an interface, PIM-DM cannot be enabled on the same
interface and vice versa.
Example
5-11
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Syntax
View
Interface view
Parameter
Description
Using pim timer hello command, you can configure the interval of sending PIM router
Hello messages. Using undo pim timer hello command, you can restore the default
value.
Example
5.1.16 register-policy
Syntax
register-policy acl-number
undo register-policy
View
PIM view
Parameter
acl-number: Number of IP advanced ACL, defining the rule of filtering the source and
group addresses. The value ranges from 3000 to 3999.
Description
5-12
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Example
# If the local device is the RP in the network, using the following command can only
accept multicast message register of the source sending multicast address in the range
of 225.1.0.0/16 on network segment 10.10.0.0/16.
[Quidway] acl number 3010
[Quidway-acl-adv-3010] rule permit ip source 10.10.0.0 0.0.255.255
destination 225.1.0.0 0.0.255.255
[Quidway-acl-adv-3010] quit
[Quidway] multicast routing-enable
[Quidway] pim
[Quidway-pim] register-policy 3010
5.1.17 spt-switch-threshold
Syntax
View
PIM view
Parameter
traffic-rate: Indicate switch rate threshold from RPT to SPT in Kbps. By default, the
switch threshold value is 0, i.e., switching starts when the RPT receives the first data
packet.
infinity: Indicate never to switch to SPT.
acl-number: Number of the IP basic ACL, defining a group of multicast ranges. The
value ranges from 2000 to 2999.
Description
Using spt-switch-threshold command, you can set the packet rate threshold when the
PIM leaf router switches from the RPT to the SPT. Using undo spt-switch-threshold
command, you can restore the default setting.
Example
# Configure the threshold for switching from RPT to source SPT as 0kbps.
[Quidway] pim
[Quidway-pim] spt-switch-threshold 0
5-13
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
5.1.18 static-rp
Syntax
View
PIM view
Parameter
Description
Using static-rp command, you can configure static RP. Using undo static-rp
command, you can remove the configuration.
Static RP functions as the backup of dynamic RP so as to improve the network
robusticity. If the RP elected by BSR mechanism is valid, static RP will not work.
All routers in the PIM domain should be configured with this command and be specified
with the same RP address.
The new configuration overwrites the old one if you run the command for a second
time.
For related command, see display pim rp-info.
Example
5-14
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 6 Multicast VLAN Configuration Commands
Syntax
service-type multicast
undo service-type multicast
View
VLAN view
Parameter
None
Description
Use the service-type multicast command to set the current VLAN to multicast VLAN.
Use the undo service-type multicast command to cancel the setting.
By default, no VLAN is a multicast VLAN.
You can configure a multicast VLAN, join related switch ports into this VLAN and enable
the IGMP Snooping function to make users in different VLANs share the same
multicast VLAN. After doing that, multicast streams are transmitted only through the
multicast VLAN, and therefore the bandwidth is saved. Additionally, the absolute
isolation between the multicast VLAN and the user VLANs guarantees the security of
the network.
Example
6-1
Command Manual - Multicast
Quidway S3500 Series Ethernet Switches Chapter 7 Multicast MAC Address Configuration Commands
Syntax
View
System view
Parameter
Description
Use the mac-address multicast command to add multicast MAC address entries.
Use the undo mac-address multicast command to delete multicast MAC address
entries.
A multicast entry includes multicast address, forwarding port, VLAN etc.
Related command: display mac-address multicast, display mac-address
multicast count.
Example
# Create a multicast MAC address entry on the switch, with its multicast address as
0100-5e0a-0805, forwarding port as Ethernet 1/0/1 and it belonging to VLAN1.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway] mac-address multicast 0100-5e0a-0805 interface Ethernet 1/0/1 vlan
1
7-1
HUAWEI
QoS/ACL
Table of Contents
i
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Table of Contents
iii
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
1.1.1 acl
Syntax
View
System view
Parameter
Description
Using acl command, you can configure a numbered or named ACL, and enter the
corresponding ACL view. Using undo acl command, you can cancel all the rules of a
numbered or named ACL or all the ACLs.
By default, the ACLs are matched in config order.
1-1
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
You can use the acl command to create an ACL and specify its name with “acl-name”
and its type with the keywords “advanced”, ”basic”, ”link”. For both numbered and
named ACL, you can use the rule command to add rules for them after entering ACL
view. (Use the quit command to exit ACL view.) An ACL may contain multiple rules and
the traffic classification rules concern different ranges, which brings forward the issue of
match order when a data packet matches more than one rule.
Using the match-order parameter, you can configure to follow the user configuration
order (as defaulted) or depth-first order (matching the rule with smaller range first) to
match the rules. After specified the match order of an ACL, you cannot change it,
unless delete all its rules and specify the order again. Note that, the match order of ACL
can only be effective in the case ACL is cited by software to filter and classify data.
Due the chips installed, the hardware match order of ACL’s sub-rule is different in
different switch models. The details are listed in the following table.
Note:
For S3526 series switches, packet-filter function only supports rules which action is
deny, and other QoS functions such as configure priority marking, configure traffic
mirroring and configure traffic statistics supports rules which action is permit. But in
some case the permit ACL and deny ACL can be matched for the same time. For
example, ACL 3000 has rule 0 and rule 1, rule 0 is deny rule, rule 1 is permit rule.
Packet-filter function cites ACL 100 rule 0, traffic statistics cites ACL 100 rule 1, then
match order is first match the deny rule then permit rule.
Example
1-2
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Syntax
View
Any view
Parameter
all: Configures to display all the ACLs (including numbered and named ACLs).
acl-number: Specifies the sequence number of the ACL to be displayed with a number
between 2000 and 3999.
acl-name: Specifies the name of the ACL to be displayed with a character string starting
with English letters ([a-z, A-Z]) only and excluding space or quotation mark.
Description
Using display acl config command, you can view the detail configuration information
about the ACL, including all the statements and sequence numbers and how many
packets and bytes matched these statements. The matched information is the
information treated by switch’s CPU. The matched information of transmitted data can
be displayed by display qos-global traffic-statistic command.
Example
1-3
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Field Description
“Basic ACL” delegates the type of ACL, the type of ACL
Basic ACL 2010, 1 rule, can be “advanced ACL”, “Basic ACL”, “Interface based
rule 1 permit ACL” or “Link ACL”. “2010” indicates the number of ACL
10.0.0.1 0 (0 times ( in this location, it may be the name of the ACL) , “1 rule”
matched) indicates the rule number of the ACL. “ rule 1 permit
10.0.0.1 0 (0 times matched)” indicates the rule’s content
Syntax
View
Any view
Parameter
None
Description
Using display acl running-packet-filter all command, you can view the information
about the running state of the ACL. The displayed information includes ACL name, rule
name and running state.
Example
The display information shows all the activated ACLs of the switch.
Syntax
View
Any view
1-4
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Parameter
Description
Using display time-range command, you can view the configuration and status of the
current time range. You will see the active or inactive state outputs respectively.
Note that the system has a delay of about 1 minute when updating the ACL state, while
the display time-range command applies the current time. Therefore when display
time-range displays that a time range is active, the ACL using it may not have been
activated. This is a kind of normal case.
Example
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according to
4-3-2003 Thursday the switch setting).
from 08:30 2-5-2005 to The content of time-range: the first time is the
18:00 2-19-2005 beginning time , the last time is the ending time.
1-5
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according
4-3-2003 Thursday to the switch setting).
from 08:30 2-5-2005 to 18:00 The content of time-range: the first time is the
2-19-2005 beginning time , the last time is the ending time.
1.1.5 packet-filter
Syntax
View
System view
Parameter
Description
Using packet-filter command, you can activate the ACL. Using undo packet-filter
command, you can disable the ACL.
Example
1-6
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Syntax
View
User view
Parameter
all: All the access lists (including numbered and named access lists).
acl-number: Specifies an access list with a number in the range of 2000 to 3999.
acl-name: Specifies an access list with a character string, beginning with English letters
[a-z, A-Z] only, excluding space and quotation marks, and not case sensitive. The all
and any keywords are not allowed.
Description
Using the reset acl counter command, you can reset the statistics information of the
ACL which is used to filter or classify the data treated by the software of switch. You can
clear the matched counters to zero using this command.
Command Function
Reset the statistics information of the ACL which is used in
the case of filtering or classifying the data treated by the
reset acl counter software of switch. The case includes: ACL cited by route
policy function, ACL used for control logon user, etc. The
ACL number ranges from 2000 to 3999.
Example
1-7
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
1.1.7 rule
Syntax
View
ACL view
Parameter
Note:
The following parameters are attributes carried by the data packets. The ACL rules are
defined according to the values of these parameters.
1-8
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
source-addr wildcard | any: source-addr wildcard is the source IP address and source
address wildcard, expressed in dotted decimal notation. any represents any source
address.
fragment: Indicates that the rule takes effect on fragmented packets only and will be
ignored for other packets.
z The parameter of advanced ACL
protocol: This parameter is to define protocol type, which can be indicated by name, or
digit. This parameter can be icmp, igmp, tcp, udp, ip, gre, ospf or ipinip. If this
parameter takes ip, it means all the IP protocols. This parameter can be 1 ~ 255 if
indicated by digit.
Note:
For the rules of IP-any, any-IP, NET-any and any-NET, S3526 does not support packet
filtering of special protocols. You can only configure protocol type as IP (the value of the
parameter protocol in rule command can only be IP) in defining these types of rules in
S3526. Otherwise, error information will be returned when confirm the rule.
source-addr wildcard | any: source-addr wildcard is the source IP address and source
address wildcard, expressed in dotted decimal notation. any represents any source
address.
dest-addr wildcard | any: dest-addr wildcard is the destination IP address and
destination address wildcard, expressed in dotted decimal notation. any represents
any destination address.
source-port operator port1 [ port2 ]: This parameter is to define the source TCP or
UDP port number. Here, operator represents port operation character, including eq
(equal to), gt (greater than), lt (less than), neq (not equal to), and range (in certain
range). Note: This parameter is available only when protocol parameter takes TCP or
UDP. port1 [ port2 ]: TCP or UDP port number of packets, expressed with characters or
numbers. The numbers are in the range of 0 to 65535 and refer to mnemonic symbol
table for character values.
destination-port operator port1 [ port2 ]: This parameter is to define the destination
TCP or UDP port number. The meaning of operator port1 [ port2 ] is same as upper
parameter.
icmp-type type code: Used when protocol is specified as icmp. type code specifies an
ICMP packet. type specifies the ICMP packet type with a number in the range of 0 to
255 or characters. code, ranging from 0 to 255, is used for icmp when ICMP packet
type are not specified with characters.
1-9
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Note:
For S3526, S3526 FM, S3526 FS switches, parameter icmp-type is only supported
when user defines advance ACL. ICMP packet type and code (the parameter type code
in rule command) can’t be configured. Otherwise the system will prompt the
configuration is not available.
established: Used when protocol is tcp to indicate that the rule takes effect on the first
SYN packet to establish TCP connection.
precedence precedence: Specifies IP precedence with a number in the range of 0 to 7
or a name.
tos tos: Classifies the data packets with a number in the range of 0 to 15 or a name.
dscp dscp: Classifies the data packets with a number in the range of 0 to 63 or a name.
fragment: Indicates that the rule takes effect on fragmented packets only and will be
ignored for other packets.
z The parameter of link ACL
ingress { { source-vlan-id | source-mac-addr | interface { interface-name |
interface-type interface-num } }* | any }: Source information of a data packet.
source-vlan-id specifies the source VLAN of the packet, and source-mac-addr specifies
the source MAC address of the data packets. interface { interface-name |
interface-type interface-num } represents the L2 port receiving the packets. any
represents all the packets received from all the ports.
egress { { destination-vlan-id | dest-mac-addr | interface { interface-name |
interface-type interface-num } }* | any }: Specifies the destination information of data
packets. destination-vlan-id specifies the destination VLAN of the packet.
dest-mac-addr specifies the destination MAC address of the data packets. interface
{ interface-name | interface-type interface-num } the L2 port forwarding the packets.
any represents all the packets forwarded by all the ports.
Description
Using rule command, you can add a rule to an ACL. Using undo rule command, you
can cancel a rule from an ACL.
You can add a lot of rules to an ACL. If you input the parameter when use the undo rule
command, the system will delete the corresponding content of the rule according to the
parameter input.
S3526 has some restrictions on ACL configuration in implementing QOS function using
traffic classification. The restriction details are listed in the following table.
1-10
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
1-11
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Note:
z The Layer-3 ACL includes the advanced ACL.
z In the description of the rules: MAC----MAC address, PORT----the switch port,
IP----the host IP address, ANY----any MAC address in Layer-2 ACL and any IP
address in Layer-3 ACL, NET----the segment IP address. The MAC, IP, ANY, NET
and PORT before the character “-” represent the source addresses or receive port;
the ones behind are the destination addresses or transmit port.
z MAC-MAC stands for a Layer-2 ACL rule from source MAC address to destination
MAC address, such as “rule 0 permit ingress 00e0-fc01-0101 1 egress
00e0-fc01-0102 1 time-range huawei ”.
z PORT-PORT stands for a Layer-2 ACL rule from received ethernet port to sent
ethernet port, such as “rule 0 permit ingress interface ethernet0/1 egress interface
ethernet 0/2 time-range huawei ”.
z MAC-PORT stands for a Layer-2 ACL rule from source MAC address to sent
ethernet port, such as “rule 0 permit ingress 00e0-fc01-0101 1 egress interface
ethernet 0/1 time-range huawei ”.
z IP-IP stands for lay-3 ACL rules from source host IP address to destination host IP
address (the wildcard parameter can only be 0) , such as “rule 0 permit ip source
1.1.1.1 0 destination 2.2.2.2 0 time-range huawei”.
z NET-NET stands for lay-3 ACL rules from source segment IP address to destination
segment IP address (the wildcard parameter can not be 0), such as “rule 0 permit ip
source 1.1.1.1 0.0.255.255 destination 2.2.2.2 0.0.255.255 time-range huawei”.
z MAC-any stands for lay-2 ACL rule from source MAC address to any destination
MAC address, such as “rule 0 permit ingress 00e0-fc01-0101 1 egress any
time-range huawei”, and so do any-MAC, IP-any, any-IP, NET-any and any-NET
rules.
z For the MAC-MAC rule, the source and destination MAC addresses must be
configured in the same VLAN. That is, configure the same VLAN ID for the source
and destination MAC addresses in defining ACL.
z For the rules of IP-any, any-IP, NET-any and any-NET, S3526 does not support
packet filtering of special protocols. You can only configure protocol type as IP (the
value of the parameter protocol in rule command can only be IP) in defining these
types of rules in S3526. Otherwise, error information will be returned when confirm
the rule.
z IP-IP and MAC-MAC rules will function on the two directions, that is, user defines a
rule to filter packets from source address to destination address, the rule will also
filter the packets from the destination address to source address. For the rules of
IP-any, any-IP, NET-any, any-NET, MAC-any, any-MAC, they only function on one
direction which user defined.
1-12
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
z For S3526, S3526 FM, S3526 FS switches, parameter icmp-type is only supported
when user defines advance ACL. ICMP packet type and code (the parameter type
code in rule command) can’t be configured. Otherwise the system will prompt the
configuration is not available.
z The restrictions corresponding to each QoS function describe the ACL rule available
in configuring this function. Other ACL rules will not be used in implementing this
function in S3526. Otherwise, the system will return error prompts.
z Define the ACL rules to be used in it first before implementing a QoS function.
Example
1.1.8 time-range
Syntax
View
System view
Parameter
1-13
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Description
Using time-range command, you can configure a time range. Using undo time-range
command, you can delete a time range.
If you input the parameter when use the undo time-range command, the system will
delete the corresponding content of the time range according to the parameter input.
Example
# Configure a time range being effective since zero hour on January 1, 2000 and
forever.
[Quidway] time-range test from 0:0 1-1-2000
Syntax
View
System view
Parameter
1-14
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
name acl-name: Specifies an access list with a character string, beginning with English
letters [a-z, A-Z] only, excluding space and quotation marks, and not case sensitive.
The all and any keywords are not allowed.
advanced: Advanced ACL..
basic: Basic ACL..
link: L2 ACL..
user: User-defined ACL..
config: Follow the user configuration order to match ACL rules.
auto: Follow the depth-first order to match ACL rules.
all: Configures to delete all the ACLs (including numbered and named ACLs).
Description
Using acl command, you can configure a numbered or named ACL, and enter the
corresponding ACL view. Using undo acl command, you can cancel all the rules of a
numbered or named ACL or all the ACLs.
By default, the ACLs are matched in config order.
You can use the acl command to create an ACL and specify its name with “acl-name”
and its type with the keywords “advanced”, ”basic”, ”link”, or "user”. For both
numbered and named ACL, you can use the rule command to add rules for them after
entering ACL view. (Use the quit command to exit ACL view.) An ACL may contain
multiple rules and the traffic classification rules concern different ranges, which brings
forward the issue of match order when a data packet matches more than one rule.
Using the match-order parameter, you can configure to follow the user configuration
order (as defaulted) or depth-first order (matching the rule with smaller range first) to
match the rules. After specified the match order of an ACL, you cannot change it,
unless delete all its rules and specify the order again. Note that, the match order of ACL
can only be effective in the case ACL is cited by software to filter and classify data.
Due the chips installed, the hardware match order of ACL’s sub-rule is different in
different switch models. The details are listed in the following table.
Example
1-15
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Syntax
View
Any view
Parameter
all: Configures to display all the ACLs (including numbered and named ACLs).
acl-number: Specifies the sequence number of the ACL to be displayed with a number
between 2000 and 3999.
acl-name: Specifies the name of the ACL to be displayed with a character string starting
with English letters ([a-z, A-Z]) only and excluding space or quotation mark.
Description
Using display acl config command, you can view the detail configuration information
about the ACL, including all the statements and sequence numbers and how many
packets and bytes matched these statements. The matched information is the
information treated by switch’s CPU. The matched information of transmitted data can
be displayed by display qos-global traffic-statistic command.
Example
1-16
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Field Description
Basic ACL 2010, 1 “Basic ACL” delegates the type of ACL, the type of ACL
rule, can be “advanced ACL”, “Basic ACL”, “Interface based
ACL” or “Link ACL”. “2010” indicates the number of ACL
rule 1 permit ( in this location, it may be the name of the ACL) , “1 rule”
10.0.0.1 0 (0 times indicates the rule number of the ACL. “ rule 1 permit
matched) 10.0.0.1 0 (0 times matched)” indicates the rule’s content
Syntax
View
Any view
Parameter
None
Description
Using display acl running-packet-filter all command, you can view the information
about the running state of the ACL. The displayed information includes ACL name, rule
name and running state.
Example
The display information shows all the activated ACLs of the switch.
Syntax
View
Any view
1-17
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Parameter
Description
Using display time-range command, you can view the configuration and status of the
current time range. You will see the active or inactive state outputs respectively.
Note that the system has a delay of about 1 minute when updating the ACL state, while
the display time-range command applies the current time. Therefore when display
time-range displays that a time range is active, the ACL using it may not have been
activated. This is a kind of normal case.
Example
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according to
4-3-2003 Thursday the switch setting).
from 08:30 2-5-2005 to The content of time-range: the first time is the
18:00 2-19-2005 beginning time , the last time is the ending time.
1-18
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according
4-3-2003 Thursday to the switch setting).
from 08:30 2-5-2005 to 18:00 The content of time-range: the first time is the
2-19-2005 beginning time , the last time is the ending time.
1.2.5 packet-filter
Syntax
View
System view
Parameter
1-19
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Description
Using packet-filter command, you can activate the ACL. Using undo packet-filter
command, you can disable the ACL.
This command supports activating the Layer-2 and Layer-3 ACLs at the same time.
However the actions of the ACLs should be consistent. If the actions conflict (one is
permit and the other is deny), they cannot be activated.
Example
Syntax
View
User view
Parameter
all: All the access lists (including numbered and named access lists).
acl-number: Specifies an access list with a number in the range of 2000 to 3999.
acl-name: Specifies an access list with a character string, beginning with English letters
[a-z, A-Z] only, excluding space and quotation marks, and not case sensitive. The all
and any keywords are not allowed.
Description
Using the reset acl counter command, you can reset the statistics information of the
ACL which is used to filter or classify the data treated by the software of switch. You can
clear the matched counters to zero using this command.
Command Function
Reset the statistics information of the ACL which is used in
the case of filtering or classifying the data treated by the
reset acl counter software of switch. The case includes: ACL cited by route
policy function, ACL used for control logon user, etc. The
ACL number ranges from 2000 to 3999.
1-20
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Command Function
Reset statistic information of traffic. This command is used in
the case of filtering or classifying the data transmitted by the
reset
hardware of switch. Commonly, this command is used to
traffic-statistic
reset the statistics information of the traffic-statistic
command.
Example
1.2.7 rule
Syntax
1-21
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
View
ACL view
Parameter
Note:
The following parameters are attributes carried by the data packets. The ACL rules are
defined according to the values of these parameters.
1-22
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
1-23
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Description
Using rule command, you can add a rule to an ACL. Using undo rule command, you
can cancel a rule from an ACL.
You can add a lot of rules to an ACL. If you input the parameter when use the undo rule
command, the system will delete the corresponding content of the rule according to the
parameter input.
For related configurations, refer to command acl.
Example
1.2.8 time-range
Syntax
View
System view
1-24
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Parameter
Description
Using time-range command, you can configure a time range. Using undo time-range
command, you can delete a time range.
If you input the parameter when use the undo time-range command, the system will
delete the corresponding content of the time range according to the parameter input.
Example
# Configure a time range being effective since zero hour on January 1, 2000 and
forever.
[Quidway] time-range test from 0:0 1-1-2000
1.3.1 acl
Syntax
1-25
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
View
System view
Parameter
Description
Using acl command, you can configure a numbered or named ACL, and enter the
corresponding ACL view. Using undo acl command, you can cancel all the rules of a
numbered or named ACL or all the ACLs.
By default, the ACLs are matched in config order.
You can use the acl command to create an ACL and specify its name with “acl-name”
and its type with the keywords “advanced”, ”basic”, ”link”. For both numbered and
named ACL, you can use the rule command to add rules for them after entering ACL
view. (Use the quit command to exit ACL view.) An ACL may contain multiple rules and
the traffic classification rules concern different ranges, which brings forward the issue of
match order when a data packet matches more than one rule.
Using the match-order parameter, you can configure to follow the user configuration
order (as defaulted) or depth-first order (matching the rule with smaller range first) to
match the rules. After specified the match order of an ACL, you cannot change it,
unless delete all its rules and specify the order again. Note that, the match order of ACL
can only be effective in the case ACL is cited by software to filter and classify data.
Due the chips installed, the hardware match order of ACL’s sub-rule is different in
different switch models. The details are listed in the following table.
1-26
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Example
Syntax
View
Any view
Parameter
all: Configures to display all the ACLs (including numbered and named ACLs).
acl-number: Specifies the sequence number of the ACL to be displayed with a number
between 2000 and 3999.
acl-name: Specifies the name of the ACL to be displayed with a character string starting
with English letters ([a-z, A-Z]) only and excluding space or quotation mark.
Description
Using display acl config command, you can view the detail configuration information
about the ACL, including all the statements and sequence numbers and how many
packets and bytes matched these statements. The matched information is the
information treated by switch’s CPU. The matched information of transmitted data can
be displayed by display qos-global traffic-statistic command.
Example
1-27
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Field Description
“Basic ACL” delegates the type of ACL, the type of ACL
Basic ACL 2010, 1 rule, can be “advanced ACL”, “Basic ACL”, “Interface based
rule 1 permit ACL” or “Link ACL”. “2010” indicates the number of ACL
10.0.0.1 0 (0 times ( in this location, it may be the name of the ACL) , “1 rule”
matched) indicates the rule number of the ACL. “ rule 1 permit
10.0.0.1 0 (0 times matched)” indicates the rule’s content
Syntax
View
Any view
Parameter
None
Description
Using display acl running-packet-filter all command, you can view the information
about the running state of the ACL. The displayed information includes ACL name, rule
name and running state.
Example
The display information shows all the activated ACLs of the switch.
1-28
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Syntax
View
Any view
Parameter
Description
Using the display flow-template command, you can view the configuration of flow
template. The configuration includes the defined information of flow template, the
interface for which the flow template has applied.
For the related command, see flow-template user-defined.
Example
Syntax
View
Any view
Parameter
Description
Using display time-range command, you can view the configuration and status of the
current time range. You will see the active or inactive state outputs respectively.
1-29
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Note that the system has a delay of about 1 minute when updating the ACL state, while
the display time-range command applies the current time. Therefore when display
time-range displays that a time range is active, the ACL using it may not have been
activated. This is a kind of normal case.
Example
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according to
4-3-2003 Thursday the switch setting).
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according to
4-3-2003 Thursday the switch setting).
from 08:30 2-5-2005 to The content of time-range: the first time is the
18:00 2-19-2005 beginning time , the last time is the ending time.
1-30
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Syntax
flow-template user-defined
undo flow-template user-defined
View
Parameter
None.
Description
Using the flow-template user-defined command, you can apply user-defined flow
template on the current port. Using the undo flow-template user-defined command,
you can cancel the user-defined flow template applying on the current port.
For the related command, see display flow-template.
Example
Syntax
View
System view
Parameter
template-info: Information available in defining traffic classification, its value can be:
cos : 802.1p priority in the Ethernet packet header, in the length of 1 byte.
dip: Destination IP domain in the IP packet header, in the length of 4 bytes.
dmac: Destination MAC domain in the Ethernet packet header, in the length of 6 bytes.
dport: Destination port domain, in the length of 2 bytes.
dscp: DSCP domain in the IP packet header, in the length of 1 byte.
1-31
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
ethernet-protocol: Protocol type domain in the Ethernet packet header, in the length of
2 bytes.
fragments Fragment tag bit in the IP packet header.
icmp-code: ICMP code domain, in the length of 1 byte.
icmp-type: ICMP type domain, in the length of 1 byte.
ip-precedence: IP priority domain in the IP packet header, in the length of 1 byte.
ip-protocol: Protocol type domain in the IP packet header, in the length of 1 byte.
sip: Source IP domain in the IP packet header, in the length of 4 bytes.
smac: Source MAC domain in the Ethernet packet header, in the length of 6 bytes.
sport: Source port domain, in the length of 2 bytes.
tcp-flag: Flag domain in the TCP packet header, in the length of 1 byte.
tos: TOS (type of service) domain in the IP packet header, in the length of 1 byte.
vlanid: VLAN ID in the Ethernet packet header, in the length of 2 bytes.
Description
Using the flow-template user-defined template-info command, you can define a flow
template. Using the undo flow-template user-defined command, you can delete a
flow template.
In defining a flow template, the total length of all elements should not be more than 16
bytes.
Note:
The numbers listed in the table are not the actual length of these elements in IP packets,
but their length in flow template. DSCP field is one byte in flow template, but six bytes in
IP packets. You can judge the total length of template elements using these numbers.
The dscp, ip-precedence and tos fields jointly occupy one byte. One byte is occupied
no matter you define one, two or three of these fields.
The fragment field is 0 in length in flow template, so it can be ignored in calculating the
total length of template elements.
1-32
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Note:
During self-defining flow-template configuration, if you configured any of the three
parameters: dport, sport or tcp-flag, you must configure the ip-protocol parameter at the
same time. Otherwise, the flow template fails to operate.
If you need to define the rule of layer 2 ACL by using parameter tagged or untagged,
you are required to configure the ethernet-protocol parameter in self-defining
flow-template configuration.
A flow template is defined by default, which includes the quintuple of source IP,
destination IP, source TCP/UDP port, destination TCP/UDP port, IP protocol code.
You cannot modify or delete the default flow template, but those you have defined.
For the related command, see display flow-template.
Example
# Define a flow template which classifies traffic by source and destination IP addresses,
source and destination TCP/UDP ports, DSCP domain in the IP packet header.
[Quidway] flow-template user-defined ip-protocol sip dip sport dport dscp
1.3.8 packet-filter
Syntax
View
Parameter
acl-rule: the rule of ACL, only the rules including these elements defined in template
can be sent to target hardware and referenced for such QoS functions as packet
filtering, traffic policing, priority re-labeling. Otherwise, the rules cannot be activated on
the hardware. The ACL combined mode is following.
1-33
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Description
Using packet-filter command, you can activate the ACL. Using undo packet-filter
command, you can disable the ACL.
This command supports activating the Layer-2 and Layer-3 ACLs. However the actions
of the ACLs should be consistent. If the actions conflict (one is permit and the other is
deny), they cannot be activated.
Example
1-34
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Syntax
View
User view
Parameter
all: All the access lists (including numbered and named access lists).
acl-number: Specifies an access list with a number in the range of 2000 to 3999.
acl-name: Specifies an access list with a character string, beginning with English letters
[a-z, A-Z] only, excluding space and quotation marks, and not case sensitive. The all
and any keywords are not allowed.
Description
Using the reset acl counter command, you can reset the statistics information of the
ACL which is used to filter or classify the data treated by the software of switch. You can
clear the matched counters to zero using this command.
Command Function
Reset the statistics information of the ACL which is used in the
case of filtering or classifying the data treated by the software of
reset acl
switch. The case includes: ACL cited by route policy function,
counter
ACL used for control logon user, etc. The ACL number ranges
from 2000 to 3999.
Example
1-35
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
1.3.10 rule
Syntax
View
ACL view
Parameter
Note:
The following parameters are attributes carried by the data packets. The ACL rules are
defined according to the values of these parameters.
1-36
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
source-addr wildcard | any: source-addr wildcard is the source IP address and source
address wildcard, expressed in dotted decimal notation. any represents any source
address.
fragment: Indicates that the rule takes effect on fragmented packets only and will be
ignored for other packets.
z The parameter of advanced ACL
protocol: This parameter is to define protocol type, which can be indicated by name, or
digit. This parameter can be icmp, igmp, tcp, udp, ip, gre, ospf or ipinip. If this
parameter takes ip, it means all the IP protocols. This parameter can be 1 ~ 255 if
indicated by digit.
source-addr wildcard | any: source-addr wildcard is the source IP address and source
address wildcard, expressed in dotted decimal notation. any represents any source
address.
dest-addr wildcard | any: dest-addr wildcard is the destination IP address and
destination address wildcard, expressed in dotted decimal notation. any represents
any destination address.
source-port operator port1 [ port2 ]: This parameter is to define the source TCP or
UDP port number. Here, operator represents port operation character, including eq
(equal to), gt (greater than), lt (less than), neq (not equal to), and range (in certain
range). Note: This parameter is available only when protocol parameter takes TCP or
UDP. port1 [ port2 ]: TCP or UDP port number of packets, expressed with characters or
numbers. The numbers are in the range of 0 to 65535 and refer to mnemonic symbol
table for character values.
destination-port operator port1 [ port2 ]: This parameter is to define the destination
TCP or UDP port number. The meaning of operator port1 [ port2 ] is same as upper
parameter.
Note:
When you activate the rule with predefined TCP/UDP source and destination port
ranges on the S3552 series, the switches can automatically divide this rule into several
rules, ensuring the port ranges meet the requirement of [A*2^n , (A+1)*2^n - 1], where
both A and n are integers. If the rules are more than 64, the rule cannot be activated
and the switches prompt you of the failure.
S3552 series switch does not support icmp-type type code parameters when
configure ACL rules.
established: Used when protocol is tcp to indicate that the rule takes effect on the first
SYN packet to establish TCP connection.
1-37
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Description
Using rule command, you can add a rule to an ACL. Using undo rule command, you
can cancel a rule from an ACL.
You can add a lot of rules to an ACL. If you input the parameter when use the undo rule
command, the system will delete the corresponding content of the rule according to the
parameter input.
For related configurations, refer to command acl.
Example
1-38
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
1.3.11 time-range
Syntax
View
System view
Parameter
Description
Using time-range command, you can configure a time range. Using undo time-range
command, you can delete a time range.
If you input the parameter when use the undo time-range command, the system will
delete the corresponding content of the time range according to the parameter input.
Example
# Configure a time range being effective since zero hour on January 1, 2000 and
forever.
[Quidway] time-range test from 0:0 1-1-2000
1-39
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Syntax
View
Any view
Parameter
None
Description
Example
Syntax
View
Any view
Parameter
None
2-1
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using display qos-global all command, you can view the settings of all the QoS
parameters.
This command is used for displaying the settings of all the QoS parameters, including
priority tag, redirection, traffic statistics and traffic mirror.
Example
traffic-statistic
Matches: acl std1 rule 0 running
0 byte
0 packet
Matches: acl std1 rule 1 running
0 byte
0 packet
mirrored-to
Matches: acl std1 rule 0 running
Mirrored to: Ethernet0/1
Matches: acl std1 rule 1 running
Mirrored to: Ethernet0/1
Field Description
Indicates the traffic-priority configuration of
the switch.
traffic-priority
“Matches: acl std1 rule 0 running”
Matches: acl std1 rule 0 running indicates the classification rule to the
Priority action: Local precedence 0 traffic.
Matches: acl std1 rule 1 running “Priority action: Local precedence 0”
Priority action: Local precedence 0 indicates the action of resetting the priority
of the packets matching the classification
rule.
2-2
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Field Description
traffic-statistic Indicates the traffic-statistic configuration
Matches: acl std1 rule 0 running of the switch.
0 byte “Matches: acl std1 rule 0 running”
indicates the classification rule to the
0 packet
traffic.
Matches: acl std1 rule 1 running
“ 0 byte 0 packet” indicates the statistic
0 byte information for the packets matching the
0 packet classification rule.
Syntax
View
Any view
Parameter
None
Description
Using display qos-global mirrored-to command, you can view the settings of the
traffic mirror.
This command is used for displaying the settings of traffic mirror. The information
displayed includes the ACL of traffic to be mirrored and the observing port.
For the related command, see mirrored-to.
Example
2-3
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Field Description
mirrored-to Indicates the mirroring configuration of the
Matches: acl std1 rule 0 running switch. “Matches: acl std1 rule 0 running”
indicates the classification rule to the traffic.
Mirrored to: Ethernet0/1
“Mirrored to: Ethernet0/1” indicates the
Matches: acl std1 rule 1 running monitor port for the packets matching the
Mirrored to: Ethernet0/1 classification rule.
Syntax
View
Any view
Parameter
None
Description
Using display qos-global traffic-priority command, you can view the settings of
traffic priority.
This command is used for displaying the settings of traffic priority. The information
displayed includes the ACL corresponding to the traffic tagged with priority, priority type
and value.
For the related command, see traffic-priority.
Example
2-4
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Field Description
Indicates the traffic-priority configuration of
the switch.
traffic-priority
“Matches: acl std1 rule 0 running”
Matches: acl std1 rule 0 running indicates the classification rule to the
Priority action: Local precedence 0 traffic.
Matches: acl std1 rule 1 running “Priority action: Local precedence 0”
Priority action: Local precedence 0 indicates the action of resetting the priority
of the packets matching the classification
rule.
Syntax
View
Any view
Parameter
None
Description
Using display qos-global traffic-statistic command, you can view the traffic statistics
information.
This command is used for displaying the traffic statistics information. The information
displayed includes the ACL corresponding to the traffic to be counted and the number
of packets counted.
The statistics information of traffic-statistic command includes the matched times of
the transmitted data by switch. User can use display qos-global traffic-statistic
command to display the statistics information.
For the related command, see traffic-statistic.
Example
2-5
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
0 packets
Field Description
traffic-statistic
Indicates the traffic-statistic configuration of
Matches: acl std1 rule 0 running the switch.
0 byte “Matches: acl std1 rule 0 running” indicates
0 packet the classification rule to the traffic.
Matches: acl std1 rule 1 running “ 0 byte 0 packet” indicates the statistic
0 byte information for the packets matching the
classification rule.
0 packet
Syntax
View
Any view
Parameter
Description
Using display qos-interface queue-scheduler command, you can view the queue
scheduling mode and parameters.
For the related command, see queue-scheduler.
Example
The display information shows the queue scheduling mode of the switch is
strict-priority.
2-6
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.1.7 mirrored-to
Syntax
View
System view
Parameter
Description
Using mirrored-to command, you can enable ACL traffic identification and perform
traffic mirror. Using undo mirrored-to command, you can disable traffic mirror.
This command is used for mirroring the traffic matching the specified ACL (whose
action is permit). The observing port cannot be a Trunk port or aggregated port.
This command only supports one observing port. When you use the traffic mirror for the
first time, you have to designate the observing port.
For the related command, see display qos-global mirrored-to.
Example
# Mirrors the packets matching the ACL 2000 rules, whose action is permit, to the port
Ethernet0/1.
[Quidway] mirrored-to ip-group 2000 interface e0/1
2-7
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.1.8 priority
Syntax
priority priority-level
undo priority
View
Parameter
Description
Using priority command, you can configure the priority of Ethernet port. Using undo
priority command, you can restore the default port priority.
By default, the priority level of the port is 0 and switch replaces the 802.1p priority
carried by a packet with the port priority.
Every port of Ethernet switch supports four packet egress queues. The switch puts the
packets into different egress queues according to their priorities.
You can set a priority for a port and replace the 802.1p priority carried in the packet with
it. After transmitting a packet, the switch will replace the packet 802.1p priority with the
priority of the received port, according to which the packet will be put into the
corresponding egress queue.
Example
Syntax
priority trust
undo priority
View
Parameter
None
2-8
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using priority trust command, you can configure system trusting the packet 802.1p
priority and not replacing the 802.1p priorities carried by the packets with the port
priority. Using undo priority command, you can configure the system not trust packet
802.1p priority.
By default, the system replaces the 802.1p priority carried by a packet with the port
priority.
For the related command, see priority.
Example
# Configure system trusting the packet 802.1p priority and not replacing the 802.1p
priorities carried by the packets with the port priority.
[Quidway-Ethernet0/1] priority trust
Syntax
View
System view
Parameter
2-9
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
1 0
2 1
3 3
4 4
5 5
6 6
7 7
Example
2-10
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.1.11 queue-scheduler
Syntax
View
Parameter
Description
Using queue-scheduler command, you can configure the queue scheduler and the
related parameters. Using undo queue-scheduler command, you can restore the
default queue scheduler.
By default, the value is strict-priority.
For WRR, the sum of all the weights should equal 100.
For the related command, see display qos-interface queue-scheduler.
Example
# Configure to perform WRR with the weights of the four queues as 20, 20, 30 and 30
respectively.
[Quidway-Ethernet0/1] queue-scheduler wrr 20 20 30 30
2-11
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Syntax
View
User view
Parameter
all: Indicates to clear all the traffic statistics information of the ACLs configured with this
function (including the combination items).
ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL.
acl-number: Specifies the ACL sequence number, ranging from 2000 to 3999. acl-name:
Specifies the ACL name with a character string starting with English letters ([a-z, A-Z])
and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging
from 0 to 127. If you do not set this parameter, all the rules will be considered.
link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number:
Specifies the ACL sequence number, ranging from 4000 to 4999, acl-name: Specifies
the ACL name with a character string starting with English letters ([a-z, A-Z]) and
excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from
0 to 127. If you do not set this parameter, all the rules will be considered.
Description
Using reset traffic-statistic command, you can reset the traffic statistics information.
This command is used for clearing the statistics information about all the traffic or a
specified one.
Command Function
Reset the statistics information of the ACL which is used in the
case of filtering or classifying the data treated by the software
reset acl counter of switch. The case includes: ACL cited by route policy
function, ACL used for control logon user, etc. The ACL
number ranges from 2000 to 3999.
2-12
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
2.1.13 traffic-priority
Syntax
View
System view
Parameter
Description
Using traffic-priority command, you can activate ACL and tag the traffic priority
(whose action is permit). Using undo traffic-priority command, you can cancel the
traffic priority settings.
For the related command, see display qos-global traffic-priority.
Example
# Marks the priority for the packets matching the permit rules of ACL 2000. It sets the
local preference to 0:
[Quidway] traffic-priority ip-group 2000 local-precedence 0
2-13
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.1.14 traffic-statistic
Syntax
View
System view
Parameter
Description
Using traffic-statistic command, you can activate the ACL to recognize and count the
traffic(whose action is permit). Using undo traffic-statistic command, you can cancel
the traffic statistics.
The statistics information of traffic-statistic command includes the matched times of
the transmitted data by switch. User can use display qos-global traffic-statistic
command to display the statistics information.
For the related command, see display qos-global traffic-statistic.
Note:
S3526, S3026 FM, S3026 FS only support the statistics for the data matching the IP-IP
or MAC-MAC rule.
Example
# Count the packets matching the ACL 2000 rules with action permit.
2-14
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Syntax
View
Any view
Parameter
None
Description
Example
Syntax
View
Any view
Parameter
None
Description
Using display qos-global all command, you can view the settings of all the QoS
parameters.
2-15
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
This command is used for displaying the settings of all the QoS parameters, including
priority tag, redirection, traffic statistics and traffic mirror.
Example
traffic-redirect
Matches: acl std1 rule 0 running
Redirected to: interface Ethernet0/2
Matches: acl std1 rule 1 running
Redirected to: interface Ethernet0/2
traffic-statistic
Matches: acl std1 rule 0 running
0 byte
0 packet
Matches: acl std1 rule 1 running
0 byte
0 packet
mirrored-to
Matches: acl std1 rule 0 running
Mirrored to: Ethernet0/1
Matches: acl std1 rule 1 running
Mirrored to: Ethernet0/1
Field Description
Indicates the traffic-priority configuration of the
traffic-priority switch.
Matches: acl std1 rule 0 running “Matches: acl std1 rule 0 running” indicates
Priority action: dscp ef the classification rule to the traffic.
Matches: acl std1 rule 1 running “Priority action: dscp ef” indicates the action of
Priority action: dscp ef resetting the priority of the packets matching
the classification rule.
2-16
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Field Description
traffic-redirect Indicates the traffic-redirect configuration of
Matches: acl std1 rule 0 running the switch.
Redirected to: interface “Matches: acl std1 rule 0 running” indicates
Ethernet0/2 the classification rule to the traffic.
Matches: acl std1 rule 1 running “Redirected to: interface Ethernet0/2”
Redirected to: interface indicates the redirect port for the packets
Ethernet0/2 matching the classification rule.
traffic-statistic
Indicates the traffic-statistic configuration of
Matches: acl std1 rule 0 running the switch.
0 byte “Matches: acl std1 rule 0 running” indicates
0 packet the classification rule to the traffic.
Matches: acl std1 rule 1 running “ 0 byte 0 packet” indicates the statistic
0 byte information for the packets matching the
classification rule.
0 packet
Syntax
View
Any view
Parameter
None
Description
Using display qos-global mirrored-to command, you can view the settings of the
traffic mirror.
This command is used for displaying the settings of traffic mirror. The information
displayed includes the ACL of traffic to be mirrored and the observing port.
For the related command, see mirrored-to.
2-17
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
Field Description
Indicates the mirroring configuration of the
mirrored-to switch.
Matches: acl std1 rule 0 running “Matches: acl std1 rule 0 running” indicates
Mirrored to: Ethernet0/1 the classification rule to the traffic.
Matches: acl std1 rule 1 running “Mirrored to: Ethernet0/1” indicates the
Mirrored to: Ethernet0/1 monitor port for the packets matching the
classification rule.
Syntax
View
Any view
Parameter
None
Description
Using display qos-global traffic-priority command, you can view the settings of
traffic priority.
This command is used for displaying the settings of traffic priority. The information
displayed includes the ACL corresponding to the traffic tagged with priority, priority type
and value.
For the related command, see traffic-priority.
Example
2-18
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Field Description
Indicates the traffic-priority configuration of
traffic-priority the switch.
Matches: acl std1 rule 0 running “Matches: acl std1 rule 0 running” indicates
Priority action: dscp ef the classification rule to the traffic.
Matches: acl std1 rule 1 running “Priority action: dscp ef” indicates the action
Priority action: dscp ef of resetting the priority of the packets
matching the classification rule.
Syntax
View
Any view
Parameter
None
Description
Using display qos-global traffic-redirect command, you can view the settings of the
redirection.
This command is used for displaying the settings of the redirection. The information
displayed includes the ACL corresponding to the traffic to be redirected, the destination
port of redirection.
For the related command, see traffic-redirect.
Example
2-19
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Field Description
traffic-redirect
Matches: acl std1 rule 0 Indicates the traffic-redirect configuration of the
running switch.
Redirected to: interface “Matches: acl 1 rule 0 running” indicates the
Ethernet0/2 classification rule to the traffic.
Matches: acl std1 rule 1 “Redirected to: interface Ethernet0/2” indicates the
running redirect port for the packets matching the
Redirected to: interface classification rule.
Ethernet0/2
Syntax
View
Any view
Parameter
None
Description
Using display qos-global traffic-statistic command, you can view the traffic statistics
information.
This command is used for displaying the traffic statistics information. The information
displayed includes the ACL corresponding to the traffic to be counted and the number
of packets counted.
The statistics information of traffic-statistic command includes the matched times of
the transmitted data by switch. User can use display qos-global traffic-statistic
command to display the statistics information.
For the related command, see traffic-statistic.
Example
2-20
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
traffic-statistic
Matches: acl std1 rule 0 running
0 byte
0 packet
Matches: acl std1 rule 1 running
0 byte
0 packets
Field Description
traffic-statistic
Indicates the traffic-statistic configuration of
Matches: acl std1 rule 0 running the switch.
0 byte “Matches: acl std1 rule 0 running” indicates
0 packet the classification rule to the traffic.
Matches: acl std1 rule 1 running “ 0 byte 0 packet” indicates the statistic
0 byte information for the packets matching the
classification rule.
0 packet
Syntax
View
Any view
Parameter
Description
Using display qos-interface all command, you can view the QoS setting of all the
ports.
If you do not input the port parameters, the command will display all the QoS settings
on the switch, including traffic limit and line rate etc. If you set the port parameters, the
configuration information about the specified port will be displayed.
Example
2-21
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Ethernet0/2: traffic-limit
Inbound:
Matches: acl 2000 rule 0 running
Target rate: 4 Mbps
Exceed action: drop
Ethernet0/2: line-rate
Line rate: 3 Mbps
Ethernet0/4: line-rate
Line rate: 5 Mbps
Field Description
Indicates the traffic-limit configuration of the port.
“Inbound:” indicates system only treats the traffic
Ethernet0/2: traffic-limit received by the port.
Inbound: “Matches: acl 2000 rule 0 running” indicates the
Matches: acl 1 rule 0 classification rule to the traffic.
running “Target rate: 4 Mbps” indicates the s the normal rate for
Target rate: 4 Mbps the packets matching the classification rule.
Exceed action: drop “Exceed action: drop” indicates the action to the traffic
which match the classification rule but exceed the
normal rate. The action can be “drop” or “remark-dscp”.
Indicates the line-rate configuration of the port.
Ethernet0/2: line-rate
“Line rate: 3 Mbps” indicates the general packet sending
Line rate: 3 Mbps
rate on a port.
Syntax
View
Any view
Parameter
Description
Using display qos-interface line-rate command, you can view the settings of
outgoing line rate on the port.
2-22
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
If you do not input the port parameters, the command will display the outgoing line rate
settings on the port. If you set the port parameters, the configuration information about
the specified port will be displayed. The information displayed includes egress port and
the line rate.
Example
Field Description
Indicates the line-rate configuration of the port.
Ethernet0/2: line-rate
“Line rate: 3 Mbps” indicates the general packet sending
Line rate: 3 Mbps
rate on a port.
Syntax
View
Any view
Parameter
Description
Using display qos-interface traffic-limit command, you can view the settings of traffic
limit.
If you do not input the port parameters, the command will display the traffic limit settings
on the switch. If you set the port parameters, the configuration information about the
specified port will be displayed. The information displayed includes the ACL of the
traffic to be limited, the limited average rate and the settings of some related policing
action.
For the related command, see traffic-limit.
2-23
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
Field Description
Indicates the traffic-limit configuration of the port.
“Inbound:” indicates system only treats the traffic
Ethernet0/2: traffic-limit received by the port.
Inbound: “Matches: acl 2000 rule 0 running” indicates the
classification rule to the traffic.
Matches: acl 2000 rule 0
running “Target rate: 4 Mbps” indicates the s the normal rate
for the packets matching the classification rule.
Target rate: 4 Mbps
“Exceed action: drop” indicates the action to the
Exceed action: drop
traffic which match the classification rule but exceed
the normal rate. The action can be “drop” or
“remark-dscp”.
Syntax
display queue-scheduler
View
Any view
Parameter
None
Description
Using display queue-scheduler command, you can view the queue scheduling mode
and parameters.
2-24
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
The display information shows the queue scheduling mode of the switch is
Strict-Priority.
2.2.11 line-rate
Syntax
line-rate target-rate
undo line-rate
View
Parameter
target-rate: Specifies the general packet sending rate on a port, ranging from 1 to 100
measured in Mbps.
Description
Using line-rate command, you can configure the limitation of the rate to restrict the
general speed of sending packets through the port. Using undo line-rate command,
you can cancel the limitation of the rate.
This command is used for configuring the general limitation of rate on the port for
sending packets.
Example
2.2.12 mirrored-to
Syntax
2-25
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
View
System view
Parameter
Description
Using mirrored-to command, you can enable ACL traffic identification and perform
traffic mirror. Using undo mirrored-to command, you can cancel traffic mirror.
This command is used for mirroring the traffic matching the specified ACL (whose
action is permit). The observing port cannot be a Trunk port or aggregated port.
This command only supports one observing port. When you use the traffic mirror for the
first time, you have to designate the observing port.
For the related command, see display qos-global mirrored-to.
Example
# Mirrors the packets matching the ACL 2000 rules, whose action is permit, to the port
Ethernet0/1.
[Quidway] mirrored-to ip-group 2000 interface e0/1
2-26
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.2.13 priority
Syntax
priority priority-level
undo priority
View
Parameter
Description
Using priority command, you can configure the priority of Ethernet port. Using undo
priority command, you can restore the default port priority.
By default, the priority level of the port is 0 and switch replaces the 802.1p priority
carried by a packet with the port priority.
Every port of Ethernet switch supports four packet egress queues. The switch puts the
packets into different egress queues according to their priorities.
You can set a priority for a port and replace the 802.1p priority carried in the packet with
it. After transmitting a packet, the switch will replace the packet 802.1p priority with the
priority of the received port, according to which the packet will be put into the
corresponding egress queue.
Example
Syntax
priority trust
undo priority
View
Parameter
None
2-27
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using priority trust command, you can configure system trusting the packet 802.1p
priority and not replacing the 802.1p priorities carried by the packets with the port
priority. Using undo priority command, you can configure the system not trust packet
802.1p priority.
By default, the system replaces the 802.1p priority carried by a packet with the port
priority.
For the related command, see priority.
Example
# Configure system trusting the packet 802.1p priority and not replacing the 802.1p
priorities carried by the packets with the port priority.
[Quidway-Ethernet0/1] priority trust
Syntax
View
System view
Parameter
2-28
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
1 0
2 1
3 3
4 4
5 5
6 6
7 7
Example
2-29
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.2.16 queue-scheduler
Syntax
View
System view
Parameter
Description
Using queue-scheduler command, you can configure the queue scheduler and the
related parameters. Using undo queue-scheduler command, you can restore the
default queue scheduler.
By default, the value is strict-priority.
For WRR and Delay bounded WRR, the sum of all the weights should equal 100.
For the related command, see display queue-scheduler.
2-30
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
# Configure to perform WRR with the weights of the four queues as 20, 20, 30 and 30
respectively.
[Quidway] queue-scheduler wrr 20 20 30 30
Syntax
View
User view
Parameter
all: Indicates to clear all the traffic statistics information of the ACLs configured with this
function (including the combination items).
user-group { acl-number | acl-name } [ rule rule ]: Specifies a user-defined ACL.
acl-number: Specifies the ACL sequence number, ranging from 5000 to 5999. acl-name:
Specifies the ACL name with a character string starting with English letters ([a-z, A-Z])
and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging
from 0 to 127. If you do not set this parameter, all the rules will be considered.
ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL.
acl-number: Specifies the ACL sequence number, ranging from 2000 to 3999. acl-name:
Specifies the ACL name with a character string starting with English letters ([a-z, A-Z])
and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging
from 0 to 127. If you do not set this parameter, all the rules will be considered.
link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number:
Specifies the ACL sequence number, ranging from 4000 to 4999, acl-name: Specifies
the ACL name with a character string starting with English letters ([a-z, A-Z]) and
excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from
0 to 127. If you do not set this parameter, all the rules will be considered.
Description
Using reset traffic-statistic command, you can reset the traffic statistics information.
This command is used for clearing the statistics information about all the traffic or a
specified one.
2-31
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Command Function
Reset the statistics information of the ACL which is used in
the case of filtering or classifying the data treated by the
reset acl counter software of switch. The case includes: ACL cited by route
policy function, ACL used for control logon user, etc. The
ACL number ranges from 2000 to 3999.
Example
2.2.18 traffic-limit
Syntax
View
Parameter
inbound: Configures to limit the rate of traffic received via the interface.
user-group { acl-number | acl-name } [ rule rule ]: Specifies a user-defined ACL.
acl-number: Specifies the ACL sequence number, ranging from 5000 to 5999. acl-name:
Specifies the ACL name with a character string starting with English letters ([a-z, A-Z])
and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging
from 0 to 127. If you do not set this parameter, all the rules will be considered.
ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL.
acl-number: Specifies the ACL sequence number, ranging from 2000 to 3999. acl-name:
Specifies the ACL name with a character string starting with English letters ([a-z, A-Z])
2-32
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging
from 0 to 127. If you do not set this parameter, all the rules will be considered.
link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number:
Specifies the ACL sequence number, ranging from 4000 to 4999, acl-name: Specifies
the ACL name with a character string starting with English letters ([a-z, A-Z]) and
excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from
0 to 127. If you do not set this parameter, all the rules will be considered.
target-rate: Specifies the normal rate, measured in mbps, ranging from 1 to 100.
exceed action: Specifies the action executed when the traffic exceeds the set rate,
which include:
z drop: Drop the packet;
z remark-dscp value: Set a new DSCP value.
Description
Using traffic-limit command, you can enable ACL traffic identification and perform
limiting the rate of the traffic matching the specified ACL (whose action is permit). Using
undo traffic-limit command, you can cancel the traffic limit.
Example
# Limit rate of the traffic matching the ACL 2000 rules on Ethernet0/1, whose action is
permit. The normal traffic rate is set to 50Mbps. Drop the packets exceeding the traffic.
The local preference of the packets within the traffic range is set to 0.
[Quidway-Ethernet0/1] traffic-limit inbound ip-group 2000 50 exceed drop
2.2.19 traffic-priority
Syntax
View
System view
Parameter
2-33
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Specifies the ACL name with a character string starting with English letters ([a-z, A-Z])
and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging
from 0 to 127. If you do not set this parameter, all the rules will be considered.
ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL.
acl-number: Specifies the ACL sequence number, ranging from 2000 to 3999. acl-name:
Specifies the ACL name with a character string starting with English letters ([a-z, A-Z])
and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging
from 0 to 127. If you do not set this parameter, all the rules will be considered.
link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number:
Specifies the ACL sequence number, ranging from 4000 to 4999, acl-name: Specifies
the ACL name with a character string starting with English letters ([a-z, A-Z]) and
excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from
0 to 127. If you do not set this parameter, all the rules will be considered.
dscp dscp-value: Specifies DSCP preference, ranging from 0 to 63.
ip-precedence { pre-value | from-cos }: Specifies IP preference. pre-value specifies
the IP preference, ranging from 0 to 7. from-cos indicates to set the IP preference to
the same as that of 802.1p of the packet.
cos { pre-value | from-ipprec }: Specifies 802.1p preference. pre-value specifies the
802.1p preference, ranging from 0 to 7. from-ipprec indicates to set the 802.1p
preference to the same as IP preference.
local-precedence pre-value: Specifies the local preference, ranging from 0 to 7.
Description
Using traffic-priority command, you can activate ACL and tag the traffic priority
(whose action is permit). Using undo traffic-priority command, you can cancel the
traffic priority settings.
It can mark three priorities (dscp/IP preference, and cos) for the packets. The switch
can put the packets into egress queue according to the cos value (namely the 802.1p
preference) or local preference. If both 802.1p preference and local preference are set,
the switch will use the 802.1p preference first.
For the related command, see display qos-global traffic-priority.
Example
# Marks the priority for the packets matching the permit rules of ACL 2000. It sets the
local preference to 0:
[Quidway] traffic-priority ip-group 2000 local-precedence 0
2-34
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.2.20 traffic-redirect
Syntax
View
System view
Parameter
Description
Using traffic-redirect command, you can activate the ACL to recognize and redirect
the traffic(whose action is permit). Using undo traffic-redirect command, you can
cancel the redirection.
For the related command, see display qos-global traffic-redirection.
2-35
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
# Redirects the packets matching the ACL 2000 rules with action permit to the port
Ethernet0/1.
[Quidway] traffic-redirect ip-group 2000 interface e0/1
2.2.21 traffic-statistic
Syntax
View
System view
Parameter
Description
Using traffic-statistic command, you can activate the ACL to recognize and count the
traffic(whose action is permit). Using undo traffic-statistic command, you can cancel
the traffic statistics.
2-36
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
# Count the packets matching the ACL 2000 rules with action permit.
[Quidway] traffic-statistic ip-group 2000
Syntax
display mirror
View
Any view
Parameter
None
Description
Using the display mirror command, you can view port mirroring configuration,
including monitored ports, monitor port and monitor direction, etc.
For the related command, see mirroring-port, monitor-port.
Example
2-37
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Syntax
View
Any view
Parameter
Description
Using the display qos conform-level command, you can view “DSCP +
Conform-level → Service group” and “Local-precedence + Conform-level → 802.1p
priority” mapping tables.
Example
2-38
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
40 : 40 5 5 5 0
46 : 46 5 5 5 0
48 : 48 6 6 6 0
56 : 56 7 7 7 0
Syntax
View
Any view
Parameter
None
Description
Using the display qos cos-drop-precedence-map command, you can view “CoS →
Drop-precedence” mapping table.
Example
Syntax
2-39
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
View
Any view
Parameter
None
Description
Using the display qos cos-local-precedence-map command, you can view “CoS →
Local-precedence” mapping table.
Example
Syntax
View
Any view
Parameter
None
Description
Using the display qos-global all command, you can view all QoS configuration items.
Example
Syntax
2-40
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
View
Any view
Parameter
Description
Using the display qos-interface all command, you can view port QoS configuration. If
you specify a port, only its configuration is displayed. Otherwise, QoS configuration
items of all ports will be displayed.
Example
Syntax
View
Any view
Parameter
Description
Using the display qos-interface drop-mode command, you can view drop mode for
outbound port queues. If you specify a port, only its drop mode is displayed. Otherwise,
drop mode of all ports will be displayed.
For the related command, see drop-mode.
Example
Syntax
2-41
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
View
Any view
Parameter
Description
Using the display qos-interface queue-scheduler command, you can view queue
scheduling mode and corresponding parameter configuration. If you specify a port, only
its queue scheduling mode is displayed. Otherwise, queue scheduling mode of all ports
will be displayed.
For the related command, see queue-scheduler.
Example
2-42
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Syntax
View
Any view
Parameter
Description
Using the display qos-interface traffic-shape command, you can view traffic shaping
configuration, including maximum line rate, burst size (kbyte), maximum queue length.
If you specify a port, only its traffic shaping configuration is displayed. Otherwise, the
traffic shaping configuration of all ports will be displayed.
Example
Syntax
View
Any view
Parameter
Description
Using the display qos-interface mirrored-to command, you can view traffic mirroring
configuration.
For the related command, see mirrored-to.
Example
2-43
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Syntax
View
Any view
Parameter
Description
Using the display qos-interface traffic-limit command, you can view traffic limit
configuration, including the corresponding ACL, committed information rate, committed
burst size, peak information rate and monitor action configuration.
For the related command, see traffic-limit.
Example
Syntax
View
Any view
Parameter
Description
Using the display qos-interface traffic-priority command, you can view priority
re-labeling configuration, including the corresponding ACL, priority type and priority
level.
For the related command, see traffic-priority.
Example
2-44
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Syntax
View
Any view
Parameter
Description
Using the display qos-interface traffic-redirect command, you can view traffic
redirection configuration, including the corresponding ACL and port.
For the related command, see traffic-redirect.
Example
Syntax
View
Any view
Parameter
Description
Using the display qos-interface traffic-statistic command, you can view traffic
statistics, including the corresponding ACL and packet counts.
For the related command, see traffic-statistic.
Example
2-45
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.3.15 drop-mode
Syntax
View
Parameter
Description
Using the drop-mode command, you can specify drop mode at a port. Using the undo
drop-mode command, you can restore the default drop mode, i.e., tail-drop mode.
By default, a port is configured with tail-drop mode.
In the case of network congestion, the switch drops packets to release system
resources. And then no packets are put into long-delay queues. The following two drop
modes are available:
z Tail-drop mode: Different queues (red, yellow and red) are allocated with different
drop thresholds. When these thresholds are exceeded respectively, excessive
packets will be dropped.
z WRED drop mode: Drop precedence is taken into account in action. When only
min-thresholds of red, yellow and green packets are exceeded, excessive packets
are dropped randomly at given probability. But when max-thresholds of red, yellow
and green packets are exceeded, all excessive packets will be dropped.
Example
# Select WRED drop mode for the port Ethernet0/1, use the threshold of WRED 0.
[Quidway-Ethernet0/1] drop-mode wred 0
2.3.16 dscp
Syntax
2-46
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
View
Conform-level view
Parameter
dscp-list: Original DSCP value, in the range of 0~63. You can input a single value or a
value range, for example, “46” or “0 8 10 16”, in which blank space must be inserted
between values.
dscp-value: Modified DSCP value, in the range of 0~63
cos-value: Modified 802.1p priority value, in the rage of 0~7
local-precedence-value: Modified local precedence value, in the range of 0~7
drop-precedence: Modified conform-level, in the range of 0~2
Description
Using the dscp command, you can configure the “DSCP + Conform-level → Service
group” mapping table of a conform-level. Using the undo dscp command, you can
restore its default values.
You must enter a specific conform-level view to configure the “DSCP + Conform-level
→ Service group” mapping table of that level. For example, when you enter
conform-level 0 view, you can only modify the mapping table of conform-level 0.
Example
2-47
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.3.17 local-precedence
Syntax
View
Conform-level view
Parameter
2-48
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Example
Local-precedence CL 802.1p
0 0 0
1 0 1
2 0 2
3 0 3
4 0 5
5 0 5
6 0 6
7 0 7
2.3.18 mirrored-to
Syntax
2-49
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
View
Parameter
2-50
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using the mirrored-to command, you can activate ACL and mirror the data stream to
CPU or to the specified monitoring port. Using the undo mirrored-to command, you
can remove traffic mirroring setting.
This configuration is only applicable to the packets which match the ACL rules and the
permitted rules.
Note:
You must use the monitor-port command to configure the monitoring port before you
mirror data stream to specified port. The switch only mirrors the packets received by
the traffic, when you use the monitor-port command to configure the monitoring port,
you must configure the direction of the monitored packets as inbound or both.
Example
# Mirror the packets which match the permitted rules in ACL 2000 to the CPU.
[Quidway-Ethernet0/1] mirrored-to inbound ip-group 2000 cpu
2.3.19 mirroring-port
Syntax
View
System view
Parameter
port-list: Ethernet port list, representing multiple ports, in the format of port-list =
{ { interface_type interface_num | interface_name } [ to { interface_type interface_num
| interface_name } ] }&<1-10>. &<1-10> means you can input those parameters for ten
times at most.
inbound | outbound | both: Indicates to monitor the packets of which direction.
Inbound means to monitor inbound packets; outbound means to monitor outbound
packets; both means to monitor packets of both directions.
2-51
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using the mirroring-port command, you can configure a monitored port. Using the
undo mirroring-port command, you can remove setting of monitored port.
You can indicate to monitor the packets of which direction in configuring monitored port.
The switch supports multiple-to-one mirroring. You need to configure monitor port
before configuring monitored port.
For the related command, see display mirror.
Example
2.3.20 monitor-port
Syntax
View
System view
Parameter
Description
Using the monitor-port command, you can configure a monitor port. Using the undo
monitor-port command, you can remove the setting of monitor port.
The switch supports multiple-to-one port mirroring, that is, duplicating the packets at
multiple ports to the monitor port. You can only specify one monitor port. You should
first remove the setting of all corresponding monitored ports before canceling the
configuration of the monitor port.
For the related command, see display mirror.
2-52
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
2.3.21 priority
Syntax
priority priority-level
undo priority
View
Parameter
Description
Using the priority command, you can configure the local precedence values at a port.
Using the undo priority command, you can restore the default values.
Upon receiving a packet, the switch allocates a service group set to it. The priority value
is allocated according to this: First obtain local precedence value based on “CoS →
Local-precedence” mapping table. If unsuccessful, the local precedence value of
receive port will be used as that for the packet.
Example
Syntax
priority trust
undo priority
View
Parameter
None
2-53
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using the priority trust command, you can set not to replace the packet 802.1p priority
value with port priority value, but to trust the packet 802.1p priority value. Using the
undo priority command, you can restore the default setting, replacing packet priority
value with port priority value.
By default, the switch replaces the packet 802.1p priority value with port priority value.
Example
Syntax
View
System view
Parameter
Description
Using the qos conform-level command, you can create a conform-level and enter it.
The switch supports three conform-levels, numbered respectively as 0, 1 and 2. Input
the corresponding number to enter the desired conform-level view, in which you can
configure the “DSCP + Conform-level → Service group” and “Local-precedence +
Conform-level → 802.1p priority” mapping tables.
Example
Syntax
2-54
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
View
System view
Parameter
Description
3 0
4 0
5 0
6 0
7 0
Upon receiving a packet, the switch allocates a service group set to it, including CoS
value, local precedence value, drop-precedence. The allocation rule is based on the
packet 802.1p priority: use the 802.1p priority value as the CoS value, obtain local
precedence value and drop-precedence respectively from “CoS → Local-precedence”
mapping table and “CoS → Drop-precedence” mapping table.
2-55
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
Syntax
View
System view
Parameter
2-56
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
7 7
Upon receiving a packet, the switch allocates a service group set to it, including CoS
value, local precedence value, drop-precedence. The allocation rule is based on the
packet 802.1p priority: use the 802.1p priority value as the CoS value, obtain local
precedence value and drop-precedence respectively from “CoS → Local-precedence”
mapping table and “CoS → Drop-precedence” mapping table.
Example
2-57
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.3.26 queue
Syntax
View
Parameter
2-58
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
yellow-max-prob: Maximum drop probability for yellow packets, in the range of 1~15. It
indicates the drop probability of the yellow packets when the yellow queue length
reaches yellow-max-threshold.
red-min-threshold: Minimum average queue length to trigger random red packet
dropping, in the range of 0~65535.
red-max-threshold: Maximum average queue length to trigger complete red packet
dropping, in the range of 0~65535.
red-max-prob: Maximum drop probability for red packets, in the range of 1~15. It
indicates the drop probability of the red packets when the red queue length reaches
red-max-threshold.
exponent: Weight for calculating average queue length, in the range of 1~15.If the
parameter is small, the average queue length follows the actual queue length quickly; if
it is large, the average queue length follows the actual queue length slowly. By default,
it is 9.
Description
Using the queue command, you can configure parameters for a WRED index. Using
the undo queue command, you can restore the default values for the WRED index.
The switch provides four sets of default WRED parameters, respectively numbered as
0~3. Each set includes 80 parameters, 10 parameters for each of the eight ports.
Example
2.3.27 queue-scheduler
Syntax
View
Parameter
2-59
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using the queue-scheduler command, you can choose queue scheduling algorithm
and parameters. Using the undo queue-scheduler command, you can restore the
default setting, SP algorithm.
By default, SP algorithm is selected for all outbound queues at a port.
The switch supports eight outbound queues at a port, with different scheduling
algorithms for them. You can configure these queues into different scheduling groups:
SP group, WRR priority group 1 and group 2. For example, you can set queues 6 and 7
into SP group, queues 3, 4 and 5 into WRR priority group 1 and queues 0, 1 and 2 into
WRR priority group 2. Then a queue will selected respectively from theses three groups
according to their own scheduling algorithms. Then these three selected queues will
scheduled in SP algorithm.
Note:
You must follow these rules to group eight outgoing queues at a port:
z The queues in one group must have consecutive queue numbers. For example,
queue 3, 4 and 5 have consecutive queue numbers and thus can be grouped in one
queue scheduling group; whereas queue 3, 4 and 7 cannot be grouped in one
group.
z You must group the queues with high priority in the SP group, the queues with
comparatively lower priority in the WRR1 group, and the queues with the lowest
priority in the WRR2 group. Ensure that the priorities of all the queues in SP are
higher than that of all the queues in WRR1, and the priorities of all the queues in
WRR1 are higher than that of all the queues in WRR2.
Example
# Set queues 0~5 in WRR algorithm, queues 0, 1 and 2 belong to group 2, with weight
respectively as 20, 20 and 10; queues 3, 4 and 5 belong to group 1, with weight
respectively as 20, 20 and 10. Set queues 6 and 7 in SP algorithm, the default one.
2-60
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Syntax
View
Parameter
Description
Using the reset traffic-statistic command, you can clear the all or designated traffic
statistics, as per your needs.
Example
2.3.29 traffic-limit
Syntax
2-61
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
View
Parameter
2-62
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using the traffic-limit command, you can enable the ACL, initiate traffic limit and
specify different actions for in-threshold and over-threshold packets. Using the undo
traffic-limit command, you can remove traffic limit setting.
This configuration is only available to the permitted rules.
When setting the parameters of traffic policing, the following rule is recommended:
cir<pir, cbs=ebs=(cir/8)*(1~1.5). For example, if cir is set 1000Kbps, cbs=ebs
=(1000/8)*(1~1.5)= (125~180)Kbytes=(125000~180000)bytes. Note that, the
parameter unit of cbs and ebs is byte.
Note:
If you choose untrusted mode for a specific traffic in traffic-priority operation, that is,
you manually specify a service group for the designated traffic, then the traffic-limit
and traffic-statistic operations are invalid for this traffic. If you choose traffic-limit and
traffic-statistic, however, then the untrusted mode is invalid.
To the same data traffic, you cannot set both remark-cos and remark-policed-service
or both remark-drop-priority and remark-policed-service.
If you want to initiate remark-policed-service or remark-cos action, you must ensure
you have configured “DSCP+Conform-Level → Service group” mapping table or
“TC+Conform-Level → 802.1p priority” mapping table. For more information about
these two mapping tables, see the qos conform-level, dscp and local-precedence
commands.
Example
# Initiate traffic limit on the packets match the permitted rules in ACL 4000, the detailed
setting: CIR is 200 kbps; CBS is 25000 bytes; EBS is 25000bytes; drop the
over-threshold packets.
[Quidway-Ethernet0/1] traffic-limit inbound link-group 4000 200 25000 25000
conform remark-policed-service exceed-action drop
2-63
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.3.30 traffic-priority
Syntax
View
Parameter
One rule in IP ACL and ip-group { acl-number | acl-name } rule rule link-group
one rule in Link ACL { acl-number | acl-name } rule rule
One rule in IP ACL and ip-group { acl-number | acl-name } rule rule link-group
all rules in Link ACL { acl-number | acl-name }
2-64
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
z rule rule: Specifies the rule in the ACL to be activated, ranging from 0 to 127. If it is
not specified, all the rules in the ACL will be activated.
auto: Auto-allocates service groups by the switch.
remark-policed-service: Reallocates service groups.
trust-dscp: Reallocates service groups based on packet DSCP values.
dscp dscp-value: Reallocates service groups based on user-defined DSCP values.
dscp-value ranges 0~63.
untrusted dscp dscp-value cos cos-value local-precedence local-precedence
drop-priority drop-level: User-defines a set of service groups. dscp-value is DSCP
value, in digit (0~63) or name; local-precedence is local precedence value, in digit (0~7)
or name. cos-value is 802.1p priority value, in digits (0~7) or name; drop-level is
conform-level, in digit (0~2).
Description
Using the traffic-priority command, you can enable the ACL and configure traffic
classification and choose a set of service groups for the target traffics (only available to
the permitted rules in the ACL). Using the undo traffic-priority command, you can
cancel service groups for a designated traffic type.
The following modes are available in configuration service groups for a designated
traffic type:
1) The switch allocates service groups when it receives packets. You just select the
auto keyword in the command, for this mode.
2) Choose service groups for packets based on their DSCP values and
conform-levels and get them from “DSCP + Conform-Level → Service group”
mapping table. You just select the remark-policed-service trust-dscp keyword
in the command, for this mode.
3) Choose service groups for packets based on user-defined DSCP values and
conform-levels and get them from “DSCP + Conform-Level → Service group”
mapping table. You just select the remark-policed-service dscp dscp-value
parameter in the command, for this mode.
4) Customize a set of service groups. You just select the remark-policed-service
untrusted dscp dscp-value cos cos-value local-precedence local-precedence
drop-priority drop-level parameter in the command, for this mode.
If you want to choose the second or third mode, you must ensure you have configured
"DSCP + Conform-Level → Service group mapping table. For more information about
this mapping table, see the qos conform-level and dscp commands. In DSCP +
conform-level to service map used by packet priority remark function, the conform-level
equal 0.
2-65
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Note:
If you choose untrusted mode for a specific traffic in traffic-priority operation, that is,
you manually specify a service group for the designated traffic, then the traffic-limit
and traffic-statistic operations are invalid for this traffic. If you choose traffic-limit and
traffic-statistic, however, then the untrusted mode is invalid.
Example
# Auto-allocate service groups for packets match the permitted rules in ACL 4000.
[Quidway-Ethernet0/1] traffic-priority inbound link-group 4000 auto
2.3.31 traffic-redirect
Syntax
View
Parameter
acl-rule: the rule of ACL, only the rules including these elements defined in template
can be sent to target hardware and referenced for such QoS functions as packet
filtering, traffic policing, priority re-labeling. Otherwise, the rules cannot be activated on
the hardware. The ACL combined mode is following.
One rule in IP ACL and ip-group { acl-number | acl-name } rule rule link-group
one rule in Link ACL { acl-number | acl-name } rule rule
2-66
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using the traffic-redirect command, you can enable the ACL and set traffic redirection
(only available to the permitted rules). Using the undo traffic-redirect command, you
can remove traffic redirection setting.
You can redirect packets to the CPU, designated Ethernet port or designated IP
address.
Note:
The redirection configuration is valid only when the action taken by ACLs is permit.
You can use the next-hop ip-addr1 ip-addr2 parameter realizing the policy routing
function.
2-67
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Example
# Redirect packets match the permitted rules in ACL 4000 to the port Ethernet0/1.
[Quidway-Ethernet0/1] traffic-redirect inbound link-group 4000 interface
ethernet0/1
2.3.32 traffic-shape
Syntax
View
Parameter
Description
Using the traffic-shape command, you can enable traffic shaping to transmit packets
at relatively average rate. Using the undo traffic-shape command, you can remove
traffic shaping.
The switch support port-based traffic shaping, that is, running traffic shaping to all the
traffic at a port. For this purpose, you do not select the queue queue-id parameter in the
command. You can also run traffic shaping for a specific outbound queue, i.e. all traffic
in this queue, by selecting the queue queue-id parameter in the command.
It is recommended to configure traffic shaping on all the traffic at the port.
2-68
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Note:
z If you only configure the queue-based traffic shaping on a port, no limitation to the
parameter queue-depth.
z If you only configure the port-based traffic shaping on a port, the parameter
queue-depth must be greater than 128.
z If you configure the port-based and queue-based traffic shaping on a port at same
time, the parameter limitation of max-rate, burst-size and queue-depth must be as
following:
max-rate of the port must be greater than the sum of all queues’ max-rate.
burst-size of the port must be greater than the sum of all queues’ burst-size.
queue-depth of the port must be greater than the burst-size of queue.
Example
# Run traffic shaping on all traffic at the current port, with max-rate being 650kbps,
burst-size being 8 kbytes and queue-depth being 80 kbytes.
[Quidway-Ethernet0/1] traffic-shape 650 8 80
2.3.33 traffic-statistic
Syntax
View
Parameter
acl-rule: the rule of ACL, only the rules including these elements defined in template
can be sent to target hardware and referenced for such QoS functions as packet
filtering, traffic policing, priority re-labeling. Otherwise, the rules cannot be activated on
the hardware. The ACL combined mode is following.
Only one rule in Link ACL link-group { acl-number | acl-name } rule rule
2-69
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Description
Using the traffic-statistic command, you can enable the ACL and configure traffic
statistics (only available to the permitted rules in the ACL). Using the undo
traffic-statistic command, you can remove traffic statistics setting.
You can use the display qos-interface traffic-statistic command to view the
information result.
Note:
If you choose untrusted mode for a specific traffic in traffic-priority operation, that is,
you manually specify a service group for the designated traffic, then the traffic-limit
and traffic-statistic operations are invalid for this traffic. If you choose traffic-limit and
traffic-statistic, however, then the untrusted mode is invalid.
Example
2-70
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
2.3.34 wred
Syntax
wred wred-index
undo wred wred-index
View
System view
Parameter
Description
Using the wred command, you can create a WRED index view and enter it. Using the
undo wred command, you can restore default setting.
By default, the switch provides four sets of WRED parameters, respectively numbered
as 0~3. The WRED parameters include green-min-threshold, green-max-threshold,
green-max-prob, yellow-min-threshold, yellow-max-threshold, yellow-max-prob,
red-min-threshold, red-max-threshold, red-max-prob and exponent. See the QoS/ACL
module in Operation Manual for more information about red, yellow and green packets.
Example
2-71
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 3 Logon user’s ACL control commands
Syntax
View
User-interface view
Parameter
acl-number: Specifies a basic ACL with a number in the range of 2000 to 2999.
inbound: Perform ACL control over the users that telnet to the local switch.
outbound: Perform ACL control over the users that telnet to other switches from the
local switch.
Description
Using acl command, you can call an ACL and perform ACL control over the TELNET
users.
This command calls numbered basic ACL only.
Example
# Performs ACL control over the users that telnet to the local switch. (Suppose ACL
2020 has been defined.)
[Quidway] user-interface vty 0 4
[Quidway-user-interface-vty0-4] acl 2020 inbound
Syntax
View
System view
3-1
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 3 Logon user’s ACL control commands
Parameter
acl-number: Specifies a basic ACL with a number in the range of 2000 to 2999.
Description
Using ip http acl command, you can call an ACL and perform ACL control over the
WEB network management users. Using undo ip http acl command, you can cancel
the ACL control over the WEB network management users.
This command calls numbered basic ACL only.
Example
# Performs ACL control over the WEB network management users. (Suppose ACL
2020 has been defined.)
[Quidway] ip http acl 2020
Syntax
View
System view
Parameter
Description
Using snmp-agent community command, you can configure the community name,
and perform the ACL control over the network management user through the
parameter acl acl-number. Using undo snmp-agent community command, you can
cancel the configuration of community name.
3-2
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 3 Logon user’s ACL control commands
Example
# Configures huawei as the community name, allows read-only access to the switch by
the name, meanwhile, performs the ACL control to the network management user by
ACL 2020. (Suppose ACL 2020 has been defined.)
[Quidway] snmp-agent community read huawei acl 2020
Syntax
View
System view
Parameter
3-3
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 3 Logon user’s ACL control commands
Description
Using snmp-agent group command, you can configure a new SNMP group, and
perform the ACL control to the group through the parameter acl acl-number. Using
undo snmp-agent group command, you can cancel the SNMP group.
Example
# Creates a new SNMP group: huawei, and perform the ACL control to the group
through ACL 2021. (Suppose ACL 2021 has been defined.)
[Quidway] snmp-agent group v1 huawei acl 2021
Syntax
View
System view
Parameter
3-4
Command Manual - QoS/ACL
Quidway S3500 Series Ethernet Switches Chapter 3 Logon user’s ACL control commands
privpassword: Specify the encryption password with a character string, ranging from 1
to 64 bytes.
acl acl-number: the number of basic ACL, ranging from 2000 to 2999.
local: Local entity user.
engineid: Specify the related engine ID of the user.
Description
Using snmp-agent usm-user command, you can add a new user to a SNMP group,
and perform the ACL control to the user through the parameter acl acl-number. Using
undo snmp-agent usm-user command, you can cancel a user from corresponding
SNMP group, meanwhile delete the configuration of ACL control.
Example
# Adds a user huawei for huaweigroup (an SNMP group), configures to authenticate
with HMAC-MD5-96 and sets authentication password as hello, meanwhile perform the
ACL control to the user through ACL 2020 . (Suppose ACL 2020 has been defined.)
[Quidway] snmp-agent usm-user v3 huawei huaweigroup authentication-mode md5
quidway acl 2020
3-5
HUAWEI
Integrated Management
Table of Contents
i
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Commands
Syntax
View
Any view
Parameter
members: Display stack member information. It is omitted for the slave switches.
Description
Using display stacking command, you can view the stack status information of the
master switch or slave switches in a stack.
When using this command on the master switch without members, the displayed
information will indicate that the local switch is the master switch and indicate the
number of switches in the stack. Using the command with members, the member
information of the stack will be displayed, including stack number of master/slave
switches, stack name, stack device name, MAC address and status.
When using this command on a slave switch, the displayed information will indicate that
the local switch is a slave switch of the stack, indicate the stack number of the switch
and MAC address of the master switch in the stack.
Example
1-1
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Commands
MAC Address:00e0-fc07-0bc0
Member status: Admin
IP: 172.31.0.1/16
Member number: 1
Name:stack_1.Quidway
Device:Quidway S3026
MAC Address:00e0-fc07-58a0
Member status:Up
IP: 172.31.0.2/16
Field Description
The number of member switch, main device’s number is
Member number: 0
0
Name:stack_0.Quidway Name of member switch
1.1.2 stacking
Syntax
stacking num
View
User view
Parameter
Description
Using stacking command, you can switch from the master stack switch to a slave
switch to perform the configuration.
This command can only be used to switch from the master switch to a slave switch and
the user level remains the same while switching. To switch from a slave switch back to
a master switch, input <quit>.
1-2
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Commands
Example
# Switch from master switch Quidway to slave Switch1, perform the configuration on
Switch1 and then switch back to the master switch.
<stack_0.Quidway> stacking 1
<stack_1.Quidway>
<stack_1.Quidway> quit
<stack_0.Quidway>
Syntax
stacking enable
undo stacking enable
View
System view
Parameter
None
Description
Using stacking enable command, you can establish a stack. Using undo stacking
enable command, you can cancel the stack.
After entering this command, the system will automatically add the switches connected
to the stack ports of the master switch to the stack. User can only operate on the master
switch to delete a stack.
After a stack has been established, the slave switch will exit the stack automatically if
the stack port is disconnected.
Example
# Establish a stack.
[Quidway] stacking enable
Syntax
1-3
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Commands
View
System view
Parameter
Description
Using stacking ip-pool command, you can configure the optional IP address range in
public network for a stack. Using undo stacking ip-pool command, you can restore to
the default IP address configuration of the stack.
By default, no IP pool is configured.
Before establishing a stack, the user should firstly set the optional IP address range in
the public network for a stack. Then the master switch will automatically distribute the
applicable IP addresses for the slave switches to add to the stack.
This command can only be used on the non-stack switches. After a stack is
established, the user will not be able to modify its IP address range.
ip-address-number must be larger than or equal to the maximum-number of stack
switches. Otherwise, some switches cannot be added into the stack automatically.
Example
1-4
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Syntax
View
Any view
Parameter
interface port-list: Specifies a list of ports isolated from the specified port. A list may
contain consecutive or separated ports, or the combination of consecutive and
separated ports. The parameter is expressed as { interface_type interface_num |
interface_name } [ to { interface_type interface_num | interface_name } ] } &<1-10>.
interface_type specifies the port type. interface_num specifies the port number,
expressed as slot number/port number. Key word to helps specify a port range.
Description
Using display ndp command, you can view global NDP configuration information,
including NDP packet interval, NDP information hold time and neighbor information of
all the ports.
Example
Interface: Ethernet0/2
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/3
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/4
2-1
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Interface: Ethernet0/5
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/6
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/7
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/8
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/9
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/10
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/11
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/12
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/13
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/14
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/15
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/16
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/17
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/18
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
2-2
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Interface: Ethernet0/19
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/20
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/21
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/22
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: Ethernet0/23
Status: Enabled, Pkts Snd: 11, Pkts Rvd: 12, Pkts Err: 0
Neighbor 1: Aging Time: 170(s)
MAC Address : 00e0-fc00-0003
Port Name : Ethernet0/23
Software Ver: VRP3.10
Device Name : Quidway S3526
Port Duplex : AUTO
Product Ver : 3526-0001C
Interface: Ethernet0/24
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Interface: GigabitEthernet2/1
Status: Enabled, Pkts Snd: 4, Pkts Rvd: 5, Pkts Err: 0
Table 2-1 Information about NDP configuration the NDP neighbors discovered by a
port
Field Description
Neighbor Discovery
The system NDP is enabled on the switch
Protocol is enabled
Neighbor Discovery
The NDP version
Protocol Ver: 1
The current device transmits NDP packet every 60
Hello Timer: 60(s)
seconds.
A neighbor keeps the NDP information of the current
Aging Timer: 180(s)
device for 180 seconds.
Interface: Ethernet0/1 Port number, specify a port
2-3
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Field Description
Pkts Snd: 89 Number of NDP packets transmitted from a port
Pkts Rvd: 262 Number of NDP packets received by a port
Pkts Err: 0 Number of error NDP packets received by a port
Neighbor 1: Aging The neighbor NDP information aging time connected by
Time: 170(s) the port
MAC Address MAC address of a neighbor device
Port Name Port name of a neighbor device
Software Ver The software version of a neighbor device
Device Name Device name of a neighbor device
Port Duplex Port duplex mode of a neighbor device
Product Ver The product version of a neighbor device
Syntax
View
Parameter
interface port-list: Specifies a list of ports isolated from the specified port. A list may
contain consecutive or separated ports, or the combination of consecutive and
separated ports. The parameter is expressed as { interface_type interface_num |
interface_name } [ to { interface_type interface_num | interface_name } ] } &<1-10>.
interface_type specifies the port type. interface_num specifies the port number,
expressed as slot number/port number. Key word to helps specify a port range.
Description
Using ndp enable command, you can enable NDP on a system in system view, or
enable it on a port in Ethernet port view. Using undo ndp enable command, you can
disable NDP on a system in system view, or disable it on a port in Ethernet port view.
Example
2-4
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Syntax
View
System view
Parameter
seconds: Specifies NDP packet interval and ranges from 5 to 254 in units of second. By
default, NDP packets are transmitted every 60 seconds.
Description
Using ndp timer hello command, you can configure how often to transmit the NDP
packets. Using undo ndp timer hello command, you can restore the default NDP
packet interval.
A device shall refresh the NDP information of its adjacent nodes in time to maintain
timely information as the adjacent nodes change. You can use configuration command
to adjust the NDP refreshing frequency.
Example
Syntax
View
System view
Parameter
aging-in-secs: Specifies how often to refresh the neighbor node information on a port
and ranges from 5 to 255 in units of second. By default, NDP is aged in 180 seconds.
Description
Using ndp timer aging command, you can configure how long a device will hold the
NDP packets received from the local device. After the aging timer expires, the device
2-5
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
will discard the received NDP neighbor node information. Using undo timer aging
command, you can restore the default NDP information aging time.
A user can specify how long an adjacent device will hold the information of the local
device. The adjacent device learns how long it will hold the NDP information from the
aging time carried in NDP packets and discards the packets when the aging timer
expires.
Normally NDP aging time is longer than NDP packet interface. Otherwise, the neighbor
information table of an NDP port will become unstable.
Example
# Configure the aging time of NDP packet as 60, so that an adjacent device will discard
the NDP packets from the local device 60 seconds after receiving them.
[Quidway] ndp timer aging 60
Syntax
View
User view
Parameter
interface port-list Specifies a list of ports isolated from the specified port. A list may
contain consecutive or separated ports, or the combination of consecutive and
separated ports. The parameter is expressed as { interface_type interface_num |
interface_name } [ to { interface_type interface_num | interface_name } ] } &<1-10>.
interface_type specifies the port type. interface_num specifies the port number,
expressed as slot number/port number. Key word to helps specify a port range.
Description
Using reset ndp statistics command, you can reset the NDP counters to clear the
NDP statistics information.
Example
2-6
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Syntax
display ntdp
View
Any view
Parameter
None
Description
Using display ntdp command, you can view the global NTDP information. The
displayed information includes collected hops, ntdp timer, hop-delay, port-delay and
time taken for last collection.
This command is used for displaying the global NTDP information.
Example
Field Description
NTDP is running. The global NTDP is enabled on the local device.
2-7
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Syntax
View
All view
Parameter
Description
Using display ntdp device-list command, you can view the device information
collected through NTDP.
Example
Field Description
MAC MAC address of the device
HOP Hops to the collecting device
2-8
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Hostname : Quidway
MAC : 00e0-fc07-3c00
Hop : 3
Platform : Quidway S3026
IP:
Version:
Huawei Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
Quidway S3026 Software Version 3026-005, RELEASE SOFTWARE
Copyright (c) 2000-2002 By HUAWEI TECH CO., LTD.
Field Description
Peer MAC MAC address of the peer device
Syntax
ntdp enable
2-9
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
View
Parameter
None
Description
Using ntdp enable command, you can enable NTDP on switch or a port. Using undo
ntdp enable command, you can disable NTDP on switch or a port.
By default, NTDP is enabled on switch and the ports supporting NDP. If NTDP is
enabled on a port not supporting NDP, NTDP cannot run yet.
Before a device can process NTDP packet, the system NTDP must be enable first.
After disabling system NTDP, all the NTDP information on the switch will be cleared and
the switch will discard all the NTDP packets and stop transmitting NTDP request.
The user can use this command to enable/disable NTDP on a specified port to decide
through which port to transmit/receive and forward NTDP packets. After the global
NTDP and port NTDP have been enabled, the NTDP packets can be transmitted,
received and forwarded via the port. After the NTDP is disabled on the port, the port will
not process NTDP packets.
Sometimes it only needs collecting the topology connected to the downlink ports, not
caring about that connected to the uplink. In this case, NTDP is supposed to be
disabled on the uplink ports.
Example
Syntax
ntdp explore
View
User view
Parameter
None
2-10
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Description
Using ntdp explore command, you can start topology information collection when you
wants to collect network topology information. NTDP will collect the NDP information of
every device and all of their neighboring connections in the specified network scope.
The administrator device or network management system will learn the network
topology according to the information to manage and monitor the devices.
Example
Syntax
View
System view
Parameter
hop-value: Indicate the maximum hops that the device collected can be away from the
topology collecting device, ranging from 1 to 16. By default, the value is 3.
Description
Using ntdp hop command, you can configure a limit to the hops for topology collection
to collect the topology information of the devices among determined range, so that
infinitive collection can be avoided. Using undo ntdp hop command, you can restore
the default value. The limit is performed through controlling permitted hops from the
originating of collection. For example, if you set a limit of 2 to the hop number, only the
switches 2 hops away from the first switch transmitting the topology collection request
will be collected.
This command is only effective on the topology-collecting device. The broader
collection scope requires more memory of the topology-collecting device.
Example
2-11
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Syntax
View
System view
Parameter
Description
Using ntdp timer command, you can configure the topology collection interval. Using
undo ntdp timer command, you can restore the default topology collection interval.
By default, the interval of periodic topology collection is 0 minute, i.e. no regular
topology collection will be performed.
In order to learn the topology changes in time, it is necessary to regularly collect the
topology information throughout the whole scope specified. This can show any
topological changes, some of which may be omitted by the partial collection.
Example
Syntax
View
System view
Parameter
time: The time that the collected device wait before forwarding the topology-collection
request, ranging from 1 to 1000 milliseconds. By default, the value is 200ms.
2-12
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Description
Using ntdp timer hop-delay command, you can configure delay for collected device to
forward topology collection request. Using undo ntdp timer hop-delay command, you
can restore the default delay value.
To avoid network congestion resulted from collecting device’s receiving large amount of
responses simultaneously, you can configure each collected device to delay response
for a period of time after receiving the topology request. Then, the first port will start to
forward the topology request packet.
This command is executed on the collecting device. The topology request contains the
hop-delay time, according to which the collected device decides how long it shall wait
before the first port forwards the request.
Example
# Configure that the collected device receives NTDP request and delays for 300ms
before transmitting the NTDP packet to the first port.
[Quidway] ntdp timer hop-delay 300
Syntax
View
System view
Parameter
time: The delay before forwarding the topology request packet to the next port, ranging
from 1 to 100 in milliseconds. By default, the value is 20ms.
Description
Using ntdp timer port-delay command, you can configure the delay before the next
port’s forwarding packets on the collected device. Using undo ntdp timer port-delay
command, you can restore the default port-delay.
To avoid network congestion resulted from collecting device’s receiving large amount of
responses simultaneously, you can configure each collected device to delay response
for a period of time after receiving the topology request. Then, the first port will start to
forward the topology request packet.
2-13
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
This command is configured on the collecting device. The topology request contains
the port-delay time, according to which the collected device decides how long it shall
wait before the first port forwards the request.
Example
# Configure that the collected device shall delay for 40ms before the next port sends
the request.
[Quidway] ntdp timer port-delay 40
Syntax
View
Cluster view
Parameter
Description
2-14
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Example
# Add the candidate device, with MAC address 00E0-fc00-35e7 and super-password
huawei, to the cluster, and its member number is 6.
[Huawei_0.Quidway-cluster] add-member 6 mac-address 00E0-fc00-35e7 password
huawei
2.3.2 administrator-address
Syntax
View
Cluster view
Parameter
Description
Example
2.3.3 auto-build
Syntax
auto-build [ recover ]
2-15
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
View
Cluster view
Parameter
recover: automatic get back the members of a cluster for the administrator device
when it reboot.
Description
Example
2.3.4 build
Syntax
build name
undo build
View
Cluster view
Parameter
name: Cluster name with no more than 8 characters, including and only including
letters, numerals, subtraction sign “-” and underline “_”.
2-16
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Description
Using build command, you can configure a cluster on a device. The name parameter
specifies the name of the cluster. Using undo build command, you can cancel a
cluster.
By default, all the devices supporting cluster are candidate devices.
After a cluster is created, the device on which the command is executed becomes the
administrator device and will be assigned with a fixed member number of 0.
This command can be executed on an administrator device or a command-capable
device. Using it on an administrator device, you can rename a cluster. Using it on a
candidate device, you can create a cluster.
Example
# Configure the current switch as the administrator device and specifies HUAWEI as
the cluster name.
[Quidway-cluster] build HUAWEI
2.3.5 cluster
Syntax
cluster
View
System view
Parameter
None
Description
Example
Syntax
cluster enable
undo cluster enable
2-17
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
View
System view
Parameter
None
Description
Using cluster enable command, you can enable the cluster function on a switch. Using
undo cluster enable command, you can disable the cluster function of a switch.
By default, the cluster function is enabled on all the devices supporting cluster.
Above commands can be used on any device supporting the cluster function. When
you use the undo cluster enable command on an administrator device, the system will
delete the cluster and disable the cluster function on it. When you use it on a member
device, the system will exit the cluster and disable the cluster function on it.
Note: If the cluster function is disabled, you cannot create a cluster on the device or add
it to a cluster.
Example
Syntax
View
User view
Parameter
Description
Using cluster switch-to command, you can switch between administrator device and
member devices for convenient management.
A member device in a cluster can be managed through the administrator device. The
user can operate on an administrator device and switchover to a specified member
2-18
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Example
# Switch from the administrator device to member device 6 and then switches back to
the administrator device.
<Huawei_0.Quidway> cluster switch-to 6
<Huawei_6.Quidway> quit
<Huawei_0.Quidway>
2.3.8 delete-member
Syntax
delete-member member-num
View
Cluster view
Parameter
Description
Using delete-member command, you can cancel a member from the cluster.
This command can be performed on administrator device. After performing this
command, the administrator device will notify a member device to exit cluster and
delete it from the member list. If the administrator device and the member device still
cannot intercommunicate, the member will be deleted, however, the cluster information
on the member device may not be deleted.
2-19
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Example
Syntax
display cluster
View
Any view
Parameter
None
Description
Using display cluster command, you can view the state and basic configuration
information of the cluster.
This command can be performed on both administrator device and member device, but
the displays are different. In the administrator device, there are cluster name, member
number, handshake interval, holdtime, address pool, and the server of cluster. In the
member device, there are member number, MAC address of administrator device, and
the state of administrator device.
Example
2-20
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Field Description
Cluster name Name of the cluster
Role Role of the cluster member
Handshake timer Value of handshake timer
Handshake hold-time Value of handshake hold-time
IP-Pool IP pool of the cluster
No logging host configured
No SNMP host configured
The corresponding configuration of the cluster
No FTP server configured
No TFTP server configured.
Field Description
Cluster name Name of the cluster
Role Role of the cluster member
Member state Member status
2-21
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display cluster candidates command, you can view candidate devices of the
cluster.
This command can only be performed on the administrator device.
The candidate devices are collected by NTDP. Execute hop command in System view
to specify the collection range.
This command displays the candidate device collected by NTDP last time. In order to
ensure the correctness of display, you can manually perform a collection first, or set the
NTDP to run collection periodically.
Example
2-22
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
MAC : 00e0-fc00-a01f
Hop : 2
IP:
Platform : Quidway S3026
Hostname : LSW1
MAC : 00e0-fc07-4de0
Hop : 1
IP: 1.5.6.7/16
Platform : Quidway S3526
Field Description
Hostname Name of the candidate device
MAC MAC address
Hop Hops to the administrator device
IP IP address
Syntax
View
Any view
Parameter
Description
Using display cluster command, you can view the information of cluster member.
This command can only be performed on the administrator device. Using member-num
or verbose parameter to display detail information of a certain member or all the
members
Example
2-23
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Field Description
SN Device serial number
Device Device type
MAC Address MAC address of the device
Status Status of the device
Name Name of the device
# Display the detailed configuration information about the administrator device and all
member devices.
<Quidway> display cluster members verbose
Member number: 0
Name:Huawei_0.Quidway
Device:Quidway S3526
MAC Address:00e0-fc07-0bc0
Member status:Cmdr
Hops to administrator device:0
IP: 1.1.200.210/16
Version:
Huawei Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
Copyright (c) 2000-2002 By HUAWEI TECH CO., LTD.
Quidway S3526 3526-003
Member number: 1
Name:Huawei_1.Quidway
Device:Quidway S3026
MAC Address:00e0-fc00-a01f
Member status:Up
Hops to administrator device:2
IP:
Version:
Huawei Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
2-24
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Member number: 2
Name:Huawei_2.LSW1
Device:Quidway S3526
MAC Address:00e0-fc07-4de0
Member status:Up
Hops to administrator device:1
IP: 1.5.6.7/16
Version:
Huawei Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
Copyright (c) 2000-2002 By HUAWEI TECH CO., LTD.
Quidway S3526 3526-003
Field Description
Member number: Device member number
2.3.12 ftp-server
Syntax
ftp-server ip-address
undo ftp-server
View
Cluster view
Parameter
2-25
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Description
Using ftp-server command, you can configure the public FTP server for the cluster
members on the administrator device. Using undo ftp-server command, you can
configure administrator device as FTP server.
By default, the administrator device acts as FTP Server.
The member device within cluster will access FTP server via administrator device.
Configure the IP address of FTP server for the cluster, then the member devices of the
cluster can access the server via the administrator device.
Example
# Configure the IP address of FTP server for the cluster on the administrator device.
[Huawei_0.Quidway-cluster] ftp-server 1.0.0.9
2.3.13 holdtime
Syntax
holdtime seconds
undo holdtime
View
Cluster view
Parameter
seconds: Valid holdtime in seconds, ranging from 1 to 255. By default, the valid
holdtime is 60 seconds.
Description
Using holdtime command, you can configure the valid holdtime of a switch. Using
undo holdtime command, you can restore the default value of holdtime . After missing
3 times of handshake, if the switch still cannot receive any information of the peer
device during holdtime, it will set the state of peer device to “down”. When the
communication resumes, the relevant member device will be re-added to the cluster
(automatically). If the downtime does not go beyond the valid holdtime specified by the
user, the member device will stays in the normal state and need not be added again.
The commands can only be executed on the administrator device, which will advertise
the cluster timer value to the member devices.
Example
2-26
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
2.3.14 ip-pool
Syntax
View
Cluster view
Parameter
Description
Using ip-pool command, you can configure a private IP address range for a cluster on
the command-switch-to-be. Using undo ip-pool command, you can restore the default
IP address configuration of the cluster.
By default, no IP pool is configured.
Before setting up a cluster, the user should configure a private IP address pool for the
member devices of the cluster. When a candidate device is added, the administrator
device will dynamically assign a private IP address, which can be used for
communication inside the cluster. In this way, the user can use the administrator device
to manage and maintain the member devices.
The commands can only be executed on a switch of non-cluster member. The IP
address pool of an existing cluster cannot be modified.
Example
2.3.15 logging-host
Syntax
logging-host ip-address
undo logging-host
View
Cluster view
2-27
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Parameter
Description
Using logging-host command, you can configure a public logging host for the member
devices on the administrator device. Using undo logging-host command, you can
cancel the logging host.
By default, there is no public logging host configured.
The commands are used to assign an IP address for the logging host of the cluster,
thereby the members can send log information to logging host via the administrator
device.
Example
2.3.16 port-tagged
Syntax
View
Cluster view
Parameter
Description
Using port-tagged command, you can configure VLAN check for the communication
inside a cluster on the administrator device. Using undo port-tagged command, you
can cancel VLAN check for the communication inside a cluster on the administrator
device.
By default, VLAN check is performed.
Example
2-28
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Syntax
View
Cluster view
Parameter
Description
Using reboot member command, you can reset a specified member device on the
administrator device.
The communication between the administrator device and member devices may be
interrupted due to some configuration errors, the member device can be controlled via
the remote control function of member device. For example, you can delete the booting
configuration file and reset the member device to restore the normal communication
between administrator device and member device.
When using the reboot member command, the user can decide to delete the
configuration file or not with the eraseflash parameter when the member device is
resetting.
Example
2.3.18 snmp-host
Syntax
snmp-host ip-address
undo snmp-host
View
Cluster view
Parameter
2-29
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Description
Using snmp-host command, you can configure the public SNMP host for the members
inside a cluster on the administrator device. Using undo snmp-host command, you
can cancel the public SNMP host.
By default, there is no public SNMP host.
This command is used to configure the IP address of the network management site for
the cluster, thereby a cluster member can send the trap information to it via the
administrator device.
Example
# Configure the IP address of SNMP host for the cluster on the administrator device.
[Huawei_0.Quidway-cluster] snmp-host 1.0.0.9
2.3.19 tftp-server
Syntax
tftp-server ip-address
undo tftp-server
View
Cluster view
Parameter
Description
Using tftp-server command, you can configure the public TFTP server for the cluster
members on the administrator device. Using undo tftp-server command, you can
cancel the public TFTP server.
By default, there is no public TFTP Server.
Assign an IP address for TFTP server of the cluster, then the member devices can
access the server via the administrator device.
Example
2-30
Command Manual - Integrated Management
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
2.3.20 timer
Syntax
timer interval-in-secs
undo timer
View
Cluster view
Parameter
Interval-in-secs: This parameter is to set sending time interval of the handshake packet,
ranging of 1 ~ 255 seconds. By default ,the value is 10 seconds.
Description
Using timer command, you can configure the interval of handshake packets. Using
undo timer command, you can restore the default value of the interval.
Inside a cluster, the member devices communicate with the administrator device
through transmitting handshake packets. The regular handshake can help the user
monitor the states of cluster members and links.
This command can only be executed on the administrator device, which will advertise
the cluster timer value to the member devices.
Example
2-31
HUAWEI
STP
Table of Contents
i
Command Manual - STP
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Syntax
active region-configuration
View
Parameter
None
Description
Example
Syntax
check region-configuration
1-1
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
View
Parameter
None
Description
Example
Field Description
Format selector Factor to selelct protocol type prescribed in MSTP
Region name Region name of MST region
Revision level MSTP revision level of MST region
1-2
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Syntax
View
Any view
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
slot slot-num: Configure to display the STP configuration of specified slot.
brief: Configure to display the state and protection type of the port only, instead of any
other information.
Description
Using display stp command, you can view the state information and statistics
information of the spanning tree .
The MSTP state and statistics information can help analyze and maintain the network
topology and maintain the normal operation of MSTP.
If no STI ID or port list is specified, the command will display the spanning tree
information of all the instances on all the ports in port number order. If the instance ID is
specified, the command will display the spanning tree information of the specified
instance on all the port in port number order. If only the port list is specified, the
command will display the information about all the STIs on the port in port number order.
If both the STI ID and port list are specified, the command will displays the spanning
tree information of the specified instance on the specified port in instance ID order.
MSTP state information include:
z Global CIST parameter: Protocol operation mode, switch priority in the CIST
instance, MAC address, Hello Time, Max Age, Forward Delay, Max Hops, CIST
common root, external path cost of the switch to the CIST common root, region
root, internal path cost of the switch to the CIST common root, CIST root port of
the switch, and whether to enable BPDU protection;
1-3
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
z CIST port parameter: Port state, role, priority, path cost, designated bridge,
designated port, edge port/non-edge port, whether connected to the point-to-point
link, port transit limit, whether to enable Root protection, whether being a region
edge port, Hello Time, Max Age, Forward Delay, Message-age time, and
Remaining-hops;
z Global MSTIs parameter: MSTI instance ID, bridge priority of the instance, region
root, internal path cost, MSTI root port, and MASTER bridge;
z MSTIs port parameter: Port state, role, priority, path cost, designated bridge, and
Remaining Hops.
Statistics information: Count of TCN, CONFIG BPDU, RST, and MST BPDU
transmitted/received via the port.
For the related command, see reset stp.
Example
# Display the state and statistics information about the spanning tree.
<Quidway> display stp instance 0 interface ethernet0/1 to ethernet0/10 brief
MSTID Port STP State Guard Type
0 Ethernet0/1 DOWN none
0 Ethernet0/2 DOWN none
0 Ethernet0/3 DOWN none
0 Ethernet0/4 DOWN none
0 Ethernet0/5 DOWN none
0 Ethernet0/6 DOWN none
0 Ethernet0/7 DOWN none
0 Ethernet0/8 DOWN none
0 Ethernet0/9 DOWN none
0 Ethernet0/10 DOWN none
The above information indicates that the MSTIDs of the ethernet0/1 through
ethernet0/10 are all 0, that is, all these ports belong to CIST.
Field Description
MSTID MST instance ID of the port
Port Port number
STP State STP State of the port, which can be up or down.
Guard Type Guard Type of the port, which can be
1-4
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display stp region-configuration command, you can view the effective MST
region configurations .
MST region configuration information includes: region name, region revision level, and
associations between VLANs and STIs. All these configurations together determine to
which MST region a switch belongs.
For the related command, see stp region-configuration .
Example
Field Description
Format selector Selection factor descripted in the MSTP protocol
1-5
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
1.1.5 instance
Syntax
View
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
vlan-list: Specifies the VLAN list and expressed as vlan-list = { vlan-id [ to
vlan-id ] }&<1-10>. VLAN ID ranges from 1 to 4094. &<1-10> means that the preceding
parameters can be entered up to 10 times. The switch may support VLAN 4095, 4096
others, however, they can only be mapped to CIST (Instance 0).
Description
Using instance command, you can map the specified VLAN list to the specified STI.
Using undo instance command, you can cancel the specified VLAN list from the
specified STI, the removed VLAN will then be mapped to the CIST (i.e., the Instance 0).
If no VLAN is specified in the undo command, all the VLANs associated with the
specified STI will be mapped to CIST.
By default, all the VLANs are mapped to CIST, i.e., the Instance 0.
MSTP describes the association between VLANs and STIs with the VLAN mapping
table. You can use this command to configure this table. Every VLAN can be mapped to
an STI as per your configuration.
A VLAN cannot be mapped to different instances at the same time. The latter
configured association will replace the former one.
For the related command, see region-name, revision-level, check
region-configuration , vlan-mapping modulo, active region-configuration .
Example
1.1.6 region-name
Syntax
region-name name
1-6
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
undo region-name
View
Parameter
name: Specifies the MST region name of the switch with a character string not
exceeding 32 bytes.
Description
Using region-name command, you can configure the MST region name of a switch.
Using undo region-name command, you can restore the default MST region name.
By default, the MST region name of the switch is the first MAC address in hexadecimal
notation.
The switch region name, together with VLAN mapping table of the MST region and
MSTP revision level, is used for determining the region to which the switch belongs.
For the related command, see instance, revision-level, check region-configuration ,
vlan-mapping modulo, active region-configuration .
Example
Syntax
View
User view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
Description
Using reset stp command, you can reset the spanning tree statistics information.
1-7
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
The spanning tree statistics information includes TCN, Config BPDU, RST, and MST
BPDU, received and transmitted on the port. Among them, STP BPDU and TCN BPDU
are counted on CIST.
When the spanning tree ID and port list are specified, the command clears the statistics
information of the specified spanning tree on the specified port. If no port is specified,
the command clears the statistics information of the specified spanning tree on all the
ports. If no spanning tree is specified, the command clears the statistics information of
all the spanning trees.
For the related command, see display stp.
Example
# Clear the statistics information on the ports from Ethernet0/1 through Ethernet0/3.
<Quidway> reset stp interface ethernet0/1 to ethernet0/3
1.1.8 revision-level
Syntax
revision-level level
undo revision-level
View
Parameter
level: Specifies the MSTP revision level, ranging from 0 to 65535. By default, MSTP
revision level takes 0.
Description
Using revision-level command, you can configure MSTP revision level of the switch.
Using undo revision-level command, you can restore the default revision-level .
MSTP revision level, together with region name and VLAN mapping table, is used for
determining the MST region to which the switch belongs.
For the related command, see instance, region-name, check region-configuration ,
vlan-mapping modulo and active region-configuration .
Example
1-8
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
1.1.9 stp
Syntax
View
Parameter
Description
Using stp command, you can enable or disable MSTP on a device or a port. Using
undo stp command, you can restore the default MSTP state on a device or a port.
By default, MSTP is disabled on the switch.
After MSTP is enabled, the switch determines to run MSTP in STP-compatible mode or
MSTP mode per your configurations. The switch serves as a transparent bridge after
MSTP is disabled.
After MSTP is enabled, it will dynamically maintain the spanning tree state of the
corresponding VLAN according to the received configuration BPDU until it is disabled.
For the related command, see stp mode, stp interface.
Example
Syntax
stp bpdu-protection
undo stp bpdu-protection
View
System view
1-9
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Parameter
None
Description
Using stp bpdu-protection command, you can enable the BPDU protection on the
switch. Using undo stp bpdu-protection command, you can restore the default state
of BPDU protection.
By default, BPDU protection is disabled.
Generally, the access ports of the access layer devices are directly connected to user
terminals (such as PC) or file servers. In this case, the access ports are set to edge
ports to implement fast state transition. However, when such access ports receive
configuration BPDU, the system will automatically set them to non-edge ports and
recalculate the spanning tree, which makes the network topology flap. These ports will
not receive any STP configuration BPDU in normal cases. Anyway, if someone
maliciously attacks the switch with fake configuration BPDU, the network will flap.
MSTP provides BPDU protection function to avoid such attack: After configured with
BPDU protection, the switch will disable the edge port through MSTP, which receives a
BPDU, and notify the network manager at same time. These ports can be resumed by
the network manager only.
Example
Syntax
View
System view
Parameter
Description
Using stp bridge-diameter command, you can configure the switching network
diameter. Using undo stp bridge-diameter command, you can restore the default
network diameter.
1-10
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
The network diameter refers to the maximum count of switches on the path between
any two terminal devices.
The definition of network diameter: Maximum count of switches between the farthest
communication ends.
stp bridge-diameter command configures the switching network diameter and
determines the three time parameters of MSTP accordingly. This configuration takes
effect on CIST only but makes no sense for MSTI.
The spanning tree convergence can be speeded up, when Hello Time, Forward Delay,
and Max Age are well configured. These parameters are related to the network scale.
You can configure the network scale to get the time parameters. Upon the
user-configured bridge-diameter parameter, MSTP will automatically set Hello Time,
Forward Delay, and Max Age to moderate values. When bridge-diameter defaults to 7,
the time parameters also take their respective default values.
For the related command, see stp timer forward-delay, stp timer hello, stp timer
max-age.
Example
Syntax
View
Parameter
Description
Using stp edged-port enable command, you can configure the current Ethernet port
as an edge port. Using stp edged-port disable command, you can configure the
current Ethernet port as a non-edge port. Using undo stp edged-port command, you
can restore the default state, i.e., non-edge port.
By default, all the switch ports are configured as non-edge port.
1-11
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
If the current Ethernet port is connected to other switch, you can use the stp
edged-port disable or undo stp edged-port command to configure it as a non-edge
port. The stp edged-port enable command is used for configuring the port as an edge
port.
A port is considered as an edge port when it is directly connected to the user terminal,
instead of any other switches or shared network segments. The edge port will not
cause loop upon network topology changes. Accordingly, you can configure a port as
an edge port, so that it can transit to forwarding state fast. For this purpose, please
configure the Ethernet port directly connected to the user terminal as an edge port.
Because the edge port is not connected to any other switches, it will not receive the
configuration BPDUs from them. Before BPDU PROTECTION is enabled on the switch,
the port received a BPDU runs as a non-edge port, even if it is configured as edge port.
For the related command, see stp interface edged-port.
Example
Syntax
View
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
cost cost: Specifies the port path cost, ranging from 1 to 200000.
Description
Using stp cost command, you can configure the port path cost on the specified STI for
the current port. Using undo stp cost command, you can restore the path cost on the
specified STI.
By default, the path costs of a port on different STIs take the values associated with the
port speeds. For more description, refer to the table offered in the configuration
guideline of the stp interface cost command.
1-12
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
You may specify the instance-id parameter as 0 to configure CIST path cost of the port.
The path cost has effect on the port role selection. A port can be configured with
different path costs on different MSTIs. Thus the traffic from different VLANs can run
over different physical links, thereby implementing the VLAN-based load-balancing.
MSTP will recalculate the port role and transit its state, upon the port path cost
changes.
If user doesn’t input parameter “instance instance-id“ when configuring switch, the
configuration will only be effective on CIST.
The default values of the path cost varies with the different port speeds, as described in
the following table.
Recommended Recommended
Link speed Value range
value value range
10Mbps 2,000 200- 20000 1-200000
Example
Syntax
View
System view
Parameter
1-13
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
priority: Specifies the switch priority, ranging from 0 to 61440 with a step length of 4096.
That is, 16 priorities are available for the switch including 0, 4096, 8192, etc. By default,
the switch priority is 32768.
Description
Using stp priority command, you can configure the bridge priority in the specified STI.
Using undo stp priority command, you can restore the default value of bridge priority .
The switch priority takes part in the spanning tree calculation. It is configured separately
for every STI. Different STIs can be configured with different priorities.
If specifying the instance ID as 0, the command can configure the CIST priority.
Example
Syntax
View
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
port priority priority: Specifies the port priority, ranging from 0 to 240, with a step length
of 16, e.g., 0, 16, and 32. By default, the priorities of a port on the STIs are 128.
Description
Using stp port priority command, you can configure the priority of a port on a specified
STI. Using undo stp port priority command, you can restore the default priority of the
port on the specified STI.
You may specify the instance-id parameter as 0 to configure CIST priority of the port.
The port priority has effect on the port role selection. A port can be configured with
different priorities on different MSTIs. Thus the traffic from different VLANs can run over
different physical links, thereby implementing the VLAN-based load-balancing. MSTP
will recalculate the port role and transit its state, upon the port priority changes.
1-14
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
If user doesn’t input parameter “instance instance-id“ when configuring switch, the
configuration will only be effective on CIST.
For the related command, see stp interface port priority.
Example
Syntax
View
System view
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
root primary: Configure the current switch as the primary root of the designated STI.
bridge-diameter bridgenum: Specify the network diameter of the spanning tree,
ranging from 2 to 7.
hello-time centi-senconds: Specifies the Hello Time of the spanning tree, ranging from
100 to 1000 and measured in centiseconds.
Description
Using stp root primary command, you can configure the current switch as the primary
root of the designated STI. Using undo stp root command, you can cancel the current
switch for the primary root of the designated STI. If user doesn’t input parameter
“instance instance-id“ when configuring switch, the configuration will only be effective
on CIST.
By default, the switch does not server as a root bridge.
You can configure a root bridge for every STI without concerning the switch priority.
When configuring the root bridge, you may also specify the network diameter of the
designated switching network, so that the switch will calculate and get three time
parameter values (Hello time, Forward Delay and Max Age). The Hello time got in this
way may not be as good as expected. You can specify the hello-time centi-senconds
1-15
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
parameter to overwrite it. Normally, you are recommended to set the network diameter
to get the other two time parameter of the switch accordingly.
Caution:
z In a switching network, you can configure only one root bridge for each STI and one
or more secondary switches. Do not configure more than one root bridge for an STI
at the same time, otherwise, the calculation result will be unpredictable.
z After a switch is configured as primary root switch or secondary root switch, user
can’t modify the bridge priority of the switch.
Example
# Designate the current switch as the root bridge of STI 1 and specifies the diameter of
the switching network as 4 and the Hello Time as 500 centiseconds.
[Quidway] stp instance 1 root primary bridge-diameter 4 hello-time 500
Syntax
View
System view
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
root secondary: Configure the current switch as the secondary root of the designated
STI.
bridge-diameter bridgenum: Specify the network diameter of the spanning tree,
ranging from 2 to 7.
hello-time centi-senconds: Specify the Hello Time of the spanning tree, ranging from
100 to 1000 and measured in centiseconds.
1-16
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Description
Using stp root secondary command, you can configure the current switch as the
secondary root bridge of a specified STI. Using undo stp root command, you can
cancel the current switch for the secondary root bridge of a specified STI. If user
doesn’t input parameter “instance instance-id“ when configuring switch, the
configuration will only be effective on CIST.
By default, the switch does not server as a secondary root bridge.
You can configure one or more secondary root bridges in an STI. If the primary root is
down or powered off, the secondary root will take its place. Among several secondary
root bridges, the one with the smallest MAC address takes the place of the failed
primary root.
When configuring the secondary root bridge, you may also specify the switching
network diameter and the Hello Time of the switch, so that the other two parameters,
Forward Delay and Max Age, of the switch can be determined. To configure the current
switch as the root bridge of CIST, simply specify instance-id as 0. You can configure
only one root bridge for an STI and one or more secondary root bridges for it.
After a switch is configured as primary root switch or secondary root switch, user can’t
modify the bridge priority of the switch.
Example
# Configure the current switch as the secondary root bridge of STI 4 and specify the
diameter of the switching network as 5 and the Hello Time of the switch as 300
centiseconds.
[Quidway] stp instance 4 root primary bridge-diameter 5 hello-time 300
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
1-17
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Description
Using stp interface command, you can enable/disable MSTP on a switch port in
system view.
By default, if MSTP is enabled globally, it is enabled on every port; if MSTP is disabled
globally, it is also disabled on every port.
When MSTP is disabled, the corresponding port stays in forwarding state and does not
take part in any STI calculation.
Caution:
Example
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
enable: Configure the current port as an edge port.
1-18
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Description
Using stp interface edged-port enable command, you can configure a port as an
edge port in system view. Using stp interface edged-port disable command, you can
configure a port as a non-edge port in system view. Using undo stp interface
edged-port command, you can restore the non-edge port, as defaulted.
By default, all the switch ports are configured as non-edge port.
If the current Ethernet port is connected to other switch, you can use the stp interface
edged-port disable or no stp interface edged-port command to configure it as a
non-edge port. The stp interface edged-port enable command is used for configuring
the port as an edge port.
A port is considered as an edge port when it is directly connected to the user terminal,
instead of any other switches or shared network segments. The edge port will not
cause loop upon network topology changes. Accordingly, you can configure a port as
an edge port, so that it can transit to forwarding state fast. For this purpose, please
configure the Ethernet port directly connected to the user terminal as an edge port.
Because the edge port is not connected to any other switches, it will not receive the
configuration BPDUs from them. Before BPDU PROTECTION is enabled on the switch,
the port received a BPDU runs as a non-edge port, even if it is configured as edge port.
For the related command, see stp edged-port.
Example
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
1-19
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
cost cost: Specifies the path cost of the port, ranging from 1 to 200000.
Description
Using stp interface cost command, you can configure the path cost of the specified
port on the specified STI in system view. Using undo stp interface cost command,
you can restore the path cost to default value. If user doesn’t input parameter “instance
instance-id“ when configuring switch, the configuration will only be effective on CIST.
By default, the path cost of the port on every STI is associated with the port speed. For
details, refer to the table in the configuration guideline.
You may specify the instance-id parameter as 0 to configure CIST path cost of the port.
The path cost has effect on the port role selection. A port can be configured with
different path costs on different MSTIs. Thus the traffic from different VLANs can run
over different physical links, thereby implementing the VLAN-based load-balancing.
MSTP will recalculate the port role and transit its state, upon the port path cost
changes.
The default values of the path cost varies with the different port speeds, as described in
the following table.
Recommended Recommended
Link speed Value range
value value range
10Mbps 2,000 200 - 20000 1-200000
100Mbps 200 20-2000 1-200000
1Gbps 20 2-200 1-200000
10G/s 2 2-20 1-200000
Above 10G/s 1 1-2 1-200000
Example
# Set the path cost of Ethernet 0/3 on STI 2 to 400 in system view.
[Quidway] stp interface ethernet 0/3 instance 2 cost 400
1-20
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
port priority priority: Specifies the port priority, ranging from 0 to 240 with a step length
of 16, e.g., 0, 16 and 32. By default, the port has a priority of 128 on every STI.
Description
Using stp interface port priority command, you can configure the priority of the
specified port on the specified STI in system view. Using undo stp interface port
priority command, you can restore the default priority. If user doesn’t input parameter
“instance instance-id“ when configuring switch, the configuration will only be effective
on CIST.
You may specify the instance-id parameter as 0 to configure CIST priority of the port.
The port priority has effect on the port role selection. A port can be configured with
different priorities on different MSTIs. Thus the traffic from different VLANs can run over
different physical links, thereby implementing the VLAN-based load-balancing. MSTP
will recalculate the port role and transit its state, upon the port priority changes.
For the related command, see stp port priority.
Example
1-21
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
Description
Using stp interface loop-protection command, you can enable loop protection on the
switch in system view. Using undo stp interface loop-protection command, you can
restore the default loop protection state.
By default, loop protection is disabled.
For the related command, see stp loop-protection.
Example
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
1-22
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
Description
Using stp interface mcheck command, you can perform mcheck operation on the port
in system view.
If a port of an MSTP switch on a switching network has ever been connected to an STP
switch, the port will automatically transit to operate in STP-compatible mode. However,
when the STP switch is removed, the port stays in STP-compatible mode and cannot
automatically transit back to MSTP mode. In this case, you can perform mCheck
operation to transit the port to MSTP mode by force.
For the related command, see stp mcheck, stp mode.
Example
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
force-true: Indicates the Ethernet port connected to a point-to-point link.
force-false: Indicates the Ethernet port not connected to a point-to-point link.
auto: Configure to automatically check if the link to the Ethernet port is a point-to-point
link.
1-23
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Description
Using stp interface point-to-point command, you can configure a port (not) to be
connected to a point-to-point link in system view. Using undo stp interface
point-to-point command, you can restore the default state of the link to the Ethernet
port.
By default, the parameter defaults to auto, that is, MSTP checks if the link to the
Ethernet port is a point-to-point link.
The port state can’t be rapidly transited if the port doesn’t connected with the
point-to-point link.
The master ports of the link aggregation and the ports operating in full-duplex mode are
connected to the point-to-point link. You are recommended to keep the default settings
and let MSTP detect the link state automatically.
This configuration takes effect on the CIST and all the MSTIs. The settings of a port
whether to connect the point-to-point link will be applied to all the STIs where the port
belongs. Note that a temporary loop may be redistributed if you configure a port not
physically connected with the point-to-point link as connected to such a link by force.
For the related command, see stp point-to-point.
Example
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
1-24
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Description
Using stp interface root-protection command, you can enable Root protection on the
switch in system view. Using undo stp interface root-protection command, you can
restore the default Root protection state.
By default, Root protection is disabled.
In case of configuration error or malicious attack, the legal primary root may receive the
BPDU with a higher priority and then loose its place, which causes network topology
change errors. Due to the illegal change, the traffic supposed to travel over the
high-speed link may be pulled to the low-speed link and congestion will occur on the
network.
Root protection function is used against such problem. The port configured with Root
protection only plays a role of designated port on every instance. Whenever such port
receives a higher-priority BPDU, that is, it is about to turn into non-designated port, it
will be set to listening state and not forward packets any more (as if the link to the port is
disconnected). If the port has not received any higher-priority BPDU for a certain period
of time thereafter, it will resume the normal state.
For the related command, see stp root-protection.
Example
Syntax
View
System view
Parameter
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
1-25
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255
(expressed as a counter value without any units). By default, the transmission limit on
every port is 3.
Description
Using stp interface transit-limit command, you can configure an amount limit to the
configuration BPDU transmitted via a port during the Hello Time in system view. Using
undo stp interface transit-limit command, you can restore the default limit in system
view.
The larger the value is, the more packets can be transmitted in a time unit, yet the more
switch resources will be occupied. With a moderate value, the amount of the BPDUs
transmitted during Hello Time via every port can be limited and MSTP will not occupy
too many bandwidth resources when the network topology flaps.
For the related command, see stp transit-limit.
Example
# Set a limit of 5 to the packets transmitted via Ethernet 0/3 in system view.
[Quidway] stp interface ethernet 0/3 transit-limit 5
Syntax
stp loop-protection
undo stp loop-protection
View
Parameter
None
Description
Using stp loop-protection command, you can enable loop protection function. Using
undo stp loop-protection command, you can restore the restore setting.
By default, the loop protection function is not enabled.
Example
1-26
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Syntax
View
System view
Parameter
hop: Specifies the max hops, ranging from 1 to 40. By default, MST region Max Hops is
20.
Description
Using stp max-hops command, you can configure the Max Hops of an MST region.
Using undo stp max-hops command, you can restore the default Max Hops.
On CIST and MSTIs, the Max Hops configured on the region root determines the max
switching network diameter supported by the local MST region. As the BPDU traveling
from the spanning tree root, each time when it is forwarded by a switch, the max hops
will be reduced by 1. The switch discards the configuration BPDU with 0 hops left,
thereby limiting the network scale inside the region. If the current switch is a CIST root
bridge or MSTI root bridge in an MST region, the Max Hops configured on it will be the
network diameter of the spanning tree to limit its scale in the local MST region. The Max
Hops configured on the root bridge in an MST region will be adopted by other switches
in the same region.
Example
Syntax
stp mcheck
View
Parameter
None
1-27
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Description
Using stp mcheck command, you can perform mcheck on the current port.
If a port of an MSTP switch on a switching network has ever been connected to an STP
switch, the port will automatically transit to operate in STP-compatible mode. However,
when the STP switch is removed, the port stays in STP-compatible mode and cannot
automatically transit back to MSTP mode. In this case, you can perform mCheck
operation to transit the port to MSTP mode by force.
For the related command, see stp mode, stp interface mcheck.
Example
Syntax
View
System view
Parameter
Description
Using stp mode command, you can configure MSTP operation mode of the switch.
Using undo stp mode command, you can restore the default MSTP operation mode.
By default, switch work in MSTP mode
MSTP and RSTP are compatible and they can recognize the packets of each other.
However, STP cannot recognize MSTP packets. To implement the compatibility, MSTP
provides two operation modes, STP-compatible mode and MSTP mode. In
STP-compatible mode, the switch sends STP BPDU packets via every port and serves
as a region itself. In MSTP mode, the switch ports send MSTP BPDU packets (when
connected to the STP switch) and the switch provides multiple spanning tree function.
For the related command, see stp mcheck, stp, stp interface, stp interface mcheck.
1-28
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Example
Syntax
View
Parameter
Description
Using stp point-to-point command, you can configure the current Ethernet port (not)
to connect with point-to-point link. Using undo stp point-to-point command, you can
configure the link state to the default state in which MSTP automatically detects if the
link to the Ethernet port is point-to-point link.
By default, switch adopts auto mode.
The port state can’t be rapidly transited if the port doesn’t connected with the
point-to-point link.
The master ports of the link aggregation and the ports operating in full-duplex mode are
connected to the point-to-point link. You are recommended to keep the default settings
and let MSTP detect the link state automatically.
This configuration takes effect on the CIST and all the MSTIs. The settings of a port
whether to connect the point-to-point link will be applied to all the STIs where the port
belongs. Note that a temporary loop may be redistributed if you configure a port not
physically connected with the point-to-point link as connected to such a link by force.
For the related command, see stp interface point-to-point.
Example
1-29
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Syntax
stp region-configuration
undo stp region-configuration
View
System view
Parameter
None
Description
Using stp region-configuration command, you can enter MST region view. Using
undo stp region-configuration command, you can restore the default MSTP region
configurations.
By default, the three MST region parameters take the default values. The MST region
name of the switch is the first MAC address, all the VLANs are mapped to CIST, and
MSTP revision level takes 0.
You can enter MST region view, using the stp region-configuration command. And
then you can configure the parameters including region name, revision level, and VLAN
mapping table of the region.
Example
Syntax
stp root-protection
undo stp root-protection
View
Parameter
None
1-30
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Description
Using stp root-protection command, you can enable on Root protection the switch.
Using undo stp root-protection command, you can restore the default state of Root
protection.
By default, Root protection is disabled.
In case of configuration error or malicious attack, the legal primary root may receive the
BPDU with a higher priority and then loose its place, which causes network topology
change errors. Due to the illegal change, the traffic supposed to travel over the
high-speed link may be pulled to the low-speed link and congestion will occur on the
network.
MSTP provides Root protection function to protect the root bridge: The port configured
with Root protection only plays a role of designated port on every instance. Whenever
such port receives a higher-priority BPDU, it will be set to listening state and not forward
packets any more (as if the link to the port is disconnected). If the port has not received
any higher-priority BPDU for a certain period of time thereafter, it will resume the normal
state.
For the related command, see stp interface root-protection.
Example
Syntax
View
System view
Parameter
None
Description
Using the stp tc-protection enable command, you can enable the protection function
from being attacked by TC-BPDU packets on the switch. Using the stp tc-protection
disable command, you can disable the protection function.
By default, the protection from TC-BPDU packet attack is enabled.
1-31
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
As a general rule, the switch deletes the corresponding entries in the MAC address
table and ARP table upon receiving TC-BPDU packets. When under malicious attacks
of TC-BPDU packets, the switch shall receive a great number of TC-BPDU packets in a
very short period. Too frequent delete operations shall consume huge switch sources
and bring great risk to network stability.
When the protection from TC-BPDU packet attack is enabled, the switch just perform
one delete operation in a specified period after receiving TC-BPDU packets, as well as
monitoring whether it receives TC-BPDU packets during this period. Even if it detects a
TC-BPDU packet is received in a period shorter than the specified interval, the switch
shall not run the delete operation till the specified interval is reached. This can avoid
frequent delete operations to the MAC address table and ARP table.
Example
Syntax
View
System view
Parameter
centi-senconds: Specifies Forward Delay, ranging from 400 to 3000 and measured in
centiseconds. By default, the Forward Delay of the switch is 1500 centiseconds.
Description
Using stp timer forward-delay command, you can configure Forward Delay for the
switch. Using undo stp timer forward-delay command, you can restore the default
Forward Delay .
To avoid temporary loop, MSTP defines a medium state, Learning, when the port
switches from the Discarding state to Forwarding state. There is also a delay before
state switchover to guarantee the synchronous switchover with the remote switch. The
Forward Delay configured on the root bridge determines the state transition time.
The root bridge will determine the state transition time according to the configured
values, while the other switches will apply the forward delay configured on it.
When configuring Hello time, Forward Delay and Max Age, please guarantee the
following equations:
1-32
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Example
Syntax
View
System view
Parameter
centi-senconds: Specifies Hello Time value with an integer in the range of 100 to 1000
in units of centiseconds. By default, the Hello Time of the switch is 200 centiseconds.
Description
Using stp timer hello command, you can configure Hello Time of the switch. Using
undo stp timer hello command, you can restore the default Hello Time.
The STP defines to transmit configuration BPDU regularly at an interval specified with
Hello Time to keep the spanning tree stable. If the switch receives no BPDU packets
for a period of time, it will recalculate the spanning tree upon the BPDU timeouts. The
root bridge transmits BPDU packets at an interval as you configured, while other
switches apply the Hello Time configured on the root bridge.
When configuring Hello time, Forward Delay and Max Age, remember to guarantee the
following equations:
2 * (Forward Delay -1.0 seconds) >= Max Age
Max Age >= 2 * (Hello Time + 1.0 seconds)
1-33
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Only if the above-mentioned formulas are equal can the MSTP normally operate on the
entire network, otherwise, the network may flap frequently. You are recommended to
use the stp root primary command to specify the diameter of the switching network,
so that MSTP can automatically calculate and give the moderate values for the time
parameters.
For the related command, see stp timer forward-delay, stp timer max-age, stp
bridge-diameter.
Example
Syntax
View
System view
Parameter
centiseconds: Specifies the Max Age, ranging from 600 to 4000 and measured with
centiseconds. By default, the Max Age of the switch is 2000 centiseconds.
Description
Using stp timer max-age command, you can configure the Max Age of the switch.
Using undo stp timer max-age command, you can restore the default Max Age.
MSTP can detect the link fault and automatically resume the forwarding state of the
redundant link. On the CIST, the switch checks if the configuration BPDU received via
the port expires according to the Max Age. If the BPDU expires, the STI has to be
calculated again.
Max Age takes no effect on MSTIs. If the current switch is CIST root bridge, it will check
if the configuration BPDU expires according to the configured Max Age. Otherwise, the
switch adopts the Max Age configured on the CIST root bridge.
When you configure Hello time, Forward Delay and Max Age, ensure the following
formulas equal:
2 * (Forward Delay -1.0 seconds) >= Max Age
Max Age >= 2 * (Hello Time + 1.0 seconds)
1-34
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Only if the above-mentioned formulas are equal can the MSTP normally operate on the
entire network, otherwise, the network may flap frequently. You are recommended to
use the stp root primary command to specify the diameter of the switching network,
so that MSTP can automatically calculate and give the moderate values for the time
parameters.
For the related command, see stp timer forward-delay, stp timer hello, stp
bridge-diameter.
Example
Syntax
View
Parameter
packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255
(expressed as a counter value without any units). By default, the value is 3.
Description
Using stp transit-limit command, you can configure an amount limit to the
configuration BPDU transmitted via a port during the Hello Time. Using undo stp
transit-limit command, you can restore the default limit.
The larger the value is, the more packets can be transmitted in a time unit, yet the more
switch resources will be occupied. With a moderate value, the amount of the BPDUs
transmitted during Hello Time via every port can be limited and MSTP will not occupy
too many bandwidth resources when the network topology flaps.
For the related command, see stp interface transit-limit.
Example
1-35
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Syntax
View
Parameter
Description
Using vlan-mapping modulo command, you can map a VLAN list to an STI.
By default, all the VLANs are mapped to CIST, namely Instance 0.
MSTP describes the association between VLANs and STIs with the VLAN mapping
table. You can use this command to configure this table. Every VLAN can be mapped to
an STI as per your configuration.
A VLAN cannot be mapped to different MSTI at the same time. The latter configured
association will replace the former one.
The vlan-mapping modulo modulo command designates VLAN for every STI fast. It
maps the VLAN to an STI whose ID is (VLAN ID-1)%modulo+1. (Note: (VLAN ID-1)
%modulo performs modulo operation on (VLAN ID-1). Taking the operation modulo 16
as an example, vlan 1 maps to MSTI 1, vlan 2 maps to MSTI2 ...vlan 16 maps to
MSTI16, vlan 17 maps to MSTI 1, and so on.)
For the related command, see region-name, revision-level, display configuration,
active configuration, .
Example
1-36
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 2 BPDU TUNNEL Configuration Commands
Note:
S3552G/S3552P/S3552F/S3528G/S3528P support BPDU TUNNEL.
Syntax
vlan-vpn tunnel
undo vlan-vpn tunnel
View
System view
Parameter
None
Description
Use the vlan-vpn tunnel command to enable bridge protocol data unit (BPDU) Tunnel
on the switch.
Use the undo vlan-vpn tunnel command to disable BPDU Tunnel on the switch.
BPDU Tunnel enables geographically segmented user network to transmit BPDU
packets transparently over the specified VLAN VPN on the operator’s network. This
allows the user network to participate in a uniform spanning tree calculation while
maintaining a separate spanning tree from the operator network.
By default, BPDU Tunnel is disabled.
Example
2-1
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 3 Digest Snooping Configuration Commands
Syntax
stp config-digest-snooping
undo stp config-digest-snooping
View
Parameter
None
Description
Using the stp config-digest-snooping command, you can enable digest snooping.
Using the undo stp config-digest-snooping command, you can disable digest
snooping.
Digest snooping is disabled by default.
According to IEEE 802.1s, two connected switches can communicate through MSTIs
(multiple spanning tree instances) in a MSTP (multiple spanning tree protocol) domain
only when they are configured with the same domain settings. With MSTP employed,
interconnected switches determine whether or not they are in the same domain by
checking the configuration IDs of the BPDUs between them. (Configuration ID
comprises information such as domain ID and configuration digest.)
As some switches come with some proprietary protocols concerning STP employed,
they cannot communicate with other switches in MSTP domains even both of them are
configured with the same domain configuration settings.
This can be overcome by implementing digest snooping. Digest snooping enables a
switch to track and maintain configuration digests of other switches that are in the same
domain by examining their BPDUs and insert corresponding configuration digests in its
BPDUs destined for these switches, through which switches of different type are
capable of communicating with each other in a MSTP domain.
3-1
Command Manual - STP
Quidway S3500 Series Ethernet Switches Chapter 3 Digest Snooping Configuration Commands
Note:
z You must enable digest snooping on an interface first before enabling it globally.
z Digest snooping is unnecessay if the interconnected switches are from the same
vendor.
z To enable digest snooping, the interconneted switches must be configured with the
same settings.
z To enable digest snooping, all interfaces in a MSTP domain used to connect other
switches must have digest snooping enabled.
z Do not enable digest snooping on border interfaces of a MSTP domain.
z To change domain configuration, be sure to disable digest snooping first to prevent
broadcast storm.
Example
3-2
HUAWEI
Security
Table of Contents
i
Command Manual - Security
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - Security
Quidway S3500 Series Ethernet Switches Table of Contents
iii
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display dot1x command, you can view the relevant information of 802.1x,
including configuration information, running state (session connection information) and
relevant statistics information.
By default, all the relevant 802.1x information about each interface will be displayed.
This command can be used to display the following information on the specified
interface: 802.1x configuration, state or statistics. If no port is specified when executing
this command, the system will display all 802.1x related information. For example,
802.1x configuration of all ports, 802.1x session connection information, and 802.1x
data statistical information. The output information of this command can help the user
to verify the current 802.1x configurations so as to troubleshoot 802.1x .
For the related commands, see reset dot1x statistics, dot1x, dot1x retry, dot1x
max-user, dot1x port-control, dot1x port-method, dot1x timer.
1-1
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Example
Ethernet0/1 is link-down
802.1X protocol is disabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Version-Check is disabled
The port is a(n) authenticator
Authenticate Mode is auto
Port Control Type is Mac-based
ReAuthenticate is disabled
Max on-line user number is 256
… (Omitted)
1.1.2 dot1x
Syntax
View
1-2
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Parameter
interface interface-list: Ethernet port list including several Ethernet ports. interface-list
= { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single
Ethernet port in the format interface-num = { interface-type interface-num |
interface-name }, where interface-type specifies the port type, interface-num specifies
the port number and interface-name specifies the port name. For the respective
meanings and value ranges, read the Parameter of the Port Configuration section.
Description
Using dot1x command, you can enable 802.1x on the specified port or globally (i.e., on
the current device). Using undo dot1x command, you can disable the 802.1x on the
specified port or globally.
By default, 802.1x is disabled on all the ports and globally on the device.
This command is used to enable the 802.1x on the current device or on the specified
port. When it is used in system view, if the parameter ports-list is not specified, 802.1x
will be globally enabled. If the parameter ports-list is specified, 802.1x will be enabled
on the specified port. When this command is used in Ethernet port view, the parameter
interface-list cannot be input and 802.1x can only be enabled on the current port.
The configuration command can be used to configure the global or port 802.1x
performance parameters before or after 802.1x is enabled. Before 802.1x is enabled
globally, if the parameters are not configured globally or for a specified port, they will
maintain the default values.
After the global 802.1x performance is enabled, only when port 802.1x performance is
enabled will the configuration of 802.1x become effective on the port.
For the related commands, see display dot1x.
Example
Syntax
For S3552G, S3552P, S3528G, S3528P, S3526E, S3526E FM, S3526E FS and
S3526C:
dot1x authentication-method { chap | pap | eap }
undo dot1x authentication-method
1-3
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
View
System view
Parameter
Description
Note:
For EAP authentication, the S3552G, S3552P, S3528G, S3528P, S3526E, S3526E
FM, S3526E FS and S3526C switches support the PEAP, EAP-TLS, and EAP-MD5
authentication. To enable any of the three, you just need to enable the EAP
authentication. However, the S3526, S3526 FM, and S3526 FS switches support
EAP-MD5 authentication only.
Please note: To realize PAP, CHAP or EAP authentication, RADIUS server should
support PAP, CHAP or EAP authentication respectively.
For the related command, see display dot1x.
1-4
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Example
Syntax
dot1x dhcp-launch
undo dot1x dhcp-launch
View
System view
Parameter
None
Description
Using dot1x dhcp-launch command, you can set 802.1x to disable the switch to
trigger the user ID authentication over the users who configure static IP addresses in
DHCP environment. Using undo dot1x dhcp-launch command, you can set 802.1x to
enable the switch to trigger the authentication over them.
By default, the switch can trigger the user ID authentication over the users who
configure static IP addresses in DHCP environment.
For the related command, see dot1x.
Example
# Disable the switch to trigger the authentication over the users who configure static IP
addresses in DHCP environment.
[Quidway] dot1x dhcp-launch
Syntax
View
1-5
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Parameter
Description
Using the dot1x guest-vlan command, you can enable the Guest VLAN function on
specified port. Using the undo dot1x guest-vlan command, you can disable this
function.
When you execute this command in system view, if you do not input the interface-list
parameter, it means that to enable Guest VLAN on all ports; if you specify this
parameter, it means that to enable Guest VLAN on the specified port.
When you execute this command in Ethernet port view, you can only enable Guest
VLAN on the current port, and the interface-list parameter cannot be input.
Note the following:
z Guest VLAN is only supported in the port-based authentication mode.
z A switch only can be configured with one Guest VLAN.
z Users who skip the authentication, fail in the authentication or get offline belong to
the Guest VLAN.
z If dot1x dhcp-launch is configured on the switch, the Guest VLAN function
cannot be implemented because the switch does not send active authentication
packet in this mode.
z Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P,
S3526E, S3526E FM, S3526E FS and S3526C support Guest VLAN, and S3526,
S3526 FM and S3526 FS don’t.
Example
Syntax
1-6
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
View
Parameter
user-number: Specifies the limit to the amount of supplicants on the port, ranging from 1
to 256.
By default, the maximum user number is 256.
interface interface-list: Ethernet interface list including several Ethernet interfaces,
expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num specifies a single Ethernet interface in the format interface-num =
{ interface-type interface-num | interface-name }, where interface-type specifies the
interface type, interface-num specifies the interface number and interface-name
specifies the interface name. For the respective meanings and value ranges, read the
Parameter of the Port Command Manual section.
Description
Using dot1x max-user command, you can configure a limit to the amount of
supplicants on the specified interface of 802.1x. Using undo dot1x max-user
command, you can restore the default value.
This command is used for setting a limit to the amount of supplicants that 802.1x can
hold on the specified interface. This command has effect on the interface specified by
the parameter interface-list when executed in system view. It has effect on all the
interfaces when no interface is specified. The parameter interface-list cannot be input
when the command is executed in Ethernet Port view and it has effect only on the
current interface.
For the related commands, see display dot1x.
Example
Syntax
View
1-7
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Parameter
auto: Automatic identification mode, configuring the initial state of the interface as
unauthorized. The user is only allowed to receive or transmit EAPoL packets but not to
access the network resources. If the user passes the authentication flow, the interface
will switch over to the authorized state and then the user is allowed to access the
network resources. This is the most common case.
authorized-force: Forced authorized mode, configuring the interface to always stay in
authorized state and the user is allowed to access the network resources without
authentication/authorization.
unauthorized-force: Forced unauthorized mode, configuring the interface to always
stay in non-authorized mode and the user is not allowed to access the network
resources.
interface interface-list: Ethernet interface list including several Ethernet interfaces,
expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num specifies a single Ethernet interface in the format interface-num =
{ interface-type interface-num | interface-name }, where interface-type specifies the
interface type, interface-num specifies the interface number and interface-name
specifies the interface name. For the respective meanings and value ranges, read the
Parameter of the Port Command Manual section.
Description
Using dot1x port-control command, you can configure the mode for 802.1x to perform
access control on the specified interface. Using undo dot1x port-control command,
you can restore the default access control mode.
By default, the value is auto.
This command is used to set the mode, or the interface state, for 802.1x to perform
access control on the specified interface. This command has effect on the interface
specified by the parameter interface-list when executed in system view. It has effect on
all the interfaces when no interface is specified. The parameter interface-list cannot be
input when the command is executed in Ethernet port view and it has effect only on the
current interface.
For the related commands, see display dot1x.
Example
1-8
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Syntax
View
Parameter
Description
Using dot1x port-method command, you can configure the base for 802.1x to perform
access control on the specified interface. Using undo dot1x port-method command,
you can restore the default access control base.
By default, the value is macbased.
This command is used to set the base for 802.1x to perform access control, namely
authenticate the users, on the specified interface. When macbased is adopted, the
user access this interface must be authenticated independently, and if one successful
authentication user is to finish network service, the other accessed users can still use
network service. When portbased is adopted, if only the first access user by this
interface can be authenticated successfully, the other access users followed can be
considered authenticated successfully automatically ,but if the first one finish the
network service , the other accessed users’ network service will be rejected . .
This command has effect on the interface specified by the parameter interface-list
when executed in system view. It has effect on all the interfaces when no interface is
specified. The parameter interface-list cannot be input when the command is executed
in Ethernet Port view and it has effect only on the current interface.
For the related commands, see display dot1x.
1-9
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Example
Command
dot1x quiet-period
undo dot1x quiet-period
View
System view
Parameter
None
Description
Using dot1x quiet-period command, you can enable the quiet-period timer. Using
undo dot1x quiet-period command, you can disable this timer.
If an 802.1x user has not passed the authentication, the Authenticator will keep quiet for
a while (which is specified by quiet-period timer) before launching the authentication
again. During the quiet period, the Authenticator does not do anything related to 802.1x
authentication.
By default, quiet-period timer is disabled.
For the related commands, see display dot1x , dot1x timer.
Example
Syntax
View
1-10
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Parameter
Description
Using the dot1x re-authenticate command, you can enable 802.1x re-authentication
on a specific port or all the authenticator ports on a device.
Using the undo dot1x re-authenticate command, you can disable 802.1x
re-authentication on a specific port or all the authenticator ports on a device.
By default, 802.1x re-authentication is disabled on all ports.
In system view, if the interface-list parameter is not specified, it means that to enable
the 802.1x re-authentication feature on all interfaces; if the interface-list parameter is
specified, it means that to enable the feature on the specified interfaces. In Ethernet
port view, the interface-list parameter cannot be specified, and you can use command
only to enable the feature on the current interface.
Before configuring 802.1x re-authentication feature on a port, you must enable the
feature both globally and on this port.
Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E,
S3526E FM, S3526E FS and S3526C support this command, and S3526, S3526 FM
and S3526 FS don’t.
Example
Syntax
View
System view
Parameter
max-retry-value: Specifies the maximum times an Ethernet switch can retransmit the
authentication request frame to the supplicant, ranging from 1 to 10. By default, the
1-11
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
value is 3, that is, the switch can retransmit the authentication request frame to the
supplicant for 3 times.
Description
Using dot1x retry command, you can configure the maximum times an Ethernet switch
can retransmit the authentication request frame to the supplicant. Using undo dot1x
retry command, you can restore the default maximum retransmission time.
After the switch has transmitted authentication request frame to the user for the first
time, if no user response is received during the specified time-range, the switch will
re-transmit authentication request to the user. This command is used for specifying
how many times the switch can re-transmit the authentication request frame to the
supplicant. When the time is 1, the switch is configured to transmit authentication
request frame only once. 2 indicates that the switch is configured to transmit
authentication request frame once again when no response is received for the first time
and so on. This command has effect on all the port after configuration.
For the related commands, see display dot1x.
Example
# Configure the current device to transmit authentication request frame to the user for
no more than 9 times.
[Quidway] dot1x retry 9
Syntax
View
System view
Parameter
max-retry-version-value: The maximum retry times for a device to send the version
request frame to an access user. The value ranges form 1 to 10, and defaults to 3.
Description
Using the dot1x retry-version-max command, you can set the maximum retry times
for an Ethernet switch to send version request frame to an access user. Using the undo
dot1x retry-version-max command, you can return the value to the defaults.
After sending client version request frame for the first time, if the switch receives no
response from the client response within a certain period of time (set by the version
1-12
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
authentication timeout timer), it resends version request again. When the switch
receives no response for the configured maximum times, it no longer authenticates the
version of the client, and perform the following authentications. If configured, this
command functions on all ports that enabled version authentication function.
Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E,
S3526E FM, S3526E FS and S3526C support this function, and S3526, S3526 FM and
S3526 FS don’t.
See display dot1x and dot1x timer for related configuration.
Example
# Configure the switch to send version request frame to an access user 6 times at the
most.
[Quidway] dot1x retry-version-max 6
Syntax
View
Parameter
logoff: Cuts network connection to a user upon detecting the use of proxy.
trap: Sends trap message upon detecting a user using proxy to access the switch.
interface interface-list: Ethernet interface list including several Ethernet interfaces,
expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num specifies a single Ethernet interface in the format interface-num =
{ interface-type interface-num | interface-name }, where interface-type specifies the
interface type, interface-num specifies the interface number and interface-name
specifies the interface name. For the respective meanings and value ranges, read the
Parameter of the Port Command Manual section.
Description
Using dot1x supp-proxy-check command, you can configure the control method for
802.1x access users via proxy logon the specified interface. Using undo dot1x
supp-proxy-check command, you can cancel the control method set for the 802.1x
access users via proxy.
1-13
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Note that when performing this function, the user logging on via proxy need to run
Huawei 802.1x client program,( Huawei 802.1x client program version V1.29 or above
is needed).
This command is used to set on the specified interface when executed in system view.
The parameter interface-list cannot be input when the command is executed in
Ethernet Port view and it has effect only on the current interface. After globally enabling
proxy user detection and control in system view, only if you enable this feature on a
specific port can this configuration take effects on the port.
For the related command, see display dot1x.
Example
# Configure the switch cut network connection to a user upon detecting the use of proxy
on Ethernet 0/1 ~ Ethernet 0/8.
[Quidway] dot1x supp-proxy-check logoff
[Quidway] dot1x supp-proxy-check logoff interface Ethernet 0/1 to Ethernet 0/8
# Configure the switch to send trap message upon detecting the use of proxy on
Ethernet 0/9.
[Quidway] dot1x supp-proxy-check trap
[Quidway] dot1x supp-proxy-check trap interface Ethernet 0/9
or
[Quidway] dot1x supp-proxy-check trap
[Quidway] interface Ethernet 0/9
[Quidway-Ethernet0/9] dot1x supp-proxy-check trap
Syntax
View
System view
Parameter
handshake-period: This timer begins after the user has passed the authentication.
After setting handshake-period, system will send the handshake packet by the period.
1-14
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Suppose the dot1x retry time is configured as N, the system will consider the user
having logged off and set the user as logoff state if system doesn’t receive the response
from user for consecutive N times.
handshake-period-value: Handshake period. The value ranges from 1 to 1024 in units
of second and defaults to 15.
quiet-period: Specify the quiet timer. If an 802.1x user has not passed the
authentication, the Authenticator will keep quiet for a while (which is specified by
quiet-period timer) before launching the authentication again. During the quiet period,
the Authenticator does not do anything related to 802.1x authentication.
quiet-period-value: Specify how long the quiet period is. The value ranges from 10 to
120 in units of second and defaults to 60.
server-timeout: Specify the timeout timer of an Authentication Server. If an
Authentication Server has not responded before the specified period expires, the
Authenticator will resend the authentication request.
server-timeout-value: Specify how long the duration of a timeout timer of an
Authentication Server is. The value ranges from 100 to 300 in units of second and
defaults to 100 seconds.
supp-timeout: Specify the authentication timeout timer of a Supplicant. After the
Authenticator sends Request/Challenge request packet which requests the MD5
encrypted text, the supp-timeout timer of the Authenticator begins to run. If the
Supplicant does not respond back successfully within the time range set by this timer,
the Authenticator will resend the above packet.
supp-timeout-value: Specify how long the duration of an authentication timeout timer of
a Supplicant is. The value ranges from 10 to 120 in units of second and defaults to 30.
tx-period: Specify the transmission timeout timer. After the Authenticator sends the
Request/Identity request packet which requests the user name or user name and
password together, the tx-period timer of the Authenticator begins to run. If the
Supplicant does not respond back with authentication reply packet successfully, then
the Authenticator will resend the authentication request packet.
tx-period-value: Specify how long the duration of the transmission timeout timer is. The
value ranges from 10 to 120 in units of second and defaults to 30.
reauth-period: Re-authentication timeout timer. During the time limit set by this timer,
the supplicant device launches 802.1x re-authentication.
reauth-period-value: Period set by the re-authentication timeout timer, ranging from 1 to
86400, in seconds. By default, the value is 3600.
ver-period: Client version request timeout timer. If the supplicant device failed to send
the version response packet within the time set by this timer, then the authenticator
device will resend the version request packet.
1-15
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
ver-period-value: Period set by the version request timeout timer, ranging from 1 to 30,
in seconds. By default, the value is 1.
Description
Using dot1x timer command, you can configure the 802.1x timers. Using undo dot1x
timer command, you can restore the default values.
When it is run, 802.1x enables many timers to control the rational and orderly
interacting of the Supplicant, the Authenticator and the Authenticator Server. This
command can set some of the timers (while other timers cannot be set) to adapt the
interaction process. It could be necessary for some special and hard network
environment. Generally, the user should keep the default values of the timers.
For the related commands, see display dot1x.
Example
Syntax
View
Parameter
Description
Using the dot1x version-check command, you can enable the 802.1x client version
authentication feature on a specific port. Using the undo dot1x version-check
command, you can disable the feature on a specific port.
By default, 802.1x client version authentication feature is disabled on all ports.
In system view, if the interface-list parameter is not specified, it means that to enable
the 802.1x client version authentication feature on all interfaces; if the interface-list
parameter is specified, it means that to enable the feature on the specified interfaces. In
1-16
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Ethernet port view, the interface-list parameter cannot be specified, and you can use
command only to enable the feature on the current interface.
Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E,
S3526E FM, S3526E FS and S3526C support this function, and S3526, S3526 FM and
S3526 FS don’t.
Example
# Configure the port Ethernet 0/1 to detect the version of the 802.1x client when it
receives an authentication packet.
[Quidway-Ethernet0/1] dot1x version-check
Syntax
View
User view
Parameter
interface interface-list: Ethernet port list including several Ethernet ports. interface-list
= { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single
Ethernet port in the format port-num = { interface-type interface-num | interface-name },
where interface-type specifies the port type, interface-num specifies the port number
and interface-name specifies the port name. For the respective meanings and value
ranges, read the Parameter of the Port Configuration section.
Description
Using reset dot1x statistics command, you can reset the statistics of 802.1x.
This command can be used to re-perform statistics if the user wants to delete the
former statistics of 802.1x.
When the original statistics is cleared, if no port type or port number is specified, the
global 802.1x statistics of the switch and 802.1x statistics on all the ports will be cleared.
If the port type and port number are specified, the 802.1x statistics on the specified port
will be cleared.
For the related commands, see display dot1x.
Example
1-17
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Note:
Among Quidway S3500 series Ethernet switches, S3552G, S3552P, S3528G and
S3528P support Portal.
Syntax
View
User view
Parameter
Description
Example
2-1
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Syntax
View
Any view
Parameter
acm statistics: Displays ACM statistics, that is, the statistics of the states related to
authentication, connection and management .
auth-network auth-vlan-id: Displays the authentication network segments.
auth-vlan-id is the ID of the VLAN where the port of a switch is located for an
authenticated user’s cross-segment access.
free-ip: Displays configured authentication-free IP addresses.
free-user: Displays configured authentication-free users.
server server-name: Displays the information about the specified Portal server.
server statistics: Displays the Portal server statistics.
tcp-cheat statistics: Displays TCP spoofing statistics.
ipaddress: Displays the information about a user with the specified IP address.
portIndex: Displays the user information about a specified logic port ID. Logic port 0
corresponds to physical port Ethernet 0/1; logic port 1 to physical port Ethernet 0/2. The
rest may be deduced by analogy.
vlan vlan-id: Displays the information about a user within a VLAN.
Description
Example
2-2
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Free User:
No Free User
Portal Server:
1)pt2:
IP = 192.168.0.200
Key = huawei
Port = 2000
URL = "http://192.168.0.200"
ARP-HandShake:
Interval: 60s Retry Times: 5
VLAN Portal Configuration:
VLAN 3 : Portal Started Portal Server: pt2
Index State MAC IP VLAN Port
Field Description
The operating modes for the Portal server fall into three
categories: direct authentication (the output displays Direct),
Run Method
re-DHCP authentication (the output displays ReDHCP) and
Layer 3 Portal authentication (the output displays Layer3).
Note:
URL = uniform resource locator
HTTP = hypertext transfer protocol
ARP = address resolution protocol
MAC = media access control
2-3
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
DISCOVERED 0
WAIT_AUTH_ACK 0
WAIT_LOGIN_ACK 0
WAIT_ACL_ACK 0
WAIT_NEW_IP 0
ONLINE 0
WAIT_LOGOUT_ACK 0
Message Statistics :
MSG NAME RCV MSG NUM
PT_MSG_AUTH_ACK 0
PT_MSG_LOGIN_ACK 0
PT_MSG_LOGOUT_ACK 0
PT_MSG_LEAVING_ACK 0
PT_MSG_CUT_REQ 0
PT_MSG_MAC_ACK 0
PT_MSG_ACL_ACK 0
PT_MSG_ARPPKT 77
PT_MSG_TMR_AUT 0
PT_MSG_TMR_LGN 0
PT_MSG_TMR_LGT 0
PT_MSG_TMR_LEV 0
PT_MSG_TMR_HDS 85249
PT_MSG_ARP_FAIL 0
PT_MSG_TMR_ACL 0
PT_MSG_TMR_MAC 0
PT_MSG_TMR_NIP 0
ERROR Statistics:
MEM Error: 0 RCV MSG ERR: 0 SND MSG ERR: 0
Table 2-2 Description on the fields of the display portal acm statistics command
Field Description
ACM Statistics ACM statistics
Timeout waiting for MAC address acknowledgement.
WAIT_MAC_ACK
For Layer 3 Portal authentication, it is 0.
2-4
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Field Description
ONLINE The number of online users
WAIT_LOGOUT_ACK Timeout waiting for logout acknowledgement
PT_MSG_AUTH_ACK Authentication acknowledgement message
PT_MSG_LOGIN_ACK Login acknowledgement message
PT_MSG_LOGOUT_ACK Logout acknowledgement message
PT_MSG_LEAVING_ACK Leaving acknowledgement message
PT_MSG_CUT_REQ Force users to logout
MAC acknowledgement messages. For Layer 3
PT_MSG_MAC_ACK
Portal authentication, it is 0.
Note:
ACL = access control list
2.1.3 portal
Syntax
portal server-name
2-5
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
undo portal
View
Parameter
Description
Example
Syntax
View
System view
Parameter
interval: ARP handshake time interval, in the range of 10 to 180. The unit is second,
and the step length is 10. By default, it is 60 seconds.
retry-times: Maximum number of retries for ARP handshaking, in the range of 3 to 10.
By default, it is 5.
Description
Use the portal arp-handshake command to configure time interval and maximum
times of retries for ARP handshaking between a Portal switch and a host.
2-6
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Use the undo portal arp-handshake command to restore the default values.
When the direct authentication or re-DHCP authentication is adopted, a switch
handshakes with the host (user PC) passing the Portal authentication through ARP
packets. The switch sends periodically ARP packets at the specified time interval. If the
retry times exceed the allowed maximum number of retries and the user PC does not
give a response, the switch assumes abnormal handshake, disconnects from the user
PC, and notifies the Portal server.
This command is invalid for Layer 3 Portal authentication.
Example
# Set the time interval for the switch to handshake with the host to 120 seconds, and
the allowed maximum retry times to 6.
[Quidway] portal arp-handshake interval 120 retry-times 6
Syntax
View
System view
Parameter
Description
Example
2-7
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Syntax
View
System view
Parameter
Description
Use the portal delete-user command to delete a Portal user with a specified IP
address.
Example
Syntax
View
System view
Parameter
Description
Use the portal free-ip command to specify free IP address for Portal.
Use the undo portal free-ip command to delete the free IP address.
By default, no free IP address is configured.
You can configure the IP address of the free access network site provided by an
Internet service provider (ISP) as a free IP address. All users can access these free IP
addresses without restriction.
You can configure up to 8 free IP addresses for the system. The Portal server uses
automatically a free IP address.
2-8
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Example
Syntax
View
System view
Parameter
Description
2-9
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Caution:
Example
Syntax
View
System view
Parameter
Description
Use the portal method command to specify authentication mode for Portal.
Use the undo portal method command to restore the default authentication mode.
By default, direct authentication is selected.
Example
2-10
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Syntax
portal server server-name { ip ip-address | key key-string | port port | url url-string } *
undo portal server server-name [ key | port | url ]
View
System view
Parameter
Description
Use the portal server command to initiate or modify Portal server configuration.
Use the undo portal server command to delete a specified Portal server or restore the
default configuration for a specified Portal server.
Caution:
2-11
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Example
Syntax
View
System view
Parameter
Description
Use the portal upload command to configure uplink port of Portal rate limitation.
Use the undo portal upload command to disable Portal rate limitation.
By default, Portal rate limitation is disabled.
Portal restriction works together with the bandwidth restriction service provided by
CAMS servers. The bandwidth restriction service refers to the specified bandwidth
available for Portal users when you configure the service available for users on CAMS
servers.
Portal rate limitation works on this principle: After receiving the rule to restrict Portal
users’ bandwidth from the CAMS servers, switches restrict traffic on the uplink ports
specified by the portal upload command. That is, the switches control the Portal users’
uplink rate. An uplink refers to the port by which a switch connects to an uplink network
device.
Example
# Configure the uplink port with Portal rate limitation as ethernet 0/1.
[Quidway] portal upload interface ethernet 0/1
2-12
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Syntax
View
User view
Parameter
acm: Clears Portal ACM statistics, that is, clear the information about authentication,
connection and management.
server: Clears Portal server statistics.
tcp-cheat: Clears TCP spoofing statistics.
Description
Example
2-13
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Syntax
View
Parameter
Description
Using access-limit command, you can configure a limit to the amount of supplicants in
the current ISP domain. Using undo access-limit command, you can restore the limit
to the default setting.
By default, there is no limit to the amount of supplicants in the current ISP domain.
The access-limit command limits the amount of supplicants contained in the current
ISP domain. The supplicants may contend for the network resources. So setting a
suitable limit to the amount will guarantee the reliable performance for the existing
supplicants.
Example
# Set a limit of 500 supplicants for the ISP domain named huawei163.net.
[Quidway-isp-huawei163.net] access-limit enable 500
3-1
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
3.1.2 attribute
Syntax
View
Parameter
Description
Using attribute command, you can configure some attributes for specified local user.
Using undo attribute command, you can cancel the attributes that have been defined
for this local user.
It should be noted that the argument nas-ip must be defined for a user bound with a
remote port, which is unnecessary, however, in the event of a user bound with a local
port.
For the related command, see display local-user.
3-2
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Example
Syntax
View
System view
Parameter
3-3
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
only be used once in one username. The pure username (the part before @, namely
the user ID) cannot exceed 55 characters.
Description
Using cut connection command, you can disconnect a user or a category of users by
force.
For the related command, see display connection.
Example
Syntax
View
Any view
Parameter
3-4
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Using display connection command, you can view the relevant information of all the
supplicants or the specified one(s). The output can help you with the user connection
diagnosis and troubleshooting.
If no parameter is specified, this command displays the related information about all
connected users.
For the related command, see cut connection.
Example
Syntax
View
Any view
Parameter
isp-name: Specifies the ISP domain name, with a character string not exceeding 24
characters. The specified ISP domain shall have been created.
Description
Using display domain command, you can view the configuration of a specified ISP
domain or display the summary information of all ISP domains.
This command is used to output the configuration of a specified ISP domain or display
the summary information of all ISP domains. If an ISP domain is specified, the
configuration information will be displayed exactly the same, concerning the content
and format, as the displayed information of the display domain command. The output
information can help with ISP domain diagnosis and troubleshooting. Note that the
accounting scheme to be displayed should have been created.
3-5
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
For the related commands, see access-limit, domain, radius scheme, state, display
domain.
Example
Syntax
View
Any view
Parameter
domain isp-name: Configures to display all the local users in the specified ISP domain.
isp-name specifies the ISP domain name with a character string not exceeding 24
characters. The specified ISP domain shall have been created.
idle-cut: Configures to display the local users according to the state of idle-cut function.
disable means that the user disables the idle-cut function and enable means the user
enables the function. This parameter only takes effect on the users configured as
lan-access type. For other types of users, the display local-user idle-cut enable and
display local-user idle-cut disable commands will not display any information.
service-type: Configures to display local user of a specified type. telnet means that:
the specified user type is telnet. ftp means that: the specified user type is ftp.
lan-access means that the specified user type is lan-access which mainly refers to
Ethernet accessing users, 802.1x supplicants for example. ssh means that: the
specified user type is SSH. (S3526, S3526 FM and S3526 FS switches don’t support
SSH.)
3-6
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
state { active | block } Configures to display the local users in the specified state.
active means that the system allows the user requesting network service and block
means the system does not allow the user requesting network service.
user-name user-name : Configures to display a user specified with user-name .
user-name is the argument specifying the username. It is a character string not
exceeding 80 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can
only be used once in one username. The pure username (the part before @, namely
the user ID) cannot exceed 55 characters.
vlan vlanid: Configures to display the users belonged to specified VLAN. vlanid is the
integer, ranging from 1 to 4094.
Description
Using display local-user command, you can view the relevant information of all the
local users or the specified one(s).
This command displays the relevant information about a specified or all the local users.
The output can help you with the fault diagnosis and troubleshooting related to local
user.
For the related command, see local-user.
Example
Field Description
State The state of the user
Idle-Cut The state of the idle-cut switch
Access-Limit The limit to the number of access users.
Bind location Indicates whether the port is bound with or not
3-7
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Field Description
VLAN ID The ID of the VLAN to which the user belongs
IP address The IP address of the user
MAC address The MAC address of the user
FTP Directory The directory authorized to FTP users
3.1.7 domain
Syntax
View
System view
Parameter
isp-name: Specifies an ISP domain name. The name is expressed with a character
string not exceeding 24 characters, excluding “/”, “: ”, “*”, “? ”, “<”, and “>”.
default enable isp-name: Enables the default ISP domain specified by isp-name.
default disable: Restores the default ISP domain to system.
Description
Using domain command, you can configure an ISP domain or enter the view of an
existing ISP domain. Using undo domain command, you can cancel a specified ISP
domain.
By default, a domain named “system” has been created in the system. The attributes of
“system” are all default values.
ISP domain is a group of users belonging to the same ISP. Generally, for a username in
the userid@isp-name format, taking gw20010608@huawei163.net as an example, the
isp-name (i.e.huawei163.net) following the @ is the ISP domain name. When Quidway
Series Ethernet Switches control user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for identification
and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the application
environment with several ISP domains. In this case, an access device may have
supplicants from different ISP domains. Because the attributes of ISP users, such as
username and password structures, service types, may be different, it is necessary to
separate them by setting ISP domains. In ISP domain view, you can configure a
3-8
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
complete set of exclusive ISP domain attributes for each ISP domain, which includes
AAA schemes ( RADIUS scheme applied and so forth.)
For a switch, each supplicant belongs to an ISP domain. The system supports to
configure up to 16 ISP domains. If a user has not reported its ISP domain name, the
system will put it into the default domain.
When this command is used, if the specified ISP domain does not exist, the system will
create a new ISP domain. All the ISP domains are in the active state when they are
created.
For the related commands, see access-limit, radius scheme, state, display domain.
Example
3.1.8 idle-cut
Syntax
View
Parameter
Description
Using idle-cut command, you can configure the user template in the current ISP
domain.
By default, after an ISP domain is created, this attribute in user template is disable, that
is, the user idle-cut is disabled.
The user template is a set of default user attributes. If a user requesting for the network
service does not have some required attributes, the corresponding attributes in the
template will be endeavored to him as default ones. The user template of the switch
you are using may only provide user idle-cut settings. After a user is authenticated, if
3-9
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
the idle-cut is configured to enable or disable by neither the user nor the RADIUS
server, the user will adopt the idle-cut state in the template.
Because a user template only works in one ISP domain, it is necessary to configure
user template attributes for users from different ISP domain respectively.
For the related command, see domain
Example
# Enable the user in the current ISP domain, huawei163.net, to use the idle-cut attribute
specified in the user template (that is, enabling the user to use the idle-cut function).
The maximum idle time is 50 minutes and the minimum data traffic is 500 bytes.
[Quidway-isp-huawei163.net] idle-cut enable 50 500
3.1.9 local-user
Syntax
local-user user-name
undo local-user { user-name | all [ service-type { telnet | ftp | lan-access | ssh } ] }
View
System view
Parameter
Description
Using local-user command, you can configure a local user and enter the local user
view. Using undo local-user command, you can cancel a specified local user.
By default, no local user.
For the related commands, see display local-user , service-type.
3-10
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Example
Syntax
View
System view
Parameter
cipher-force: Forced cipher mode specifies that the passwords of all the accessed
users must be displayed in cipher text.
auto: The auto mode specifies that a user is allowed to use the password command to
set a password display mode.
Description
Example
3.1.11 messenger
Syntax
3-11
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
View
Parameter
Description
Use the messenger time enable command to enable messenger alert and configure
the related parameters.
Use the messenger time disable command to disable messenger alert.
Use the undo messenger time command to restore messenger alert to default
settings.
By default, the messenger alert is disabled on the switch.
This function allows the clients to inform the online users about their remaining online
time through message alert dialog box.
The implementation of this function is as follows:
z On the switch, use the messenger time enable command to enable this function
and to configure the remaining-online-time threshold (the limit argument) and the
alert message interval.
z If the threshold is reached, the switch sends messages containing the user’s
remaining online time to the client at the interval you configured.
z The client keeps the user informed of the remaining online time through a
message alert dialog box.
Example
# Configure to start the sending of alert messages when the user’s remaining online
time is 30 minutes and send the messages at an interval of five minutes.
[Quidway-isp-system] messenger time enable 30 5
3.1.12 name
Syntax
name string
undo name
3-12
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
View
VLAN view
Parameter
Description
Using name command, you can configure name of the delivered VLAN.
Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E,
S3526E FM, S3526E FS and S3526C support this command, and S3526, S3526 FM
and S3526 FS don’t.
For the related commands, see vlan-assignment-mode.
Example
3.1.13 password
Syntax
View
Parameter
Description
Using password command, you can configure a password for local users. Using undo
password command, you can cancel the specified password.
If local-user password-display-mode cipher-force has been adopted, the user
efforts of using the password command to set the password display mode to simple
text (simple) will render useless.
For the related command, see display local-user.
3-13
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Example
# Set the user huawei1 to display the password in simple text, given the password is
20030422.
[Quidway-luser-huawei1] password simple 20030422
3.1.14 radius-scheme
Syntax
radius-scheme radius-scheme-name
undo radius-scheme
View
Parameter
Description
Using radius-scheme command, you can configure the RADIUS server group used by
the current ISP domain. Using undo radius-scheme command, you can restore the
RADIUS server group used by the current ISP domain to the default RADIUS server
group.
After an ISP domain is created, it uses the default RADIUS server group (named as
system. For configuration of relevant parameters, read the RADIUS Configuration
section of this chapter ) of the system.
This command is used to specify the RADIUS server group for the current ISP domain.
The specified RADIUS server group shall have been created.
For the related commands, see radius scheme, display radius.
Example
! The following example designates the current ISP domain, huawei163.net, to use the
RADIUS server, huawei.
[Quidway-isp-huawei163.net] radius-scheme Huawei
3.1.15 self-service-url
Syntax
3-14
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
View
Parameter
url-string: The URL address of the page used to change the user password on the
self-service server, a string with 1 to 64 characters. This string cannot contain "?"
character. If "?" is contained in the URL address, you must replace it with "|" when
inputting the URL address in the command line.
Description
Example
# In the default ISP domain "system", configure the URL address of the page used to
change the user password on the self-service server to
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName.
[Quidway] domain system
[Quidway-isp-system] self-service-url enable
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName
3.1.16 service-type
Syntax
For S3552G, S3552P, S3528G, S3528P, S3526E, S3526E FM, S3526E FS and
S3526C:
3-15
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
View
Parameter
Description
Using service-type command, you can configure a service type for a particular user.
Using undo service-type command, you can cancel the specified service type for the
user.
Example
3.1.17 state
Syntax
View
3-16
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Parameter
active: Configures the current ISP domain (ISP domain view)/current user (local user
view) as being in active state, that is, the system allows the users in the domain (ISP
domain view) or the current user (local user view) to request network service.
block: Configures the current ISP domain (ISP domain view)/current user (local user
view) as being in block state, that is, the system does not allow the users in the domain
(ISP domain view) or the current user (local user view) to request network service.
Description
Using state command, you can configure the state of the current ISP domain/ current
user.
By default, after an ISP domain is created, it is in the active state (in ISP domain view).
A local user will be active (in local user view) upon its creation.
In ISP domain view, every ISP can either be in active or block state. If an ISP domain is
configured to be active, the users in it can request for network service, while in block
state, its users cannot request for any network service, which will not affect the users
currently online.
For the related command, see domain.
Example
# Set the current ISP domain huawei163.net to be in the block state. The supplicants in
this domain cannot request for the network service.
[Quidway-isp-huawei163.net] state block
3.1.18 vlan-assignment-mode
Syntax
View
Parameter
3-17
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Using vlan-assignment-mode command, you can specify the dynamic VLAN delivery
mode.
Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E,
S3526E FM, S3526E FS and S3526C support this function, and S3526, S3526 FM and
S3526 FS don’t.
Currently the switch supports RADIUS server delivers the integer type and string type
VLAN ID.
z Integer VLAN ID: The switch adds the port into the VLAN based on the integer ID
delivered from the server. If the VLAN does not exist, it first creates a VLAN and
then adds the port into the new VLAN.
z String ID: The switch compares the string ID delivered from the server with the
VLAN names existing on the switch. If a matching entry is found, the switch adds
the port into the corresponding VLAN. Otherwise, the delivery fails and the user
cannot pass the authentication.
By default, the integer mode is selected, that is, the switch supports the RADIUS server
delivering the integer VLAN ID.
For the related commands, see name.
Example
Syntax
View
Parameter
times: Maximum number for sending Accounting-On packets. It ranges from 1 to 256
and defaults to 15.
Interval: Time interval for sending Accounting-On packets. It ranges from 1 to 30 in
seconds and defaults to 3.
3-18
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Using the accounting-on enable command, you can enable user re-authentication at
reboot. Using the undo accounting-on enable command, you can disable this
function.
Using the undo accounting-on send command, you can restore the default number
for sending Accounting-On packets.
Using the undo accounting-on interval command, you can restore the default time
interval for sending Accounting-On packets.
By default, user re-authentication at reboot is disabled.
Exclusive users are those with its concurrent online number set to 1 on the CAMS. In
the AAA solution implemented jointly by the switch and CAMS, if the switch reboots
after a user passes the authentication/authorization begins being accounted, the switch
prompts that the user has been online when the user logs into the switch before CAMS
makes online detection. Therefore, the user cannot access network resources normally.
The user can access the network only after the network administrator deletes manually
the online information of the user.
To solve this problem, user re-authentication at reboot is designed. After this function is
enabled, each time the switch reboots,
z The switch generates an Accounting-On message, which mainly includes NAS-ID,
NAS-IP (source IP) and session ID;
z The switch sends to CAMS an Accounting-On message;
z Upon receiving the CAMS Accounting-On message, CAMS finds and deletes the
existing online information of the user based on the NAS-ID, NAS-IP (source IP)
and session ID in the Accounting-On message.
Note:
z The main attributes of the Accounting-On message –– NAS-ID, NAS-IP and session
ID are often generated automatically by the switch. However, you can configure the
NAS-IP using the nas-ip command. Make sure you set a correct and valid NAS-IP
address. Otherwise, the switch automatically selects the IP address of the virtual
VLAN interface as NAS-IP.
z Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P,
S3526E, S3526E FM, S3526E FS and S3526C support this function, and S3526,
S3526 FM and S3526 FS don’t.
Example
3-19
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway] radius scheme CAMS
[Quidway-radius-CAMS] accounting-on enable
Syntax
accounting optional
undo accounting optional
View
Parameter
None
Description
Using the accounting optional command, you can enable the selection of RADIUS
accounting option. Using the undo accounting optional command, you can disable
the selection of RADIUS accounting option.
By default, selection of RADIUS accounting option is disabled.
If no RADIUS server is available or if RADIUS accounting server fails when the
accounting optional is configured, the user can still use the network resource,
otherwise, the user will be disconnected.
The user configured with accounting optional command in RADIUS scheme will no
longer send real-time accounting update packet or stop accounting packet.
Example
3.2.3 data-flow-format
Syntax
3-20
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
View
Parameter
Description
Using data-flow-format command, you can configure the unit of data flow that send to
RADIUS Server. Using undo data-flow-format command, you can restore the unit to
the default setting.
By default, the data unit is byte and the data packet unit is one-packet.
For the related command, see display radius.
Example
# Set the unit of data flow that send to RADIUS Server Huawei is kilo-byte and the data
packet unit is kilo-packet.
[Quidway-radius-huawei] data-flow-format data kilo-byte packet kilo-packet
Syntax
View
Any view
Parameter
None
3-21
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Using display local-server statistics command, you can view the statistics of local
RADIUS authentication server.
For the related command, see local-server.
Example
Syntax
View
Any view
Parameter
radius-scheme-name: Specifies the RADIUS scheme name with a character string not
exceeding 32 characters. Display all RADIUS schemes when the parameter is not set.
Description
Using display radius command, you can view the configuration information of all
RADIUS schemes or a specified one.
By default, This command outputs the configuration information about the specified or
all the RADIUS schemes. The output can help with RADIUS diagnosis and
troubleshooting.
For the related command, see radius scheme.
Example
3-22
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display radius statistics command, you can view the statistics information of
RADIUS packet.
This command outputs the statistics information about the RADIUS packets. The
displayed packet information can help with RADIUS diagnosis and troubleshooting.
For the related command, see radius scheme.
Example
3-23
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Running statistic:
RADIUS received messages statistic:
Normal auth request ,Num=0 ,Err=0 ,Succ=0
EAP auth request ,Num=0 ,Err=0 ,Succ=0
Account request ,Num=0 ,Err=0 ,Succ=0
Account off request ,Num=0 ,Err=0 ,Succ=0
Leaving request ,Num=0 ,Err=0 ,Succ=0
… (Omitted)
Syntax
View
Any view
Parameter
3-24
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Example
# Display the stopping accounting requests saved in the system buffer since 0:0:0 to
23:59:59 on August 31, 2002.
<Quidway> display stop-accounting-buffer time-range 0:0:0-2002/08/31
23:59:59-2002/08/31
Total find 0 record
3.2.8 key
Syntax
View
Parameter
3-25
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Using key command, you can configure encryption key for RADIUS
authentication/authorization or accounting packet. Using undo key command, you can
restore the default key.
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the
exchanged packets. The two ends verify the packet through setting the encryption key.
Only when the keys are identical can both ends accept the packets from each other and
give responses. So it is necessary to ensure that the keys set on the switch and the
RADIUS server are identical. If the authentication/authorization and accounting are
performed on two different servers with different encryption keys, you are supposed to
set two encryption keys respectively.
For the related commands, see primary accounting, primary authentication, radius
scheme.
Example
Example 1:
# Set the authentication/authorization key of the RADIUS scheme, huawei, to “hello”.
[Quidway-radius-huawei] key authentication hello
Example 2:
# Set the accounting packet key of the RADIUS scheme, huawei, to “ok”.
[Quidway-radius-huawei] key accounting ok
3.2.9 local-server
Syntax
View
System view
Parameter
nas-ip ip-address: set NAS-IP address of access server. ip-address is expressed in the
format of dotted decimal. By default, there is a local server with the NAS-IP address of
127.0.0.1.
key password: Set password of logon user. password is a character string containing
up to 16 characters.
3-26
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Using local-server command, you can configure the parameters of local RADIUS
server. Using undo local-server command, you can cancel a local RADIUS server.
RADIUS service, which adopts authentication/authorization/accounting servers to
manage users, is widely used in Quidway series switches. Besides, local
authentication/authorization service is also used in these products and it is called local
RADIUS function, i.e. realize basic RADIUS function on the switch.
Caution:
z When using local RADIUS server function of Huawei, remember the number of UDP
port used for authentication is 1645 and that for accounting is 1646.
z The password configured by this command must be the same as that of the
RADIUS authentication/authorization packet configured by the command key
authentication in RADIUS scheme view.
Example
# Set the IP address of local RADIUS authentication server to 10.110.1.2 and the
password to huawei.
[Quidway] local-server nas-ip 10.110.1.2 key huawei
3.2.10 nas-ip
Syntax
nas-ip ip-address
undo nas-ip
View
Parameter
3-27
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Using the nas-ip command, you can set the source IP address of the network access
server (NAS, the switch in this manual), so that all packets destined for the RADIUS
server carry the same source IP address. Using the undo nas-ip command, you can
cancel the configuration.
Specifying a source address for the RADIUS packets to be transmitted can avoid the
situation where the packets sent back by the RADIUS server cannot be received as the
result of a physical interface failure. The address of a loopback interface is usually used
as the source address.
By default, the source IP address of packets is the IP address of the output port.
For the related command, see display radius, radius nas-ip.
Example
# Set the source IP address that is carried in the RADIUS packets sent by the NAS (the
switch) to 10.1.1.1.
[Quidway] radius scheme test1
[Quidway-radius-test1] nas-ip 10.1.1.1
Syntax
View
Parameter
Description
Using primary accounting command, you can configure the IP address and port
number for the primary accounting server. Using undo primary accounting command,
you can restore the default IP address and port number of the primary RADIUS
accounting server.
By default, as for the newly created RADIUS scheme, the IP address of the primary
accounting server is 0.0.0.0, and the UDP port number of this server is 1813; as for the
"system" RADIUS scheme created by the system, the IP address of the primary
accounting server is 127.0.0.1, and the UDP port number is 1646.
3-28
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. In real networking
environments, the above parameters shall be set according to the specific
requirements. However, at least you have to set one authentication/authorization
server and an accounting server. Besides, ensure that the RADIUS service port
settings on the Ethernet switch is consistent with the port settings on the RADIUS
server.
For the related commands, see key, radius scheme, state.
Example
# Set the IP address of the primary accounting server of RADIUS scheme, “huawei”, to
10.110.1.2 and the UDP port 1813 to provide RADIUS accounting service.
[Quidway-radius-huawei] primary accounting 10.110.1.2 1813
Syntax
View
Parameter
Description
Using primary authentication command, you can configure the IP address and port
number for the primary RADIUS authentication/authorization. Using undo primary
authentication command, you can restore the default IP address and port number of
the primary RADIUS authentication/authorization.
By default, as for the newly created RADIUS scheme, the IP address of the primary
authentication server is 0.0.0.0, and the UDP port number of this server is 1812; as for
the "system" RADIUS scheme created by the system, the IP address of the primary
authentication server is 127.0.0.1, and the UDP port number is 1645.
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. In real networking
environments, the above parameters shall be set according to the specific
3-29
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Example
Syntax
View
System view
Parameter
Description
Using the radius nas-ip command, you can specify the source address of the RADIUS
packet sent from NAS. Using the undo radius nas-ip command, you can restore the
default setting.
By specifying the source address of the RADIUS packet, you can avoid unreachable
packets as returned from the server upon interface failure. The source address is
normally recommended to be a loopback interface address..
By default, the source address is not specified, that is, the address of the interface
sending the packet serves as the source address.
This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
Example
3-30
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Syntax
View
System view
Parameter
radius-scheme-name: Specifies the Radius server name with a character string not
exceeding 32 characters.
Description
Using radius scheme command, you can configure a RADIUS scheme and enter its
view. Using undo radius scheme command, you can delete the specified RADIUS
scheme.
By default, a RADIUS scheme named as system has been created in the system. Its
attributes are all default values.
RADIUS protocol configuration is performed on a per-RADIUS-scheme basis. Every
RADIUS scheme shall at least have the specified IP address and UDP port number of
the RADIUS authentication/authorization/accounting server and some necessary
parameters exchanged with the RADIUS client end (switch system). So it is necessary
to create the RADIUS scheme and enter its view before performing other RADIUS
protocol configurations.
A RADIUS scheme can be used by several ISP domains at the same time. You can
configure up to 16 RADIUS server-groups, including the default scheme named as
system.
Although undo radius scheme can remove a specified RADIUS scheme. However,
the default one cannot be removed. Note that a scheme currently in use by the online
user cannot be removed.
For the related commands, see key, retry realtime-accounting, radius-scheme,
timer realtime-accounting, stop-accounting-buffer enable, retry stop-accounting,
server-type, state, user-name-format, retry , display radius, display radius
statistics .
Example
3-31
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Syntax
View
User view
Parameter
None
Description
Using the reset radius statistics command, you can clear the statistic information
related to the RADIUS protocol.
For the related command, see display radius.
Example
Syntax
View
User view
Parameter
3-32
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
time is expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is set, all
the stopping accounting requests saved since start-time to stop-time will be deleted.
user-name user-name : Configures to delete the stopping accounting requests from
the buffer according to the username. User-name specifies the username, a character
string not exceeding 80 characters.
Description
Example
# Delete the stopping accounting requests saved in the system buffer by the user,
user0001@huawei163.net.
<Quidway> reset stop-accounting-buffer user-name user0001@huawei163.net
# Delete the stopping accounting requests saved in the system buffer since 0:0:0 to
23:59:59 on August 31, 2002.
<Quidway> reset stop-accounting-buffer time-range 0:0:0-2002/08/31
23:59:59-2002/08/31
3.2.17 retry
Syntax
retry retry-times
undo retry
View
Parameter
3-33
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Description
Using retry command, you can configure retransmission times of RADIUS request
packet. Using undo retry command, you can restore the retransmission times to
default value.
Because RADIUS protocol uses UDP packets to carry the data, its communication
process is not reliable. If the RADIUS server has not responded NAS until timeout, NAS
has to retransmit RADIUS request packet. If it transmits more than the specified
retry-times, NAS considers the communication with the primary and secondary
RADIUS servers has been disconnected.
Setting a suitable retry-time according to the network situation can speed up the system
response.
For the related command, see radius scheme.
Example
# Set to retransmit the RADIUS request packet no more than 5 times for the RADIUS
scheme huawei.
[Quidway-radius-huawei] retry 5
Syntax
View
Parameter
Description
Using retry realtime-accounting command, you can configure the maximum times of
real-time accounting request failing to be responded. Using undo retry
realtime-accounting command, you can restore the maximum times of real-time
accounting request failing to be responded to the default value.
RADIUS server usually checks if a user is online with timeout timer. If the RADIUS
server has not received the real-time accounting packet from NAS, it will consider that
there is line or device failure and stop accounting. Accordingly, it is necessary to
3-34
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
disconnect the user at NAS end and on RADIUS server synchronously when some
unexpected failure occurs. Quidway Series Ethernet Switches support to set maximum
times of real-time accounting request failing to be responded. NAS will disconnect the
user if it has not received real-time accounting response from RADIUS server for some
specified times.
How to calculate the value of count? Suppose RADIUS server connection will timeout
in T and the real-time accounting interval of NAS is t, then the integer part of the result
from dividing T by t is the value of count. Therefore, when applied, T is suggested the
numbers which can be divided exactly by t.
For the related command, see radius scheme
Example
Syntax
View
Parameter
Description
3-35
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Example
# Indicate that, when stopping accounting request for the RADIUS scheme “Huawei”,
the switch will retransmit the packets for up to 1000 times.
[Quidway-radius-huawei] retry stop-accounting 1000
Syntax
View
Parameter
Description
Using secondary accounting command, you can configure the IP address and port
number for the second RADIUS accounting server. Using undo secondary
accounting command, you can restore the IP address and port number to default
values.
For detailed information, read the Description of the primary accounting command.
For the related commands, see key, radius scheme, state.
Example
# Set the IP address of the second accounting server of RADIUS scheme, huawei, to
10.110.1.1 and the UDP port 1813 to provide RADIUS accounting service.
[Quidway-radius-huawei] secondary accounting 10.110.1.1 1813
Syntax
3-36
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
View
Parameter
Description
Using secondary authentication command, you can configure the IP address and
port number for the second RADIUS authentication/authorization. Using undo
secondary authentication command, you can restore the IP address and port number
to default values.
For detailed information, read the Description of the primary authentication
command.
For the related commands, see key, radius scheme, state.
Example
3.2.22 server-type
Syntax
View
Parameter
huawei: Configures the switch system to support the RADIUS server of Huawei type,
which requires the RADIUS client end (switch system) and RADIUS server to interact
according to the private RADIUS protocol regulation and packet format of Huawei
Technologies Co., Ltd.
iphotel: Configures the switch system to support the RADIUS server of IP Hotel type,
which requires the RADIUS client end (switch system) and RADIUS server to interact
3-37
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
according to the regulation and packet format of IP Hotel (an extension of RADIUS
protocol).
portal: Configures the switch system to support the RADIUS server of portal type,
which requires the RADIUS client end (switch system) and RADIUS server to interact
according to the regulation and packet format of Portal (an extension of RADIUS
protocol).
standard: Configures the switch system to support the RADIUS server of Standard
type, which requires the RADIUS client end (switch system) and RADIUS server to
interact according to the regulation and packet format of standard RADIUS protocol
(RFC 2138/2139 or newer).
Description
Using server-type command, you can configure the RADIUS server type supported by
the switch. Using undo server-type command, you can restore the RADIUS server
type to the default setting
By default, the newly created RADIUS scheme supports the server of standard type,
while the "system" RADIUS scheme created by the system supports the server of
huawei type.
Quidway Series Ethernet Switches support standard RADIUS protocol and the
extended RADIUS service platform developed by Huawei Technologies.
For the related command, see radius scheme.
Example
3.2.23 state
Syntax
View
Parameter
3-38
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
active: Configures the RADIUS server to be active, namely the normal operation state.
Description
Using state command, you can configure the state of RADIUS server.
By default, all the RADIUS servers in every RADIUS scheme are in the state of block.
For the primary and second servers (no matter an authentication/authorization or an
accounting server), if the primary server is disconnected to NAS for some fault, NAS
will automatically turn to exchange packets with the second server. However, after the
primary one recovers, NAS will not resume the communication with it at once, instead,
it continues communicating with the second one. When the second one fails to
communicate, NAS will turn to the primary one again. This command is used to set the
primary server to be active manually, in order that NAS can communicate with it right
after the troubleshooting.
When the primary and second servers are all active or block, NAS will send the
packets to the primary server only.
For the related commands, see radius scheme, primary authentication, secondary
authentication, primary accounting, secondary accounting.
Example
Syntax
stop-accounting-buffer enable
undo stop-accounting-buffer enable
View
Parameter
None
Description
3-39
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Because the stopping accounting request concerns account balance and will affect the
amount of charge, which is very important for both the user and ISP, NAS shall make its
best effort to send the message to RADIUS accounting server. Accordingly, if the
message from the switch to RADIUS accounting server has not been responded, the
switch shall save it in the local buffer and retransmit it until the server responds or
discard the messages after transmitting for specified times.
For the related commands, see reset stop-accounting-buffer, radius scheme,
display stop-accounting-buffer.
Example
# Indicate that, for the RADIUS scheme “Huawei”, the switch will save the stopping
accounting request packets in the buffer
[Quidway-radius-huawei] stop-accounting-buffer enable
3.2.25 timer
Syntax
timer seconds
undo timer
View
Parameter
seconds: RADIUS server response timeout timer, ranging from 1 to 10 and measured
in seconds. By default, the value is 3.
Description
Using timer command, you can configure RADIUS server response timer. Using undo
timer command, you can restore the default value of the timer.
After RADIUS (authentication/authorization or accounting) request packet has been
transmitted for a period of time, if NAS has not received the response from RADIUS
server, it has to retransmit the message to guarantee RADIUS service for the user. The
period taken is called RADIUS server response timeout time, which is controlled by the
RADIUS server response timeout timer in the switch system. This command is used to
set this timer.
Setting a suitable timer according to the network situation will enhance the system
performance.
For the related commands, see radius scheme, retry.
3-40
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Example
Syntax
View
Parameter
minutes: Quiet time interval, ranging from 1 to 255, in minutes. The default value is 5.
Description
Use the timer quiet command to set the quiet time interval after which the primary and
secondary RADIUS servers switch over.
Use the undo timer quiet command to set the quiet time interval to its default value.
The functions of the quiet time interval are as follows:
z The switch sends RADIUS packets to the primary RADIUS server.
z If the switch affirms that the primary server does not respond, it then sends
RADIUS packets to the secondary RADIUS server.
z After each quiet time interval, the switch sets the status of the primary RADIUS
server to active, and sends RADIUS packets to it next time.
Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E,
S3526E FM, S3526E FS and S3526C support this function, and S3526, S3526 FM and
S3526 FS don’t.
Example
# Set the quiet time interval of the RADIUS server group “huawei” to 3 minutes.
[Quidway] radius scheme huawei
[Quidway-radius-huawei] timer quiet 3
Syntax
3-41
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
View
Parameter
Description
100 to 499 6
500 to 999 12
≥1000 ≥15
Example
3.2.28 user-name-format
Syntax
View
3-42
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Parameter
with-domain: Specifies to send the username with domain name to RADIUS server.
without-domain: Specifies to send the username without domain name to RADIUS
server.
Description
Using user-name-format command, you can configure the username format sent to
RADIUS server.
By default, as for the newly created RADIUS scheme, the username sent to RADIUS
servers includes an ISP domain name; as for the "system" RADIUS scheme created by
the system, the username sent to RADIUS servers excludes the ISP domain name.
The supplicants are generally named in userid@isp-name format. The part following
“@” is the ISP domain name. The switch will put the users into certain ISP domains
according to the domain names. However, some earlier RADIUS servers reject the
username including ISP domain name. In this case, the username will be sent to the
RADIUS server after its domain name is removed. Accordingly, the switch provides this
command to decide whether the username to be sent to RADIUS server carries ISP
domain name or not.
Note:
If a RADIUS scheme is configured to reject usernames including ISP domain names,
the RADIUS scheme shall not be simultaneously used in more than one ISP domains.
Otherwise, the RADIUS server will regard two users in different ISP domains as the
same user by mistake, if they have the same username (excluding their respective
domain names.)
Example
3-43
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration Commands
Note:
For the S3500 series, EAD feature is supported on the S3552G, S3552P, S3528G and
S3528P.
Syntax
session-control-server ip-address
undo session-control-server [ ip-address | all ]
View
Parameter
Description
Example
4-1
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration Commands
4-2
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using the display debugging habp command, you can view HAMP debugging state.
Example
Syntax
display habp
View
Any view
Parameter
None
Description
Using the display habp command, you can view configuration information and state of
HABP attribute.
5-1
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Commands
Example
Field Description
HABP mode for the current switch, including server
HABP Mode
and client
Sending HABP request
Time interval to send HABP request packets
packets every 20 seconds
Bypass VLAN Send HABP packets in specified VLANs
Syntax
View
Any view
Parameter
None
Description
Using the display habp table command, you can view HABP MAC address table.
Example
Syntax
5-2
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Commands
View
Any view
Parameter
None
Description
Using the display habp traffic command, you can view HABP packet statistics.
Example
Syntax
habp enable
undo habp enable
View
System view
Parameter
None
Description
Using the habp enable command, you can enable HABP attribute at a switch. Using
the undo hapb enable command, you can disable HABP attribute at a switch.
By default, HABP attribute is disabled at a switch.
If 802.1x attribute is enabled on switch and HABP attribute is not enabled, for those
ports where 802.1x authentication is skipped, packets will be filtered by 802.1x attribute,
so the management over them is also impossible. When 802.1x attribute are enabled,
HABP attribute should be enabled meanwhile.
Example
5-3
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Commands
Syntax
View
System view
Parameter
Description
Using the habp server vlan command, you can set HABP mode as server and specify
transmitting HABP packets in a specific VLAN. Using the undo hapb server vlan
command, you can restore the HABP mode to the default value.
By default, the HABP mode is client.
You must first enable HABP attribute at a switch using the habp enable command, and
then specify HABP mode as server.
Example
Syntax
View
System view
Parameter
interval: Time interval to send HABP request packets, in range of 5~600 seconds. By
default, the time interval is 20 seconds.
5-4
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Commands
Description
Using the habp timer command, you can define time interval for a switch to send
HABP request packet. Using the undo habp timer command, you can restore the time
interval to the default value.
The command is only available on the switch whose HABP mode is set as server.
Example
5-5
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Commands
Note:
Among S3500 series ethernet switches, S3526, S3526 FM, S3526 FS, S3526E,
S3526E FM, S3526E FS and S3526C support system-guard function.
Syntax
View
Any view
Parameter
None
Description
Using the display system-guard ip-record command, you can view the record of the
IP packets that the switch CPU receives during this detection interval.
Example
# Display the record of the IP packets that the switch CPU receives during this
detection interval..
[Quidway] display system-guard ip-record
SrcIP[00]: 0. 0. 0. 0 DstIP[00]: 0. 0. 0. 0 RxPortNum: 0
SrcIP[01]: 0. 0. 0. 0 DstIP[01]: 0. 0. 0. 0 RxPortNum: 0
SrcIP[02]: 0. 0. 0. 0 DstIP[02]: 0. 0. 0. 0 RxPortNum: 0
SrcIP[03]: 0. 0. 0. 0 DstIP[03]: 0. 0. 0. 0 RxPortNum: 0
SrcIP[04]: 0. 0. 0. 0 DstIP[04]: 0. 0. 0. 0 RxPortNum: 0
… (Omitted)
6-1
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Commands
Field Description
SrcIP[00] Source IP address[number],number ranges from 00 to 99.
DstIP[00] Destination IP address[number],number ranges from 00 to 99.
RxPortNum Ingress port number
Syntax
View
Any view
Parameter
None
Description
Using display system-guard state command, you can view current detection results
and parameters of system-guard.
Example
Field Description
Ip-Attack threshold The max number of the learned IP addresses
Deny threshold Threshold of consecutive detection time
6-2
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Commands
Field Description
Infected virus Host Number The number of hosts infected by virus
Isolate time, unit in aging period of the MAC
Isolated times of Aging time
address
Syntax
system-guard enable
undo system-guard enable
View
System view
Parameter
None
Description
Using system-guard enable command, you can enable system-guard function. Using
undo system-guard enable, you can disable the state of system-guard function.
By default, system-guard function is disabled.
System-guard detects the source IP address featuring attacks and counts the number
of those IP packets by monitoring the packets that the CPU receives at the interval of 10
seconds. Once the number exceeds the preconfigured threshold, some measures are
taken to treat the host with this IP address:
z For S3526, S3526FM, and S3526FS: The switch applies the ACL automatically to
force the host with this IP address (affected host for short) to log off. And after a
specified time, the switch will recover normal forwarding of the affected host.
z For S3526E, S3526E FM, S3526E FS and S3526C: If the packets from the host
with the source IP address needs to be handled by the switch CPU, the switch
reduces the priority of the packets and drops the packets that has been sent to the
CPU.
6-3
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Commands
Caution:
Example
Syntax
View
System view
Parameter
Description
Using system-guard detect-maxnum command, you can set the max detection count
of affected hosts. Using undo system-guard detect-maxnum command, you can set
the max detection count of affected hosts to the default value.
By default, the max detection count of affected hosts is 30.
Example
6-4
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Commands
Syntax
View
System view
Parameter
IP-record-threshold; the max number of the learned IP addresses, range from 1 to 100.
record-times-threshold: threshold of consecutive detection times which the learned
address number exceed the threshold of IP address learned for one time ,range from 1
to 10.
isolate-time: isolate time, range from 3 to 100, unit in aging period.
Description
Example
Syntax
6-5
Command Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Commands
View
System view
Parameter
None
Description
Using the system-guard no-learn-dip enable command, you can enable the switch
not to learn the destination IP address in the packets. Using the undo system-guard
no-learn-dip enable command, you can remove this configuration.
By default, the S3526, S3526 FM and S3526 FS need to learn the destination IP
address in the packets if the address is not reside in the non-directly connected network
segment. In this way, they can forward multiple times while learning once. When the
switch is enabled not to learn the destination address in the packets, it learns from the
source IP address in the response, thus preventing the hosts from the virus attacks of
destination address scanning.
This command is only effective to the S3526, S3526 FM and S3526 FS.
Example
# Enable the switch not to learn the destination IP address in the packets.
[Quidway] system-guard no-learn-dip enable
6-6
HUAWEI
Reliability
Table of Contents
i
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
Syntax
View
User view
Parameter
Description
Using debugging vrrp command, you can enable the VRRP debugging. Using undo
debugging vrrp command, you can disable the VRRP debugging. By default, the
VRRP debugging is disabled.
Example
Field Description
Vlan-Interface1 Interface in which virtual router resides
1-1
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
Syntax
View
Any view.
Parameter
Description
Using display vrrp command, you can view the information about the VRRP state.
This command is used to view the information about the VRRP state and configuration
parameters. If the interface name and virtual router ID are not specified, the state
information about all the virtual routers on the switch will be displayed. If only the
interface name is specified, the state information about all the virtual routers on the
interface will be displayed. If the interface name and virtual router ID are specified, the
state information about the specified virtual router on the interface will be displayed.
Example
# Display the information about the virtual routers on VLAN-interface 1 of the switch.
[Quidway-Vlan-interface1] display vrrp
Run Method : VIRTUAL-MAC Virtual Ip Ping : Disable
Interface : Vlan-interface1
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Initialize
Config Pri : 100 Run Pri : 90
Preempt Mode : YES Delay Time : 0
Auth Type : NONE
Track IF : Vlan-interface2 Pri Reduced : 10
Virtual IP : 1.1.1.1
Master IP : 0.0.0.0
Field Description
Run Method Run method: real or virtual MAC method
Virtual IP ping Whether to enable to ping through virtual IP
1-2
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
Field Description
Interface Interface in which virtual router resides
VRID VRID of virtual router
Adver.Timer Time for sending broadcast packet
Admin Status Control status of virtual router
State Running state of virtual router
Config Pri Configured priority
Run Pri Run priority
Preempt Mode Preempt mode
Delay Time Delay time
Auth Type Authentication type
Track IF Track interface
Reduced priority value for virtual router when track
Pri Reduced
interface is Down
Syntax
View
Parameter
1-3
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
Description
Using vrrp authentication-mode command, you can configure the authentication type
and key of a specified VRRP virtual router. Using undo vrrp authentication-mode
command, you can reset the authentication type and key of a specified VRRP virtual
router.
If the simple or md5 authentication is configured, it is required to set the authentication
key.
This command is used to configure the authentication type and key for all the VRRP
virtual routers on an interface. As defined in the protocol, all the virtual routers on an
interface shall use the same authentication type and key. And all the members joining
the same virtual router shall also use the same authentication type and key.
When the authentication type and key are set, the upper/lower cases are not necessary
to be matched.
Example
# Specify the authentication type and key for a VRRP virtual router.
[Quidway-vlan-interface2] vrrp authentication-mode simple huawei
Syntax
View
System view
Parameter
real-mac: Use the real MAC address of the interface to match the virtual IP address of
the backup group in VRRP backup.
virtual-mac: Use the virtual MAC address of the interface to match the virtual IP
address of the backup group in VRRP backup.
Description
Using vrrp method command, you can set correspondence between the MAC address
and the virtual IP address of the backup group: matching the real MAC address or the
virtual address with the virtual IP address. Using undo vrrp method command, you
can reset the correspondence to the default value.
By default, the switch matches the virtual MAC address with the IP address of the
backup group.
1-4
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
Due to the chips installed, some switches support matching one IP address to multiple
MAC addresses. Then you may configure correspondence between the virtual IP
address of the backup group and the real/virtual MAC address.
You should set correspondence between the virtual IP address of the backup group
and the MAC address before configuring the backup group. Otherwise, you cannot
configure the correspondence.
S3526, S3526 FM, S3526 FS Ethernet switches don’t support this command.
Example
# Set the real MAC address of the interface match the virtual IP address of the backup
group.
[Quidway] vrrp method real-mac
Syntax
vrrp ping-enable
undo vrrp ping-enable
View
System view
Parameter
None
Description
Using vrrp ping-enable command, you can enable the function to ping the virtual IP
address of the backup group. Using undo vrrp ping-enable command, you can
disable the function to pin the virtual IP address of the backup group.
By default, the ping function is disabled.
You can only use the commands before configuring the backup group.
Example
# Enable the function to ping the virtual IP address of the backup group.
[Quidway] vrrp ping-enable
Syntax
1-5
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
View
Parameter
Description
Using vrrp vrid preempt-mode command, you can configure the preemption and
delay of the virtual router. Using undo vrrp vrid preempt-mode command, you can
cancel the preemption.
By default, virtual router is in preempt mode and delay-value is 0 second.
If a higher-priority switch is required to preempt the Master, you need configure it as
preemption. You can also set a delay for the preemption. If you configure it not to
preempt, the delay will be set to 0 automatically.
Example
# Set a delay.
[Quidway-vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
Syntax
View
Parameter
1-6
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
Description
Using vrrp vrid priority command, you can configure the virtual router priority. Using
undo vrrp vrid priority command, you can reset the virtual router priority.
The priority decides the status of a switch in the virtual router. A higher-priority switch is
more likely to be a Master. Priority 0 is reserved for some special purpose. 255 is
reserved for the IP address owner. The priority of the IP address owner is always 255
and cannot be modified.
Example
Syntax
View
Parameter
Description
Using vrrp vrid timer command, you can configure the virtual router timer. Using undo
vrrp vrid timer command, you can reset the virtual router timer.
This command is used to set the VRRP packet interval of the Master in the virtual router.
You are supposed to set the identical timer value for the switches in the same virtual
router to avoid improper configuration.
Example
1-7
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
Syntax
View
Parameter
Description
Using vrrp vrid track command, you can configure to track the interface. Using undo
vrrp vrid track command, you can stop tracking the interface.
VRRP interface track expends the backup function, which thereby can be implemented
not only when the switch fails, but also when a network interface is down. The user can
use this command to track or stop tracking an interface or all the interfaces. After the
configuration of the interface tracking, the priority of the switch will be reduced, if the
tracked interface turns down. Accordingly, some other switch in the virtual router will
have the comparatively highest priority and become the new Master, thereby
implementing the backup function. The IP address owner does not allow the
configuration of interface tracking.
A single virtual router supports up to 8 tracks.
Example
Syntax
1-8
Command Manual - Reliability
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
View
Parameter
Description
Using vrrp vrid virtual-ip command, you can create a virtual router or add a virtual IP
address to an existing virtual router. Using undo vrrp vrid virtual-ip command, you
can cancel an existing virtual router or an address from the virtual router.
Example
1-9
HUAWEI
System Management
Table of Contents
i
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Table of Contents
ii
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Table of Contents
iii
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Table of Contents
iv
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Table of Contents
v
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Syntax
cd directory
View
User view
Parameter
directory: Destination directory; By default, the directory is the working path configured
by the user when the system starts.
Description
Using cd command, you can change the current user configuration path on the
Ethernet Switch.
Example
1.1.2 copy
Syntax
View
User view
Parameter
1-1
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Description
Example
1.1.3 delete
Syntax
View
User view
Parameter
Description
Using delete command, you can cancel a specified file from the storage device of the
Ethernet Switch.
The deleted files are kept in the recycle bin and will not be displayed when you use the
dir command. However they will be displayed, using the dir /all command. The files
deleted by the delete command can be recovered with the undelete command or
deleted permanently from the recycle bin, using the reset recycle-bin command.
1-2
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Note that, if two files with the same name in a directory are deleted, only the latest
deleted file will be kept in the recycle bin.
Example
1.1.4 dir
Syntax
View
User view
Parameter
Description
Using dir command, you can view the information about the specified file or directory in
storage device of Ethernet Switch.
Example
# Display all files with the names starting with "t" in the directory flash:/test/
<Quidway> dir flash:/test/t*
Directory of flash:/test/
1-3
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
# Display information about all the files (including the deleted files) in the directory
flash:/test/
<Quidway> dir /all flash:/test/
Directory of flash:/test/
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:28:52 test.txt
7932928 bytes total (4966400 bytes free)
# Display information of all the files (including the deleted files) with the names starting
with "t" in flash:/test/
<Quidway> dir /all flash:/test/t*
Directory of flash:/test/t*
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:32:49 [text.txt]
7932928 bytes total (4965376 bytes free)
Syntax
View
System view
Parameter
alert: Perform interactive confirmation on dangerous file operations; The default value
is alert, which configures to perform interactive confirmation on dangerous file
operations.
quiet: Do not prompt for the file operations.
Description
Using file prompt command, you can modify prompt modes of the file operation on the
Ethernet switch.
If the prompt mode is set as quiet, that is, no prompt for file operations, some
non-recoverable operations may lead to system damage.
Example
1-4
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
1.1.6 format
Syntax
format filesystem
View
User view
Parameter
Description
Example
# Format flash:
<Quidway> format flash:
All data on Flash will be lost , proceed with format ? [Y/N] y
% Now begin to format flash, please wait for a while...
Format winc: completed
1.1.7 mkdir
Syntax
mkdir directory
View
User view
Parameter
Description
Using mkdir command, you can create directory in the specified directory on the
storage device.
The directory to be created cannot have the same name as that of other directory or file
in the specified directory.
1-5
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
1.1.8 more
Syntax
more file-url
View
User view
Parameter
Description
Example
1.1.9 move
Syntax
View
User view
Parameter
1-6
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Description
Example
1-7
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
1.1.10 pwd
Syntax
pwd
View
User view
Parameter
None
Description
Example
1.1.11 rename
Syntax
View
User view
Parameter
Description
Example
1-8
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Directory of flash:/
drwxrwxrwx 1 noone nogroup - Jun 22 2002 02:19:16 shit
-rwxrwxrwx 1 noone nogroup 971 Jun 30 2003 11:45:19 vrpcfg.txt
-rwxrwxrwx 1 noone nogroup 4 Aug 27 2003 16:56:56 snmpboots
-rwxrwxrwx 1 noone nogroup 2957562 Sep 20 2003 10:49:57 QX-S5516-VRP31
0-0030.app
drwxrwxrwx 1 noone nogroup - Sep 20 2003 14:27:58 test
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:41:44 sample.txt
7932928 bytes total (4963328 bytes free)
Syntax
View
User view
Parameter
Description
Using reset recycle-bin command, you can permanently delete files from the recycle
bin.
The delete command only puts the file into the recycle bin, but reset recycle-bin
command will delete this file permanently.
1-9
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
1.1.13 rmdir
Syntax
rmdir directory
View
User view
Parameter
Description
Example
1.1.14 undelete
Syntax
undelete file-url
View
User view
Parameter
Description
1-10
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
# Display the information of all the files (including the deleted ones) in the current
directory.
<Quidway> dir /all
Directory of flash:/
drwxrwxrwx 1 noone nogroup - Jun 22 2002 02:19:16 shit
-rwxrwxrwx 1 noone nogroup 971 Jun 30 2003 11:45:19 vrpcfg.txt
-rwxrwxrwx 1 noone nogroup 4 Aug 27 2003 16:56:56 snmpboots
-rwxrwxrwx 1 noone nogroup 2957562 Sep 20 2003 10:49:57 QX-S5516-VRP31
0-0030.app
drwxrwxrwx 1 noone nogroup - Sep 20 2003 14:27:58 test
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:53:32 [sample.bak]
7932928 bytes total (4962304 bytes free)
# Display the information of all the files (including the deleted ones) in the current
directory.
<Quidway> dir /all
Directory of flash:/
drwxrwxrwx 1 noone nogroup - Jun 22 2002 02:19:16 shit
-rwxrwxrwx 1 noone nogroup 971 Jun 30 2003 11:45:19 vrpcfg.txt
-rwxrwxrwx 1 noone nogroup 4 Aug 27 2003 16:56:56 snmpboots
-rwxrwxrwx 1 noone nogroup 2957562 Sep 20 2003 10:49:57 QX-S5516-VRP31
0-0030.app
drwxrwxrwx 1 noone nogroup - Sep 20 2003 14:27:58 test
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:54:16 sample.bak
7932928 bytes total (4962304 bytes free)
Syntax
reset saved-configuration
View
User view
1-11
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Parameter
None
Description
Using reset saved-configuration command, you can erase configuration files from
the flash memory of the Ethernet Switch.
Perform this command with cautious. It is suggested to consult technical support
personnel first.
Generally, this command is used in the following situations:
z After upgrade of software, configuration files in flash memory may not match the
new version's software. Perform reset saved-configuration command to erase
the old configuration files.
z If a used Ethernet Switch is applied to the new circumstance and the original
configuration files cannot meet the new requirements, the Ethernet Switch should
be configured again. Erase the original configuration files for reconfiguration.
If the configuration files do not exist in the flash memory when Ethernet Switch is
electrified and initialized, it will enter setup switch view automatically.
For the related commands, see save, display current-configuration, display
saved-configuration.
Example
# Erase the configuration files from the flash memory of Ethernet Switch.
<Quidway> reset saved-configuration
This will delete the configuration in the flash memory.
The switch configurations will be erased to reconfigure.
Are you sure?[Y/N]
1.2.2 save
Syntax
save
View
User view
Parameter
None
Description
Using save command, you can save the current configuration files to Flash memory.
1-12
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
Syntax
display ftp-server
View
Any view
Parameter
None
Description
Using display ftp-server command, you can view the parameters of the current FTP
Server. You can perform this command to verify the configuration after setting FTP
parameters.
Example
1-13
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Syntax
display ftp-user
View
Any view
Parameter
None
Description
Using display ftp-user command, you can view the parameters of current FTP user.
You can perform this command to examine the configuration after setting FTP
parameters.
Example
Syntax
View
System view
Parameter
Description
Using ftp server command, you can start FTP Server and enable FTP user logon.
Using undo ftp server command, you can close FTP Server and disable FTP user
logon.
By default, FTP Server is shut down.
Perform this command to easily start or shut down FTP Server, preventing Ethernet
Switch from being attacked by some unknown user.
1-14
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
Syntax
View
System view
Parameter
Description
Using ftp timeout command, you can configure connection timeout interval. Using
undo ftp timeout command, you can restore the default connection timeout interval.
After a user logs on to an FTP Server and has established connection, if the connection
is interrupted or cut abnormally by the user, FTP Server will still hold the connection.
The connection timeout can avoid this problem. If the FTP server has no command
interaction with a client for a specific period of time, it considers the connection to be
failed and disconnect to the client.
Example
1.3.5 local-user
Syntax
local-user user-name
undo local-user { user-name | all [ service-type { telnet | ftp | lan-access } ] }
View
System view
1-15
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Parameter
Description
Using local-user command, you can configure a local user and enter the local user
view. Using undo local-user command, you can cancel a specified local user.
By default, no local user.
For the related commands, see display local-user, server-type.
Example
1.3.6 password
Syntax
View
Parameter
1-16
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Description
Using password command, you can configure a password display mode for local users.
Using undo password command, you can cancel the specified password display
mode.
If local-user password-display-mode cipher-force has been adopted, the user
efforts of using the password command to set the password display mode to simple
text (simple) will render useless.
For the related command, see display local-user.
Example
# Set the user huawei1 to display the password in simple text, given the password is
20030422.
[Quidway-user-huawei1] password simple 20030422
1.3.7 service-type
Syntax
View
Parameter
Description
Using service-type command, you can configure a service type for a particular user.
Using undo service-type command, you can cancel the specified service type for the
user.
Example
1-17
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Syntax
ascii
View
Parameter
None
Description
Using ascii command, you can configure data transmission mode as ASCII mode.
By default, the file transmission mode is ASCII mode.
Perform this command if the user needs to change the file transmission mode to default
mode.
Example
1.4.2 binary
Syntax
binary
View
Parameter
None
Description
Using binary command, you can configure file transmission type as binary mode.
1-18
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
1.4.3 bye
Syntax
bye
View
Parameter
None
Description
Using bye command, you can disconnect with the remote FTP Server and return to
user view.
After performing this command, you can terminate the control connection and data
connection with the remote FTP Server.
Example
# Terminate connection with the remote FTP Server and return to user view.
[ftp] bye
1.4.4 cd
Syntax
cd pathname
View
Parameter
Description
Using cd command, you can change the working path on the remote FTP Server.
This command is used to access another directory on FTP Server. Note that the user
can only access the directories authorized by the FTP server.
1-19
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
1.4.5 cdup
Syntax
cdup
View
Parameter
None
Description
Using cdup command, you can change working path to the upper level directory.
This command is used to exit the current directory and return to the upper level
directory.
Example
1.4.6 close
Syntax
close
View
Parameter
None
Description
Using close command, user can disconnect FTP client side from FTP server side
without exiting FTP client side view. That is to say, you can terminate the control
connection and data connection with the remote FTP Server at the same time.
Related command: open.
1-20
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
# Terminate connection with the remote FTP Server and stays in FTP Client view.
[ftp] close
1.4.7 debugging
Syntax
debugging
View
Parameter
None
Description
Using debugging command, you can enable the system debugging functions.
Example
1.4.8 delete
Syntax
delete remotefile
View
Parameter
Description
Example
1-21
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
1.4.9 dir
Syntax
View
Parameter
Description
Example
# Query the file temp.c and saves the results in the file temp1.
[ftp] dir temp.c temp1
1.4.10 disconnect
Syntax
disconnect
View
Parameter
None
Description
Using disconnect command, subscribers can disconnect FTP client side from FTP
server side without exiting FTP client side view.
This command terminates the control connection and data connection with the remote
FTP Server at the same time.
Example
# Terminate connection with the remote FTP Server and stays in FTP Client view.
[ftp] disconnect
1-22
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
1.4.11 ftp
Syntax
View
User view
Parameter
Description
Using ftp command, you can establish control connection with the remote FTP Server
and enter FTP Client view.
Example
1.4.12 get
Syntax
View
Parameter
Description
Using get command, you can download a remote file and save it locally.
If no local file name is specified, it will be considered the same as that on the remote
FTP Server.
Example
1-23
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
1.4.13 lcd
Syntax
lcd
View
Parameter
None
Description
Using lcd command, you can view local working path of FTP Client.
Example
1.4.14 ls
Syntax
ls [ remotefile ] [ localfile ]
View
Parameter
Description
Example
1-24
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
1.4.15 mkdir
Syntax
mkdir pathname
View
Parameter
Description
Using mkdir command, you can create a directory on the remote FTP Server.
User can perform this operation as long as the remote FTP server has authorized.
Example
1.4.16 open
Syntax
View
Parameter
Description
Using open command, you can establish control connection with the remote FTP
Server in the FTP Client view.
Related command: close.
Example
# Establish control connection with the FTP Server, which IP address is 1.1.1.1.
[ftp] open 1.1.1.1
Trying ...
1-25
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
1.4.17 passive
Syntax
passive
undo passive
View
Parameter
None
Description
Using passive command, you can configure the data transmission mode as passive
mode. Using undo passive command, you can configure the data transmission mode
as active mode.
By default, the data transmission mode is passive mode
Example
1.4.18 put
Syntax
View
Parameter
1-26
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Description
Using put command, you can upload a local file to the remote FTP Server.
If the user does not specify the filename on the remote server, the system will consider
it the same as the local file name by default.
Example
# Upload the local file temp.c to the remote FTP Server and saves it as temp1.c.
[ftp] put temp.c temp1.c
1.4.19 pwd
Syntax
pwd
View
Parameter
None
Description
Using pwd command, you can view the current directory on the remote FTP Server.
Example
1.4.20 quit
Syntax
quit
View
Parameter
None
1-27
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Description
Using quit command, you can terminate the connection with the remote FTP Server
and return to user view.
Example
# Terminate connection with the remote FTP Server and returns to user view.
[ftp] quit
<Quidway>
1.4.21 remotehelp
Syntax
remotehelp [ protocol-command ]
View
Parameter
Description
Using remotehelp command, you can view help information about the FTP protocol
command.
Example
1.4.22 rmdir
Syntax
rmdir pathname
View
Parameter
1-28
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Description
Using rmdir command, you can cancel the specified directory from FTP Server.
Example
1.4.23 user
Syntax
View
Parameter
Description
Example
# Log in the FTP Server with username tom and password bjhw.
[ftp] user tom bjhw
1.4.24 verbose
Syntax
verbose
undo verbose
View
Parameter
None
Description
Using verbose command, you can enable verbose. Using undo verbose command,
you can disable verbose.
1-29
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Example
# Enable verbose.
[ftp]verbose
Syntax
View
System view
Parameter
Description
Using tftp command, you can configure the transmission mode of the TFTP files.
TFTP transmits files in two modes, binary mode for program files and ASCII mode for
text files. You can perform this command to configure the file transmission mode. By
default, TFTP transmits files in binary mode. Before resetting the mode and restarting
the switch, the set mode will not change.
For the related commands, see tftp get, tftp put.
Example
Syntax
View
System view
1-30
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Parameter
//A.A.A.A/xxx.yyy: Information about the file to be downloaded from the TFTP server.
A.A.A.A: IP address of the TFTP server.
mmm.nnn: Specify the filename saved as after downloaded to the switch, which can be
different from xxx.yyy.
Description
Using tftp get command, you can download a file xxx.yyy from the specified directory
of the TFTP server (at A.A.A.A) and saving it as mmm.nnn on the switch.
For the related commands, see tftp, tftp put.
Example
# Download the file LANSwitch.app from the TFTP server at 1.1.3.214 and save it as
vxWorks.app on the local switch.
[Quidway] tftp binary
[Quidway] tftp get //1.1.3.214/ LANSwitch.app vxWorks.app
Syntax
View
System view
Parameter
Description
Using tftp put command, you can upload a file from the switch to the specified directory
on the TFTP server (at A.A.A.A) and saving it as mmm.nnn.
For the related commands, see tftp, tftp get.
Example
# Upload the vrpcfg.txt to the TFTP server at 1.1.3.214 and save it as Temp.txt.
[Quidway] tftp ascii
[Quidway] tftp put vrpcfg.txt //1.1.3.214/temp.txt
1-31
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management Commands
Syntax
View
Any view
Parameter
None
Description
Using display mac-address aging-time command, you can view the aging time of the
dynamic entry in the MAC address table.
For the related commands, see mac-address, mac-address timer, display
mac-address.
Example
# Display the aging time of the dynamic entry in the MAC address table.
[Quidway] display mac-address aging-time
mac-address aging-time: 300s
The above information indicates that the aging time of the dynamic entry in the MAC
address is 300s.
Syntax
View
Any view
2-1
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management Commands
Parameter
Description
Using display mac-address command, you can view MAC address table information.
When managing the Layer-2 addresses of the switch, the administrator can Perform
this command to view such information as the Layer-2 address table, address status
(static or dynamic), Ethernet port of the MAC address, VLAN of the address, and
system address aging time.
For the related commands, see mac-address, mac-address timer.
Example
# Show the information of the entry with MAC address at 00e0-fc01-0101 on S3526E.
[Quidway] display mac-address 00e0-fc01-0101
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME
00e0-fc01-0101 1 Learned Ethernet0/1 AGING
# Show the information of the entry with MAC address at 00e0-fc01-0101 on S3526.
[Quidway] display mac-address 00e0-fc01-0101
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
00e0-fc01-0101 1 Learned Ethernet0/1 300
2.1.3 mac-address
Syntax
2-2
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management Commands
View
System view
Parameter
Description
Using mac-address command, you can add/modify the MAC address table entry.
Using undo mac-address command, you can cancel MAC address table entry
If the input address has been existed in the address table, the original entry will be
modified. That is, replace the interface pointed by this address with the new interface
and the entry attribute with the new attribute (dynamic entry and static entry).
All the (MAC unicast) addresses on a certain interface can be deleted. User can choose
to delete any of the following addresses: address learned by system automatically,
dynamic address configured by user, static address configured by user.
Because the address table is shared in the VLAN domain, you need specify the VLAN
of the multicast address and the port of the unicast address, when adding entries to the
address table.
For the related commands, see display mac-address.
Example
Syntax
2-3
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management Commands
View
Parameter
count: Specify the amount limit to the MAC addresses to be learned. 0 indicates that no
address can be learned via the port.
Description
Using mac-address max-mac-count command, you can set a limit to the MAC
addresses to be learned by the Ethernet port. Using undo mac-address
max-mac-count command, you can cancel the limit.
By default, there is no limit to the MAC addresses learned via the Ethernet port.
The port will stop learning MAC address when the amount reaches the limit specified
by the count parameter.
For the related commands, see mac-address, mac-address timer.
Example
Syntax
View
System view
Parameter
aging age: Specifies the aging time (measured in seconds) of the Layer-2 dynamic
address table entry, ranging from 10 to 1000000. By default, the aging time is 300
seconds.
no-aging : No aging time.
2-4
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management Commands
Description
Using mac-address timer command, you can configure the aging time of the Layer-2
dynamic address table entry. Using undo mac-address timer command, you can
restore the default value.
Too long or too short aging time set by subscribers will cause the problem that the
Ethernet switch broadcasts a great mount of data packets without MAC addresses,
which will affect the switch operation performance.
If aging time is set too long, the Ethernet switch will store a great number of out-of-date
MAC address tables. This will consume MAC address table resources and the switch
will not be able to update MAC address table according to the network change.
If aging time is set too short, the Ethernet switch may delete valid MAC address table.
Example
# Configure the entry aging time of Layer-2 dynamic address table to be 500 seconds.
[Quidway] mac-address timer aging 500
2-5
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 3 Device Management Commands
Syntax
View
User view
Parameter
Description
Using boot boot-loader command, you can configure the app file used for boot of the
next time.
Example
Syntax
View
User view
Parameter
Description
3-1
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 3 Device Management Commands
Example
# Upgrade bootrom.
<Quidway> boot bootrom PLATV100R002B09D002.btm
Syntax
display boot-loader
View
Any view
Parameter
None
Description
Using display boot-loader command, you can view APP file used next time.
Example
Syntax
display cpu
View
Any view
Parameter
None
Description
Example
3-2
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 3 Device Management Commands
Field Description
CPU busy status. The busy status of switch
18% in last 5 seconds The CPU occupancy rate is 18% at last 5 seconds
19% in last 1 minute The CPU occupancy rate is 19% at last 1 minute
19% in last 5 minutes The CPU occupancy rate is 19% at last 5 minutes
Syntax
display device
View
Any view
Parameter
None
Description
Using display device command, you can view module type and working status
information of each card (including main card and daughter-card).
Perform display device command to display the module type and working status
information of a card, including physical card number, physical daughter card number,
number of ports, hardware version number, FPGA version number, BOOTROM
software version number, application version number, address learning mode, interface
card type and interface card type description, etc.
Example
3-3
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 3 Device Management Commands
Field Description
SlotNo Physical card number
SubSNo Sub physical card number (namely stack card number)
PortNum Number of ports
Syntax
View
Any view
Parameter
Description
Using display fan command, you can view the working state of the built-in fans. User
can Perform this command to see if they work normally.
Example
3-4
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 3 Device Management Commands
Syntax
View
Any view
Parameter
Description
Example
Field Description
System Total Memory(bytes) The Total Memory of switch, unit in byte
Total Used Memory(bytes) The Total used Memory of switch, unit in byte
Used Rate The memory used rate
3.1.8 reboot
syntax
reboot
View
User view
Parameter
None.
3-5
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 3 Device Management Commands
Description
Using reboot command, you can reset the Ethernet Switch when failure occurs.
Example
3.1.9 temperature-limit
Syntax
View
Parameter
Description
Using temperature-limit command, you can configure temperature limit. Using undo
temperature-limit command, you can restore temperature limit to default value.
Example
3-6
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
View
User view
Parameter
HH:MM:SS: Current clock. HH ranges from 0 to 23. MM and SS range from 0 to 59.
YYYY/MM/DD: Specify the current year, month and date. YYYY ranges from 1993 to
2035. MM ranges from 1 to 12 and DD ranges from 1 to 31.
Description
Using clock datetime command, you can configure the current date and clock of
Ethernet Switch.
By default, the date and clock of Ethernet Switch is set as 0:0:0, 2000/1/1.
The current date and clock of Ethernet Switch must be set in the circumstance that
absolute time is strictly required.
For the related commands, see display clock.
Example
Syntax
4-1
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
View
User view
Parameter
zone_name: Name of the summer time, which is a character with the length ranging 1
to 32.
one-off: Only set the summer time of a certain year.
repeating: Set the summer time of every year starting from a certain year.
start-time: Set start time of the summer time, input like HH:MM:SS
(hour/minute/second).
start-date: Set start time of the summer time, input like YYYY/MM/DD
(year/month/day).
end-time: Set end time of the summer time, input like HH:MM:SS
(hour/minute/second).
end-date: Set end time of the summer time, input like YYYY/MM/DD (year/month/day).
offset-time: Set offset time of the summer time, input like HH:MM:SS
(hour/minute/second).
Description
Using clock summer-time command, you can set the name, starting and ending time
of the summer time. Using undo clock summer-time command, you can remove the
configuration of the summer time.
After the configuration takes effect, the display clock command can be used to check
it. Besides, the time of the log or debug information uses the local time after the
adjustment of the time zone and summer time.
For the related command, see clock timezone.
Example
# Set the summer time for z2 that starts at 06:00:00 on 08/06/2002 and ends at
06:00:00 on 01/09/2002 with the time adding 1 hour.
<Quidway> clock summer-time z2 one-off 06:00:00 2002/06/08 06:00:00 2002/09/01
01:00:00
# Set the summer time for z2 that starts at 06:00:00 on 08/06 and ends at 06:00:00 on
01/09 in each year from 2002 on with the time adding 1 hour.
<Quidway> clock summer-time z2 repeating 06:00:00 2002/06/08 06:00:00
2002/09/01 01:00:00
4-2
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
View
User view
Parameter
zone_name: Name of the time zone, which is a character with the length ranging 1 to
32.
add: The time is adding compared with the UTC.
minus: The time is minus compared with the UTC.
HH:MM:SS: Time (hour/minute/second).
Description
Using clock timezone command, you can set the information of the local time zone.
Using undo clock timezone command, you can restore to the default Universal Time
Coordinated (UTC) time zone.
After the configuration takes effect, the display clock command can be used to check
it. Besides, the time of the log or debug information uses the local time after the
adjustment of the time zone and summer time.
For the related command, see clock summer-time.
Example
# Set the name of the local time zone as Z5 with the time adding 5 hours compared with
the UTC.
<Quidway> clock timezone z5 add 05:00:00
4.1.4 sysname
Syntax
sysname sysname
undo sysname
View
System view
4-3
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Parameter
sysname: Specify the hostname with a character string with the length ranging from1 to
30 characters.
Description
Using sysname command, you can configure the hostname of Ethernet Switch.
By default, the hostname of Ethernet Switch is Quidway.
Changing the hostname name of Ethernet Switch will affect the prompt of command
line interface. E.g. the host name of Ethernet Switch is Quidway, and the prompt in user
view is <Quidway>.
Example
Syntax
display clock
View
Any view
Parameter
None
Description
Using display clock command, subscribers can obtain information about system data
and time from the terminal display.
The maximum date and time the system can display is 23:59:59 9999/12/31.
For the related commands, see clock.
Example
4-4
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
View
Any view
Parameter
Description
4-5
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Example
domain system
radius-scheme system
access-limit disable
state active
idle-cut disable
self-service-url disable
messenger time disable
4-6
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
interface Ethernet0/8
#
interface Ethernet0/9
#
interface Ethernet0/10
#
interface Ethernet0/11
#
interface Ethernet0/12
#
interface Ethernet0/13
#
interface Ethernet0/14
#
interface Ethernet0/15
#
interface Ethernet0/16
#
interface Ethernet0/17
#
interface Ethernet0/18
#
interface Ethernet0/19
#
interface Ethernet0/20
#
interface Ethernet0/21
#
interface Ethernet0/22
#
interface Ethernet0/23
#
interface Ethernet0/24
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
#
return
# View the lines containing the character string “10*” in the configuration information.
The “*” indicates that the “0” before it can appear 0 times or multiple consecutive times.
4-7
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
domain system
radius-scheme system
access-limit disable
state active
idle-cut disable
self-service-url disable
messenger time disable
4-8
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
#
local-server nas-ip 127.0.0.1 key nec
#
vlan 1
#
user-interface aux 0
user-interface vty 0 4
#
return
Syntax
View
Any view
Parameter
Description
Using display debugging command, you can view the enabled debugging process.
Show all the enabled debugging when there is no parameter.
For the related commands, see debugging.
Example
Syntax
display saved-configuration
4-9
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
View
Any view
Parameter
None
Description
Using display saved-configuration command, you can view the configuration files in
the flash memory of Ethernet Switch.
If the Ethernet Switch works abnormally after electrified, execute the display
saved-configuration command to view the startup configuration of the Ethernet
Switch.
For the related commands, see save, reset saved-configuration, display
current-configuration.
Example
domain system
radius-scheme system
access-limit disable
state active
idle-cut disable
self-service-url disable
messenger time disable
4-10
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
vlan 1
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
#
interface Ethernet0/5
#
interface Ethernet0/6
#
interface Ethernet0/7
#
interface Ethernet0/8
#
interface Ethernet0/9
#
interface Ethernet0/10
#
interface Ethernet0/11
#
interface Ethernet0/12
#
interface Ethernet0/13
#
interface Ethernet0/14
#
interface Ethernet0/15
#
interface Ethernet0/16
#
interface Ethernet0/17
#
interface Ethernet0/18
#
interface Ethernet0/19
#
interface Ethernet0/20
#
4-11
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
interface Ethernet0/21
#
interface Ethernet0/22
#
interface Ethernet0/23
#
interface Ethernet0/24
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
#
return
Syntax
View
Any view
Parameter
Description
Using display users command, you can view information about users connected to the
switch.
Example
Syntax
display version
4-12
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
View
Any view
Parameter
None
Description
Using display version command, you can view such information as software version,
issue date and the basic hardware configurations.
Example
Syntax
View
User view
Parameter
4-13
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Description
Using debugging command, you can enable the system debugging. Using undo
debugging command, you can disable the system debugging.
By default, all the debugging processes are disabled.
Ethernet Switch provides various kinds of debugging functions for technical support
personnel and experienced maintenance staff to troubleshoot the network.
Enabling the debugging will generate a large amount of debugging information and
decrease the system efficiency. Specially, network system may collapse after all the
debugging is enabled by debugging all command. So it is not suggested to use the
debugging all command. It is convenient for the user to disable all the debugging with
undo debugging all command.
For the related commands, see display debugging.
Example
Syntax
display diagnostic-information
View
Any view
Parameter
None
Description
4-14
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Example
Syntax
View
Any view
Parameter
4-15
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
-n: Configure to take the host parameter as IP address without domain name
resolution.
-p: pattern is the hexadecimal padding of ICMP ECHO-REQUEST, e.g. -p ff pads the
packet completely with ff.
-q: Configure not to display any other detailed information except statistics.
-r: Record route.
-s packetsize: Specify the length of ECHO-REQUEST (excluding IP and ICMP packet
header) in bytes.
-t timeout: Maximum waiting time after sending the ECHO-REQUEST (measured in
ms).
-tos tos: Specify TOS value for echo requests to be sent, range from 0 to 255.
-v: Show other received ICMP packets (non ECHO-RESPONSE).
host: Destination host domain name or IP address of the destination host.
Description
Using ping command, you can check the IP network connection and the reachability of
the host.
By default, when the parameters are not specified:
z The ECHO-REQUEST message will be sent for 5 times.
z socket is not in DEBUGGING mode.
z The TTL value for echo requests is 255.
z host will be treated as IP address first. If it is not an IP address, perform domain
name resolution.
z The default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again.
z Show all the information including statistics.
z Routes are not recorded.
z Send ECHO-REQUEST according to route selection.
z Default length of ECHO-REQUEST is 56 bytes.
z Default timeout of ECHO-RESPONSE is 2000ms.
z Do not display other ICMP packets (non ECHO-RESPONSE).
z The TOS value of echo requests is 0.
The ping command sends ICMP ECHO-REQUEST message to the destination. If the
network to the destination works well, then the destination host will send ICMP
ECHO-REPLY to the source host after receiving ICMP ECHO-REQUEST.
Perform ping command to troubleshoot the network connection and line quality. The
output information includes:
4-16
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Example
4.4.2 tracert
Syntax
View
Any view
Parameter
4-17
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
-p: Configure to verify the -p switch, port is an integer host port number. Generally, user
need not modify this option.
-q: Configure to verify the -q switch, nqueries is an integer specifying the number of
query packets sent, larger than 0.
-w: Configure to verify the -wf switch, timeout is an integer specifying IP packet timeout
in seconds, larger than 0.
host: IP address of the destination host or the hostname of the remote system.
Description
Using tracert command, you can check the reachability of network connection and
troubleshoot the network. User can test gateways passed by the packets transmitted
from the host to the destination.
By default, when the parameters are not specified,
first-TTL is 1,
max-TTL is 30,
port is 33434,
nqueries is 3 and
timeout is 5s.
The tracert command sends a packet with TTL 1, and the first hop will send an ICMP
error message back to indicate this packet cannot be transmitted (because of TTL
timeout). Then this packet will be sent again with TTL 2, and the second hop will
indicate a TTL timeout error. Perform this operation repeatedly till reaching the
destination. These processes are operated to record the source address of each ICMP
TTL timeout so as to provide a path to the destination for an IP packet.
After ping command finds some error on the network, perform tracert to locate the
error.
The output of tracert command includes IP address of all the gateways to the
destination. If a certain gateway times out, output "***".
Example
# Test the gateways passed by the packets to the destination host at 18.26.0.115.
<Quidway> tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
4-18
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
Syntax
View
Any view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, the system has ten
channels.
channel-name: Specify the channel name. the name can be channel6, channel7,
channel8, channel9, console, logbuffer, loghost, monitor, snmpagent,
trapbuffer.
Description
Using display channel command, you can view the details about the information
channel.
Without parameter, display channel command shows the configurations of all the
channels.
Example
4-19
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
display info-center
View
Any view
Parameter
None
Description
Using display info-center command, you can view the configuration of system log and
the information recorded in the memory buffer.
If the information in the current log/trap buffer is less than the specified sizeval, display
the actual log/trap information.
For the related commands, see info-center enable,info-center loghost,info-center
logbuffer,info-center console channel,info-center monitor channel.
Example
4-20
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
View
System view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, system has ten
channels.
channel-name: Specify the channel name with a character string not exceeding 30
characters, excluding "-", "/" or "\". .
Description
Using info-center channel name command, you can rename a channel specified by
the channel-number as channel-name. Using undo info-center channel command,
you can restore the channel name.
Note that the channel name cannot be duplicated.
Example
Syntax
View
System view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, system has ten
channels.
4-21
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
channel-name: Specify the channel name. The name can be channel6, channel7,
channel8, channel9, console, logbuffer, loghost, monitor, snmpagent,
trapbuffer.
Description
Using info-center console channel command, you can configure the channel through
which the log information is output to the console.
By default, Ethernet switches do not output log information to the console.
This command takes effect only after system logging is started.
For the related commands, see info-center enable,display info-center.
Example
Syntax
info-center enable
undo info-center enable
View
System view
Parameter
None
Description
Using info-center enable command, you can enable the system log function. Using
undo info-center enable command, you can disable system log function.
By default, system log function is enabled.
Only after the system log function is enabled can the system output the log information
to the info-center loghost and console, etc.
For the related commands, see info-center loghost, info-center logbuffer,
info-center console channel, info-center monitor channel, display info-center.
Example
4-22
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
View
System view
Parameter
Description
Using info-center logbuffer command, you can configure to output information to the
memory buffer. Using undo info-center logbuffer command, you can cancel the
information output to buffer
This command takes effect only after the system logging is enabled.
For the related commands, see info-center enable, display info-center.
Example
# Send log information to buffer and sets the size of buffer as 50.
[Quidway] info-center logbuffer size 50
Syntax
4-23
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
View
System view
Parameter
Description
Using info-center loghost command, you can configure the IP address of the
info-center loghost to send information to it. Using undo info-center loghost
command, you can cancel output to info-center loghost.
By default, Ethernet switches do not output information to info-center loghost.
This command takes effect only after the system logging is enabled.
For the related commands, see info-center enable,display info-center.
Example
Syntax
View
System view
4-24
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Parameter
source interface-name: set source address of the packets sent to loghost as the
address of the interface specified by the interface-name. Normally, the interface should
be VLAN interface.
Description
Using info-center loghost source command, you can set source address of the
packets sent to loghost as the address of the interface specified by the interface-name.
Using undo info-center loghost source command, you can cancel the setting source
address of the packets sent to loghost.
This command takes effect only after the system logging is enabled.
For the related commands, see info-center enable, display info-center.
Example
# Set source address of the packets sent to loghost as the address of the VLAN
interface 1.
[Quidway] info-center loghost source vlan-interface 1
Syntax
View
System view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, the system has ten
channels.
channel-name: Specify the channel name. The name can be channel6, channel7,
channel8, channel9, console, logbuffer, loghost, monitor, snmpagent,
trapbuffer.
Description
Using info-center monitor channel command, you can configure the channel to
output the log information to the user terminal. Using undo info-center monitor
channel command, you can restore the channel to output the log information to the
user terminal to default value.
By default, Ethernet switches do not output log information to user terminal.
4-25
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Example
Syntax
View
System view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, the system has ten
channels. By default, channel 5 is used.
channel-name: Specify the channel name. The name can be channel6, channel7,
channel8, channel9, console, logbuffer, loghost, monitor, snmpagent,
trapbuffer.
Description
Using info-center snmp channel command, you can configure new channel for
transmitting the SNMP information. Using undo info-center snmp channel command,
you can restore the channel for transmitting the SNMP information to default value.
For the related commands, see display snmp.
Example
Syntax
4-26
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
View
System view
Parameter
Note:
If you only specify the level for one/two of the three types of information, the level(s) of
the unspecified two/one return(s) to the default. For example, if you only define the
level of the log information, then the levels of the trap and debugging information return
to the defaults.
4-27
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Description
Using info-center source command, you can add/delete a record to the information
channel. Using undo info-center source command, you can cancel the contents of
the information channel.
For example, for the filter of IP module log output, you can configure to output the logs
at a level higher than warnings to the log host and output those higher than
informational to the log buffer. You can also configure to output the trap information on
the IP module to a specified trap host, etc.
The channels for filtering in all the directions are specified by this configuration
command. All the information will be sent to the corresponding directions through the
specified channels. You can configure the channels in the output direction, channel
filter information, filtering and redirecting of all kinds of information.
At present, the system distributes an information channel in each output direction by
default, shown as follows:
In addition, each information channel has a default record with the module name “all”
and module number as 0xffff0000. However, for different information channel, the
default log, trap and debugging settings in the records may be different with one
another. Use default configuration record if a module does not have any specific
configuration record in the channel.
Example
# Configure to enable the log information of VLAN module in SNMP channel and allows
the output of the information with a level higher than emergencies.
[Quidway] info-center source vlan channel snmp log level emergencies
4-28
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
View
System view
Parameter
Description
Using info-center timestamp command, you can configure the timestamp output
format in debugging/trap information. Using undo info-center timestamp command,
you can disable the output of timestamp field.
By default, datetime stamp is used.
Example
Syntax
View
System view
4-29
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Parameter
Description
Using info-center trapbuffer command, you can output information to the trap buffer.
Using undo info-center trapbuffer command, you can cancel output information to
trap buffer.
By default, output information is transmitted to trap buffer and size of trap buffer is 20.
This command takes effect only after the system logging is enabled.
For the related commands, see info-center enable, display info-center.
Example
# Send information to the trap buffer and sets the size of buffer as 30.
[Quidway] info-center trapbuffer size 30
Syntax
reset logbuffer
View
User view
Parameter
None
Description
Using reset logbuffer command, you can reset information in log buffer.
Example
4-30
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
reset trapbuffer
View
User view
Parameter
None
Description
Using reset trapbuffer command, you can reset information in trap buffer.
Example
Syntax
terminal debugging
undo terminal debugging
View
User view
Parameter
None
Description
Using terminal debugging command, you can configure to display the debugging
information on the terminal. Using undo terminal debugging command, you can
configure not to display the debugging information on the terminal.
By default, the displaying function is disabled.
For the related commands, see debugging.
Example
4-31
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Syntax
terminal logging
undo terminal logging
View
User view
Parameter
None
Description
Using terminal logging command, you can enable terminal log information display.
Using undo terminal logging command, you can disable terminal log information
display.
By default, this function is enabled.
Example
Syntax
terminal monitor
undo terminal monitor
View
User view
Parameter
None
Description
Using terminal monitor command, you can enable the log debugging/log/trap on the
terminal monitor. Using undo terminal monitor command, you can disable these
functions.
By default, enable these functions for the console user and disable them for the
terminal user.
4-32
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
This command only takes effect on the current terminal where the commands are input.
The debugging/log/trap information can be output to the current terminal, beginning in
user view. When the terminal monitor is shut down, no debugging/log/trap information
will be displayed in local terminal, which is equals to having performed undo terminal
debugging,undo terminal logging,undo terminal trapping commands. When the
terminal monitor is enabled, you can use terminal debugging / undo terminal
debugging, terminal logging / terminal logging and terminal trapping / undo
terminal trapping respectively to enable or disable the corresponding functions.
Example
Syntax
terminal trapping
undo terminal trapping
View
User view
Parameter
None
Description
Using terminal trapping command, you can enable terminal trap information display.
Using undo terminal trapping command, you can disable this function.
By default, this function is enabled.
Example
4-33
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display snmp-agent community command, you can view the currently
configured community names.
Example
community name:tom
group name:huawei
storage-type: nonVolatile
Syntax
View
Any view
5-1
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Parameter
Description
Using display snmp-agent engineid command, you can view engine ID of current
device.
SNMP engine is the core of SNMP entity. It performs the function of sending, receiving
and authenticating SNMP message, extracting PDU, packet encapsulation and the
communication with SNMP application, etc.
Example
Syntax
View
Any view
Parameter
Description
Using display snmp-agent group command, you can view group name, safe mode,
state of various views and storage modes.
Example
5-2
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Field Description
groupname SNMP Group name of the user
Security model The security model adopted by SNMP
Syntax
View
Any view
Parameter
Description
display snmp-agent mib-view command is used to view the MIB view configuration
information of the Ethernet switch.
Example
5-3
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Field Description
View name View name
MIB Subtree MIB subtree
storage-type Storage type
included/excluded Permit or forbid access to an MIB object
active Indicate the line state in the table
Caution:
If the SNMP Agent is disabled, "Snmp Agent disabled" will be displayed after you
execute the above display commands.
Syntax
View
Any view
Parameter
None
5-4
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Description
Using display snmp-agent statistics command, you can view current state of SNMP
communication.
This command provides a counter for SNMP operations.
Example
Syntax
View
Any view
Parameter
None
Description
Using display snmp-agent sys-info contact command, you can view the character
string sysContact (system contact).
5-5
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Example
Syntax
View
Any view
Parameter
None
Description
Using display snmp-agent sys-info location command, you can view the character
string describing the system location.
Example
Syntax
View
Any view
Parameter
None
Description
Using display snmp-agent sys-info version command, you can view the version
information about the running SMNMP in the system.
5-6
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Example
Syntax
View
Any view
Parameter
Description
Using display snmp-agent usm-user command, you can view information of all the
SNMP usernames in the group username list.
Example
Field Description
User name Name of SNMP user
Engine ID Character string identifying SNMP device
UserStatus The status of the user, may be active or inactive.
5-7
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Syntax
View
System view
Parameter
Description
Using snmp-agent local-engineid command, you can configure a name for a local or
remote SNMP engine on the Ethernet Switch. Using undo snmp-agent
local-engineid command, you can restore the default setting of engine ID.
Device information is determined according to different products. It can be IP address,
MAC address or user defined text. However, you must use numbers in hexadecimal
form.
Example
Syntax
View
System view
Parameter
5-8
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Description
Example
Syntax
View
System view
Parameter
5-9
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Description
Using snmp-agent group command, you can configure a new SNMP group, that is, to
map SNMP user to SNMP view. Using undo snmp-agent group command, you can
cancel a specified SNMP group.
For the following reasons:
z snmp-agent target-host command automatically generates a notifyview for user
and adds it to the corresponding group.
z Any change of the SNMP group notify view will affect all the users related to this
group.
Please do not specify the notify view when configuring SNMP group.
Example
Syntax
View
System view
Parameter
Description
Using snmp-agent mib-view command, you can create or update the view information.
Using undo snmp-agent mib-view command, you can cancel the view information
By default, the view name is v1default. OID is 1.3.6.1.
5-10
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Both the character string of OID and the node name can be input as parameter.
Example
Syntax
View
System view
Parameter
byte-count: Specify the size of SNMP packet (measured in bytes), ranging from 484 to
17940. By default, the size is 1500 bytes.
Description
Using snmp-agent packet max-size command, you can configure the size of SNMP
packet that the Agent can send/receive. Using undo snmp-agent packet max-size
command, you can restore the default size of SNMP packet.
The sizes of the SNMP packets received/sent by the Agent are different in different
network environment.
Example
Syntax
View
System view
5-11
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Parameter
sysContact: Specify a character string describing the system maintaining contact (in
bytes), with a length ranging from 1 to 255; By default, the contact information is
"HuaWei Beijing China".
sysLocation: Specify a character string to describe the system location; By default, the
character string is "Beijing China".
version: version of running SNMP. By default, the version is SNMP V3.
v1:SNMP V1.
v2c:SNMP V2C.
v3:SNMP V3.
all:all SNMP version (includes SNMP V1, SNMP V2C, SNMP V3).
Description
Using snmp-agent sys-info command, you can configure system information such as
geographical location of the device, contact information for system maintenance and
version information of running SNMP. Using undo snmp-agent sys-info location
command, you can restore the default value.
By default, the contact information is "HuaWei Beijing China", the system location is
"Beijing China", the SNMP version is SNMP V3.
Example
Syntax
View
System view
Parameter
5-12
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Description
Example
# Enable sending Trap packets to 2.2.2.2 with the community name public
[Quidway] snmp-agent trap enable
[Quidway] snmp-agent target-host trap address udp-domain 2.2.2.2 params
securityname public
Syntax
5-13
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
View
System view
Parameter
Note:
z cold-start: Reboot operation caused by problems such as power failure.
z warm-start: Reboot operation caused by executing the reboot command.
Description
Using snmp-agent trap enable command, you can enable the device to send Trap
message. Using undo snmp-agent trap enable command, you can disable Trap
message sending.
By default, Trap message sending is disabled.
snmp-agent trap enable command and snmp-agent target-host command should
be used at the same time. snmp-agent target-host command specifies which hosts
can receive Trap message. However, to send Trap message, at least one snmp-agent
target-host command should be configured.
Example
# Enable to send the trap packet of SNMP authentication failure to 10.1.1.1. The
community name is huawei.
[Quidway] snmp-agent trap enable standard authentication
[Quidway] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname huawei
5-14
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Syntax
View
System view
Parameter
seconds: Specify the timeouts, ranging from 1 to 2592000 seconds; By default, the
timeout interval is 120 seconds.
Description
Using snmp-agent trap life command, you can configure the timeout of Trap packets.
Using undo snmp-agent trap life command, you can restore the default value.
The set timeout of Trap packet is represented by seconds. If time exceeds seconds,
this Trap packet will be discarded.
For the related commands, see snmp-agent trap enable, snmp-agent target-host .
Example
Syntax
View
System view
Parameter
length: Length of queue, ranging from 1 to 1000; By default, the length is 100.
Description
Using snmp-agent trap queue-size command, you can configure the information
queue length of Trap packet sent to destination host. Using undo snmp-agent trap
queue-size command, you can restore the default value.
5-15
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
For the related commands, see snmp-agent trap enable, snmp-agent target-host,
snmp-agent trap life.
Example
Syntax
View
System view
Parameter
Description
Using snmp-agent trap source command, you can configure the source address for
sending Trap. Using undo snmp-agent trap source command, you can cancel the
source address for sending Trap.
Example
# Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
[Quidway] snmp-agent trap source vlan-interface 1
Syntax
View
System view
5-16
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Parameter
Description
Using snmp-agent usm-user command, you can add a new user to an SNMP group.
Using undo snmp-agent usm-user command, you can cancel a user from SNMP
group.
SNMP engineID (for authentication) is required when configuring remote user for an
agent. This command will not be effective without engineID configured.
For V1 and V2C, this command will add a new community name. For V3, it will add a
new user for an SNMP group.
Example
# Add a user wang for huawei (an SNMP group), configures to authenticate with MD5
and sets authentication password as pass.
[Quidway] snmp-agent usm-user v3 wang huawei authentication-mode md5 pass
5-17
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Syntax
undo snmp-agent
View
System view
Parameter
None
Description
Using undo snmp-agent command, you can disable all versions of SNMP running on
the server.
Perform any command of snmp-agent will enable SNMP Agent.
Example
5-18
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Syntax
View
Any view
Parameter
Description
Using display rmon alarm command, you can view RMON alarm information.
For the related commands, see rmon alarm.
Example
Field Description
Alarm table 1 Index 1 in the alarm table
HUAWEI Owner
VALID The entry corresponding to the index is valid
Samples absolute Sampling the absolute value of the node
value 1.3.6.1.2.1.16.1.1.1.4.1
6-1
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Field Description
Rising threshold. When sampling value rises from normal
Rising threshold
value to this threshold, rising threshold alarm will be triggered.
Syntax
View
Any view
Parameter
Description
Using display rmon event command, you can view RMON events.
The display includes event index in event table, owner of the event, description to the
event, action caused by event (log or alarm information), and occurrence time of the
latest event (counted on system initiate/boot time in centiseconds).
For the related commands, see rmon event.
Example
Field Description
Event table 1 Index 1 in event table
HUAWEI Owner
6-2
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Field Description
VALID The entry corresponding to the index is valid
Description Event description
Will cause log-trap when triggered, When the event is triggered, it will cause the
last triggered at 0days log-trap. And the last triggered time is
00h:02m:27s 00h:02m:27s
Syntax
View
Any view
Parameter
Description
Using display rmon eventlog command, you can view RMON event log.
The display includes description about event index in event table, description to the
event, and occurrence time of the latest event (counted on system initiate/boot time in
centisecond).
Example
Field Description
Event table 1 Index 1 in event table
HUAWEI Owner
6-3
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Field Description
VALID The entry corresponding to the index is valid
Description Event description
less than(or =) 100 with alarm The alarm sample value is less than or equal to
value 0 100
Syntax
View
Any view
Parameter
Description
Using display rmon history command, you can view latest RMON history sampling
information (including utility, error number and total packet number).
For the related commands, see rmon history.
Example
6-4
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Field Description
History control entry Index number in history control table
HUAWEI Owner
VALID The entry corresponding to the index is valid
Syntax
View
Any view
Parameter
Description
Using display rmon prialarm command, you can view information about extended
alarm table.
6-5
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Example
Field Description
Prialarm table 1 Index of extended alarm entry.
owned by HUAWEI Creator of the extended alarm entry.
VALID The entry corresponding to the index is valid.
Sampling the absolute value of the node
Samples absolute value
1.3.6.1.2.1.16.1.1.1.4.1
Rising threshold. When sampling value rises from
Rising threshold normal value to this threshold, rising threshold alarm will
be triggered.
This entry will exist The lifespan of this alarm entry which can be forever or a
forever specified period of time.
Syntax
6-6
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
View
Any view
Parameter
Description
Using display rmon statistics command, you can view RMON statistics.
The displayed information includes collision, CRC (Cyclic Redundancy Check) and
queue, undersized or oversized packet, timeout, fragment, broadcast, multicast,
unicast, and bandwidth utility.
For the related commands, see rmon statistics.
Example
Field Description
Interface Port
HUAWEI Owner
VALID The entry corresponding to the index is valid
octets Received/Sent octets in sampling time
6-7
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Field Description
oversized packets Number of oversized packets
fragments packets Number of undersized and CRC error packets
Syntax
View
System view
Parameter
6-8
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Description
Using rmon alarm command, you can add an entry to the alarm table. Using undo
rmon alarm command, you can cancel an entry from this table.
In this way, the alarm event can be triggered in the abnormal situations and then
decides to log and send trap to the NM station.
Example
Syntax
View
System view
Parameter
Description
Using rmon event command, you can add an entry to the event table. Using undo
rmon event command, you can cancel an entry from this table.
Event management of RMON defines the way to deal with event number and event-log,
send trap message or log while sending trap message. In this way, alarm events may
obtain corresponding treatment
6-9
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Example
# Add the entry 10 to the event table and marks it as log event.
[Quidway] rmon event 10 log
Syntax
View
Parameter
Description
Using rmon history command, you can add an entry to the history control table. Using
undo rmon history command, you can cancel an entry from history control table.
Perform this command to sample, set sample parameter (sample time interval) and
storage amounts for a port. RMON will periodically perform data collection and save for
query on this port. Sample information includes utility, error number and total packet
number.
Example
Syntax
6-10
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
View
System view
Parameter
Description
Using rmon prialarm command, you can add an entry to the extended RMON alarm
table. Using undo rmon prialarm command, you can cancel an entry from the
extended RMON alarm table.
The number of instances can be created in the table depends on the hardware
resource of the product.
Example
6-11
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Syntax
View
Parameter
Description
Using rmon statistics command, you can add an entry to the statistic table. Using
undo rmon statistics command, you can cancel an entry from statistic table.
RMON statistic management concerns the statistics and monitoring of the usage and
error on a port. Statistics includes collision, CRC (Cyclic Redundancy Check) and
queue, undersized or oversized packet, timeout, fragment, broadcast, multicast,
unicast, and bandwidth utility.
Example
6-12
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Syntax
View
User view
Parameter
Description
Using debugging ntp-service command, you can debug different NTP services. Using
undo debugging ntp-service command, you can disable corresponding debugging
function.
By default, no debugging function is enabled.
7-1
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Example
Syntax
View
Any view
Parameter
Description
Using display ntp-service sessions command, you can display the status of all the
sessions maintained by NTP service provided by the local equipment.
By default, the status of all the sessions maintained by NTP service provided by the
local equipment will be displayed.
When you configure this command without the verbose parameter, the Ethernet switch
will display the brief information about all the sessions it maintains.
With the verbose parameter configured, Ethernet switch will display the detail
information about all the sessions it maintains.
Example
Syntax
View
Any view
7-2
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Parameter
None
Description
Using command display ntp-service status, you can display the NTP service status.
Example
Output Meaning
clock status: Local clock status: do not synchronize to any remote NTP
unsynchronized server.
clock stratum: 16 Indicates the NTP stratum of local clock.
root delay Root delay from local equipment to the master reference clock.
root dispersion Dispersion of the local clock relative to the NTP server clock
peer dispersion Dispersion of the remote NTP server.
7-3
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Syntax
View
Any view
Parameter
None
Description
Using display ntp-service trace command, you can display the brief information about
every NTP server on the way from the local equipment to the reference clock source.
Example
Syntax
View
System view
Parameter
Description
Using ntp-service access command, you can set the authority to access the local
equipment. Using undo ntp-service access command, you can cancel the access
authority settings.
7-4
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Example
# Give the authority of time request, query control and synchronization with the local
equipment to the peer in ACL 2076.
[Quidway] ntp-service access peer 2076
# Give the authority of time request and query control of the local equipment to the peer
in ACL 2028.
[Quidway] ntp-service access synchronization 2028
Syntax
View
System view
Parameter
None
Description
Using ntp-service authentication enable command, you can enable the NTP-service
authentication function. Using undo ntp-service authentication enable command,
you can disable this function.
By default, the authentication is disabled.
Example
Syntax
7-5
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
View
System view
Parameter
Description
Example
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
View
Parameter
None
Description
7-6
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
the broadcast from the server. When it receives the first broadcast packet, it starts a
brief client/server mode to switch messages with a remote server for estimating the
network delay. Thereafter, the local Ethernet Switch enters broadcast client mode and
continues listening to the broadcast and synchronizes the local clock according to the
arrived broadcast message.
Example
Syntax
View
Parameter
Description
Example
# Configure to broadcast NTP packets via Vlan-Interface1 and encrypt them with Key 4
and set the NTP version number as 3.
[Quidway] interface vlan-interface1
7-7
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Syntax
View
Parameter
None
Description
Example
Syntax
View
System view
Parameter
number: The maximum sessions can be created locally, ranging from 0 to 100.
7-8
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Description
Example
Syntax
View
Parameter
Description
Using ntp-service multicast-client command, you can configure the NTP multicast
client mode. Using undo ntp-service multicast-client command, you can disable the
NTP multicast client mode.
By default, the multicast client service is disabled. ip-address defaults to 224.0.1.1.
Designate an interface on the local Ethernet Switch to receive NTP multicast messages
and operate in multicast client mode. The local Ethernet Switch listens to the multicast
from the server. When it receives the first multicast packet, it starts a brief client/server
mode to switch messages with a remote server for estimating the network delay.
Thereafter, the local Ethernet Switch enters multicast client mode and continues
listening to the multicast and synchronizes the local clock according to the arrived
multicast message.
Example
# Configure to receive NTP multicast packet via Vlan-Interface1 and the multicast
group corresponding to these packets located at 224.0.1.1.
[Quidway] interface vlan-interface 1
[Quidway-Vlan-Interface1] ntp-service multicast-client 224.0.1.1
7-9
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Syntax
View
Parameter
Description
Example
# Configure to transmit NTP multicast packets encrypted with Key 4 via Vlan-Interface1
at 224.0.1.1 and use NTP version 3.
[Quidway] interface vlan-interface 1
[Quidway-Vlan-Interface1] ntp-service multicast-server 224.0.1.1
authentication-keyid 4 version 3
7-10
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Syntax
View
System view
Parameter
ip-address: Specify the reference clock IP address as 127.127.t.u. Here, t ranges from
0 to 37 and u ranges from 0 to 3.
stratum: Specify which stratum the local clock is located at and range from 1 to 15.
Description
Example
# Set the local clock as the NTP master clock to provide synchronized time for its peers
and locate it at stratum 3.
[Quidway] ntp-service refclock-master 3
Syntax
View
System view
7-11
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Parameter
Description
Example
# Enable NTP authentication, adopt MD5 encryption, and designate Key 37 BetterKey
and configure it as reliable.
[Quidway] ntp-service authentication enable
[Quidway] ntp-service authentication-keyid 37 authentication-mode md5
BetterKey
[Quidway] ntp-service reliable authentication-keyid 37
Syntax
View
System view
Parameter
7-12
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Description
Example
# Configure all the outgoing NTP packets to use the IP address of Vlan-Interface1 as
their source IP address.
[Quidway] ntp-service source-interface Vlan-Interface 1
Syntax
View
System view
Parameter
7-13
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Description
Using ntp-service unicast-peer command, you can configure NTP peer mode. Using
undo ntp-service unicast-peer command, you can cancel NTP peer mode.
By default, version number number defaults to 3, the authentication is disabled, and the
local server is not the first choice.
This command sets the remote server at ip-address as a peer of the local equipment,
which operates in symmetric active mode. ip-address specifies a host address other
than an IP address of broadcast, multicast, or reference clock. By operating in this
mode, a local device can synchronize and be synchronized by a remote server.
Example
Syntax
View
System view
Parameter
7-14
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
interface-name: Specify the interface name. When a local device sends an NTP
message to a peer, the source IP address of the message is taken from the address of
the interface.
interface-type: Specify the interface type and determine an interface together with the
interface-number parameter.
interface-number: Specify the interface number and determine an interface together
with the interface-type parameter.
priority: Designate a server as the first choice.
Description
Using ntp-service unicast-server command, you can configure NTP server mode.
Using undo ntp-service unicast-server command, you can disable NTP server
mode.
By default, version number number defaults to 3, the authentication is disabled, and the
local server is not the first choice.
The command announces to use the remote server at ip-address as the local time
server. ip-address specifies a host address other than an IP address of broadcast,
multicast, or reference clock. By operating in client mode, a local device can be
synchronized by a remote server, but not synchronize any remote server.
Example
# Designate the server at 128.108.22.44 to synchronize the local device and use NTP
version 3.
[Quidway] ntp-service unicast-server 128.108.22.44 version 3
7-15
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Note:
Quidway S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E
FS/S3526C support SSH.
Command
View
User view
Parameter
Description
Using the debugging ssh server command, you can send the negotiation process
defined in SSH1.5 protocol to the information center as debugging information and
debug a single user interface. Using the undo debugging ssh server command, you
can disable debugging function.
By default, debugging function is disabled.
For the related commands, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
8-1
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Command
View
Any view
Parameter
None
Description
Using the display rsa local-key-pair public command, you can display local key pair
and public key of the server. If no key is generated, corresponding information will be
prompted, for example, “RSA keys not found”.
For the related command, see rsa local-key-pair create.
Example
8-2
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Command
View
Any view
Parameter
Description
Using the display rsa peer-public-key command, you can display a designated RSA
public key. All public keys will be displayed if no key is specified.
For the related command, see rsa local-key-pair create.
Example
8-3
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Command
View
Any view
Parameter
Description
Using the display ssh server command, you can display SSH state or session
information.
For the related commands, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
Command
View
Any view
Parameter
8-4
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Description
Using the display ssh user-information command, you can display information of the
user, including username, corresponding key, authentication type. If a username is
specified, the system just gives its information.
For the related commands, see ssh user username assign rsa-key, ssh user
username authentication-type.
Example
Command
peer-public-key end
View
Parameter
None
Description
Using the peer-public-key end command, you can finish editing peer public key and
quit from public key view to system view.
For the related commands, see rsa peer-public-key, public-key-code end.
Example
8-5
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Command
View
Parameter
Description
Using the protocol inbound command, you can configure the protocols supported by
a designated user interface.
By default, the system supports both Telnet and SSH protocols.
If SSH protocol is enabled and specified for the user interface, but no local RSA key is
configured, SSH cannot take effect yet till you log onto the system next time.
If SSH protocol is specified, to ensure a successful logon, you must configure the AAA
authentication using the authentication-mode scheme command. The protocol
inbound ssh configuration fails if you configure authentication-mode password and
authentication-mode None.
For the related commands, see user-interface vty.
Example
Command
public-key-code begin
View
8-6
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Parameter
None
Description
Using the public-key-code begin command, you can enter public key edit view.
Before using this command, you have to create a public key with the rsa
peer-public-key command. In the public key edit view, you can key in desired public
key, which consists of hexadecimal characters, with blank space allowed between them,
and is generated randomly by the client program supporting SSH.
For the related commands, see rsa peer-public-key, public-key-code end.
Example
Command
public-key-code end
View
Parameter
None
Description
Using the public-key-code end command, you can save the configured public key and
return to the public key view from the public key edit view.
8-7
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
This command terminates the edit process of public key and checks its validity before
saving. If the public key contains invalid characters or violates coding rules,
corresponding information will be prompted and the current configuration fails. If you
have configured valid public key, the system will store it into the public key table.
For the related commands, see rsa peer-public-key, public-key-code begin.
Example
# Exit the public key edit view and save the configuration.
<Quidway>system-view
System View: return to User View with Ctrl+Z.
[Quidway] rsa peer-public-key quidway003
[Quidway-rsa-public-key] public-key-code begin
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key]
Command
View
System view
Parameter
None
Description
Using the rsa local-key-pair create command, you can create local RSA host key pair
and server key pair.
If you have configured RSA key, the system gives an alarm after using this command
and prompts that the existing one will be replaced. The key naming format is switch
name plus server and switch name plus host, for example, Quidway_host and
Quidway_server. The configuration result of this command will not be stored in the
configuration file.
The system prompts you to key in bit range, for which, the server key pair must be at
least 128 bits longer than the host key pair. The maximum bit range of both key pairs is
2048 bits and the minimum is 512. If there have been key pairs, the system will prompts
you to decide whether to modify them.
For a successful SSH logon, you must configure and generate the local RSA key pairs.
To generate local key pairs, you just need to execute the command once, with no
further action required even after the system is rebooted.
8-8
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Example
Command
View
System view
Parameter
None
Description
Using the rsa local-key-pair destroy command, you can remove all RSA key pairs at
the server, including Host key pair and Server key pair.
Acknowledgement information will be promoted before the system clears all RSA key
pairs. This command is just a one-time instruction, so the result will not be stored in the
configuration file.
For the related commands, see rsa local-key-pair create.
Example
8-9
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Command
View
System view
Parameter
Description
Using the rsa peer-public-key command, you can enter the public key view.
When using this command together with the public-key-code begin command, you
can configure the public key at the client, which is generated randomly by the client
program supporting SSH1.5.
For the related commands, see public-key-code begin, public-key-code end.
Example
Command
View
System view
8-10
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Parameter
Description
Using the ssh server authentication-retries command, you can define SSH
authentication retry times value, which takes effect at next logon. Using the undo ssh
server authentication-retries command, you can restore the default retry value.
By default, it is 3.
For the related command, see display ssh server.
Example
Command
View
System view
Parameter
Description
Using the ssh server rekey-interval command, you can define update interval of
server key pair. Using the undo ssh server rekey-interval command, you can cancel
the current setting.
By default, system doesn’t update the server key.
For the related commands, see display ssh server.
Example
8-11
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Command
View
System view
Parameter
Description
Using the ssh server timeout command, you can define timeout value for SSH
registration authentication, which takes effect at next logon. Using the undo ssh
server timeout command, you can restore the default value.
By default, the timeout value is 60 seconds.
For the related commands, see display ssh server.
Example
Command
View
System view
Parameter
8-12
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Description
Using the ssh user username assign rsa-key command, you can associate an
existing public key with a designated user. Using the undo ssh user username
assign rsa-key command, you can delete the association.
For a user who has been associated with a public key, the command associates
him/her with the new public key.
The newly configured users take effect at the next logon.
For the related command, see display ssh user-information.
Example
Command
View
System view
Parameter
username: Valid local user name or user name defined by remote RADIUS system.
all: Specifies authentication type as password and RSA.
password: Specifies authentication type as password.
rsa: Specifies authentication type as RSA.
Description
Using the ssh user username authentication-type command, you can define
authentication type for a designated user. Using the undo ssh user username
authentication-type command, you can restore the default mode in which logon fails.
By default, user can’t logon the switch through SSH or TELNET, so you have to specify
authentication type for a new user. The new configuration takes effects at the next
logon.
For the related commands, see display ssh user-information.
8-13
Command Manual - System Management
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Example
8-14
HUAWEI
Auto Detecting
Table of Contents
i
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 1 Auto Detect Configuration Commands
Note:
Quidway S3552F /S3552G /S3552P /3528G /3528P /S3526E /S3526E FM /S3526E
FS /S3526C Ethernet Switches support the Auto Detecting feature.
1.1.1 detect-group
Syntax
detect-group group-number
undo detect-group group-number
View
System view
Parameter
Description
Use the detect-group command to create a detecting group and enter its view.
Use the undo detect-group command to remove a specified detecting group.
Example
1.1.2 detect-list
Syntax
1-1
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 1 Auto Detect Configuration Commands
View
Parameter
list-number: Specifies the sequence number of the detecting address, which ranges
from 1 to 100.
ip-address: The IP address of the interface to be detected.
nexthop ip-address: Specifies the IP address of the interface taken as the next hop.
Description
Use the detect-list command to specify the IP address of the interface to be detected
in the detecting group. This command also specifies the order the interfaces are
detected.
Use the undo detect-list command to instruct the switch to skip the interface when
detecting, whose IP address is set by the ip address ip-address command.
Upon configuring the IP addresses of the interfaces to be detected, the switch detects
these interfaces one by one from those with smaller list-number value to those with
larger list-number value. Up to 100 IP addresses can be configured in a detecting group.
You can specify how the detecting result is generated by using the option command.
Related command: option.
Example
Syntax
View
Any view
Parameter
group-number: Specifies the detecting group number, which ranges from 1 to 100.
1-2
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 1 Auto Detect Configuration Commands
Description
Example
Field Description
detect-group 1 Detecting group 1
detect loop time(s): 15 The detecting interval is 15 seconds.
1-3
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 1 Auto Detect Configuration Commands
1.1.4 option
Syntax
option [ and | or ]
undo option [ and | or ]
View
Parameter
and: Specifies the detecting result is reachable only when all the specified interfaces
can be successfully pinged.
or: Specifies the detecting result is reachable if one of the specified interfaces can be
successfully pinged.
Description
Use the option command to specify how the detecting result is generated.
Use the undo option command to specify the detecting result is reachable only when
all the specified interfaces can be successfully pinged, which is the same as the option
and command.
When a detecting operation is being carried out, the switch detects each interface for
their reachability whose IP address is contained in the detecting group one by one from
those with smaller list-number value to those with larger list-number value.
z If you specify the and keyword, the switch returns unreachable as the detecting
result when the switch fails to ping an IP address contained in the detecting group
and stops detecting.
z If you specify the or keyword, the switch returns reachable as the detecting result
if the switch succeeds in pinging an IP address contained in the detecting group
and stops detecting.
By default, the and keyword is specified.
Example
1-4
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 1 Auto Detect Configuration Commands
1.1.5 retry
Syntax
retry retry_times
View
Parameter
retry_times: Specifies the retry times during a detection, which ranges from 0 to 10 and
defaults to 2.
Description
Use the retry command to set the retry times during a detection.
Example
Syntax
View
Parameter
seconds: Specifies the detecting interval, which ranges form 5 to 86400 (in seconds)
and defaults to 15.
Description
Use the timer loop command to set the detecting interval, that is, the frequency to
perform auto detect.
Example
1-5
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 1 Auto Detect Configuration Commands
Syntax
View
Parameter
seconds: Specifies the timeout time of a detection, which ranges from 1 to 30 (in
seconds) and defaults to 2.
Description
Use the timer wait command to set the timeout time of a detection.
Example
1-6
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 2 Auto Detect Implementation Commands
Note:
z Refer to the Routing Protocol part in this manual for more information ablout static
route.
z Refer to the Reliability part in this manual for more information about VRRP.
2.1.1 ip route-static
Syntax
View
System view
Parameter
2-1
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 2 Auto Detect Implementation Commands
the next hop. In addition, the system discards any IP packet transmitted along this route
without informing the source.
group-number: Specifies the number of the detecting group, which ranges from 1 to
100.
Description
Use the ip route-static command to configure a static route, whose validity depends
on detecting results as follows:
z Valid when the detecting result is reachable.
z Invalid when the detecting result is unreachable.
Use the undo ip route-static command to remove an existing static route.
Example
# Configure a static route to 192.168.0.5/24 with 192.168.0.2 as the next hop. The
route is to be enabled when the result of detecting group 10 is reachable.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway] ip route-static 192.168.0.5 24 192.168.0.2 detect-group 10
Syntax
View
Parameter
group-number: Specifies the detecting group number, which ranges from 1 to 100.
Description
Use the standby detect-group command to specify to enable VLAN interface backup
function by using the auto detect function.
Use the undo standby detect-group command to disable VLAN interface backup
function.
You can enable VLAN interface backup function by auto detecting results in the
following ways:
z Enable the primary interface when the result of the detecting group is reachable.
2-2
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 2 Auto Detect Implementation Commands
z Enable the secondary interface when the result of the detecting group is
unreachable.
z When the link between the primary VLAN interface and the destination comes
back up, that is, the result of the detecting group is reachable again, the system
enables the primary VLAN interface and shuts down the secondary.
Example
Syntax
View
Parameter
Description
Use the vrrp vrid command to enable detecting function when employing VRRP.
Use the undo vrrp vrid command to disable detecting function when employing VRRP.
You can control the preference value of a VRRP backup group according to the result of
a detecting group to enable automatic switch between the primary switch and the
secondary switch.
z Decrease the preference value of a backup group when the result of the detecting
group is unreachable.
z Restore the preference value of a backup group when the result of the detecting
group is reachable.
2-3
Command Manual - Auto Detecting
Quidway S3500 Series Ethernet Switches Chapter 2 Auto Detect Implementation Commands
Example
# Create a detecting group numbered 10 and specify to detect the interface with an IP
address of 202.13.1.55.
<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway] detect-group 10
[Quidway-detect-group-10] detect-list 1 ip 202.13.1.55
# Specify to decrease the preference value of backup group 1 by 20 when the result of
detecting group 10 is unreachable.
[Quidway] interface vlan-interface 2
[Quidway- vlan-interface2] vrrp vrid 1 track detect-group 10 reduced 20
2-4
HUAWEI
Appendix
Table of Contents
i
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
The command index includes all the commands in the VRP Command Manual, which are arranged
alphabetically.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
A
Integrated
abr-summary Management 3-1
Command
Reliability
access-limit 3-1
Command
Reliability
accounting optional 3-20
Command
Reliability
accounting-on enable 3-18
Command
acl Security Command 1-1
acl Security Command 1-14
acl Security Command 1-25
acl Security Command 3-1
System
active region-configuration Management 1-1
Command
Multicast Protocol
add-member 2-14
Command
address-check QACL Command 5-1
address-check dhcp-relay QACL Command 6-29
address-check no-matched QACL Command 6-30
Multicast Protocol
administrator-address 2-15
Command
Integrated
aggregate Management 4-1
Command
am enable QACL Command 9-1
am ip-pool QACL Command 9-1
am isolate QACL Command 9-2
A-1
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
A-2
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
ascii 1-18
Command
Reliability
attribute 3-2
Command
authentication-mode Port Command 1-1
Integrated
authentication-mode Management 3-3
Command
Multicast Protocol
auto-build 2-15
Command
auto-execute command Port Command 1-1
B
Integrated
bgp Management 4-2
Command
Auto Detecting
binary 1-18
Command
Auto Detecting
boot boot-loader 3-1
Command
Auto Detecting
boot bootrom 3-1
Command
broadcast-suppression VLAN Command 1-1
Multicast Protocol
build 2-16
Command
Auto Detecting
bye 1-19
Command
C
c-bsr STP Command 5-1
Auto Detecting
cd 1-1
Command
Auto Detecting
cd 1-19
Command
Auto Detecting
cdup 1-20
Command
System
check region-configuration Management 1-1
Command
Integrated
checkzero Management 2-1
Command
A-3
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
clock datetime 4-1
Command
Auto Detecting
clock summer-time 4-1
Command
Auto Detecting
clock timezone 4-3
Command
Auto Detecting
close 1-20
Command
Multicast Protocol
cluster 2-17
Command
Multicast Protocol
cluster enable 2-17
Command
Multicast Protocol
cluster switch-to 2-18
Command
command-privilege level Port Command 1-2
Integrated
compare-different-as-med Management 4-3
Command
Integrated
confederation id Management 4-4
Command
Integrated
confederation nonstandard Management 4-5
Command
Integrated
confederation peer-as Management 4-5
Command
Getting Started
Conventions 5
Command
Auto Detecting
copy 1-1
Command
c-rp STP Command 5-2
Reliability
cut connection 3-3
Command
D
Integrated
dampening Management 4-6
Command
databits Port Command 1-3
Reliability
data-flow-format 3-20
Command
A-4
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
debugging 1-21
Command
Auto Detecting
debugging 4-13
Command
debugging arp packet QACL Command 2-6
Integrated
debugging bgp Management 4-7
Command
debugging bootp client QACL Command 8-1
debugging dhcp client QACL Command 4-1
debugging dhcp relay QACL Command 6-31
debugging dhcp server QACL Command 6-3
debugging dhcp-relay QACL Command 5-1
debugging gmrp STP Command 1-1
debugging igmp STP Command 4-1
debugging multicast forwarding STP Command 3-1
debugging multicast kernel-routing STP Command 3-1
debugging multicast status-forwarding STP Command 3-2
Auto Detecting
debugging ntp-service 7-1
Command
debugging pim common STP Command 5-2
debugging pim dm STP Command 5-3
debugging pim sm STP Command 5-4
Reliability
debugging portal 2-1
Command
Auto Detecting
debugging ssh server 8-1
Command
System
debugging vrrp Management 1-1
Command
Integrated
default cost Management 2-2
Command
Integrated
default cost Management 3-4
Command
Integrated
default interval Management 3-5
Command
A-5
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
default limit Management 3-5
Command
Integrated
default local-preference Management 4-8
Command
Integrated
default med Management 4-9
Command
Integrated
default tag Management 3-6
Command
Integrated
default type Management 3-7
Command
Integrated
default-cost Management 3-7
Command
Integrated
default-route-advertise Management 3-8
Command
Auto Detecting
delete 1-2
Command
Auto Detecting
delete 1-21
Command
Multicast Protocol
delete-member 2-19
Command
description VLAN Command 1-1
Network Protocol
description 1-1
Command
detect-group 1-1
detect-list 1-1
dhcp enable QACL Command 6-1
dhcp relay release QACL Command 6-31
dhcp relay security QACL Command 6-33
dhcp relay security address-check QACL Command 6-32
dhcp select QACL Command 6-2
dhcp server detect QACL Command 6-3
dhcp server dns-list QACL Command 6-4
dhcp server domain-name QACL Command 6-5
dhcp server expired QACL Command 6-6
A-6
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
A-7
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
display bgp network Management 4-10
Command
Integrated
display bgp paths Management 4-11
Command
Integrated
display bgp peer Management 4-12
Command
Integrated
display bgp routing-table Management 4-14
Command
Integrated
display bgp routing-table as-path-acl Management 4-15
Command
Integrated
display bgp routing-table cidr Management 4-17
Command
Integrated
display bgp routing-table community Management 4-18
Command
Integrated
display bgp routing-table community-list Management 4-18
Command
Integrated
display bgp routing-table dampened Management 4-19
Command
Integrated
display bgp routing-table different-origin-as Management 4-21
Command
Integrated
display bgp routing-table flap-info Management 4-21
Command
Integrated
display bgp routing-table peer Management 4-23
Command
Integrated
display bgp routing-table regular-expression Management 4-24
Command
Auto Detecting
display boot-loader 3-2
Command
display bootp client QACL Command 8-1
Auto Detecting
display channel 4-19
Command
Auto Detecting
display clock 4-4
Command
A-8
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Multicast Protocol
display cluster 2-20
Command
Multicast Protocol
display cluster candidates 2-22
Command
Multicast Protocol
display cluster members 2-23
Command
Reliability
display connection 3-4
Command
Auto Detecting
display cpu 3-2
Command
Auto Detecting
display current-configuration 4-5
Command
Auto Detecting
display debugging 4-9
Command
Reliability
display debugging habp 5-1
Command
Integrated
display debugging ospf Management 3-9
Command
display detect-group 1-2
Auto Detecting
display device 3-3
Command
display dhcp client QACL Command 4-2
display dhcp relay address QACL Command 6-33
display dhcp relay statistics QACL Command 6-34
display dhcp server conflict QACL Command 6-13
display dhcp server expired QACL Command 6-14
display dhcp server free-ip QACL Command 6-15
display dhcp server ip-in-use QACL Command 6-15
display dhcp server statistics QACL Command 6-16
display dhcp server tree QACL Command 6-18
display dhcprelay-security QACL Command 6-35
display dhcp-security QACL Command 5-5
display dhcp-server QACL Command 5-6
display dhcp-server interface vlan-interface QACL Command 5-8
display dhcp-snooping QACL Command 7-2
display dhcp-snooping trust QACL Command 7-3
Auto Detecting
display diagnostic-information 4-14
Command
A-9
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Reliability
display domain 3-5
Command
Reliability
display dot1x 1-1
Command
Auto Detecting
display fan 3-4
Command
display fib QACL Command 10-1
display flow-template Security Command 1-29
Auto Detecting
display ftp-server 1-13
Command
Auto Detecting
display ftp-user 1-14
Command
Network Protocol
display garp statistics 3-1
Command
Network Protocol
display garp timer 3-2
Command
display gmrp statistics STP Command 1-1
display gmrp status STP Command 1-2
Network Protocol
display gvrp statistics 3-5
Command
Network Protocol
display gvrp status 3-6
Command
Reliability
display habp 5-1
Command
Reliability
display habp table 5-2
Command
Reliability
display habp traffic 5-2
Command
display history-command Port Command 1-4
display icmp statistics QACL Command 10-2
display igmp group STP Command 4-1
display igmp interface STP Command 4-2
display igmp port STP Command 4-3
display igmp-snooping configuration STP Command 2-1
display igmp-snooping group STP Command 2-2
display igmp-snooping statistics STP Command 2-3
Auto Detecting
display info-center 4-20
Command
display interface VLAN Command 1-2
A-10
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Network Protocol
display interface vlan-interface 1-1
Command
display ip host QACL Command 1-1
display ip interface QACL Command 1-1
Integrated
display ip ip-prefix Management 5-7
Command
Integrated
display ip routing-table Management 1-1
Command
Integrated
display ip routing-table acl Management 1-2
Command
Integrated
display ip routing-table ip_address Management 1-6
Command
Integrated
display ip routing-table ip_address1 ip_address2 Management 1-8
Command
Integrated
display ip routing-table ip-prefix Management 1-9
Command
Integrated
display ip routing-table protocol Management 1-10
Command
Integrated
display ip routing-table radix Management 1-11
Command
Integrated
display ip routing-table statistics Management 1-12
Command
Integrated
display ip routing-table verbose Management 1-13
Command
display ip socket QACL Command 10-3
display ip statistics QACL Command 10-4
Network Protocol
display isolate-user-vlan 2-1
Command
display link-aggregation VLAN Command 2-1
Reliability
display local-server statistics 3-21
Command
Reliability
display local-user 3-6
Command
display loopback-detection VLAN Command 1-5
A-11
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
display mac-address 2-1
Command
Auto Detecting
display mac-address aging-time 2-1
Command
Integrated
display memory Management 6-1
Command
Auto Detecting
display memory 3-5
Command
Integrated
display memory limit Management 6-2
Command
display mirror Security Command 2-37
display multicast forwarding-table STP Command 3-2
display multicast routing-table STP Command 3-4
display multicast vif STP Command 3-6
Multicast Protocol
display ndp 2-1
Command
Multicast Protocol
display ntdp 2-7
Command
Multicast Protocol
display ntdp device-list 2-8
Command
Auto Detecting
display ntp-service sessions 7-2
Command
Auto Detecting
display ntp-service status 7-2
Command
Auto Detecting
display ntp-service trace 7-4
Command
Integrated
display ospf abr-asbr Management 3-9
Command
Integrated
display ospf asbr-summary Management 3-10
Command
Integrated
display ospf brief Management 3-12
Command
Integrated
display ospf cumulative Management 3-13
Command
Integrated
display ospf error Management 3-15
Command
A-12
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
display ospf interface Management 3-18
Command
Integrated
display ospf lsdb Management 3-19
Command
Integrated
display ospf nexthop Management 3-21
Command
Integrated
display ospf peer Management 3-22
Command
Integrated
display ospf request-queue Management 3-24
Command
Integrated
display ospf retrans-queue Management 3-25
Command
Integrated
display ospf routing Management 3-26
Command
Integrated
display ospf vlink Management 3-27
Command
display pim bsr-info STP Command 5-5
display pim interface STP Command 5-5
display pim neighbor STP Command 5-6
display pim routing-table STP Command 5-7
display pim rp-info STP Command 5-8
display port VLAN Command 1-6
Reliability
display portal 2-2
Command
Network Protocol
display protocol-vlan interface 1-8
Command
Network Protocol
display protocol-vlan vlan 1-9
Command
display qos conform-level Security Command 2-38
display qos cos-drop-precedence-map Security Command 2-39
display qos cos-local-precedence-map Security Command 2-1
display qos cos-local-precedence-map Security Command 2-15
display qos cos-local-precedence-map Security Command 2-39
display qos-global all Security Command 2-1
A-13
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
A-14
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
display rmon history 6-4
Command
Auto Detecting
display rmon prialarm 6-5
Command
Auto Detecting
display rmon statistics 6-6
Command
Integrated
display route-policy Management 5-7
Command
Auto Detecting
display rsa local-key-pair public 8-2
Command
Auto Detecting
display rsa peer-public-key 8-3
Command
Auto Detecting
display saved-configuration 4-9
Command
Auto Detecting
display snmp-agent 5-1
Command
Auto Detecting
display snmp-agent community 5-1
Command
Auto Detecting
display snmp-agent group 5-2
Command
Auto Detecting
display snmp-agent mib-view 5-3
Command
Auto Detecting
display snmp-agent statistics 5-4
Command
Auto Detecting
display snmp-agent sys-info contact 5-5
Command
Auto Detecting
display snmp-agent sys-info location 5-6
Command
Auto Detecting
display snmp-agent sys-info version 5-6
Command
Auto Detecting
display snmp-agent usm-user 5-7
Command
Auto Detecting
display ssh server 8-4
Command
Auto Detecting
display ssh user-information 8-4
Command
Multicast Protocol
display stacking 1-1
Command
Reliability
display stop-accounting-buffer 3-24
Command
A-15
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
System
display stp Management 1-3
Command
System
display stp region-configuration Management 1-5
Command
Network Protocol
display supervlan 4-1
Command
Reliability
display system-guard ip-record 6-1
Command
Reliability
display system-guard state 6-2
Command
display tcp statistics QACL Command 10-6
display tcp status QACL Command 10-7
display time-range Security Command 1-4
display time-range Security Command 1-17
display time-range Security Command 1-29
display user-interface Port Command 1-5
display users Port Command 1-6
Auto Detecting
display users 4-12
Command
Auto Detecting
display version 4-12
Command
Network Protocol
display vlan 1-2
Command
System
display vrrp Management 1-2
Command
dns-list QACL Command 6-20
Reliability
domain 3-8
Command
domain-name QACL Command 6-21
Reliability
dot1x 1-2
Command
Reliability
dot1x authentication-method 1-3
Command
Reliability
dot1x dhcp-launch 1-5
Command
Reliability
dot1x guest-vlan 1-5
Command
A-16
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Reliability
dot1x max-user 1-6
Command
Reliability
dot1x port-control 1-7
Command
Reliability
dot1x port-method 1-9
Command
Reliability
dot1x quiet-period 1-10
Command
Reliability
dot1x re-authenticate 1-10
Command
Reliability
dot1x retry 1-11
Command
Reliability
dot1x retry-version-max 1-12
Command
Reliability
dot1x supp-proxy-check 1-13
Command
Reliability
dot1x timer 1-14
Command
Reliability
dot1x version-check 1-16
Command
drop-mode Security Command 2-46
dscp Security Command 2-46
duplex VLAN Command 1-6
E
expired QACL Command 6-22
F
Auto Detecting
file prompt 1-4
Command
Integrated
filter-policy export Management 2-3
Command
Integrated
filter-policy export Management 3-28
Command
Integrated
filter-policy export Management 4-25
Command
Integrated
filter-policy export Management 5-8
Command
A-17
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
filter-policy import Management 2-4
Command
Integrated
filter-policy import Management 3-29
Command
Integrated
filter-policy import Management 4-25
Command
Integrated
filter-policy import Management 5-9
Command
flow-constrain VLAN Command 1-7
flow-constrain method VLAN Command 1-8
flow-control Port Command 1-7
flow-control VLAN Command 1-9
flow-interval VLAN Command 1-9
flow-template user-defined Security Command 1-31
flow-template user-defined template-info Security Command 1-31
Auto Detecting
format 1-5
Command
free user-interface Port Command 1-7
Auto Detecting
ftp 1-23
Command
Auto Detecting
ftp server 1-14
Command
Auto Detecting
ftp timeout 1-15
Command
Multicast Protocol
ftp-server 2-25
Command
G
Network Protocol
garp timer 3-2
Command
Network Protocol
garp timer leaveall 3-3
Command
gateway-list QACL Command 6-22
Auto Detecting
get 1-23
Command
gmrp STP Command 1-3
gratuitous-arp-learning enable QACL Command 2-12
A-18
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
group Management 4-26
Command
Network Protocol
gvrp 3-6
Command
Network Protocol
gvrp registration 3-7
Command
H
Reliability
habp enable 5-3
Command
Reliability
habp server vlan 5-4
Command
Reliability
habp timer 5-4
Command
header Port Command 1-8
history-command max-size Port Command 1-10
Multicast Protocol
holdtime 2-26
Command
Integrated
host-route Management 2-5
Command
I
Reliability
idle-cut 3-9
Command
idle-timeout Port Command 1-10
Integrated
if-match { acl | ip-prefix } Management 5-10
Command
Integrated
if-match as-path Management 5-11
Command
Integrated
if-match community Management 5-12
Command
Integrated
if-match cost Management 5-12
Command
Integrated
if-match interface Management 5-13
Command
A-19
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
if-match ip next-hop Management 5-14
Command
Integrated
if-match tag Management 5-15
Command
igmp group-policy STP Command 4-4
igmp group-policy vlan STP Command 4-5
igmp host-join STP Command 4-6
igmp host-join vlan STP Command 4-6
igmp max-response-time STP Command 4-7
igmp timer other-querier-present STP Command 4-8
igmp timer query STP Command 4-9
igmp version STP Command 4-9
igmp-snooping STP Command 2-3
igmp-snooping fast-leave STP Command 2-4
igmp-snooping group-limit STP Command 2-5
igmp-snooping group-policy STP Command 2-5
igmp-snooping host-aging-time STP Command 2-7
igmp-snooping max-response-time STP Command 2-8
igmp-snooping router-aging-time STP Command 2-9
Integrated
import-route Management 2-6
Command
Integrated
import-route Management 3-30
Command
Integrated
import-route Management 4-27
Command
Auto Detecting
info-center channel name 4-21
Command
Auto Detecting
info-center console channel 4-21
Command
Auto Detecting
info-center enable 4-22
Command
Auto Detecting
info-center logbuffer 4-23
Command
Auto Detecting
info-center loghost 4-23
Command
A-20
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
info-center loghost source 4-24
Command
Auto Detecting
info-center monitor channel 4-25
Command
Auto Detecting
info-center snmp channel 4-26
Command
Auto Detecting
info-center source 4-26
Command
Auto Detecting
info-center timestamp 4-29
Command
Auto Detecting
info-center trapbuffer 4-29
Command
System
instance Management 1-6
Command
Getting Started
Intended Audience 4
Command
interface VLAN Command 1-10
Network Protocol
interface vlan-interface 1-3
Command
Network Protocol
ip address 1-4
Command
ip address QACL Command 1-2
ip address bootp-alloc QACL Command 8-2
ip address dhcp-alloc QACL Command 4-2
Integrated
ip as-path-acl Management 4-27
Command
Integrated
ip community-list Management 4-28
Command
ip host QACL Command 1-3
ip http acl Security Command 3-1
Integrated
ip ip-prefix Management 5-15
Command
ip relay address QACL Command 6-35
ip relay address cycle QACL Command 6-36
Integrated
ip route-static Management 1-15
Command
ip route-static 2-1
A-21
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
ip route-static default-preference Management 1-17
Command
Multicast Protocol
ip-pool 2-27
Command
Network Protocol
isolate-user-vlan 2-2
Command
Network Protocol
isolate-user-vlan enable 2-3
Command
J
K
Reliability
key 3-25
Command
L
language-mode Port Command 1-11
Auto Detecting
lcd 1-24
Command
line-rate Security Command 2-25
link-aggregation VLAN Command 2-2
local-precedence Security Command 2-48
Reliability
local-server 3-26
Command
Reliability
local-user 3-10
Command
Auto Detecting
local-user 1-15
Command
Reliability
local-user password-display-mode 3-11
Command
lock Port Command 1-11
Multicast Protocol
logging-host 2-27
Command
loopback VLAN Command 1-11
loopback-detection control enable VLAN Command 1-11
loopback-detection enable VLAN Command 1-12
loopback-detection interval-time VLAN Command 1-13
loopback-detection per-vlan enable VLAN Command 1-13
A-22
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
ls 1-24
Command
M
Auto Detecting
mac-address 2-2
Command
Auto Detecting
mac-address max-mac-count 2-3
Command
mac-address multicast STP Command 7-1
Auto Detecting
mac-address timer 2-4
Command
mdi VLAN Command 1-14
Integrated
memory { safety | limit } Management 6-4
Command
Integrated
memory auto-establish disable Management 6-3
Command
Integrated
memory auto-establish enable Management 6-4
Command
Reliability
messenger 3-11
Command
mirrored-to Security Command 2-7
mirrored-to Security Command 2-25
mirrored-to Security Command 2-49
mirroring-port Security Command 2-51
Auto Detecting
mkdir 1-5
Command
Auto Detecting
mkdir 1-25
Command
monitor-port Security Command 2-52
Auto Detecting
more 1-6
Command
Auto Detecting
move 1-6
Command
multicast routing-enable STP Command 3-6
N
Network Protocol
name 1-4
Command
A-23
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Reliability
name 3-12
Command
Reliability
nas-ip 3-27
Command
nbns-list QACL Command 6-23
Multicast Protocol
ndp enable 2-4
Command
Multicast Protocol
ndp timer aging 2-5
Command
Multicast Protocol
ndp timer hello 2-5
Command
netbios-type QACL Command 6-24
network QACL Command 6-25
Integrated
network Management 2-7
Command
Integrated
network Management 3-31
Command
Integrated
network Management 4-29
Command
Integrated
nssa Management 3-32
Command
Multicast Protocol
ntdp enable 2-9
Command
Multicast Protocol
ntdp explore 2-10
Command
Multicast Protocol
ntdp hop 2-11
Command
Multicast Protocol
ntdp timer 2-12
Command
Multicast Protocol
ntdp timer hop-delay 2-12
Command
Multicast Protocol
ntdp timer port-delay 2-13
Command
Auto Detecting
ntp-service access 7-4
Command
Auto Detecting
ntp-service authentication enable 7-5
Command
Auto Detecting
ntp-service authentication-keyid 7-5
Command
A-24
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
ntp-service broadcast-client 7-6
Command
Auto Detecting
ntp-service broadcast-server 7-7
Command
Auto Detecting
ntp-service in-interface disable 7-8
Command
Auto Detecting
ntp-service max-dynamic-sessions 7-8
Command
Auto Detecting
ntp-service multicast-client 7-9
Command
Auto Detecting
ntp-service multicast-server 7-10
Command
Auto Detecting
ntp-service refclock-master 7-11
Command
Auto Detecting
ntp-service reliable authentication-keyid 7-11
Command
Auto Detecting
ntp-service source-interface 7-12
Command
Auto Detecting
ntp-service unicast-peer 7-13
Command
Auto Detecting
ntp-service unicast-server 7-14
Command
O
Auto Detecting
open 1-25
Command
option QACL Command 6-25
option 1-4
Getting Started
Organization 3
Command
Integrated
ospf Management 3-32
Command
Integrated
ospf authentication-mode Management 3-33
Command
Integrated
ospf cost Management 3-34
Command
Integrated
ospf dr-priority Management 3-35
Command
A-25
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
ospf mtu-enable Management 3-35
Command
Integrated
ospf network-type Management 3-36
Command
Integrated
ospf timer dead Management 3-37
Command
Integrated
ospf timer hello Management 3-38
Command
Integrated
ospf timer poll Management 3-39
Command
Integrated
ospf timer retransmit Management 3-39
Command
Integrated
ospf trans-delay Management 3-40
Command
P
packet-filter Security Command 1-6
packet-filter Security Command 1-19
packet-filter Security Command 1-33
parity Port Command 1-12
Auto Detecting
passive 1-26
Command
Reliability
password 3-13
Command
Auto Detecting
password 1-16
Command
Integrated
peer Management 2-8
Command
Integrated
peer Management 3-41
Command
Integrated
peer advertise-community Management 4-29
Command
A-26
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
peer allow-as-loop Management 4-30
Command
Integrated
peer as-number Management 4-31
Command
Integrated
peer as-path-acl Management 4-31
Command
Integrated
peer connect-interface Management 4-32
Command
Integrated
peer default-route-advertise Management 4-33
Command
Integrated
peer description Management 4-33
Command
Integrated
peer ebgp-max-hop Management 4-34
Command
Integrated
peer enable Management 4-35
Command
Integrated
peer filter-policy Management 4-35
Command
Integrated
peer group Management 4-36
Command
Integrated
peer ip-prefix Management 4-37
Command
Integrated
peer next-hop-local Management 4-37
Command
Integrated
peer password Management 4-38
Command
Integrated
peer public-as-only Management 4-39
Command
Integrated
peer reflect-client Management 4-40
Command
A-27
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
peer route-policy Management 4-40
Command
Integrated
peer route-update-interval Management 4-41
Command
Integrated
peer timer Management 4-42
Command
Auto Detecting
peer-public-key end 8-5
Command
pim STP Command 5-9
pim bsr-boundary STP Command 5-10
pim dm STP Command 5-10
pim sm STP Command 5-11
pim timer hello STP Command 5-12
Auto Detecting
ping 4-15
Command
Network Protocol
port 1-5
Command
port access vlan VLAN Command 1-15
Network Protocol
port hybrid protocol-vlan vlan 1-10
Command
port hybrid pvid vlan VLAN Command 1-15
port hybrid vlan VLAN Command 1-16
port link-type VLAN Command 1-17
port trunk permit vlan VLAN Command 1-18
port trunk pvid vlan VLAN Command 1-18
Reliability
portal 2-5
Command
Reliability
portal arp-handshake 2-6
Command
Reliability
portal auth-network 2-7
Command
Reliability
portal delete-user 2-8
Command
Reliability
portal free-ip 2-8
Command
Reliability
portal free-user 2-9
Command
A-28
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Reliability
portal method 2-10
Command
Reliability
portal server 2-11
Command
Reliability
portal upload 2-12
Command
port-isolate enable VLAN Command 3-1
port-isolate enable QACL Command 9-6
port-isolate uplink-port vlan VLAN Command 3-1
port-isolate uplink-port vlan QACL Command 9-7
Multicast Protocol
port-tagged 2-28
Command
Integrated
preference Management 2-8
Command
Integrated
preference Management 3-41
Command
Reliability
primary accounting 3-28
Command
Reliability
primary authentication 3-29
Command
priority Security Command 2-8
priority Security Command 2-27
priority Security Command 2-53
priority trust Security Command 2-8
priority trust Security Command 2-27
priority trust Security Command 2-53
protocol inbound Port Command 1-13
Auto Detecting
protocol inbound 8-6
Command
Network Protocol
protocol-vlan 1-11
Command
Auto Detecting
public-key-code begin 8-6
Command
Auto Detecting
public-key-code end 8-7
Command
Auto Detecting
put 1-26
Command
A-29
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
pwd 1-8
Command
Auto Detecting
pwd 1-27
Command
Q
qos conform-level Security Command 2-54
qos cos-drop-precedence-map Security Command 2-54
qos cos-local-precedence-map Security Command 2-9
qos cos-local-precedence-map Security Command 2-28
qos cos-local-precedence-map Security Command 2-56
queue Security Command 2-58
queue-scheduler Security Command 2-11
queue-scheduler Security Command 2-30
queue-scheduler Security Command 2-59
quit Port Command 1-13
Auto Detecting
quit 1-27
Command
R
Reliability
radius nas-ip 3-30
Command
Reliability
radius scheme 3-31
Command
Reliability
radius-scheme 3-14
Command
Auto Detecting
reboot 3-5
Command
Multicast Protocol
reboot member 2-29
Command
Integrated
reflect between-clients Management 4-42
Command
Integrated
reflector cluster-id Management 4-43
Command
Integrated
refresh bgp Management 4-44
Command
A-30
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
System
region-name Management 1-6
Command
register-policy STP Command 5-12
Getting Started
Related Manuals 3
Command
Getting Started
Release Notes 3
Command
Auto Detecting
remotehelp 1-28
Command
Auto Detecting
rename 1-8
Command
Integrated
reset Management 2-9
Command
reset acl counter Security Command 1-7
reset acl counter Security Command 1-20
reset acl counter Security Command 1-35
reset arp QACL Command 2-10
Integrated
reset bgp Management 4-44
Command
Integrated
reset bgp dampening Management 4-45
Command
Integrated
reset bgp flap-info Management 4-45
Command
Integrated
reset bgp group Management 4-46
Command
reset counters interface VLAN Command 1-19
reset dhcp relay statistics QACL Command 6-37
reset dhcp server conflict QACL Command 6-26
reset dhcp server ip-in-use QACL Command 6-27
reset dhcp server statistics QACL Command 6-27
Reliability
reset dot1x statistics 1-17
Command
Network Protocol
reset garp statistics 3-4
Command
reset igmp-snooping statistics STP Command 2-9
A-31
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
A-32
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Integrated
rip authentication-mode Management 2-10
Command
Integrated
rip input Management 2-11
Command
Integrated
rip metricin Management 2-12
Command
Integrated
rip metricout Management 2-13
Command
Integrated
rip output Management 2-13
Command
Integrated
rip split-horizon Management 2-14
Command
Integrated
rip version Management 2-15
Command
Integrated
rip work Management 2-16
Command
Auto Detecting
rmdir 1-10
Command
Auto Detecting
rmdir 1-28
Command
Auto Detecting
rmon alarm 6-8
Command
Auto Detecting
rmon event 6-9
Command
Auto Detecting
rmon history 6-10
Command
Auto Detecting
rmon prialarm 6-10
Command
Auto Detecting
rmon statistics 6-12
Command
Integrated
route-policy Management 5-16
Command
Integrated
router id Management 3-43
Command
A-33
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
rsa local-key-pair create 8-8
Command
Auto Detecting
rsa local-key-pair destroy 8-9
Command
Auto Detecting
rsa peer-public-key 8-10
Command
rule Security Command 1-8
rule Security Command 1-21
rule Security Command 1-36
S
Auto Detecting
save 1-12
Command
screen-length Port Command 1-14
Reliability
secondary accounting 3-36
Command
Reliability
secondary authentication 3-36
Command
Reliability
self-service-url 3-14
Command
send Port Command 1-15
Reliability
server-type 3-37
Command
service-type Port Command 1-15
Reliability
service-type 3-15
Command
Auto Detecting
service-type 1-17
Command
service-type multicast STP Command 6-1
Reliability
session-control-server 4-1
Command
set authentication password Port Command 1-17
shell Port Command 1-18
shutdown VLAN Command 1-20
Network Protocol
shutdown 1-6
Command
Integrated
silent-interface Management 3-44
Command
snmp-agent community Security Command 3-2
A-34
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
snmp-agent community 5-8
Command
snmp-agent group Security Command 3-3
Auto Detecting
snmp-agent group 5-9
Command
Auto Detecting
snmp-agent local-engineid 5-8
Command
Auto Detecting
snmp-agent mib-view 5-10
Command
Auto Detecting
snmp-agent packet max-size 5-11
Command
Auto Detecting
snmp-agent sys-info 5-11
Command
Auto Detecting
snmp-agent target-host 5-12
Command
Auto Detecting
snmp-agent trap enable 5-13
Command
Integrated
snmp-agent trap enable ospf Management 3-45
Command
Auto Detecting
snmp-agent trap life 5-15
Command
Auto Detecting
snmp-agent trap queue-size 5-15
Command
Auto Detecting
snmp-agent trap source 5-16
Command
snmp-agent usm-user Security Command 3-4
Auto Detecting
snmp-agent usm-user 5-16
Command
Multicast Protocol
snmp-host 2-29
Command
speed Port Command 1-19
speed VLAN Command 1-20
Integrated
spf-schedule-interval Management 3-46
Command
spt-switch-threshold STP Command 5-13
Auto Detecting
ssh server authentication-retries 8-10
Command
Auto Detecting
ssh server rekey-interval 8-11
Command
A-35
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Auto Detecting
ssh server timeout 8-12
Command
Auto Detecting
ssh user assign rsa-key 8-12
Command
Auto Detecting
ssh user username authentication-type 8-13
Command
Multicast Protocol
stacking 1-2
Command
Multicast Protocol
stacking enable 1-3
Command
Multicast Protocol
stacking ip-pool 1-3
Command
standby detect-group 2-2
Reliability
state 3-16
Command
Reliability
state 3-38
Command
static-bind ip-address QACL Command 6-28
static-bind mac-address QACL Command 6-28
static-rp STP Command 5-14
Reliability
stop-accounting-buffer enable 3-39
Command
stopbits Port Command 1-19
System
stp Management 1-9
Command
System
stp bpdu-protection Management 1-9
Command
System
stp bridge-diameter Management 1-10
Command
System
stp config-digest-snooping Management 3-1
Command
System
stp cost Management 1-12
Command
System
stp edged-port Management 1-11
Command
A-36
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
System
stp interface Management 1-17
Command
System
stp interface cost Management 1-19
Command
System
stp interface edged-port Management 1-18
Command
System
stp interface loop-protection Management 1-22
Command
System
stp interface mcheck Management 1-22
Command
System
stp interface point-to-point Management 1-23
Command
System
stp interface port priority Management 1-21
Command
System
stp interface root-protection Management 1-24
Command
System
stp interface transit-limit Management 1-25
Command
System
stp loop-protection Management 1-26
Command
System
stp max-hops Management 1-27
Command
System
stp mcheck Management 1-27
Command
System
stp mode Management 1-28
Command
System
stp point-to-point Management 1-29
Command
System
stp port priority Management 1-14
Command
A-37
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
System
stp priority Management 1-13
Command
System
stp region-configuration Management 1-30
Command
System
stp root primary Management 1-15
Command
System
stp root secondary Management 1-16
Command
System
stp root-protection Management 1-30
Command
System
stp tc-protection Management 1-31
Command
System
stp timer forward-delay Management 1-32
Command
System
stp timer hello Management 1-33
Command
System
stp timer max-age Management 1-34
Command
System
stp transit-limit Management 1-35
Command
Integrated
stub Management 3-46
Command
Network Protocol
subvlan 4-3
Command
Integrated
summary Management 2-16
Command
Integrated
summary automatic Management 4-46
Command
super Port Command 1-20
super password Port Command 1-21
Network Protocol
supervlan 4-3
Command
A-38
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
T
tcp timer fin-timeout QACL Command 10-9
tcp timer syn-timeout QACL Command 10-9
tcp window QACL Command 10-10
telnet Port Command 1-23
Auto Detecting
temperature-limit 3-6
Command
Auto Detecting
terminal debugging 4-31
Command
Auto Detecting
terminal logging 4-32
Command
Auto Detecting
terminal monitor 4-32
Command
Auto Detecting
terminal trapping 4-33
Command
Auto Detecting
tftp 1-30
Command
Auto Detecting
tftp get 1-30
Command
Auto Detecting
tftp put 1-31
Command
Multicast Protocol
tftp-server 2-30
Command
Integrated
timer Management 4-47
Command
Multicast Protocol
timer 2-31
Command
A-39
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Reliability
timer 3-40
Command
timer loop 1-5
Reliability
timer quiet 3-41
Command
Reliability
timer realtime-accounting 3-41
Command
timer wait 1-6
time-range Security Command 1-13
time-range Security Command 1-24
time-range Security Command 1-39
Auto Detecting
tracert 4-17
Command
traffic-limit Security Command 2-32
traffic-limit Security Command 2-61
traffic-priority Security Command 2-13
traffic-priority Security Command 2-33
traffic-priority Security Command 2-64
traffic-redirect Security Command 2-35
traffic-redirect Security Command 2-66
traffic-shape Security Command 2-68
traffic-statistic Security Command 2-14
traffic-statistic Security Command 2-36
traffic-statistic Security Command 2-69
U
Auto Detecting
undelete 1-10
Command
Auto Detecting
undo snmp-agent 5-18
Command
Integrated
undo synchronization Management 4-48
Command
Auto Detecting
user 1-29
Command
user privilege level Port Command 1-24
user-interface Port Command 1-23
A-40
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Reliability
user-name-format 3-42
Command
V
Auto Detecting
verbose 1-29
Command
virtual-cable-test VLAN Command 1-21
Network Protocol
vlan 1-7
Command
Network Protocol
vlan { enable | disable } 1-7
Command
Reliability
vlan-assignment-mode 3-17
Command
System
vlan-mapping modulo Management 1-36
Command
vlan-vpn enable VLAN Command 1-22
System
vlan-vpn tunnel Management 2-1
Command
Integrated
vlink-peer Management 3-47
Command
System
vrrp authentication-mode Management 1-3
Command
System
vrrp method Management 1-4
Command
System
vrrp ping-enable Management 1-5
Command
System
vrrp vrid preempt-mode Management 1-5
Command
System
vrrp vrid priority Management 1-6
Command
System
vrrp vrid timer Management 1-7
Command
System
vrrp vrid track Management 1-8
Command
A-41
Command Manual - Appendix
Quidway S3500 Series Ethernet Switches Appendix A Command Index
W
wred Security Command 2-71
X
Y
Z
A-42